Another attempt to add interesting crashing input on crash (#2391)

* aa

* why??????????????

* ppp

* aa

* aa

* abcde

* fixer

* ppp

* aa

* fix from windows

* sugar

* ff

* ??

* a

* to log::error

* exclude

* exclude libafl_qemu clippy on windows

* pp

* aa

---------

Co-authored-by: Your Name <you@example.com>

Cargo.toml

@@ -4,18 +4,11 @@ members = [
     "libafl",
     "libafl_bolts",
     "libafl_cc",
-    "libafl_concolic/symcc_runtime",
+    "libafl_derive",
-    "libafl_concolic/symcc_libafl",
+    "libafl_targets",
+    "libafl_sugar",
     "libafl_concolic/test/dump_constraints",
     "libafl_concolic/test/runtime_test",
-    "libafl_derive",
-    "libafl_frida",
-    "libafl_libfuzzer",
-    "libafl_nyx",
-    "libafl_qemu",
-    "libafl_sugar",
-    "libafl_targets",
-    "libafl_tinyinst",
     "utils/build_and_test_fuzzers",
     "utils/deexit",
     "utils/libafl_benches",
@@ -33,14 +26,21 @@ default-members = [
 exclude = [
     "bindings",
     "fuzzers",
-    "libafl_qemu/libafl_qemu_build",
-    "libafl_qemu/libafl_qemu_sys",
     "utils/noaslr",
     "utils/gdb_qemu",
     "utils/libafl_fmt",
     "utils/desyscall",
     "utils/multi_machine_generator",
     "scripts",
+    "libafl_concolic/symcc_runtime",
+    "libafl_concolic/symcc_libafl",
+    "libafl_frida",
+    "libafl_libfuzzer",
+    "libafl_nyx",
+    "libafl_qemu",
+    "libafl_tinyinst",
+    "libafl_qemu/libafl_qemu_build",
+    "libafl_qemu/libafl_qemu_sys",
 ]
 
 [workspace.package]

libafl/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "libafl"
-version.workspace = true
+version = "0.13.1"
 authors = ["Andrea Fioraldi <andreafioraldi@gmail.com>", "Dominik Maier <domenukk@gmail.com>"]
 description = "Slot your own fuzzers together and extend their features using Rust"
 documentation = "https://docs.rs/libafl"

libafl/src/events/centralized.rs

@@ -38,7 +38,7 @@ use crate::{
     executors::{Executor, HasObservers},
     fuzzer::{EvaluatorObservers, ExecutionProcessor},
     inputs::{Input, NopInput, UsesInput},
-    observers::{ObserversTuple, TimeObserver},
+    observers::{ObserversTuple, TimeObserver, UsesObservers},
     state::{HasExecutions, HasLastReportTime, NopState, State, Stoppable, UsesState},
     Error, HasMetadata,
 };
@@ -371,12 +371,13 @@ where
     EM: AdaptiveSerializer + EventProcessor<E, Z> + EventFirer + HasEventManagerId,
     EMH: EventManagerHooksTuple<EM::State>,
     E: HasObservers<State = Self::State> + Executor<Self, Z>,
+    <E as UsesObservers>::Observers: Serialize,
     for<'a> E::Observers: Deserialize<'a>,
     S: State,
     Self::State: HasExecutions + HasMetadata,
     SP: ShMemProvider,
     Z: EvaluatorObservers<E::Observers, State = Self::State>
-        + ExecutionProcessor<E::Observers, State = Self::State>,
+        + ExecutionProcessor<State = Self::State>,
 {
     fn process(
         &mut self,
@@ -403,6 +404,7 @@ where
 impl<E, EM, EMH, S, SP, Z> EventManager<E, Z> for CentralizedEventManager<EM, EMH, S, SP>
 where
     E: HasObservers<State = Self::State> + Executor<Self, Z>,
+    <E as UsesObservers>::Observers: Serialize,
     for<'a> E::Observers: Deserialize<'a>,
     EM: AdaptiveSerializer + EventManager<E, Z>,
     EM::State: HasExecutions + HasMetadata + HasLastReportTime,
@@ -410,7 +412,7 @@ where
     S: State,
     SP: ShMemProvider,
     Z: EvaluatorObservers<E::Observers, State = Self::State>
-        + ExecutionProcessor<E::Observers, State = Self::State>,
+        + ExecutionProcessor<State = Self::State>,
 {
 }
 
@@ -527,9 +529,10 @@ where
     ) -> Result<usize, Error>
     where
         E: Executor<Self, Z> + HasObservers<State = <Self as UsesState>::State>,
+        <E as UsesObservers>::Observers: Serialize,
         <Self as UsesState>::State: UsesInput + HasExecutions + HasMetadata,
         for<'a> E::Observers: Deserialize<'a>,
-        Z: ExecutionProcessor<E::Observers, State = <Self as UsesState>::State>
+        Z: ExecutionProcessor<State = <Self as UsesState>::State>
             + EvaluatorObservers<E::Observers>,
     {
         // TODO: Get around local event copy by moving handle_in_client
@@ -576,8 +579,8 @@ where
     where
         E: Executor<Self, Z> + HasObservers<State = <Self as UsesState>::State>,
         <Self as UsesState>::State: UsesInput + HasExecutions + HasMetadata,
-        for<'a> E::Observers: Deserialize<'a>,
+        for<'a> E::Observers: Deserialize<'a> + Serialize,
-        Z: ExecutionProcessor<E::Observers, State = <Self as UsesState>::State>
+        Z: ExecutionProcessor<State = <Self as UsesState>::State>
             + EvaluatorObservers<E::Observers>,
     {
         log::debug!("handle_in_main!");

libafl/src/events/llmp/mgr.rs

@@ -39,8 +39,8 @@ use crate::{
     executors::{Executor, HasObservers},
     fuzzer::{Evaluator, EvaluatorObservers, ExecutionProcessor},
     inputs::{NopInput, UsesInput},
-    observers::{ObserversTuple, TimeObserver},
+    observers::{ObserversTuple, TimeObserver, UsesObservers},
-    state::{HasExecutions, HasLastReportTime, NopState, State, UsesState},
+    state::{HasExecutions, HasImported, HasLastReportTime, NopState, State, UsesState},
     Error, HasMetadata,
 };
 
@@ -389,7 +389,7 @@ where
 impl<EMH, S, SP> LlmpEventManager<EMH, S, SP>
 where
     EMH: EventManagerHooksTuple<S>,
-    S: State + HasExecutions + HasMetadata,
+    S: State + HasExecutions + HasMetadata + HasImported,
     SP: ShMemProvider,
 {
     // Handle arriving events in the client
@@ -404,10 +404,9 @@ where
     ) -> Result<(), Error>
     where
         E: Executor<Self, Z> + HasObservers<State = S>,
+        <E as UsesObservers>::Observers: Serialize,
         for<'a> E::Observers: Deserialize<'a>,
-        Z: ExecutionProcessor<E::Observers, State = S>
+        Z: ExecutionProcessor<State = S> + EvaluatorObservers<E::Observers> + Evaluator<E, Self>,
-            + EvaluatorObservers<E::Observers>
-            + Evaluator<E, Self>,
     {
         if !self.hooks.pre_exec_all(state, client_id, &event)? {
             return Ok(());
@@ -455,6 +454,7 @@ where
                         )?
                     };
                     if let Some(item) = res.1 {
+                        *state.imported_mut() += 1;
                         log::debug!("Added received Testcase {evt_name} as item #{item}");
                     } else {
                         log::debug!("Testcase {evt_name} was discarded");
@@ -585,13 +585,12 @@ where
 impl<E, EMH, S, SP, Z> EventProcessor<E, Z> for LlmpEventManager<EMH, S, SP>
 where
     EMH: EventManagerHooksTuple<S>,
-    S: State + HasExecutions + HasMetadata,
+    <E as UsesObservers>::Observers: Serialize,
+    S: State + HasExecutions + HasMetadata + HasImported,
     SP: ShMemProvider,
     E: HasObservers<State = S> + Executor<Self, Z>,
     for<'a> E::Observers: Deserialize<'a>,
-    Z: ExecutionProcessor<E::Observers, State = S>
+    Z: ExecutionProcessor<State = S> + EvaluatorObservers<E::Observers> + Evaluator<E, Self>,
-        + EvaluatorObservers<E::Observers>
-        + Evaluator<E, Self>,
 {
     fn process(
         &mut self,
@@ -638,13 +637,12 @@ where
 impl<E, EMH, S, SP, Z> EventManager<E, Z> for LlmpEventManager<EMH, S, SP>
 where
     E: HasObservers<State = S> + Executor<Self, Z>,
+    <E as UsesObservers>::Observers: Serialize,
     for<'a> E::Observers: Deserialize<'a>,
     EMH: EventManagerHooksTuple<S>,
-    S: State + HasExecutions + HasMetadata + HasLastReportTime,
+    S: State + HasExecutions + HasMetadata + HasLastReportTime + HasImported,
     SP: ShMemProvider,
-    Z: ExecutionProcessor<E::Observers, State = S>
+    Z: ExecutionProcessor<State = S> + EvaluatorObservers<E::Observers> + Evaluator<E, Self>,
-        + EvaluatorObservers<E::Observers>
-        + Evaluator<E, Self>,
 {
 }
 

