SYS-OSS/FRET-LibAFL
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Another attempt to add interesting crashing input on crash (#2391)

Browse Source 
* aa

* why??????????????

* ppp

* aa

* aa

* abcde

* fixer

* ppp

* aa

* fix from windows

* sugar

* ff

* ??

* a

* to log::error

* exclude

* exclude libafl_qemu clippy on windows

* pp

* aa

---------

Co-authored-by: Your Name <you@example.com>
This commit is contained in:
Dongjia "toka" Zhang 2024-07-15 13:58:39 +02:00 committed by GitHub
parent 539ac91ce0
commit 7969e7ae51
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
37 changed files with 336 additions and 260 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
Cargo.toml
View File

@ -4,18 +4,11 @@ members = [
"libafl",
"libafl_bolts",
"libafl_cc",
"libafl_concolic/symcc_runtime",
"libafl_concolic/symcc_libafl",
"libafl_derive",
"libafl_targets",
"libafl_sugar",
"libafl_concolic/test/dump_constraints",
"libafl_concolic/test/runtime_test",
"libafl_derive",
"libafl_frida",
"libafl_libfuzzer",
"libafl_nyx",
"libafl_qemu",
"libafl_sugar",
"libafl_targets",
"libafl_tinyinst",
"utils/build_and_test_fuzzers",
"utils/deexit",
"utils/libafl_benches",
@ -33,14 +26,21 @@ default-members = [
exclude = [
"bindings",
"fuzzers",
"libafl_qemu/libafl_qemu_build",
"libafl_qemu/libafl_qemu_sys",
"utils/noaslr",
"utils/gdb_qemu",
"utils/libafl_fmt",
"utils/desyscall",
"utils/multi_machine_generator",
"scripts",
"libafl_concolic/symcc_runtime",
"libafl_concolic/symcc_libafl",
"libafl_frida",
"libafl_libfuzzer",
"libafl_nyx",
"libafl_qemu",
"libafl_tinyinst",
"libafl_qemu/libafl_qemu_build",
"libafl_qemu/libafl_qemu_sys",
]
[workspace.package]

2
libafl/Cargo.toml
View File

@ -1,6 +1,6 @@
[package]
name = "libafl"
version.workspace = true
version = "0.13.1"
authors = ["Andrea Fioraldi <andreafioraldi@gmail.com>", "Dominik Maier <domenukk@gmail.com>"]
description = "Slot your own fuzzers together and extend their features using Rust"
documentation = "https://docs.rs/libafl"

15
libafl/src/events/centralized.rs
View File

@ -38,7 +38,7 @@ use crate::{
executors::{Executor, HasObservers},
fuzzer::{EvaluatorObservers, ExecutionProcessor},
inputs::{Input, NopInput, UsesInput},
observers::{ObserversTuple, TimeObserver},
observers::{ObserversTuple, TimeObserver, UsesObservers},
state::{HasExecutions, HasLastReportTime, NopState, State, Stoppable, UsesState},
Error, HasMetadata,
};
@ -371,12 +371,13 @@ where
EM: AdaptiveSerializer + EventProcessor<E, Z> + EventFirer + HasEventManagerId,
EMH: EventManagerHooksTuple<EM::State>,
E: HasObservers<State = Self::State> + Executor<Self, Z>,
<E as UsesObservers>::Observers: Serialize,
for<'a> E::Observers: Deserialize<'a>,
S: State,
Self::State: HasExecutions + HasMetadata,
SP: ShMemProvider,
Z: EvaluatorObservers<E::Observers, State = Self::State>
+ ExecutionProcessor<E::Observers, State = Self::State>,
+ ExecutionProcessor<State = Self::State>,
{
fn process(
&mut self,
@ -403,6 +404,7 @@ where
impl<E, EM, EMH, S, SP, Z> EventManager<E, Z> for CentralizedEventManager<EM, EMH, S, SP>
where
E: HasObservers<State = Self::State> + Executor<Self, Z>,
<E as UsesObservers>::Observers: Serialize,
for<'a> E::Observers: Deserialize<'a>,
EM: AdaptiveSerializer + EventManager<E, Z>,
EM::State: HasExecutions + HasMetadata + HasLastReportTime,
@ -410,7 +412,7 @@ where
S: State,
SP: ShMemProvider,
Z: EvaluatorObservers<E::Observers, State = Self::State>
+ ExecutionProcessor<E::Observers, State = Self::State>,
+ ExecutionProcessor<State = Self::State>,
{
}
@ -527,9 +529,10 @@ where
) -> Result<usize, Error>
where
E: Executor<Self, Z> + HasObservers<State = <Self as UsesState>::State>,
<E as UsesObservers>::Observers: Serialize,
<Self as UsesState>::State: UsesInput + HasExecutions + HasMetadata,
for<'a> E::Observers: Deserialize<'a>,
Z: ExecutionProcessor<E::Observers, State = <Self as UsesState>::State>
Z: ExecutionProcessor<State = <Self as UsesState>::State>
+ EvaluatorObservers<E::Observers>,
{
// TODO: Get around local event copy by moving handle_in_client
@ -576,8 +579,8 @@ where
where
E: Executor<Self, Z> + HasObservers<State = <Self as UsesState>::State>,
<Self as UsesState>::State: UsesInput + HasExecutions + HasMetadata,
for<'a> E::Observers: Deserialize<'a>,
Z: ExecutionProcessor<E::Observers, State = <Self as UsesState>::State>
for<'a> E::Observers: Deserialize<'a> + Serialize,
Z: ExecutionProcessor<State = <Self as UsesState>::State>
+ EvaluatorObservers<E::Observers>,
{
log::debug!("handle_in_main!");

26
libafl/src/events/llmp/mgr.rs
View File

@ -39,8 +39,8 @@ use crate::{
executors::{Executor, HasObservers},
fuzzer::{Evaluator, EvaluatorObservers, ExecutionProcessor},
inputs::{NopInput, UsesInput},
observers::{ObserversTuple, TimeObserver},
state::{HasExecutions, HasLastReportTime, NopState, State, UsesState},
observers::{ObserversTuple, TimeObserver, UsesObservers},
state::{HasExecutions, HasImported, HasLastReportTime, NopState, State, UsesState},
Error, HasMetadata,
};
@ -389,7 +389,7 @@ where
impl<EMH, S, SP> LlmpEventManager<EMH, S, SP>
where
EMH: EventManagerHooksTuple<S>,
S: State + HasExecutions + HasMetadata,
S: State + HasExecutions + HasMetadata + HasImported,
SP: ShMemProvider,
{
// Handle arriving events in the client
@ -404,10 +404,9 @@ where
) -> Result<(), Error>
where
E: Executor<Self, Z> + HasObservers<State = S>,
<E as UsesObservers>::Observers: Serialize,
for<'a> E::Observers: Deserialize<'a>,
Z: ExecutionProcessor<E::Observers, State = S>
+ EvaluatorObservers<E::Observers>
+ Evaluator<E, Self>,
Z: ExecutionProcessor<State = S> + EvaluatorObservers<E::Observers> + Evaluator<E, Self>,
{
if !self.hooks.pre_exec_all(state, client_id, &event)? {
return Ok(());
@ -455,6 +454,7 @@ where
)?
};
if let Some(item) = res.1 {
*state.imported_mut() += 1;
log::debug!("Added received Testcase {evt_name} as item #{item}");
} else {
log::debug!("Testcase {evt_name} was discarded");
@ -585,13 +585,12 @@ where
impl<E, EMH, S, SP, Z> EventProcessor<E, Z> for LlmpEventManager<EMH, S, SP>
where
EMH: EventManagerHooksTuple<S>,
S: State + HasExecutions + HasMetadata,
<E as UsesObservers>::Observers: Serialize,
S: State + HasExecutions + HasMetadata + HasImported,
SP: ShMemProvider,
E: HasObservers<State = S> + Executor<Self, Z>,
for<'a> E::Observers: Deserialize<'a>,
Z: ExecutionProcessor<E::Observers, State = S>
+ EvaluatorObservers<E::Observers>
+ Evaluator<E, Self>,
Z: ExecutionProcessor<State = S> + EvaluatorObservers<E::Observers> + Evaluator<E, Self>,
{
fn process(
&mut self,
@ -638,13 +637,12 @@ where
impl<E, EMH, S, SP, Z> EventManager<E, Z> for LlmpEventManager<EMH, S, SP>
where
E: HasObservers<State = S> + Executor<Self, Z>,
<E as UsesObservers>::Observers: Serialize,
for<'a> E::Observers: Deserialize<'a>,
EMH: EventManagerHooksTuple<S>,
S: State + HasExecutions + HasMetadata + HasLastReportTime,
S: State + HasExecutions + HasMetadata + HasLastReportTime + HasImported,
SP: ShMemProvider,
Z: ExecutionProcessor<E::Observers, State = S>
+ EvaluatorObservers<E::Observers>
+ Evaluator<E, Self>,
Z: ExecutionProcessor<State = S> + EvaluatorObservers<E::Observers> + Evaluator<E, Self>,
{
}

