From 796ce20cd89bf77fe2b87486376c5d0e074a17d6 Mon Sep 17 00:00:00 2001 From: Francesco Cirillo <93737876+fcirillo00@users.noreply.github.com> Date: Sat, 12 Apr 2025 20:35:31 +0200 Subject: [PATCH] ScheduledMutator Fix with_max_stack_pow (#3148) * ScheduledMutator Fix with_max_stack_pow * Renamed StdScheduledMutator to HavocScheduledMutator * Added SingleChoiceScheduledMutator * Changed HavocScheduledMutator description * Added rename in migration * Missed renaming * cargo fmt fix * cargo fmt fix 2 * Clippy duplicate code and safer test * cargo fmt fix 3 * Removed my hallucination --- MIGRATION.md | 1 + .../baby_fuzzer/listing-06/src/main.rs | 4 +- fuzzers/baby/baby_fuzzer/src/main.rs | 4 +- .../baby_fuzzer_custom_executor/src/main.rs | 4 +- .../baby/baby_fuzzer_minimizing/src/main.rs | 6 +- .../baby_fuzzer_swap_differential/src/main.rs | 4 +- fuzzers/baby/baby_fuzzer_unicode/src/main.rs | 4 +- .../c_code_with_fork_executor/src/main.rs | 4 +- .../src/main.rs | 4 +- .../command_executor/src/main.rs | 4 +- .../forkserver_executor/src/main.rs | 4 +- .../rust_code_with_fork_executor/src/main.rs | 4 +- .../src/main.rs | 4 +- .../frida_executable_libpng/src/fuzzer.rs | 13 +- .../binary_only/frida_libpng/src/fuzzer.rs | 9 +- .../frida_windows_gdiplus/src/fuzzer.rs | 13 +- .../fuzzbench_fork_qemu/src/fuzzer.rs | 8 +- .../binary_only/fuzzbench_qemu/src/fuzzer.rs | 8 +- .../intel_pt_baby_fuzzer/src/main.rs | 4 +- .../intel_pt_command_executor/src/main.rs | 4 +- .../binary_only/qemu_launcher/src/instance.rs | 8 +- .../binary_only/tinyinst_simple/src/main.rs | 4 +- .../baby_fuzzer_with_forkexecutor/src/main.rs | 4 +- .../forkserver_libafl_cc/src/main.rs | 4 +- .../forkserver/forkserver_simple/src/main.rs | 4 +- .../fuzzbench_forkserver/src/main.rs | 9 +- .../fuzzbench_forkserver_sand/src/main.rs | 9 +- fuzzers/forkserver/libafl-fuzz/src/fuzzer.rs | 4 +- .../full_system/nyx_launcher/src/instance.rs | 6 +- .../nyx_libxml2_parallel/src/main.rs | 4 +- .../nyx_libxml2_standalone/src/main.rs | 4 +- .../qemu_baremetal/src/fuzzer_breakpoint.rs | 4 +- .../qemu_baremetal/src/fuzzer_low_level.rs | 4 +- .../qemu_baremetal/src/fuzzer_sync_exit.rs | 4 +- .../qemu_linux_kernel/src/fuzzer.rs | 6 +- .../qemu_linux_process/src/fuzzer.rs | 6 +- fuzzers/full_system/unicorn/src/main.rs | 4 +- .../fuzz_anything/baby_fuzzer_wasm/src/lib.rs | 4 +- fuzzers/fuzz_anything/baby_no_std/src/main.rs | 4 +- .../fuzz_anything/libafl_atheris/src/lib.rs | 9 +- .../fuzz_anything/push_harness/src/main.rs | 4 +- .../push_stage_harness/src/main.rs | 4 +- fuzzers/inprocess/fuzzbench/src/lib.rs | 6 +- fuzzers/inprocess/fuzzbench_ctx/src/lib.rs | 8 +- fuzzers/inprocess/fuzzbench_text/src/lib.rs | 12 +- .../inprocess/libfuzzer_libmozjpeg/src/lib.rs | 4 +- fuzzers/inprocess/libfuzzer_libpng/src/lib.rs | 4 +- .../libfuzzer_libpng_accounting/src/lib.rs | 4 +- .../libfuzzer_libpng_centralized/src/lib.rs | 4 +- .../libfuzzer_libpng_cmin/src/lib.rs | 4 +- .../libfuzzer_libpng_launcher/src/lib.rs | 4 +- .../libfuzzer_libpng_norestart/src/lib.rs | 4 +- .../libfuzzer_libpng_tcp_manager/src/lib.rs | 4 +- .../inprocess/libfuzzer_stb_image/src/main.rs | 8 +- .../libfuzzer_windows_asan/src/lib.rs | 4 +- .../src/lib.rs | 4 +- .../baby_fuzzer_custom_input/src/main.rs | 4 +- .../baby_fuzzer_gramatron/src/main.rs | 4 +- .../baby_fuzzer_grimoire/src/main.rs | 6 +- .../baby_fuzzer_multi/src/main.rs | 4 +- .../baby_fuzzer_nautilus/src/main.rs | 5 +- .../baby_fuzzer_tokens/src/main.rs | 4 +- .../forkserver_simple_nautilus/src/main.rs | 6 +- .../fuzzer/src/main.rs | 8 +- .../structure_aware/nautilus_sync/src/lib.rs | 5 +- libafl/src/lib.rs | 4 +- libafl/src/mutators/scheduled.rs | 155 +++++++++++++++--- libafl_frida/src/lib.rs | 4 +- libafl_libfuzzer/runtime/src/lib.rs | 22 +-- libafl_libfuzzer/runtime/src/tmin.rs | 6 +- libafl_sugar/src/forkserver.rs | 7 +- libafl_sugar/src/inmemory.rs | 9 +- libafl_sugar/src/qemu.rs | 12 +- 73 files changed, 355 insertions(+), 207 deletions(-) diff --git a/MIGRATION.md b/MIGRATION.md index 6de6720870..1d86e0fefd 100644 --- a/MIGRATION.md +++ b/MIGRATION.md @@ -16,6 +16,7 @@ - `MultipartInput` is now implemented as key-value tuples in a `ListInput`. The interface slightly changed, all functionality is maintained. - Instead of names, `MultipartInput` uses generic `key`s (function names were changed accordingly). - If you don't need the keys to identify individual parts, consider using `ListInput` directly. + - `StdScheduledMutator` has been renamed to `HavocScheduledMutator`. ## 0.14.1 -> 0.15.0 diff --git a/docs/listings/baby_fuzzer/listing-06/src/main.rs b/docs/listings/baby_fuzzer/listing-06/src/main.rs index 6d45c8ea97..cb42cf9723 100644 --- a/docs/listings/baby_fuzzer/listing-06/src/main.rs +++ b/docs/listings/baby_fuzzer/listing-06/src/main.rs @@ -12,7 +12,7 @@ use libafl::{ generators::RandPrintablesGenerator, inputs::{BytesInput, HasTargetBytes}, monitors::SimpleMonitor, - mutators::scheduled::{havoc_mutations, StdScheduledMutator}, + mutators::scheduled::{havoc_mutations, HavocScheduledMutator}, observers::StdMapObserver, schedulers::QueueScheduler, stages::mutational::StdMutationalStage, @@ -107,7 +107,7 @@ fn main() { /* ANCHOR: mutational_stage */ // Setup a mutational stage with a basic bytes mutator - let mutator = StdScheduledMutator::new(havoc_mutations()); + let mutator = HavocScheduledMutator::new(havoc_mutations()); let mut stages = tuple_list!(StdMutationalStage::new(mutator)); fuzzer diff --git a/fuzzers/baby/baby_fuzzer/src/main.rs b/fuzzers/baby/baby_fuzzer/src/main.rs index 19d20a655f..d8fc9e3982 100644 --- a/fuzzers/baby/baby_fuzzer/src/main.rs +++ b/fuzzers/baby/baby_fuzzer/src/main.rs @@ -14,7 +14,7 @@ use libafl::{ fuzzer::{Fuzzer, StdFuzzer}, generators::RandPrintablesGenerator, inputs::{BytesInput, HasTargetBytes}, - mutators::{havoc_mutations::havoc_mutations, scheduled::StdScheduledMutator}, + mutators::{havoc_mutations::havoc_mutations, scheduled::HavocScheduledMutator}, observers::StdMapObserver, schedulers::QueueScheduler, stages::mutational::StdMutationalStage, @@ -128,7 +128,7 @@ pub fn main() { .expect("Failed to generate the initial corpus"); // Setup a mutational stage with a basic bytes mutator - let mutator = StdScheduledMutator::new(havoc_mutations()); + let mutator = HavocScheduledMutator::new(havoc_mutations()); let mut stages = tuple_list!