Fixed Persistent Mode - Githubissues

AFLplusplus / unicornafl_legacy

Unicorn CPU emulator framework (ARM, AArch64, M68K, Mips, Sparc, X86) adapted to afl++

http://github.com/AFLplusplus/AFLplusplus

GNU General Public License v2.0

44 stars 8 forks source link

Fixed Persistent Mode #5

Closed domenukk closed 4 years ago

domenukk commented 4 years ago

This commit fixes persistent mode for unicornafl. The current version only logged in the emulator, however after blocks were chained, AFL no longer got feedback. Now it is patched into the blocks directly, as a helper function. The commit also includes a rewrite of the forkserver, instead of communicating via signal from child to parent it uses a second pipe.

Since a lot changed, maybe @andreafioraldi can take a quick look before a merge. A testcase can be found here: https://github.com/vanhauser-thc/AFLplusplus/blob/persistent_test/unicorn_mode/samples/c/harness.c

andreafioraldi commented 4 years ago

I'm not sure about your changes to the compcov helpers. A direct cast of TGC_v is bad.

andreafioraldi commented 4 years ago

The afl_maybe_log helper is fine.

domenukk commented 4 years ago

WRT Compcov Helpers, without explicit cast the compilation throws warnings for some platforms. The casts silences the warnings and should behave correctly (?) Other ideas to get the compilation warning-free?

andreafioraldi commented 4 years ago

The problem is that you cannot cast TGCv to TGCv_i32 on a 64 bit arch. TGCv is an alias to TGCv_i64 for 64 bits archs and TGCv_i32 for 32 bit archs. To avoid warnings, use TCGv also in gen_afl_compcovlog* . Something like:


static inline void gen_afl_compcov_log_32(TCGContext *tcg_ctx, uintptr_t cur_loc,
                                          TCGv arg1, TCGv arg2) {

  TCGv_ptr tuc = tcg_const_ptr(tcg_ctx, tcg_ctx->uc);
  TCGv tcur_loc = tcg_const_tl(tcg_ctx, cur_loc);
  gen_helper_afl_compcov_log_32(tcg_ctx, tuc, tcur_loc, arg1, arg2);

}

The _tl version of each function is mapped to the corresponding _i32 or *_i64 function.

In tcg-runtime.h try to declare the helper as:

DEF_HELPER_FLAGS_4(afl_compcov_log_64, 0, void, ptr, tl, tl, tl)

No time today to da it, if you wait 2 days I can do it.

domenukk commented 4 years ago

My expectations were:

the assumption that on a 32 bit arch we will never emit a 64 bit Compcov (hence TCGv is fine)
and that a cast from TCGv_i64 to TCGv_i32 is possible (which may not be the case after all?)

If you can fix it that'd be great. Thx :)

andreafioraldi commented 4 years ago

I merged cause fixing persistent is a priority. I'll adjust compcov directly in master later.