SYS-OSS/FRET-LibAFL
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

on crash callback in inmem executor

Browse Source
This commit is contained in:
Andrea Fioraldi 2021-01-05 13:13:19 +01:00
parent fde6201d74
commit cf7c9cd571
5 changed files with 135 additions and 115 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
afl/src/engines/mod.rs
View File

@ -33,12 +33,11 @@ pub trait StateMetadata: Debug {
/// The state a fuzz run.
#[derive(Serialize, Deserialize, Clone, Debug)]
#[serde(bound = "FT: serde::de::DeserializeOwned")]
pub struct State<I, R, FT, OT>
pub struct State<I, R, FT>
where
I: Input,
R: Rand,
FT: FeedbacksTuple<I>,
OT: ObserversTuple,
{
/// How many times the executor ran the harness/target
executions: usize,
@ -49,17 +48,16 @@ where
// additional_corpuses, maybe another TupleList?
// Feedbacks used to evaluate an input
feedbacks: FT,
phantom: PhantomData<(I, R, OT)>,
phantom: PhantomData<(I, R)>,
}
#[cfg(feature = "std")]
impl<R, FT, OT> State<BytesInput, R, FT, OT>
impl<R, FT> State<BytesInput, R, FT>
where
R: Rand,
FT: FeedbacksTuple<BytesInput>,
OT: ObserversTuple,
{
pub fn load_from_directory<G, C, E, ET, EM>(
pub fn load_from_directory<G, C, E, OT, ET, EM>(
&mut self,
corpus: &mut C,
generator: &mut G,
@ -71,8 +69,9 @@ where
G: Generator<BytesInput, R>,
C: Corpus<BytesInput, R>,
E: Executor<BytesInput> + HasObservers<OT>,
OT: ObserversTuple,
ET: ExecutorsTuple<BytesInput>,
EM: EventManager<C, E, OT, FT, BytesInput, R>,
EM: EventManager<C, E, FT, BytesInput, R>,
{
for entry in fs::read_dir(in_dir)? {
let entry = entry?;
@ -101,7 +100,7 @@ where
Ok(())
}
pub fn load_initial_inputs<G, C, E, ET, EM>(
pub fn load_initial_inputs<G, C, E, OT, ET, EM>(
&mut self,
corpus: &mut C,
generator: &mut G,
@ -113,8 +112,9 @@ where
G: Generator<BytesInput, R>,
C: Corpus<BytesInput, R>,
E: Executor<BytesInput> + HasObservers<OT>,
OT: ObserversTuple,
ET: ExecutorsTuple<BytesInput>,
EM: EventManager<C, E, OT, FT, BytesInput, R>,
EM: EventManager<C, E, FT, BytesInput, R>,
{
for in_dir in in_dirs {
self.load_from_directory(corpus, generator, engine, manager, in_dir)?;
@ -128,12 +128,11 @@ where
}
}
impl<I, R, FT, OT> State<I, R, FT, OT>
impl<I, R, FT> State<I, R, FT>
where
I: Input,
R: Rand,
FT: FeedbacksTuple<I>,
OT: ObserversTuple,
{
/// Get executions
#[inline]
@ -206,7 +205,7 @@ where
// TODO move some of these, like evaluate_input, to FuzzingEngine
#[inline]
pub fn is_interesting(&mut self, input: &I, observers: &OT) -> Result<u32, AflError>
pub fn is_interesting<OT>(&mut self, input: &I, observers: &OT) -> Result<u32, AflError>
where
OT: ObserversTuple,
{
@ -214,9 +213,10 @@ where
}
/// Runs the input and triggers observers and feedback
pub fn evaluate_input<E>(&mut self, input: &I, executor: &mut E) -> Result<u32, AflError>
pub fn evaluate_input<E, OT>(&mut self, input: &I, executor: &mut E) -> Result<u32, AflError>
where
E: Executor<I> + HasObservers<OT>,
OT: ObserversTuple,
{
executor.reset_observers()?;
executor.run_target(&input)?;
@ -279,7 +279,7 @@ where
}
}
