From f856092f3d393056b010fcae3b086769377cba18 Mon Sep 17 00:00:00 2001 From: "Dongjia \"toka\" Zhang" Date: Wed, 21 Aug 2024 16:41:18 +0200 Subject: [PATCH] Fix libxml2 on fuzzbench (#2492) * fix * fmt * fuck * from windows * fix --------- Co-authored-by: Your Name --- libafl/src/executors/hooks/inprocess.rs | 5 +- libafl/src/executors/hooks/unix.rs | 9 +-- libafl/src/executors/hooks/windows.rs | 12 +-- libafl/src/executors/inprocess/inner.rs | 10 +-- libafl/src/executors/inprocess/mod.rs | 89 ++++++++++++---------- libafl/src/executors/inprocess/stateful.rs | 14 ++-- libafl_qemu/src/executor.rs | 2 +- libafl_targets/src/sancov_pcguard.rs | 6 +- libafl_targets/src/windows_asan.rs | 4 +- 9 files changed, 82 insertions(+), 69 deletions(-) diff --git a/libafl/src/executors/hooks/inprocess.rs b/libafl/src/executors/hooks/inprocess.rs index 670dfe6bb6..ce26a26113 100644 --- a/libafl/src/executors/hooks/inprocess.rs +++ b/libafl/src/executors/hooks/inprocess.rs @@ -31,7 +31,6 @@ use crate::{ events::{EventFirer, EventRestarter}, executors::{hooks::ExecutorHook, inprocess::HasInProcessHooks, Executor, HasObservers}, feedbacks::Feedback, - fuzzer::{ExecutionProcessor, HasScheduler}, inputs::UsesInput, state::{HasCorpus, HasExecutions, HasSolutions}, Error, HasObjective, @@ -236,7 +235,7 @@ where EM: EventFirer + EventRestarter, OF: Feedback, E::State: HasExecutions + HasSolutions + HasCorpus, - Z: HasObjective + HasScheduler + ExecutionProcessor, + Z: HasObjective, { // # Safety // We get a pointer to `GLOBAL_STATE` that will be initialized at this point in time. @@ -276,7 +275,7 @@ where EM: EventFirer + EventRestarter, OF: Feedback, E::State: State + HasExecutions + HasSolutions + HasCorpus, - Z: HasObjective + HasScheduler + ExecutionProcessor, + Z: HasObjective, { let ret; #[cfg(feature = "std")] diff --git a/libafl/src/executors/hooks/unix.rs b/libafl/src/executors/hooks/unix.rs index f8c6b6512e..d9072760fc 100644 --- a/libafl/src/executors/hooks/unix.rs +++ b/libafl/src/executors/hooks/unix.rs @@ -17,10 +17,9 @@ pub mod unix_signal_handler { Executor, ExitKind, HasObservers, }, feedbacks::Feedback, - fuzzer::{ExecutionProcessor, HasObjective}, + fuzzer::HasObjective, inputs::{Input, UsesInput}, state::{HasCorpus, HasExecutions, HasSolutions}, - HasScheduler, }; pub(crate) type HandlerFuncPtr = unsafe fn( @@ -80,7 +79,7 @@ pub mod unix_signal_handler { EM: EventFirer + EventRestarter, OF: Feedback, E::State: HasExecutions + HasSolutions + HasCorpus, - Z: HasObjective + ExecutionProcessor + HasScheduler, + Z: HasObjective, { let old_hook = panic::take_hook(); panic::set_hook(Box::new(move |panic_info| unsafe { @@ -127,7 +126,7 @@ pub mod unix_signal_handler { EM: EventFirer + EventRestarter, OF: Feedback, E::State: HasExecutions + HasSolutions + HasCorpus, - Z: HasObjective + ExecutionProcessor + HasScheduler, + Z: HasObjective, { // this stuff is for batch timeout if !data.executor_ptr.is_null() @@ -182,7 +181,7 @@ pub mod unix_signal_handler { EM: EventFirer + EventRestarter, OF: Feedback, E::State: HasExecutions + HasSolutions + HasCorpus, - Z: HasObjective + ExecutionProcessor + HasScheduler, + Z: HasObjective, { #[cfg(all(target_os = "android", target_arch = "aarch64"))] let _context = _context.map(|p| { diff --git a/libafl/src/executors/hooks/windows.rs b/libafl/src/executors/hooks/windows.rs index b7590ba5ae..7aae4e50f4 100644 --- a/libafl/src/executors/hooks/windows.rs +++ b/libafl/src/executors/hooks/windows.rs @@ -18,7 +18,7 @@ pub mod windows_asan_handler { ExitKind, HasObservers, }, feedbacks::Feedback, - fuzzer::{ExecutionProcessor, HasObjective, HasScheduler}, + fuzzer::HasObjective, inputs::UsesInput, state::{HasCorpus, HasExecutions, HasSolutions}, }; @@ -31,7 +31,7 @@ pub mod windows_asan_handler { EM: EventFirer + EventRestarter, OF: Feedback, E::State: HasExecutions + HasSolutions + HasCorpus, - Z: HasObjective + HasScheduler + ExecutionProcessor, + Z: HasObjective, { let data = addr_of_mut!