From e757a5da9a7a80fec1f2966826cdc70c78e61efb Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Mon, 14 Dec 2020 01:01:06 +0100 Subject: [PATCH] got rid of event cpy --- afl/src/engines/mod.rs | 20 +++--- afl/src/events/mod.rs | 116 +++++++++++++++------------------- afl/src/executors/inmemory.rs | 2 +- afl/src/stages/mod.rs | 8 +-- afl/src/stages/mutational.rs | 4 +- 5 files changed, 68 insertions(+), 82 deletions(-) diff --git a/afl/src/engines/mod.rs b/afl/src/engines/mod.rs index 24fb6a28ae..b656132489 100644 --- a/afl/src/engines/mod.rs +++ b/afl/src/engines/mod.rs @@ -23,11 +23,12 @@ pub trait StateMetadata: Debug { } /// The state a fuzz run. -pub struct State +pub struct State where I: Input, R: Rand, FT: FeedbacksTuple, + OT: ObserversTuple, { /// How many times the executor ran the harness/target executions: usize, @@ -37,14 +38,15 @@ where metadatas: HashMap<&'static str, Box>, // additional_corpuses: HashMap<&'static str, Box>, feedbacks: FT, - phantom: PhantomData<(I, R)>, + phantom: PhantomData<(I, R, OT)>, } -impl State +impl State where I: Input, R: Rand, FT: FeedbacksTuple, + OT: ObserversTuple, { /// Get executions #[inline] @@ -113,7 +115,7 @@ where // TODO move some of these, like evaluate_input, to FuzzingEngine #[inline] - pub fn is_interesting(&mut self, input: &I, observers: &OT) -> Result + pub fn is_interesting(&mut self, input: &I, observers: &OT) -> Result where OT: ObserversTuple, { @@ -121,10 +123,9 @@ where } /// Runs the input and triggers observers and feedback - pub fn evaluate_input(&mut self, input: &I, executor: &mut E) -> Result + pub fn evaluate_input(&mut self, input: &I, executor: &mut E) -> Result where E: Executor + HasObservers, - OT: ObserversTuple, { executor.reset_observers()?; executor.run_target(&input)?; @@ -187,7 +188,7 @@ where } } - pub fn generate_initial_inputs( + pub fn generate_initial_inputs( &mut self, rand: &mut R, corpus: &mut C, @@ -200,7 +201,6 @@ where G: Generator, C: Corpus, E: Executor + HasObservers, - OT: ObserversTuple, ET: ExecutorsTuple, EM: EventManager, { @@ -311,7 +311,7 @@ where fn fuzz_one( &mut self, rand: &mut R, - state: &mut State, + state: &mut State, corpus: &mut C, engine: &mut Engine, manager: &mut EM, @@ -328,7 +328,7 @@ where fn fuzz_loop( &mut self, rand: &mut R, - state: &mut State, + state: &mut State, corpus: &mut C, engine: &mut Engine, manager: &mut EM, diff --git a/afl/src/events/mod.rs b/afl/src/events/mod.rs index 58fc988c26..8465d4766f 100644 --- a/afl/src/events/mod.rs +++ b/afl/src/events/mod.rs @@ -5,7 +5,6 @@ pub mod shmem_translated; use alloc::string::String; use core::{marker::PhantomData, time}; -use tuple_list::tuple_list_type; use serde::{Deserialize, Serialize}; @@ -35,10 +34,7 @@ pub enum BrokerEventResult { pub struct ClientStats { // stats (maybe we need a separated struct?) - id: usize, executions: u64, - execs_over_sec: u64, - corpus_size: usize, } /// A custom event, for own messages, with own handler. @@ -180,6 +176,44 @@ where } } + +/// Client fun +fn handle_in_client ( + event: Event, + state: &mut State, + corpus: &mut C, +) -> Result<(), AflError> +where + C: Corpus, + OT: ObserversTuple, + FT: FeedbacksTuple, + I: Input, + R: Rand, +{ + match event { + Event::NewTestcase { + sender_id: _, + input, + observers_buf, + client_config: _, + } => { + // TODO: here u should match client_config, if equal to the current one do not re-execute + // we need to pass engine to process() too, TODO + #[cfg(feature = "std")] + println!("Received new Testcase"); + let observers = postcard::from_bytes(&observers_buf)?; + let interestingness = state.is_interesting(&input, &observers)?; + state.add_if_interesting(corpus, input, interestingness)?; + Ok(()) + } + _ => Err(AflError::Unknown( + format!("Received illegal message that message should not have arrived: {:?}.", event), + )), + } +} + + + pub trait EventManager where C: Corpus, @@ -194,7 +228,7 @@ where /// Lookup for incoming events and process them. /// Return the number of processes events or an error - fn process(&mut self, state: &mut State, corpus: &mut C) -> Result; + fn process(&mut self, state: &mut State, corpus: &mut C) -> Result; /// the client stat, mutable fn client_stats_mut(&mut self) -> &mut Vec; @@ -262,11 +296,8 @@ where } => { // TODO: The stats buffer should be added on client add. let client_stat_count = self.client_stats().len(); - for i in client_stat_count..(*sender_id + 1) as usize { + for _ in client_stat_count..(*sender_id + 1) as usize { self.client_stats_mut().push(ClientStats { - id: client_stat_count + i, - corpus_size: 0, - execs_over_sec: 0, executions: 0, }) } @@ -307,35 +338,6 @@ where } } - /// Client fun - fn handle_in_client( - &mut self, - event: Event, - state: &mut State, - corpus: &mut C, - ) -> Result<(), AflError> { - match event { - Event::NewTestcase { - sender_id: _, - input, - observers_buf, - client_config: _, - } => { - // TODO: here u should match client_config, if equal to the current one do not re-execute - // we need to pass engine to process() too, TODO - #[cfg(feature = "std")] - println!