holey-bytes/hbvm/fuzz/fuzz_targets/vm.rs

#![no_main]

use {
    hbvm::{
        mem::{HandlePageFault, Memory, MemoryAccessReason, PageSize},
        Vm,
    },
    libfuzzer_sys::fuzz_target,
};

fuzz_target!(|data: &[u8]| {
    if let Ok(mut vm) = Vm::<_, 16384>::new_validated(data, TestTrapHandler, Default::default()) {
        // Alloc and map some memory
        let pages = [
            alloc_and_map(&mut vm.memory, 0),
            alloc_and_map(&mut vm.memory, 4096),
        ];

        // Run VM
        let _ = vm.run();

        // Unmap and dealloc the memory
        for (i, page) in pages.into_iter().enumerate() {
            unmap_and_dealloc(&mut vm.memory, page, i as u64 * 4096);
        }
    }
});

fn alloc_and_map(memory: &mut Memory, at: u64) -> *mut u8 {
    let ptr = Box::into_raw(Box::<Page>::default()).cast();
    unsafe {
        memory
            .map(
                ptr,
                at,
                hbvm::mem::paging::Permission::Write,
                PageSize::Size4K,
            )
            .unwrap()
    };
    ptr
}

fn unmap_and_dealloc(memory: &mut Memory, ptr: *mut u8, from: u64) {
    memory.unmap(from).unwrap();
    let _ = unsafe { Box::from_raw(ptr.cast::<Page>()) };
}

#[repr(align(4096))]
struct Page([u8; 4096]);
impl Default for Page {
    fn default() -> Self {
        unsafe { std::mem::MaybeUninit::zeroed().assume_init() }
    }
}

struct TestTrapHandler;
impl HandlePageFault for TestTrapHandler {
    fn page_fault(
        &mut self,
        _: MemoryAccessReason,
        _: &mut Memory,
        _: u64,
        _: PageSize,
        _: *mut u8,
    ) -> bool {
        false
    }
}
Added fuzzy tests 2023-07-25 23:01:53 +00:00			`#![no_main]`

			`use {`
restruct + no-alloc support 2023-07-25 23:11:21 +00:00			`hbvm::{`
Added fuzzy tests 2023-07-25 23:01:53 +00:00			`mem::{HandlePageFault, Memory, MemoryAccessReason, PageSize},`
			`Vm,`
			`},`
			`libfuzzer_sys::fuzz_target,`
			`};`

			`fuzz_target!(\|data: &[u8]\| {`
Decreased timeout 2023-07-26 00:35:27 +00:00			`if let Ok(mut vm) = Vm::<_, 16384>::new_validated(data, TestTrapHandler, Default::default()) {`
Fixed memory (un)mapping 2023-07-26 10:22:28 +00:00			`// Alloc and map some memory`
			`let pages = [`
			`alloc_and_map(&mut vm.memory, 0),`
			`alloc_and_map(&mut vm.memory, 4096),`
			`];`
Fixed page size, fuzzer now does memory. 2023-07-26 01:27:31 +00:00
Fixed memory (un)mapping 2023-07-26 10:22:28 +00:00			`// Run VM`
Added fuzzy tests 2023-07-25 23:01:53 +00:00			`let _ = vm.run();`
Fixed page size, fuzzer now does memory. 2023-07-26 01:27:31 +00:00
Fixed memory (un)mapping 2023-07-26 10:22:28 +00:00			`// Unmap and dealloc the memory`
			`for (i, page) in pages.into_iter().enumerate() {`
			`unmap_and_dealloc(&mut vm.memory, page, i as u64 * 4096);`
			`}`
Added fuzzy tests 2023-07-25 23:01:53 +00:00			`}`
			`});`

Fixed memory (un)mapping 2023-07-26 10:22:28 +00:00			`fn alloc_and_map(memory: &mut Memory, at: u64) -> *mut u8 {`
			`let ptr = Box::into_raw(Box::<Page>::default()).cast();`
			`unsafe {`
			`memory`
			`.map(`
			`ptr,`
			`at,`
			`hbvm::mem::paging::Permission::Write,`
			`PageSize::Size4K,`
			`)`
			`.unwrap()`
			`};`
			`ptr`
			`}`

			`fn unmap_and_dealloc(memory: &mut Memory, ptr: *mut u8, from: u64) {`
			`memory.unmap(from).unwrap();`
			`let _ = unsafe { Box::from_raw(ptr.cast::<Page>()) };`
			`}`

Fixed page size, fuzzer now does memory. 2023-07-26 01:27:31 +00:00			`#[repr(align(4096))]`
			`struct Page([u8; 4096]);`
			`impl Default for Page {`
			`fn default() -> Self {`
			`unsafe { std::mem::MaybeUninit::zeroed().assume_init() }`
			`}`
			`}`

Added fuzzy tests 2023-07-25 23:01:53 +00:00			`struct TestTrapHandler;`
			`impl HandlePageFault for TestTrapHandler {`
			`fn page_fault(`
			`&mut self,`
			`_: MemoryAccessReason,`
			`_: &mut Memory,`
			`_: u64,`
			`_: PageSize,`
			`_: *mut u8,`
			`) -> bool {`
			`false`
			`}`
			`}`