(StdMutationalStage::new(mutator)); fuzzer diff --git a/fuzzers/baby/baby_fuzzer_custom_executor/src/main.rs b/fuzzers/baby/baby_fuzzer_custom_executor/src/main.rs index d099e2f10b..45e9603d2d 100644 --- a/fuzzers/baby/baby_fuzzer_custom_executor/src/main.rs +++ b/fuzzers/baby/baby_fuzzer_custom_executor/src/main.rs @@ -15,7 +15,7 @@ use libafl::{ fuzzer::{Fuzzer, StdFuzzer}, generators::RandPrintablesGenerator, inputs::HasTargetBytes, - mutators::{havoc_mutations::havoc_mutations, scheduled::StdScheduledMutator}, + mutators::{havoc_mutations::havoc_mutations, scheduled::HavocScheduledMutator}, observers::StdMapObserver, schedulers::QueueScheduler, stages::{mutational::StdMutationalStage, AflStatsStage, CalibrationStage}, @@ -155,7 +155,7 @@ pub fn main() { .expect("Failed to generate the initial corpus"); // Setup a mutational stage with a basic bytes mutator - let mutator = StdScheduledMutator::new(havoc_mutations()); + let mutator = HavocScheduledMutator::new(havoc_mutations()); let mut stages = tuple_list!( calibration_stage, StdMutationalStage::new(mutator), diff --git a/fuzzers/baby/baby_fuzzer_minimizing/src/main.rs b/fuzzers/baby/baby_fuzzer_minimizing/src/main.rs index 344206b466..e8ccf4ac20 100644 --- a/fuzzers/baby/baby_fuzzer_minimizing/src/main.rs +++ b/fuzzers/baby/baby_fuzzer_minimizing/src/main.rs @@ -97,8 +97,8 @@ pub fn main() -> Result<(), Error> { .expect("Failed to generate the initial corpus"); // Setup a mutational stage with a basic bytes mutator - let mutator = StdScheduledMutator::new(havoc_mutations()); - let minimizer = StdScheduledMutator::new(havoc_mutations()); + let mutator = HavocScheduledMutator::new(havoc_mutations()); + let minimizer = HavocScheduledMutator::new(havoc_mutations()); let mut stages = tuple_list!( StdMutationalStage::new(mutator), StdTMinMutationalStage::new(minimizer, factory, 128) @@ -124,7 +124,7 @@ pub fn main() -> Result<(), Error> { let mut mgr = SimpleEventManager::new(mon); - let minimizer = StdScheduledMutator::new(havoc_mutations()); + let minimizer = HavocScheduledMutator::new(havoc_mutations()); let mut stages = tuple_list!(StdTMinMutationalStage::new( minimizer, CrashFeedback::new(), diff --git a/fuzzers/baby/baby_fuzzer_swap_differential/src/main.rs b/fuzzers/baby/baby_fuzzer_swap_differential/src/main.rs index dab3133063..093468b685 100644 --- a/fuzzers/baby/baby_fuzzer_swap_differential/src/main.rs +++ b/fuzzers/baby/baby_fuzzer_swap_differential/src/main.rs @@ -17,7 +17,7 @@ use libafl::{ fuzzer::{Fuzzer, StdFuzzer}, generators::RandPrintablesGenerator, inputs::{BytesInput, HasTargetBytes}, - mutators::{havoc_mutations::havoc_mutations, scheduled::StdScheduledMutator}, + mutators::{havoc_mutations::havoc_mutations, scheduled::HavocScheduledMutator}, observers::StdMapObserver, schedulers::QueueScheduler, stages::mutational::StdMutationalStage, @@ -262,7 +262,7 @@ pub fn main() { .expect("Failed to generate the initial corpus"); // Setup a mutational stage with a basic bytes mutator - let mutator = StdScheduledMutator::new(havoc_mutations()); + let mutator = HavocScheduledMutator::new(havoc_mutations()); let mut stages = tuple_list!(StdMutationalStage::new(mutator)); while state.solutions().is_empty() { diff --git a/fuzzers/baby/baby_fuzzer_unicode/src/main.rs b/fuzzers/baby/baby_fuzzer_unicode/src/main.rs index 9a9a1e823a..8827ca05ff 100644 --- a/fuzzers/baby/baby_fuzzer_unicode/src/main.rs +++ b/fuzzers/baby/baby_fuzzer_unicode/src/main.rs @@ -14,7 +14,7 @@ use libafl::{ fuzzer::{Fuzzer, StdFuzzer}, inputs::{BytesInput, HasTargetBytes}, mutators::{ - StdScheduledMutator, UnicodeCategoryRandMutator, UnicodeInput, + HavocScheduledMutator, UnicodeCategoryRandMutator, UnicodeInput, UnicodeSubcategoryRandMutator, }, observers::StdMapObserver, @@ -128,7 +128,7 @@ pub fn main() { .unwrap(); // Setup a mutational stage with a basic bytes mutator - let mutator = StdScheduledMutator::new(tuple_list!