diff --git a/fuzzers/baby_fuzzer/Cargo.toml b/fuzzers/baby_fuzzer/Cargo.toml index 97fe602b1b..1d8aedf13d 100644 --- a/fuzzers/baby_fuzzer/Cargo.toml +++ b/fuzzers/baby_fuzzer/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "baby_fuzzer" -version = "0.3.1" +version = "0.3.2" authors = ["Andrea Fioraldi ", "Dominik Maier "] edition = "2018" diff --git a/fuzzers/frida_libpng/Cargo.toml b/fuzzers/frida_libpng/Cargo.toml index 61d77a3c58..4ddc29b2a1 100644 --- a/fuzzers/frida_libpng/Cargo.toml +++ b/fuzzers/frida_libpng/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "frida_libpng" -version = "0.3.1" +version = "0.3.2" authors = ["Andrea Fioraldi ", "Dominik Maier "] edition = "2018" build = "build.rs" @@ -21,11 +21,11 @@ num_cpus = "1.0" which = "4.1" [target.'cfg(unix)'.dependencies] -libafl = { path = "../../libafl/", features = [ "std", "llmp_bind_public" ] } #, "llmp_small_maps", "llmp_debug"]} -libafl_frida = { path = "../../libafl_frida" } +libafl = { path = "../../libafl/", features = [ "std", "llmp_compression", "llmp_bind_public" ] } #, "llmp_small_maps", "llmp_debug"]} capstone = "0.8.0" frida-gum = { version = "0.5.1", features = [ "auto-download", "backtrace", "event-sink", "invocation-listener"] } -libafl_targets = { path = "../../libafl_targets", version = "0.1.0" , features = ["value_profile"] } +libafl_frida = { path = "../../libafl_frida", version = "0.3.2" } +libafl_targets = { path = "../../libafl_targets", version = "0.3.2" , features = ["sancov_cmplog"] } lazy_static = "1.4.0" libc = "0.2" libloading = "0.7.0" diff --git a/fuzzers/libfuzzer_libmozjpeg/Cargo.toml b/fuzzers/libfuzzer_libmozjpeg/Cargo.toml index f166ef35fa..6137d50894 100644 --- a/fuzzers/libfuzzer_libmozjpeg/Cargo.toml +++ b/fuzzers/libfuzzer_libmozjpeg/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "libfuzzer_libmozjpeg" -version = "0.3.1" +version = "0.3.2" authors = ["Andrea Fioraldi ", "Dominik Maier "] edition = "2018" diff --git a/fuzzers/libfuzzer_libmozjpeg/src/lib.rs b/fuzzers/libfuzzer_libmozjpeg/src/lib.rs index fb4782cf02..7f68c7ed63 100644 --- a/fuzzers/libfuzzer_libmozjpeg/src/lib.rs +++ b/fuzzers/libfuzzer_libmozjpeg/src/lib.rs @@ -15,6 +15,7 @@ use libafl::{ feedback_or, feedbacks::{CrashFeedback, MapFeedbackState, MaxMapFeedback}, fuzzer::{Fuzzer, StdFuzzer}, + inputs::{BytesInput, HasTargetBytes}, mutators::scheduled::{havoc_mutations, tokens_mutations, StdScheduledMutator}, mutators::token_mutations::Tokens, observers::StdMapObserver, diff --git a/fuzzers/libfuzzer_libpng/Cargo.toml b/fuzzers/libfuzzer_libpng/Cargo.toml index 39252a73a6..5c38cd2133 100644 --- a/fuzzers/libfuzzer_libpng/Cargo.toml +++ b/fuzzers/libfuzzer_libpng/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "libfuzzer_libpng" -version = "0.3.1" +version = "0.3.2" authors = ["Andrea Fioraldi ", "Dominik Maier "] edition = "2018" diff --git a/fuzzers/libfuzzer_libpng/src/lib.rs b/fuzzers/libfuzzer_libpng/src/lib.rs index ca1011ad7d..411768118b 100644 --- a/fuzzers/libfuzzer_libpng/src/lib.rs +++ b/fuzzers/libfuzzer_libpng/src/lib.rs @@ -16,6 +16,7 @@ use libafl::{ feedback_or, feedbacks::{CrashFeedback, MapFeedbackState, MaxMapFeedback, TimeFeedback, TimeoutFeedback}, fuzzer::{Fuzzer, StdFuzzer}, + inputs::{BytesInput, HasTargetBytes}, mutators::scheduled::{havoc_mutations, tokens_mutations, StdScheduledMutator}, mutators::token_mutations::Tokens, observers::{HitcountsMapObserver, StdMapObserver, TimeObserver}, diff --git a/fuzzers/libfuzzer_libpng_launcher/Cargo.toml b/fuzzers/libfuzzer_libpng_launcher/Cargo.toml index 289b80606c..b8466488f2 100644 --- a/fuzzers/libfuzzer_libpng_launcher/Cargo.toml +++ b/fuzzers/libfuzzer_libpng_launcher/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "libfuzzer_libpng_launcher" -version = "0.3.1" +version = "0.3.2" authors = ["Andrea Fioraldi ", "Dominik Maier "] edition = "2018" diff --git a/fuzzers/libfuzzer_libpng_launcher/src/lib.rs b/fuzzers/libfuzzer_libpng_launcher/src/lib.rs index 9384e434da..996ec170bb 100644 --- a/fuzzers/libfuzzer_libpng_launcher/src/lib.rs +++ b/fuzzers/libfuzzer_libpng_launcher/src/lib.rs @@ -24,6 +24,7 @@ use libafl::{ feedback_or, feedbacks::{CrashFeedback, MapFeedbackState, MaxMapFeedback, TimeFeedback, TimeoutFeedback}, fuzzer::{Fuzzer, StdFuzzer}, + inputs::{BytesInput, HasTargetBytes}, mutators::scheduled::{havoc_mutations, tokens_mutations, StdScheduledMutator}, mutators::token_mutations::Tokens, observers::{HitcountsMapObserver, StdMapObserver, TimeObserver}, diff --git a/fuzzers/libfuzzer_reachability/Cargo.toml b/fuzzers/libfuzzer_reachability/Cargo.toml index 044a57420a..c04a484e59 100644 --- a/fuzzers/libfuzzer_reachability/Cargo.toml +++ b/fuzzers/libfuzzer_reachability/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "libfuzzer_reachability" -version = "0.3.1" +version = "0.3.2" authors = ["Andrea Fioraldi ", "Dominik Maier "] edition = "2018" diff --git a/fuzzers/libfuzzer_stb_image/Cargo.toml b/fuzzers/libfuzzer_stb_image/Cargo.toml index 8bdfb95cf8..ea49909a65 100644 --- a/fuzzers/libfuzzer_stb_image/Cargo.toml +++ b/fuzzers/libfuzzer_stb_image/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "libfuzzer_stb_image" -version = "0.3.1" +version = "0.3.2" authors = ["Andrea Fioraldi ", "Dominik Maier "] edition = "2018" build = "build.rs" diff --git a/fuzzers/libfuzzer_stb_image/src/main.rs b/fuzzers/libfuzzer_stb_image/src/main.rs index c3e3d6b88b..5fca306e93 100644 --- a/fuzzers/libfuzzer_stb_image/src/main.rs +++ b/fuzzers/libfuzzer_stb_image/src/main.rs @@ -20,7 +20,7 @@ use libafl::{ observers::{StdMapObserver, TimeObserver}, stages::{StdMutationalStage, TracingStage}, state::{HasCorpus, StdState}, - stats::SimpleStats, + stats::MultiStats, Error, }; diff --git a/libafl/Cargo.toml b/libafl/Cargo.toml index a5d663fe1e..58f57ea890 100644 --- a/libafl/Cargo.toml +++ b/libafl/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "libafl" -version = "0.3.1" +version = "0.3.2" authors = ["Andrea Fioraldi ", "Dominik Maier "] description = "Slot your own fuzzers together and extend their features using Rust" documentation = "https://docs.rs/libafl" @@ -52,7 +52,7 @@ path = "./examples/llmp_test/main.rs" required-features = ["std"] [dependencies] -libafl_derive = { optional = true, path = "../libafl_derive", version = "0.3.1" } +libafl_derive = { optional = true, path = "../libafl_derive", version = "0.3.2" } tuple_list = "0.1.2" hashbrown = { version = "0.9", features = ["serde", "ahash-compile-time-rng"] } # A faster hashmap, nostd compatible num = "0.4.0" diff --git a/libafl/src/events/llmp.rs b/libafl/src/events/llmp.rs index 86ff0c984e..35dc577669 100644 --- a/libafl/src/events/llmp.rs +++ b/libafl/src/events/llmp.rs @@ -170,7 +170,7 @@ where let client = stats.client_stats_mut_for(sender_id); client.update_corpus_size(*corpus_size as u64); client.update_executions(*executions as u64, *time); - stats.display(event.name().to_string() + " #" + &sender_id.to_string()); + stats.display(event.name().to_string(), sender_id); Ok(BrokerEventResult::Forward) } Event::UpdateStats { @@ -181,7 +181,17 @@ where // TODO: The stats buffer should be added on client add. let client = stats.client_stats_mut_for(sender_id); client.update_executions(*executions as u64, *time); - stats.display(event.name().to_string() + " #" + &sender_id.to_string()); + stats.display(event.name().to_string(), sender_id); + Ok(BrokerEventResult::Handled) + } + Event::UpdateUserStats { + name, + value, + phantom: _, + } => { + let client = stats.client_stats_mut_for(sender_id); + client.update_user_stats(name.clone(), value.clone()); + stats.display(event.name().to_string(), sender_id); Ok(BrokerEventResult::Handled) } #[cfg(feature = "introspection")] diff --git a/libafl/src/executors/combined.rs b/libafl/src/executors/combined.rs index 9d208e8bac..a4ae7b3ccb 100644 --- a/libafl/src/executors/combined.rs +++ b/libafl/src/executors/combined.rs @@ -1,42 +1,22 @@ //! A `CombinedExecutor` wraps a primary executor and a secondary one -use core::marker::PhantomData; - use crate::{ - executors::{ - Executor, ExitKind, HasExecHooks, HasExecHooksTuple, HasObservers, HasObserversHooks, - }, + executors::{Executor, ExitKind, HasExecHooksTuple, HasObservers, HasObserversHooks}, inputs::Input, observers::ObserversTuple, Error, }; /// A [`CombinedExecutor`] wraps a primary executor, forwarding its methods, and a secondary one - -pub struct CombinedExecutor -where - A: Executor, - B: Executor, - I: Input, -{ +pub struct CombinedExecutor { primary: A, secondary: B, - phantom: PhantomData, } -impl CombinedExecutor -where - A: Executor, - B: Executor, - I: Input, -{ +impl CombinedExecutor { /// Create a new `CombinedExecutor`, wrapping the given `executor`s. - pub fn new(primary: A, secondary: B) -> Self { - Self { - primary, - secondary, - phantom: PhantomData, - } + pub fn new(primary: A, secondary: B) -> Self { + Self { primary, secondary } } /// Retrieve the primary `Executor` that is wrapped by this `CombinedExecutor`. @@ -50,22 +30,26 @@ where } } -impl Executor for CombinedExecutor +impl Executor for CombinedExecutor where - A: Executor, - B: Executor, + A: Executor, + B: Executor, I: Input, { - fn run_target(&mut self, input: &I) -> Result { - self.primary.run_target(input) + fn run_target( + &mut self, + fuzzer: &mut Z, + state: &mut S, + mgr: &mut EM, + input: &I, + ) -> Result { + self.primary.run_target(fuzzer, state, mgr, input) } } -impl HasObservers for CombinedExecutor +impl HasObservers for CombinedExecutor