4
libafl/src/events/llmp/mod.rs
View File

@ -296,7 +296,7 @@ where
E: Executor<EM, Z> + HasObservers<State = S>,
EM: UsesState<State = S> + EventFirer,
for<'a> E::Observers: Deserialize<'a>,
Z: ExecutionProcessor<E::Observers, State = S> + EvaluatorObservers<E::Observers>,
Z: ExecutionProcessor<State = S> + EvaluatorObservers<E::Observers>,
{
match event {
Event::NewTestcase {
@ -350,7 +350,7 @@ where
E: Executor<EM, Z> + HasObservers<State = S>,
EM: UsesState<State = S> + EventFirer,
for<'a> E::Observers: Deserialize<'a>,
Z: ExecutionProcessor<E::Observers, State = S> + EvaluatorObservers<E::Observers>,
Z: ExecutionProcessor<State = S> + EvaluatorObservers<E::Observers>,
{
// TODO: Get around local event copy by moving handle_in_client
let self_id = self.llmp.sender().id();

14
libafl/src/events/llmp/restarting.rs
View File

@ -49,8 +49,8 @@ use crate::{
fuzzer::{Evaluator, EvaluatorObservers, ExecutionProcessor},
inputs::UsesInput,
monitors::Monitor,
observers::{ObserversTuple, TimeObserver},
state::{HasExecutions, HasLastReportTime, State, UsesState},
observers::{ObserversTuple, TimeObserver, UsesObservers},
state::{HasExecutions, HasImported, HasLastReportTime, State, UsesState},
Error, HasMetadata,
};
@ -205,11 +205,12 @@ where
impl<E, EMH, S, SP, Z> EventProcessor<E, Z> for LlmpRestartingEventManager<EMH, S, SP>
where
E: HasObservers<State = S> + Executor<LlmpEventManager<EMH, S, SP>, Z>,
<E as UsesObservers>::Observers: Serialize,
for<'a> E::Observers: Deserialize<'a>,
EMH: EventManagerHooksTuple<S>,
S: State + HasExecutions + HasMetadata,
S: State + HasExecutions + HasMetadata + HasImported,
SP: ShMemProvider,
Z: ExecutionProcessor<E::Observers, State = S>
Z: ExecutionProcessor<State = S>
+ EvaluatorObservers<E::Observers>
+ Evaluator<E, LlmpEventManager<EMH, S, SP>>,
{
@ -228,11 +229,12 @@ where
impl<E, EMH, S, SP, Z> EventManager<E, Z> for LlmpRestartingEventManager<EMH, S, SP>
where
E: HasObservers<State = S> + Executor<LlmpEventManager<EMH, S, SP>, Z>,
<E as UsesObservers>::Observers: Serialize,
for<'a> E::Observers: Deserialize<'a>,
EMH: EventManagerHooksTuple<S>,
S: State + HasExecutions + HasMetadata + HasLastReportTime,
S: State + HasExecutions + HasMetadata + HasLastReportTime + HasImported,
SP: ShMemProvider,
Z: ExecutionProcessor<E::Observers, State = S>
Z: ExecutionProcessor<State = S>
+ EvaluatorObservers<E::Observers>
+ Evaluator<E, LlmpEventManager<EMH, S, SP>>,
{

35
libafl/src/events/tcp.rs
View File

@ -31,7 +31,7 @@ use libafl_bolts::os::{fork, ForkResult};
use libafl_bolts::{shmem::ShMemProvider, tuples::tuple_list, ClientId};
#[cfg(feature = "std")]
use libafl_bolts::{shmem::StdShMemProvider, staterestore::StateRestorer};
use serde::{de::DeserializeOwned, Deserialize};
use serde::{de::DeserializeOwned, Deserialize, Serialize};
use tokio::{
io::{AsyncReadExt, AsyncWriteExt},
sync::{broadcast, broadcast::error::RecvError, mpsc},
@ -53,7 +53,8 @@ use crate::{
fuzzer::{EvaluatorObservers, ExecutionProcessor},
inputs::{Input, UsesInput},
monitors::Monitor,
state::{HasExecutions, HasLastReportTime, State, UsesState},
observers::UsesObservers,
state::{HasExecutions, HasImported, HasLastReportTime, State, UsesState},
Error, HasMetadata,
};
@ -591,7 +592,7 @@ where
impl<EMH, S> TcpEventManager<EMH, S>
where
EMH: EventManagerHooksTuple<S>,
S: State + HasExecutions + HasMetadata,
S: State + HasExecutions + HasMetadata + HasImported,
{
/// Write the client id for a client [`EventManager`] to env vars
pub fn to_env(&self, env_name: &str) {
@ -610,8 +611,9 @@ where
) -> Result<(), Error>
where
E: Executor<Self, Z> + HasObservers<State = S>,
<E as UsesObservers>::Observers: Serialize,
for<'a> E::Observers: Deserialize<'a>,
Z: ExecutionProcessor<E::Observers, State = S> + EvaluatorObservers<E::Observers>,
Z: ExecutionProcessor<State = S> + EvaluatorObservers<E::Observers>,
{
if !self.hooks.pre_exec_all(state, client_id, &event)? {
return Ok(());
@ -647,6 +649,7 @@ where
)?
};
if let Some(item) = _res.1 {
*state.imported_mut() += 1;
log::info!("Added received Testcase as item #{item}");
}
}
@ -748,10 +751,11 @@ where
impl<E, EMH, S, Z> EventProcessor<E, Z> for TcpEventManager<EMH, S>
where
E: HasObservers<State = S> + Executor<Self, Z>,
<E as UsesObservers>::Observers: Serialize,
for<'a> E::Observers: Deserialize<'a>,
EMH: EventManagerHooksTuple<S>,
S: State + HasExecutions + HasMetadata,
Z: EvaluatorObservers<E::Observers, State = S> + ExecutionProcessor<E::Observers, State = S>,
S: State + HasExecutions + HasMetadata + HasImported,
Z: EvaluatorObservers<E::Observers, State = S> + ExecutionProcessor<State = S>,
{
fn process(
&mut self,
@ -821,10 +825,11 @@ where
impl<E, EMH, S, Z> EventManager<E, Z> for TcpEventManager<EMH, S>
where
E: HasObservers<State = S> + Executor<Self, Z>,
<E as UsesObservers>::Observers: Serialize,
for<'a> E::Observers: Deserialize<'a>,
EMH: EventManagerHooksTuple<S>,
S: State + HasExecutions + HasMetadata + HasLastReportTime,
Z: EvaluatorObservers<E::Observers, State = S> + ExecutionProcessor<E::Observers, State = S>,
S: State + HasExecutions + HasMetadata + HasLastReportTime + HasImported,
Z: EvaluatorObservers<E::Observers, State = S> + ExecutionProcessor<State = S>,
{
}
@ -966,10 +971,11 @@ impl<E, EMH, S, SP, Z> EventProcessor<E, Z> for TcpRestartingEventManager<EMH, S
where
E: HasObservers<State = S> + Executor<TcpEventManager<EMH, S>, Z>,
for<'a> E::Observers: Deserialize<'a>,
<E as UsesObservers>::Observers: Serialize,
EMH: EventManagerHooksTuple<S>,
S: State + HasExecutions + HasMetadata,
S: State + HasExecutions + HasMetadata + HasImported,
SP: ShMemProvider + 'static,
Z: EvaluatorObservers<E::Observers, State = S> + ExecutionProcessor<E::Observers>, //CE: CustomEvent<I>,
Z: EvaluatorObservers<E::Observers, State = S> + ExecutionProcessor, //CE: CustomEvent<I>,
{
fn process(&mut self, fuzzer: &mut Z, state: &mut S, executor: &mut E) -> Result<usize, Error> {
self.tcp_mgr.process(fuzzer, state, executor)
@ -984,11 +990,12 @@ where
impl<E, EMH, S, SP, Z> EventManager<E, Z> for TcpRestartingEventManager<EMH, S, SP>
where
E: HasObservers<State = S> + Executor<TcpEventManager<EMH, S>, Z>,
<E as UsesObservers>::Observers: Serialize,
for<'a> E::Observers: Deserialize<'a>,
EMH: EventManagerHooksTuple<S>,
S: State + HasExecutions + HasMetadata + HasLastReportTime,
S: State + HasExecutions + HasMetadata + HasLastReportTime + HasImported,
SP: ShMemProvider + 'static,
Z: EvaluatorObservers<E::Observers, State = S> + ExecutionProcessor<E::Observers>, //CE: CustomEvent<I>,
Z: EvaluatorObservers<E::Observers, State = S> + ExecutionProcessor, //CE: CustomEvent<I>,
{
}
@ -1084,7 +1091,7 @@ pub fn setup_restarting_mgr_tcp<MT, S>(
>
where
MT: Monitor + Clone,
S: State + HasExecutions + HasMetadata,
S: State + HasExecutions + HasMetadata + HasImported,
{
TcpRestartingMgr::builder()
.shmem_provider(StdShMemProvider::new()?)
@ -1149,7 +1156,7 @@ impl<EMH, MT, S, SP> TcpRestartingMgr<EMH, MT, S, SP>
where
EMH: EventManagerHooksTuple<S> + Copy + Clone,
SP: ShMemProvider,
S: State + HasExecutions + HasMetadata,
S: State + HasExecutions + HasMetadata + HasImported,
MT: Monitor + Clone,
{
/// Launch the restarting manager