( + let mutator = HavocScheduledMutator::new(tuple_list!( UnicodeCategoryRandMutator, UnicodeSubcategoryRandMutator, UnicodeSubcategoryRandMutator, diff --git a/fuzzers/baby/backtrace_baby_fuzzers/c_code_with_fork_executor/src/main.rs b/fuzzers/baby/backtrace_baby_fuzzers/c_code_with_fork_executor/src/main.rs index 614dfba892..f840803134 100644 --- a/fuzzers/baby/backtrace_baby_fuzzers/c_code_with_fork_executor/src/main.rs +++ b/fuzzers/baby/backtrace_baby_fuzzers/c_code_with_fork_executor/src/main.rs @@ -10,7 +10,7 @@ use libafl::{ generators::RandPrintablesGenerator, inputs::{BytesInput, HasTargetBytes}, monitors::SimpleMonitor, - mutators::{havoc_mutations::havoc_mutations, scheduled::StdScheduledMutator}, + mutators::{havoc_mutations::havoc_mutations, scheduled::HavocScheduledMutator}, observers::{BacktraceObserver, ConstMapObserver}, schedulers::QueueScheduler, stages::mutational::StdMutationalStage, @@ -118,7 +118,7 @@ pub fn main() { .expect("Failed to generate the initial corpus"); // Setup a mutational stage with a basic bytes mutator - let mutator = StdScheduledMutator::new(havoc_mutations()); + let mutator = HavocScheduledMutator::new(havoc_mutations()); let mut stages = tuple_list!(StdMutationalStage::new(mutator)); fuzzer diff --git a/fuzzers/baby/backtrace_baby_fuzzers/c_code_with_inprocess_executor/src/main.rs b/fuzzers/baby/backtrace_baby_fuzzers/c_code_with_inprocess_executor/src/main.rs index 43c3342286..60a13a634b 100644 --- a/fuzzers/baby/backtrace_baby_fuzzers/c_code_with_inprocess_executor/src/main.rs +++ b/fuzzers/baby/backtrace_baby_fuzzers/c_code_with_inprocess_executor/src/main.rs @@ -10,7 +10,7 @@ use libafl::{ generators::RandPrintablesGenerator, inputs::{BytesInput, HasTargetBytes}, monitors::SimpleMonitor, - mutators::{havoc_mutations::havoc_mutations, scheduled::StdScheduledMutator}, + mutators::{havoc_mutations::havoc_mutations, scheduled::HavocScheduledMutator}, observers::{BacktraceObserver, ConstMapObserver}, schedulers::QueueScheduler, stages::mutational::StdMutationalStage, @@ -103,7 +103,7 @@ pub fn main() { .expect("Failed to generate the initial corpus"); // Setup a mutational stage with a basic bytes mutator - let mutator = StdScheduledMutator::new(havoc_mutations()); + let mutator = HavocScheduledMutator::new(havoc_mutations()); let mut stages = tuple_list!(StdMutationalStage::new(mutator)); fuzzer diff --git a/fuzzers/baby/backtrace_baby_fuzzers/command_executor/src/main.rs b/fuzzers/baby/backtrace_baby_fuzzers/command_executor/src/main.rs index c239dafa2c..b7c37ffa55 100644 --- a/fuzzers/baby/backtrace_baby_fuzzers/command_executor/src/main.rs +++ b/fuzzers/baby/backtrace_baby_fuzzers/command_executor/src/main.rs @@ -17,7 +17,7 @@ use libafl::{ generators::RandPrintablesGenerator, inputs::{BytesInput, HasTargetBytes}, monitors::SimpleMonitor, - mutators::{havoc_mutations::havoc_mutations, scheduled::StdScheduledMutator}, + mutators::{havoc_mutations::havoc_mutations, scheduled::HavocScheduledMutator}, observers::{get_asan_runtime_flags, AsanBacktraceObserver, StdMapObserver}, schedulers::QueueScheduler, stages::mutational::StdMutationalStage, @@ -129,7 +129,7 @@ pub fn main() { .expect("Failed to generate the initial corpus"); // Setup a mutational stage with a basic bytes mutator - let mutator = StdScheduledMutator::new(havoc_mutations()); + let mutator = HavocScheduledMutator::new(havoc_mutations()); let mut stages = tuple_list!