where - A: Executor + HasObservers, - B: Executor, - I: Input, + A: HasObservers, OT: ObserversTuple, { #[inline] @@ -79,40 +63,10 @@ where } } -impl HasObserversHooks for CombinedExecutor +impl HasObserversHooks for CombinedExecutor where - A: Executor + HasObservers, - B: Executor, + A: HasObservers, I: Input, OT: ObserversTuple + HasExecHooksTuple, { } - -impl HasExecHooks for CombinedExecutor -where - A: Executor + HasExecHooks, - B: Executor, - I: Input, -{ - #[inline] - fn pre_exec( - &mut self, - fuzzer: &mut Z, - state: &mut S, - mgr: &mut EM, - input: &I, - ) -> Result<(), Error> { - self.primary.pre_exec(fuzzer, state, mgr, input) - } - - #[inline] - fn post_exec( - &mut self, - fuzzer: &mut Z, - state: &mut S, - mgr: &mut EM, - input: &I, - ) -> Result<(), Error> { - self.primary.post_exec(fuzzer, state, mgr, input) - } -} diff --git a/libafl/src/executors/mod.rs b/libafl/src/executors/mod.rs index 2b992f74da..25bcaf3c89 100644 --- a/libafl/src/executors/mod.rs +++ b/libafl/src/executors/mod.rs @@ -4,8 +4,6 @@ pub mod inprocess; pub use inprocess::InProcessExecutor; pub mod timeout; pub use timeout::TimeoutExecutor; -pub mod combined; -pub use combined::CombinedExecutor; #[cfg(all(feature = "std", unix))] pub mod forkserver; diff --git a/libafl/src/stages/tracing.rs b/libafl/src/stages/tracing.rs index 0ba71f6259..4e37dce554 100644 --- a/libafl/src/stages/tracing.rs +++ b/libafl/src/stages/tracing.rs @@ -2,7 +2,7 @@ use core::{marker::PhantomData, mem::drop}; use crate::{ corpus::Corpus, - executors::{Executor, HasExecHooks, HasExecHooksTuple, HasObservers, HasObserversHooks}, + executors::{Executor, HasExecHooksTuple, HasObservers, HasObserversHooks}, inputs::Input, mark_feature_time, observers::ObserversTuple, @@ -21,10 +21,7 @@ pub struct TracingStage where I: Input, C: Corpus, - TE: Executor - + HasObservers - + HasExecHooks - + HasObserversHooks, + TE: Executor + HasObservers + HasObserversHooks, OT: ObserversTuple + HasExecHooksTuple, S: HasClientPerfStats + HasExecutions + HasCorpus, { @@ -37,10 +34,7 @@ impl Stage for TracingStage, - TE: Executor - + HasObservers - + HasExecHooks - + HasObserversHooks, + TE: Executor + HasObservers + HasObserversHooks, OT: ObserversTuple + HasExecHooksTuple, S: HasClientPerfStats + HasExecutions + HasCorpus, { @@ -68,19 +62,12 @@ where mark_feature_time!(state, PerfFeature::PreExecObservers); start_timer!(state); - self.tracer_executor - .pre_exec(fuzzer, state, manager, &input)?; - mark_feature_time!(state, PerfFeature::PreExec); - - start_timer!(state); - let _ = self.tracer_executor.run_target(&input)?; + drop( + self.tracer_executor + .run_target(fuzzer, state, manager, &input)?, + ); mark_feature_time!(state, PerfFeature::TargetExecution); - start_timer!(state); - self.tracer_executor - .post_exec(fuzzer, state, manager, &input)?; - mark_feature_time!(state, PerfFeature::PostExec); - *state.executions_mut() += 1; start_timer!