5
libafl/src/executors/hooks/inprocess.rs
View File

@ -31,6 +31,7 @@ use crate::{
events::{EventFirer, EventRestarter},
executors::{hooks::ExecutorHook, inprocess::HasInProcessHooks, Executor, HasObservers},
feedbacks::Feedback,
fuzzer::{ExecutionProcessor, HasScheduler},
inputs::UsesInput,
state::{HasCorpus, HasExecutions, HasSolutions},
Error, HasObjective,
@ -235,7 +236,7 @@ where
EM: EventFirer<State = E::State> + EventRestarter<State = E::State>,
OF: Feedback<E::State>,
E::State: HasExecutions + HasSolutions + HasCorpus,
Z: HasObjective<Objective = OF, State = E::State>,
Z: HasObjective<Objective = OF, State = E::State> + HasScheduler + ExecutionProcessor,
{
#[cfg_attr(miri, allow(unused_variables))]
unsafe {
@ -268,7 +269,7 @@ where
EM: EventFirer<State = E::State> + EventRestarter<State = E::State>,
OF: Feedback<E::State>,
E::State: State + HasExecutions + HasSolutions + HasCorpus,
Z: HasObjective<Objective = OF, State = E::State>,
Z: HasObjective<Objective = OF, State = E::State> + HasScheduler + ExecutionProcessor,
{
let ret;
#[cfg(feature = "std")]

9
libafl/src/executors/hooks/unix.rs
View File

@ -17,9 +17,10 @@ pub mod unix_signal_handler {
Executor, ExitKind, HasObservers,
},
feedbacks::Feedback,
fuzzer::HasObjective,
fuzzer::{ExecutionProcessor, HasObjective},
inputs::{Input, UsesInput},
state::{HasCorpus, HasExecutions, HasSolutions},
HasScheduler,
};
pub(crate) type HandlerFuncPtr = unsafe fn(
@ -79,7 +80,7 @@ pub mod unix_signal_handler {
EM: EventFirer<State = E::State> + EventRestarter<State = E::State>,
OF: Feedback<E::State>,
E::State: HasExecutions + HasSolutions + HasCorpus,
Z: HasObjective<Objective = OF, State = E::State>,
Z: HasObjective<Objective = OF, State = E::State> + ExecutionProcessor + HasScheduler,
{
let old_hook = panic::take_hook();
panic::set_hook(Box::new(move |panic_info| unsafe {
@ -126,7 +127,7 @@ pub mod unix_signal_handler {
EM: EventFirer<State = E::State> + EventRestarter<State = E::State>,
OF: Feedback<E::State>,
E::State: HasExecutions + HasSolutions + HasCorpus,
Z: HasObjective<Objective = OF, State = E::State>,
Z: HasObjective<Objective = OF, State = E::State> + ExecutionProcessor + HasScheduler,
{
// this stuff is for batch timeout
if !data.executor_ptr.is_null()
@ -181,7 +182,7 @@ pub mod unix_signal_handler {
EM: EventFirer<State = E::State> + EventRestarter<State = E::State>,
OF: Feedback<E::State>,
E::State: HasExecutions + HasSolutions + HasCorpus,
Z: HasObjective<Objective = OF, State = E::State>,
Z: HasObjective<Objective = OF, State = E::State> + ExecutionProcessor + HasScheduler,
{
#[cfg(all(target_os = "android", target_arch = "aarch64"))]
let _context = _context.map(|p| {

12
libafl/src/executors/hooks/windows.rs
View File

@ -18,7 +18,7 @@ pub mod windows_asan_handler {
ExitKind, HasObservers,
},
feedbacks::Feedback,
fuzzer::HasObjective,
fuzzer::{ExecutionProcessor, HasObjective, HasScheduler},
inputs::UsesInput,
state::{HasCorpus, HasExecutions, HasSolutions},
};
@ -31,7 +31,7 @@ pub mod windows_asan_handler {
EM: EventFirer<State = E::State> + EventRestarter<State = E::State>,
OF: Feedback<E::State>,
E::State: HasExecutions + HasSolutions + HasCorpus,
Z: HasObjective<Objective = OF, State = E::State>,
Z: HasObjective<Objective = OF, State = E::State> + HasScheduler + ExecutionProcessor,
{
let data = addr_of_mut!(GLOBAL_STATE);
(*data).set_in_handler(true);
@ -132,7 +132,7 @@ pub mod windows_exception_handler {
Executor, ExitKind, HasObservers,
},
feedbacks::Feedback,
fuzzer::HasObjective,
fuzzer::{ExecutionProcessor, HasObjective, HasScheduler},
inputs::{Input, UsesInput},
state::{HasCorpus, HasExecutions, HasSolutions, State},
};
@ -179,7 +179,7 @@ pub mod windows_exception_handler {
EM: EventFirer<State = E::State> + EventRestarter<State = E::State>,
OF: Feedback<E::State>,
E::State: HasExecutions + HasSolutions + HasCorpus,
Z: HasObjective<Objective = OF, State = E::State>,
Z: HasObjective<Objective = OF, State = E::State> + HasScheduler + ExecutionProcessor,
{
let old_hook = panic::take_hook();
panic::set_hook(Box::new(move |panic_info| unsafe {
@ -239,7 +239,7 @@ pub mod windows_exception_handler {
EM: EventFirer<State = E::State> + EventRestarter<State = E::State>,
OF: Feedback<E::State>,
E::State: State + HasExecutions + HasSolutions + HasCorpus,
Z: HasObjective<Objective = OF, State = E::State>,
Z: HasObjective<Objective = OF, State = E::State> + HasScheduler + ExecutionProcessor,
{
let data: &mut InProcessExecutorHandlerData =
&mut *(global_state as *mut InProcessExecutorHandlerData);
@ -309,7 +309,7 @@ pub mod windows_exception_handler {
EM: EventFirer<State = E::State> + EventRestarter<State = E::State>,
OF: Feedback<E::State>,
E::State: HasExecutions + HasSolutions + HasCorpus,
Z: HasObjective<Objective = OF, State = E::State>,
Z: HasObjective<Objective = OF, State = E::State> + HasScheduler + ExecutionProcessor,
{
// Have we set a timer_before?
if data.ptp_timer.is_some() {

10
libafl/src/executors/inprocess/inner.rs
View File

@ -26,11 +26,11 @@ use crate::{
Executor, HasObservers,
},
feedbacks::Feedback,
fuzzer::HasObjective,
fuzzer::{HasObjective, HasScheduler},
inputs::UsesInput,
observers::{ObserversTuple, UsesObservers},
state::{HasCorpus, HasExecutions, HasSolutions, State, UsesState},
Error,
Error, ExecutionProcessor,
};
/// The internal state of `GenericInProcessExecutor`.
@ -177,7 +177,7 @@ where
EM: EventFirer<State = S> + EventRestarter,
OF: Feedback<S>,
S: State,
Z: HasObjective<Objective = OF, State = S>,
Z: HasObjective<Objective = OF, State = S> + HasScheduler + ExecutionProcessor,
{
Self::with_timeout_generic::<E, EM, OF, Z>(
user_hooks,
@ -204,7 +204,7 @@ where
EM: EventFirer<State = S> + EventRestarter,
OF: Feedback<S>,
S: State,
Z: HasObjective<Objective = OF, State = S>,
Z: HasObjective<Objective = OF, State = S> + HasScheduler + ExecutionProcessor,
{
let mut me = Self::with_timeout_generic::<E, EM, OF, Z>(
user_hooks, observers, fuzzer, state, event_mgr, exec_tmout,
@ -234,7 +234,7 @@ where
EM: EventFirer<State = S> + EventRestarter,
OF: Feedback<S>,
S: State,
Z: HasObjective<Objective = OF, State = S>,
Z: HasObjective<Objective = OF, State = S> + HasScheduler + ExecutionProcessor,
{
let default = InProcessHooks::new::<E, EM, OF, Z>(timeout)?;
let mut hooks = tuple_list!(default).merge(user_hooks);