(StdMutationalStage::new(mutator)); fuzzer diff --git a/fuzzers/baby/backtrace_baby_fuzzers/forkserver_executor/src/main.rs b/fuzzers/baby/backtrace_baby_fuzzers/forkserver_executor/src/main.rs index d50cf27be8..7fe90178f9 100644 --- a/fuzzers/baby/backtrace_baby_fuzzers/forkserver_executor/src/main.rs +++ b/fuzzers/baby/backtrace_baby_fuzzers/forkserver_executor/src/main.rs @@ -10,7 +10,7 @@ use libafl::{ generators::RandPrintablesGenerator, inputs::BytesInput, monitors::SimpleMonitor, - mutators::{havoc_mutations::havoc_mutations, scheduled::StdScheduledMutator}, + mutators::{havoc_mutations::havoc_mutations, scheduled::HavocScheduledMutator}, observers::{AsanBacktraceObserver, ConstMapObserver, HitcountsMapObserver}, schedulers::QueueScheduler, stages::mutational::StdMutationalStage, @@ -110,7 +110,7 @@ pub fn main() { .expect("Failed to generate the initial corpus"); // Setup a mutational stage with a basic bytes mutator - let mutator = StdScheduledMutator::new(havoc_mutations()); + let mutator = HavocScheduledMutator::new(havoc_mutations()); let mut stages = tuple_list!(StdMutationalStage::new(mutator)); fuzzer diff --git a/fuzzers/baby/backtrace_baby_fuzzers/rust_code_with_fork_executor/src/main.rs b/fuzzers/baby/backtrace_baby_fuzzers/rust_code_with_fork_executor/src/main.rs index 9260055090..43c3c9a501 100644 --- a/fuzzers/baby/backtrace_baby_fuzzers/rust_code_with_fork_executor/src/main.rs +++ b/fuzzers/baby/backtrace_baby_fuzzers/rust_code_with_fork_executor/src/main.rs @@ -12,7 +12,7 @@ use libafl::{ generators::RandPrintablesGenerator, inputs::{BytesInput, HasTargetBytes}, monitors::SimpleMonitor, - mutators::{havoc_mutations::havoc_mutations, scheduled::StdScheduledMutator}, + mutators::{havoc_mutations::havoc_mutations, scheduled::HavocScheduledMutator}, observers::{BacktraceObserver, StdMapObserver}, schedulers::QueueScheduler, stages::mutational::StdMutationalStage, @@ -131,7 +131,7 @@ pub fn main() { .expect("Failed to generate the initial corpus"); // Setup a mutational stage with a basic bytes mutator - let mutator = StdScheduledMutator::new(havoc_mutations()); + let mutator = HavocScheduledMutator::new(havoc_mutations()); let mut stages = tuple_list!(StdMutationalStage::new(mutator)); fuzzer diff --git a/fuzzers/baby/backtrace_baby_fuzzers/rust_code_with_inprocess_executor/src/main.rs b/fuzzers/baby/backtrace_baby_fuzzers/rust_code_with_inprocess_executor/src/main.rs index 461a77d0ec..47512e32ee 100644 --- a/fuzzers/baby/backtrace_baby_fuzzers/rust_code_with_inprocess_executor/src/main.rs +++ b/fuzzers/baby/backtrace_baby_fuzzers/rust_code_with_inprocess_executor/src/main.rs @@ -12,7 +12,7 @@ use libafl::{ generators::RandPrintablesGenerator, inputs::{BytesInput, HasTargetBytes}, monitors::SimpleMonitor, - mutators::{havoc_mutations::havoc_mutations, scheduled::StdScheduledMutator}, + mutators::{havoc_mutations::havoc_mutations, scheduled::HavocScheduledMutator}, observers::{BacktraceObserver, StdMapObserver}, schedulers::QueueScheduler, stages::mutational::StdMutationalStage, @@ -124,7 +124,7 @@ pub fn main() { .expect("Failed to generate the initial corpus"); // Setup a mutational stage with a basic bytes mutator - let mutator = StdScheduledMutator::new(havoc_mutations()); + let mutator = HavocScheduledMutator::new(havoc_mutations()); let mut stages = tuple_list!