pub fn generate_initial_inputs<G, C, E, ET, EM>(
pub fn generate_initial_inputs<G, C, E, OT, ET, EM>(
&mut self,
rand: &mut R,
corpus: &mut C,
@ -292,8 +292,9 @@ where
G: Generator<I, R>,
C: Corpus<I, R>,
E: Executor<I> + HasObservers<OT>,
OT: ObserversTuple,
ET: ExecutorsTuple<I>,
EM: EventManager<C, E, OT, FT, I, R>,
EM: EventManager<C, E, FT, I, R>,
{
let mut added = 0;
for _ in 0..num {
@ -383,7 +384,7 @@ where
pub trait Fuzzer<ST, EM, E, OT, FT, ET, C, I, R>
where
ST: StagesTuple<EM, E, OT, FT, ET, C, I, R>,
EM: EventManager<C, E, OT, FT, I, R>,
EM: EventManager<C, E, FT, I, R>,
E: Executor<I> + HasObservers<OT>,
OT: ObserversTuple,
FT: FeedbacksTuple<I>,
@ -399,7 +400,7 @@ where
fn fuzz_one(
&mut self,
rand: &mut R,
state: &mut State<I, R, FT, OT>,
state: &mut State<I, R, FT>,
corpus: &mut C,
engine: &mut Engine<E, OT, ET, I>,
manager: &mut EM,
@ -416,7 +417,7 @@ where
fn fuzz_loop(
&mut self,
rand: &mut R,
state: &mut State<I, R, FT, OT>,
state: &mut State<I, R, FT>,
corpus: &mut C,
engine: &mut Engine<E, OT, ET, I>,
manager: &mut EM,
@ -437,7 +438,7 @@ where
pub struct StdFuzzer<ST, EM, E, OT, FT, ET, C, I, R>
where
ST: StagesTuple<EM, E, OT, FT, ET, C, I, R>,
EM: EventManager<C, E, OT, FT, I, R>,
EM: EventManager<C, E, FT, I, R>,
E: Executor<I> + HasObservers<OT>,
OT: ObserversTuple,
FT: FeedbacksTuple<I>,
@ -454,7 +455,7 @@ impl<ST, EM, E, OT, FT, ET, C, I, R> Fuzzer<ST, EM, E, OT, FT, ET, C, I, R>
for StdFuzzer<ST, EM, E, OT, FT, ET, C, I, R>
where
ST: StagesTuple<EM, E, OT, FT, ET, C, I, R>,
EM: EventManager<C, E, OT, FT, I, R>,
EM: EventManager<C, E, FT, I, R>,
E: Executor<I> + HasObservers<OT>,
OT: ObserversTuple,
FT: FeedbacksTuple<I>,
@ -475,7 +476,7 @@ where
impl<ST, EM, E, OT, FT, ET, C, I, R> StdFuzzer<ST, EM, E, OT, FT, ET, C, I, R>
where
ST: StagesTuple<EM, E, OT, FT, ET, C, I, R>,
EM: EventManager<C, E, OT, FT, I, R>,
EM: EventManager<C, E, FT, I, R>,
E: Executor<I> + HasObservers<OT>,
OT: ObserversTuple,
FT: FeedbacksTuple<I>,

69
afl/src/events/mod.rs
View File

@ -211,23 +211,21 @@ where
where
ST: Stats;
/// This method will be called in the clients after handle_in_broker (unless BrokerEventResult::Handled) was returned in handle_in_broker
fn handle_in_client<C, OT, FT, R>(
fn handle_in_client<C, FT, R>(
self,
state: &mut State<I, R, FT, OT>,
state: &mut State<I, R, FT>,
corpus: &mut C,
) -> Result<(), AflError>
where
C: Corpus<I, R>,
OT: ObserversTuple,
FT: FeedbacksTuple<I>,
R: Rand;
}
pub trait EventManager<C, E, OT, FT, I, R>
pub trait EventManager<C, E, FT, I, R>
where
C: Corpus<I, R>,
E: Executor<I>,
OT: ObserversTuple,
FT: FeedbacksTuple<I>,
I: Input,
R: Rand,
@ -239,25 +237,25 @@ where
/// Return the number of processes events or an error
fn process(
&mut self,
state: &mut State<I, R, FT, OT>,
state: &mut State<I, R, FT>,
corpus: &mut C,
) -> Result<usize, AflError>;
fn serialize_observers(&mut self, observers: &OT) -> Result<Vec<u8>, AflError> {
fn serialize_observers<OT>(&mut self, observers: &OT) -> Result<Vec<u8>, AflError> where OT: ObserversTuple {
Ok(postcard::to_allocvec(observers)?)