libafl/src/events/llmp/mod.rs

@@ -296,7 +296,7 @@ where
         E: Executor<EM, Z> + HasObservers<State = S>,
         EM: UsesState<State = S> + EventFirer,
         for<'a> E::Observers: Deserialize<'a>,
-        Z: ExecutionProcessor<E::Observers, State = S> + EvaluatorObservers<E::Observers>,
+        Z: ExecutionProcessor<State = S> + EvaluatorObservers<E::Observers>,
     {
         match event {
             Event::NewTestcase {
@@ -350,7 +350,7 @@ where
         E: Executor<EM, Z> + HasObservers<State = S>,
         EM: UsesState<State = S> + EventFirer,
         for<'a> E::Observers: Deserialize<'a>,
-        Z: ExecutionProcessor<E::Observers, State = S> + EvaluatorObservers<E::Observers>,
+        Z: ExecutionProcessor<State = S> + EvaluatorObservers<E::Observers>,
     {
         // TODO: Get around local event copy by moving handle_in_client
         let self_id = self.llmp.sender().id();

libafl/src/events/llmp/restarting.rs

@@ -49,8 +49,8 @@ use crate::{
     fuzzer::{Evaluator, EvaluatorObservers, ExecutionProcessor},
     inputs::UsesInput,
     monitors::Monitor,
-    observers::{ObserversTuple, TimeObserver},
+    observers::{ObserversTuple, TimeObserver, UsesObservers},
-    state::{HasExecutions, HasLastReportTime, State, UsesState},
+    state::{HasExecutions, HasImported, HasLastReportTime, State, UsesState},
     Error, HasMetadata,
 };
 
@@ -205,11 +205,12 @@ where
 impl<E, EMH, S, SP, Z> EventProcessor<E, Z> for LlmpRestartingEventManager<EMH, S, SP>
 where
     E: HasObservers<State = S> + Executor<LlmpEventManager<EMH, S, SP>, Z>,
+    <E as UsesObservers>::Observers: Serialize,
     for<'a> E::Observers: Deserialize<'a>,
     EMH: EventManagerHooksTuple<S>,
-    S: State + HasExecutions + HasMetadata,
+    S: State + HasExecutions + HasMetadata + HasImported,
     SP: ShMemProvider,
-    Z: ExecutionProcessor<E::Observers, State = S>
+    Z: ExecutionProcessor<State = S>
         + EvaluatorObservers<E::Observers>
         + Evaluator<E, LlmpEventManager<EMH, S, SP>>,
 {
@@ -228,11 +229,12 @@ where
 impl<E, EMH, S, SP, Z> EventManager<E, Z> for LlmpRestartingEventManager<EMH, S, SP>
 where
     E: HasObservers<State = S> + Executor<LlmpEventManager<EMH, S, SP>, Z>,
+    <E as UsesObservers>::Observers: Serialize,
     for<'a> E::Observers: Deserialize<'a>,
     EMH: EventManagerHooksTuple<S>,
-    S: State + HasExecutions + HasMetadata + HasLastReportTime,
+    S: State + HasExecutions + HasMetadata + HasLastReportTime + HasImported,
     SP: ShMemProvider,
-    Z: ExecutionProcessor<E::Observers, State = S>
+    Z: ExecutionProcessor<State = S>
         + EvaluatorObservers<E::Observers>
         + Evaluator<E, LlmpEventManager<EMH, S, SP>>,
 {

libafl/src/events/tcp.rs

@@ -31,7 +31,7 @@ use libafl_bolts::os::{fork, ForkResult};
 use libafl_bolts::{shmem::ShMemProvider, tuples::tuple_list, ClientId};
 #[cfg(feature = "std")]
 use libafl_bolts::{shmem::StdShMemProvider, staterestore::StateRestorer};
-use serde::{de::DeserializeOwned, Deserialize};
+use serde::{de::DeserializeOwned, Deserialize, Serialize};
 use tokio::{
     io::{AsyncReadExt, AsyncWriteExt},
     sync::{broadcast, broadcast::error::RecvError, mpsc},
@@ -53,7 +53,8 @@ use crate::{
     fuzzer::{EvaluatorObservers, ExecutionProcessor},
     inputs::{Input, UsesInput},
     monitors::Monitor,
-    state::{HasExecutions, HasLastReportTime, State, UsesState},
+    observers::UsesObservers,
+    state::{HasExecutions, HasImported, HasLastReportTime, State, UsesState},
     Error, HasMetadata,
 };
 
@@ -591,7 +592,7 @@ where
 impl<EMH, S> TcpEventManager<EMH, S>
 where
     EMH: EventManagerHooksTuple<S>,
-    S: State + HasExecutions + HasMetadata,
+    S: State + HasExecutions + HasMetadata + HasImported,
 {
     /// Write the client id for a client [`EventManager`] to env vars
     pub fn to_env(&self, env_name: &str) {
@@ -610,8 +611,9 @@ where
     ) -> Result<(), Error>
     where
         E: Executor<Self, Z> + HasObservers<State = S>,
+        <E as UsesObservers>::Observers: Serialize,
         for<'a> E::Observers: Deserialize<'a>,
-        Z: ExecutionProcessor<E::Observers, State = S> + EvaluatorObservers<E::Observers>,
+        Z: ExecutionProcessor<State = S> + EvaluatorObservers<E::Observers>,
     {
         if !self.hooks.pre_exec_all(state, client_id, &event)? {
             return Ok(());
@@ -647,6 +649,7 @@ where
                     )?
                 };
                 if let Some(item) = _res.1 {
+                    *state.imported_mut() += 1;
                     log::info!("Added received Testcase as item #{item}");
                 }
             }
@@ -748,10 +751,11 @@ where
 impl<E, EMH, S, Z> EventProcessor<E, Z> for TcpEventManager<EMH, S>
 where
     E: HasObservers<State = S> + Executor<Self, Z>,
+    <E as UsesObservers>::Observers: Serialize,
     for<'a> E::Observers: Deserialize<'a>,
     EMH: EventManagerHooksTuple<S>,
-    S: State + HasExecutions + HasMetadata,
+    S: State + HasExecutions + HasMetadata + HasImported,
-    Z: EvaluatorObservers<E::Observers, State = S> + ExecutionProcessor<E::Observers, State = S>,
+    Z: EvaluatorObservers<E::Observers, State = S> + ExecutionProcessor<State = S>,
 {
     fn process(
         &mut self,
@@ -821,10 +825,11 @@ where
 impl<E, EMH, S, Z> EventManager<E, Z> for TcpEventManager<EMH, S>
 where
     E: HasObservers<State = S> + Executor<Self, Z>,
+    <E as UsesObservers>::Observers: Serialize,
     for<'a> E::Observers: Deserialize<'a>,
     EMH: EventManagerHooksTuple<S>,
-    S: State + HasExecutions + HasMetadata + HasLastReportTime,
+    S: State + HasExecutions + HasMetadata + HasLastReportTime + HasImported,
-    Z: EvaluatorObservers<E::Observers, State = S> + ExecutionProcessor<E::Observers, State = S>,
+    Z: EvaluatorObservers<E::Observers, State = S> + ExecutionProcessor<State = S>,
 {
 }
 
@@ -966,10 +971,11 @@ impl<E, EMH, S, SP, Z> EventProcessor<E, Z> for TcpRestartingEventManager<EMH, S
 where
     E: HasObservers<State = S> + Executor<TcpEventManager<EMH, S>, Z>,
     for<'a> E::Observers: Deserialize<'a>,
+    <E as UsesObservers>::Observers: Serialize,
     EMH: EventManagerHooksTuple<S>,
-    S: State + HasExecutions + HasMetadata,
+    S: State + HasExecutions + HasMetadata + HasImported,
     SP: ShMemProvider + 'static,
-    Z: EvaluatorObservers<E::Observers, State = S> + ExecutionProcessor<E::Observers>, //CE: CustomEvent<I>,
+    Z: EvaluatorObservers<E::Observers, State = S> + ExecutionProcessor, //CE: CustomEvent<I>,
 {
     fn process(&mut self, fuzzer: &mut Z, state: &mut S, executor: &mut E) -> Result<usize, Error> {
         self.tcp_mgr.process(fuzzer, state, executor)
@@ -984,11 +990,12 @@ where
 impl<E, EMH, S, SP, Z> EventManager<E, Z> for TcpRestartingEventManager<EMH, S, SP>
 where
     E: HasObservers<State = S> + Executor<TcpEventManager<EMH, S>, Z>,
+    <E as UsesObservers>::Observers: Serialize,
     for<'a> E::Observers: Deserialize<'a>,
     EMH: EventManagerHooksTuple<S>,
-    S: State + HasExecutions + HasMetadata + HasLastReportTime,
+    S: State + HasExecutions + HasMetadata + HasLastReportTime + HasImported,
     SP: ShMemProvider + 'static,
-    Z: EvaluatorObservers<E::Observers, State = S> + ExecutionProcessor<E::Observers>, //CE: CustomEvent<I>,
+    Z: EvaluatorObservers<E::Observers, State = S> + ExecutionProcessor, //CE: CustomEvent<I>,
 {
 }
 