(state); @@ -96,10 +83,7 @@ impl TracingStage where I: Input, C: Corpus, - TE: Executor - + HasObservers - + HasExecHooks - + HasObserversHooks, + TE: Executor + HasObservers + HasObserversHooks, OT: ObserversTuple + HasExecHooksTuple, S: HasClientPerfStats + HasExecutions + HasCorpus, { diff --git a/libafl_cc/Cargo.toml b/libafl_cc/Cargo.toml index 9500348ac7..302402bb0f 100644 --- a/libafl_cc/Cargo.toml +++ b/libafl_cc/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "libafl_cc" -version = "0.3.1" +version = "0.3.2" authors = ["Andrea Fioraldi "] description = "Commodity library to wrap compilers and link LibAFL" documentation = "https://docs.rs/libafl_cc" diff --git a/libafl_derive/Cargo.toml b/libafl_derive/Cargo.toml index 878fd34d21..36ef86f99f 100644 --- a/libafl_derive/Cargo.toml +++ b/libafl_derive/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "libafl_derive" -version = "0.3.1" +version = "0.3.2" authors = ["Andrea Fioraldi "] description = "Derive proc-macro crate for LibAFL" documentation = "https://docs.rs/libafl_derive" diff --git a/libafl_frida/Cargo.toml b/libafl_frida/Cargo.toml index d1ad107e1a..82a23a3995 100644 --- a/libafl_frida/Cargo.toml +++ b/libafl_frida/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "libafl_frida" -version = "0.3.1" +version = "0.3.2" authors = ["s1341 "] description = "Frida backend library for LibAFL" documentation = "https://docs.rs/libafl_frida" @@ -15,7 +15,7 @@ cc = { version = "1.0", features = ["parallel"] } [dependencies] libafl = { path = "../libafl", version = "0.3.1", features = ["std", "libafl_derive"] } -libafl_targets = { path = "../libafl_targets", version = "0.3.1", features = ["cmplog"] } +libafl_targets = { path = "../libafl_targets", version = "0.3.2", features = ["sancov_cmplog"] } nix = "0.20.0" libc = "0.2.92" hashbrown = "0.11" diff --git a/libafl_frida/src/helper.rs b/libafl_frida/src/helper.rs index a4406937f5..aa9b2de015 100644 --- a/libafl_frida/src/helper.rs +++ b/libafl_frida/src/helper.rs @@ -83,7 +83,7 @@ pub struct FridaInstrumentationHelper<'a> { transformer: Option>, #[cfg(target_arch = "aarch64")] capstone: Capstone, - asan_runtime: Rc>, + asan_runtime: AsanRuntime, cmplog_runtime: CmpLogRuntime, ranges: RangeMap, options: &'a FridaOptions, diff --git a/libafl_targets/Cargo.toml b/libafl_targets/Cargo.toml index d053891581..c1f4eb9ded 100644 --- a/libafl_targets/Cargo.toml +++ b/libafl_targets/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "libafl_targets" -version = "0.3.1" +version = "0.3.2" authors = ["Andrea Fioraldi "] description = "Common code for target instrumentation that can be used combined with LibAFL" documentation = "https://docs.rs/libafl_targets" @@ -25,6 +25,6 @@ cc = { version = "1.0", features = ["parallel"] } [dependencies] rangemap = "0.1.10" -libafl = { path = "../libafl", version = "0.3", features = [] } +libafl = { path = "../libafl", version = "0.3.2", features = [] } serde = { version = "1.0", default-features = false, features = ["alloc"] } # serialization lib serde-big-array = "0.3.2" diff --git a/scripts/build_all_fuzzers.sh b/scripts/build_all_fuzzers.sh index b070178f53..f96de961e7 100755 --- a/scripts/build_all_fuzzers.sh +++ b/scripts/build_all_fuzzers.sh @@ -11,6 +11,7 @@ do echo "[+] Checking fmt and building $fuzzer" cd $fuzzer \ && cargo fmt --all -- --check \ + && cargo clippy \ && cargo build \ && cd .. \ || exit 1