}
fn deserialize_observers(&mut self, observers_buf: &[u8]) -> Result<OT, AflError> {
fn deserialize_observers<OT>(&mut self, observers_buf: &[u8]) -> Result<OT, AflError> where OT: ObserversTuple {
Ok(postcard::from_bytes(observers_buf)?)
}
fn new_testcase(
fn new_testcase<OT>(
&mut self,
_input: &I,
_observers: &OT,
_corpus_size: usize,
_config: String,
) -> Result<(), AflError> {
) -> Result<(), AflError> where OT: ObserversTuple {
Ok(())
}
@ -384,14 +382,13 @@ where
}
#[inline]
fn handle_in_client<C, OT, FT, R>(
fn handle_in_client<C, FT, R>(
self,
_state: &mut State<I, R, FT, OT>,
_state: &mut State<I, R, FT>,
_corpus: &mut C,
) -> Result<(), AflError>
where
C: Corpus<I, R>,
OT: ObserversTuple,
FT: FeedbacksTuple<I>,
R: Rand,
{
@ -405,11 +402,10 @@ where
}
#[derive(Clone, Debug)]
pub struct LoggerEventManager<C, E, OT, FT, I, R, ST>
pub struct LoggerEventManager<C, E, FT, I, R, ST>
where
C: Corpus<I, R>,
E: Executor<I>,
OT: ObserversTuple,
FT: FeedbacksTuple<I>,
I: Input,
R: Rand,
@ -419,15 +415,14 @@ where
stats: ST,
events: Vec<LoggerEvent<I>>,
// stats (maybe we need a separated struct?)
phantom: PhantomData<(C, E, I, R, OT, FT)>,
phantom: PhantomData<(C, E, I, R, FT)>,
}
impl<C, E, OT, FT, I, R, ST> EventManager<C, E, OT, FT, I, R>
for LoggerEventManager<C, E, OT, FT, I, R, ST>
impl<C, E, FT, I, R, ST> EventManager<C, E, FT, I, R>
for LoggerEventManager<C, E, FT, I, R, ST>
where
C: Corpus<I, R>,
E: Executor<I>,
OT: ObserversTuple,
FT: FeedbacksTuple<I>,
I: Input,
R: Rand,
@ -436,7 +431,7 @@ where
{
fn process(
&mut self,
state: &mut State<I, R, FT, OT>,
state: &mut State<I, R, FT>,
corpus: &mut C,
) -> Result<usize, AflError> {
let count = self.events.len();
@ -446,13 +441,13 @@ where
Ok(count)
}
fn new_testcase(
fn new_testcase<OT>(
&mut self,
_input: &I,
_observers: &OT,
corpus_size: usize,
_config: String,
) -> Result<(), AflError> {
) -> Result<(), AflError> where OT: ObserversTuple {
let event = LoggerEvent::NewTestcase {
corpus_size: corpus_size,
phantom: PhantomData,
@ -513,12 +508,11 @@ where
}
}
impl<C, E, OT, FT, I, R, ST> LoggerEventManager<C, E, OT, FT, I, R, ST>
impl<C, E, FT, I, R, ST> LoggerEventManager<C, E, FT, I, R, ST>
where
C: Corpus<I, R>,
I: Input,
E: Executor<I>,
OT: ObserversTuple,
FT: FeedbacksTuple<I>,
R: Rand,
ST: Stats,
@ -658,14 +652,13 @@ where
}
#[inline]
fn handle_in_client<C, OT, FT, R>(
fn handle_in_client<C, FT, R>(
self,
state: &mut State<I, R, FT, OT>,
state: &mut State<I, R, FT>,
corpus: &mut C,
) -> Result<(), AflError>
where
C: Corpus<I, R>,
OT: ObserversTuple,
FT: FeedbacksTuple<I>,
R: Rand,
{
@ -706,11 +699,10 @@ const _LLMP_TAG_EVENT_TO_BROKER: llmp::Tag = 0x2B80438;
const LLMP_TAG_EVENT_TO_BOTH: llmp::Tag = 0x2B0741;
#[derive(Clone, Debug)]
pub struct LlmpEventManager<C, E, OT, FT, I, R, SH, ST>
pub struct LlmpEventManager<C, E, FT, I, R, SH, ST>