@@ -1084,7 +1091,7 @@ pub fn setup_restarting_mgr_tcp<MT, S>(
 >
 where
     MT: Monitor + Clone,
-    S: State + HasExecutions + HasMetadata,
+    S: State + HasExecutions + HasMetadata + HasImported,
 {
     TcpRestartingMgr::builder()
         .shmem_provider(StdShMemProvider::new()?)
@@ -1149,7 +1156,7 @@ impl<EMH, MT, S, SP> TcpRestartingMgr<EMH, MT, S, SP>
 where
     EMH: EventManagerHooksTuple<S> + Copy + Clone,
     SP: ShMemProvider,
-    S: State + HasExecutions + HasMetadata,
+    S: State + HasExecutions + HasMetadata + HasImported,
     MT: Monitor + Clone,
 {
     /// Launch the restarting manager

libafl/src/executors/hooks/inprocess.rs

@@ -31,6 +31,7 @@ use crate::{
     events::{EventFirer, EventRestarter},
     executors::{hooks::ExecutorHook, inprocess::HasInProcessHooks, Executor, HasObservers},
     feedbacks::Feedback,
+    fuzzer::{ExecutionProcessor, HasScheduler},
     inputs::UsesInput,
     state::{HasCorpus, HasExecutions, HasSolutions},
     Error, HasObjective,
@@ -235,7 +236,7 @@ where
         EM: EventFirer<State = E::State> + EventRestarter<State = E::State>,
         OF: Feedback<E::State>,
         E::State: HasExecutions + HasSolutions + HasCorpus,
-        Z: HasObjective<Objective = OF, State = E::State>,
+        Z: HasObjective<Objective = OF, State = E::State> + HasScheduler + ExecutionProcessor,
     {
         #[cfg_attr(miri, allow(unused_variables))]
         unsafe {
@@ -268,7 +269,7 @@ where
         EM: EventFirer<State = E::State> + EventRestarter<State = E::State>,
         OF: Feedback<E::State>,
         E::State: State + HasExecutions + HasSolutions + HasCorpus,
-        Z: HasObjective<Objective = OF, State = E::State>,
+        Z: HasObjective<Objective = OF, State = E::State> + HasScheduler + ExecutionProcessor,
     {
         let ret;
         #[cfg(feature = "std")]

libafl/src/executors/hooks/unix.rs

@@ -17,9 +17,10 @@ pub mod unix_signal_handler {
             Executor, ExitKind, HasObservers,
         },
         feedbacks::Feedback,
-        fuzzer::HasObjective,
+        fuzzer::{ExecutionProcessor, HasObjective},
         inputs::{Input, UsesInput},
         state::{HasCorpus, HasExecutions, HasSolutions},
+        HasScheduler,
     };
 
     pub(crate) type HandlerFuncPtr = unsafe fn(
@@ -79,7 +80,7 @@ pub mod unix_signal_handler {
         EM: EventFirer<State = E::State> + EventRestarter<State = E::State>,
         OF: Feedback<E::State>,
         E::State: HasExecutions + HasSolutions + HasCorpus,
-        Z: HasObjective<Objective = OF, State = E::State>,
+        Z: HasObjective<Objective = OF, State = E::State> + ExecutionProcessor + HasScheduler,
     {
         let old_hook = panic::take_hook();
         panic::set_hook(Box::new(move |panic_info| unsafe {
@@ -126,7 +127,7 @@ pub mod unix_signal_handler {
         EM: EventFirer<State = E::State> + EventRestarter<State = E::State>,
         OF: Feedback<E::State>,
         E::State: HasExecutions + HasSolutions + HasCorpus,
-        Z: HasObjective<Objective = OF, State = E::State>,
+        Z: HasObjective<Objective = OF, State = E::State> + ExecutionProcessor + HasScheduler,
     {
         // this stuff is for batch timeout
         if !data.executor_ptr.is_null()
@@ -181,7 +182,7 @@ pub mod unix_signal_handler {
         EM: EventFirer<State = E::State> + EventRestarter<State = E::State>,
         OF: Feedback<E::State>,
         E::State: HasExecutions + HasSolutions + HasCorpus,
-        Z: HasObjective<Objective = OF, State = E::State>,
+        Z: HasObjective<Objective = OF, State = E::State> + ExecutionProcessor + HasScheduler,
     {
         #[cfg(all(target_os = "android", target_arch = "aarch64"))]
         let _context = _context.map(|p| {

libafl/src/executors/hooks/windows.rs

@@ -18,7 +18,7 @@ pub mod windows_asan_handler {
             ExitKind, HasObservers,
         },
         feedbacks::Feedback,
-        fuzzer::HasObjective,
+        fuzzer::{ExecutionProcessor, HasObjective, HasScheduler},
         inputs::UsesInput,
         state::{HasCorpus, HasExecutions, HasSolutions},
     };
@@ -31,7 +31,7 @@ pub mod windows_asan_handler {
         EM: EventFirer<State = E::State> + EventRestarter<State = E::State>,
         OF: Feedback<E::State>,
         E::State: HasExecutions + HasSolutions + HasCorpus,
-        Z: HasObjective<Objective = OF, State = E::State>,
+        Z: HasObjective<Objective = OF, State = E::State> + HasScheduler + ExecutionProcessor,
     {
         let data = addr_of_mut!(GLOBAL_STATE);
         (*data).set_in_handler(true);
@@ -132,7 +132,7 @@ pub mod windows_exception_handler {
             Executor, ExitKind, HasObservers,
         },
         feedbacks::Feedback,
-        fuzzer::HasObjective,
+        fuzzer::{ExecutionProcessor, HasObjective, HasScheduler},
         inputs::{Input, UsesInput},
         state::{HasCorpus, HasExecutions, HasSolutions, State},
     };
@@ -179,7 +179,7 @@ pub mod windows_exception_handler {
         EM: EventFirer<State = E::State> + EventRestarter<State = E::State>,
         OF: Feedback<E::State>,
         E::State: HasExecutions + HasSolutions + HasCorpus,
-        Z: HasObjective<Objective = OF, State = E::State>,
+        Z: HasObjective<Objective = OF, State = E::State> + HasScheduler + ExecutionProcessor,
     {
         let old_hook = panic::take_hook();
         panic::set_hook(Box::new(move |panic_info| unsafe {
@@ -239,7 +239,7 @@ pub mod windows_exception_handler {
         EM: EventFirer<State = E::State> + EventRestarter<State = E::State>,
         OF: Feedback<E::State>,
         E::State: State + HasExecutions + HasSolutions + HasCorpus,
-        Z: HasObjective<Objective = OF, State = E::State>,
+        Z: HasObjective<Objective = OF, State = E::State> + HasScheduler + ExecutionProcessor,
     {
         let data: &mut InProcessExecutorHandlerData =
             &mut *(global_state as *mut InProcessExecutorHandlerData);
@@ -309,7 +309,7 @@ pub mod windows_exception_handler {
         EM: EventFirer<State = E::State> + EventRestarter<State = E::State>,
         OF: Feedback<E::State>,
         E::State: HasExecutions + HasSolutions + HasCorpus,
-        Z: HasObjective<Objective = OF, State = E::State>,
+        Z: HasObjective<Objective = OF, State = E::State> + HasScheduler + ExecutionProcessor,
     {
         // Have we set a timer_before?
         if data.ptp_timer.is_some() {

libafl/src/executors/inprocess/inner.rs

@@ -26,11 +26,11 @@ use crate::{
         Executor, HasObservers,
     },
     feedbacks::Feedback,
-    fuzzer::HasObjective,
+    fuzzer::{HasObjective, HasScheduler},
     inputs::UsesInput,
     observers::{ObserversTuple, UsesObservers},
     state::{HasCorpus, HasExecutions, HasSolutions, State, UsesState},
-    Error,
+    Error, ExecutionProcessor,
 };
 
 /// The internal state of `GenericInProcessExecutor`.
@@ -177,7 +177,7 @@ where
         EM: EventFirer<State = S> + EventRestarter,
         OF: Feedback<S>,
         S: State,
-        Z: HasObjective<Objective = OF, State = S>,
+        Z: HasObjective<Objective = OF, State = S> + HasScheduler + ExecutionProcessor,
     {
         Self::with_timeout_generic::<E, EM, OF, Z>(
             user_hooks,
@@ -204,7 +204,7 @@ where
         EM: EventFirer<State = S> + EventRestarter,
         OF: Feedback<S>,
         S: State,
-        Z: HasObjective<Objective = OF, State = S>,
+        Z: HasObjective<Objective = OF, State = S> + HasScheduler + ExecutionProcessor,
     {
         let mut me = Self::with_timeout_generic::<E, EM, OF, Z>(
             user_hooks, observers, fuzzer, state, event_mgr, exec_tmout,
@@ -234,7 +234,7 @@ where
         EM: EventFirer<State = S> + EventRestarter,
         OF: Feedback<S>,
         S: State,
-        Z: HasObjective<Objective = OF, State = S>,
+        Z: HasObjective<Objective = OF, State = S> + HasScheduler + ExecutionProcessor,
     {
         let default = InProcessHooks::new::<E, EM, OF, Z>(timeout)?;
         let mut hooks = tuple_list!(default).merge(user_hooks);

libafl/src/executors/inprocess/mod.rs

@@ -21,8 +21,7 @@ use libafl_bolts::tuples::{tuple_list, RefIndexable};
 #[cfg(any(unix, feature = "std"))]
 use crate::executors::hooks::inprocess::GLOBAL_STATE;
 use crate::{
-    corpus::{Corpus, Testcase},
+    events::{EventFirer, EventRestarter},
-    events::{Event, EventFirer, EventRestarter},
     executors::{
         hooks::{inprocess::InProcessHooks, ExecutorHooksTuple},
         inprocess::inner::GenericInProcessExecutorInner,
@@ -32,8 +31,9 @@ use crate::{
     fuzzer::HasObjective,
     inputs::UsesInput,
     observers::{ObserversTuple, UsesObservers},
-    state::{HasCorpus, HasCurrentTestcase, HasExecutions, HasSolutions, State, UsesState},
+    schedulers::Scheduler,
-    Error, HasMetadata,
+    state::{HasCorpus, HasExecutions, HasSolutions, State, UsesState},
+    Error, ExecutionProcessor, HasScheduler,
 };
 
