Skip to content

Commit

Permalink
refactor: upgrade rustc, libafl, and clap to the latest version (#201)
Browse files Browse the repository at this point in the history
* refactor: upgrade rustc, libafl, and clap to the latest version

* Implement  for Sha3WrappedFeedback and ConcolicFeedbackWrapper

* Re-implement Stage for CoverageStage

* resolve conflicts

---------

Co-authored-by: 0xAWM <[email protected]>
  • Loading branch information
jacob-chia and 0xAWM authored Sep 29, 2023
1 parent cb50da1 commit 47e25c3
Show file tree
Hide file tree
Showing 48 changed files with 1,095 additions and 722 deletions.
3 changes: 2 additions & 1 deletion Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,8 @@ revm-primitives = { path = "./externals/revm/crates/primitives", features = ["no
revm-interpreter = { path = "./externals/revm/crates/interpreter", features = ["no_gas_measuring", "serde"] }
hex = "0.4"
primitive-types = { version = "0.12.1", features = ["rlp", "serde"] }
libafl = "0.8.2"
libafl = "0.11.1"
libafl_bolts = "0.11.1"
rand = "0.8.5"
nix = "0.24"
serde = "1.0.147"
Expand Down
4 changes: 2 additions & 2 deletions cli/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -7,12 +7,12 @@ edition = "2021"

[dependencies]
ityfuzz = {path = "../", version = "0.1.0"}
clap = {version = "=4.0.18", features = ["derive"]}
clap = {version = "4.4.4", features = ["derive"]}
primitive-types = { version = "0.12.1", features = ["rlp", "serde"] }
sentry = "0.29.1"
reqwest = "0.11.6"
serde_json = "1.0.73"
serde = "1.0.147"
rlp = "0.5.2"
hex = "0.4"
ethers = "2.0.7"
ethers = "2.0.7"
2 changes: 1 addition & 1 deletion rust-toolchain.toml
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
[toolchain]
channel = "nightly-2023-04-09"
channel = "nightly-2023-09-09"
7 changes: 4 additions & 3 deletions src/evm/abi.rs
Original file line number Diff line number Diff line change
Expand Up @@ -7,10 +7,11 @@ use crate::input::ConciseSerde;
use crate::mutation_utils::{byte_mutator, byte_mutator_with_expansion};
use crate::state::{HasCaller, HasItyState};
use itertools::Itertools;
use libafl::impl_serdeany;
use libafl_bolts::impl_serdeany;
use libafl::inputs::{HasBytesVec, Input};
use libafl::mutators::MutationResult;
use libafl::prelude::{HasMetadata, Rand};
use libafl::prelude::HasMetadata;
use libafl_bolts::bolts_prelude::Rand;
use libafl::state::{HasMaxSize, HasRand, State};
use once_cell::sync::Lazy;
use serde::de::DeserializeOwned;
Expand Down Expand Up @@ -87,7 +88,7 @@ impl ABIAddressToInstanceMap {

pub fn register_abi_instance<S: HasMetadata>(address: EVMAddress, abi: BoxedABI, state: &mut S) {
let abi_map = state
.metadata_mut()
.metadata_map_mut()
.get_mut::<ABIAddressToInstanceMap>()
.expect("ABIAddressToInstanceMap not found");
abi_map.add(address, abi);
Expand Down
8 changes: 4 additions & 4 deletions src/evm/blaz/builder.rs
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ use std::time::Duration;
use std::collections::hash_map::DefaultHasher;
use bytes::Bytes;
use itertools::Itertools;
use libafl::impl_serdeany;
use libafl_bolts::impl_serdeany;
use serde::{Deserialize, Serialize};
use serde_json::Value;
use crate::cache::{Cache, FileSystemCache};
Expand All @@ -19,7 +19,7 @@ use crate::evm::host::FuzzHost;
use crate::evm::input::{ConciseEVMInput, EVMInput};
use crate::evm::onchain::endpoints::Chain;
use crate::evm::srcmap::parser::{decode_instructions, decode_instructions_with_replacement, SourceMapLocation};
use crate::evm::types::{EVMAddress, EVMFuzzState, ProjectSourceMapTy};
use crate::evm::types::{EVMAddress, EVMFuzzState, ProjectSourceMapTy, EVMQueueExecutor};
use crate::evm::vm::{EVMExecutor, EVMState};
use crate::generic_vm::vm_executor::GenericVM;