where
C: Corpus<I, R>,
E: Executor<I>,
OT: ObserversTuple,
FT: FeedbacksTuple<I>,
I: Input,
R: Rand,
@ -720,15 +712,14 @@ where
{
llmp: llmp::LlmpConnection<SH>,
stats: ST,
phantom: PhantomData<(C, E, OT, FT, I, R)>,
phantom: PhantomData<(C, E, FT, I, R)>,
}
#[cfg(feature = "std")]
impl<C, E, OT, FT, I, R, ST> LlmpEventManager<C, E, OT, FT, I, R, AflShmem, ST>
impl<C, E, FT, I, R, ST> LlmpEventManager<C, E, FT, I, R, AflShmem, ST>
where
C: Corpus<I, R>,
E: Executor<I>,
OT: ObserversTuple,
FT: FeedbacksTuple<I>,
I: Input,
R: Rand,
@ -754,11 +745,10 @@ where
}
}
impl<C, E, OT, FT, I, R, SH, ST> LlmpEventManager<C, E, OT, FT, I, R, SH, ST>
impl<C, E, FT, I, R, SH, ST> LlmpEventManager<C, E, FT, I, R, SH, ST>
where
C: Corpus<I, R>,
E: Executor<I>,
OT: ObserversTuple,
FT: FeedbacksTuple<I>,
I: Input,
R: Rand,
@ -859,13 +849,12 @@ where
}
}
impl<C, E, OT, FT, I, R, SH, ST> EventManager<C, E, OT, FT, I, R>
for LlmpEventManager<C, E, OT, FT, I, R, SH, ST>
impl<C, E, FT, I, R, SH, ST> EventManager<C, E, FT, I, R>
for LlmpEventManager<C, E, FT, I, R, SH, ST>
where
C: Corpus<I, R>,
E: Executor<I>,
FT: FeedbacksTuple<I>,
OT: ObserversTuple,
I: Input,
R: Rand,
SH: ShMem,
@ -874,7 +863,7 @@ where
{
fn process(
&mut self,
state: &mut State<I, R, FT, OT>,
state: &mut State<I, R, FT>,
corpus: &mut C,
) -> Result<usize, AflError> {
// TODO: Get around local event copy by moving handle_in_client
@ -907,13 +896,13 @@ where
})
}
fn new_testcase(
fn new_testcase<OT>(
&mut self,
input: &I,
observers: &OT,
corpus_size: usize,
config: String,
) -> Result<(), AflError> {
) -> Result<(), AflError> where OT: ObserversTuple {
let kind = LLMPEventKind::NewTestcase {
input: Ptr::Ref(input),
observers_buf: postcard::to_allocvec(observers)?,

106
afl/src/executors/inmemory.rs
View File

@ -1,5 +1,5 @@
use alloc::{boxed::Box, string::ToString, vec::Vec};
use core::{ffi::c_void, ptr};
use core::{marker::PhantomData, ffi::c_void, ptr};
use crate::{
corpus::Corpus,
@ -20,16 +20,26 @@ use self::unix_signals::setup_crash_handlers;
/// The (unsafe) pointer to the current inmem input, for the current run.
/// This is neede for certain non-rust side effects, as well as unix signal handling.
static mut CURRENT_INPUT_PTR: *const c_void = ptr::null();
static mut CURRENT_ON_CRASH_FN: *mut Box<dyn FnMut(ExitKind, &[u8])> = ptr::null_mut();
static mut CURRENT_ON_CRASH_FN: *mut c_void = ptr::null_mut();
static mut CORPUS_PTR: *const c_void = ptr::null_mut();
static mut STATE_PTR: *const c_void = ptr::null_mut();
static mut EVENT_MANAGER_PTR: *mut c_void = ptr::null_mut();
/// The inmem executor harness
type HarnessFunction<I> = fn(&dyn Executor<I>, &[u8]) -> ExitKind;
type OnCrashFunction<I, C, EM, FT, R> = fn(ExitKind, &State<I, R, FT>, &C, &mut EM);
/// The inmem executor simply calls a target function, then returns afterwards.
