make it possible to choose between crashing methods

Author: rmalmain

include/libafl/exit.h

@@ -80,7 +80,7 @@ void libafl_exit_request_internal(CPUState* cpu, uint64_t pc,
 void libafl_exit_request_breakpoint(CPUState* cpu, target_ulong pc);
 void libafl_exit_request_custom_insn(CPUState* cpu, target_ulong pc,
                                      enum libafl_custom_insn_kind kind);
-void libafl_exit_request_crash(void);
+void libafl_exit_request_crash(CPUState* cpu);
 void libafl_exit_request_timeout(void);
 
 struct libafl_exit_reason* libafl_get_exit_reason(void);

include/libafl/user.h

@@ -49,6 +49,9 @@ uint64_t libafl_set_brk(uint64_t new_brk);
 
 int _libafl_qemu_user_init(int argc, char** argv, char** envp);
 
+bool libafl_get_return_on_crash(void);
+void libafl_set_return_on_crash(bool return_on_crash);
+
 #ifdef AS_LIB
 void libafl_qemu_init(int argc, char** argv);
 #endif

libafl/exit.c

@@ -126,16 +126,15 @@ void libafl_exit_request_breakpoint(CPUState* cpu, target_ulong pc)
     prepare_qemu_exit(cpu, pc);
 }
 
-void libafl_exit_request_crash(void)
+void libafl_exit_request_crash(CPUState* cpu)
 {
-    CPUClass* cc = CPU_GET_CLASS(current_cpu);
+    CPUClass* cc = CPU_GET_CLASS(cpu);
 
     expected_exit = true;
     last_exit_reason.kind = CRASH;
-    last_exit_reason.cpu = current_cpu;
+    last_exit_reason.cpu = cpu;
 
-    // TODO: put real PC
-    prepare_qemu_exit(current_cpu, cc->get_pc(current_cpu));
+    prepare_qemu_exit(current_cpu, cc->get_pc(cpu));
 }
 
 #ifndef CONFIG_USER_ONLY

libafl/user.c

@@ -4,11 +4,15 @@
 
 #include "libafl/user.h"
 
+extern abi_ulong target_brk, initial_target_brk;
+
 static struct image_info libafl_image_info;
 
-struct libafl_qemu_sig_ctx libafl_qemu_sig_ctx = {0};
+static struct libafl_qemu_sig_ctx libafl_qemu_sig_ctx = {0};
 
-extern abi_ulong target_brk, initial_target_brk;
+// if true, target crashes will issue an exit request and return to harness.
+// if false, target crahes will raise the appropriate signal.
+static bool libafl_return_on_crash = false;
 
 void host_signal_handler(int host_sig, siginfo_t* info, void* puc);
 
@@ -54,6 +58,14 @@ uint64_t libafl_set_brk(uint64_t new_brk)
     return old_brk;
 }
 
+void libafl_set_return_on_crash(bool return_on_crash) {
+    libafl_return_on_crash = return_on_crash;
+}
+
+bool libafl_get_return_on_crash(void) {
+    return libafl_return_on_crash;
+}
+
 #ifdef AS_LIB
 void libafl_qemu_init(int argc, char** argv)
 {

linux-user/signal.c

@@ -1286,9 +1286,13 @@ static void handle_pending_signal(CPUArchState *cpu_env, int sig,
                    sig != TARGET_SIGWINCH &&
                    sig != TARGET_SIGCONT) {
 //// --- Start LibAFL code ---
-            // dump_core_and_abort(cpu_env, sig);
-            libafl_exit_request_crash();
+            if (libafl_get_return_on_crash()) {
+                libafl_exit_request_crash(env_cpu(cpu_env));
+            } else {
+                dump_core_and_abort(cpu_env, sig);
+            }
 //// --- End LibAFL code ---
+            // dump_core_and_abort(cpu_env, sig);
         }
     } else if (handler == TARGET_SIG_IGN) {
         /* ignore sig */