 /// The inner structure of `InProcessExecutor`.
@@ -180,7 +180,7 @@ where
         EM: EventFirer<State = S> + EventRestarter,
         OF: Feedback<S>,
         S: State,
-        Z: HasObjective<Objective = OF, State = S>,
+        Z: HasObjective<Objective = OF, State = S> + HasScheduler + ExecutionProcessor,
     {
         Self::with_timeout_generic(
             tuple_list!(),
@@ -208,7 +208,7 @@ where
         EM: EventFirer<State = S> + EventRestarter,
         OF: Feedback<S>,
         S: State,
-        Z: HasObjective<Objective = OF, State = S>,
+        Z: HasObjective<Objective = OF, State = S> + HasScheduler + ExecutionProcessor,
     {
         let inner = GenericInProcessExecutorInner::batched_timeout_generic::<Self, EM, OF, Z>(
             tuple_list!(),
@@ -243,11 +243,11 @@ where
         timeout: Duration,
     ) -> Result<Self, Error>
     where
-        Self: Executor<EM, Z, State = S> + HasObservers,
+        Self: Executor<EM, Z, State = S>,
         EM: EventFirer<State = S> + EventRestarter,
         OF: Feedback<S>,
         S: State,
-        Z: HasObjective<Objective = OF, State = S>,
+        Z: HasObjective<Objective = OF, State = S> + HasScheduler + ExecutionProcessor,
     {
         let inner = GenericInProcessExecutorInner::with_timeout_generic::<Self, EM, OF, Z>(
             tuple_list!(),
@@ -284,11 +284,11 @@ where
         event_mgr: &mut EM,
     ) -> Result<Self, Error>
     where
-        Self: Executor<EM, Z, State = S> + HasObservers,
+        Self: Executor<EM, Z, State = S>,
         EM: EventFirer<State = S> + EventRestarter,
         OF: Feedback<S>,
         S: State,
-        Z: HasObjective<Objective = OF, State = S>,
+        Z: HasObjective<Objective = OF, State = S> + HasScheduler + ExecutionProcessor,
     {
         Self::with_timeout_generic(
             user_hooks,
@@ -313,11 +313,11 @@ where
         exec_tmout: Duration,
     ) -> Result<Self, Error>
     where
-        Self: Executor<EM, Z, State = S> + HasObservers,
+        Self: Executor<EM, Z, State = S>,
         EM: EventFirer<State = S> + EventRestarter,
         OF: Feedback<S>,
         S: State,
-        Z: HasObjective<Objective = OF, State = S>,
+        Z: HasObjective<Objective = OF, State = S> + HasScheduler + ExecutionProcessor,
     {
         let inner = GenericInProcessExecutorInner::batched_timeout_generic::<Self, EM, OF, Z>(
             user_hooks, observers, fuzzer, state, event_mgr, exec_tmout,
@@ -348,11 +348,11 @@ where
         timeout: Duration,
     ) -> Result<Self, Error>
     where
-        Self: Executor<EM, Z, State = S> + HasObservers,
+        Self: Executor<EM, Z, State = S>,
         EM: EventFirer<State = S> + EventRestarter,
         OF: Feedback<S>,
         S: State,
-        Z: HasObjective<Objective = OF, State = S>,
+        Z: HasObjective<Objective = OF, State = S> + HasScheduler + ExecutionProcessor,
     {
         let inner = GenericInProcessExecutorInner::with_timeout_generic::<Self, EM, OF, Z>(
             user_hooks, observers, fuzzer, state, event_mgr, timeout,
@@ -431,58 +431,47 @@ pub fn run_observers_and_save_state<E, EM, OF, Z>(
     state: &mut E::State,
     input: &<E::State as UsesInput>::Input,
     fuzzer: &mut Z,
-    event_mgr: &mut EM,
+    manager: &mut EM,
-    exitkind: ExitKind,
+    exit_kind: ExitKind,
 ) where
     E: HasObservers,
     EM: EventFirer<State = E::State> + EventRestarter<State = E::State>,
     OF: Feedback<E::State>,
     E::State: HasExecutions + HasSolutions + HasCorpus,
-    Z: HasObjective<Objective = OF, State = E::State>,
+    Z: HasObjective<Objective = OF, State = E::State>
+        + HasScheduler<State = E::State>
+        + ExecutionProcessor,
 {
-    let mut observers = executor.observers_mut();
+    let observers = executor.observers_mut();
+    let scheduler = fuzzer.scheduler_mut();
 
-    observers
+    if scheduler.on_evaluation(state, input, &*observers).is_err() {
-        .post_exec_all(state, input, &exitkind)
+        log::error!("Failed to call on_evaluation");
-        .expect("Observers post_exec_all failed");
+        return;
-
-    let interesting = fuzzer
-        .objective_mut()
-        .is_interesting(state, event_mgr, input, &*observers, &exitkind)
-        .expect("In run_observers_and_save_state objective failure.");
-
-    if interesting {
-        let executions = *state.executions();
-        let mut new_testcase = Testcase::with_executions(input.clone(), executions);
-        new_testcase.add_metadata(exitkind);
-        new_testcase.set_parent_id_optional(*state.corpus().current());
-
-        if let Ok(mut tc) = state.current_testcase_mut() {
-            tc.found_objective();
-        }
-
-        fuzzer
-            .objective_mut()
-            .append_metadata(state, event_mgr, &*observers, &mut new_testcase)
-            .expect("Failed adding metadata");
-        state
-            .solutions_mut()
-            .add(new_testcase)
-            .expect("In run_observers_and_save_state solutions failure.");
-        event_mgr
-            .fire(
-                state,
-                Event::Objective {
-                    objective_size: state.solutions().count(),
-                    executions,
-                    time: libafl_bolts::current_time(),
-                },
-            )
-            .expect("Could not save state in run_observers_and_save_state");
     }
 
+    let res = fuzzer.check_results(state, manager, input, &*observers, &exit_kind);
+    if let Ok(exec_res) = res {
+        if fuzzer
+            .process_execution(state, manager, input, &exec_res, &*observers)
+            .is_err()
+        {
+            log::error!("Failed to call process_execution");
+            return;
+        }
+
+        if fuzzer
+            .dispatch_event(state, manager, input.clone(), &exec_res, None, &exit_kind)
+            .is_err()
+        {
+            log::error!("Failed to dispatch_event");
+            return;
+        }
+    } else {
+        log::error!("Faild to check execution result");
+    }
     // Serialize the state and wait safely for the broker to read pending messages
-    event_mgr.on_restart(state).unwrap();
+    manager.on_restart(state).unwrap();
 
     log::info!("Bye!");
 }
@@ -499,7 +488,9 @@ where
     EM: EventFirer<State = E::State> + EventRestarter<State = E::State>,
     OF: Feedback<E::State>,
     E::State: HasExecutions + HasSolutions + HasCorpus,
-    Z: HasObjective<Objective = OF, State = E::State>,
+    Z: HasObjective<Objective = OF, State = E::State>
+        + HasScheduler<State = E::State>
+        + ExecutionProcessor,
 {
     let data = addr_of_mut!(GLOBAL_STATE);
     let in_handler = (*data).set_in_handler(true);
@@ -556,7 +547,7 @@ mod tests {
         let mut mgr = NopEventManager::new();
         let mut state =
             StdState::new(rand, corpus, solutions, &mut feedback, &mut objective).unwrap();
-        let mut fuzzer = StdFuzzer::<_, _, _, ()>::new(sche, feedback, objective);
+        let mut fuzzer = StdFuzzer::<_, _, _>::new(sche, feedback, objective);
 