pub struct InMemoryExecutor<I, OT>
pub struct InMemoryExecutor<I, OT, C, E, EM, FT, R>
where
I: Input + HasTargetBytes,
OT: ObserversTuple,
C: Corpus<I, R>,
E: Executor<I>,
EM: EventManager<C, E, FT, I, R>,
FT: FeedbacksTuple<I>,
R: Rand,
{
/// The name of this executor instance, to address it from other components
name: &'static str,
@ -38,19 +48,26 @@ where
/// The observers, observing each run
observers: OT,
/// A special function being called right before the process crashes. It may save state to restore fuzzing after respawn.
on_crash_fn: Box<dyn FnMut(ExitKind, &[u8])>,
on_crash_fn: OnCrashFunction<I, C, EM, FT, R>,
phantom: PhantomData<E>
}
impl<I, OT> Executor<I> for InMemoryExecutor<I, OT>
impl<I, OT, C, E, EM, FT, R> Executor<I> for InMemoryExecutor<I, OT, C, E, EM, FT, R>
where
I: Input + HasTargetBytes,
OT: ObserversTuple,
C: Corpus<I, R>,
E: Executor<I>,
EM: EventManager<C, E, FT, I, R>,
FT: FeedbacksTuple<I>,
R: Rand,
{
#[inline]
fn run_target(&mut self, input: &I) -> Result<ExitKind, AflError> {
let bytes = input.target_bytes();
unsafe {
CURRENT_ON_CRASH_FN = &mut self.on_crash_fn as *mut _;
CURRENT_ON_CRASH_FN = &mut self.on_crash_fn as *mut _ as *mut c_void;
CURRENT_INPUT_PTR = input as *const _ as *const c_void;
}
let ret = (self.harness)(self, bytes.as_slice());
@ -62,20 +79,30 @@ where
}
}
impl<I, OT> Named for InMemoryExecutor<I, OT>
impl<I, OT, C, E, EM, FT, R> Named for InMemoryExecutor<I, OT, C, E, EM, FT, R>
where
I: Input + HasTargetBytes,
OT: ObserversTuple,
C: Corpus<I, R>,
E: Executor<I>,
EM: EventManager<C, E, FT, I, R>,
FT: FeedbacksTuple<I>,
R: Rand,
{
fn name(&self) -> &str {
self.name
}
}
impl<I, OT> HasObservers<OT> for InMemoryExecutor<I, OT>
impl<I, OT, C, E, EM, FT, R> HasObservers<OT> for InMemoryExecutor<I, OT, C, E, EM, FT, R>
where
I: Input + HasTargetBytes,
OT: ObserversTuple,
C: Corpus<I, R>,
E: Executor<I>,
EM: EventManager<C, E, FT, I, R>,
FT: FeedbacksTuple<I>,
R: Rand,
{
#[inline]
fn observers(&self) -> &OT {
@ -88,10 +115,15 @@ where
}
}
impl<I, OT> InMemoryExecutor<I, OT>
impl<I, OT, C, E, EM, FT, R> InMemoryExecutor<I, OT, C, E, EM, FT, R>
where
I: Input + HasTargetBytes,
OT: ObserversTuple,
C: Corpus<I, R>,
E: Executor<I>,
EM: EventManager<C, E, FT, I, R>,
FT: FeedbacksTuple<I>,
R: Rand,
{
/// Create a new in mem executor.
/// Caution: crash and restart in one of them will lead to odd behavior if multiple are used,
@ -101,42 +133,31 @@ where
/// * `on_crash_fn` - When an in-mem harness crashes, it may safe some state to continue fuzzing later.
/// Do that that in this function. The program will crash afterwards.
