SYS-OSS/FRET-LibAFL
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

doc: Listing mutators in the module documentation (#2369)

Browse Source 
* doc(libafl_nyx): More detailed README

* doc(libafl): Documentation about mutators

* doc(libafl): fix Reference to MOpt

* doc(libafl): Improved note about Mopt

* doc: More documentation for different mutators
This commit is contained in:
Nereuxofficial 2024-07-11 15:35:36 +02:00 committed by GitHub
parent 2565fa8bf5
commit 4931db6469
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
7 changed files with 13 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/src/core_concepts/mutator.md
View File

@ -6,4 +6,6 @@ Mutators can be composed, and they are generally linked to a specific Input type
There can be, for instance, a Mutator that applies more than a single type of mutation to the input. Consider a generic Mutator for a byte stream, bit flip is just one of the possible mutations but not the only one, there is also, for instance, the random replacement of a byte of the copy of a chunk. There can be, for instance, a Mutator that applies more than a single type of mutation to the input. Consider a generic Mutator for a byte stream, bit flip is just one of the possible mutations but not the only one, there is also, for instance, the random replacement of a byte of the copy of a chunk.
There are also mutators that always produce valid inputs, say a mutator that generates valid JSON or code, but these grammar based mutators need a grammar to work.
In LibAFL, [`Mutator`](https://docs.rs/libafl/latest/libafl/mutators/trait.Mutator.html) is a trait. In LibAFL, [`Mutator`](https://docs.rs/libafl/latest/libafl/mutators/trait.Mutator.html) is a trait.

2
libafl/src/mutators/gramatron.rs
View File

@ -1,4 +1,4 @@
//! Gramatron is the rewritten gramatron fuzzer in rust. //! [`GramatronRandomMutator`] ist a random mutator using grammar automatons to perform grammar-aware fuzzing.
//! See the original gramatron repo [`Gramatron`](https://github.com/HexHive/Gramatron) for more details. //! See the original gramatron repo [`Gramatron`](https://github.com/HexHive/Gramatron) for more details.
use alloc::{borrow::Cow, vec::Vec}; use alloc::{borrow::Cow, vec::Vec};
use core::cmp::max; use core::cmp::max;

4
libafl/src/mutators/mod.rs
View File

@ -1,5 +1,5 @@
//! [`Mutator`]`s` mutate input during fuzzing. //! [`Mutator`]`s` mutate input during fuzzing. These can be used standalone or in combination with other mutators to explore the input space more effectively.
//! You can read more about mutators in the [libAFL book](https://aflplus.plus/libafl-book/core_concepts/mutator.html)
pub mod scheduled; pub mod scheduled;
use core::fmt; use core::fmt;

5
libafl/src/mutators/mopt_mutator.rs
View File

@ -1,4 +1,5 @@
//! The `MOpt` mutator scheduler, see <https://github.com/puppet-meteor/MOpt-AFL> and <https://www.usenix.org/conference/usenixsecurity19/presentation/lyu> //! The `MOpt` mutation scheduler used in AFL++. It uses a modified Particle Swarm Optimization algorithm to determine an optimal distribution of mutators.
//! See <https://github.com/puppet-meteor/MOpt-AFL> and <https://www.usenix.org/conference/usenixsecurity19/presentation/lyu>
use alloc::{borrow::Cow, string::ToString, vec::Vec}; use alloc::{borrow::Cow, string::ToString, vec::Vec};
use core::{ use core::{
fmt::{self, Debug}, fmt::{self, Debug},
@ -22,7 +23,7 @@ use crate::{
/// A Struct for managing MOpt-mutator parameters. /// A Struct for managing MOpt-mutator parameters.
/// There are 2 modes for `MOpt` scheduler, the core fuzzing mode and the pilot fuzzing mode. /// There are 2 modes for `MOpt` scheduler, the core fuzzing mode and the pilot fuzzing mode.
/// In short, in the pilot fuzzing mode, the fuzzer employs several `swarms` to compute the probability to choose the mutation operator. /// In short, in the pilot fuzzing mode, the fuzzer employs several `swarms` to compute the probability to choose the mutation operator.
/// On the other hand, in the core fuzzing mode, the fuzzer chooses the best `swarms`, which was determined during the pilot fuzzing mode, to compute the probability to choose the operation operator. /// On the other hand, in the core fuzzing mode, the fuzzer chooses the best `swarms`, which was determined during the pilot fuzzing mode, to compute the probability to choose the mutation operator.
/// With the current implementation we are always in the pacemaker fuzzing mode. /// With the current implementation we are always in the pacemaker fuzzing mode.
#[derive(Serialize, Deserialize, Clone)] #[derive(Serialize, Deserialize, Clone)]
#[cfg_attr( #[cfg_attr(

2
libafl/src/mutators/nautilus.rs
View File

@ -1,5 +1,5 @@
//! Mutators for the `Nautilus` grammmar fuzzer //! Mutators for the `Nautilus` grammmar fuzzer
//! See <https://www.ndss-symposium.org/ndss-paper/nautilus-fishing-for-deep-bugs-with-grammars/>
use alloc::borrow::Cow; use alloc::borrow::Cow;
use core::fmt::Debug; use core::fmt::Debug;

2
libafl_bolts/src/cpu.rs
View File

@ -1,4 +1,4 @@
//! Architecture agnostic processor features //! Fast implementations for specific CPU architectures.
#[cfg(any(target_arch = "aarch64", target_arch = "arm"))] #[cfg(any(target_arch = "aarch64", target_arch = "arm"))]
use core::arch::asm; use core::arch::asm;

3
libafl_nyx/README.md
View File

@ -1,4 +1,5 @@
`libafl_nyx` is the `libafl`'s front-end for nyx fuzzer. This crate provides both the standalone mode and parallel mode: `libafl_nyx` is the `libafl`'s front-end for the [nyx fuzzing framework](https://github.com/nyx-fuzz), which facilitates fuzzing in virtual machines such as qemu. This crate provides both the standalone mode and parallel mode:
- In standalone mode, no VM snapshot is serialized and stored in the working directory. That might be useful if you really want to run the fuzzer with only one process (meaning one VM). - In standalone mode, no VM snapshot is serialized and stored in the working directory. That might be useful if you really want to run the fuzzer with only one process (meaning one VM).
- In parallel mode, the first fuzzer process (parent) has to create the VM snapshot while all other child processes will wait for the snapshot files to appear in the working directory. - In parallel mode, the first fuzzer process (parent) has to create the VM snapshot while all other child processes will wait for the snapshot files to appear in the working directory.