More LibAFL_QEMU Launcher things (#3000)
* More LibAFL_QEMU Launcher things * Fix CI --------- Co-authored-by: Dongjia "toka" Zhang <tokazerkje@outlook.com>
This commit is contained in:
Dominik Maier
GitHub
parent
40c0a8c57c
commit
e5ba51aae4
@ -6,18 +6,19 @@ use std::{
|
||||
|
||||
use clap::Parser;
|
||||
#[cfg(feature = "simplemgr")]
|
||||
use libafl::events::{ClientDescription, SimpleEventManager};
|
||||
use libafl::events::SimpleEventManager;
|
||||
#[cfg(not(feature = "simplemgr"))]
|
||||
use libafl::events::{EventConfig, Launcher, MonitorTypedEventManager};
|
||||
use libafl::{
|
||||
events::{ClientDescription, LlmpEventManagerBuilder},
|
||||
monitors::{tui::TuiMonitor, Monitor, MultiMonitor},
|
||||
Error,
|
||||
};
|
||||
#[cfg(feature = "simplemgr")]
|
||||
use libafl_bolts::core_affinity::CoreId;
|
||||
use libafl_bolts::current_time;
|
||||
#[cfg(not(feature = "simplemgr"))]
|
||||
use libafl_bolts::shmem::{ShMemProvider, StdShMemProvider};
|
||||
use libafl_bolts::{core_affinity::CoreId, current_time};
|
||||
#[cfg(not(feature = "simplemgr"))]
|
||||
use libafl_bolts::{llmp::LlmpBroker, staterestore::StateRestorer, tuples::tuple_list};
|
||||
#[cfg(unix)]
|
||||
use {
|
||||
nix::unistd::dup,
|
||||
@ -83,7 +84,7 @@ impl Fuzzer {
|
||||
{
|
||||
// The shared memory allocator
|
||||
#[cfg(not(feature = "simplemgr"))]
|
||||
let shmem_provider = StdShMemProvider::new()?;
|
||||
let mut shmem_provider = StdShMemProvider::new()?;
|
||||
/* If we are running in verbose, don't provide a replacement stdout, otherwise, use /dev/null */
|
||||
#[cfg(not(feature = "simplemgr"))]
|
||||
let stdout = if self.options.verbose {
|
||||
@ -94,12 +95,43 @@ impl Fuzzer {
|
||||
|
||||
let client = Client::new(&self.options);
|
||||
|
||||
#[cfg(not(feature = "simplemgr"))]
|
||||
if self.options.rerun_input.is_some() {
|
||||
// If we want to rerun a single input but we use a restarting mgr, we'll have to create a fake restarting mgr that doesn't actually restart.
|
||||
// It's not pretty but better than recompiling with simplemgr.
|
||||
|
||||
// Just a random number, let's hope it's free :)
|
||||
let broker_port = 13120;
|
||||
let _fake_broker = LlmpBroker::create_attach_to_tcp(
|
||||
shmem_provider.clone(),
|
||||
tuple_list!(),
|
||||
broker_port,
|
||||
)
|
||||
.unwrap();
|
||||
|
||||
// To rerun an input, instead of using a launcher, we create dummy parameters and run the client directly.
|
||||
// NOTE: This is a hack for debugging that that will only work for non-crashing inputs.
|
||||
return client.run(
|
||||
None,
|
||||
MonitorTypedEventManager::<_, M>::new(
|
||||
LlmpEventManagerBuilder::builder()
|
||||
.build_on_port(
|
||||
shmem_provider.clone(),
|
||||
broker_port,
|
||||
EventConfig::AlwaysUnique,
|
||||
None,
|
||||
Some(StateRestorer::new(
|
||||
shmem_provider.new_shmem(0x1000).unwrap(),
|
||||
)),
|
||||
)
|
||||
.unwrap(),
|
||||
),
|
||||
ClientDescription::new(0, 0, CoreId(0)),
|
||||
);
|
||||
}
|
||||
|
||||
#[cfg(feature = "simplemgr")]
|
||||
if self.options.rerun_input.is_some() {
|
||||
// only for simplemgr
|
||||
// DON'T USE LLMP HERE!!
