From 7969e7ae51e4976df7d273826feaf9564347fe28 Mon Sep 17 00:00:00 2001 From: "Dongjia \"toka\" Zhang" Date: Mon, 15 Jul 2024 13:58:39 +0200 Subject: [PATCH] Another attempt to add interesting crashing input on crash (#2391) * aa * why?????????????? * ppp * aa * aa * abcde * fixer * ppp * aa * fix from windows * sugar * ff * ?? * a * to log::error * exclude * exclude libafl_qemu clippy on windows * pp * aa --------- Co-authored-by: Your Name --- Cargo.toml | 24 +-- libafl/Cargo.toml | 2 +- libafl/src/events/centralized.rs | 15 +- libafl/src/events/llmp/mgr.rs | 26 ++- libafl/src/events/llmp/mod.rs | 4 +- libafl/src/events/llmp/restarting.rs | 14 +- libafl/src/events/tcp.rs | 35 ++-- libafl/src/executors/hooks/inprocess.rs | 5 +- libafl/src/executors/hooks/unix.rs | 9 +- libafl/src/executors/hooks/windows.rs | 12 +- libafl/src/executors/inprocess/inner.rs | 10 +- libafl/src/executors/inprocess/mod.rs | 107 +++++----- libafl/src/executors/inprocess/stateful.rs | 14 +- libafl/src/fuzzer/mod.rs | 226 ++++++++++++++------- libafl/src/stages/mod.rs | 2 +- libafl/src/stages/push/mod.rs | 10 +- libafl/src/stages/push/mutational.rs | 21 +- libafl/src/stages/sync.rs | 2 +- libafl/src/stages/tmin.rs | 12 +- libafl_bolts/Cargo.toml | 2 +- libafl_cc/Cargo.toml | 2 +- libafl_concolic/symcc_libafl/Cargo.toml | 2 +- libafl_concolic/symcc_runtime/Cargo.toml | 2 +- libafl_derive/Cargo.toml | 2 +- libafl_frida/Cargo.toml | 2 +- libafl_libfuzzer/Cargo.toml | 2 +- libafl_nyx/Cargo.toml | 2 +- libafl_qemu/Cargo.toml | 2 +- libafl_qemu/src/executor/mod.rs | 6 +- libafl_qemu/src/executor/stateful.rs | 4 +- libafl_sugar/Cargo.toml | 2 +- libafl_targets/Cargo.toml | 2 +- libafl_targets/src/windows_asan.rs | 4 +- libafl_tinyinst/Cargo.toml | 2 +- scripts/clippy.ps1 | 2 +- scripts/clippy.sh | 4 +- utils/libafl_benches/Cargo.toml | 2 +- 37 files changed, 336 insertions(+), 260 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 7fd04f2c42..9b0522510a 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -4,18 +4,11 @@ members = [ "libafl", "libafl_bolts", "libafl_cc", - "libafl_concolic/symcc_runtime", - "libafl_concolic/symcc_libafl", + "libafl_derive", + "libafl_targets", + "libafl_sugar", "libafl_concolic/test/dump_constraints", "libafl_concolic/test/runtime_test", - "libafl_derive", - "libafl_frida", - "libafl_libfuzzer", - "libafl_nyx", - "libafl_qemu", - "libafl_sugar", - "libafl_targets", - "libafl_tinyinst", "utils/build_and_test_fuzzers", "utils/deexit", "utils/libafl_benches", @@ -33,14 +26,21 @@ default-members = [ exclude = [ "bindings", "fuzzers", - "libafl_qemu/libafl_qemu_build", - "libafl_qemu/libafl_qemu_sys", "utils/noaslr", "utils/gdb_qemu", "utils/libafl_fmt", "utils/desyscall", "utils/multi_machine_generator", "scripts", + "libafl_concolic/symcc_runtime", + "libafl_concolic/symcc_libafl", + "libafl_frida", + "libafl_libfuzzer", + "libafl_nyx", + "libafl_qemu", + "libafl_tinyinst", + "libafl_qemu/libafl_qemu_build", + "libafl_qemu/libafl_qemu_sys", ] [workspace.package] diff --git a/libafl/Cargo.toml b/libafl/Cargo.toml index 1e51f9bf1c..f18b5762ba 100644 --- a/libafl/Cargo.toml +++ b/libafl/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "libafl" -version.workspace = true +version = "0.13.1" authors = ["Andrea Fioraldi ", "Dominik Maier "] description = "Slot your own fuzzers together and extend their features using Rust" documentation = "https://docs.rs/libafl" diff --git a/libafl/src/events/centralized.rs b/libafl/src/events/centralized.rs index ec7bfc271f..9c0bf1b93d 100644 --- a/libafl/src/events/centralized.rs +++ b/libafl/src/events/centralized.rs @@ -38,7 +38,7 @@ use crate::{ executors::{Executor, HasObservers}, fuzzer::{EvaluatorObservers, ExecutionProcessor}, inputs::{Input, NopInput, UsesInput}, - observers::{ObserversTuple, TimeObserver}, + observers::{ObserversTuple, TimeObserver, UsesObservers}, state::{HasExecutions, HasLastReportTime, NopState, State, Stoppable, UsesState}, Error, HasMetadata, }; @@ -371,12 +371,13 @@ where EM: AdaptiveSerializer + EventProcessor + EventFirer + HasEventManagerId, EMH: EventManagerHooksTuple, E: HasObservers + Executor, + ::Observers: Serialize, for<'a> E::Observers: Deserialize<'a>, S: State, Self::State: HasExecutions + HasMetadata, SP: ShMemProvider, Z: EvaluatorObservers - + ExecutionProcessor, + + ExecutionProcessor, { fn process( &mut self, @@ -403,6 +404,7 @@ where impl EventManager for CentralizedEventManager where E: HasObservers + Executor, + ::Observers: Serialize, for<'a> E::Observers: Deserialize<'a>, EM: AdaptiveSerializer + EventManager, EM::State: HasExecutions + HasMetadata + HasLastReportTime, @@ -410,7 +412,7 @@ where S: State, SP: ShMemProvider, Z: EvaluatorObservers - + ExecutionProcessor, + + ExecutionProcessor, { } @@ -527,9 +529,10 @@ where ) -> Result where E: Executor + HasObservers::State>, + ::Observers: Serialize, ::State: UsesInput + HasExecutions + HasMetadata, for<'a> E::Observers: Deserialize<'a>, - Z: ExecutionProcessor::State> + Z: ExecutionProcessor::State> + EvaluatorObservers, { // TODO: Get around local event copy by moving handle_in_client @@ -576,8 +579,8 @@ where where E: Executor + HasObservers::State>, ::State: UsesInput + HasExecutions + HasMetadata, - for<'a> E::Observers: Deserialize<'a>, - Z: ExecutionProcessor::State> + for<'a> E::Observers: Deserialize<'a> + Serialize, + Z: ExecutionProcessor::State> + EvaluatorObservers, { log::debug!("handle_in_main!"); diff --git a/libafl/src/events/llmp/mgr.rs b/libafl/src/events/llmp/mgr.rs index 3980d00a57..5591885202 100644 --- a/libafl/src/events/llmp/mgr.rs +++ b/libafl/src/events/llmp/mgr.rs @@ -39,8 +39,8 @@ use crate::{ executors::{Executor, HasObservers}, fuzzer::{Evaluator, EvaluatorObservers, ExecutionProcessor}, inputs::{NopInput, UsesInput}, - observers::{ObserversTuple, TimeObserver}, - state::{HasExecutions, HasLastReportTime, NopState, State, UsesState}, + observers::{ObserversTuple, TimeObserver, UsesObservers}, + state::{HasExecutions, HasImported, HasLastReportTime, NopState, State, UsesState}, Error, HasMetadata, }; @@ -389,7 +389,7 @@ where impl LlmpEventManager where EMH: EventManagerHooksTuple, - S: State + HasExecutions + HasMetadata, + S: State + HasExecutions + HasMetadata + HasImported, SP: ShMemProvider, { // Handle arriving events in the client @@ -404,10 +404,9 @@ where ) -> Result<(), Error> where E: Executor + HasObservers, + ::Observers: Serialize, for<'a> E::Observers: Deserialize<'a>, - Z: ExecutionProcessor - + EvaluatorObservers - + Evaluator, + Z: ExecutionProcessor + EvaluatorObservers + Evaluator, { if !self.hooks.pre_exec_all(state, client_id, &event)? { return Ok(()); @@ -455,6 +454,7 @@ where )? }; if let Some(item) = res.1 { + *state.imported_mut() += 1; log::debug!