/// * `observers` - the observers observing the target during execution
pub fn new<C, E, EM, FT, R>(
pub fn new(
name: &'static str,
harness_fn: HarnessFunction<I>,
observers: OT,
on_crash_fn: Box<dyn FnMut(ExitKind, &[u8])>,
_state: &State<I, R, FT, OT>,
_corpus: &C,
_event_manager: &mut EM,
on_crash_fn: OnCrashFunction<I, C, EM, FT, R>,
) -> Self
where
C: Corpus<I, R>,
E: Executor<I>,
EM: EventManager<C, E, OT, FT, I, R>,
FT: FeedbacksTuple<I>,
R: Rand,
{
#[cfg(feature = "std")]
/*#[cfg(feature = "std")]
unsafe {
CORPUS_PTR = _corpus as *const _ as *const c_void;
STATE_PTR = _state as *const _ as *const c_void;
setup_crash_handlers(_event_manager);
}
}*/
Self {
harness: harness_fn,
on_crash_fn,
observers,
name,
phantom: PhantomData
}
}
}
static mut CORPUS_PTR: *const c_void = ptr::null_mut();
static mut STATE_PTR: *const c_void = ptr::null_mut();
/// Serialize the current state and corpus during an executiont to bytes.
/// This method is needed when the fuzzer run crashes and has to restart.
pub unsafe fn serialize_state_corpus<C, FT, I, OT, R>() -> Result<Vec<u8>, AflError>
@ -153,7 +174,7 @@ where
.to_string(),
));
}
let state: &State<I, R, FT, OT> = (STATE_PTR as *const State<I, R, FT, OT>).as_ref().unwrap();
let state: &State<I, R, FT> = (STATE_PTR as *const State<I, R, FT>).as_ref().unwrap();
let corpus = (CORPUS_PTR as *mut C).as_ref().unwrap();
let state_bytes = postcard::to_allocvec(&state)?;
let corpus_bytes = postcard::to_allocvec(&corpus)?;
@ -163,7 +184,7 @@ where
/// Deserialize the state and corpus tuple, previously serialized with `serialize_state_corpus(...)`
pub fn deserialize_state_corpus<C, FT, I, OT, R>(
state_corpus_serialized: &[u8],
) -> Result<(State<I, R, FT, OT>, C), AflError>
) -> Result<(State<I, R, FT>, C), AflError>
where
C: Corpus<I, R>,
FT: FeedbacksTuple<I>,
@ -201,23 +222,22 @@ pub mod unix_signals {
corpus::Corpus,
events::EventManager,
executors::{
inmemory::{serialize_state_corpus, ExitKind, CURRENT_INPUT_PTR, CURRENT_ON_CRASH_FN},
inmemory::{OnCrashFunction, ExitKind, CURRENT_INPUT_PTR, CURRENT_ON_CRASH_FN, CORPUS_PTR, STATE_PTR, EVENT_MANAGER_PTR},
Executor,
},
engines::State,
feedbacks::FeedbacksTuple,
inputs::Input,
observers::ObserversTuple,
utils::Rand,
};
static mut EVENT_MANAGER_PTR: *mut c_void = ptr::null_mut();
pub unsafe extern "C" fn libaflrs_executor_inmem_handle_crash<EM, C, E, OT, FT, I, R>(
_sig: c_int,
info: siginfo_t,
_void: c_void,
) where
EM: EventManager<C, E, OT, FT, I, R>,
EM: EventManager<C, E, FT, I, R>,
C: Corpus<I, R>,
E: Executor<I>,
OT: ObserversTuple,
@ -238,14 +258,18 @@ pub mod unix_signals {
let _ = stdout().flush();
let input = (CURRENT_INPUT_PTR as *const I).as_ref().unwrap();
let corpus = (CORPUS_PTR as *const C).as_ref().unwrap();
let state = (EVENT_MANAGER_PTR as *const State<I, R, FT>).as_ref().unwrap();
let manager = (EVENT_MANAGER_PTR as *mut EM).as_mut().unwrap();