107
libafl/src/executors/inprocess/mod.rs
View File

@ -21,8 +21,7 @@ use libafl_bolts::tuples::{tuple_list, RefIndexable};
#[cfg(any(unix, feature = "std"))]
use crate::executors::hooks::inprocess::GLOBAL_STATE;
use crate::{
corpus::{Corpus, Testcase},
events::{Event, EventFirer, EventRestarter},
events::{EventFirer, EventRestarter},
executors::{
hooks::{inprocess::InProcessHooks, ExecutorHooksTuple},
inprocess::inner::GenericInProcessExecutorInner,
@ -32,8 +31,9 @@ use crate::{
fuzzer::HasObjective,
inputs::UsesInput,
observers::{ObserversTuple, UsesObservers},
state::{HasCorpus, HasCurrentTestcase, HasExecutions, HasSolutions, State, UsesState},
Error, HasMetadata,
schedulers::Scheduler,
state::{HasCorpus, HasExecutions, HasSolutions, State, UsesState},
Error, ExecutionProcessor, HasScheduler,
};
/// The inner structure of `InProcessExecutor`.
@ -180,7 +180,7 @@ where
EM: EventFirer<State = S> + EventRestarter,
OF: Feedback<S>,
S: State,
Z: HasObjective<Objective = OF, State = S>,
Z: HasObjective<Objective = OF, State = S> + HasScheduler + ExecutionProcessor,
{
Self::with_timeout_generic(
tuple_list!(),
@ -208,7 +208,7 @@ where
EM: EventFirer<State = S> + EventRestarter,
OF: Feedback<S>,
S: State,
Z: HasObjective<Objective = OF, State = S>,
Z: HasObjective<Objective = OF, State = S> + HasScheduler + ExecutionProcessor,
{
let inner = GenericInProcessExecutorInner::batched_timeout_generic::<Self, EM, OF, Z>(
tuple_list!(),
@ -243,11 +243,11 @@ where
timeout: Duration,
) -> Result<Self, Error>
where
Self: Executor<EM, Z, State = S> + HasObservers,
Self: Executor<EM, Z, State = S>,
EM: EventFirer<State = S> + EventRestarter,
OF: Feedback<S>,
S: State,
Z: HasObjective<Objective = OF, State = S>,
Z: HasObjective<Objective = OF, State = S> + HasScheduler + ExecutionProcessor,
{
let inner = GenericInProcessExecutorInner::with_timeout_generic::<Self, EM, OF, Z>(
tuple_list!(),
@ -284,11 +284,11 @@ where
event_mgr: &mut EM,
) -> Result<Self, Error>
where
Self: Executor<EM, Z, State = S> + HasObservers,
Self: Executor<EM, Z, State = S>,
EM: EventFirer<State = S> + EventRestarter,
OF: Feedback<S>,
S: State,
Z: HasObjective<Objective = OF, State = S>,
Z: HasObjective<Objective = OF, State = S> + HasScheduler + ExecutionProcessor,
{
Self::with_timeout_generic(
user_hooks,
@ -313,11 +313,11 @@ where
exec_tmout: Duration,
) -> Result<Self, Error>
where
Self: Executor<EM, Z, State = S> + HasObservers,
Self: Executor<EM, Z, State = S>,
EM: EventFirer<State = S> + EventRestarter,
OF: Feedback<S>,
S: State,
Z: HasObjective<Objective = OF, State = S>,
Z: HasObjective<Objective = OF, State = S> + HasScheduler + ExecutionProcessor,
{
let inner = GenericInProcessExecutorInner::batched_timeout_generic::<Self, EM, OF, Z>(
user_hooks, observers, fuzzer, state, event_mgr, exec_tmout,
@ -348,11 +348,11 @@ where
timeout: Duration,
) -> Result<Self, Error>
where
Self: Executor<EM, Z, State = S> + HasObservers,
Self: Executor<EM, Z, State = S>,
EM: EventFirer<State = S> + EventRestarter,
OF: Feedback<S>,
S: State,
Z: HasObjective<Objective = OF, State = S>,
Z: HasObjective<Objective = OF, State = S> + HasScheduler + ExecutionProcessor,
{
let inner = GenericInProcessExecutorInner::with_timeout_generic::<Self, EM, OF, Z>(
user_hooks, observers, fuzzer, state, event_mgr, timeout,
@ -431,58 +431,47 @@ pub fn run_observers_and_save_state<E, EM, OF, Z>(
state: &mut E::State,
input: &<E::State as UsesInput>::Input,
fuzzer: &mut Z,
event_mgr: &mut EM,
exitkind: ExitKind,
manager: &mut EM,
exit_kind: ExitKind,
) where
E: HasObservers,
EM: EventFirer<State = E::State> + EventRestarter<State = E::State>,
OF: Feedback<E::State>,
E::State: HasExecutions + HasSolutions + HasCorpus,
Z: HasObjective<Objective = OF, State = E::State>,
Z: HasObjective<Objective = OF, State = E::State>
+ HasScheduler<State = E::State>
+ ExecutionProcessor,
{
let mut observers = executor.observers_mut();
let observers = executor.observers_mut();
let scheduler = fuzzer.scheduler_mut();
observers
.post_exec_all(state, input, &exitkind)
.expect("Observers post_exec_all failed");
let interesting = fuzzer
.objective_mut()
.is_interesting(state, event_mgr, input, &*observers, &exitkind)
.expect("In run_observers_and_save_state objective failure.");
if interesting {
let executions = *state.executions();
let mut new_testcase = Testcase::with_executions(input.clone(), executions);
new_testcase.add_metadata(exitkind);
new_testcase.set_parent_id_optional(*state.corpus().current());
if let Ok(mut tc) = state.current_testcase_mut() {
tc.found_objective();
}
fuzzer
.objective_mut()
.append_metadata(state, event_mgr, &*observers, &mut new_testcase)
.expect("Failed adding metadata");
state
.solutions_mut()
.add(new_testcase)
.expect("In run_observers_and_save_state solutions failure.");
event_mgr
.fire(
state,
Event::Objective {
objective_size: state.solutions().count(),
executions,
time: libafl_bolts::current_time(),
},
)
.expect("Could not save state in run_observers_and_save_state");
if scheduler.on_evaluation(state, input, &*observers).is_err() {
log::error!("Failed to call on_evaluation");
return;
}
let res = fuzzer.check_results(state, manager, input, &*observers, &exit_kind);
if let Ok(exec_res) = res {
if fuzzer
.process_execution(state, manager, input, &exec_res, &*observers)
.is_err()
{
log::error!("Failed to call process_execution");
return;
}
if fuzzer
.dispatch_event(state, manager, input.clone(), &exec_res, None, &exit_kind)
.is_err()
{
log::error!("Failed to dispatch_event");
return;
}
} else {
log::error!("Faild to check execution result");
}
// Serialize the state and wait safely for the broker to read pending messages
event_mgr.on_restart(state).unwrap();
manager.on_restart(state).unwrap();
log::info!("Bye!");
}
@ -499,7 +488,9 @@ where
EM: EventFirer<State = E::State> + EventRestarter<State = E::State>,
OF: Feedback<E::State>,
E::State: HasExecutions + HasSolutions + HasCorpus,
Z: HasObjective<Objective = OF, State = E::State>,
Z: HasObjective<Objective = OF, State = E::State>
+ HasScheduler<State = E::State>
+ ExecutionProcessor,
{
let data = addr_of_mut!(GLOBAL_STATE);
let in_handler = (*data).set_in_handler(true);
@ -556,7 +547,7 @@ mod tests {
let mut mgr = NopEventManager::new();
let mut state =
StdState::new(rand, corpus, solutions, &mut feedback, &mut objective).unwrap();
let mut fuzzer = StdFuzzer::<_, _, _, ()>::new(sche, feedback, objective);
let mut fuzzer = StdFuzzer::<_, _, _>::new(sche, feedback, objective);
let mut in_process_executor = InProcessExecutor::new(
&mut harness,

