diff --git a/hosts/fuzz/Makefile b/hosts/fuzz/Makefile index 92e0b93..3ba5ade 100644 --- a/hosts/fuzz/Makefile +++ b/hosts/fuzz/Makefile @@ -1,6 +1,6 @@ TOPDIR=../.. all: - afl-clang-fast -g3 -fsanitize=address,undefined -Wall -DUVM32_MEMORY_SIZE=8388608 -I${TOPDIR}/uvm32 -I${TOPDIR}/common -o host-fuzz ${TOPDIR}/uvm32/uvm32.c fuzz.c + afl-clang-fast -g3 -fsanitize=address,undefined -Wall -DUVM32_MEMORY_SIZE=4096 -I${TOPDIR}/uvm32 -I${TOPDIR}/common -o host-fuzz ${TOPDIR}/uvm32/uvm32.c fuzz.c afl-fuzz -i${TOPDIR}/precompiled -oo ./host-fuzz clean: diff --git a/hosts/fuzz/fuzz.c b/hosts/fuzz/fuzz.c index 9d2cb94..08fae0a 100644 --- a/hosts/fuzz/fuzz.c +++ b/hosts/fuzz/fuzz.c @@ -9,14 +9,19 @@ __AFL_FUZZ_INIT(); int main(int argc, char *argv[]) { __AFL_INIT(); - uvm32_state_t vmst; uvm32_evt_t evt; - uvm32_init(&vmst); - unsigned char *rom = __AFL_FUZZ_TESTCASE_BUF; - while (__AFL_LOOP(10000)) { - uvm32_load(&vmst, rom, __AFL_FUZZ_TESTCASE_LEN); - uvm32_run(&vmst, &evt, 1000); + uvm32_state_t *vmst = malloc(sizeof(uvm32_state_t)); + + while (__AFL_LOOP(100000)) { + memset(vmst, 0x00, sizeof(uvm32_state_t)); + uvm32_init(vmst); + unsigned char *rom = __AFL_FUZZ_TESTCASE_BUF; + uvm32_load(vmst, rom, __AFL_FUZZ_TESTCASE_LEN); + memset(&evt, 0x00, sizeof(evt)); + for (int i=0;i<10;i++) { + uvm32_run(vmst, &evt, 1000); + } } return 0; diff --git a/precompiled/self.bin b/precompiled/self.bin index b59ef39..531f49e 100755 Binary files a/precompiled/self.bin and b/precompiled/self.bin differ diff --git a/uvm32/uvm32.c b/uvm32/uvm32.c index 7b982e4..ca57642 100644 --- a/uvm32/uvm32.c +++ b/uvm32/uvm32.c @@ -254,6 +254,7 @@ uint32_t uvm32_run(uvm32_state_t *vmst, uvm32_evt_t *evt, uint32_t instr_meter) while(vmst->_status == UVM32_STATUS_RUNNING && instr_meter > 0) { uint64_t elapsedUs = 1; uint32_t ret; + ret = MiniRV32IMAStep(vmst, &vmst->_core, vmst->_memory, elapsedUs, 1); instr_meter--; @@ -420,22 +421,22 @@ uint32_t _uvm32_extramLoad(void *userdata, uint32_t addr, uint32_t accessTyp) { // Any other value will have caused UVM32_ERR_INTERNAL_CORE switch(accessTyp) { case 0: - return ((int8_t *)vmst->_extram)[addr]; + return _uvm32_load1s(vmst->_extram, addr); break; case 1: - return ((int16_t *)vmst->_extram)[addr/2]; + return _uvm32_load2s(vmst->_extram, addr); break; case 2: - return ((uint32_t *)vmst->_extram)[addr / 4]; + return _uvm32_load4(vmst->_extram, addr); break; case 5: - return ((uint16_t *)vmst->_extram)[addr/2]; + return _uvm32_load2(vmst->_extram, addr); break; // have a default case to keep coverage check happy // no other values are possible here default: // fall through case 4: - return ((uint8_t *)vmst->_extram)[addr]; + return _uvm32_load1(vmst->_extram, addr); break; } @@ -454,15 +455,15 @@ uint32_t _uvm32_extramStore(void *userdata, uint32_t addr, uint32_t val, uint32_ if (addr < vmst->_extramLen) { switch(accessTyp) { case 1: - ((uint16_t *)vmst->_extram)[addr/2] = val; + _uvm32_store2(vmst->_extram, addr, val); break; case 2: - ((uint32_t *)vmst->_extram)[addr/4] = val; + _uvm32_store4(vmst->_extram, addr, val); break; // no other values are valid here and will be stopped above default: // fall through case 0: - ((uint8_t *)vmst->_extram)[addr] = val; + _uvm32_store1(vmst->_extram, addr, val); break; } vmst->_extramDirty = true; @@ -490,3 +491,35 @@ uint32_t uvm32_getProgramCounter(const uvm32_state_t *vmst) { return vmst->_core.pc; } +// Access of memory bus in alignment safe way +void _uvm32_store4(void *p, uint32_t off, uint32_t val) { + UVM32_MEMCPY((uint8_t *)p + off, &val, 4); +} +void _uvm32_store2(void *p, uint32_t off, uint16_t val) { + UVM32_MEMCPY((uint8_t *)p + off, &val, 2); +} +void _uvm32_store1(void *p, uint32_t off, uint8_t val) { + ((uint8_t *)p)[off] = val; +} +uint32_t _uvm32_load4(void *p, uint32_t off) { + uint32_t v; + UVM32_MEMCPY(&v, (uint8_t *)p + off, 4); + return v; +} +uint16_t _uvm32_load2(void *p, uint32_t off) { + uint16_t v; + UVM32_MEMCPY(&v, (uint8_t *)p + off, 2); + return v; +} +uint8_t _uvm32_load1(void *p, uint32_t off) { + return ((uint8_t *)p)[off]; +} +int16_t _uvm32_load2s(void *p, uint32_t off) { + int16_t v; + UVM32_MEMCPY(&v, (uint8_t *)p + off, 2); + return v; +} +int8_t _uvm32_load1s(void *p, uint32_t off) { + return ((int8_t *)p)[off]; +} + diff --git a/uvm32/uvm32.h b/uvm32/uvm32.h index e33613b..edb96dc 100644 --- a/uvm32/uvm32.h +++ b/uvm32/uvm32.h @@ -51,6 +51,23 @@ uint32_t _uvm32_extramLoad(void *userdata, uint32_t addr, uint32_t accessTyp); uint32_t _uvm32_extramStore(void *userdata, uint32_t addr, uint32_t val, uint32_t accessTyp); #define MINIRV32_HANDLE_MEM_LOAD_CONTROL( addy, rval ) rval = _uvm32_extramLoad(userdata, addy, ( ir >> 12 ) & 0x7); #define MINIRV32_HANDLE_MEM_STORE_CONTROL( addy, val ) if( _uvm32_extramStore(userdata, addy, val, ( ir >> 12 ) & 0x7) ) return val; +void _uvm32_store4(void *p, uint32_t off, uint32_t val); +void _uvm32_store2(void *p, uint32_t off, uint16_t val); +void _uvm32_store1(void *p, uint32_t off, uint8_t val); +uint32_t _uvm32_load4(void *p, uint32_t off); +uint16_t _uvm32_load2(void *p, uint32_t off); +uint8_t _uvm32_load1(void *p, uint32_t off); +int16_t _uvm32_load2s(void *p, uint32_t off); +int8_t _uvm32_load1s(void *p, uint32_t off); +#define MINIRV32_CUSTOM_MEMORY_BUS + #define MINIRV32_STORE4( ofs, val ) _uvm32_store4(image, ofs, val) + #define MINIRV32_STORE2( ofs, val ) _uvm32_store2(image, ofs, val) + #define MINIRV32_STORE1( ofs, val ) _uvm32_store1(image, ofs, val) + #define MINIRV32_LOAD4( ofs ) _uvm32_load4(image, ofs) + #define MINIRV32_LOAD2( ofs ) _uvm32_load2(image, ofs) + #define MINIRV32_LOAD1( ofs ) _uvm32_load1(image, ofs) + #define MINIRV32_LOAD2_SIGNED( ofs ) _uvm32_load2s(image, ofs) + #define MINIRV32_LOAD1_SIGNED( ofs ) _uvm32_load1s(image, ofs) #ifndef MINIRV32_IMPLEMENTATION #define MINIRV32_STEPPROTO #endif