Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for Unicorn engine #1054

Merged
merged 20 commits into from
Feb 15, 2025
Merged

Add support for Unicorn engine #1054

merged 20 commits into from
Feb 15, 2025

Conversation

henri2h
Copy link
Contributor

@henri2h henri2h commented Feb 9, 2023
edited
Loading

Add support for unicorn engine for CPU emulation

Currently support

  • X86
  • ARM
  • ARM64

Supersede: henri2h#1

@henri2h henri2h marked this pull request as draft February 9, 2023 16:26
@henri2h henri2h changed the title Draft: Add support for Unicorn engine Add support for Unicorn engine Feb 9, 2023
@henri2h henri2h marked this pull request as ready for review February 10, 2023 16:36
@andreafioraldi
Copy link
Member

Hey Henri, I will adapt the code in the following days/weeks, I'm quite busy now

@domenukk domenukk marked this pull request as draft May 3, 2023 13:47
@domenukk
Copy link
Member

What to do with this? @andreafioraldi ?

@twizmwazin twizmwazin mentioned this pull request Jun 14, 2024
Closed
@tokatoka tokatoka marked this pull request as ready for review December 7, 2024 02:31
@domenukk
Copy link
Member

@andreafioraldi @henri2h what do we do with this PR? Update & merge, or close?

@tokatoka
Copy link
Member

we can merge with proper ci

@andreafioraldi
Copy link
Member

andreafioraldi commented Feb 12, 2025 via email

@domenukk
Copy link
Member

I mean the other option is, if @henri2h wants, to update this PR and merge

@henri2h henri2h force-pushed the henri2h/libafl_unicorn branch from a842044 to d31c3b9 Compare February 13, 2025 14:35
tokatoka
tokatoka reviewed Feb 13, 2025
View reviewed changes
libafl_unicorn/Cargo.toml Outdated Show resolved Hide resolved
@tokatoka
Copy link
Member

tokatoka commented Feb 13, 2025
edited
Loading

Except for the code itself.
Can you add a job to CI that

  1. install all the dependency required to run make for your current Makefile
  2. run and test fuzzer. (in should run just test and check if it runs successfully) This test job should, for example check the number of testcases, or objectives after a few seconds. For example like, this https://github.com/AFLplusplus/LibAFL/blob/main/fuzzers/inprocess/libfuzzer_libpng/Justfile#L115

For CI;
You can insert it here.
https://github.com/AFLplusplus/LibAFL/blob/main/.github/workflows/build_and_test.yml#L486
here run sudo apt and then in the next job run cd fuzzer/full_system/unicorn_fuzzer && just test

@tokatoka
Copy link
Member

Also here you should add
https://github.com/AFLplusplus/LibAFL/blob/main/.github/workflows/build_and_test.yml#L280

# - fuzzer/full_system/unicorn to shut ci up

domenukk
domenukk reviewed Feb 14, 2025
View reviewed changes
fuzzers/full_system/unicorn/src/main.rs Outdated
// Setting up the edge coverage tracker
let mut shmem_provider = unix_shmem::UnixShMemProvider::new().unwrap();

let mut shmem = shmem_provider.new_shmem(EDGES_MAP_DEFAULT_SIZE).unwrap();
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why do we need shared maps to interact with unicorn at all?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Like, just return Err from unicorn, return ExitKind::Crash from the harness, reload the unicorn state

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Right, it was to be able to use the InProcessForExecutor to be able to restore the memory context at each execution but here it's not needed. Using the unicorn reset function (doesn't reset the memory) is enough.

@henri2h henri2h force-pushed the henri2h/libafl_unicorn branch from 19af1b6 to 40aadec Compare February 14, 2025 14:46
@domenukk domenukk merged commit 0aba2c4 into AFLplusplus:main Feb 15, 2025
107 checks passed
@domenukk
Copy link
Member

Cool stuff!

domenukk
domenukk reviewed Feb 15, 2025
View reviewed changes
libafl_unicorn/src/emu.rs
let cs = match emu.get_arch() {
Arch::ARM => Capstone::new()
.arm()
.mode(arch::arm::ArchMode::Thumb)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is technically only correct for a subset of targets

@tokatoka
Copy link
Member

After running ./scripts/clippy.sh there's some warnings from your crate
can you fix it? @henri2h

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@domenukk domenukk domenukk left review comments

@tokatoka tokatoka tokatoka left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@henri2h @andreafioraldi @domenukk @tokatoka