14
libafl/src/executors/inprocess/stateful.rs
View File

@ -18,7 +18,7 @@ use crate::{
Executor, ExitKind, HasObservers,
},
feedbacks::Feedback,
fuzzer::HasObjective,
fuzzer::{ExecutionProcessor, HasObjective, HasScheduler},
inputs::UsesInput,
observers::{ObserversTuple, UsesObservers},
state::{HasCorpus, HasExecutions, HasSolutions, State, UsesState},
@ -172,7 +172,7 @@ where
EM: EventFirer<State = S> + EventRestarter,
OF: Feedback<S>,
S: State,
Z: HasObjective<Objective = OF, State = S>,
Z: HasObjective<Objective = OF, State = S> + HasScheduler + ExecutionProcessor,
{
Self::with_timeout_generic(
tuple_list!(),
@ -202,7 +202,7 @@ where
EM: EventFirer<State = S> + EventRestarter,
OF: Feedback<S>,
S: State,
Z: HasObjective<Objective = OF, State = S>,
Z: HasObjective<Objective = OF, State = S> + HasScheduler + ExecutionProcessor,
{
let inner = GenericInProcessExecutorInner::batched_timeout_generic::<Self, EM, OF, Z>(
tuple_list!(),
@ -243,7 +243,7 @@ where
EM: EventFirer<State = S> + EventRestarter,
OF: Feedback<S>,
S: State,
Z: HasObjective<Objective = OF, State = S>,
Z: HasObjective<Objective = OF, State = S> + HasScheduler + ExecutionProcessor,
{
let inner = GenericInProcessExecutorInner::with_timeout_generic::<Self, EM, OF, Z>(
tuple_list!(),
@ -304,7 +304,7 @@ where
EM: EventFirer<State = S> + EventRestarter,
OF: Feedback<S>,
S: State,
Z: HasObjective<Objective = OF, State = S>,
Z: HasObjective<Objective = OF, State = S> + HasScheduler + ExecutionProcessor,
{
Self::with_timeout_generic(
user_hooks,
@ -335,7 +335,7 @@ where
EM: EventFirer<State = S> + EventRestarter,
OF: Feedback<S>,
S: State,
Z: HasObjective<Objective = OF, State = S>,
Z: HasObjective<Objective = OF, State = S> + HasScheduler + ExecutionProcessor,
{
let inner = GenericInProcessExecutorInner::batched_timeout_generic::<Self, EM, OF, Z>(
user_hooks, observers, fuzzer, state, event_mgr, exec_tmout,
@ -372,7 +372,7 @@ where
EM: EventFirer<State = S> + EventRestarter,
OF: Feedback<S>,
S: State,
Z: HasObjective<Objective = OF, State = S>,
Z: HasObjective<Objective = OF, State = S> + HasScheduler + ExecutionProcessor,
{
let inner = GenericInProcessExecutorInner::with_timeout_generic::<Self, EM, OF, Z>(
user_hooks, observers, fuzzer, state, event_mgr, timeout,

