Expand description
TFFS Module for SIMICS
ยงOverview
This crate provides a client and module loadable by SIMICS to enable fuzzing on the SIMICS
platform. The client is intended to be used by the simics-fuzz crate, but it can be used
manually to enable additional use cases.
ยงCapabilities
The Module can:
- Trace branch hits during an execution of a target on an x86_64 processor. These branches are traced into shared memory in the format understood by the AFL family of tools.
- Catch exception/fault events registered in an initial configuration or dynamically using a SIMICS Python script
- Catch timeout events registered in an initial configuration or dynamically using a SIMICS Python script
- Manage the state of a target under test by taking and restoring a snapshot of its state for deterministic snapshot fuzzing
Modulesยง
- arch ๐
- Architecture specific data and definitions
- fuzzer ๐
- Fuzzing engine implementation, configure and run LibAFL on a separate thread
- haps ๐
- Handlers for HAPs in the simulator
- interfaces ๐
- Interfaces accessible from Simics script and Python
- log ๐
- Logging
- magic ๐
- Magic number definitions
- os ๐
- source_
cov ๐ - state ๐
- Definitions for tracking the state of the fuzzer
- tracer ๐
- traits ๐
- util ๐
Structsยง
- Manual
Start ๐Info - Exactly the same as
StartInfoexcept with the semantic difference that the address may not always be stored as physical, the user may provide a virtual address for both the address and the size pointer (if there is one). - Start
Info ๐ - Tsffs ๐
- The main module class for the TSFFS fuzzer, stores state and configuration information
Enumsยง
- Manual
Start ๐Address - Manual
Start ๐Size - Start
Physical ๐Address - An address that was formerly virtual or formerly physical. The actual address must be physical.
- Start
Size ๐
Constantsยง
- CLASS_
NAME - The class name used for all operations interfacing with SIMICS
Staticsยง
- _module_
capabilities_ - The module capabilities list
- _module_
date - The module build date
Functionsยง
- Tsffs_
alloc โ - FFI wrapper
- Tsffs_
dealloc - FFI wrapper
- Tsffs_
deinit - FFI wrapper
- Tsffs_
finalize - FFI wrapper
- Tsffs_
init - FFI wrapper
- Tsffs_
objects_ finalized - FFI wrapper
- _simics_
module_ init - Exported symbol called by simics when module is loaded
- init ๐
- Initialize TSFFS