Expand Down Expand Up @@ -257,7 +257,7 @@ impl BuildJobResult {
let bytecode = Vec::from((**executor)
.borrow_mut()
.as_any()
.downcast_ref::<EVMExecutor<EVMInput, EVMFuzzState, EVMState, ConciseEVMInput>>()
.downcast_ref::<EVMQueueExecutor>()
.unwrap()
.host
.code
Expand Down Expand Up @@ -330,4 +330,4 @@ mod tests {
// let result = job.wait_build_job().expect("wait build job failed");
// println!("{:?}", result.abi);
// }
}
}
4 changes: 2 additions & 2 deletions src/evm/bytecode_analyzer.rs
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ where
S: HasMetadata + State,
{
let constants = find_constants(bytecode);
match state.metadata_mut().get_mut::<ConstantPoolMetadata>() {
match state.metadata_map_mut().get_mut::<ConstantPoolMetadata>() {
Some(meta) => {
for constant in constants {
if !meta.constants.contains(&constant) {
Expand All @@ -58,7 +58,7 @@ where
}
}
None => {
state.metadata_mut().insert(ConstantPoolMetadata {
state.metadata_map_mut().insert(ConstantPoolMetadata {
constants: constants.into_iter().collect(),
});
}
Expand Down
14 changes: 8 additions & 6 deletions src/evm/concolic/concolic_host.rs
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
use bytes::Bytes;
use libafl::schedulers::Scheduler;

use crate::evm::abi::BoxedABI;
use crate::evm::input::{ConciseEVMInput, EVMInput, EVMInputT, EVMInputTy};
Expand Down Expand Up @@ -682,23 +683,24 @@ fn str_to_bytes(s: &str) -> Vec<u8> {
bytes
}

impl<I, VS, S> Middleware<VS, I, S> for ConcolicHost<I, VS>
impl<I, VS, S, SC> Middleware<VS, I, S, SC> for ConcolicHost<I, VS>
where
I: Input + VMInputT<VS, EVMAddress, EVMAddress, ConciseEVMInput> + EVMInputT + 'static,
VS: VMStateT,
S: State
+ HasCaller<EVMAddress>
+ HasCorpus<I>
+ HasCorpus
+ HasItyState<EVMAddress, EVMAddress, VS, ConciseEVMInput>
+ HasMetadata
+ HasCurrentInputIdx
+ Debug
+ Clone,
SC: Scheduler<State = S> + Clone,
{
unsafe fn on_step(
&mut self,
interp: &mut Interpreter,
host: &mut FuzzHost<VS, I, S>,
host: &mut FuzzHost<VS, I, S, SC>,
state: &mut S,
) {
macro_rules! fast_peek {
Expand Down Expand Up @@ -1313,7 +1315,7 @@ where
// .clone();

if solutions.len() > 0 {
let meta = state.metadata_mut().get_mut::<ConcolicPrioritizationMetadata>().expect("Failed to get metadata");
let meta = state.metadata_map_mut().get_mut::<ConcolicPrioritizationMetadata>().expect("Failed to get metadata");
for solution in solutions {
meta.solutions.push((solution, self.testcase_ref.clone()));
}
Expand All @@ -1324,14 +1326,14 @@ where
unsafe fn on_return(
&mut self,
interp: &mut Interpreter,
host: &mut FuzzHost<VS, I, S>,
host: &mut FuzzHost<VS, I, S, SC>,
state: &mut S,
by: &Bytes
) {
self.pop_ctx();
}

unsafe fn on_insert(&mut self, bytecode: &mut Bytecode, address: EVMAddress, host: &mut FuzzHost<VS, I, S>, state: &mut S) {
unsafe fn on_insert(&mut self, bytecode: &mut Bytecode, address: EVMAddress, host: &mut FuzzHost<VS, I, S, SC>, state: &mut S) {