("Added received Testcase {evt_name} as item #{item}"); } else { log::debug!("Testcase {evt_name} was discarded"); @@ -585,13 +585,12 @@ where impl EventProcessor for LlmpEventManager where EMH: EventManagerHooksTuple, - S: State + HasExecutions + HasMetadata, + ::Observers: Serialize, + S: State + HasExecutions + HasMetadata + HasImported, SP: ShMemProvider, E: HasObservers + Executor, for<'a> E::Observers: Deserialize<'a>, - Z: ExecutionProcessor - + EvaluatorObservers - + Evaluator, + Z: ExecutionProcessor + EvaluatorObservers + Evaluator, { fn process( &mut self, @@ -638,13 +637,12 @@ where impl EventManager for LlmpEventManager where E: HasObservers + Executor, + ::Observers: Serialize, for<'a> E::Observers: Deserialize<'a>, EMH: EventManagerHooksTuple, - S: State + HasExecutions + HasMetadata + HasLastReportTime, + S: State + HasExecutions + HasMetadata + HasLastReportTime + HasImported, SP: ShMemProvider, - Z: ExecutionProcessor - + EvaluatorObservers - + Evaluator, + Z: ExecutionProcessor + EvaluatorObservers + Evaluator, { } diff --git a/libafl/src/events/llmp/mod.rs b/libafl/src/events/llmp/mod.rs index a3550588f6..1440a9134f 100644 --- a/libafl/src/events/llmp/mod.rs +++ b/libafl/src/events/llmp/mod.rs @@ -296,7 +296,7 @@ where E: Executor + HasObservers, EM: UsesState + EventFirer, for<'a> E::Observers: Deserialize<'a>, - Z: ExecutionProcessor + EvaluatorObservers, + Z: ExecutionProcessor + EvaluatorObservers, { match event { Event::NewTestcase { @@ -350,7 +350,7 @@ where E: Executor + HasObservers, EM: UsesState + EventFirer, for<'a> E::Observers: Deserialize<'a>, - Z: ExecutionProcessor + EvaluatorObservers, + Z: ExecutionProcessor + EvaluatorObservers, { // TODO: Get around local event copy by moving handle_in_client let self_id = self.llmp.sender().id(); diff --git a/libafl/src/events/llmp/restarting.rs b/libafl/src/events/llmp/restarting.rs index fd52a5c176..6addd8e6c4 100644 --- a/libafl/src/events/llmp/restarting.rs +++ b/libafl/src/events/llmp/restarting.rs @@ -49,8 +49,8 @@ use crate::{ fuzzer::{Evaluator, EvaluatorObservers, ExecutionProcessor}, inputs::UsesInput, monitors::Monitor, - observers::{ObserversTuple, TimeObserver}, - state::{HasExecutions, HasLastReportTime, State, UsesState}, + observers::{ObserversTuple, TimeObserver, UsesObservers}, + state::{HasExecutions, HasImported, HasLastReportTime, State, UsesState}, Error, HasMetadata, }; @@ -205,11 +205,12 @@ where impl EventProcessor for LlmpRestartingEventManager where E: HasObservers + Executor, Z>, + ::Observers: Serialize, for<'a> E::Observers: Deserialize<'a>, EMH: EventManagerHooksTuple, - S: State + HasExecutions + HasMetadata, + S: State + HasExecutions + HasMetadata + HasImported, SP: ShMemProvider, - Z: ExecutionProcessor + Z: ExecutionProcessor + EvaluatorObservers + Evaluator>, { @@ -228,11 +229,12 @@ where impl EventManager for LlmpRestartingEventManager where E: HasObservers + Executor, Z>, + ::Observers: Serialize, for<'a> E::Observers: Deserialize<'a>, EMH: EventManagerHooksTuple, - S: State + HasExecutions + HasMetadata + HasLastReportTime, + S: State + HasExecutions + HasMetadata + HasLastReportTime + HasImported, SP: ShMemProvider, - Z: ExecutionProcessor + Z: ExecutionProcessor + EvaluatorObservers + Evaluator>, { diff --git a/libafl/src/events/tcp.rs b/libafl/src/events/tcp.rs index fac23b1f07..d65c6cdee1 100644 --- a/libafl/src/events/tcp.rs +++ b/libafl/src/events/tcp.rs @@ -31,7 +31,7 @@ use libafl_bolts::os::{fork, ForkResult}; use libafl_bolts::{shmem::ShMemProvider, tuples::tuple_list, ClientId}; #[cfg(feature = "std")] use libafl_bolts::{shmem::StdShMemProvider, staterestore::StateRestorer}; -use serde::{de::DeserializeOwned, Deserialize}; +use serde::{de::DeserializeOwned, Deserialize, Serialize}; use tokio::{ io::{AsyncReadExt, AsyncWriteExt}, sync::{broadcast, broadcast::error::RecvError, mpsc}, @@ -53,7 +53,8 @@ use crate::{ fuzzer::{EvaluatorObservers, ExecutionProcessor}, inputs::{Input, UsesInput}, monitors::Monitor, - state::{HasExecutions, HasLastReportTime, State, UsesState}, + observers::UsesObservers, + state::{HasExecutions, HasImported, HasLastReportTime, State, UsesState}, Error, HasMetadata, }; @@ -591,7 +592,7 @@ where impl TcpEventManager where EMH: EventManagerHooksTuple, - S: State + HasExecutions + HasMetadata, + S: State + HasExecutions + HasMetadata + HasImported, { /// Write the client id for a client [`EventManager`] to env vars pub fn to_env(&self, env_name: &str) { @@ -610,8 +611,9 @@ where ) -> Result<(), Error> where E: Executor + HasObservers, + ::Observers: Serialize, for<'a> E::Observers: Deserialize<'a>, - Z: ExecutionProcessor + EvaluatorObservers, + Z: ExecutionProcessor + EvaluatorObservers, { if !self.hooks.pre_exec_all(state, client_id, &event)? { return Ok(()); @@ -647,6 +649,7 @@ where )? }; if let Some(item) = _res.1 { + *state.imported_mut() += 1; log::info!("Added received Testcase as item #{item}"); } } @@ -748,10 +751,11 @@ where impl EventProcessor for TcpEventManager where E: HasObservers + Executor, + ::Observers: Serialize, for<'a> E::Observers: Deserialize<'a>, EMH: EventManagerHooksTuple, - S: State + HasExecutions + HasMetadata, - Z: EvaluatorObservers + ExecutionProcessor, + S: State + HasExecutions + HasMetadata + HasImported, + Z: EvaluatorObservers + ExecutionProcessor, { fn process( &mut self, @@ -821,10 +825,11 @@ where impl EventManager for TcpEventManager where E: HasObservers + Executor, + ::Observers: Serialize, for<'a> E::Observers: Deserialize<'a>, EMH: EventManagerHooksTuple, - S: State + HasExecutions + HasMetadata + HasLastReportTime, - Z: EvaluatorObservers + ExecutionProcessor, + S: State + HasExecutions + HasMetadata + HasLastReportTime + HasImported, + Z: EvaluatorObservers + ExecutionProcessor, { } @@ -966,10 +971,11 @@ impl EventProcessor for TcpRestartingEventManager + Executor, Z>, for<'a> E::Observers: Deserialize<'a>, + ::Observers: Serialize, EMH: EventManagerHooksTuple, - S: State + HasExecutions + HasMetadata, + S: State + HasExecutions + HasMetadata + HasImported, SP: ShMemProvider + 'static, - Z: EvaluatorObservers + ExecutionProcessor, //CE: CustomEvent, + Z: EvaluatorObservers + ExecutionProcessor, //CE: CustomEvent, { fn process(&mut self, fuzzer: &mut Z, state: &mut S, executor: &mut E) -> Result { self.tcp_mgr.process(fuzzer, state, executor) @@ -984,11 +990,12 @@ where impl EventManager for TcpRestartingEventManager where E: HasObservers + Executor, Z>, + ::Observers: Serialize, for<'a> E::Observers: Deserialize<'a>, EMH: EventManagerHooksTuple, - S: State + HasExecutions + HasMetadata + HasLastReportTime, + S: State + HasExecutions + HasMetadata + HasLastReportTime + HasImported, SP: ShMemProvider + 'static, - Z: EvaluatorObservers + ExecutionProcessor, //CE: CustomEvent, + Z: EvaluatorObservers + ExecutionProcessor, //CE: CustomEvent, { } @@ -1084,7 +1091,7 @@ pub fn setup_restarting_mgr_tcp( > where MT: Monitor + Clone, - S: State + HasExecutions + HasMetadata, + S: State + HasExecutions + HasMetadata + HasImported, { TcpRestartingMgr::builder() .shmem_provider(StdShMemProvider::new()?) @@ -1149,7 +1156,7 @@ impl TcpRestartingMgr where EMH: EventManagerHooksTuple + Copy + Clone, SP: ShMemProvider, - S: State + HasExecutions + HasMetadata, + S: State + HasExecutions + HasMetadata + HasImported, MT: Monitor + Clone, { /// Launch the restarting manager diff --git a/libafl/src/executors/hooks/inprocess.rs b/libafl/src/executors/hooks/inprocess.rs index 8733c37a36..463e490b70 100644 --- a/libafl/src/executors/hooks/inprocess.rs +++ b/libafl/src/executors/hooks/inprocess.rs @@ -31,6 +31,7 @@ use crate::{ events::{EventFirer, EventRestarter}, executors::{hooks::ExecutorHook, inprocess::HasInProcessHooks, Executor, HasObservers}, feedbacks::Feedback, + fuzzer::{ExecutionProcessor, HasScheduler}, inputs::UsesInput, state::{HasCorpus, HasExecutions, HasSolutions}, Error, HasObjective, @@ -235,7 +236,7 @@ where EM: EventFirer + EventRestarter, OF: Feedback, E::State: HasExecutions + HasSolutions + HasCorpus, - Z: HasObjective, + Z: HasObjective + HasScheduler + ExecutionProcessor, { #[cfg_attr(miri, allow(unused_variables))] unsafe { @@ -268,7 +269,7 @@ where EM: EventFirer + EventRestarter, OF: Feedback, E::State: State + HasExecutions + HasSolutions + HasCorpus, - Z: HasObjective, + Z: HasObjective + HasScheduler + ExecutionProcessor, { let ret; #[cfg(feature = "std")] diff --git a/libafl/src/executors/hooks/unix.rs b/libafl/src/executors/hooks/unix.rs index d9072760fc..f8c6b6512e 100644 --- a/libafl/src/executors/hooks/unix.rs +++ b/libafl/src/executors/hooks/unix.rs @@ -17,9 +17,10 @@ pub mod unix_signal_handler { Executor, ExitKind, HasObservers, }, feedbacks::Feedback, - fuzzer::HasObjective, + fuzzer::{ExecutionProcessor, HasObjective}, inputs::{Input, UsesInput}, state::{HasCorpus, HasExecutions, HasSolutions}, + HasScheduler, }; pub(crate) type HandlerFuncPtr = unsafe fn( @@ -79,7 +80,7 @@ pub mod unix_signal_handler { EM: EventFirer + EventRestarter, OF: Feedback, E::State: HasExecutions + HasSolutions + HasCorpus, - Z: HasObjective, + Z: HasObjective + ExecutionProcessor + HasScheduler, { let old_hook = panic::take_hook(); panic::set_hook(Box::new(move |panic_info| unsafe { @@ -126,7 +127,7 @@ pub mod unix_signal_handler { EM: EventFirer + EventRestarter, OF: Feedback, E::State: HasExecutions + HasSolutions + HasCorpus, - Z: HasObjective, + Z: HasObjective + ExecutionProcessor + HasScheduler, { // this stuff is for batch timeout if !data.executor_ptr.is_null() @@ -181,7 +182,7 @@ pub mod unix_signal_handler { EM: EventFirer + EventRestarter, OF: Feedback, E::State: HasExecutions + HasSolutions + HasCorpus, - Z: HasObjective, + Z: HasObjective + ExecutionProcessor + HasScheduler, { #[cfg(all(target_os = "android", target_arch = "aarch64"))] let _context = _context.map(|p| { diff --git a/libafl/src/executors/hooks/windows.rs b/libafl/src/executors/hooks/windows.rs index 7aae4e50f4..b7590ba5ae 100644 --- a/libafl/src/executors/hooks/windows.rs +++ b/libafl/src/executors/hooks/windows.rs @@ -18,7 +18,7 @@ pub mod windows_asan_handler { ExitKind, HasObservers, }, feedbacks::Feedback, - fuzzer::HasObjective, + fuzzer::{ExecutionProcessor, HasObjective, HasScheduler}, inputs::UsesInput, state::{HasCorpus, HasExecutions, HasSolutions}, }; @@ -31,7 +31,7 @@ pub mod windows_asan_handler { EM: EventFirer + EventRestarter, OF: Feedback, E::State: HasExecutions + HasSolutions + HasCorpus, - Z: HasObjective, + Z: HasObjective + HasScheduler + ExecutionProcessor, { let data = addr_of_mut!(GLOBAL_STATE); (*data).set_in_handler(true); @@ -132,7 +132,7 @@ pub mod windows_exception_handler { Executor, ExitKind, HasObservers, }, feedbacks::Feedback, - fuzzer::HasObjective, + fuzzer::{ExecutionProcessor, HasObjective, HasScheduler}, inputs::{Input, UsesInput}, state::{HasCorpus, HasExecutions, HasSolutions, State}, }; @@ -179,7 +179,7 @@ pub mod windows_exception_handler { EM: EventFirer + EventRestarter, OF: Feedback, E::State: HasExecutions + HasSolutions + HasCorpus, - Z: HasObjective, + Z: HasObjective + HasScheduler + ExecutionProcessor, { let old_hook = panic::take_hook(); panic::set_hook(Box::new(move |panic_info| unsafe { @@ -239,7 +239,7 @@ pub mod windows_exception_handler { EM: EventFirer + EventRestarter, OF: Feedback, E::State: State + HasExecutions + HasSolutions + HasCorpus, - Z: HasObjective, + Z: HasObjective + HasScheduler + ExecutionProcessor, { let data: &mut InProcessExecutorHandlerData = &mut *(global_state as *mut InProcessExecutorHandlerData); @@ -309,7 +309,7 @@ pub mod windows_exception_handler { EM: EventFirer + EventRestarter, OF: Feedback, E::State: HasExecutions + HasSolutions + HasCorpus, - Z: HasObjective, + Z: HasObjective + HasScheduler + ExecutionProcessor, { // Have we set a timer_before? if data.ptp_timer.is_some() { diff --git a/libafl/src/executors/inprocess/inner.rs b/libafl/src/executors/inprocess/inner.rs index e0d850ac93..98bdb4a042 100644 --- a/libafl/src/executors/inprocess/inner.rs +++ b/libafl/src/executors/inprocess/inner.rs @@ -26,11 +26,11 @@ use crate::{ Executor, HasObservers, }, feedbacks::Feedback, - fuzzer::HasObjective, + fuzzer::{HasObjective, HasScheduler}, inputs::UsesInput, observers::{ObserversTuple, UsesObservers}, state::{HasCorpus, HasExecutions, HasSolutions, State, UsesState}, - Error, + Error, ExecutionProcessor, }; /// The internal state of `GenericInProcessExecutor`. @@ -177,7 +177,7 @@ where EM: EventFirer + EventRestarter, OF: Feedback, S: State, - Z: HasObjective, + Z: HasObjective + HasScheduler + ExecutionProcessor, { Self::with_timeout_generic::( user_hooks, @@ -204,7 +204,7 @@ where EM: EventFirer + EventRestarter, OF: Feedback, S: State, - Z: HasObjective, + Z: HasObjective + HasScheduler + ExecutionProcessor, { let mut me = Self::with_timeout_generic::( user_hooks, observers, fuzzer, state, event_mgr, exec_tmout, @@ -234,7 +234,7 @@ where EM: EventFirer + EventRestarter, OF: Feedback, S: State, - Z: HasObjective, + Z: HasObjective + HasScheduler + ExecutionProcessor, { let default = InProcessHooks::new::(timeout)?; let mut hooks = tuple_list!