Skip to content

Commit

Permalink
ctx ngram using sancov (#12)
Browse files Browse the repository at this point in the history
* push

* map sz

* header

* headers (2nd)

* prev

* update libafl

* upd

* ngram and others

* aa
  • Loading branch information
tokatoka authored Aug 19, 2024
1 parent b7fc9fd commit 876f383
Show file tree
Hide file tree
Showing 10 changed files with 23 additions and 21 deletions.
2 changes: 1 addition & 1 deletion LibAFL
2 changes: 1 addition & 1 deletion naive_ctx/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -9,8 +9,8 @@ no_link_main = ["libafl_targets/libfuzzer_no_link_main"]

[dependencies]
libafl = { path = "../LibAFL/libafl/" }
libafl_targets = { path = "../LibAFL/libafl_targets/", features = ["libfuzzer", "sancov_pcguard_hitcounts", "sancov_ctx"] }
libafl_bolts = { path = "../LibAFL/libafl_bolts/" }
libafl_targets = { path = "../LibAFL/libafl_targets/", features = ["libfuzzer"] }
# TODO Include it only when building cc
libafl_cc = { path = "../LibAFL/libafl_cc/" }
clap = { version = "~4.2", features = ["default"] }
Expand Down
3 changes: 2 additions & 1 deletion naive_ctx/src/bin/naive_ctx_cc.rs
Original file line number Diff line number Diff line change
Expand Up @@ -29,8 +29,9 @@ pub fn main() {
.parse_args(&args)
.expect("Failed to parse the command line")
.link_staticlib(&dir, env!("CARGO_PKG_NAME"))
.add_passes_arg("-ctx") // Context sensitive coverage
.add_passes_linking_arg("-lm")
.add_pass(LLVMPasses::Ctx)
.add_arg("-fsanitize-coverage=trace-pc-guard")
.run()
.expect("Failed to run the wrapped compiler")
{
Expand Down
10 changes: 5 additions & 5 deletions naive_ctx/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ use std::{
use libafl::{
corpus::{Corpus, InMemoryOnDiskCorpus, OnDiskCorpus},
events::SimpleRestartingEventManager,
executors::{inprocess::InProcessExecutor, ExitKind},
executors::{inprocess::HookableInProcessExecutor, ExitKind},
feedback_or,
feedbacks::{CrashFeedback, MaxMapFeedback, TimeFeedback},
fuzzer::{Fuzzer, StdFuzzer},
Expand All @@ -43,7 +43,7 @@ use libafl::{
state::{HasCorpus, StdState},
Error,
};
use libafl_targets::{libfuzzer_initialize, libfuzzer_test_one_input, std_edges_map_observer};
use libafl_targets::{libfuzzer_initialize, libfuzzer_test_one_input, std_edges_map_observer, CtxHook, EDGES_MAP_SIZE_IN_USE, MAX_EDGES_FOUND};

#[cfg(target_os = "linux")]
use libafl_targets::autotokens;
Expand Down Expand Up @@ -217,7 +217,6 @@ fn fuzz(
}
},
};

// Create an observation channel using the coverage map
// We don't use the hitcounts (see the Cargo.toml, we use pcguard_edges)
let edges_observer =
Expand Down Expand Up @@ -282,9 +281,10 @@ fn fuzz(
libfuzzer_test_one_input(buf);
ExitKind::Ok
};

let ctx_hook = CtxHook::new();
// Create the executor for an in-process function with one observer for edge coverage and one for the execution time
let mut executor = InProcessExecutor::with_timeout(
let mut executor = HookableInProcessExecutor::with_timeout_generic(
tuple_list!(ctx_hook),
&mut harness,
tuple_list!(edges_observer, time_observer),
&mut fuzzer,
Expand Down
2 changes: 1 addition & 1 deletion naive_ngram4/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -9,8 +9,8 @@ no_link_main = ["libafl_targets/libfuzzer_no_link_main"]

