From c255c32828a500839a127a279efb78b1bfd1abd3 Mon Sep 17 00:00:00 2001 From: Alwin Berger Date: Wed, 22 Feb 2023 09:46:30 +0100 Subject: [PATCH] fix build --- fuzzers/FRET/fuzzer.sh | 2 +- fuzzers/FRET/src/fuzzer.rs | 16 +++++++++------- libafl/src/fuzzer/mod.rs | 16 ++++++++-------- 3 files changed, 18 insertions(+), 16 deletions(-) diff --git a/fuzzers/FRET/fuzzer.sh b/fuzzers/FRET/fuzzer.sh index 968a149f13..d45ee432e9 100755 --- a/fuzzers/FRET/fuzzer.sh +++ b/fuzzers/FRET/fuzzer.sh @@ -16,7 +16,7 @@ cd "$parent_path" [ -z "$FUZZER" ] && export FUZZER=target/debug/fret set +e -$FUZZER -icount shift=4,align=off,sleep=off -machine mps2-an385 -monitor null -kernel $KERNEL -serial null -nographic -S -semihosting --semihosting-config enable=on,target=native -snapshot -drive if=none,format=qcow2,file=dummy.qcow2 +$FUZZER -icount shift=4,align=off,sleep=off -machine mps2-an385 -monitor null -kernel $KERNEL -serial null -nographic -S -semihosting --semihosting-config enable=off,target=native -snapshot -drive if=none,format=qcow2,file=dummy.qcow2 if [ "$exitcode" = "101" ] then exit 101 diff --git a/fuzzers/FRET/src/fuzzer.rs b/fuzzers/FRET/src/fuzzer.rs index 550dd0d06f..abc2ee044e 100644 --- a/fuzzers/FRET/src/fuzzer.rs +++ b/fuzzers/FRET/src/fuzzer.rs @@ -1,7 +1,7 @@ //! A fuzzer using qemu in systemmode for binary-only coverage of kernels //! use core::time::Duration; -use std::{env, path::PathBuf, process::{self, abort}, io::{Read, Write}, fs::{self, OpenOptions}}; +use std::{env, path::PathBuf, process::{self, abort}, io::{Read, Write}, fs::{self, OpenOptions}, ptr::addr_of_mut}; use libafl::{ bolts::{ @@ -31,7 +31,7 @@ use libafl::{ prelude::{SimpleMonitor, SimpleEventManager, AsMutSlice, RandBytesGenerator, Generator, SimpleRestartingEventManager, HasBytesVec, minimizer::TopRatedsMetadata}, Evaluator, }; use libafl_qemu::{ - edges, edges::QemuEdgeCoverageHelper, elf::EasyElf, emu::Emulator, GuestPhysAddr, QemuExecutor, + edges, edges::{QemuEdgeCoverageHelper, edges_map_mut_slice, MAX_EDGES_NUM}, elf::EasyElf, emu::Emulator, GuestPhysAddr, QemuExecutor, QemuHooks, Regs, QemuInstrumentationFilter, GuestAddr, }; use crate::{ @@ -203,9 +203,11 @@ pub fn fuzz() { }; // Create an observation channel using the coverage map - let edges = unsafe { &mut edges::EDGES_MAP }; - let edges_counter = unsafe { &mut edges::MAX_EDGES_NUM }; - let edges_observer = VariableMapObserver::new("edges", edges, edges_counter); + let edges_observer = unsafe {VariableMapObserver::from_mut_slice( + "edges", + edges_map_mut_slice(), + addr_of_mut!(MAX_EDGES_NUM), + )}; // Create an observation channel to keep track of the execution time let clock_time_observer = QemuClockObserver::new("clocktime"); @@ -420,7 +422,7 @@ pub fn fuzz() { let mut worst = Duration::new(0,0); let mut worst_input = None; for i in 0..corpus.count() { - let tc = corpus.get(i).expect("Could not get element from corpus").borrow(); + let tc = corpus.get(i.into()).expect("Could not get element from corpus").borrow(); if worst < tc.exec_time().expect("Testcase missing duration") { worst_input = Some(tc.input().as_ref().unwrap().bytes().to_owned()); worst = tc.exec_time().expect("Testcase missing duration"); @@ -445,7 +447,7 @@ pub fn fuzz() { { let mut gd = String::from(&td); if let Some(md) = state.metadata_mut().get_mut::() { - let mut uniq: Vec = md.map.values().map(|x| x.clone()).collect(); + let mut uniq: Vec = md.map.values().map(|x| x.to_string()).collect(); uniq.sort(); uniq.dedup(); gd.push_str(&format!(".{}.toprated", uniq.len())); diff --git a/libafl/src/fuzzer/mod.rs b/libafl/src/fuzzer/mod.rs index fde3321f89..6ad518ccdd 100644 --- a/libafl/src/fuzzer/mod.rs +++ b/libafl/src/fuzzer/mod.rs @@ -246,21 +246,21 @@ where state: &mut EM::State, manager: &mut EM, time: Duration - ) -> Result { + ) -> Result { if time==Duration::ZERO { return Err(Error::illegal_argument( "Cannot fuzz for 0 duration!".to_string(), )); } - let mut ret = 0; + let mut ret = None; let mut last = current_time(); let monitor_timeout = STATS_TIMEOUT_DEFAULT; let starttime = std::time::Instant::now(); while std::time::Instant::now().duration_since(starttime) < time { - ret = self.fuzz_one(stages, executor, state, manager)?; + ret = Some(self.fuzz_one(stages, executor, state, manager)?); last = manager.maybe_report_progress(state, last, monitor_timeout)?; } @@ -269,7 +269,7 @@ where // But as the state may grow to a few megabytes, // for now we won' and the user has to do it (unless we find a way to do this on `Drop`). - Ok(ret) + Ok(ret.unwrap()) } /// Fuzz for n iterations. @@ -288,13 +288,13 @@ where state: &mut EM::State, manager: &mut EM, time: std::time::Instant - ) -> Result { - let mut ret = 0; + ) -> Result { + let mut ret = None; let mut last = current_time(); let monitor_timeout = STATS_TIMEOUT_DEFAULT; while std::time::Instant::now() < time { - ret = self.fuzz_one(stages, executor, state, manager)?; + ret = Some(self.fuzz_one(stages, executor, state, manager)?); last = manager.maybe_report_progress(state, last, monitor_timeout)?; } @@ -303,7 +303,7 @@ where // But as the state may grow to a few megabytes, // for now we won' and the user has to do it (unless we find a way to do this on `Drop`). - Ok(ret) + Ok(ret.unwrap()) } }