226
libafl/src/fuzzer/mod.rs
View File

@ -1,7 +1,7 @@
//! The `Fuzzer` is the main struct for a fuzz campaign.
use alloc::string::ToString;
use core::{fmt::Debug, marker::PhantomData, time::Duration};
use alloc::{string::ToString, vec::Vec};
use core::{fmt::Debug, time::Duration};
use libafl_bolts::current_time;
use serde::{de::DeserializeOwned, Serialize};
@ -69,9 +69,9 @@ pub trait HasObjective: UsesState {
}
/// Evaluates if an input is interesting using the feedback
pub trait ExecutionProcessor<OT>: UsesState {
pub trait ExecutionProcessor: UsesState {
/// Check the outcome of the execution, find if it is worth for corpus or objectives
fn check_results<EM>(
fn check_results<EM, OT>(
&mut self,
state: &mut Self::State,
manager: &mut EM,
@ -80,11 +80,25 @@ pub trait ExecutionProcessor<OT>: UsesState {
exit_kind: &ExitKind,
) -> Result<ExecuteInputResult, Error>
where
EM: EventFirer<State = Self::State>;
EM: EventFirer<State = Self::State>,
OT: ObserversTuple<Self::State>;
/// Process `ExecuteInputResult`. Add to corpus, solution or ignore
#[allow(clippy::too_many_arguments)]
fn process_execution<EM>(
fn process_execution<EM, OT>(
&mut self,
state: &mut Self::State,
manager: &mut EM,
input: &<Self::State as UsesInput>::Input,
exec_res: &ExecuteInputResult,
observers: &OT,
) -> Result<Option<CorpusId>, Error>
where
EM: EventFirer<State = Self::State>,
OT: ObserversTuple<Self::State>;
/// serialize and send event via manager
fn serialize_and_dispatch<EM, OT>(
&mut self,
state: &mut Self::State,
manager: &mut EM,
@ -92,13 +106,26 @@ pub trait ExecutionProcessor<OT>: UsesState {
exec_res: &ExecuteInputResult,
observers: &OT,
exit_kind: &ExitKind,
send_events: bool,
) -> Result<Option<CorpusId>, Error>
) -> Result<(), Error>
where
EM: EventFirer<State = Self::State>,
OT: ObserversTuple<Self::State> + Serialize;
/// send event via manager
fn dispatch_event<EM>(
&mut self,
state: &mut Self::State,
manager: &mut EM,
input: <Self::State as UsesInput>::Input,
exec_res: &ExecuteInputResult,
obs_buf: Option<Vec<u8>>,
exit_kind: &ExitKind,
) -> Result<(), Error>
where
EM: EventFirer<State = Self::State>;
/// Evaluate if a set of observation channels has an interesting state
fn evaluate_execution<EM>(
fn evaluate_execution<EM, OT>(
&mut self,
state: &mut Self::State,
manager: &mut EM,
@ -108,7 +135,8 @@ pub trait ExecutionProcessor<OT>: UsesState {
send_events: bool,
) -> Result<(ExecuteInputResult, Option<CorpusId>), Error>
where
EM: EventFirer<State = Self::State>;
EM: EventFirer<State = Self::State>,
OT: ObserversTuple<Self::State> + Serialize;
}
/// Evaluates an input modifying the state of the fuzzer
@ -285,14 +313,13 @@ pub enum ExecuteInputResult {
/// Your default fuzzer instance, for everyday use.
#[derive(Debug)]
pub struct StdFuzzer<CS, F, OF, OT> {
pub struct StdFuzzer<CS, F, OF> {
scheduler: CS,
feedback: F,
objective: OF,
phantom: PhantomData<OT>,
}
impl<CS, F, OF, OT> UsesState for StdFuzzer<CS, F, OF, OT>
impl<CS, F, OF> UsesState for StdFuzzer<CS, F, OF>
where
CS: Scheduler,
CS::State: HasCorpus,
@ -300,7 +327,7 @@ where
type State = CS::State;
}
impl<CS, F, OF, OT> HasScheduler for StdFuzzer<CS, F, OF, OT>
impl<CS, F, OF> HasScheduler for StdFuzzer<CS, F, OF>
where
CS: Scheduler,
CS::State: HasCorpus,
@ -316,7 +343,7 @@ where
}
}
impl<CS, F, OF, OT> HasFeedback for StdFuzzer<CS, F, OF, OT>
impl<CS, F, OF> HasFeedback for StdFuzzer<CS, F, OF>
where
CS: Scheduler,
F: Feedback<Self::State>,
@ -334,7 +361,7 @@ where
}
}
impl<CS, F, OF, OT> HasObjective for StdFuzzer<CS, F, OF, OT>
impl<CS, F, OF> HasObjective for StdFuzzer<CS, F, OF>
where
CS: Scheduler,
F: Feedback<Self::State>,
@ -352,12 +379,11 @@ where
}
}
impl<CS, F, OF, OT> ExecutionProcessor<OT> for StdFuzzer<CS, F, OF, OT>
impl<CS, F, OF> ExecutionProcessor for StdFuzzer<CS, F, OF>
where
CS: Scheduler,
F: Feedback<Self::State>,
OF: Feedback<Self::State>,
OT: ObserversTuple<Self::State> + Serialize + DeserializeOwned,
CS::State: HasCorpus
+ HasSolutions
+ HasExecutions
@ -366,7 +392,7 @@ where
+ HasCurrentTestcase<<Self::State as UsesInput>::Input>
+ HasCurrentCorpusId,
{
fn check_results<EM>(
fn check_results<EM, OT>(
&mut self,
state: &mut Self::State,
manager: &mut EM,
@ -376,6 +402,7 @@ where
) -> Result<ExecuteInputResult, Error>
where
EM: EventFirer<State = Self::State>,
OT: ObserversTuple<Self::State>,
{
let mut res = ExecuteInputResult::None;
@ -409,7 +436,7 @@ where
Ok(res)
}
fn evaluate_execution<EM>(
fn evaluate_execution<EM, OT>(
&mut self,
state: &mut Self::State,
manager: &mut EM,
@ -420,22 +447,17 @@ where
) -> Result<(ExecuteInputResult, Option<CorpusId>), Error>
where
EM: EventFirer<State = Self::State>,
OT: ObserversTuple<Self::State> + Serialize,
{
let exec_res = self.check_results(state, manager, &input, observers, exit_kind)?;
let corpus_id = self.process_execution(
state,
manager,
input,
&exec_res,
observers,
exit_kind,
send_events,
)?;
let corpus_id = self.process_execution(state, manager, &input, &exec_res, observers)?;
if send_events {
self.serialize_and_dispatch(state, manager, input, &exec_res, observers, exit_kind)?;
}
Ok((exec_res, corpus_id))
}
/// Evaluate if a set of observation channels has an interesting state
fn process_execution<EM>(
fn serialize_and_dispatch<EM, OT>(
&mut self,
state: &mut Self::State,
manager: &mut EM,
@ -443,38 +465,48 @@ where
exec_res: &ExecuteInputResult,
observers: &OT,
exit_kind: &ExitKind,
send_events: bool,
) -> Result<Option<CorpusId>, Error>
) -> Result<(), Error>
where
EM: EventFirer<State = Self::State>,
OT: ObserversTuple<Self::State> + Serialize,
{
match exec_res {
ExecuteInputResult::None => {
self.feedback_mut().discard_metadata(state, &input)?;
self.objective_mut().discard_metadata(state, &input)?;
Ok(None)
}
// Now send off the event
let observers_buf = match exec_res {
ExecuteInputResult::Corpus => {
// Not a solution
self.objective_mut().discard_metadata(state, &input)?;
// Add the input to the main corpus
let mut testcase = Testcase::with_executions(input.clone(), *state.executions());
#[cfg(feature = "track_hit_feedbacks")]
self.feedback_mut()
.append_hit_feedbacks(testcase.hit_feedbacks_mut())?;
self.feedback_mut()
.append_metadata(state, manager, observers, &mut testcase)?;
let id = state.corpus_mut().add(testcase)?;
self.scheduler_mut().on_add(state, id)?;
if send_events && manager.should_send() {
if manager.should_send() {
// TODO set None for fast targets
let observers_buf = if manager.configuration() == EventConfig::AlwaysUnique {
if manager.configuration() == EventConfig::AlwaysUnique {
None
} else {
manager.serialize_observers::<OT>(observers)?
};
}
} else {
None
}
}
_ => None,
};
self.dispatch_event(state, manager, input, exec_res, observers_buf, exit_kind)?;
Ok(())
}
fn dispatch_event<EM>(
&mut self,
state: &mut Self::State,
manager: &mut EM,
input: <Self::State as UsesInput>::Input,
exec_res: &ExecuteInputResult,
observers_buf: Option<Vec<u8>>,
exit_kind: &ExitKind,
) -> Result<(), Error>
where
EM: EventFirer<State = Self::State>,
{
// Now send off the event
match exec_res {
ExecuteInputResult::Corpus => {
if manager.should_send() {
manager.fire(
state,
Event::NewTestcase {
@ -490,19 +522,68 @@ where
node_id: None,
},
)?;
} else {
// This testcase is from the other fuzzers.
*state.imported_mut() += 1;
}
}
ExecuteInputResult::Solution => {
if manager.should_send() {
let executions = *state.executions();
manager.fire(
state,
Event::Objective {
objective_size: state.solutions().count(),
executions,
time: current_time(),
},
)?;
}
}
ExecuteInputResult::None => (),
}
Ok(())
}
/// Evaluate if a set of observation channels has an interesting state
fn process_execution<EM, OT>(
&mut self,
state: &mut Self::State,
manager: &mut EM,
input: &<Self::State as UsesInput>::Input,
exec_res: &ExecuteInputResult,
observers: &OT,
) -> Result<Option<CorpusId>, Error>
where
EM: EventFirer<State = Self::State>,
OT: ObserversTuple<Self::State>,
{
match exec_res {
ExecuteInputResult::None => {
self.feedback_mut().discard_metadata(state, input)?;
self.objective_mut().discard_metadata(state, input)?;
Ok(None)
}
ExecuteInputResult::Corpus => {
// Not a solution
self.objective_mut().discard_metadata(state, input)?;
// Add the input to the main corpus
let mut testcase = Testcase::with_executions(input.clone(), *state.executions());
#[cfg(feature = "track_hit_feedbacks")]
self.feedback_mut()
.append_hit_feedbacks(testcase.hit_feedbacks_mut())?;
self.feedback_mut()
.append_metadata(state, manager, observers, &mut testcase)?;
let id = state.corpus_mut().add(testcase)?;
self.scheduler_mut().on_add(state, id)?;
Ok(Some(id))
}
ExecuteInputResult::Solution => {
// Not interesting
self.feedback_mut().discard_metadata(state, &input)?;
self.feedback_mut().discard_metadata(state, input)?;
let executions = *state.executions();
// The input is a solution, add it to the respective corpus
let mut testcase = Testcase::with_executions(input, executions);
let mut testcase = Testcase::with_executions(input.clone(), executions);
testcase.set_parent_id_optional(*state.corpus().current());
if let Ok(mut tc) = state.current_testcase_mut() {
tc.found_objective();
@ -514,24 +595,13 @@ where
.append_metadata(state, manager, observers, &mut testcase)?;
state.solutions_mut().add(testcase)?;
if send_events {
manager.fire(
state,
Event::Objective {
objective_size: state.solutions().count(),
executions,
time: current_time(),
},
)?;
}
Ok(None)
}
}
}
}
impl<CS, F, OF, OT> EvaluatorObservers<OT> for StdFuzzer<CS, F, OF, OT>
impl<CS, F, OF, OT> EvaluatorObservers<OT> for StdFuzzer<CS, F, OF>
where
CS: Scheduler,
OT: ObserversTuple<Self::State> + Serialize + DeserializeOwned,
@ -562,7 +632,7 @@ where
}
}
impl<CS, E, EM, F, OF, OT> Evaluator<E, EM> for StdFuzzer<CS, F, OF, OT>
impl<CS, E, EM, F, OF, OT> Evaluator<E, EM> for StdFuzzer<CS, F, OF>
where
CS: Scheduler,
E: HasObservers<State = Self::State, Observers = OT> + Executor<EM, Self>,
@ -695,7 +765,7 @@ where
}
}
impl<CS, E, EM, F, OF, OT, ST> Fuzzer<E, EM, ST> for StdFuzzer<CS, F, OF, OT>
impl<CS, E, EM, F, OF, ST> Fuzzer<E, EM, ST> for StdFuzzer<CS, F, OF>
where
CS: Scheduler,
E: UsesState<State = Self::State>,
@ -768,7 +838,7 @@ where
}
}
impl<CS, F, OF, OT> StdFuzzer<CS, F, OF, OT>
impl<CS, F, OF> StdFuzzer<CS, F, OF>
where
CS: Scheduler,
F: Feedback<<Self as UsesState>::State>,
@ -781,7 +851,6 @@ where
scheduler,
feedback,
objective,
phantom: PhantomData,
}
}
@ -794,9 +863,8 @@ where
input: &<<Self as UsesState>::State as UsesInput>::Input,
) -> Result<ExitKind, Error>
where
E: Executor<EM, Self> + HasObservers<Observers = OT, State = <Self as UsesState>::State>,
E: Executor<EM, Self> + HasObservers<State = <Self as UsesState>::State>,
EM: UsesState<State = <Self as UsesState>::State>,
OT: ObserversTuple<<Self as UsesState>::State>,
{
start_timer!(state);
executor.observers_mut().pre_exec_all(state, input)?;
@ -832,7 +900,7 @@ where
) -> Result<ExitKind, Error>;
}
impl<CS, E, EM, F, OF, OT> ExecutesInput<E, EM> for StdFuzzer<CS, F, OF, OT>
impl<CS, E, EM, F, OF> ExecutesInput<E, EM> for StdFuzzer<CS, F, OF>
where
CS: Scheduler,
F: Feedback<<Self as UsesState>::State>,

2
libafl/src/stages/mod.rs
View File

@ -448,7 +448,7 @@ where
OT: ObserversTuple<Self::State>,
PS: PushStage<CS, EM, OT, Z>,
Z: ExecutesInput<E, EM, State = Self::State>
+ ExecutionProcessor<OT, State = Self::State>
+ ExecutionProcessor
+ EvaluatorObservers<OT>
+ HasScheduler<Scheduler = CS>,
{

10
libafl/src/stages/push/mod.rs
View File

@ -38,7 +38,7 @@ where
EM: EventFirer<State = CS::State> + EventRestarter + HasEventManagerId,
OT: ObserversTuple<CS::State>,
CS::State: HasRand + HasCorpus,
Z: ExecutionProcessor<OT, State = CS::State>
Z: ExecutionProcessor<State = CS::State>
+ EvaluatorObservers<OT>
+ HasScheduler<Scheduler = CS>,
{
@ -59,7 +59,7 @@ where
EM: EventFirer<State = CS::State> + EventRestarter + HasEventManagerId,
OT: ObserversTuple<CS::State>,
CS::State: HasRand + HasCorpus,
Z: ExecutionProcessor<OT, State = CS::State>
Z: ExecutionProcessor<State = CS::State>
+ EvaluatorObservers<OT>
+ HasScheduler<Scheduler = CS>,
{
@ -84,7 +84,7 @@ where
EM: EventFirer<State = CS::State> + EventRestarter + HasEventManagerId,
OT: ObserversTuple<CS::State>,
CS::State: HasRand + HasCorpus,
Z: ExecutionProcessor<OT, State = CS::State>
Z: ExecutionProcessor<State = CS::State>
+ EvaluatorObservers<OT>
+ HasScheduler<Scheduler = CS>,
{
@ -114,7 +114,7 @@ where
EM: EventFirer<State = CS::State> + EventRestarter + HasEventManagerId,
OT: ObserversTuple<CS::State>,
CS::State: HasRand + HasCorpus,
Z: ExecutionProcessor<OT, State = CS::State>
Z: ExecutionProcessor<State = CS::State>
+ EvaluatorObservers<OT>
+ HasScheduler<Scheduler = CS>,
{
@ -183,7 +183,7 @@ where
CS::State: HasRand + HasExecutions + HasMetadata + HasCorpus + HasLastReportTime,
EM: EventFirer<State = CS::State> + EventRestarter + HasEventManagerId + ProgressReporter,
OT: ObserversTuple<CS::State>,
Z: ExecutionProcessor<OT, State = CS::State>
Z: ExecutionProcessor<State = CS::State>
+ EvaluatorObservers<OT>
+ HasScheduler<Scheduler = CS>,
{

