Fixed Persistent Mode #5
Conversation
|
I'm not sure about your changes to the compcov helpers. |
|
The afl_maybe_log helper is fine. |
|
WRT Compcov Helpers, without explicit cast the compilation throws warnings for some platforms. The casts silences the warnings and should behave correctly (?) |
|
The problem is that you cannot cast TGCv to TGCv_i32 on a 64 bit arch. TGCv is an alias to TGCv_i64 for 64 bits archs and TGCv_i32 for 32 bit archs. To avoid warnings, use TCGv also in gen_afl_compcov_log_* . Something like: static inline void gen_afl_compcov_log_32(TCGContext *tcg_ctx, uintptr_t cur_loc,
TCGv arg1, TCGv arg2) {
TCGv_ptr tuc = tcg_const_ptr(tcg_ctx, tcg_ctx->uc);
TCGv tcur_loc = tcg_const_tl(tcg_ctx, cur_loc);
gen_helper_afl_compcov_log_32(tcg_ctx, tuc, tcur_loc, arg1, arg2);
}The *_tl version of each function is mapped to the corresponding *_i32 or *_i64 function. In tcg-runtime.h try to declare the helper as: DEF_HELPER_FLAGS_4(afl_compcov_log_64, 0, void, ptr, tl, tl, tl)No time today to da it, if you wait 2 days I can do it. |
|
My expectations were:
If you can fix it that'd be great. Thx :) |
|
I merged cause fixing persistent is a priority. I'll adjust compcov directly in master later. |
This commit fixes persistent mode for unicornafl.
The current version only logged in the emulator, however after blocks were chained, AFL no longer got feedback. Now it is patched into the blocks directly, as a helper function.
The commit also includes a rewrite of the forkserver, instead of communicating via signal from child to parent it uses a second pipe.
Since a lot changed, maybe @andreafioraldi can take a quick look before a merge.
A testcase can be found here: https://github.com/vanhauser-thc/AFLplusplus/blob/persistent_test/unicorn_mode/samples/c/harness.c