Fix concolic fuzzer and add related CI tests (#559)

* fix concolic fuzzer & add related CI tests * More cargo fmt * More cargo fmt * order matters
2022-03-26 05:51:14 -07:00 · 2022-03-26 05:51:14 -07:00 · e20d345d99
commit e20d345d99
parent fee100715c
3 changed files with 12 additions and 10 deletions
--- a/fuzzers/libfuzzer_stb_image_concolic/fuzzer/src/main.rs
+++ b/fuzzers/libfuzzer_stb_image_concolic/fuzzer/src/main.rs
@ -211,7 +211,7 @@ fn fuzz(

        // The concolic observer observers the concolic shared memory map.
        let concolic_observer =
-            ConcolicObserver::new("concolic".to_string(), concolic_shmem.as_slice_mut());
+            ConcolicObserver::new("concolic".to_string(), concolic_shmem.as_mut_slice());

        let concolic_observer_name = concolic_observer.name().to_string();

@ -242,16 +242,13 @@ fn fuzz(

 use std::process::{Child, Command, Stdio};

-#[derive(Default)]
+#[derive(Default, Debug)]
 pub struct MyCommandConfigurator {
    command: Option<Command>,
 }

-impl<I> CommandConfigurator<I> for MyCommandConfigurator
-where
-    I: HasTargetBytes + Input,
-{
-    fn spawn_child(&mut self, input: &I) -> Result<Child, Error> {
+impl CommandConfigurator for MyCommandConfigurator {
+    fn spawn_child<I: Input + HasTargetBytes>(&mut self, input: &I) -> Result<Child, Error> {
        input.to_file("cur_input")?;

        Ok(Command::new("./target_symcc.out")
--- a/fuzzers/libfuzzer_stb_image_concolic/runtime/src/lib.rs
+++ b/fuzzers/libfuzzer_stb_image_concolic/runtime/src/lib.rs
@ -1,11 +1,11 @@
 //! This is a basic SymCC runtime.
-//! It traces the execution to the shared memory region that should be passed through the environment by the fuzzer process. 
+//! It traces the execution to the shared memory region that should be passed through the environment by the fuzzer process.
 //! Additionally, it concretizes all floating point operations for simplicity.
 //! Refer to the `symcc_runtime` crate documentation for building your own runtime.

 use symcc_runtime::{
    export_runtime,
-    filter::{NoFloat, CallStackCoverage},
+    filter::{CallStackCoverage, NoFloat},
    tracing::{self, StdShMemMessageFileWriter},
    Runtime,
 };
--- a/scripts/test_all_fuzzers.sh
+++ b/scripts/test_all_fuzzers.sh
@ -7,9 +7,14 @@ cd "$SCRIPT_DIR/.."

 fuzzers=$(find ./fuzzers -maxdepth 1 -type d)
 backtrace_fuzzers=$(find ./fuzzers/backtrace_baby_fuzzers -maxdepth 1 -type d)
+extra_fuzzer_and_runtime="
+./fuzzers/libfuzzer_stb_image_concolic/runtime
+./fuzzers/libfuzzer_stb_image_concolic/fuzzer
+"
+
 libafl=$(pwd)

-for fuzzer in $(echo $fuzzers $backtrace_fuzzers);
+for fuzzer in $(echo $fuzzers $backtrace_fuzzers $extra_fuzzer_and_runtime);
 do
    cd $fuzzer
    # Clippy checks