}

Expand Down
80 changes: 51 additions & 29 deletions src/evm/concolic/concolic_stage.rs
Original file line number Diff line number Diff line change
Expand Up @@ -3,20 +3,21 @@ use std::fmt::Debug;
use std::ops::Deref;
use std::rc::Rc;
use std::sync::Arc;
use libafl::{Error, Evaluator, Fuzzer, impl_serdeany};
use libafl::{Error, Evaluator, Fuzzer};
use libafl_bolts::{impl_serdeany, Named};
use libafl::corpus::{Corpus, Testcase};
use libafl::events::{EventFirer, ProgressReporter};
use libafl::executors::ExitKind;
use libafl::feedbacks::Feedback;
use libafl::inputs::Input;
use libafl::prelude::{HasClientPerfMonitor, HasMetadata, Named, ObserversTuple, Stage};
use libafl::state::HasCorpus;
use libafl::prelude::{HasClientPerfMonitor, HasMetadata, ObserversTuple, Stage, CorpusId, UsesInput};
use libafl::state::{HasCorpus, UsesState};
use revm_primitives::HashSet;
use serde::{Deserialize, Serialize};
use crate::evm::concolic::concolic_host::{ConcolicHost, Field, Solution};
use crate::evm::input::{ConciseEVMInput, EVMInput, EVMInputT};
use crate::evm::middlewares::middleware::MiddlewareType;
use crate::evm::types::{EVMFuzzExecutor, EVMFuzzState};
use crate::evm::types::{EVMFuzzExecutor, EVMFuzzState, EVMQueueExecutor};
use crate::evm::vm::{EVMExecutor, EVMState};
use crate::executor::FuzzExecutor;
use crate::generic_vm::vm_executor::GenericVM;
Expand All @@ -27,14 +28,18 @@ pub struct ConcolicStage<OT> {
pub enabled: bool,
pub allow_symbolic_addresses: bool,
pub known_state_input: HashSet<(usize, usize)>,
pub vm_executor: Rc<RefCell<EVMExecutor<EVMInput, EVMFuzzState, EVMState, ConciseEVMInput>>>,
pub phantom: std::marker::PhantomData<(OT)>,
pub vm_executor: Rc<RefCell<EVMQueueExecutor>>,
pub phantom: std::marker::PhantomData<OT>,
}

impl<OT> UsesState for ConcolicStage<OT> {
type State = EVMFuzzState;
}

impl <OT> ConcolicStage<OT> {
pub fn new(enabled: bool,
allow_symbolic_addresses: bool,
vm_executor: Rc<RefCell<EVMExecutor<EVMInput, EVMFuzzState, EVMState, ConciseEVMInput>>>) -> Self {
vm_executor: Rc<RefCell<EVMQueueExecutor>>) -> Self {
Self {
enabled,
allow_symbolic_addresses,
Expand All @@ -54,31 +59,32 @@ pub struct ConcolicPrioritizationMetadata {

impl_serdeany!(ConcolicPrioritizationMetadata);

impl<EM, Z, OT> Stage<EVMFuzzExecutor<OT>, EM, EVMFuzzState, Z> for ConcolicStage<OT>
where Z: Evaluator<EVMFuzzExecutor<OT>, EM, EVMInput, EVMFuzzState>,
EM: ProgressReporter<EVMInput>,
OT: ObserversTuple<EVMInput, EVMFuzzState>
impl <EM, Z, OT> Stage<EVMFuzzExecutor<OT>, EM, Z> for ConcolicStage<OT>
where
Z: Evaluator<EVMFuzzExecutor<OT>, EM, State = Self::State>,
EM: ProgressReporter + UsesState<State = Self::State>,
OT: ObserversTuple<Self::State>,
{
fn perform(&mut self,
fuzzer: &mut Z,
executor: &mut EVMFuzzExecutor<OT>,
state: &mut EVMFuzzState,
state: &mut Self::State,
manager: &mut EM,
corpus_idx: usize
corpus_idx: CorpusId,
) -> Result<(), Error> {
if !self.enabled {
return Ok(());
}