manager.crash(input).expect("Error in sending Crash event");
if !CURRENT_ON_CRASH_FN.is_null() {
(*CURRENT_ON_CRASH_FN)(
(*(CURRENT_ON_CRASH_FN as *mut OnCrashFunction<I, C, EM, FT, R>))(
ExitKind::Crash,
&serialize_state_corpus::<C, FT, I, OT, R>().unwrap(),
state,
corpus,
manager
);
}
@ -257,7 +281,7 @@ pub mod unix_signals {
_info: siginfo_t,
_void: c_void,
) where
EM: EventManager<C, E, OT, FT, I, R>,
EM: EventManager<C, E, FT, I, R>,
C: Corpus<I, R>,
E: Executor<I>,
OT: ObserversTuple,
@ -272,6 +296,8 @@ pub mod unix_signals {
}
let input = (CURRENT_INPUT_PTR as *const I).as_ref().unwrap();
let corpus = (CORPUS_PTR as *const C).as_ref().unwrap();
let state = (EVENT_MANAGER_PTR as *const State<I, R, FT>).as_ref().unwrap();
let manager = (EVENT_MANAGER_PTR as *mut EM).as_mut().unwrap();
manager
@ -279,9 +305,11 @@ pub mod unix_signals {
.expect("Error in sending Timeout event");
if !CURRENT_ON_CRASH_FN.is_null() {
(*CURRENT_ON_CRASH_FN)(
(*(CURRENT_ON_CRASH_FN as *mut OnCrashFunction<I, C, EM, FT, R>))(
ExitKind::Timeout,
&serialize_state_corpus::<C, FT, I, OT, R>().unwrap(),
state,
corpus,
manager
);
}
@ -292,9 +320,9 @@ pub mod unix_signals {
}
// TODO clearly state that manager should be static (maybe put the 'static lifetime?)
pub unsafe fn setup_crash_handlers<EM, C, E, OT, FT, I, R>(manager: &mut EM)
pub unsafe fn setup_crash_handlers<EM, C, E, OT, FT, I, R>(state: &State<I, R, FT>, corpus: &C, manager: &mut EM)
where
EM: EventManager<C, E, OT, FT, I, R>,
EM: EventManager<C, E, FT, I, R>,
C: Corpus<I, R>,
E: Executor<I>,
OT: ObserversTuple,
@ -302,6 +330,8 @@ pub mod unix_signals {
I: Input,
R: Rand,
{
CORPUS_PTR = corpus as *const _ as *const c_void;
STATE_PTR = state as *const _ as *const c_void;
EVENT_MANAGER_PTR = manager as *mut _ as *mut c_void;
let mut sa: sigaction = mem::zeroed();

16
afl/src/stages/mod.rs
View File

@ -16,7 +16,7 @@ use crate::AflError;
/// Multiple stages will be scheduled one by one for each input.
pub trait Stage<EM, E, OT, FT, ET, C, I, R>
where
EM: EventManager<C, E, OT, FT, I, R>,
EM: EventManager<C, E, FT, I, R>,
E: Executor<I> + HasObservers<OT>,
OT: ObserversTuple,
FT: FeedbacksTuple<I>,
@ -29,7 +29,7 @@ where
fn perform(
&mut self,
rand: &mut R,
state: &mut State<I, R, FT, OT>,
state: &mut State<I, R, FT>,
corpus: &mut C,
engine: &mut Engine<E, OT, ET, I>,
manager: &mut EM,
@ -39,7 +39,7 @@ where
pub trait StagesTuple<EM, E, OT, FT, ET, C, I, R>
where
EM: EventManager<C, E, OT, FT, I, R>,
EM: EventManager<C, E, FT, I, R>,
E: Executor<I> + HasObservers<OT>,
OT: ObserversTuple,
FT: FeedbacksTuple<I>,
@ -51,7 +51,7 @@ where
fn perform_all(
&mut self,
rand: &mut R,
state: &mut State<I, R, FT, OT>,
state: &mut State<I, R, FT>,
corpus: &mut C,
engine: &mut Engine<E, OT, ET, I>,
manager: &mut EM,
@ -63,7 +63,7 @@ where
