libfuzzer fixes

afl/src/events/llmp.rs

@@ -436,8 +436,8 @@ impl LlmpSender {
     /// Never call alloc_next without either sending or cancelling the last allocated message for this page!
     /// There can only ever be up to one message allocated per page at each given time.
     unsafe fn alloc_next_if_space(&mut self, buf_len: usize) -> Option<*mut LlmpMsg> {
-        let mut buf_len_padded = buf_len;
-        let mut complete_msg_size = llmp_align(size_of::<LlmpMsg>() + buf_len_padded);
+        let buf_len_padded;
+        let mut complete_msg_size = llmp_align(size_of::<LlmpMsg>() + buf_len);
         let map = self.out_maps.last().unwrap();
         let page = map.page();
         let last_msg = self.last_msg_sent;

afl/src/events/mod.rs

@@ -4,8 +4,8 @@ pub mod llmp;
 pub mod shmem_translated;
 
 use alloc::string::String;
-use tuple_list::tuple_list_type;
 use core::{marker::PhantomData, time};
+use tuple_list::tuple_list_type;
 
 use serde::{Deserialize, Serialize};
 
@@ -414,8 +414,6 @@ where
     fn start_time(&mut self) -> time::Duration {
         self.start_time
     }
-
-
 }
 
 #[cfg(feature = "std")]
@@ -524,19 +522,18 @@ where
     }
 }
 
-
 #[cfg(feature = "std")]
 #[cfg(test)]
 mod tests {
 
     use std::io::stderr;
 
-    use crate::{events::Event, observers::ObserversTuple};
+    use crate::events::EventManager;
     use crate::inputs::bytes::BytesInput;
     use crate::observers::StdMapObserver;
     use crate::serde_anymap::{Ptr, PtrMut};
     use crate::tuples::{tuple_list, tuple_list_type, MatchNameAndType, Named};
-    use crate::events::EventManager;
+    use crate::{events::Event, observers::ObserversTuple};
 
     use super::LoggerEventManager;
 
@@ -566,8 +563,7 @@ mod tests {
                 client_config: _,
             } => {
                 let o = map.deserialize(&observers_buf).unwrap();
-                let test_observer = o.match_name_type::<StdMapObserver<u32>>("test")
-                    .unwrap();
+                let test_observer = o.match_name_type::<StdMapObserver<u32>>("test").unwrap();
                 assert_eq!("test", test_observer.name());
             }
             _ => panic!("mistmatch".to_string()),

afl/src/feedbacks/mod.rs

@@ -235,18 +235,21 @@ where
     pub fn new(name: &'static str, map_size: usize) -> Self {
         Self {
             history_map: vec![T::default(); map_size],
-            name: name,
             phantom: PhantomData,
+            name,
         }
     }
 
-    /*pub fn new_with_observer(map_observer: &O) -> Self {
+    /// Create new MapFeedback for the observer type.
+    /// Name should match that of the observer.
+    pub fn new_with_observer(name: &'static str, map_observer: &O) -> Self {
+        debug_assert_eq!(name, map_observer.name());
         Self {
             history_map: vec![T::default(); map_observer.map().len()],
-            name: map_observer.name(),
             phantom: PhantomData,
+            name,
         }
-    }*/
+    }
 }
 
 impl<T, R, O> MapFeedback<T, R, O>

afl/src/observers/mod.rs

@@ -37,7 +37,7 @@ pub trait ObserversTuple:
         Ok(postcard::to_allocvec(&self)?)
     }
 
-    /// Deserilaize 
+    /// Deserilaize
     fn deserialize(&self, serialized: &[u8]) -> Result<Self, AflError> {
         Ok(postcard::from_bytes(serialized)?)
     }
@@ -51,7 +51,6 @@ impl ObserversTuple for () {
         Ok(())
     }
 
-
     //fn for_each(&self, f: fn(&dyn Observer)) { }
     //fn for_each_mut(&mut self, f: fn(&mut dyn Observer)) { }
 }
@@ -187,8 +186,8 @@ where
         let initial = if map.len() > 0 { map[0] } else { T::default() };
         Self {
             map: ArrayMut::Cptr((map.as_mut_ptr(), map.len())),
-            initial: initial,
             name: name.into(),
+            initial,
         }
     }
 
@@ -198,8 +197,8 @@ where
             let initial = if len > 0 { *map_ptr } else { T::default() };
             StdMapObserver {
                 map: ArrayMut::Cptr((map_ptr, len)),
-                initial: initial,
                 name: name.into(),
+                initial,
             }
         }
     }

afl/src/stages/mutational.rs

@@ -71,7 +71,7 @@ where
             // in a late stage, NewTestcase should be triggere donly after the processing in the later stage
             // So by default we shoudl trigger it in corpus.add, so that the user can override it and remove
             // if needed by particular cases
-            if state.is_interesting(&input_mut, observers)? > 0 {
+            if fitness > 0 {
                 // TODO decouple events manager and engine
                 manager.fire(Event::new_testcase("test".into(), input_mut, observers)?)?;
             // let _ = corpus.add(testcase);

fuzzers/libfuzzer/src/lib.rs

@@ -21,8 +21,8 @@ use afl::mutators::scheduled::HavocBytesMutator;
 use afl::mutators::HasMaxSize;
 use afl::observers::StdMapObserver;
 use afl::stages::mutational::StdMutationalStage;
-use afl::utils::StdRand;
 use afl::tuples::tuple_list;
+use afl::utils::StdRand;
 
 const MAP_SIZE: usize = 65536;
 
@@ -60,11 +60,11 @@ pub extern "C" fn afl_libfuzzer_main() {
         StdMapObserver::new_from_ptr(&NAME_COV_MAP, unsafe { __lafl_edges_map }, unsafe {
             __lafl_max_edges_size as usize
         });
-    let edges_feedback = MaxMapFeedback::<u8, StdMapObserver<u8>>::new(&NAME_COV_MAP, MAP_SIZE);
+    let edges_feedback = MaxMapFeedback::new_with_observer(&NAME_COV_MAP, &edges_observer);
 
-    let executor = InMemoryExecutor::new(harness, tuple_list!(edges_observer));
+    let executor = InMemoryExecutor::new("Libfuzzer", harness, tuple_list!(edges_observer));
     let mut state = State::new(tuple_list!(edges_feedback));
- 
+
     let mut engine = Engine::new(executor);
 
     state