monitor/ don't output anything

[Nicholas-wei]

Hi, I am new to magma, and I want to use magma to test my own fuzzer. After successfully setting up the environment(build.sh && start.sh can run poperly) and 24 hours' fuzz testing, I got nothing under magma_shared/monitor/ except an enmpty file named 5. And I am confused by that.

I have read the source code of canary.c and debugged. The problem is shown below.

// data_ptr->consumed seems to be always false, and canaries.raw has never been modified
 if (data_ptr->consumed) {
        memcpy(data_ptr->consumer_buffer, data_ptr->producer_buffer, sizeof(data_t));
        // memory barrier
        __sync_synchronize();
        data_ptr->consumed = false;
    }

I am sure that the source code is built with canary(I have used the default setting).
Does that mean that I have never reached the target? Or maybe there are some other problems releating to that?
My target is libpng with the env args given in magma's website, and my fuzzer is very similar to aflgo, I have used https://github.com/usc-isi-bass/magma/tree/aflgo to build aflgo, and I am pretty sure the build process is right.
I will be really thankful if anyone can help me.

[adrianherrera]

It sounds like bugs are not being triggered correctly. I’d check the log under the `logs` directory and if your fuzzer produces a queue I’d replay the queue entries through magma’s monitor (see https://hexhive.epfl.ch/magma/docs/technical.html). Let me know how you go!

…

On Fri, 10 Mar 2023 at 8:35 pm, nich0las ***@***.***> wrote: Hi, I am new to magma, and I want to use magma to test my own fuzzer. After successfully setting up the environment(build.sh && start.sh can run poperly) and 24 hours' fuzz testing, I got nothing under magma_shared/monitor/ except an enmpty file named 5. And I am confused by that. I have read the source code of canary.c and debugged. The problem is shown below. // data_ptr->consumed seems to be always false, and canaries.raw has never been modified if (data_ptr->consumed) { memcpy(data_ptr->consumer_buffer, data_ptr->producer_buffer, sizeof(data_t)); // memory barrier __sync_synchronize(); data_ptr->consumed = false; } I am sure that the source code is built with canary(I have used the default setting). Does that mean that I have never reached the target? Or maybe there are some other problems releating to that? My target is libpng with the env args given in magma's website, and my fuzzer is very similar to aflgo, I have used https://github.com/usc-isi-bass/magma/tree/aflgo to build aflgo, and I am pretty sure the build process is right. I will be really thankful if anyone can help me. — Reply to this email directly, view it on GitHub <#137>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ACB2DEQS4AFJHGE52XHUQOLW3LYW7ANCNFSM6AAAAAAVWGVMQE> . You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>

[hazimeh]

I'd also suggest making sure that the monitoring loop is running throughout the lifetime of the campaign.

As you can see, if the monitor exits with a non-zero code, no logs are generated. In that case, you should check the campaign logs to see the monitor's error output and map it back to the root failure cause.