(StdMutationalStage::new(mutator)); fuzzer diff --git a/fuzzers/binary_only/frida_executable_libpng/src/fuzzer.rs b/fuzzers/binary_only/frida_executable_libpng/src/fuzzer.rs index 53c6d64c7a..ded867328a 100644 --- a/fuzzers/binary_only/frida_executable_libpng/src/fuzzer.rs +++ b/fuzzers/binary_only/frida_executable_libpng/src/fuzzer.rs @@ -16,7 +16,7 @@ use libafl::{ monitors::MultiMonitor, mutators::{ havoc_mutations::havoc_mutations, - scheduled::{tokens_mutations, StdScheduledMutator}, + scheduled::{tokens_mutations, HavocScheduledMutator}, token_mutations::{I2SRandReplace, Tokens}, }, observers::{CanTrack, HitcountsMapObserver, StdMapObserver, TimeObserver}, @@ -194,7 +194,8 @@ unsafe fn fuzz( } // Setup a basic mutator with a mutational stage - let mutator = StdScheduledMutator::new(havoc_mutations().merge(tokens_mutations())); + let mutator = + HavocScheduledMutator::new(havoc_mutations().merge(tokens_mutations())); // A minimization+queue policy to get testcasess from the corpus let scheduler = @@ -323,7 +324,8 @@ unsafe fn fuzz( } // Setup a basic mutator with a mutational stage - let mutator = StdScheduledMutator::new(havoc_mutations().merge(tokens_mutations())); + let mutator = + HavocScheduledMutator::new(havoc_mutations().merge(tokens_mutations())); // A minimization+queue policy to get testcasess from the corpus let scheduler = @@ -373,7 +375,7 @@ unsafe fn fuzz( let tracing = ShadowTracingStage::new(); // Setup a randomic Input2State stage - let i2s = StdMutationalStage::new(StdScheduledMutator::new(tuple_list!( + let i2s = StdMutationalStage::new(HavocScheduledMutator::new(tuple_list!( I2SRandReplace::new() ))); @@ -467,7 +469,8 @@ unsafe fn fuzz( } // Setup a basic mutator with a mutational stage - let mutator = StdScheduledMutator::new(havoc_mutations().merge(tokens_mutations())); + let mutator = + HavocScheduledMutator::new(havoc_mutations().merge(tokens_mutations())); // A minimization+queue policy to get testcasess from the corpus let scheduler = diff --git a/fuzzers/binary_only/frida_libpng/src/fuzzer.rs b/fuzzers/binary_only/frida_libpng/src/fuzzer.rs index b6165fe75c..5471ecffe1 100644 --- a/fuzzers/binary_only/frida_libpng/src/fuzzer.rs +++ b/fuzzers/binary_only/frida_libpng/src/fuzzer.rs @@ -16,7 +16,7 @@ use libafl::{ monitors::MultiMonitor, mutators::{ havoc_mutations::havoc_mutations, - scheduled::{tokens_mutations, StdScheduledMutator}, + scheduled::{tokens_mutations, HavocScheduledMutator}, token_mutations::{I2SRandReplace, Tokens}, }, observers::{CanTrack, HitcountsMapObserver, StdMapObserver, TimeObserver}, @@ -184,7 +184,7 @@ fn fuzz(options: &FuzzerOptions) -> Result<(), Error> { } // Setup a basic mutator with a mutational stage - let mutator = StdScheduledMutator::new(havoc_mutations().merge(tokens_mutations())); + let mutator = HavocScheduledMutator::new(havoc_mutations().merge(tokens_mutations())); // A minimization+queue policy to get testcasess from the corpus let scheduler = @@ -221,8 +221,9 @@ fn fuzz(options: &FuzzerOptions) -> Result<(), Error> { let tracing = ShadowTracingStage::new(); // Setup a randomic Input2State stage - let i2s = - StdMutationalStage::new(StdScheduledMutator::new(tuple_list!(I2SRandReplace::new()))); + let i2s = StdMutationalStage::new(HavocScheduledMutator::new(tuple_list!