ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-17 04:18:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

decoupled run and classify

Browse Source
This commit is contained in:
Dominik Maier
2020-04-16 15:21:34 +02:00
parent 124665b392
commit 19ce862810
5 changed files with 19 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
include/forkserver.h
View File

@ -65,6 +65,7 @@ typedef struct afl_forkserver {
FILE *plot_file; /* Gnuplot output file */ FILE *plot_file; /* Gnuplot output file */
/* Note: lat_run_timed_out is u32 to send it to the child as 4 byte array */
u32 last_run_timed_out; /* Traced process timed out? */ u32 last_run_timed_out; /* Traced process timed out? */
u8 last_kill_signal; /* Signal that killed the child */ u8 last_kill_signal; /* Signal that killed the child */
@ -100,9 +101,7 @@ void afl_fsrv_init_dup(afl_forkserver_t *fsrv_to, afl_forkserver_t *from);
void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv,
volatile u8 *stop_soon_p, u8 debug_child_output); volatile u8 *stop_soon_p, u8 debug_child_output);
void afl_fsrv_write_to_testcase(afl_forkserver_t *fsrv, u8 *buf, size_t len); void afl_fsrv_write_to_testcase(afl_forkserver_t *fsrv, u8 *buf, size_t len);
fsrv_run_result_t afl_fsrv_run_target( fsrv_run_result_t afl_fsrv_run_target(afl_forkserver_t *fsrv, u32 timeout,
afl_forkserver_t *fsrv, u32 timeout,
void(classify_counts_func)(afl_forkserver_t *fsrv),
volatile u8 *stop_soon_p); volatile u8 *stop_soon_p);
void afl_fsrv_killall(void); void afl_fsrv_killall(void);
void afl_fsrv_deinit(afl_forkserver_t *fsrv); void afl_fsrv_deinit(afl_forkserver_t *fsrv);

7
src/afl-forkserver.c
View File

@ -701,9 +701,7 @@ void afl_fsrv_write_to_testcase(afl_forkserver_t *fsrv, u8 *buf, size_t len) {
/* Execute target application, monitoring for timeouts. Return status /* Execute target application, monitoring for timeouts. Return status
information. The called program will update afl->fsrv->trace_bits. */ information. The called program will update afl->fsrv->trace_bits. */
fsrv_run_result_t afl_fsrv_run_target( fsrv_run_result_t afl_fsrv_run_target(afl_forkserver_t *fsrv, u32 timeout,
afl_forkserver_t *fsrv, u32 timeout,
void(classify_counts_func)(afl_forkserver_t *fsrv),
volatile u8 *stop_soon_p) { volatile u8 *stop_soon_p) {
s32 res; s32 res;
@ -790,9 +788,6 @@ fsrv_run_result_t afl_fsrv_run_target(
behave very normally and do not have to be treated as volatile. */ behave very normally and do not have to be treated as volatile. */
MEM_BARRIER(); MEM_BARRIER();
// u32 tb4 = *(u32 *)fsrv->trace_bits;
if (likely(classify_counts_func)) classify_counts_func(fsrv);
/* Report outcome to caller. */ /* Report outcome to caller. */

5
src/afl-fuzz-run.c
View File

@ -36,7 +36,10 @@
fsrv_run_result_t run_target(afl_state_t *afl, afl_forkserver_t *fsrv, fsrv_run_result_t run_target(afl_state_t *afl, afl_forkserver_t *fsrv,
u32 timeout) { u32 timeout) {
return afl_fsrv_run_target(fsrv, timeout, classify_counts, &afl->stop_soon); fsrv_run_result_t res = afl_fsrv_run_target(fsrv, timeout, &afl->stop_soon);
// TODO: Don't classify for faults?
classify_counts(fsrv);
return res;
} }

6
src/afl-showmap.c
View File

@ -223,13 +223,15 @@ void run_target_forkserver(afl_forkserver_t *fsrv, char **argv, u8 *mem,
afl_fsrv_write_to_testcase(fsrv, mem, len); afl_fsrv_write_to_testcase(fsrv, mem, len);
if (afl_fsrv_run_target(fsrv, fsrv->exec_tmout, classify_counts, if (afl_fsrv_run_target(fsrv, fsrv->exec_tmout, &stop_soon) ==
&stop_soon) == FSRV_RUN_ERROR) { FSRV_RUN_ERROR) {
FATAL("Error running target"); FATAL("Error running target");
} }
classify_counts(fsrv);
if (stop_soon) { if (stop_soon) {
SAYF(cRST cLRD "\n+++ afl-showmap folder mode aborted by user +++\n" cRST); SAYF(cRST cLRD "\n+++ afl-showmap folder mode aborted by user +++\n" cRST);

9
src/afl-tmin.c
View File

@ -121,8 +121,6 @@ static void apply_mask(u32 *mem, u32 *mask) {
static void classify_counts(afl_forkserver_t *fsrv) { static void classify_counts(afl_forkserver_t *fsrv) {
if (hang_mode) return; /* We only want hangs */
u8 *mem = fsrv->trace_bits; u8 *mem = fsrv->trace_bits;
u32 i = MAP_SIZE; u32 i = MAP_SIZE;
@ -146,8 +144,6 @@ static void classify_counts(afl_forkserver_t *fsrv) {
} }
apply_mask((u32 *)fsrv->trace_bits, (u32 *)mask_bitmap);
} }
/* See if any bytes are set in the bitmap. */ /* See if any bytes are set in the bitmap. */
@ -224,7 +220,7 @@ static u8 run_target(afl_forkserver_t *fsrv, char **argv, u8 *mem, u32 len,
afl_fsrv_write_to_testcase(fsrv, mem, len); afl_fsrv_write_to_testcase(fsrv, mem, len);
fsrv_run_result_t ret = fsrv_run_result_t ret =
afl_fsrv_run_target(fsrv, fsrv->exec_tmout, classify_counts, &stop_soon); afl_fsrv_run_target(fsrv, fsrv->exec_tmout, &stop_soon);
if (ret == FSRV_RUN_ERROR) FATAL("Couldn't run child"); if (ret == FSRV_RUN_ERROR) FATAL("Couldn't run child");
@ -250,6 +246,9 @@ static u8 run_target(afl_forkserver_t *fsrv, char **argv, u8 *mem, u32 len,
} }
classify_counts(fsrv);
apply_mask((u32 *)fsrv->trace_bits, (u32 *)mask_bitmap);
if (ret == FSRV_RUN_TMOUT) { if (ret == FSRV_RUN_TMOUT) {
missed_hangs++; missed_hangs++;