From 6b1c2d86c95d8d279d0b436ec9adc40f97405d23 Mon Sep 17 00:00:00 2001 From: Raz0r Date: Sun, 18 Aug 2024 00:44:27 +0300 Subject: [PATCH] save trace of the found bug (#533) --- src/evm/cov_stage.rs | 10 +--------- src/fuzzer.rs | 13 +++++++++++++ 2 files changed, 14 insertions(+), 9 deletions(-) diff --git a/src/evm/cov_stage.rs b/src/evm/cov_stage.rs index 7130ed5bc..683f35c0a 100644 --- a/src/evm/cov_stage.rs +++ b/src/evm/cov_stage.rs @@ -167,15 +167,7 @@ where .deref() .borrow_mut() .save_trace(format!("{}/{}", self.trace_dir, i).as_str()); - if let Some(bug_idx) = meta.corpus_idx_to_bug.get(&i.into()) { - for id in bug_idx { - fs::copy( - format!("{}/{}.json", self.trace_dir, i), - format!("{}/bug_{}.json", self.trace_dir, id), - ) - .unwrap(); - } - } + unsafe { EVAL_COVERAGE = false; } diff --git a/src/fuzzer.rs b/src/fuzzer.rs index ab66e70f7..fd340fb95 100644 --- a/src/fuzzer.rs +++ b/src/fuzzer.rs @@ -380,6 +380,7 @@ where + HasExecutionResult + HasExecutions + HasMetadata + + HasCurrentInputIdx + HasRand + HasLastReportTime + UsesInput, @@ -578,6 +579,18 @@ where solution::generate_test(cur_report.clone(), minimized); + unsafe { + for bug_idx in ORACLE_OUTPUT.iter().map(|v| v["bug_idx"].as_u64().unwrap()) { + let src = format!("{}/traces/{}.json", self.work_dir, &state.get_current_input_idx()); + let dest = format!("{}/traces/bug_{}.json", self.work_dir, bug_idx); + if std::fs::metadata(&src).is_ok() { + std::fs::copy(&src, &dest).unwrap(); + } else { + eprintln!("Source trace {} does not exist", src); + } + } + } + let vuln_file = format!("{}/vuln_info.jsonl", self.work_dir.as_str()); let mut f = OpenOptions::new() .create(true)