         let mut in_process_executor = InProcessExecutor::new(
             &mut harness,

libafl/src/executors/inprocess/stateful.rs

@@ -18,7 +18,7 @@ use crate::{
         Executor, ExitKind, HasObservers,
     },
     feedbacks::Feedback,
-    fuzzer::HasObjective,
+    fuzzer::{ExecutionProcessor, HasObjective, HasScheduler},
     inputs::UsesInput,
     observers::{ObserversTuple, UsesObservers},
     state::{HasCorpus, HasExecutions, HasSolutions, State, UsesState},
@@ -172,7 +172,7 @@ where
         EM: EventFirer<State = S> + EventRestarter,
         OF: Feedback<S>,
         S: State,
-        Z: HasObjective<Objective = OF, State = S>,
+        Z: HasObjective<Objective = OF, State = S> + HasScheduler + ExecutionProcessor,
     {
         Self::with_timeout_generic(
             tuple_list!(),
@@ -202,7 +202,7 @@ where
         EM: EventFirer<State = S> + EventRestarter,
         OF: Feedback<S>,
         S: State,
-        Z: HasObjective<Objective = OF, State = S>,
+        Z: HasObjective<Objective = OF, State = S> + HasScheduler + ExecutionProcessor,
     {
         let inner = GenericInProcessExecutorInner::batched_timeout_generic::<Self, EM, OF, Z>(
             tuple_list!(),
@@ -243,7 +243,7 @@ where
         EM: EventFirer<State = S> + EventRestarter,
         OF: Feedback<S>,
         S: State,
-        Z: HasObjective<Objective = OF, State = S>,
+        Z: HasObjective<Objective = OF, State = S> + HasScheduler + ExecutionProcessor,
     {
         let inner = GenericInProcessExecutorInner::with_timeout_generic::<Self, EM, OF, Z>(
             tuple_list!(),
@@ -304,7 +304,7 @@ where
         EM: EventFirer<State = S> + EventRestarter,
         OF: Feedback<S>,
         S: State,
-        Z: HasObjective<Objective = OF, State = S>,
+        Z: HasObjective<Objective = OF, State = S> + HasScheduler + ExecutionProcessor,
     {
         Self::with_timeout_generic(
             user_hooks,
@@ -335,7 +335,7 @@ where
         EM: EventFirer<State = S> + EventRestarter,
         OF: Feedback<S>,
         S: State,
-        Z: HasObjective<Objective = OF, State = S>,
+        Z: HasObjective<Objective = OF, State = S> + HasScheduler + ExecutionProcessor,
     {
         let inner = GenericInProcessExecutorInner::batched_timeout_generic::<Self, EM, OF, Z>(
             user_hooks, observers, fuzzer, state, event_mgr, exec_tmout,
@@ -372,7 +372,7 @@ where
         EM: EventFirer<State = S> + EventRestarter,
         OF: Feedback<S>,
         S: State,
-        Z: HasObjective<Objective = OF, State = S>,
+        Z: HasObjective<Objective = OF, State = S> + HasScheduler + ExecutionProcessor,
     {
         let inner = GenericInProcessExecutorInner::with_timeout_generic::<Self, EM, OF, Z>(
             user_hooks, observers, fuzzer, state, event_mgr, timeout,

libafl/src/fuzzer/mod.rs

@@ -1,7 +1,7 @@
 //! The `Fuzzer` is the main struct for a fuzz campaign.
 
-use alloc::string::ToString;
+use alloc::{string::ToString, vec::Vec};
-use core::{fmt::Debug, marker::PhantomData, time::Duration};
+use core::{fmt::Debug, time::Duration};
 
 use libafl_bolts::current_time;
 use serde::{de::DeserializeOwned, Serialize};
@@ -69,9 +69,9 @@ pub trait HasObjective: UsesState {
 }
 
 /// Evaluates if an input is interesting using the feedback
-pub trait ExecutionProcessor<OT>: UsesState {
+pub trait ExecutionProcessor: UsesState {
     /// Check the outcome of the execution, find if it is worth for corpus or objectives
-    fn check_results<EM>(
+    fn check_results<EM, OT>(
         &mut self,
         state: &mut Self::State,
         manager: &mut EM,
@@ -80,11 +80,25 @@ pub trait ExecutionProcessor<OT>: UsesState {
         exit_kind: &ExitKind,
     ) -> Result<ExecuteInputResult, Error>
     where
-        EM: EventFirer<State = Self::State>;
+        EM: EventFirer<State = Self::State>,
+        OT: ObserversTuple<Self::State>;
 
     /// Process `ExecuteInputResult`. Add to corpus, solution or ignore
     #[allow(clippy::too_many_arguments)]
-    fn process_execution<EM>(
+    fn process_execution<EM, OT>(
+        &mut self,
+        state: &mut Self::State,
+        manager: &mut EM,
+        input: &<Self::State as UsesInput>::Input,
+        exec_res: &ExecuteInputResult,
+        observers: &OT,
+    ) -> Result<Option<CorpusId>, Error>
+    where
+        EM: EventFirer<State = Self::State>,
+        OT: ObserversTuple<Self::State>;
+
+    /// serialize and send event via manager
+    fn serialize_and_dispatch<EM, OT>(
         &mut self,
         state: &mut Self::State,
         manager: &mut EM,
@@ -92,13 +106,26 @@ pub trait ExecutionProcessor<OT>: UsesState {
         exec_res: &ExecuteInputResult,
         observers: &OT,
         exit_kind: &ExitKind,
-        send_events: bool,
+    ) -> Result<(), Error>
-    ) -> Result<Option<CorpusId>, Error>
+    where
+        EM: EventFirer<State = Self::State>,
+        OT: ObserversTuple<Self::State> + Serialize;
+
+    /// send event via manager
+    fn dispatch_event<EM>(
+        &mut self,
+        state: &mut Self::State,
+        manager: &mut EM,
+        input: <Self::State as UsesInput>::Input,
+        exec_res: &ExecuteInputResult,
+        obs_buf: Option<Vec<u8>>,
+        exit_kind: &ExitKind,
+    ) -> Result<(), Error>
     where
         EM: EventFirer<State = Self::State>;
 
     /// Evaluate if a set of observation channels has an interesting state
-    fn evaluate_execution<EM>(
+    fn evaluate_execution<EM, OT>(
         &mut self,
         state: &mut Self::State,
         manager: &mut EM,
@@ -108,7 +135,8 @@ pub trait ExecutionProcessor<OT>: UsesState {
         send_events: bool,
     ) -> Result<(ExecuteInputResult, Option<CorpusId>), Error>
     where
-        EM: EventFirer<State = Self::State>;
+        EM: EventFirer<State = Self::State>,
+        OT: ObserversTuple<Self::State> + Serialize;
 }
 
 /// Evaluates an input modifying the state of the fuzzer
@@ -285,14 +313,13 @@ pub enum ExecuteInputResult {
 
 /// Your default fuzzer instance, for everyday use.
 #[derive(Debug)]
-pub struct StdFuzzer<CS, F, OF, OT> {
+pub struct StdFuzzer<CS, F, OF> {
     scheduler: CS,
     feedback: F,
     objective: OF,
-    phantom: PhantomData<OT>,
 }
 
-impl<CS, F, OF, OT> UsesState for StdFuzzer<CS, F, OF, OT>
+impl<CS, F, OF> UsesState for StdFuzzer<CS, F, OF>
 where
     CS: Scheduler,
     CS::State: HasCorpus,
@@ -300,7 +327,7 @@ where
     type State = CS::State;
 }
 
-impl<CS, F, OF, OT> HasScheduler for StdFuzzer<CS, F, OF, OT>
+impl<CS, F, OF> HasScheduler for StdFuzzer<CS, F, OF>
 where
     CS: Scheduler,
     CS::State: HasCorpus,
@@ -316,7 +343,7 @@ where
     }
 }
 
-impl<CS, F, OF, OT> HasFeedback for StdFuzzer<CS, F, OF, OT>
+impl<CS, F, OF> HasFeedback for StdFuzzer<CS, F, OF>
 where
     CS: Scheduler,
     F: Feedback<Self::State>,
@@ -334,7 +361,7 @@ where
     }
 }
 
-impl<CS, F, OF, OT> HasObjective for StdFuzzer<CS, F, OF, OT>
+impl<CS, F, OF> HasObjective for StdFuzzer<CS, F, OF>
 where
     CS: Scheduler,
     F: Feedback<Self::State>,
@@ -352,12 +379,11 @@ where
     }
 }
 
-impl<CS, F, OF, OT> ExecutionProcessor<OT> for StdFuzzer<CS, F, OF, OT>
+impl<CS, F, OF> ExecutionProcessor for StdFuzzer<CS, F, OF>
 where
     CS: Scheduler,
     F: Feedback<Self::State>,
     OF: Feedback<Self::State>,
-    OT: ObserversTuple<Self::State> + Serialize + DeserializeOwned,
     CS::State: HasCorpus
         + HasSolutions
         + HasExecutions
@@ -366,7 +392,7 @@ where
         + HasCurrentTestcase<<Self::State as UsesInput>::Input>
         + HasCurrentCorpusId,
 {
-    fn check_results<EM>(
+    fn check_results<EM, OT>(
         &mut self,
         state: &mut Self::State,
         manager: &mut EM,
@@ -376,6 +402,7 @@ where
     ) -> Result<ExecuteInputResult, Error>
     where
         EM: EventFirer<State = Self::State>,
+        OT: ObserversTuple<Self::State>,
     {
         let mut res = ExecuteInputResult::None;
 
@@ -409,7 +436,7 @@ where
         Ok(res)
     }
 
-    fn evaluate_execution<EM>(
+    fn evaluate_execution<EM, OT>(
         &mut self,
         state: &mut Self::State,
         manager: &mut EM,
@@ -420,22 +447,17 @@ where
     ) -> Result<(ExecuteInputResult, Option<CorpusId>), Error>
     where
         EM: EventFirer<State = Self::State>,
+        OT: ObserversTuple<Self::State> + Serialize,
     {
         let exec_res = self.check_results(state, manager, &input, observers, exit_kind)?;
-        let corpus_id = self.process_execution(
+        let corpus_id = self.process_execution(state, manager, &input, &exec_res, observers)?;
-            state,
+        if send_events {
-            manager,
+            self.serialize_and_dispatch(state, manager, input, &exec_res, observers, exit_kind)?;
-            input,
+        }
-            &exec_res,
-            observers,
-            exit_kind,
-            send_events,
-        )?;
         Ok((exec_res, corpus_id))
     }
 