("Received new Testcase"); - let observers: OT = self.deserialize_observers(&observers_buf)?; - let interestingness = state.is_interesting(&input, &observers)?; - state.add_if_interesting(corpus, input, interestingness)?; - Ok(()) - } - _ => Err(AflError::Unknown( - format!("Received illegal message that message should not have arrived: {:?}.", event), - )), - } - } - fn serialize_observers(&mut self, observers: &OT) -> Result, AflError> { Ok(postcard::to_allocvec(observers)?) } @@ -358,12 +360,9 @@ where //CE: CustomEvent, { writer: W, - count: usize, events: Vec>, // stats (maybe we need a separated struct?) - executions: usize, - execs_over_sec: u64, corpus_size: usize, start_time: time::Duration, client_stats: Vec, @@ -395,12 +394,11 @@ where fn process( &mut self, - state: &mut State, + state: &mut State, corpus: &mut C, ) -> Result { let count = self.events.len(); - let events: Vec> = self.events.drain(..).collect(); - events.into_iter().try_for_each(|x| self.handle_in_client(x, state, corpus))?; + self.events.drain(..).try_for_each(|event| handle_in_client(event, state, corpus))?; Ok(count) } @@ -443,9 +441,6 @@ where start_time: utils::current_time(), client_stats: vec![], writer: writer, - count: 0, - executions: 0, - execs_over_sec: 0, corpus_size: 0, phantom: PhantomData, events: vec![], @@ -500,25 +495,24 @@ where fn process( &mut self, - state: &mut State, + state: &mut State, corpus: &mut C, ) -> Result { // TODO: Get around local event copy by moving handle_in_client - let mut events = vec![]; - match &mut self.llmp { + Ok(match &mut self.llmp { llmp::LlmpConnection::IsClient {client} => { - let mut msg_count = 0; + let mut count = 0; loop { - match client.recv_buf()? { Some((tag, event_buf)) => { if tag == _LLMP_TAG_EVENT_TO_BROKER { continue; } let event: Event = postcard::from_bytes(event_buf)?; - events.push(event); + handle_in_client(event, state, corpus)?; + count += 1; }, - None => break msg_count, + None => break count, } } }, @@ -526,10 +520,7 @@ where dbg!("Skipping process in broker"); 0 } - }; - let count = events.len(); - events.into_iter().try_for_each(|event| self.handle_in_client(event, state, corpus))?; - Ok(count) + }) } fn client_stats_mut(&mut self) -> &mut Vec { @@ -558,22 +549,17 @@ where #[cfg(test)] mod tests { - use std::io::stderr; - use crate::events::EventManager; use crate::inputs::bytes::BytesInput; use crate::observers::StdMapObserver; - use crate::serde_anymap::{Ptr, PtrMut}; - use crate::tuples::{tuple_list, tuple_list_type, MatchNameAndType, Named}; + use crate::tuples::{tuple_list, MatchNameAndType, Named}; use crate::{events::Event, observers::ObserversTuple}; - use super::LoggerEventManager; - static mut MAP: [u32; 4] = [0; 4]; #[test] fn test_event_serde() { let obv = StdMapObserver::new("test", unsafe { &mut MAP }); - let mut map = tuple_list!(obv); + let map = tuple_list!(obv); let observers_buf = map.serialize().unwrap(); // test_event_mgr.serialize_observers(&map).unwrap(); diff --git a/afl/src/executors/inmemory.rs b/afl/src/executors/inmemory.rs index bb47c01824..af404c0dad 100644 --- a/afl/src/executors/inmemory.rs +++ b/afl/src/executors/inmemory.rs @@ -195,7 +195,7 @@ mod tests { use serde::{Deserialize, Serialize}; - #[derive(Clone, Serialize, Deserialize)] + #[derive(Clone, Serialize, Deserialize, Debug)] struct NopInput {} impl Input for NopInput {} impl HasTargetBytes for NopInput { diff --git a/afl/src/stages/mod.rs b/afl/src/stages/mod.rs index c47ab9cd82..4c10a60b3b 100644 --- a/afl/src/stages/mod.rs +++ b/afl/src/stages/mod.rs @@ -29,7 +29,7 @@ where fn perform( &mut self, rand: &mut R, - state: &mut State, + state: &mut State, corpus: &mut C, engine: &mut Engine, manager: &mut EM, @@ -51,7 +51,7 @@ where fn perform_all( &mut self, rand: &mut R, - state: &mut State, + state: &mut State, corpus: &mut C, engine: &mut Engine, manager: &mut EM, @@ -75,7 +75,7 @@ where fn perform_all( &mut self, _rand: &mut R, - _state: &mut State, + _state: &mut State, _corpus: &mut C, _engine: &mut Engine, _manager: &mut EM, @@ -104,7 +104,7 @@ where fn perform_all( &mut self, rand: &mut R, - state: &mut State, + state: &mut State, corpus: &mut C, engine: &mut Engine, manager: &mut EM, diff --git a/afl/src/stages/mutational.rs b/afl/src/stages/mutational.rs index b102a69f63..501dc66dee 100644 --- a/afl/src/stages/mutational.rs +++ b/afl/src/stages/mutational.rs @@ -47,7 +47,7 @@ where fn perform_mutational( &mut self, rand: &mut R, - state: &mut State, + state: &mut State, corpus: &mut C, engine: &mut Engine, manager: &mut EM, @@ -143,7 +143,7 @@ where fn perform( &mut self, rand: &mut R, - state: &mut State, + state: &mut State, corpus: &mut C, engine: &mut Engine, manager: &mut EM,