(default).merge(user_hooks); diff --git a/libafl/src/executors/inprocess/mod.rs b/libafl/src/executors/inprocess/mod.rs index 901dd31b56..c555d558df 100644 --- a/libafl/src/executors/inprocess/mod.rs +++ b/libafl/src/executors/inprocess/mod.rs @@ -21,8 +21,7 @@ use libafl_bolts::tuples::{tuple_list, RefIndexable}; #[cfg(any(unix, feature = "std"))] use crate::executors::hooks::inprocess::GLOBAL_STATE; use crate::{ - corpus::{Corpus, Testcase}, - events::{Event, EventFirer, EventRestarter}, + events::{EventFirer, EventRestarter}, executors::{ hooks::{inprocess::InProcessHooks, ExecutorHooksTuple}, inprocess::inner::GenericInProcessExecutorInner, @@ -32,8 +31,9 @@ use crate::{ fuzzer::HasObjective, inputs::UsesInput, observers::{ObserversTuple, UsesObservers}, - state::{HasCorpus, HasCurrentTestcase, HasExecutions, HasSolutions, State, UsesState}, - Error, HasMetadata, + schedulers::Scheduler, + state::{HasCorpus, HasExecutions, HasSolutions, State, UsesState}, + Error, ExecutionProcessor, HasScheduler, }; /// The inner structure of `InProcessExecutor`. @@ -180,7 +180,7 @@ where EM: EventFirer + EventRestarter, OF: Feedback, S: State, - Z: HasObjective, + Z: HasObjective + HasScheduler + ExecutionProcessor, { Self::with_timeout_generic( tuple_list!(), @@ -208,7 +208,7 @@ where EM: EventFirer + EventRestarter, OF: Feedback, S: State, - Z: HasObjective, + Z: HasObjective + HasScheduler + ExecutionProcessor, { let inner = GenericInProcessExecutorInner::batched_timeout_generic::( tuple_list!(), @@ -243,11 +243,11 @@ where timeout: Duration, ) -> Result where - Self: Executor + HasObservers, + Self: Executor, EM: EventFirer + EventRestarter, OF: Feedback, S: State, - Z: HasObjective, + Z: HasObjective + HasScheduler + ExecutionProcessor, { let inner = GenericInProcessExecutorInner::with_timeout_generic::( tuple_list!(), @@ -284,11 +284,11 @@ where event_mgr: &mut EM, ) -> Result where - Self: Executor + HasObservers, + Self: Executor, EM: EventFirer + EventRestarter, OF: Feedback, S: State, - Z: HasObjective, + Z: HasObjective + HasScheduler + ExecutionProcessor, { Self::with_timeout_generic( user_hooks, @@ -313,11 +313,11 @@ where exec_tmout: Duration, ) -> Result where - Self: Executor + HasObservers, + Self: Executor, EM: EventFirer + EventRestarter, OF: Feedback, S: State, - Z: HasObjective, + Z: HasObjective + HasScheduler + ExecutionProcessor, { let inner = GenericInProcessExecutorInner::batched_timeout_generic::( user_hooks, observers, fuzzer, state, event_mgr, exec_tmout, @@ -348,11 +348,11 @@ where timeout: Duration, ) -> Result where - Self: Executor + HasObservers, + Self: Executor, EM: EventFirer + EventRestarter, OF: Feedback, S: State, - Z: HasObjective, + Z: HasObjective + HasScheduler + ExecutionProcessor, { let inner = GenericInProcessExecutorInner::with_timeout_generic::( user_hooks, observers, fuzzer, state, event_mgr, timeout, @@ -431,58 +431,47 @@ pub fn run_observers_and_save_state( state: &mut E::State, input: &::Input, fuzzer: &mut Z, - event_mgr: &mut EM, - exitkind: ExitKind, + manager: &mut EM, + exit_kind: ExitKind, ) where E: HasObservers, EM: EventFirer + EventRestarter, OF: Feedback, E::State: HasExecutions + HasSolutions + HasCorpus, - Z: HasObjective, + Z: HasObjective + + HasScheduler + + ExecutionProcessor, { - let mut observers = executor.observers_mut(); + let observers = executor.observers_mut(); + let scheduler = fuzzer.scheduler_mut(); - observers - .post_exec_all(state, input, &exitkind) - .expect("Observers post_exec_all failed"); - - let interesting = fuzzer - .objective_mut() - .is_interesting(state, event_mgr, input, &*observers, &exitkind) - .expect("In run_observers_and_save_state objective failure."); - - if interesting { - let executions = *state.executions(); - let mut new_testcase = Testcase::with_executions(input.clone(), executions); - new_testcase.add_metadata(exitkind); - new_testcase.set_parent_id_optional(*state.corpus().current()); - - if let Ok(mut tc) = state.current_testcase_mut() { - tc.found_objective(); - } - - fuzzer - .objective_mut() - .append_metadata(state, event_mgr, &*observers, &mut new_testcase) - .expect("Failed adding metadata"); - state - .solutions_mut() - .add(new_testcase) - .expect("In run_observers_and_save_state solutions failure."); - event_mgr - .fire( - state, - Event::Objective { - objective_size: state.solutions().count(), - executions, - time: libafl_bolts::current_time(), - }, - ) - .expect("Could not save state in run_observers_and_save_state"); + if scheduler.on_evaluation(state, input, &*observers).is_err() { + log::error!("Failed to call on_evaluation"); + return; } + let res = fuzzer.check_results(state, manager, input, &*observers, &exit_kind); + if let Ok(exec_res) = res { + if fuzzer + .process_execution(state, manager, input, &exec_res, &*observers) + .is_err() + { + log::error!("Failed to call process_execution"); + return; + } + + if fuzzer + .dispatch_event(state, manager, input.clone(), &exec_res, None, &exit_kind) + .is_err() + { + log::error!("Failed to dispatch_event"); + return; + } + } else { + log::error!("Faild to check execution result"); + } // Serialize the state and wait safely for the broker to read pending messages - event_mgr.on_restart(state).unwrap(); + manager.on_restart(state).unwrap(); log::info!("Bye!"); } @@ -499,7 +488,9 @@ where EM: EventFirer + EventRestarter, OF: Feedback, E::State: HasExecutions + HasSolutions + HasCorpus, - Z: HasObjective, + Z: HasObjective + + HasScheduler + + ExecutionProcessor, { let data = addr_of_mut!(GLOBAL_STATE); let in_handler = (*data).set_in_handler(true); @@ -556,7 +547,7 @@ mod tests { let mut mgr = NopEventManager::new(); let mut state = StdState::new(rand, corpus, solutions, &mut feedback, &mut objective).unwrap(); - let mut fuzzer = StdFuzzer::<_, _, _, ()>::new(sche, feedback, objective); + let mut fuzzer = StdFuzzer::<_, _, _>::new(sche, feedback, objective); let mut in_process_executor = InProcessExecutor::new( &mut harness, diff --git a/libafl/src/executors/inprocess/stateful.rs b/libafl/src/executors/inprocess/stateful.rs index e18ece1351..4cec427e60 100644 --- a/libafl/src/executors/inprocess/stateful.rs +++ b/libafl/src/executors/inprocess/stateful.rs @@ -18,7 +18,7 @@ use crate::{ Executor, ExitKind, HasObservers, }, feedbacks::Feedback, - fuzzer::HasObjective, + fuzzer::{ExecutionProcessor, HasObjective, HasScheduler}, inputs::UsesInput, observers::{ObserversTuple, UsesObservers}, state::{HasCorpus, HasExecutions, HasSolutions, State, UsesState}, @@ -172,7 +172,7 @@ where EM: EventFirer + EventRestarter, OF: Feedback, S: State, - Z: HasObjective, + Z: HasObjective + HasScheduler + ExecutionProcessor, { Self::with_timeout_generic( tuple_list!