21
libafl/src/stages/push/mutational.rs
View File

@ -8,6 +8,7 @@ use core::{
};
use libafl_bolts::rands::Rand;
use serde::Serialize;
use super::{PushStage, PushStageHelper, PushStageSharedState};
use crate::{
@ -43,9 +44,9 @@ where
CS: Scheduler,
EM: EventFirer<State = CS::State> + EventRestarter + HasEventManagerId,
M: Mutator<CS::Input, CS::State>,
OT: ObserversTuple<CS::State>,
OT: ObserversTuple<CS::State> + Serialize,
CS::State: HasRand + HasCorpus + Clone + Debug,
Z: ExecutionProcessor<OT, State = CS::State>
Z: ExecutionProcessor<State = CS::State>
+ EvaluatorObservers<OT>
+ HasScheduler<Scheduler = CS>,
{
@ -63,9 +64,9 @@ where
CS: Scheduler,
EM: EventFirer<State = CS::State> + EventRestarter + HasEventManagerId,
M: Mutator<CS::Input, CS::State>,
OT: ObserversTuple<CS::State>,
OT: ObserversTuple<CS::State> + Serialize,
CS::State: HasCorpus + HasRand + Clone + Debug,
Z: ExecutionProcessor<OT, State = CS::State>
Z: ExecutionProcessor<State = CS::State>
+ EvaluatorObservers<OT>
+ HasScheduler<Scheduler = CS>,
{
@ -86,10 +87,10 @@ where
CS: Scheduler,
EM: EventFirer<State = CS::State> + EventRestarter + HasEventManagerId + ProgressReporter,
M: Mutator<CS::Input, CS::State>,
OT: ObserversTuple<CS::State>,
OT: ObserversTuple<CS::State> + Serialize,
CS::State:
HasCorpus + HasRand + HasExecutions + HasLastReportTime + HasMetadata + Clone + Debug,
Z: ExecutionProcessor<OT, State = CS::State>
Z: ExecutionProcessor<State = CS::State>
+ EvaluatorObservers<OT>
+ HasScheduler<Scheduler = CS>,
{
@ -197,10 +198,10 @@ where
CS: Scheduler,
EM: EventFirer + EventRestarter + HasEventManagerId + ProgressReporter<State = CS::State>,
M: Mutator<CS::Input, CS::State>,
OT: ObserversTuple<CS::State>,
OT: ObserversTuple<CS::State> + Serialize,
CS::State:
HasCorpus + HasRand + HasExecutions + HasMetadata + HasLastReportTime + Clone + Debug,
Z: ExecutionProcessor<OT, State = CS::State>
Z: ExecutionProcessor<State = CS::State>
+ EvaluatorObservers<OT>
+ HasScheduler<Scheduler = CS>,
{
@ -216,9 +217,9 @@ where
CS: Scheduler,
EM: EventFirer<State = CS::State> + EventRestarter + HasEventManagerId,
M: Mutator<CS::Input, CS::State>,
OT: ObserversTuple<CS::State>,
OT: ObserversTuple<CS::State> + Serialize,
CS::State: HasCorpus + HasRand + Clone + Debug,
Z: ExecutionProcessor<OT, State = CS::State>
Z: ExecutionProcessor<State = CS::State>
+ EvaluatorObservers<OT>
+ HasScheduler<Scheduler = CS>,
{

2
libafl/src/stages/sync.rs
View File

@ -302,7 +302,7 @@ where
SP: ShMemProvider,
E: HasObservers<State = S> + Executor<EM, Z>,
for<'a> E::Observers: Deserialize<'a>,
Z: EvaluatorObservers<E::Observers, State = S> + ExecutionProcessor<E::Observers, State = S>,
Z: EvaluatorObservers<E::Observers, State = S> + ExecutionProcessor<State = S>,
IC: InputConverter<From = S::Input, To = DI>,
ICB: InputConverter<From = DI, To = S::Input>,
DI: Input,

12
libafl/src/stages/tmin.rs
View File

@ -11,6 +11,7 @@ use libafl_bolts::{
tuples::{Handle, Handled, MatchNameRef},
HasLen, Named,
};
use serde::Serialize;
#[cfg(feature = "track_hit_feedbacks")]
use crate::feedbacks::premature_last_result_err;
@ -22,7 +23,7 @@ use crate::{
inputs::UsesInput,
mark_feature_time,
mutators::{MutationResult, Mutator},
observers::{MapObserver, ObserversTuple},
observers::{MapObserver, ObserversTuple, UsesObservers},
schedulers::RemovableScheduler,
stages::{
mutational::{MutatedTransform, MutatedTransformPost},
@ -44,6 +45,7 @@ pub trait TMinMutationalStage<E, EM, F, IP, M, Z>:
Stage<E, EM, Z> + FeedbackFactory<F, E::Observers>
where
E: UsesState<State = Self::State> + HasObservers,
<E as UsesObservers>::Observers: Serialize,
EM: UsesState<State = Self::State> + EventFirer,
F: Feedback<Self::State>,
Self::State: HasMaxSize + HasCorpus + HasSolutions + HasExecutions,
@ -54,7 +56,7 @@ where
+ HasScheduler
+ HasFeedback
+ ExecutesInput<E, EM>
+ ExecutionProcessor<E::Observers>,
+ ExecutionProcessor,
Z::Scheduler: RemovableScheduler<State = Self::State>,
{
/// The mutator registered for this stage
@ -236,9 +238,10 @@ where
impl<E, EM, F, FF, IP, M, Z> Stage<E, EM, Z> for StdTMinMutationalStage<E, EM, F, FF, IP, M, Z>
where
Z: HasScheduler + ExecutionProcessor<E::Observers> + ExecutesInput<E, EM> + HasFeedback,
Z: HasScheduler + ExecutionProcessor + ExecutesInput<E, EM> + HasFeedback,
Z::Scheduler: RemovableScheduler,
E: HasObservers<State = Self::State>,
<E as UsesObservers>::Observers: Serialize,
EM: EventFirer<State = Self::State>,
FF: FeedbackFactory<F, E::Observers>,
F: Feedback<Self::State>,
@ -297,9 +300,10 @@ pub static TMIN_STAGE_NAME: &str = "tmin";
impl<E, EM, F, FF, IP, M, Z> TMinMutationalStage<E, EM, F, IP, M, Z>
for StdTMinMutationalStage<E, EM, F, FF, IP, M, Z>
where
Z: HasScheduler + ExecutionProcessor<E::Observers> + ExecutesInput<E, EM> + HasFeedback,
Z: HasScheduler + ExecutionProcessor + ExecutesInput<E, EM> + HasFeedback,
Z::Scheduler: RemovableScheduler,
E: HasObservers<State = Self::State>,
<E as UsesObservers>::Observers: Serialize,
EM: EventFirer<State = Self::State>,
FF: FeedbackFactory<F, E::Observers>,
F: Feedback<Self::State>,

2
libafl_bolts/Cargo.toml
View File

@ -1,6 +1,6 @@
[package]
name = "libafl_bolts"
version.workspace = true
version = "0.13.1"
authors = ["Andrea Fioraldi <andreafioraldi@gmail.com>", "Dominik Maier <domenukk@gmail.com>"]
description = "Low-level bolts to create fuzzers and so much more"
documentation = "https://docs.rs/libafl"

2
libafl_cc/Cargo.toml
View File

@ -1,6 +1,6 @@
[package]
name = "libafl_cc"
version.workspace = true
version = "0.13.1"
authors = ["Andrea Fioraldi <andreafioraldi@gmail.com>"]
description = "Commodity library to wrap compilers and link LibAFL"
documentation = "https://docs.rs/libafl_cc"

2
libafl_concolic/symcc_libafl/Cargo.toml
View File

@ -1,6 +1,6 @@
[package]
name = "symcc_libafl"
version.workspace = true
version = "0.13.1"
edition = "2021"
authors = ["Julius Hohnerlein <julihoh@users.noreply.github.com>", "Andrea Fioraldi <andreafioraldi@gmail.com>", "Dominik Maier <domenukk@gmail.com>"]
description = "Meta package for symcc_runtime"