(GLOBAL_STATE); (*data).set_in_handler(true); @@ -132,7 +132,7 @@ pub mod windows_exception_handler { Executor, ExitKind, HasObservers, }, feedbacks::Feedback, - fuzzer::{ExecutionProcessor, HasObjective, HasScheduler}, + fuzzer::HasObjective, inputs::{Input, UsesInput}, state::{HasCorpus, HasExecutions, HasSolutions, State}, }; @@ -179,7 +179,7 @@ pub mod windows_exception_handler { EM: EventFirer + EventRestarter, OF: Feedback, E::State: HasExecutions + HasSolutions + HasCorpus, - Z: HasObjective + HasScheduler + ExecutionProcessor, + Z: HasObjective, { let old_hook = panic::take_hook(); panic::set_hook(Box::new(move |panic_info| unsafe { @@ -239,7 +239,7 @@ pub mod windows_exception_handler { EM: EventFirer + EventRestarter, OF: Feedback, E::State: State + HasExecutions + HasSolutions + HasCorpus, - Z: HasObjective + HasScheduler + ExecutionProcessor, + Z: HasObjective, { let data: &mut InProcessExecutorHandlerData = &mut *(global_state as *mut InProcessExecutorHandlerData); @@ -309,7 +309,7 @@ pub mod windows_exception_handler { EM: EventFirer + EventRestarter, OF: Feedback, E::State: HasExecutions + HasSolutions + HasCorpus, - Z: HasObjective + HasScheduler + ExecutionProcessor, + Z: HasObjective, { // Have we set a timer_before? if data.ptp_timer.is_some() { diff --git a/libafl/src/executors/inprocess/inner.rs b/libafl/src/executors/inprocess/inner.rs index 98bdb4a042..e0d850ac93 100644 --- a/libafl/src/executors/inprocess/inner.rs +++ b/libafl/src/executors/inprocess/inner.rs @@ -26,11 +26,11 @@ use crate::{ Executor, HasObservers, }, feedbacks::Feedback, - fuzzer::{HasObjective, HasScheduler}, + fuzzer::HasObjective, inputs::UsesInput, observers::{ObserversTuple, UsesObservers}, state::{HasCorpus, HasExecutions, HasSolutions, State, UsesState}, - Error, ExecutionProcessor, + Error, }; /// The internal state of `GenericInProcessExecutor`. @@ -177,7 +177,7 @@ where EM: EventFirer + EventRestarter, OF: Feedback, S: State, - Z: HasObjective + HasScheduler + ExecutionProcessor, + Z: HasObjective, { Self::with_timeout_generic::( user_hooks, @@ -204,7 +204,7 @@ where EM: EventFirer + EventRestarter, OF: Feedback, S: State, - Z: HasObjective + HasScheduler + ExecutionProcessor, + Z: HasObjective, { let mut me = Self::with_timeout_generic::( user_hooks, observers, fuzzer, state, event_mgr, exec_tmout, @@ -234,7 +234,7 @@ where EM: EventFirer + EventRestarter, OF: Feedback, S: State, - Z: HasObjective + HasScheduler + ExecutionProcessor, + Z: HasObjective, { let default = InProcessHooks::new::(timeout)?; let mut hooks = tuple_list!(default).merge(user_hooks); diff --git a/libafl/src/executors/inprocess/mod.rs b/libafl/src/executors/inprocess/mod.rs index c555d558df..debc17fe02 100644 --- a/libafl/src/executors/inprocess/mod.rs +++ b/libafl/src/executors/inprocess/mod.rs @@ -21,7 +21,8 @@ use libafl_bolts::tuples::{tuple_list, RefIndexable}; #[cfg(any(unix, feature = "std"))] use crate::executors::hooks::inprocess::GLOBAL_STATE; use crate::{ - events::{EventFirer, EventRestarter}, + corpus::{Corpus, Testcase}, + events::{Event, EventFirer, EventRestarter}, executors::{ hooks::{inprocess::InProcessHooks, ExecutorHooksTuple}, inprocess::inner::GenericInProcessExecutorInner, @@ -31,9 +32,8 @@ use crate::{ fuzzer::HasObjective, inputs::UsesInput, observers::{ObserversTuple, UsesObservers}, - schedulers::Scheduler, - state::{HasCorpus, HasExecutions, HasSolutions, State, UsesState}, - Error, ExecutionProcessor, HasScheduler, + state::{HasCorpus, HasCurrentTestcase, HasExecutions, HasSolutions, State, UsesState}, + Error, ExecutionProcessor, HasMetadata, HasScheduler, }; /// The inner structure of `InProcessExecutor`. @@ -180,7 +180,7 @@ where EM: EventFirer + EventRestarter, OF: Feedback, S: State, - Z: HasObjective + HasScheduler + ExecutionProcessor, + Z: HasObjective, { Self::with_timeout_generic( tuple_list!