impl<EM, E, OT, FT, ET, C, I, R> StagesTuple<EM, E, OT, FT, ET, C, I, R> for ()
where
EM: EventManager<C, E, OT, FT, I, R>,
EM: EventManager<C, E, FT, I, R>,
E: Executor<I> + HasObservers<OT>,
OT: ObserversTuple,
FT: FeedbacksTuple<I>,
@ -75,7 +75,7 @@ where
fn perform_all(
&mut self,
_rand: &mut R,
_state: &mut State<I, R, FT, OT>,
_state: &mut State<I, R, FT>,
_corpus: &mut C,
_engine: &mut Engine<E, OT, ET, I>,
_manager: &mut EM,
@ -92,7 +92,7 @@ impl<Head, Tail, EM, E, OT, FT, ET, C, I, R> StagesTuple<EM, E, OT, FT, ET, C, I
where
Head: Stage<EM, E, OT, FT, ET, C, I, R>,
Tail: StagesTuple<EM, E, OT, FT, ET, C, I, R> + TupleList,
EM: EventManager<C, E, OT, FT, I, R>,
EM: EventManager<C, E, FT, I, R>,
E: Executor<I> + HasObservers<OT>,
OT: ObserversTuple,
FT: FeedbacksTuple<I>,
@ -104,7 +104,7 @@ where
fn perform_all(
&mut self,
rand: &mut R,
state: &mut State<I, R, FT, OT>,
state: &mut State<I, R, FT>,
corpus: &mut C,
engine: &mut Engine<E, OT, ET, I>,
manager: &mut EM,

14
afl/src/stages/mutational.rs
View File

@ -21,7 +21,7 @@ pub trait MutationalStage<M, EM, E, OT, FT, ET, C, I, R>:
Stage<EM, E, OT, FT, ET, C, I, R>
where
M: Mutator<C, I, R>,
EM: EventManager<C, E, OT, FT, I, R>,
EM: EventManager<C, E, FT, I, R>,
E: Executor<I> + HasObservers<OT>,
OT: ObserversTuple,
FT: FeedbacksTuple<I>,
@ -47,7 +47,7 @@ where
fn perform_mutational(
&mut self,
rand: &mut R,
state: &mut State<I, R, FT, OT>,
state: &mut State<I, R, FT>,
corpus: &mut C,
engine: &mut Engine<E, OT, ET, I>,
manager: &mut EM,
@ -89,7 +89,7 @@ where
pub struct StdMutationalStage<M, EM, E, OT, FT, ET, C, I, R>
where
M: Mutator<C, I, R>,
EM: EventManager<C, E, OT, FT, I, R>,
EM: EventManager<C, E, FT, I, R>,
E: Executor<I> + HasObservers<OT>,
OT: ObserversTuple,
FT: FeedbacksTuple<I>,
@ -106,7 +106,7 @@ impl<M, EM, E, OT, FT, ET, C, I, R> MutationalStage<M, EM, E, OT, FT, ET, C, I,
for StdMutationalStage<M, EM, E, OT, FT, ET, C, I, R>
where
M: Mutator<C, I, R>,
EM: EventManager<C, E, OT, FT, I, R>,
EM: EventManager<C, E, FT, I, R>,
E: Executor<I> + HasObservers<OT>,
OT: ObserversTuple,
FT: FeedbacksTuple<I>,
@ -132,7 +132,7 @@ impl<M, EM, E, OT, FT, ET, C, I, R> Stage<EM, E, OT, FT, ET, C, I, R>
for StdMutationalStage<M, EM, E, OT, FT, ET, C, I, R>
where
M: Mutator<C, I, R>,
EM: EventManager<C, E, OT, FT, I, R>,
EM: EventManager<C, E, FT, I, R>,
E: Executor<I> + HasObservers<OT>,
OT: ObserversTuple,
FT: FeedbacksTuple<I>,
@ -145,7 +145,7 @@ where
fn perform(
&mut self,
rand: &mut R,
state: &mut State<I, R, FT, OT>,
state: &mut State<I, R, FT>,
corpus: &mut C,
engine: &mut Engine<E, OT, ET, I>,
manager: &mut EM,
@ -158,7 +158,7 @@ where
impl<M, EM, E, OT, FT, ET, C, I, R> StdMutationalStage<M, EM, E, OT, FT, ET, C, I, R>
where
M: Mutator<C, I, R>,
EM: EventManager<C, E, OT, FT, I, R>,
EM: EventManager<C, E, FT, I, R>,
E: Executor<I> + HasObservers<OT>,
OT: ObserversTuple,
FT: FeedbacksTuple<I>,