( + I2SRandReplace::new() + ))); // In case the corpus is empty (on first run), reset if state.must_load_initial_inputs() { diff --git a/fuzzers/binary_only/frida_windows_gdiplus/src/fuzzer.rs b/fuzzers/binary_only/frida_windows_gdiplus/src/fuzzer.rs index b88c2004c8..2b4258f6af 100644 --- a/fuzzers/binary_only/frida_windows_gdiplus/src/fuzzer.rs +++ b/fuzzers/binary_only/frida_windows_gdiplus/src/fuzzer.rs @@ -26,7 +26,7 @@ use libafl::{ monitors::MultiMonitor, mutators::{ havoc_mutations::havoc_mutations, - scheduled::{tokens_mutations, StdScheduledMutator}, + scheduled::{tokens_mutations, HavocScheduledMutator}, token_mutations::{I2SRandReplace, Tokens}, }, observers::{CanTrack, HitcountsMapObserver, StdMapObserver, TimeObserver}, @@ -177,7 +177,8 @@ unsafe fn fuzz(options: &FuzzerOptions) -> Result<(), Error> { } // Setup a basic mutator with a mutational stage - let mutator = StdScheduledMutator::new(havoc_mutations().merge(tokens_mutations())); + let mutator = + HavocScheduledMutator::new(havoc_mutations().merge(tokens_mutations())); // A minimization+queue policy to get testcasess from the corpus let scheduler = @@ -299,7 +300,8 @@ unsafe fn fuzz(options: &FuzzerOptions) -> Result<(), Error> { } // Setup a basic mutator with a mutational stage - let mutator = StdScheduledMutator::new(havoc_mutations().merge(tokens_mutations())); + let mutator = + HavocScheduledMutator::new(havoc_mutations().merge(tokens_mutations())); // A minimization+queue policy to get testcasess from the corpus let scheduler = @@ -347,7 +349,7 @@ unsafe fn fuzz(options: &FuzzerOptions) -> Result<(), Error> { let tracing = ShadowTracingStage::new(); // Setup a randomic Input2State stage - let i2s = StdMutationalStage::new(StdScheduledMutator::new(tuple_list!( + let i2s = StdMutationalStage::new(HavocScheduledMutator::new(tuple_list!( I2SRandReplace::new() ))); @@ -439,7 +441,8 @@ unsafe fn fuzz(options: &FuzzerOptions) -> Result<(), Error> { } // Setup a basic mutator with a mutational stage - let mutator = StdScheduledMutator::new(havoc_mutations().merge(tokens_mutations())); + let mutator = + HavocScheduledMutator::new(havoc_mutations().merge(tokens_mutations())); // A minimization+queue policy to get testcasess from the corpus let scheduler = diff --git a/fuzzers/binary_only/fuzzbench_fork_qemu/src/fuzzer.rs b/fuzzers/binary_only/fuzzbench_fork_qemu/src/fuzzer.rs index e8af333afb..cd0a0db063 100644 --- a/fuzzers/binary_only/fuzzbench_fork_qemu/src/fuzzer.rs +++ b/fuzzers/binary_only/fuzzbench_fork_qemu/src/fuzzer.rs @@ -24,8 +24,8 @@ use libafl::{ inputs::{BytesInput, HasTargetBytes}, monitors::SimpleMonitor, mutators::{ - havoc_mutations, token_mutations::I2SRandReplace, tokens_mutations, StdMOptMutator, - StdScheduledMutator, Tokens, + havoc_mutations, token_mutations::I2SRandReplace, tokens_mutations, HavocScheduledMutator, + StdMOptMutator, Tokens, }, observers::{CanTrack, ConstMapObserver, HitcountsMapObserver, TimeObserver}, schedulers::{ @@ -308,7 +308,9 @@ fn fuzz( }); // Setup a randomic Input2State stage - let i2s = StdMutationalStage::new(StdScheduledMutator::new(tuple_list!(I2SRandReplace::new()))); + let i2s = StdMutationalStage::new(HavocScheduledMutator::new(tuple_list!