[dependencies]
libafl = { path = "../LibAFL/libafl/" }
libafl_targets = { path = "../LibAFL/libafl_targets/", features = ["sancov_pcguard_hitcounts", "libfuzzer", "sancov_ngram4"] }
libafl_bolts = { path = "../LibAFL/libafl_bolts/" }
libafl_targets = { path = "../LibAFL/libafl_targets/", features = ["sancov_pcguard_hitcounts", "libfuzzer"] }
# TODO Include it only when building cc
libafl_cc = { path = "../LibAFL/libafl_cc/" }
clap = { version = "~4.2", features = ["default"] }
Expand Down
3 changes: 1 addition & 2 deletions naive_ngram4/src/bin/naive_ngram4_cc.rs
Original file line number Diff line number Diff line change
Expand Up @@ -29,8 +29,7 @@ pub fn main() {
.parse_args(&args)
.expect("Failed to parse the command line")
.link_staticlib(&dir, env!("CARGO_PKG_NAME"))
.add_passes_arg("-ngram")
.add_passes_arg("4")
.add_arg("-fsanitize-coverage=trace-pc-guard")
.add_passes_linking_arg("-lm")
.run()
.expect("Failed to run the wrapped compiler")
Expand Down
8 changes: 5 additions & 3 deletions naive_ngram4/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ use std::{
use libafl::{
corpus::{Corpus, InMemoryOnDiskCorpus, OnDiskCorpus},
events::SimpleRestartingEventManager,
executors::{inprocess::InProcessExecutor, ExitKind},
executors::{inprocess::HookableInProcessExecutor, ExitKind},
feedback_or,
feedbacks::{CrashFeedback, MaxMapFeedback, TimeFeedback},
fuzzer::{Fuzzer, StdFuzzer},
Expand All @@ -43,7 +43,7 @@ use libafl::{
state::{HasCorpus, StdState},
Error,
};
use libafl_targets::{libfuzzer_initialize, libfuzzer_test_one_input, std_edges_map_observer};
use libafl_targets::{libfuzzer_initialize, libfuzzer_test_one_input, std_edges_map_observer, NgramHook};

#[cfg(target_os = "linux")]
use libafl_targets::autotokens;
Expand Down Expand Up @@ -283,8 +283,10 @@ fn fuzz(
ExitKind::Ok
};

let ngram_hook = NgramHook::new();
// Create the executor for an in-process function with one observer for edge coverage and one for the execution time
let mut executor = InProcessExecutor::with_timeout(
let mut executor = HookableInProcessExecutor::with_timeout_generic(
tuple_list!(ngram_hook),
&mut harness,
tuple_list!(edges_observer, time_observer),
&mut fuzzer,
Expand Down
2 changes: 1 addition & 1 deletion naive_ngram8/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -9,8 +9,8 @@ no_link_main = ["libafl_targets/libfuzzer_no_link_main"]

[dependencies]
libafl = { path = "../LibAFL/libafl/" }
libafl_targets = { path = "../LibAFL/libafl_targets/", features = ["sancov_pcguard_hitcounts", "libfuzzer", "sancov_ngram8"] }
libafl_bolts = { path = "../LibAFL/libafl_bolts/" }
libafl_targets = { path = "../LibAFL/libafl_targets/", features = ["sancov_pcguard_hitcounts", "libfuzzer"] }
# TODO Include it only when building cc
libafl_cc = { path = "../LibAFL/libafl_cc/" }
clap = { version = "~4.2", features = ["default"] }
Expand Down
3 changes: 1 addition & 2 deletions naive_ngram8/src/bin/naive_ngram8_cc.rs
Original file line number Diff line number Diff line change
Expand Up @@ -29,8 +29,7 @@ pub fn main() {
.parse_args(&args)
.expect("Failed to parse the command line")
.link_staticlib(&dir, env!("CARGO_PKG_NAME"))
.add_passes_arg("-ngram")
.add_passes_arg("8")
.add_arg("-fsanitize-coverage=trace-pc-guard")
.add_passes_linking_arg("-lm")
.run()
.expect("Failed to run the wrapped compiler")
Expand Down
9 changes: 5 additions & 4 deletions naive_ngram8/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ use std::{
use libafl::{
corpus::{Corpus, InMemoryOnDiskCorpus, OnDiskCorpus},
events::SimpleRestartingEventManager,
executors::{inprocess::InProcessExecutor, ExitKind},
executors::{inprocess::HookableInProcessExecutor, ExitKind},
feedback_or,
feedbacks::{CrashFeedback, MaxMapFeedback, TimeFeedback},
fuzzer::{Fuzzer, StdFuzzer},
Expand All @@ -43,7 +43,7 @@ use libafl::{
state::{HasCorpus, StdState},
Error,
};
use libafl_targets::{libfuzzer_initialize, libfuzzer_test_one_input, std_edges_map_observer};
use libafl_targets::{libfuzzer_initialize, libfuzzer_test_one_input, std_edges_map_observer, NgramHook};

#[cfg(target_os = "linux")]
use libafl_targets::autotokens;
Expand Down Expand Up @@ -217,7 +217,6 @@ fn fuzz(
}
},
};

// Create an observation channel using the coverage map
// We don't use the hitcounts (see the Cargo.toml, we use pcguard_edges)
let edges_observer =
Expand Down Expand Up @@ -283,8 +282,10 @@ fn fuzz(
ExitKind::Ok
};

let ngram_hook = NgramHook::new();
// Create the executor for an in-process function with one observer for edge coverage and one for the execution time
let mut executor = InProcessExecutor::with_timeout(
let mut executor = HookableInProcessExecutor::with_timeout_generic(
tuple_list!(ngram_hook),
&mut harness,
tuple_list!(edges_observer, time_observer),
&mut fuzzer,
Expand Down

0 comments on commit 876f383

Please sign in to comment.