Treat exit kind differences as behavioral differences by default

dergoegge · Aug 14, 2024 · 633e531 · 633e531
1 parent e751e96
commit 633e531
Show file tree

Hide file tree

Showing 4 changed files with 55 additions and 19 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -16,9 +16,9 @@ qemu_arm = ["qemu", "libafl_qemu/arm", "dep:libafl_qemu"]
 
 [dependencies]
 clap = { version = "4.3.0", features = ["derive", "string"] }
-libafl = { git = "https://github.com/AFLplusplus/LibAFL.git", tag = "0.13.1" }
-libafl_bolts = { git = "https://github.com/AFLplusplus/LibAFL.git", tag = "0.13.1" }
-libafl_qemu = { git = "https://github.com/AFLplusplus/LibAFL.git", tag = "0.13.1", features = ["usermode"], optional = true }
+libafl = { git = "https://github.com/dergoegge/LibAFL.git", branch = "semsan" }
+libafl_bolts = { git = "https://github.com/dergoegge/LibAFL.git", branch = "semsan" }
+libafl_qemu = { git = "https://github.com/dergoegge/LibAFL.git", branch = "semsan", features = ["usermode"], optional = true }
 libc = "0.2.155"
 serde = "1.0.200"
 

diff --git a/src/main.rs b/src/main.rs
@@ -14,9 +14,10 @@ use libafl::{
     corpus::{Corpus, HasTestcase, InMemoryCorpus, OnDiskCorpus, Testcase},
     events::{ProgressReporter, SimpleEventManager},
     executors::{DiffExecutor, ExitKind, ForkserverExecutor},
+    feedback_and, feedback_and_fast, feedback_not, feedback_or,
     feedbacks::{
         differential::{DiffFeedback, DiffResult},
-        MaxMapFeedback,
+        ConstFeedback, DiffExitKindFeedback, MaxMapFeedback,
     },
     inputs::{BytesInput, HasMutatorBytes, HasTargetBytes, Input},
     monitors::SimplePrintingMonitor,
@@ -187,11 +188,8 @@ fn main() -> std::process::ExitCode {
 
     // Both observers are combined into a `DiffFeedback` that compares the retrieved values from
     // the two observers described above.
-    let mut objective = DiffFeedback::new(
-        "diff-value-feedback",
-        &primary_diff_value_observer,
-        &secondary_diff_value_observer,
-        |o1, o2| {
+    let compare_characterization_values =
+        |o1: &ShMemDifferentialValueObserver, o2: &ShMemDifferentialValueObserver| {
             if opts.debug {
                 println!(
                     "Observed characterization values: v1={:?} v2={:?}",
@@ -220,9 +218,39 @@ fn main() -> std::process::ExitCode {
 
                 DiffResult::Diff
             }
-        },
-    )
-    .unwrap();
+        };
+
+    let mut objective = feedback_or!(
+        feedback_and_fast!(
+            ConstFeedback::new(opts.ignore_exit_kind),
+            // Only report differences in the characterization value as behavioral differences.
+            feedback_and!(
+                feedback_not!(DiffExitKindFeedback::new()),
+                DiffFeedback::new(
+                    "diff-value-feedback-0",
+                    &primary_diff_value_observer,
+                    &secondary_diff_value_observer,
+                    compare_characterization_values,
+                )
+                .unwrap()
+            )
+        ),
+        feedback_and_fast!(
+            ConstFeedback::new(!opts.ignore_exit_kind),
+            // Report differences in exit kind or differences in the characterization value as
+            // behavioral differences.
+            feedback_or!(
+                DiffExitKindFeedback::new(),
+                DiffFeedback::new(
+                    "diff-value-feedback-1",
+                    &primary_diff_value_observer,
+                    &secondary_diff_value_observer,
+                    compare_characterization_values,
+                )
+                .unwrap()
+            )
+        )
+    );
 
     let mut primary_coverage_shmem = shmem_provider.new_shmem(MAX_MAP_SIZE).unwrap();
     let mut secondary_coverage_shmem = shmem_provider.new_shmem(MAX_MAP_SIZE).unwrap();
@@ -446,6 +474,7 @@ fn main() -> std::process::ExitCode {
                 }
 
                 if !fuzz_opts.ignore_solutions && state.solutions().count() != 0 {
+                    eprintln!("EXIT: semantic difference found");
                     return std::process::ExitCode::from(opts.solution_exit_code);
                 }
             }

diff --git a/src/options.rs b/src/options.rs
@@ -137,6 +137,13 @@ pub struct Options {
     )]
     pub shared_args: Vec<String>,
 
+    #[arg(
+        long = "ignore-exit-kind",
+        help = "Don't report differences in exit kind (e.g. crashes or timeouts) as behavioral differences",
+        default_value_t = false
+    )]
+    pub ignore_exit_kind: bool,
+
     #[command(subcommand)]
     pub command: Command,
     #[arg(