(), @@ -208,7 +208,7 @@ where EM: EventFirer + EventRestarter, OF: Feedback, S: State, - Z: HasObjective + HasScheduler + ExecutionProcessor, + Z: HasObjective, { let inner = GenericInProcessExecutorInner::batched_timeout_generic::( tuple_list!(), @@ -247,7 +247,7 @@ where EM: EventFirer + EventRestarter, OF: Feedback, S: State, - Z: HasObjective + HasScheduler + ExecutionProcessor, + Z: HasObjective, { let inner = GenericInProcessExecutorInner::with_timeout_generic::( tuple_list!(), @@ -288,7 +288,7 @@ where EM: EventFirer + EventRestarter, OF: Feedback, S: State, - Z: HasObjective + HasScheduler + ExecutionProcessor, + Z: HasObjective, { Self::with_timeout_generic( user_hooks, @@ -317,7 +317,7 @@ where EM: EventFirer + EventRestarter, OF: Feedback, S: State, - Z: HasObjective + HasScheduler + ExecutionProcessor, + Z: HasObjective, { let inner = GenericInProcessExecutorInner::batched_timeout_generic::( user_hooks, observers, fuzzer, state, event_mgr, exec_tmout, @@ -352,7 +352,7 @@ where EM: EventFirer + EventRestarter, OF: Feedback, S: State, - Z: HasObjective + HasScheduler + ExecutionProcessor, + Z: HasObjective, { let inner = GenericInProcessExecutorInner::with_timeout_generic::( user_hooks, observers, fuzzer, state, event_mgr, timeout, @@ -431,47 +431,58 @@ pub fn run_observers_and_save_state( state: &mut E::State, input: &::Input, fuzzer: &mut Z, - manager: &mut EM, - exit_kind: ExitKind, + event_mgr: &mut EM, + exitkind: ExitKind, ) where E: HasObservers, EM: EventFirer + EventRestarter, OF: Feedback, E::State: HasExecutions + HasSolutions + HasCorpus, - Z: HasObjective - + HasScheduler - + ExecutionProcessor, + Z: HasObjective, { - let observers = executor.observers_mut(); - let scheduler = fuzzer.scheduler_mut(); + let mut observers = executor.observers_mut(); - if scheduler.on_evaluation(state, input, &*observers).is_err() { - log::error!("Failed to call on_evaluation"); - return; - } + observers + .post_exec_all(state, input, &exitkind) + .expect("Observers post_exec_all failed"); - let res = fuzzer.check_results(state, manager, input, &*observers, &exit_kind); - if let Ok(exec_res) = res { - if fuzzer - .process_execution(state, manager, input, &exec_res, &*observers) - .is_err() - { - log::error!("Failed to call process_execution"); - return; + let interesting = fuzzer + .objective_mut() + .is_interesting(state, event_mgr, input, &*observers, &exitkind) + .expect("In run_observers_and_save_state objective failure."); + + if interesting { + let executions = *state.executions(); + let mut new_testcase = Testcase::with_executions(input.clone(), executions); + new_testcase.add_metadata(exitkind); + new_testcase.set_parent_id_optional(*state.corpus().current()); + + if let Ok(mut tc) = state.current_testcase_mut() { + tc.found_objective(); } - if fuzzer - .dispatch_event(state, manager, input.clone(), &exec_res, None, &exit_kind) - .is_err() - { - log::error!("Failed to dispatch_event"); - return; - } - } else { - log::error!("Faild to check execution result"); + fuzzer + .objective_mut() + .append_metadata(state, event_mgr, &*observers, &mut new_testcase) + .expect("Failed adding metadata"); + state + .solutions_mut() + .add(new_testcase) + .expect("In run_observers_and_save_state solutions failure."); + event_mgr + .fire( + state, + Event::Objective { + objective_size: state.solutions().count(), + executions, + time: libafl_bolts::current_time(), + }, + ) + .expect("Could not save state in run_observers_and_save_state"); } + // Serialize the state and wait safely for the broker to read pending messages - manager.on_restart(state).unwrap(); + event_mgr.on_restart(state).unwrap(); log::info!