2
libafl_concolic/symcc_runtime/Cargo.toml
View File

@ -1,6 +1,6 @@
[package]
name = "symcc_runtime"
version.workspace = true
version = "0.13.1"
edition = "2021"
authors = ["Julius Hohnerlein <julihoh@users.noreply.github.com>", "Andrea Fioraldi <andreafioraldi@gmail.com>", "Dominik Maier <domenukk@gmail.com>"]
description = "Build Concolic Tracing tools based on SymCC in Rust"

2
libafl_derive/Cargo.toml
View File

@ -1,6 +1,6 @@
[package]
name = "libafl_derive"
version.workspace = true
version = "0.13.1"
authors = ["Andrea Fioraldi <andreafioraldi@gmail.com>"]
description = "Derive proc-macro crate for LibAFL"
documentation = "https://docs.rs/libafl_derive"

2
libafl_frida/Cargo.toml
View File

@ -1,6 +1,6 @@
[package]
name = "libafl_frida"
version.workspace = true
version = "0.13.1"
authors = ["s1341 <github@shmarya.net>"]
description = "Frida backend library for LibAFL"
documentation = "https://docs.rs/libafl_frida"

2
libafl_libfuzzer/Cargo.toml
View File

@ -1,6 +1,6 @@
[package]
name = "libafl_libfuzzer"
version.workspace = true
version = "0.13.1"
description = "libFuzzer shim which uses LibAFL with common defaults"
repository = "https://github.com/AFLplusplus/LibAFL/"
readme = "../README.md"

2
libafl_nyx/Cargo.toml
View File

@ -1,6 +1,6 @@
[package]
name = "libafl_nyx"
version.workspace = true
version = "0.13.1"
edition = "2021"
authors = ["syheliel <syheliel@gmail.com>"]
description = "libafl using nyx, only avaliable on linux"

2
libafl_qemu/Cargo.toml
View File

@ -1,6 +1,6 @@
[package]
name = "libafl_qemu"
version.workspace = true
version = "0.13.1"
authors = ["Andrea Fioraldi <andreafioraldi@gmail.com>"]
description = "QEMU user backend library for LibAFL"
documentation = "https://docs.rs/libafl_qemu"

6
libafl_qemu/src/executor/mod.rs
View File

@ -22,7 +22,7 @@ use libafl::{
fuzzer::HasObjective,
observers::{ObserversTuple, UsesObservers},
state::{HasCorpus, HasExecutions, HasSolutions, State, UsesState},
Error,
Error, ExecutionProcessor, HasScheduler,
};
#[cfg(feature = "fork")]
use libafl_bolts::shmem::ShMemProvider;
@ -141,7 +141,7 @@ where
OF: Feedback<S>,
OT: ObserversTuple<S>,
S: State + HasExecutions + HasCorpus + HasSolutions,
Z: HasObjective<Objective = OF, State = S>,
Z: HasObjective<Objective = OF, State = S> + ExecutionProcessor + HasScheduler,
{
#[cfg(emulation_mode = "usermode")]
{
@ -198,7 +198,7 @@ where
EM: EventFirer<State = S> + EventRestarter<State = S>,
OF: Feedback<S>,
S: State + HasExecutions + HasCorpus + HasSolutions,
Z: HasObjective<Objective = OF, State = S>,
Z: HasObjective<Objective = OF, State = S> + HasScheduler + ExecutionProcessor,
{
let mut inner = InProcessExecutor::with_timeout(
harness_fn, observers, fuzzer, state, event_mgr, timeout,

4
libafl_qemu/src/executor/stateful.rs
View File

@ -15,7 +15,7 @@ use libafl::{
fuzzer::HasObjective,
observers::{ObserversTuple, UsesObservers},
state::{HasCorpus, HasExecutions, HasSolutions, State, UsesState},
Error,
Error, ExecutionProcessor, HasScheduler,
};
use libafl_bolts::tuples::RefIndexable;
@ -69,7 +69,7 @@ where
EM: EventFirer<State = S> + EventRestarter<State = S>,
OF: Feedback<S>,
S: State + HasExecutions + HasCorpus + HasSolutions,
Z: HasObjective<Objective = OF, State = S>,
Z: HasObjective<Objective = OF, State = S> + HasScheduler + ExecutionProcessor,
{
let qemu_state = QemuExecutorState::new::<
StatefulInProcessExecutor<'a, H, OT, S, QemuExecutorState<'a, QT, S>>,

2
libafl_sugar/Cargo.toml
View File

@ -1,6 +1,6 @@
[package]
name = "libafl_sugar"
version.workspace = true
version = "0.13.1"
authors = ["Andrea Fioraldi <andreafioraldi@gmail.com>"]
description = "Sugar builders to create common fuzzers with LibAFL"
documentation = "https://docs.rs/libafl_sugar"

2
libafl_targets/Cargo.toml
View File

@ -1,6 +1,6 @@
[package]
name = "libafl_targets"
version.workspace = true
version = "0.13.1"
authors = ["Andrea Fioraldi <andreafioraldi@gmail.com>"]
description = "Common code for target instrumentation that can be used combined with LibAFL"
documentation = "https://docs.rs/libafl_targets"

4
libafl_targets/src/windows_asan.rs
View File

@ -5,7 +5,7 @@ use libafl::{
executors::{hooks::windows::windows_asan_handler::asan_death_handler, Executor, HasObservers},
feedbacks::Feedback,
state::{HasCorpus, HasExecutions, HasSolutions},
HasObjective,
ExecutionProcessor, HasObjective, HasScheduler,
};
/// Asan death callback type
@ -33,7 +33,7 @@ where
EM: EventFirer<State = E::State> + EventRestarter<State = E::State>,
OF: Feedback<E::State>,
E::State: HasSolutions + HasCorpus + HasExecutions,
Z: HasObjective<Objective = OF, State = E::State>,
Z: HasObjective<Objective = OF, State = E::State> + HasScheduler + ExecutionProcessor,
{
__sanitizer_set_death_callback(Some(asan_death_handler::<E, EM, OF, Z>));
}

2
libafl_tinyinst/Cargo.toml
View File

@ -1,6 +1,6 @@
[package]
name = "libafl_tinyinst"
version.workspace = true
version = "0.13.1"
edition = "2021"
authors = ["elbiazo <eric.l.biazo@gmail.com>", "Dongjia Zhang <tokazerkje@outlook.com>"]
repository = "https://github.com/AFLplusplus/LibAFL/"

2
scripts/clippy.ps1
View File

@ -1,4 +1,4 @@
cargo clippy --all --all-features --exclude libafl_nyx --exclude symcc_runtime --exclude runtime_test --exclude libafl_qemu --exclude libafl_libfuzzer --exclude libafl_qemu_sys --no-deps --tests --benches --examples -- `
cargo clippy --all --all-features --exclude libafl_qemu --no-deps --tests --benches --examples -- `
-D clippy::all `
-D clippy::pedantic `
-W clippy::similar_names `

4
scripts/clippy.sh
View File

@ -4,7 +4,7 @@ cd "$SCRIPT_DIR/.." || exit 1
set -e
RUST_BACKTRACE=full cargo +nightly clippy --all --all-features --exclude libafl_nyx --exclude symcc_runtime --exclude runtime_test --no-deps --tests --examples --benches -- -Z macro-backtrace \
RUST_BACKTRACE=full cargo +nightly clippy --all --all-features --no-deps --tests --examples --benches -- -Z macro-backtrace \
-D clippy::all \
-D clippy::pedantic \
-W clippy::similar_names \
@ -21,7 +21,7 @@ RUST_BACKTRACE=full cargo +nightly clippy --all --all-features --exclude libafl_
if [[ "$OSTYPE" == "linux-gnu"* ]]; then
cd libafl_libfuzzer/libafl_libfuzzer_runtime
RUST_BACKTRACE=full cargo +nightly clippy --all --all-features --exclude libafl_nyx --exclude symcc_runtime --exclude runtime_test --no-deps --tests --examples --benches -- -Z macro-backtrace \
RUST_BACKTRACE=full cargo +nightly clippy --all --all-features --no-deps --tests --examples --benches -- -Z macro-backtrace \
-D clippy::all \
-D clippy::pedantic \
-W clippy::similar_names \

2
utils/libafl_benches/Cargo.toml
View File

@ -1,7 +1,7 @@
[package]
authors = ["Andrea Fioraldi <andreafioraldi@gmail.com>", "Dominik Maier <domenukk@gmail.com>"]
name = "libafl_benches"
version.workspace = true
version = "0.13.1"
edition = "2021"
description = "LibAFL Benchmarks"
documentation = "https://docs.rs/libafl"