if !state.metadata().contains::<ConcolicPrioritizationMetadata>() {
state.metadata_mut().insert(ConcolicPrioritizationMetadata {
if !state.metadata_map().contains::<ConcolicPrioritizationMetadata>() {
state.metadata_map_mut().insert(ConcolicPrioritizationMetadata {
interesting_idx: Default::default(),
solutions: vec![],
});
}

let meta = state
.metadata()
.metadata_map()
.get::<ConcolicPrioritizationMetadata>()
.unwrap()
.clone();
Expand All @@ -87,7 +93,7 @@ where Z: Evaluator<EVMFuzzExecutor<OT>, EM, EVMInput, EVMFuzzState>,
println!("Running concolic execution on testcase #{}", idx);

let testcase = state.corpus()
.get(*idx).unwrap()
.get((*idx).into()).unwrap()
.borrow()
.input()
.clone()
Expand Down Expand Up @@ -117,7 +123,7 @@ where Z: Evaluator<EVMFuzzExecutor<OT>, EM, EVMInput, EVMFuzzState>,
}

{
let mut metadata = state.metadata_mut().get_mut::<ConcolicPrioritizationMetadata>().unwrap();
let mut metadata = state.metadata_map_mut().get_mut::<ConcolicPrioritizationMetadata>().unwrap();
metadata.interesting_idx.clear();

let mut testcases = vec![];
Expand Down Expand Up @@ -177,30 +183,46 @@ impl<F: Named + Debug> Named for ConcolicFeedbackWrapper<F> {
}
}

impl<I, S, F> Feedback<I, S> for ConcolicFeedbackWrapper<F>
where F: Feedback<I, S> + Named + Debug,
I: Input,
S: HasClientPerfMonitor + HasMetadata + HasCorpus<I>,{
fn is_interesting<EM, OT>(&mut self, state: &mut S, manager: &mut EM, input: &I, observers: &OT, exit_kind: &ExitKind) -> Result<bool, Error> where EM: EventFirer<I>, OT: ObserversTuple<I, S> {
impl<I, S, F> Feedback<S> for ConcolicFeedbackWrapper<F>
where
I: Input,
F: Feedback<S> + Named + Debug,
S: HasClientPerfMonitor + HasMetadata + HasCorpus + UsesInput<Input = I>,
{
fn is_interesting<EM, OT>(&mut self, state: &mut S, manager: &mut EM, input: &S::Input, observers: &OT, exit_kind: &ExitKind) -> Result<bool, Error>
where
EM: EventFirer<State = S>,
OT: ObserversTuple<S>,
{
self.inner.is_interesting(state, manager, input, observers, exit_kind)
}

fn append_metadata(&mut self, state: &mut S, _testcase: &mut Testcase<I>) -> Result<(), Error> {
if !state.metadata().contains::<ConcolicPrioritizationMetadata>() {
state.metadata_mut().insert(ConcolicPrioritizationMetadata {
#[inline]
#[allow(unused_variables)]
fn append_metadata<OT>(
&mut self,
state: &mut S,
observers: &OT,
testcase: &mut Testcase<S::Input>,
) -> Result<(), Error>
where
OT: ObserversTuple<S>,
{
if !state.metadata_map().contains::<ConcolicPrioritizationMetadata>() {
state.metadata_map_mut().insert(ConcolicPrioritizationMetadata {
interesting_idx: Default::default(),
solutions: vec![],
});
}

let idx = state.corpus().count();
let mut meta = state
.metadata_mut()
.metadata_map_mut()
.get_mut::<ConcolicPrioritizationMetadata>()
.unwrap();

meta.interesting_idx.push(idx);
Ok(())

self.inner.append_metadata(state, observers, testcase)
}
}

Loading

0 comments on commit 47e25c3

Please sign in to comment.