holey-bytes/hbvm/fuzz/fuzz_targets/vm.rs

#![no_main]

use {
    hbvm::{
        mem::{
            softpaging::{
                paging::{PageTable, Permission},
                HandlePageFault, PageSize, SoftPagedMem,
            },
            Address, MemoryAccessReason,
        },
        Vm,
    },
    libfuzzer_sys::fuzz_target,
};

fuzz_target!(|data: &[u8]| {
    let mut vm = unsafe {
        Vm::<_, 16384>::new(
            SoftPagedMem::<_, true> {
                pf_handler: TestTrapHandler,
                program:    data,
                root_pt:    Box::into_raw(Default::default()),
                icache:     Default::default(),
            },
            Address::new(4),
        )
    };

    // Alloc and map some memory
    let pages = [
        alloc_and_map(&mut vm.memory, 0),
        alloc_and_map(&mut vm.memory, 4096),
    ];

    // Run VM
    let _ = vm.run();

    // Unmap and dealloc the memory
    for (i, page) in pages.into_iter().enumerate() {
        unmap_and_dealloc(&mut vm.memory, page, i as u64 * 4096);
    }

    let _ = unsafe { Box::from_raw(vm.memory.root_pt) };
});

fn alloc_and_map(memory: &mut SoftPagedMem<TestTrapHandler>, at: u64) -> *mut u8 {
    let ptr = Box::into_raw(Box::<Page>::default()).cast();
    unsafe {
        memory
            .map(ptr, Address::new(at), Permission::Write, PageSize::Size4K)
            .unwrap()
    };
    ptr
}

fn unmap_and_dealloc(memory: &mut SoftPagedMem<TestTrapHandler>, ptr: *mut u8, from: u64) {
    memory.unmap(Address::new(from)).unwrap();
    let _ = unsafe { Box::from_raw(ptr.cast::<Page>()) };
}

#[repr(align(4096))]
struct Page([u8; 4096]);
impl Default for Page {
    fn default() -> Self {
        unsafe { std::mem::MaybeUninit::zeroed().assume_init() }
    }
}

struct TestTrapHandler;
impl HandlePageFault for TestTrapHandler {
    fn page_fault(
        &mut self,
        _: MemoryAccessReason,
        _: &mut PageTable,
        _: Address,
        _: PageSize,
        _: *mut u8,
    ) -> bool {
        false
    }
}
Added fuzzy tests 2023-07-25 23:01:53 +00:00			`#![no_main]`

			`use {`
restruct + no-alloc support 2023-07-25 23:11:21 +00:00			`hbvm::{`
Address type, changed behaviour on address overflow 2023-08-18 00:31:49 +00:00			`mem::{`
			`softpaging::{`
			`paging::{PageTable, Permission},`
			`HandlePageFault, PageSize, SoftPagedMem,`
			`},`
			`Address, MemoryAccessReason,`
Von-Neumann? 2023-08-09 00:33:03 +00:00			`},`
Address type, changed behaviour on address overflow 2023-08-18 00:31:49 +00:00			`Vm,`
Added fuzzy tests 2023-07-25 23:01:53 +00:00			`},`
			`libfuzzer_sys::fuzz_target,`
			`};`

			`fuzz_target!(\|data: &[u8]\| {`
»fixed« fuzzer 2023-11-03 08:49:42 +00:00			`let mut vm = unsafe {`
			`Vm::<_, 16384>::new(`
			`SoftPagedMem::<_, true> {`
			`pf_handler: TestTrapHandler,`
			`program: data,`
			`root_pt: Box::into_raw(Default::default()),`
			`icache: Default::default(),`
			`},`
			`Address::new(4),`
			`)`
			`};`
Fixed page size, fuzzer now does memory. 2023-07-26 01:27:31 +00:00
»fixed« fuzzer 2023-11-03 08:49:42 +00:00			`// Alloc and map some memory`
			`let pages = [`
			`alloc_and_map(&mut vm.memory, 0),`
			`alloc_and_map(&mut vm.memory, 4096),`
			`];`
Fixed page size, fuzzer now does memory. 2023-07-26 01:27:31 +00:00
»fixed« fuzzer 2023-11-03 08:49:42 +00:00			`// Run VM`
			`let _ = vm.run();`
Softpage improvements 2023-08-17 23:28:02 +00:00
»fixed« fuzzer 2023-11-03 08:49:42 +00:00			`// Unmap and dealloc the memory`
			`for (i, page) in pages.into_iter().enumerate() {`
			`unmap_and_dealloc(&mut vm.memory, page, i as u64 * 4096);`
Added fuzzy tests 2023-07-25 23:01:53 +00:00			`}`
»fixed« fuzzer 2023-11-03 08:49:42 +00:00
			`let _ = unsafe { Box::from_raw(vm.memory.root_pt) };`
Added fuzzy tests 2023-07-25 23:01:53 +00:00			`});`

Von-Neumann? 2023-08-09 00:33:03 +00:00			`fn alloc_and_map(memory: &mut SoftPagedMem<TestTrapHandler>, at: u64) -> *mut u8 {`
Fixed memory (un)mapping 2023-07-26 10:22:28 +00:00			`let ptr = Box::into_raw(Box::<Page>::default()).cast();`
			`unsafe {`
			`memory`
Address type, changed behaviour on address overflow 2023-08-18 00:31:49 +00:00			`.map(ptr, Address::new(at), Permission::Write, PageSize::Size4K)`
Fixed memory (un)mapping 2023-07-26 10:22:28 +00:00			`.unwrap()`
			`};`
			`ptr`
			`}`

Von-Neumann? 2023-08-09 00:33:03 +00:00			`fn unmap_and_dealloc(memory: &mut SoftPagedMem<TestTrapHandler>, ptr: *mut u8, from: u64) {`
Address type, changed behaviour on address overflow 2023-08-18 00:31:49 +00:00			`memory.unmap(Address::new(from)).unwrap();`
Fixed memory (un)mapping 2023-07-26 10:22:28 +00:00			`let _ = unsafe { Box::from_raw(ptr.cast::<Page>()) };`
			`}`

Fixed page size, fuzzer now does memory. 2023-07-26 01:27:31 +00:00			`#[repr(align(4096))]`
			`struct Page([u8; 4096]);`
			`impl Default for Page {`
			`fn default() -> Self {`
			`unsafe { std::mem::MaybeUninit::zeroed().assume_init() }`
			`}`
			`}`

Added fuzzy tests 2023-07-25 23:01:53 +00:00			`struct TestTrapHandler;`
			`impl HandlePageFault for TestTrapHandler {`
			`fn page_fault(`
			`&mut self,`
			`_: MemoryAccessReason,`
Von-Neumann? 2023-08-09 00:33:03 +00:00			`_: &mut PageTable,`
Address type, changed behaviour on address overflow 2023-08-18 00:31:49 +00:00			`_: Address,`
Added fuzzy tests 2023-07-25 23:01:53 +00:00			`_: PageSize,`
			`_: *mut u8,`
			`) -> bool {`
			`false`
			`}`
			`}`