Merge branch 'main' of github.com:AFLplusplus/LibAFLrs into main
This commit is contained in:
Andrea Fioraldi
commit
d2ddef2823
@ -17,13 +17,13 @@ use self::{
|
|||||||
};
|
};
|
||||||
use crate::{
|
use crate::{
|
||||||
corpus::Corpus,
|
corpus::Corpus,
|
||||||
|
engines::State,
|
||||||
feedbacks::FeedbacksTuple,
|
feedbacks::FeedbacksTuple,
|
||||||
inputs::Input,
|
inputs::Input,
|
||||||
observers::ObserversTuple,
|
observers::ObserversTuple,
|
||||||
serde_anymap::Ptr,
|
serde_anymap::Ptr,
|
||||||
utils::Rand,
|
utils::{current_time, Rand},
|
||||||
AflError,
|
AflError,
|
||||||
{engines::State, utils},
|
|
||||||
};
|
};
|
||||||
#[cfg(feature = "std")]
|
#[cfg(feature = "std")]
|
||||||
use shmem::AflShmem;
|
use shmem::AflShmem;
|
||||||
@ -104,7 +104,7 @@ pub trait Stats {
|
|||||||
/// Executions per second
|
/// Executions per second
|
||||||
#[inline]
|
#[inline]
|
||||||
fn execs_per_sec(&mut self) -> u64 {
|
fn execs_per_sec(&mut self) -> u64 {
|
||||||
let cur_time = utils::current_time();
|
let cur_time = current_time();
|
||||||
self.client_stats()
|
self.client_stats()
|
||||||
.iter()
|
.iter()
|
||||||
.fold(0u64, |acc, x| acc + x.execs_per_sec(cur_time))
|
.fold(0u64, |acc, x| acc + x.execs_per_sec(cur_time))
|
||||||
@ -115,7 +115,7 @@ pub trait Stats {
|
|||||||
let client_stat_count = self.client_stats().len();
|
let client_stat_count = self.client_stats().len();
|
||||||
for _ in client_stat_count..(client_id + 1) as usize {
|
for _ in client_stat_count..(client_id + 1) as usize {
|
||||||
self.client_stats_mut().push(ClientStats {
|
self.client_stats_mut().push(ClientStats {
|
||||||
last_window_time: utils::current_time(),
|
last_window_time: current_time(),
|
||||||
..Default::default()
|
..Default::default()
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
@ -173,7 +173,7 @@ where
|
|||||||
pub fn new(print_fn: F) -> Self {
|
pub fn new(print_fn: F) -> Self {
|
||||||
Self {
|
Self {
|
||||||
print_fn: print_fn,
|
print_fn: print_fn,
|
||||||
start_time: utils::current_time(),
|
start_time: current_time(),
|
||||||
corpus_size: 0,
|
corpus_size: 0,
|
||||||
client_stats: vec![],
|
client_stats: vec![],
|
||||||
}
|
}
|
||||||
|
|||||||
@ -265,7 +265,19 @@ pub mod unix_signals {
|
|||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
// TODO: send LLMP.
|
/* TODO: If we want to be on the safe side, we really need to do this:
|
||||||
|
match manager.llmp {
|
||||||
|
IsClient { client } => {
|
||||||
|
let map = client.out_maps.last().unwrap();
|
||||||
|
/// wait until we can drop the message safely.
|
||||||
|
map.await_save_to_unmap_blocking();
|
||||||
|
/// Make sure all pages are unmapped.
