Corpus pruning stage #2399
Corpus pruning stage #2399
Conversation
|
ubuntu-common should probably be a prerequisite for the fuzzer passes |
|
ok |
|
@domenukk |
libafl/src/stages/pruning.rs
Outdated
| ) -> Result<(), Error> { | ||
| manager.on_restart(state).unwrap(); | ||
| println!("Exiting!"); | ||
| std::process::exit(0); |
There was a problem hiding this comment.
this is the only way to force exit from inside any stage
There was a problem hiding this comment.
It feels wrong, I think we should prefer to return cleanly from stages to the fuzzer to quit from there. This is very doable, and will also work for forkserver since the fuzzer can decide what to do.
But also, it gets the job done, so why not...
There was a problem hiding this comment.
I think we should prefer to return cleanly from stages to the fuzzer to quit from there
maybe i should the newly added api from aarnav
libafl/src/stages/pruning.rs
Outdated
| let corpus = state.corpus_mut(); | ||
| for (idx, retain) in do_retain.iter().enumerate().take(n_corpus) { | ||
| if !retain { | ||
| let removed = corpus.remove(CorpusId(idx))?; |
There was a problem hiding this comment.
Creating a raw CorpusId will likely fail at some point, after removing the corpus Ids will be sparse
There was a problem hiding this comment.
you need to corpus.nth() if you want to map an int to CorpusId
There was a problem hiding this comment.
i changed it, is it correct now?
| _manager: &mut EM, | ||
| ) -> Result<(), Error> { | ||
| // Iterate over every corpus entry | ||
| let n_corpus = state.corpus().count_all(); |
There was a problem hiding this comment.
Why don't you just call corpus().next() in a loop? Because you also want disabled testcases? Do we need an extra API?
LibAFL/libafl/src/corpus/mod.rs
Line 132 in d8e53d5
There was a problem hiding this comment.
Why do you even want disabled testcases?
There was a problem hiding this comment.
Because you also want disabled testcases?
yes
Do we need an extra API?
maybe yes
Why do you even want disabled testcases?
Because the point of this corpus pruning is to hide some inputs so that fuzzer won't schedule it. but we don't discard it because we would reactivate them again later
There was a problem hiding this comment.
But you don't want need to disable disabled testcases, right now you do(?)
|
|
||
| let corpus = state.corpus_mut(); | ||
| let removed = corpus.remove(corpus_id)?; | ||
| corpus.add_disabled(removed)?; |
There was a problem hiding this comment.
Is there no way to set the state to disabled? Calling remove and re-adding sounds worse
There was a problem hiding this comment.
Looks like we don't have a method to disable, cc @R9295
There was a problem hiding this comment.
i don't think there's other way
There was a problem hiding this comment.
There isn't a method but I think makes sense to add one
There was a problem hiding this comment.
essentially disabled corpus and enabled corpus are separate corpus so there's no other way than removing and adding right?
| ) -> Result<(), Error> { | ||
| // Iterate over every corpus entry | ||
| let n_corpus = state.corpus().count_all(); | ||
| let mut do_retain = vec![]; |
There was a problem hiding this comment.
What if you don't retain any enabled entries?
There was a problem hiding this comment.
yeah it's a problem.
maybe i should make it keep at least one
No description provided.