("Bye!"); } diff --git a/libafl/src/executors/inprocess/stateful.rs b/libafl/src/executors/inprocess/stateful.rs index a94d3192aa..7d458e351f 100644 --- a/libafl/src/executors/inprocess/stateful.rs +++ b/libafl/src/executors/inprocess/stateful.rs @@ -18,7 +18,7 @@ use crate::{ Executor, ExitKind, HasObservers, }, feedbacks::Feedback, - fuzzer::{ExecutionProcessor, HasObjective, HasScheduler}, + fuzzer::HasObjective, inputs::UsesInput, observers::{ObserversTuple, UsesObservers}, state::{HasCorpus, HasExecutions, HasSolutions, State, UsesState}, @@ -172,7 +172,7 @@ where EM: EventFirer + EventRestarter, OF: Feedback, S: State, - Z: HasObjective + HasScheduler + ExecutionProcessor, + Z: HasObjective, { Self::with_timeout_generic( tuple_list!(), @@ -202,7 +202,7 @@ where EM: EventFirer + EventRestarter, OF: Feedback, S: State, - Z: HasObjective + HasScheduler + ExecutionProcessor, + Z: HasObjective, { let inner = GenericInProcessExecutorInner::batched_timeout_generic::( tuple_list!(), @@ -243,7 +243,7 @@ where EM: EventFirer + EventRestarter, OF: Feedback, S: State, - Z: HasObjective + HasScheduler + ExecutionProcessor, + Z: HasObjective, { let inner = GenericInProcessExecutorInner::with_timeout_generic::( tuple_list!(), @@ -304,7 +304,7 @@ where EM: EventFirer + EventRestarter, OF: Feedback, S: State, - Z: HasObjective + HasScheduler + ExecutionProcessor, + Z: HasObjective, { Self::with_timeout_generic( user_hooks, @@ -335,7 +335,7 @@ where EM: EventFirer + EventRestarter, OF: Feedback, S: State, - Z: HasObjective + HasScheduler + ExecutionProcessor, + Z: HasObjective, { let inner = GenericInProcessExecutorInner::batched_timeout_generic::( user_hooks, observers, fuzzer, state, event_mgr, exec_tmout, @@ -372,7 +372,7 @@ where EM: EventFirer + EventRestarter, OF: Feedback, S: State, - Z: HasObjective + HasScheduler + ExecutionProcessor, + Z: HasObjective, { let inner = GenericInProcessExecutorInner::with_timeout_generic::( user_hooks, observers, fuzzer, state, event_mgr, timeout, diff --git a/libafl_qemu/src/executor.rs b/libafl_qemu/src/executor.rs index 645bc1613f..e239977d5c 100644 --- a/libafl_qemu/src/executor.rs +++ b/libafl_qemu/src/executor.rs @@ -83,7 +83,7 @@ pub unsafe fn inproc_qemu_timeout_handler( EM: EventFirer + EventRestarter, OF: Feedback, E::State: HasExecutions + HasSolutions + HasCorpus, - Z: HasObjective + ExecutionProcessor + HasScheduler, + Z: HasObjective, { if BREAK_ON_TMOUT { qemu_system_debug_request(); diff --git a/libafl_targets/src/sancov_pcguard.rs b/libafl_targets/src/sancov_pcguard.rs index 83d32dc0ec..cf6348845f 100644 --- a/libafl_targets/src/sancov_pcguard.rs +++ b/libafl_targets/src/sancov_pcguard.rs @@ -5,7 +5,11 @@ use core::simd::num::SimdUint; use core::{mem::align_of, slice}; -#[cfg(any(feature = "sancov_ngram4", feature = "sancov_ctx", feature = "sancov_ngram8"))] +#[cfg(any( + feature = "sancov_ngram4", + feature = "sancov_ctx", + feature = "sancov_ngram8" +))] use libafl::executors::{hooks::ExecutorHook, HasObservers}; #[cfg(any( diff --git a/libafl_targets/src/windows_asan.rs b/libafl_targets/src/windows_asan.rs index 1c2230e2b7..28244d9b89 100644 --- a/libafl_targets/src/windows_asan.rs +++ b/libafl_targets/src/windows_asan.rs @@ -5,7 +5,7 @@ use libafl::{ executors::{hooks::windows::windows_asan_handler::asan_death_handler, Executor, HasObservers}, feedbacks::Feedback, state::{HasCorpus, HasExecutions, HasSolutions}, - ExecutionProcessor, HasObjective, HasScheduler, + HasObjective, }; /// Asan death callback type @@ -33,7 +33,7 @@ where EM: EventFirer + EventRestarter, OF: Feedback, E::State: HasSolutions + HasCorpus + HasExecutions, - Z: HasObjective + HasScheduler + ExecutionProcessor, + Z: HasObjective, { __sanitizer_set_death_callback(Some(asan_death_handler::)); }