|
||||||
|
drop(manager);
|
||||||
|
}
|
||||||
|
_ => (),
|
||||||
|
}
|
||||||
|
*/
|
||||||
|
|
||||||
println!("Timeout in fuzz run.");
|
println!("Timeout in fuzz run.");
|
||||||
let _ = stdout().flush();
|
let _ = stdout().flush();
|
||||||
process::abort();
|
process::abort();
|
||||||
|
|||||||
@ -225,7 +225,13 @@ where
|
|||||||
|
|
||||||
impl<T, R, O, I> Feedback<I> for MapFeedback<T, R, O>
|
impl<T, R, O, I> Feedback<I> for MapFeedback<T, R, O>
|
||||||
where
|
where
|
||||||
T: Integer + Default + Copy + 'static + serde::Serialize + serde::de::DeserializeOwned,
|
T: Integer
|
||||||
|
+ Default
|
||||||
|
+ Copy
|
||||||
|
+ 'static
|
||||||
|
+ serde::Serialize
|
||||||
|
+ serde::de::DeserializeOwned
|
||||||
|
+ core::fmt::Debug,
|
||||||
R: Reducer<T>,
|
R: Reducer<T>,
|
||||||
O: MapObserver<T>,
|
O: MapObserver<T>,
|
||||||
I: Input,
|
I: Input,
|
||||||
@ -239,6 +245,7 @@ where
|
|||||||
// TODO optimize
|
// TODO optimize
|
||||||
let observer = observers.match_name_type::<O>(&self.name).unwrap();
|
let observer = observers.match_name_type::<O>(&self.name).unwrap();
|
||||||
let size = observer.usable_count();
|
let size = observer.usable_count();
|
||||||
|
//println!("count: {:?}, map: {:?}, history: {:?}", size, observer.map(), &self.history_map);
|
||||||
for i in 0..size {
|
for i in 0..size {
|
||||||
let history = self.history_map[i];
|
let history = self.history_map[i];
|
||||||
let item = observer.map()[i];
|
let item = observer.map()[i];
|
||||||
@ -249,6 +256,9 @@ where
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
//println!("..interesting: {:?}, new_history: {:?}\n", interesting, &self.history_map);
|
||||||
|
//std::thread::sleep(std::time::Duration::from_millis(100));
|
||||||
|
|
||||||
Ok(interesting)
|
Ok(interesting)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -20,6 +20,10 @@ fn main() {
|
|||||||
let libpng_path = Path::new(&libpng);
|
let libpng_path = Path::new(&libpng);
|
||||||
let libpng_tar = format!("{}/libpng-1.6.37.tar.xz", &cwd);
|
let libpng_tar = format!("{}/libpng-1.6.37.tar.xz", &cwd);
|
||||||
|
|
||||||
|
// Enforce clang for its -fsanitize-coverage support.
|
||||||
|
std::env::set_var("CC", "clang");
|
||||||
|
std::env::set_var("CXX", "clang++");
|
||||||
|
|
||||||
if !libpng_path.is_dir() {
|
if !libpng_path.is_dir() {
|
||||||
if !Path::new(&libpng_tar).is_file() {
|
if !Path::new(&libpng_tar).is_file() {
|
||||||
println!("cargo:warning=Libpng not found, downloading...");
|
println!("cargo:warning=Libpng not found, downloading...");
|
||||||
@ -84,9 +88,6 @@ fn main() {
|
|||||||
.unwrap();
|
.unwrap();
|
||||||
}
|
}
|
||||||
|
|
||||||
std::env::set_var("CC", "clang");
|
|
||||||
std::env::set_var("CXX", "clang++");
|
|
||||||
|
|
||||||
cc::Build::new()
|
cc::Build::new()
|
||||||
.file("../libfuzzer_runtime/rt.c")
|
.file("../libfuzzer_runtime/rt.c")
|
||||||
.compile("libfuzzer-sys");
|
.compile("libfuzzer-sys");
|
||||||
|
|||||||
@ -181,6 +181,7 @@ fn fuzz(input: Option<Vec<PathBuf>>, broker_port: u16) -> Result<(), AflError> {
|
|||||||
// If we're restarting, deserialize the old state.
|
// If we're restarting, deserialize the old state.
|
||||||
let (mut state, mut corpus, mut mgr) = match receiver.recv_buf()? {
|
let (mut state, mut corpus, mut mgr) = match receiver.recv_buf()? {
|
||||||
None => {
|
None => {
|
||||||
|
println!("First run. Let's set it all up");
|
||||||
// Mgr to send and receive msgs from/to all other fuzzer instances
|
// Mgr to send and receive msgs from/to all other fuzzer instances
|
||||||
mgr = LlmpEventManager::<BytesInput, _, _>::existing_client_from_env_std(
|
mgr = LlmpEventManager::<BytesInput, _, _>::existing_client_from_env_std(
|
||||||
ENV_FUZZER_BROKER_CLIENT_INITIAL,
|
ENV_FUZZER_BROKER_CLIENT_INITIAL,
|
||||||
@ -194,7 +195,10 @@ fn fuzz(input: Option<Vec<PathBuf>>, broker_port: u16) -> Result<(), AflError> {
|
|||||||
(state, corpus, mgr)
|
(state, corpus, mgr)
|
||||||
}
|
}
|
||||||
// Restoring from a previous run, deserialize state and corpus.
|
// Restoring from a previous run, deserialize state and corpus.
|
||||||
Some((_sender, _tag, msg)) => deserialize_state_corpus_mgr(&msg, stats)?,
|
Some((_sender, _tag, msg)) => {
|
||||||
|
println!("Subsequent run. Let's load all data from shmem (received {} bytes from previous instance)", msg.len());
|
||||||
|
deserialize_state_corpus_mgr(&msg, stats)?
|
||||||
|
}
|
||||||
};
|
};
|
||||||
// We reset the sender, the next sender and receiver (after crash) will reuse the page from the initial message.
|
// We reset the sender, the next sender and receiver (after crash) will reuse the page from the initial message.
|
||||||
unsafe { sender.reset_last_page() };
|
unsafe { sender.reset_last_page() };
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user