(), @@ -202,7 +202,7 @@ where EM: EventFirer + EventRestarter, OF: Feedback, S: State, - Z: HasObjective, + Z: HasObjective + HasScheduler + ExecutionProcessor, { let inner = GenericInProcessExecutorInner::batched_timeout_generic::( tuple_list!(), @@ -243,7 +243,7 @@ where EM: EventFirer + EventRestarter, OF: Feedback, S: State, - Z: HasObjective, + Z: HasObjective + HasScheduler + ExecutionProcessor, { let inner = GenericInProcessExecutorInner::with_timeout_generic::( tuple_list!(), @@ -304,7 +304,7 @@ where EM: EventFirer + EventRestarter, OF: Feedback, S: State, - Z: HasObjective, + Z: HasObjective + HasScheduler + ExecutionProcessor, { Self::with_timeout_generic( user_hooks, @@ -335,7 +335,7 @@ where EM: EventFirer + EventRestarter, OF: Feedback, S: State, - Z: HasObjective, + Z: HasObjective + HasScheduler + ExecutionProcessor, { let inner = GenericInProcessExecutorInner::batched_timeout_generic::( user_hooks, observers, fuzzer, state, event_mgr, exec_tmout, @@ -372,7 +372,7 @@ where EM: EventFirer + EventRestarter, OF: Feedback, S: State, - Z: HasObjective, + Z: HasObjective + HasScheduler + ExecutionProcessor, { let inner = GenericInProcessExecutorInner::with_timeout_generic::( user_hooks, observers, fuzzer, state, event_mgr, timeout, diff --git a/libafl/src/fuzzer/mod.rs b/libafl/src/fuzzer/mod.rs index 9ee538ddfd..d0a2f96873 100644 --- a/libafl/src/fuzzer/mod.rs +++ b/libafl/src/fuzzer/mod.rs @@ -1,7 +1,7 @@ //! The `Fuzzer` is the main struct for a fuzz campaign. -use alloc::string::ToString; -use core::{fmt::Debug, marker::PhantomData, time::Duration}; +use alloc::{string::ToString, vec::Vec}; +use core::{fmt::Debug, time::Duration}; use libafl_bolts::current_time; use serde::{de::DeserializeOwned, Serialize}; @@ -69,9 +69,9 @@ pub trait HasObjective: UsesState { } /// Evaluates if an input is interesting using the feedback -pub trait ExecutionProcessor: UsesState { +pub trait ExecutionProcessor: UsesState { /// Check the outcome of the execution, find if it is worth for corpus or objectives - fn check_results( + fn check_results( &mut self, state: &mut Self::State, manager: &mut EM, @@ -80,11 +80,25 @@ pub trait ExecutionProcessor: UsesState { exit_kind: &ExitKind, ) -> Result where - EM: EventFirer; + EM: EventFirer, + OT: ObserversTuple; /// Process `ExecuteInputResult`. Add to corpus, solution or ignore #[allow(clippy::too_many_arguments)] - fn process_execution( + fn process_execution( + &mut self, + state: &mut Self::State, + manager: &mut EM, + input: &::Input, + exec_res: &ExecuteInputResult, + observers: &OT, + ) -> Result, Error> + where + EM: EventFirer, + OT: ObserversTuple; + + /// serialize and send event via manager + fn serialize_and_dispatch( &mut self, state: &mut Self::State, manager: &mut EM, @@ -92,13 +106,26 @@ pub trait ExecutionProcessor: UsesState { exec_res: &ExecuteInputResult, observers: &OT, exit_kind: &ExitKind, - send_events: bool, - ) -> Result, Error> + ) -> Result<(), Error> + where + EM: EventFirer, + OT: ObserversTuple + Serialize; + + /// send event via manager + fn dispatch_event( + &mut self, + state: &mut Self::State, + manager: &mut EM, + input: ::Input, + exec_res: &ExecuteInputResult, + obs_buf: Option>, + exit_kind: &ExitKind, + ) -> Result<(), Error> where EM: EventFirer; /// Evaluate if a set of observation channels has an interesting state - fn evaluate_execution( + fn evaluate_execution( &mut self, state: &mut Self::State, manager: &mut EM, @@ -108,7 +135,8 @@ pub trait ExecutionProcessor: UsesState { send_events: bool, ) -> Result<(ExecuteInputResult, Option), Error> where - EM: EventFirer; + EM: EventFirer, + OT: ObserversTuple + Serialize; } /// Evaluates an input modifying the state of the fuzzer @@ -285,14 +313,13 @@ pub enum ExecuteInputResult { /// Your default fuzzer instance, for everyday use. #[derive(Debug)] -pub struct StdFuzzer { +pub struct StdFuzzer { scheduler: CS, feedback: F, objective: OF, - phantom: PhantomData, } -impl UsesState for StdFuzzer +impl UsesState for StdFuzzer where CS: Scheduler, CS::State: HasCorpus, @@ -300,7 +327,7 @@ where type State = CS::State; } -impl HasScheduler for StdFuzzer +impl HasScheduler for StdFuzzer where CS: Scheduler, CS::State: HasCorpus, @@ -316,7 +343,7 @@ where } } -impl HasFeedback for StdFuzzer +impl HasFeedback for StdFuzzer where CS: Scheduler, F: Feedback, @@ -334,7 +361,7 @@ where } } -impl HasObjective for StdFuzzer +impl HasObjective for StdFuzzer where CS: Scheduler, F: Feedback, @@ -352,12 +379,11 @@ where } } -impl ExecutionProcessor for StdFuzzer +impl ExecutionProcessor for StdFuzzer where CS: Scheduler, F: Feedback, OF: Feedback, - OT: ObserversTuple + Serialize + DeserializeOwned, CS::State: HasCorpus + HasSolutions + HasExecutions @@ -366,7 +392,7 @@ where + HasCurrentTestcase<::Input> + HasCurrentCorpusId, { - fn check_results( + fn check_results( &mut self, state: &mut Self::State, manager: &mut EM, @@ -376,6 +402,7 @@ where ) -> Result where EM: EventFirer, + OT: ObserversTuple, { let mut res = ExecuteInputResult::None; @@ -409,7 +436,7 @@ where Ok(res) } - fn evaluate_execution( + fn evaluate_execution( &mut self, state: &mut Self::State, manager: &mut EM, @@ -420,22 +447,17 @@ where ) -> Result<(ExecuteInputResult, Option), Error> where EM: EventFirer, + OT: ObserversTuple + Serialize, { let exec_res = self.check_results(state, manager, &input, observers, exit_kind)?; - let corpus_id = self.process_execution( - state, - manager, - input, - &exec_res, - observers, - exit_kind, - send_events, - )?; + let corpus_id = self.process_execution(state, manager, &input, &exec_res, observers)?; + if send_events { + self.serialize_and_dispatch(state, manager, input, &exec_res, observers, exit_kind)?; + } Ok((exec_res, corpus_id)) } - /// Evaluate if a set of observation channels has an interesting state - fn process_execution( + fn serialize_and_dispatch( &mut self, state: &mut Self::State, manager: &mut EM, @@ -443,38 +465,48 @@ where exec_res: &ExecuteInputResult, observers: &OT, exit_kind: &ExitKind, - send_events: bool, - ) -> Result, Error> + ) -> Result<(), Error> where EM: EventFirer, + OT: ObserversTuple + Serialize, { - match exec_res { - ExecuteInputResult::None => { - self.feedback_mut().discard_metadata(state, &input)?; - self.objective_mut().discard_metadata(state, &input)?; - Ok(None) - } + // Now send off the event + let observers_buf = match exec_res { ExecuteInputResult::Corpus => { - // Not a solution - self.objective_mut().discard_metadata(state, &input)?; - - // Add the input to the main corpus - let mut testcase = Testcase::with_executions(input.clone(), *state.executions()); - #[cfg(feature = "track_hit_feedbacks")] - self.feedback_mut() - .append_hit_feedbacks(testcase.hit_feedbacks_mut())?; - self.feedback_mut() - .append_metadata(state, manager, observers, &mut testcase)?; - let id = state.corpus_mut().add(testcase)?; - self.scheduler_mut().on_add(state, id)?; - - if send_events && manager.should_send() { + if manager.should_send() { // TODO set None for fast targets - let observers_buf = if manager.configuration() == EventConfig::AlwaysUnique { + if manager.configuration() == EventConfig::AlwaysUnique { None } else { manager.serialize_observers::(observers)? - }; + } + } else { + None + } + } + _ => None, + }; + + self.dispatch_event(state, manager, input, exec_res, observers_buf, exit_kind)?; + Ok(()) + } + + fn dispatch_event( + &mut self, + state: &mut Self::State, + manager: &mut EM, + input: ::Input, + exec_res: &ExecuteInputResult, + observers_buf: Option>, + exit_kind: &ExitKind, + ) -> Result<(), Error> + where + EM: EventFirer, + { + // Now send off the event + match exec_res { + ExecuteInputResult::Corpus => { + if manager.should_send() { manager.fire( state, Event::NewTestcase { @@ -490,19 +522,68 @@ where node_id: None, }, )?; - } else { - // This testcase is from the other fuzzers. - *state.imported_mut() += 1; } + } + ExecuteInputResult::Solution => { + if manager.should_send() { + let executions = *state.executions(); + manager.fire( + state, + Event::Objective { + objective_size: state.solutions().count(), + executions, + time: current_time(), + }, + )?; + } + } + ExecuteInputResult::None => (), + } + Ok(()) + } + + /// Evaluate if a set of observation channels has an interesting state + fn process_execution( + &mut self, + state: &mut Self::State, + manager: &mut EM, + input: &::Input, + exec_res: &ExecuteInputResult, + observers: &OT, + ) -> Result, Error> + where + EM: EventFirer, + OT: ObserversTuple, + { + match exec_res { + ExecuteInputResult::None => { + self.feedback_mut().discard_metadata(state, input)?; + self.objective_mut().discard_metadata(state, input)?; + Ok(None) + } + ExecuteInputResult::Corpus => { + // Not a solution + self.objective_mut().discard_metadata(state, input)?; + + // Add the input to the main corpus + let mut testcase = Testcase::with_executions(input.clone(), *state.executions()); + #[cfg(feature = "track_hit_feedbacks")] + self.feedback_mut() + .append_hit_feedbacks(testcase.hit_feedbacks_mut())?; + self.feedback_mut() + .append_metadata(state, manager, observers, &mut testcase)?; + let id = state.corpus_mut().add(testcase)?; + self.scheduler_mut().on_add(state, id)?; + Ok(Some(id)) } ExecuteInputResult::Solution => { // Not interesting - self.feedback_mut().discard_metadata(state, &input)?; + self.feedback_mut().discard_metadata(state, input)?; let executions = *state.executions(); // The input is a solution, add it to the respective corpus - let mut testcase = Testcase::with_executions(input, executions); + let mut testcase = Testcase::with_executions(input.clone(), executions); testcase.set_parent_id_optional(*state.corpus().current()); if let Ok(mut tc) = state.current_testcase_mut() { tc.found_objective(); @@ -514,24 +595,13 @@ where .append_metadata(state, manager, observers, &mut testcase)?; state.solutions_mut().add(testcase)?; - if send_events { - manager.fire( - state, - Event::Objective { - objective_size: state.solutions().count(), - executions, - time: current_time(), - }, - )?; - } - Ok(None) } } } } -impl EvaluatorObservers for StdFuzzer +impl EvaluatorObservers for StdFuzzer where CS: Scheduler, OT: ObserversTuple + Serialize + DeserializeOwned, @@ -562,7 +632,7 @@ where } } -impl Evaluator for StdFuzzer +impl Evaluator for StdFuzzer where CS: Scheduler, E: HasObservers + Executor, @@ -695,7 +765,7 @@ where } } -impl Fuzzer for StdFuzzer +impl Fuzzer for StdFuzzer where CS: Scheduler, E: UsesState, @@ -768,7 +838,7 @@ where } } -impl StdFuzzer +impl StdFuzzer where CS: Scheduler, F: Feedback<::State>, @@ -781,7 +851,6 @@ where scheduler, feedback, objective, - phantom: PhantomData, } } @@ -794,9 +863,8 @@ where input: &<::State as UsesInput>::Input, ) -> Result where - E: Executor + HasObservers::State>, + E: Executor + HasObservers::State>, EM: UsesState::State>, - OT: ObserversTuple<::State>, { start_timer!(state); executor.observers_mut().pre_exec_all(state, input)?; @@ -832,7 +900,7 @@ where ) -> Result; } -impl ExecutesInput for StdFuzzer +impl ExecutesInput for StdFuzzer where CS: Scheduler, F: Feedback<::State>, diff --git a/libafl/src/stages/mod.rs b/libafl/src/stages/mod.rs index d4e40c97d1..3ca6462865 100644 --- a/libafl/src/stages/mod.rs +++ b/libafl/src/stages/mod.rs @@ -448,7 +448,7 @@ where OT: ObserversTuple, PS: PushStage, Z: ExecutesInput - + ExecutionProcessor + + ExecutionProcessor + EvaluatorObservers + HasScheduler, { diff --git a/libafl/src/stages/push/mod.rs b/libafl/src/stages/push/mod.rs index fa2389b04c..9f880e2989 100644 --- a/libafl/src/stages/push/mod.rs +++ b/libafl/src/stages/push/mod.rs @@ -38,7 +38,7 @@ where EM: EventFirer + EventRestarter + HasEventManagerId, OT: ObserversTuple, CS::State: HasRand + HasCorpus, - Z: ExecutionProcessor + Z: ExecutionProcessor + EvaluatorObservers + HasScheduler, { @@ -59,7 +59,7 @@ where EM: EventFirer + EventRestarter + HasEventManagerId, OT: ObserversTuple, CS::State: HasRand + HasCorpus, - Z: ExecutionProcessor + Z: ExecutionProcessor + EvaluatorObservers + HasScheduler, { @@ -84,7 +84,7 @@ where EM: EventFirer + EventRestarter + HasEventManagerId, OT: ObserversTuple, CS::State: HasRand + HasCorpus, - Z: ExecutionProcessor + Z: ExecutionProcessor + EvaluatorObservers + HasScheduler, { @@ -114,7 +114,7 @@ where EM: EventFirer + EventRestarter + HasEventManagerId, OT: ObserversTuple, CS::State: HasRand + HasCorpus, - Z: ExecutionProcessor + Z: ExecutionProcessor + EvaluatorObservers + HasScheduler, { @@ -183,7 +183,7 @@ where CS::State: HasRand + HasExecutions + HasMetadata + HasCorpus + HasLastReportTime, EM: EventFirer + EventRestarter + HasEventManagerId + ProgressReporter, OT: ObserversTuple, - Z: ExecutionProcessor + Z: ExecutionProcessor + EvaluatorObservers + HasScheduler, { diff --git a/libafl/src/stages/push/mutational.rs b/libafl/src/stages/push/mutational.rs index 9ecfa06f03..40578d52ec 100644 --- a/libafl/src/stages/push/mutational.rs +++ b/libafl/src/stages/push/mutational.rs @@ -8,6 +8,7 @@ use core::{ }; use libafl_bolts::rands::Rand; +use serde::Serialize; use super::{PushStage, PushStageHelper, PushStageSharedState}; use crate::{ @@ -43,9 +44,9 @@ where CS: Scheduler, EM: EventFirer + EventRestarter + HasEventManagerId, M: Mutator, - OT: ObserversTuple, + OT: ObserversTuple + Serialize, CS::State: HasRand + HasCorpus + Clone + Debug, - Z: ExecutionProcessor + Z: ExecutionProcessor + EvaluatorObservers + HasScheduler, { @@ -63,9 +64,9 @@ where CS: Scheduler, EM: EventFirer + EventRestarter + HasEventManagerId, M: Mutator, - OT: ObserversTuple, + OT: ObserversTuple + Serialize, CS::State: HasCorpus + HasRand + Clone + Debug, - Z: ExecutionProcessor + Z: ExecutionProcessor + EvaluatorObservers + HasScheduler, { @@ -86,10 +87,10 @@ where CS: Scheduler, EM: EventFirer + EventRestarter + HasEventManagerId + ProgressReporter, M: Mutator, - OT: ObserversTuple, + OT: ObserversTuple + Serialize, CS::State: HasCorpus + HasRand + HasExecutions + HasLastReportTime + HasMetadata + Clone + Debug, - Z: ExecutionProcessor + Z: ExecutionProcessor + EvaluatorObservers + HasScheduler, { @@ -197,10 +198,10 @@ where CS: Scheduler, EM: EventFirer + EventRestarter + HasEventManagerId + ProgressReporter, M: Mutator, - OT: ObserversTuple, + OT: ObserversTuple + Serialize, CS::State: HasCorpus + HasRand + HasExecutions + HasMetadata + HasLastReportTime + Clone + Debug, - Z: ExecutionProcessor + Z: ExecutionProcessor + EvaluatorObservers + HasScheduler, { @@ -216,9 +217,9 @@ where CS: Scheduler, EM: EventFirer + EventRestarter + HasEventManagerId, M: Mutator, - OT: ObserversTuple, + OT: ObserversTuple + Serialize, CS::State: HasCorpus + HasRand + Clone + Debug, - Z: ExecutionProcessor + Z: ExecutionProcessor + EvaluatorObservers + HasScheduler, { diff --git a/libafl/src/stages/sync.rs b/libafl/src/stages/sync.rs index ada296b456..0210ee107a 100644 --- a/libafl/src/stages/sync.rs +++ b/libafl/src/stages/sync.rs @@ -302,7 +302,7 @@ where SP: ShMemProvider, E: HasObservers + Executor, for<'a> E::Observers: Deserialize<'a>, - Z: EvaluatorObservers + ExecutionProcessor, + Z: EvaluatorObservers + ExecutionProcessor, IC: InputConverter, ICB: InputConverter, DI: Input, diff --git a/libafl/src/stages/tmin.rs b/libafl/src/stages/tmin.rs index 7933196027..f488d9cbad 100644 --- a/libafl/src/stages/tmin.rs +++ b/libafl/src/stages/tmin.rs @@ -11,6 +11,7 @@ use libafl_bolts::{ tuples::{Handle, Handled, MatchNameRef}, HasLen, Named, }; +use serde::Serialize; #[cfg(feature = "track_hit_feedbacks")] use crate::feedbacks::premature_last_result_err; @@ -22,7 +23,7 @@ use crate::{ inputs::UsesInput, mark_feature_time, mutators::{MutationResult, Mutator}, - observers::{MapObserver, ObserversTuple}, + observers::{MapObserver, ObserversTuple, UsesObservers}, schedulers::RemovableScheduler, stages::{ mutational::{MutatedTransform, MutatedTransformPost}, @@ -44,6 +45,7 @@ pub trait TMinMutationalStage: Stage + FeedbackFactory where E: UsesState + HasObservers, + ::Observers: Serialize, EM: UsesState + EventFirer, F: Feedback, Self::State: HasMaxSize + HasCorpus + HasSolutions + HasExecutions, @@ -54,7 +56,7 @@ where + HasScheduler + HasFeedback + ExecutesInput - + ExecutionProcessor, + + ExecutionProcessor, Z::Scheduler: RemovableScheduler, { /// The mutator registered for this stage @@ -236,9 +238,10 @@ where impl Stage for StdTMinMutationalStage where - Z: HasScheduler + ExecutionProcessor + ExecutesInput + HasFeedback, + Z: HasScheduler + ExecutionProcessor + ExecutesInput + HasFeedback, Z::Scheduler: RemovableScheduler, E: HasObservers, + ::Observers: Serialize, EM: EventFirer, FF: FeedbackFactory, F: Feedback, @@ -297,9 +300,10 @@ pub static TMIN_STAGE_NAME: &str = "tmin"; impl TMinMutationalStage for StdTMinMutationalStage where - Z: HasScheduler + ExecutionProcessor + ExecutesInput + HasFeedback, + Z: HasScheduler + ExecutionProcessor + ExecutesInput + HasFeedback, Z::Scheduler: RemovableScheduler, E: HasObservers, + ::Observers: Serialize, EM: EventFirer, FF: FeedbackFactory, F: Feedback, diff --git a/libafl_bolts/Cargo.toml b/libafl_bolts/Cargo.toml index a67cd9f648..704e4184cf 100644 --- a/libafl_bolts/Cargo.toml +++ b/libafl_bolts/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "libafl_bolts" -version.workspace = true +version = "0.13.1" authors = ["Andrea Fioraldi ", "Dominik Maier "] description = "Low-level bolts to create fuzzers and so much more" documentation = "https://docs.rs/libafl" diff --git a/libafl_cc/Cargo.toml b/libafl_cc/Cargo.toml index 47cd4c496e..4830d8fddb 100644 --- a/libafl_cc/Cargo.toml +++ b/libafl_cc/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "libafl_cc" -version.workspace = true +version = "0.13.1" authors = ["Andrea Fioraldi "] description = "Commodity library to wrap compilers and link LibAFL" documentation = "https://docs.rs/libafl_cc" diff --git a/libafl_concolic/symcc_libafl/Cargo.toml b/libafl_concolic/symcc_libafl/Cargo.toml index 4fed903701..72ab461d6a 100644 --- a/libafl_concolic/symcc_libafl/Cargo.toml +++ b/libafl_concolic/symcc_libafl/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "symcc_libafl" -version.workspace = true +version = "0.13.1" edition = "2021" authors = ["Julius Hohnerlein ", "Andrea Fioraldi ", "Dominik Maier "] description = "Meta package for symcc_runtime" diff --git a/libafl_concolic/symcc_runtime/Cargo.toml b/libafl_concolic/symcc_runtime/Cargo.toml index 20afdf234f..1847d5bbac 100644 --- a/libafl_concolic/symcc_runtime/Cargo.toml +++ b/libafl_concolic/symcc_runtime/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "symcc_runtime" -version.workspace = true +version = "0.13.1" edition = "2021" authors = ["Julius Hohnerlein ", "Andrea Fioraldi ", "Dominik Maier "] description = "Build Concolic Tracing tools based on SymCC in Rust" diff --git a/libafl_derive/Cargo.toml b/libafl_derive/Cargo.toml index 0494221603..e3bf529f06 100644 --- a/libafl_derive/Cargo.toml +++ b/libafl_derive/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "libafl_derive" -version.workspace = true +version = "0.13.1" authors = ["Andrea Fioraldi "] description = "Derive proc-macro crate for LibAFL" documentation = "https://docs.rs/libafl_derive" diff --git a/libafl_frida/Cargo.toml b/libafl_frida/Cargo.toml index 2cf1a8541d..310dae3262 100644 --- a/libafl_frida/Cargo.toml +++ b/libafl_frida/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "libafl_frida" -version.workspace = true +version = "0.13.1" authors = ["s1341 "] description = "Frida backend library for LibAFL" documentation = "https://docs.rs/libafl_frida" diff --git a/libafl_libfuzzer/Cargo.toml b/libafl_libfuzzer/Cargo.toml index 30719c7be8..71c1595ca5 100644 --- a/libafl_libfuzzer/Cargo.toml +++ b/libafl_libfuzzer/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "libafl_libfuzzer" -version.workspace = true +version = "0.13.1" description = "libFuzzer shim which uses LibAFL with common defaults" repository = "https://github.com/AFLplusplus/LibAFL/" readme = "../README.md" diff --git a/libafl_nyx/Cargo.toml b/libafl_nyx/Cargo.toml index 3ffb57ca81..d508f6ec12 100644 --- a/libafl_nyx/Cargo.toml +++ b/libafl_nyx/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "libafl_nyx" -version.workspace = true +version = "0.13.1" edition = "2021" authors = ["syheliel "] description = "libafl using nyx, only avaliable on linux" diff --git a/libafl_qemu/Cargo.toml b/libafl_qemu/Cargo.toml index d0f8f32acd..a3d24c0bbe 100644 --- a/libafl_qemu/Cargo.toml +++ b/libafl_qemu/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "libafl_qemu" -version.workspace = true +version = "0.13.1" authors = ["Andrea Fioraldi "] description = "QEMU user backend library for LibAFL" documentation = "https://docs.rs/libafl_qemu" diff --git a/libafl_qemu/src/executor/mod.rs b/libafl_qemu/src/executor/mod.rs index 2df48fa062..b172bc8731 100644 --- a/libafl_qemu/src/executor/mod.rs +++ b/libafl_qemu/src/executor/mod.rs @@ -22,7 +22,7 @@ use libafl::{ fuzzer::HasObjective, observers::{ObserversTuple, UsesObservers}, state::{HasCorpus, HasExecutions, HasSolutions, State, UsesState}, - Error, + Error, ExecutionProcessor, HasScheduler, }; #[cfg(feature = "fork")] use libafl_bolts::shmem::ShMemProvider; @@ -141,7 +141,7 @@ where OF: Feedback, OT: ObserversTuple, S: State + HasExecutions + HasCorpus + HasSolutions, - Z: HasObjective, + Z: HasObjective + ExecutionProcessor + HasScheduler, { #[cfg(emulation_mode = "usermode")] { @@ -198,7 +198,7 @@ where EM: EventFirer + EventRestarter, OF: Feedback, S: State + HasExecutions + HasCorpus + HasSolutions, - Z: HasObjective, + Z: HasObjective + HasScheduler + ExecutionProcessor, { let mut inner = InProcessExecutor::with_timeout( harness_fn, observers, fuzzer, state, event_mgr, timeout, diff --git a/libafl_qemu/src/executor/stateful.rs b/libafl_qemu/src/executor/stateful.rs index 145bb38576..49d74889e5 100644 --- a/libafl_qemu/src/executor/stateful.rs +++ b/libafl_qemu/src/executor/stateful.rs @@ -15,7 +15,7 @@ use libafl::{ fuzzer::HasObjective, observers::{ObserversTuple, UsesObservers}, state::{HasCorpus, HasExecutions, HasSolutions, State, UsesState}, - Error, + Error, ExecutionProcessor, HasScheduler, }; use libafl_bolts::tuples::RefIndexable; @@ -69,7 +69,7 @@ where EM: EventFirer + EventRestarter, OF: Feedback, S: State + HasExecutions + HasCorpus + HasSolutions, - Z: HasObjective, + Z: HasObjective + HasScheduler + ExecutionProcessor, { let qemu_state = QemuExecutorState::new::< StatefulInProcessExecutor<'a, H, OT, S, QemuExecutorState<'a, QT, S>>, diff --git a/libafl_sugar/Cargo.toml b/libafl_sugar/Cargo.toml index a2b0ab23c4..f399fe743d 100644 --- a/libafl_sugar/Cargo.toml +++ b/libafl_sugar/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "libafl_sugar" -version.workspace = true +version = "0.13.1" authors = ["Andrea Fioraldi "] description = "Sugar builders to create common fuzzers with LibAFL" documentation = "https://docs.rs/libafl_sugar" diff --git a/libafl_targets/Cargo.toml b/libafl_targets/Cargo.toml index a70fe523e0..f69072d6cc 100644 --- a/libafl_targets/Cargo.toml +++ b/libafl_targets/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "libafl_targets" -version.workspace = true +version = "0.13.1" authors = ["Andrea Fioraldi "] description = "Common code for target instrumentation that can be used combined with LibAFL" documentation = "https://docs.rs/libafl_targets" diff --git a/libafl_targets/src/windows_asan.rs b/libafl_targets/src/windows_asan.rs index 28244d9b89..1c2230e2b7 100644 --- a/libafl_targets/src/windows_asan.rs +++ b/libafl_targets/src/windows_asan.rs @@ -5,7 +5,7 @@ use libafl::{ executors::{hooks::windows::windows_asan_handler::asan_death_handler, Executor, HasObservers}, feedbacks::Feedback, state::{HasCorpus, HasExecutions, HasSolutions}, - HasObjective, + ExecutionProcessor, HasObjective, HasScheduler, }; /// Asan death callback type @@ -33,7 +33,7 @@ where EM: EventFirer + EventRestarter, OF: Feedback, E::State: HasSolutions + HasCorpus + HasExecutions, - Z: HasObjective, + Z: HasObjective + HasScheduler + ExecutionProcessor, { __sanitizer_set_death_callback(Some(asan_death_handler::)); } diff --git a/libafl_tinyinst/Cargo.toml b/libafl_tinyinst/Cargo.toml index 38f387dc06..5c8dad2100 100644 --- a/libafl_tinyinst/Cargo.toml +++ b/libafl_tinyinst/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "libafl_tinyinst" -version.workspace = true +version = "0.13.1" edition = "2021" authors = ["elbiazo ", "Dongjia Zhang "] repository = "https://github.com/AFLplusplus/LibAFL/" diff --git a/scripts/clippy.ps1 b/scripts/clippy.ps1 index 76be0592a5..6d4ba7e6cc 100644 --- a/scripts/clippy.ps1 +++ b/scripts/clippy.ps1 @@ -1,4 +1,4 @@ -cargo clippy --all --all-features --exclude libafl_nyx --exclude symcc_runtime --exclude runtime_test --exclude libafl_qemu --exclude libafl_libfuzzer --exclude libafl_qemu_sys --no-deps --tests --benches --examples -- ` +cargo clippy --all --all-features --exclude libafl_qemu --no-deps --tests --benches --examples -- ` -D clippy::all ` -D clippy::pedantic ` -W clippy::similar_names ` diff --git a/scripts/clippy.sh b/scripts/clippy.sh index e37554a8f5..5e41e276c3 100755 --- a/scripts/clippy.sh +++ b/scripts/clippy.sh @@ -4,7 +4,7 @@ cd "$SCRIPT_DIR/.." || exit 1 set -e -RUST_BACKTRACE=full cargo +nightly clippy --all --all-features --exclude libafl_nyx --exclude symcc_runtime --exclude runtime_test --no-deps --tests --examples --benches -- -Z macro-backtrace \ +RUST_BACKTRACE=full cargo +nightly clippy --all --all-features --no-deps --tests --examples --benches -- -Z macro-backtrace \ -D clippy::all \ -D clippy::pedantic \ -W clippy::similar_names \ @@ -21,7 +21,7 @@ RUST_BACKTRACE=full cargo +nightly clippy --all --all-features --exclude libafl_ if [[ "$OSTYPE" == "linux-gnu"* ]]; then cd libafl_libfuzzer/libafl_libfuzzer_runtime - RUST_BACKTRACE=full cargo +nightly clippy --all --all-features --exclude libafl_nyx --exclude symcc_runtime --exclude runtime_test --no-deps --tests --examples --benches -- -Z macro-backtrace \ + RUST_BACKTRACE=full cargo +nightly clippy --all --all-features --no-deps --tests --examples --benches -- -Z macro-backtrace \ -D clippy::all \ -D clippy::pedantic \ -W clippy::similar_names \ diff --git a/utils/libafl_benches/Cargo.toml b/utils/libafl_benches/Cargo.toml index 335b8979b2..f153c0ad04 100644 --- a/utils/libafl_benches/Cargo.toml +++ b/utils/libafl_benches/Cargo.toml @@ -1,7 +1,7 @@ [package] authors = ["Andrea Fioraldi ", "Dominik Maier "] name = "libafl_benches" -version.workspace = true +version = "0.13.1" edition = "2021" description = "LibAFL Benchmarks" documentation = "https://docs.rs/libafl"