Tweaked a bug

.vscode/launch.json

@@ -0,0 +1,176 @@
+{
+ // 使用 IntelliSense 了解相关属性。 
+ // 悬停以查看现有属性的描述。
+ // 欲了解更多信息，请访问: https://go.microsoft.com/fwlink/?linkid=830387
+ "version": "0.2.0",
+ "configurations": [
+ {
+ "type": "lldb",
+ "request": "launch",
+ "name": "Debug unit tests in library 'forksrv'",
+ "cargo": {
+ "args": [
+ "test",
+ "--no-run",
+ "--lib",
+ "--package=forksrv"
+ ],
+ "filter": {
+ "name": "forksrv",
+ "kind": "lib"
+ }
+ },
+ "args": [],
+ "cwd": "${workspaceFolder}"
+ },
+ {
+ "type": "lldb",
+ "request": "launch",
+ "name": "Debug unit tests in library 'grammartec'",
+ "cargo": {
+ "args": [
+ "test",
+ "--no-run",
+ "--lib",
+ "--package=grammartec"
+ ],
+ "filter": {
+ "name": "grammartec",
+ "kind": "lib"
+ }
+ },
+ "args": [],
+ "cwd": "${workspaceFolder}"
+ },
+ {
+ "type": "lldb",
+ "request": "launch",
+ "name": "Debug unit tests in library 'regex_mutator'",
+ "cargo": {
+ "args": [
+ "test",
+ "--no-run",
+ "--lib",
+ "--package=regex_mutator"
+ ],
+ "filter": {
+ "name": "regex_mutator",
+ "kind": "lib"
+ }
+ },
+ "args": [],
+ "cwd": "${workspaceFolder}"
+ },
+ {
+ "type": "lldb",
+ "request": "launch",
+ "name": "Debug executable 'fuzzer'",
+ "cargo": {
+ "args": [
+ "build",
+ "--bin=fuzzer",
+ "--package=fuzzer"
+ ],
+ "filter": {
+ "name": "fuzzer",
+ "kind": "bin"
+ }
+ },
+ "args": [],
+ "cwd": "${workspaceFolder}"
+ },
+ {
+ "type": "lldb",
+ "request": "launch",
+ "name": "Debug unit tests in executable 'fuzzer'",
+ "cargo": {
+ "args": [
+ "test",
+ "--no-run",
+ "--bin=fuzzer",
+ "--package=fuzzer"
+ ],
+ "filter": {
+ "name": "fuzzer",
+ "kind": "bin"
+ }
+ },
+ "args": [],
+ "cwd": "${workspaceFolder}"
+ },
+ {
+ "type": "lldb",
+ "request": "launch",
+ "name": "Debug executable 'generator'",
+ "cargo": {
+ "args": [
+ "build",
+ "--bin=generator",
+ "--package=fuzzer"
+ ],
+ "filter": {
+ "name": "generator",
+ "kind": "bin"
+ }
+ },
+ "args": [],
+ "cwd": "${workspaceFolder}"
+ },
+ {
+ "type": "lldb",
+ "request": "launch",
+ "name": "Debug unit tests in executable 'generator'",
+ "cargo": {
+ "args": [
+ "test",
+ "--no-run",
+ "--bin=generator",
+ "--package=fuzzer"
+ ],
+ "filter": {
+ "name": "generator",
+ "kind": "bin"
+ }
+ },
+ "args": [],
+ "cwd": "${workspaceFolder}"
+ },
+ {
+ "type": "lldb",
+ "request": "launch",
+ "name": "Debug executable 'mutator'",
+ "cargo": {
+ "args": [
+ "build",
+ "--bin=mutator",
+ "--package=fuzzer"
+ ],
+ "filter": {
+ "name": "mutator",
+ "kind": "bin"
+ }
+ },
+ "args": [],
+ "cwd": "${workspaceFolder}"
+ },
+ {
+ "type": "lldb",
+ "request": "launch",
+ "name": "Debug unit tests in executable 'mutator'",
+ "cargo": {
+ "args": [
+ "test",
+ "--no-run",
+ "--bin=mutator",
+ "--package=fuzzer"
+ ],
+ "filter": {
+ "name": "mutator",
+ "kind": "bin"
+ }
+ },
+ "args": [],
+ "cwd": "${workspaceFolder}"
+ }
+ ]
+}

config.ron

@@ -1,10 +1,10 @@
 Config(
  //You probably want to change the follwoing options
  //File Paths
- path_to_bin_target: "./test",
+ path_to_bin_target: "/home/luafuzz/Desktop/lua-5.4.6/src/lua",
  arguments: [ "@@"], //"@@" will be exchanged with the path of a file containing the current input
 
- path_to_grammar: "test_cases/grammar_regex_root.py",
+ path_to_grammar: "grammars/lua.py",
  path_to_workdir: "/tmp/workdir",
 
  number_of_threads: 1,
@@ -25,4 +25,4 @@ Config(
  max_tree_size: 1000, //see state.rs generate random
  number_of_deterministic_mutations: 1, //see main.rs process_input
 
-)
+)

forksrv/src/lib.rs

@@ -228,7 +228,8 @@ impl ForkServer {
  "shmclt {:?}",
  CString::from_raw(strerror(errno()))
  );
- (shm_id, trace_bits.cast::<[u8; 65536]>())
+ let ptr: *mut u8 = trace_bits.cast();
+ (shm_id, std::slice::from_raw_parts_mut(ptr,bitmap_size))
  }
  }
 }
@@ -241,18 +242,14 @@ mod tests {
  let hide_output = false;
  let timeout_in_millis = 200;
  let bitmap_size = 1 << 16;
- let target = "../test".to_string();
+ let target = "/home/luafuzz/Desktop/lua-5.4.6/src/lua".to_string();
  let args = vec![];
  let mut fork = ForkServer::new(target, args, hide_output, timeout_in_millis, bitmap_size);
  assert!(fork.get_shared()[1..].iter().all(|v| *v == 0));
  assert_eq!(
- fork.run(b"deadbeeg").unwrap(),
+ fork.run(b"print(\"Hello World!\")").unwrap(),
  exitreason::ExitReason::Normal(0)
  );
- assert_eq!(
- fork.run(b"deadbeef").unwrap(),
- exitreason::ExitReason::Signaled(6)
- );
  assert!(fork.get_shared()[1..].iter().any(|v| *v != 0));
  }
 }

fuzzer/Cargo.toml

@@ -19,6 +19,7 @@ serde_json = "1.0"
 ron = "0.8"
 clap = "4.0"
 pyo3 = "0.18"
+tempfile = "3.1"
 
 [[bin]]
 name = "fuzzer"