|
||||
// it doesn't work like that
|
||||
|
||||
return client.run(
|
||||
None,
|
||||
SimpleEventManager::new(monitor),
|
||||
|
||||
@ -378,15 +378,15 @@ impl<M: Monitor> Instance<'_, M> {
|
||||
executor: &mut QemuExecutor<'a, C, CM, ED, EM, (SnapshotModule, ET), H, I, OT, S, SM, Z>,
|
||||
qemu: Qemu,
|
||||
) where
|
||||
I: Input + Unpin,
|
||||
ET: EmulatorModuleTuple<I, S>,
|
||||
S: HasCorpus<I> + HasCurrentCorpusId + HasSolutions<I> + HasExecutions + Unpin,
|
||||
H: for<'e, 's, 'i> FnMut(
|
||||
&'e mut Emulator<C, CM, ED, (SnapshotModule, ET), I, S, SM>,
|
||||
&'s mut S,
|
||||
&'i I,
|
||||
) -> ExitKind,
|
||||
I: Input + Unpin,
|
||||
OT: ObserversTuple<I, S>,
|
||||
S: HasCorpus<I> + HasCurrentCorpusId + HasSolutions<I> + HasExecutions + Unpin,
|
||||
{
|
||||
executor
|
||||
.inner_mut()
|
||||
@ -406,15 +406,15 @@ impl<M: Monitor> Instance<'_, M> {
|
||||
>,
|
||||
qemu: Qemu,
|
||||
) where
|
||||
I: Input + Unpin,
|
||||
ET: EmulatorModuleTuple<I, S>,
|
||||
S: HasCorpus<I> + HasCurrentCorpusId + HasSolutions<I> + HasExecutions + Unpin,
|
||||
H: for<'e, 's, 'i> FnMut(
|
||||
&'e mut Emulator<C, CM, ED, (SnapshotModule, ET), I, S, SM>,
|
||||
&'s mut S,
|
||||
&'i I,
|
||||
) -> ExitKind,
|
||||
I: Input + Unpin,
|
||||
OT: ObserversTuple<I, S>,
|
||||
S: HasCorpus<I> + HasCurrentCorpusId + HasSolutions<I> + HasExecutions + Unpin,
|
||||
SOT: ObserversTuple<I, S>,
|
||||
{
|
||||
executor
|
||||
@ -427,7 +427,7 @@ impl<M: Monitor> Instance<'_, M> {
|
||||
.reset(qemu);
|
||||
}
|
||||
|
||||
fn fuzz<Z, E, ST, RSM>(
|
||||
fn fuzz<Z, E, RSM, ST>(
|
||||
&mut self,
|
||||
state: &mut ClientState,
|
||||
fuzzer: &mut Z,
|
||||
@ -437,10 +437,10 @@ impl<M: Monitor> Instance<'_, M> {
|
||||
stages: &mut ST,
|
||||
) -> Result<(), Error>
|
||||
where
|
||||
Z: Fuzzer<E, ClientMgr<M>, BytesInput, ClientState, ST>
|
||||
+ Evaluator<E, ClientMgr<M>, BytesInput, ClientState>,
|
||||
ST: StagesTuple<E, ClientMgr<M>, ClientState, Z>,
|
||||
RSM: Fn(&mut E, Qemu),
|
||||
Z: Fuzzer<E, ClientMgr<M>, BytesInput, ClientState, ST>
|
||||
+ Evaluator<E, ClientMgr<M>, BytesInput, ClientState>,
|
||||
{
|
||||
if state.must_load_initial_inputs() {
|
||||
let corpus_dirs = [self.options.input_dir()];
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user