-    /// Evaluate if a set of observation channels has an interesting state
+    fn serialize_and_dispatch<EM, OT>(
-    fn process_execution<EM>(
         &mut self,
         state: &mut Self::State,
         manager: &mut EM,
@@ -443,38 +465,48 @@ where
         exec_res: &ExecuteInputResult,
         observers: &OT,
         exit_kind: &ExitKind,
-        send_events: bool,
+    ) -> Result<(), Error>
-    ) -> Result<Option<CorpusId>, Error>
     where
         EM: EventFirer<State = Self::State>,
+        OT: ObserversTuple<Self::State> + Serialize,
     {
-        match exec_res {
+        // Now send off the event
-            ExecuteInputResult::None => {
+        let observers_buf = match exec_res {
-                self.feedback_mut().discard_metadata(state, &input)?;
-                self.objective_mut().discard_metadata(state, &input)?;
-                Ok(None)
-            }
             ExecuteInputResult::Corpus => {
-                // Not a solution
+                if manager.should_send() {
-                self.objective_mut().discard_metadata(state, &input)?;
-
-                // Add the input to the main corpus
-                let mut testcase = Testcase::with_executions(input.clone(), *state.executions());
-                #[cfg(feature = "track_hit_feedbacks")]
-                self.feedback_mut()
-                    .append_hit_feedbacks(testcase.hit_feedbacks_mut())?;
-                self.feedback_mut()
-                    .append_metadata(state, manager, observers, &mut testcase)?;
-                let id = state.corpus_mut().add(testcase)?;
-                self.scheduler_mut().on_add(state, id)?;
-
-                if send_events && manager.should_send() {
                     // TODO set None for fast targets
-                    let observers_buf = if manager.configuration() == EventConfig::AlwaysUnique {
+                    if manager.configuration() == EventConfig::AlwaysUnique {
                         None
                     } else {
                         manager.serialize_observers::<OT>(observers)?
-                    };
+                    }
+                } else {
+                    None
+                }
+            }
+            _ => None,
+        };
+
+        self.dispatch_event(state, manager, input, exec_res, observers_buf, exit_kind)?;
+        Ok(())
+    }
+
+    fn dispatch_event<EM>(
+        &mut self,
+        state: &mut Self::State,
+        manager: &mut EM,
+        input: <Self::State as UsesInput>::Input,
+        exec_res: &ExecuteInputResult,
+        observers_buf: Option<Vec<u8>>,
+        exit_kind: &ExitKind,
+    ) -> Result<(), Error>
+    where
+        EM: EventFirer<State = Self::State>,
+    {
+        // Now send off the event
+        match exec_res {
+            ExecuteInputResult::Corpus => {
+                if manager.should_send() {
                     manager.fire(
                         state,
                         Event::NewTestcase {
@@ -490,19 +522,68 @@ where
                             node_id: None,
                         },
                     )?;
-                } else {
-                    // This testcase is from the other fuzzers.
-                    *state.imported_mut() += 1;
                 }
+            }
+            ExecuteInputResult::Solution => {
+                if manager.should_send() {
+                    let executions = *state.executions();
+                    manager.fire(
+                        state,
+                        Event::Objective {
+                            objective_size: state.solutions().count(),
+                            executions,
+                            time: current_time(),
+                        },
+                    )?;
+                }
+            }
+            ExecuteInputResult::None => (),
+        }
+        Ok(())
+    }
+
+    /// Evaluate if a set of observation channels has an interesting state
+    fn process_execution<EM, OT>(
+        &mut self,
+        state: &mut Self::State,
+        manager: &mut EM,
+        input: &<Self::State as UsesInput>::Input,
+        exec_res: &ExecuteInputResult,
+        observers: &OT,
+    ) -> Result<Option<CorpusId>, Error>
+    where
+        EM: EventFirer<State = Self::State>,
+        OT: ObserversTuple<Self::State>,
+    {
+        match exec_res {
+            ExecuteInputResult::None => {
+                self.feedback_mut().discard_metadata(state, input)?;
+                self.objective_mut().discard_metadata(state, input)?;
+                Ok(None)
+            }
+            ExecuteInputResult::Corpus => {
+                // Not a solution
+                self.objective_mut().discard_metadata(state, input)?;
+
+                // Add the input to the main corpus
+                let mut testcase = Testcase::with_executions(input.clone(), *state.executions());
+                #[cfg(feature = "track_hit_feedbacks")]
+                self.feedback_mut()
+                    .append_hit_feedbacks(testcase.hit_feedbacks_mut())?;
+                self.feedback_mut()
+                    .append_metadata(state, manager, observers, &mut testcase)?;
+                let id = state.corpus_mut().add(testcase)?;
+                self.scheduler_mut().on_add(state, id)?;
+
                 Ok(Some(id))
             }
             ExecuteInputResult::Solution => {
                 // Not interesting
-                self.feedback_mut().discard_metadata(state, &input)?;
+                self.feedback_mut().discard_metadata(state, input)?;
 
                 let executions = *state.executions();
                 // The input is a solution, add it to the respective corpus
-                let mut testcase = Testcase::with_executions(input, executions);
+                let mut testcase = Testcase::with_executions(input.clone(), executions);
                 testcase.set_parent_id_optional(*state.corpus().current());
                 if let Ok(mut tc) = state.current_testcase_mut() {
                     tc.found_objective();
@@ -514,24 +595,13 @@ where
                     .append_metadata(state, manager, observers, &mut testcase)?;
                 state.solutions_mut().add(testcase)?;
 
-                if send_events {
-                    manager.fire(
-                        state,
-                        Event::Objective {
-                            objective_size: state.solutions().count(),
-                            executions,
-                            time: current_time(),
-                        },
-                    )?;
-                }
-
                 Ok(None)
             }
         }
     }
 }
 
-impl<CS, F, OF, OT> EvaluatorObservers<OT> for StdFuzzer<CS, F, OF, OT>
+impl<CS, F, OF, OT> EvaluatorObservers<OT> for StdFuzzer<CS, F, OF>
 where
     CS: Scheduler,
     OT: ObserversTuple<Self::State> + Serialize + DeserializeOwned,
@@ -562,7 +632,7 @@ where
     }
 }
 
-impl<CS, E, EM, F, OF, OT> Evaluator<E, EM> for StdFuzzer<CS, F, OF, OT>
+impl<CS, E, EM, F, OF, OT> Evaluator<E, EM> for StdFuzzer<CS, F, OF>
 where
     CS: Scheduler,
     E: HasObservers<State = Self::State, Observers = OT> + Executor<EM, Self>,
@@ -695,7 +765,7 @@ where
     }
 }
 
-impl<CS, E, EM, F, OF, OT, ST> Fuzzer<E, EM, ST> for StdFuzzer<CS, F, OF, OT>
+impl<CS, E, EM, F, OF, ST> Fuzzer<E, EM, ST> for StdFuzzer<CS, F, OF>
 where
     CS: Scheduler,
     E: UsesState<State = Self::State>,
@@ -768,7 +838,7 @@ where
     }
 }
 
-impl<CS, F, OF, OT> StdFuzzer<CS, F, OF, OT>
+impl<CS, F, OF> StdFuzzer<CS, F, OF>
 where
     CS: Scheduler,
     F: Feedback<<Self as UsesState>::State>,
@@ -781,7 +851,6 @@ where
             scheduler,
             feedback,
             objective,
-            phantom: PhantomData,
         }
     }
 
@@ -794,9 +863,8 @@ where
         input: &<<Self as UsesState>::State as UsesInput>::Input,
     ) -> Result<ExitKind, Error>
     where
-        E: Executor<EM, Self> + HasObservers<Observers = OT, State = <Self as UsesState>::State>,
+        E: Executor<EM, Self> + HasObservers<State = <Self as UsesState>::State>,
         EM: UsesState<State = <Self as UsesState>::State>,
-        OT: ObserversTuple<<Self as UsesState>::State>,
     {
         start_timer!(state);
         executor.observers_mut().pre_exec_all(state, input)?;
@@ -832,7 +900,7 @@ where
     ) -> Result<ExitKind, Error>;
 }
 
