Lightemerald/windows-user-space-emulator
2
0
Fork 0
mirror of https://github.com/momo5502/emulator.git synced 2026-01-23 13:41:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

More fuzzing progress

Browse Source
This commit is contained in:
momo5502
2024-09-24 18:35:34 +02:00
parent 7547fee251
commit a259072b27
14 changed files with 321 additions and 94 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/fuzzing-engine/fuzzer.cpp
View File

@@ -37,13 +37,15 @@ namespace fuzzer
input_generator& generator;
handler& handler;
std::atomic_uint64_t executions{0};
private:
std::atomic_bool stop_{false};
};
void perform_fuzzing_iteration(const fuzzing_context& context, executer& executer)
void perform_fuzzing_iteration(fuzzing_context& context, executer& executer)
{
++context.executions;
context.generator.access_input([&](const std::span<const uint8_t> input)
{
uint64_t score{0};
@@ -52,9 +54,10 @@ namespace fuzzer
++score;
});
if(result == execution_result::error)
if (result == execution_result::error)
{
printf("Found error!");
printf("Found error!\n");
context.stop();
}
return score;
@@ -116,6 +119,11 @@ namespace fuzzer
while (!context.should_stop())
{
std::this_thread::sleep_for(std::chrono::seconds{1});
const auto executions = context.executions.exchange(0);
const auto highest_scorer = context.generator.get_highest_scorer();
const auto avg_score = context.generator.get_average_score();
printf("Executions/s: %lld - Score: %llX - Avg: %.3f\n", executions, highest_scorer.score, avg_score);
}
}
}

60
src/fuzzing-engine/input_generator.cpp
View File

@@ -1,5 +1,7 @@
#include "input_generator.hpp"
#include <cassert>
namespace fuzzer
{
namespace
@@ -52,7 +54,31 @@ namespace fuzzer
{
auto next_input = this->generate_next_input();
const auto score = handler(next_input);
this->store_input_entry({std::move(next_input), score});
input_entry e{};
e.data = std::move(next_input);
e.score = score;
this->store_input_entry(std::move(e));
}
input_entry input_generator::get_highest_scorer()
{
std::unique_lock lock{this->mutex_};
return this->highest_scorer_;
}
double input_generator::get_average_score()
{
std::unique_lock lock{this->mutex_};
double score{0.0};
for (const auto& e : this->top_scorer_)
{
score += static_cast<double>(e.score);
}
return score / static_cast<double>(this->top_scorer_.size());
}
void input_generator::store_input_entry(input_entry entry)
@@ -64,29 +90,33 @@ namespace fuzzer
return;
}
const auto score = entry.score;
if (entry.score > this->highest_scorer_.score)
{
this->highest_scorer_ = entry;
}
if (this->top_scorer_.size() < MAX_TOP_SCORER)
{
this->top_scorer_.emplace_back(std::move(entry));
}
else
{
const auto index = this->rng.get<size_t>() % this->top_scorer_.size();
this->top_scorer_[index] = std::move(entry);
}
this->lowest_score = score;
if (score < this->lowest_score)
{
return;
}
for (const auto& e : this->top_scorer_)
const auto insert_at_random = this->rng.get(10) == 0;
const auto index = insert_at_random
? (this->rng.get<size_t>() % this->top_scorer_.size())
: this->lowest_scorer;
this->top_scorer_[index] = std::move(entry);
this->lowest_score = this->top_scorer_[0].score;
this->lowest_scorer = 0;
for (size_t i = 1; i < this->top_scorer_.size(); ++i)
{
if (e.score < this->lowest_score)
if (this->top_scorer_[i].score < this->lowest_score)
{
this->lowest_score = e.score;
this->lowest_score = this->top_scorer_[i].score;
this->lowest_scorer = i;
}
}
}

6
src/fuzzing-engine/input_generator.hpp
View File

@@ -24,12 +24,18 @@ namespace fuzzer
void access_input(const std::function<input_handler>& handler);
input_entry get_highest_scorer();
double get_average_score();
private:
std::mutex mutex_{};
random_generator rng{};
std::vector<input_entry> top_scorer_{};
input_score lowest_score{0};
size_t lowest_scorer{0};
input_entry highest_scorer_{};
std::vector<uint8_t> generate_next_input();