-impl<CS, E, EM, F, OF, OT> ExecutesInput<E, EM> for StdFuzzer<CS, F, OF, OT>
+impl<CS, E, EM, F, OF> ExecutesInput<E, EM> for StdFuzzer<CS, F, OF>
 where
     CS: Scheduler,
     F: Feedback<<Self as UsesState>::State>,

libafl/src/stages/mod.rs

@@ -448,7 +448,7 @@ where
     OT: ObserversTuple<Self::State>,
     PS: PushStage<CS, EM, OT, Z>,
     Z: ExecutesInput<E, EM, State = Self::State>
-        + ExecutionProcessor<OT, State = Self::State>
+        + ExecutionProcessor
         + EvaluatorObservers<OT>
         + HasScheduler<Scheduler = CS>,
 {

libafl/src/stages/push/mod.rs

@@ -38,7 +38,7 @@ where
     EM: EventFirer<State = CS::State> + EventRestarter + HasEventManagerId,
     OT: ObserversTuple<CS::State>,
     CS::State: HasRand + HasCorpus,
-    Z: ExecutionProcessor<OT, State = CS::State>
+    Z: ExecutionProcessor<State = CS::State>
         + EvaluatorObservers<OT>
         + HasScheduler<Scheduler = CS>,
 {
@@ -59,7 +59,7 @@ where
     EM: EventFirer<State = CS::State> + EventRestarter + HasEventManagerId,
     OT: ObserversTuple<CS::State>,
     CS::State: HasRand + HasCorpus,
-    Z: ExecutionProcessor<OT, State = CS::State>
+    Z: ExecutionProcessor<State = CS::State>
         + EvaluatorObservers<OT>
         + HasScheduler<Scheduler = CS>,
 {
@@ -84,7 +84,7 @@ where
     EM: EventFirer<State = CS::State> + EventRestarter + HasEventManagerId,
     OT: ObserversTuple<CS::State>,
     CS::State: HasRand + HasCorpus,
-    Z: ExecutionProcessor<OT, State = CS::State>
+    Z: ExecutionProcessor<State = CS::State>
         + EvaluatorObservers<OT>
         + HasScheduler<Scheduler = CS>,
 {
@@ -114,7 +114,7 @@ where
     EM: EventFirer<State = CS::State> + EventRestarter + HasEventManagerId,
     OT: ObserversTuple<CS::State>,
     CS::State: HasRand + HasCorpus,
-    Z: ExecutionProcessor<OT, State = CS::State>
+    Z: ExecutionProcessor<State = CS::State>
         + EvaluatorObservers<OT>
         + HasScheduler<Scheduler = CS>,
 {
@@ -183,7 +183,7 @@ where
     CS::State: HasRand + HasExecutions + HasMetadata + HasCorpus + HasLastReportTime,
     EM: EventFirer<State = CS::State> + EventRestarter + HasEventManagerId + ProgressReporter,
     OT: ObserversTuple<CS::State>,
-    Z: ExecutionProcessor<OT, State = CS::State>
+    Z: ExecutionProcessor<State = CS::State>
         + EvaluatorObservers<OT>
         + HasScheduler<Scheduler = CS>,
 {

libafl/src/stages/push/mutational.rs

@@ -8,6 +8,7 @@ use core::{
 };
 
 use libafl_bolts::rands::Rand;
+use serde::Serialize;
 
 use super::{PushStage, PushStageHelper, PushStageSharedState};
 use crate::{
@@ -43,9 +44,9 @@ where
     CS: Scheduler,
     EM: EventFirer<State = CS::State> + EventRestarter + HasEventManagerId,
     M: Mutator<CS::Input, CS::State>,
-    OT: ObserversTuple<CS::State>,
+    OT: ObserversTuple<CS::State> + Serialize,
     CS::State: HasRand + HasCorpus + Clone + Debug,
-    Z: ExecutionProcessor<OT, State = CS::State>
+    Z: ExecutionProcessor<State = CS::State>
         + EvaluatorObservers<OT>
         + HasScheduler<Scheduler = CS>,
 {
@@ -63,9 +64,9 @@ where
     CS: Scheduler,
     EM: EventFirer<State = CS::State> + EventRestarter + HasEventManagerId,
     M: Mutator<CS::Input, CS::State>,
-    OT: ObserversTuple<CS::State>,
+    OT: ObserversTuple<CS::State> + Serialize,
     CS::State: HasCorpus + HasRand + Clone + Debug,
-    Z: ExecutionProcessor<OT, State = CS::State>
+    Z: ExecutionProcessor<State = CS::State>
         + EvaluatorObservers<OT>
         + HasScheduler<Scheduler = CS>,
 {
@@ -86,10 +87,10 @@ where
     CS: Scheduler,
     EM: EventFirer<State = CS::State> + EventRestarter + HasEventManagerId + ProgressReporter,
     M: Mutator<CS::Input, CS::State>,
-    OT: ObserversTuple<CS::State>,
+    OT: ObserversTuple<CS::State> + Serialize,
     CS::State:
         HasCorpus + HasRand + HasExecutions + HasLastReportTime + HasMetadata + Clone + Debug,
-    Z: ExecutionProcessor<OT, State = CS::State>
+    Z: ExecutionProcessor<State = CS::State>
         + EvaluatorObservers<OT>
         + HasScheduler<Scheduler = CS>,
 {
@@ -197,10 +198,10 @@ where
     CS: Scheduler,
     EM: EventFirer + EventRestarter + HasEventManagerId + ProgressReporter<State = CS::State>,
     M: Mutator<CS::Input, CS::State>,
-    OT: ObserversTuple<CS::State>,
+    OT: ObserversTuple<CS::State> + Serialize,
     CS::State:
         HasCorpus + HasRand + HasExecutions + HasMetadata + HasLastReportTime + Clone + Debug,
-    Z: ExecutionProcessor<OT, State = CS::State>
+    Z: ExecutionProcessor<State = CS::State>
         + EvaluatorObservers<OT>
         + HasScheduler<Scheduler = CS>,
 {
@@ -216,9 +217,9 @@ where
     CS: Scheduler,
     EM: EventFirer<State = CS::State> + EventRestarter + HasEventManagerId,
     M: Mutator<CS::Input, CS::State>,
-    OT: ObserversTuple<CS::State>,
+    OT: ObserversTuple<CS::State> + Serialize,
     CS::State: HasCorpus + HasRand + Clone + Debug,
-    Z: ExecutionProcessor<OT, State = CS::State>
+    Z: ExecutionProcessor<State = CS::State>
         + EvaluatorObservers<OT>
         + HasScheduler<Scheduler = CS>,
 {

libafl/src/stages/sync.rs

@@ -302,7 +302,7 @@ where
     SP: ShMemProvider,
     E: HasObservers<State = S> + Executor<EM, Z>,
     for<'a> E::Observers: Deserialize<'a>,
-    Z: EvaluatorObservers<E::Observers, State = S> + ExecutionProcessor<E::Observers, State = S>,
+    Z: EvaluatorObservers<E::Observers, State = S> + ExecutionProcessor<State = S>,
     IC: InputConverter<From = S::Input, To = DI>,
     ICB: InputConverter<From = DI, To = S::Input>,
     DI: Input,

libafl/src/stages/tmin.rs

@@ -11,6 +11,7 @@ use libafl_bolts::{
     tuples::{Handle, Handled, MatchNameRef},
     HasLen, Named,
 };
+use serde::Serialize;
 
 #[cfg(feature = "track_hit_feedbacks")]
 use crate::feedbacks::premature_last_result_err;
@@ -22,7 +23,7 @@ use crate::{
     inputs::UsesInput,
     mark_feature_time,
     mutators::{MutationResult, Mutator},
-    observers::{MapObserver, ObserversTuple},
+    observers::{MapObserver, ObserversTuple, UsesObservers},
     schedulers::RemovableScheduler,
     stages::{
         mutational::{MutatedTransform, MutatedTransformPost},
@@ -44,6 +45,7 @@ pub trait TMinMutationalStage<E, EM, F, IP, M, Z>:
     Stage<E, EM, Z> + FeedbackFactory<F, E::Observers>
 where
     E: UsesState<State = Self::State> + HasObservers,
+    <E as UsesObservers>::Observers: Serialize,
     EM: UsesState<State = Self::State> + EventFirer,
     F: Feedback<Self::State>,
     Self::State: HasMaxSize + HasCorpus + HasSolutions + HasExecutions,
@@ -54,7 +56,7 @@ where
         + HasScheduler
         + HasFeedback
         + ExecutesInput<E, EM>
-        + ExecutionProcessor<E::Observers>,
+        + ExecutionProcessor,
     Z::Scheduler: RemovableScheduler<State = Self::State>,
 {
     /// The mutator registered for this stage
@@ -236,9 +238,10 @@ where
 
 impl<E, EM, F, FF, IP, M, Z> Stage<E, EM, Z> for StdTMinMutationalStage<E, EM, F, FF, IP, M, Z>
 where
-    Z: HasScheduler + ExecutionProcessor<E::Observers> + ExecutesInput<E, EM> + HasFeedback,
+    Z: HasScheduler + ExecutionProcessor + ExecutesInput<E, EM> + HasFeedback,
     Z::Scheduler: RemovableScheduler,
     E: HasObservers<State = Self::State>,
+    <E as UsesObservers>::Observers: Serialize,
     EM: EventFirer<State = Self::State>,
     FF: FeedbackFactory<F, E::Observers>,
     F: Feedback<Self::State>,
@@ -297,9 +300,10 @@ pub static TMIN_STAGE_NAME: &str = "tmin";
 impl<E, EM, F, FF, IP, M, Z> TMinMutationalStage<E, EM, F, IP, M, Z>
     for StdTMinMutationalStage<E, EM, F, FF, IP, M, Z>
 where
-    Z: HasScheduler + ExecutionProcessor<E::Observers> + ExecutesInput<E, EM> + HasFeedback,
+    Z: HasScheduler + ExecutionProcessor + ExecutesInput<E, EM> + HasFeedback,
     Z::Scheduler: RemovableScheduler,
     E: HasObservers<State = Self::State>,
+    <E as UsesObservers>::Observers: Serialize,
     EM: EventFirer<State = Self::State>,
     FF: FeedbackFactory<F, E::Observers>,
     F: Feedback<Self::State>,

libafl_bolts/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "libafl_bolts"
-version.workspace = true
+version = "0.13.1"
 authors = ["Andrea Fioraldi <andreafioraldi@gmail.com>", "Dominik Maier <domenukk@gmail.com>"]
 description = "Low-level bolts to create fuzzers and so much more"
 documentation = "https://docs.rs/libafl"

libafl_cc/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "libafl_cc"
-version.workspace = true
+version = "0.13.1"
 authors = ["Andrea Fioraldi <andreafioraldi@gmail.com>"]
 description = "Commodity library to wrap compilers and link LibAFL"
 documentation = "https://docs.rs/libafl_cc"

libafl_concolic/symcc_libafl/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "symcc_libafl"
-version.workspace = true
+version = "0.13.1"
 edition = "2021"
 authors = ["Julius Hohnerlein <julihoh@users.noreply.github.com>", "Andrea Fioraldi <andreafioraldi@gmail.com>", "Dominik Maier <domenukk@gmail.com>"]
 description = "Meta package for symcc_runtime"

libafl_concolic/symcc_runtime/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "symcc_runtime"
-version.workspace = true
+version = "0.13.1"
 edition = "2021"
 authors = ["Julius Hohnerlein <julihoh@users.noreply.github.com>", "Andrea Fioraldi <andreafioraldi@gmail.com>", "Dominik Maier <domenukk@gmail.com>"]
 description = "Build Concolic Tracing tools based on SymCC in Rust"

libafl_derive/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "libafl_derive"
-version.workspace = true
+version = "0.13.1"
 authors = ["Andrea Fioraldi <andreafioraldi@gmail.com>"]
 description = "Derive proc-macro crate for LibAFL"
 documentation = "https://docs.rs/libafl_derive"

libafl_frida/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "libafl_frida"
-version.workspace = true
+version = "0.13.1"
 authors = ["s1341 <github@shmarya.net>"]
 description = "Frida backend library for LibAFL"
 documentation = "https://docs.rs/libafl_frida"

libafl_libfuzzer/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "libafl_libfuzzer"
-version.workspace = true
+version = "0.13.1"
 description = "libFuzzer shim which uses LibAFL with common defaults"
 repository = "https://github.com/AFLplusplus/LibAFL/"
 readme = "../README.md"

libafl_nyx/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "libafl_nyx"
-version.workspace = true
+version = "0.13.1"
 edition = "2021"
 authors = ["syheliel <syheliel@gmail.com>"]
 description = "libafl using nyx, only avaliable on linux"

libafl_qemu/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "libafl_qemu"
-version.workspace = true
+version = "0.13.1"
 authors = ["Andrea Fioraldi <andreafioraldi@gmail.com>"]
 description = "QEMU user backend library for LibAFL"
 documentation = "https://docs.rs/libafl_qemu"

libafl_qemu/src/executor/mod.rs

@@ -22,7 +22,7 @@ use libafl::{
     fuzzer::HasObjective,
     observers::{ObserversTuple, UsesObservers},
     state::{HasCorpus, HasExecutions, HasSolutions, State, UsesState},
-    Error,
+    Error, ExecutionProcessor, HasScheduler,
 };
 #[cfg(feature = "fork")]
 use libafl_bolts::shmem::ShMemProvider;
@@ -141,7 +141,7 @@ where
         OF: Feedback<S>,
         OT: ObserversTuple<S>,
         S: State + HasExecutions + HasCorpus + HasSolutions,
-        Z: HasObjective<Objective = OF, State = S>,
+        Z: HasObjective<Objective = OF, State = S> + ExecutionProcessor + HasScheduler,
     {
         #[cfg(emulation_mode = "usermode")]
         {
@@ -198,7 +198,7 @@ where
         EM: EventFirer<State = S> + EventRestarter<State = S>,
         OF: Feedback<S>,
         S: State + HasExecutions + HasCorpus + HasSolutions,
-        Z: HasObjective<Objective = OF, State = S>,
+        Z: HasObjective<Objective = OF, State = S> + HasScheduler + ExecutionProcessor,
     {
         let mut inner = InProcessExecutor::with_timeout(
             harness_fn, observers, fuzzer, state, event_mgr, timeout,

libafl_qemu/src/executor/stateful.rs

@@ -15,7 +15,7 @@ use libafl::{
     fuzzer::HasObjective,
     observers::{ObserversTuple, UsesObservers},
     state::{HasCorpus, HasExecutions, HasSolutions, State, UsesState},
-    Error,
+    Error, ExecutionProcessor, HasScheduler,
 };
 use libafl_bolts::tuples::RefIndexable;
 
@@ -69,7 +69,7 @@ where
         EM: EventFirer<State = S> + EventRestarter<State = S>,
         OF: Feedback<S>,
         S: State + HasExecutions + HasCorpus + HasSolutions,
-        Z: HasObjective<Objective = OF, State = S>,
+        Z: HasObjective<Objective = OF, State = S> + HasScheduler + ExecutionProcessor,
     {
         let qemu_state = QemuExecutorState::new::<
             StatefulInProcessExecutor<'a, H, OT, S, QemuExecutorState<'a, QT, S>>,

libafl_sugar/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "libafl_sugar"
-version.workspace = true
+version = "0.13.1"
 authors = ["Andrea Fioraldi <andreafioraldi@gmail.com>"]
 description = "Sugar builders to create common fuzzers with LibAFL"
 documentation = "https://docs.rs/libafl_sugar"

libafl_targets/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "libafl_targets"
-version.workspace = true
+version = "0.13.1"
 authors = ["Andrea Fioraldi <andreafioraldi@gmail.com>"]
 description = "Common code for target instrumentation that can be used combined with LibAFL"
 documentation = "https://docs.rs/libafl_targets"

libafl_targets/src/windows_asan.rs

@@ -5,7 +5,7 @@ use libafl::{
     executors::{hooks::windows::windows_asan_handler::asan_death_handler, Executor, HasObservers},
     feedbacks::Feedback,
     state::{HasCorpus, HasExecutions, HasSolutions},
-    HasObjective,
+    ExecutionProcessor, HasObjective, HasScheduler,
 };
 
 /// Asan death callback type
@@ -33,7 +33,7 @@ where
     EM: EventFirer<State = E::State> + EventRestarter<State = E::State>,
     OF: Feedback<E::State>,
     E::State: HasSolutions + HasCorpus + HasExecutions,
-    Z: HasObjective<Objective = OF, State = E::State>,
+    Z: HasObjective<Objective = OF, State = E::State> + HasScheduler + ExecutionProcessor,
 {
     __sanitizer_set_death_callback(Some(asan_death_handler::<E, EM, OF, Z>));
 }

libafl_tinyinst/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "libafl_tinyinst"
-version.workspace = true
+version = "0.13.1"
 edition = "2021"
 authors = ["elbiazo <eric.l.biazo@gmail.com>", "Dongjia Zhang <tokazerkje@outlook.com>"]
 repository = "https://github.com/AFLplusplus/LibAFL/"

scripts/clippy.ps1

@@ -1,4 +1,4 @@
-cargo clippy --all --all-features --exclude libafl_nyx --exclude symcc_runtime --exclude runtime_test --exclude libafl_qemu --exclude libafl_libfuzzer --exclude libafl_qemu_sys --no-deps --tests --benches --examples -- `
+cargo clippy --all --all-features --exclude libafl_qemu --no-deps --tests --benches --examples -- `
    -D clippy::all `
    -D clippy::pedantic `
    -W clippy::similar_names `

scripts/clippy.sh

@@ -4,7 +4,7 @@ cd "$SCRIPT_DIR/.." || exit 1
 
 set -e
 
-RUST_BACKTRACE=full cargo +nightly clippy --all --all-features --exclude libafl_nyx --exclude symcc_runtime --exclude runtime_test --no-deps --tests --examples --benches -- -Z macro-backtrace \
+RUST_BACKTRACE=full cargo +nightly clippy --all --all-features --no-deps --tests --examples --benches -- -Z macro-backtrace \
    -D clippy::all \
    -D clippy::pedantic \
    -W clippy::similar_names \
@@ -21,7 +21,7 @@ RUST_BACKTRACE=full cargo +nightly clippy --all --all-features --exclude libafl_
 
 if [[ "$OSTYPE" == "linux-gnu"* ]]; then
   cd libafl_libfuzzer/libafl_libfuzzer_runtime
-  RUST_BACKTRACE=full cargo +nightly clippy --all --all-features --exclude libafl_nyx --exclude symcc_runtime --exclude runtime_test --no-deps --tests --examples --benches -- -Z macro-backtrace \
+  RUST_BACKTRACE=full cargo +nightly clippy --all --all-features --no-deps --tests --examples --benches -- -Z macro-backtrace \
      -D clippy::all \
      -D clippy::pedantic \
      -W clippy::similar_names \

utils/libafl_benches/Cargo.toml

@@ -1,7 +1,7 @@
 [package]
 authors = ["Andrea Fioraldi <andreafioraldi@gmail.com>", "Dominik Maier <domenukk@gmail.com>"]
 name = "libafl_benches"
-version.workspace = true
+version = "0.13.1"
 edition = "2021"
 description = "LibAFL Benchmarks"
 documentation = "https://docs.rs/libafl"