( + I2SRandReplace::new() + ))); // Setup a MOPT mutator let mutator = StdMOptMutator::new( diff --git a/fuzzers/binary_only/fuzzbench_qemu/src/fuzzer.rs b/fuzzers/binary_only/fuzzbench_qemu/src/fuzzer.rs index 915497f85b..24f15c84fc 100644 --- a/fuzzers/binary_only/fuzzbench_qemu/src/fuzzer.rs +++ b/fuzzers/binary_only/fuzzbench_qemu/src/fuzzer.rs @@ -22,8 +22,8 @@ use libafl::{ inputs::{BytesInput, HasTargetBytes}, monitors::SimpleMonitor, mutators::{ - havoc_mutations, token_mutations::I2SRandReplace, tokens_mutations, StdMOptMutator, - StdScheduledMutator, Tokens, + havoc_mutations, token_mutations::I2SRandReplace, tokens_mutations, HavocScheduledMutator, + StdMOptMutator, Tokens, }, observers::{CanTrack, HitcountsMapObserver, TimeObserver, VariableMapObserver}, schedulers::{ @@ -319,7 +319,9 @@ fn fuzz( }); // Setup a randomic Input2State stage - let i2s = StdMutationalStage::new(StdScheduledMutator::new(tuple_list!(I2SRandReplace::new()))); + let i2s = StdMutationalStage::new(HavocScheduledMutator::new(tuple_list!( + I2SRandReplace::new() + ))); // Setup a MOPT mutator let mutator = StdMOptMutator::new( diff --git a/fuzzers/binary_only/intel_pt_baby_fuzzer/src/main.rs b/fuzzers/binary_only/intel_pt_baby_fuzzer/src/main.rs index d051d07518..db7d90194a 100644 --- a/fuzzers/binary_only/intel_pt_baby_fuzzer/src/main.rs +++ b/fuzzers/binary_only/intel_pt_baby_fuzzer/src/main.rs @@ -16,7 +16,7 @@ use libafl::{ fuzzer::{Fuzzer, StdFuzzer}, generators::RandPrintablesGenerator, inputs::{BytesInput, HasTargetBytes}, - mutators::{havoc_mutations::havoc_mutations, scheduled::StdScheduledMutator}, + mutators::{havoc_mutations::havoc_mutations, scheduled::HavocScheduledMutator}, observers::StdMapObserver, schedulers::QueueScheduler, stages::mutational::StdMutationalStage, @@ -145,7 +145,7 @@ pub fn main() { .expect("Failed to generate the initial corpus"); // Set up a mutational stage with a basic bytes mutator - let mutator = StdScheduledMutator::new(havoc_mutations()); + let mutator = HavocScheduledMutator::new(havoc_mutations()); let mut stages = tuple_list!(StdMutationalStage::new(mutator)); fuzzer diff --git a/fuzzers/binary_only/intel_pt_command_executor/src/main.rs b/fuzzers/binary_only/intel_pt_command_executor/src/main.rs index 723bda0e8a..5c4b177fd6 100644 --- a/fuzzers/binary_only/intel_pt_command_executor/src/main.rs +++ b/fuzzers/binary_only/intel_pt_command_executor/src/main.rs @@ -14,7 +14,7 @@ use libafl::{ generators::RandPrintablesGenerator, inputs::BytesInput, monitors::SimpleMonitor, - mutators::{havoc_mutations::havoc_mutations, scheduled::StdScheduledMutator}, + mutators::{havoc_mutations::havoc_mutations, scheduled::HavocScheduledMutator}, observers::StdMapObserver, schedulers::QueueScheduler, stages::mutational::StdMutationalStage, @@ -147,7 +147,7 @@ pub fn main() { .expect("Failed to generate the initial corpus"); // Setup a mutational stage with a basic bytes mutator - let mutator = StdScheduledMutator::new(havoc_mutations()); + let mutator = HavocScheduledMutator::new(havoc_mutations()); let mut stages = tuple_list!(StdMutationalStage::new(mutator)); fuzzer diff --git a/fuzzers/binary_only/qemu_launcher/src/instance.rs b/fuzzers/binary_only/qemu_launcher/src/instance.rs index 0409eb3d7d..b01d8bef13 100644 --- a/fuzzers/binary_only/qemu_launcher/src/instance.rs +++ b/fuzzers/binary_only/qemu_launcher/src/instance.rs @@ -15,8 +15,8 @@ use libafl::{ inputs::{BytesInput, Input}, monitors::Monitor, mutators::{ - havoc_mutations, token_mutations::I2SRandReplace, tokens_mutations, StdMOptMutator, - StdScheduledMutator, Tokens, + havoc_mutations, token_mutations::I2SRandReplace, tokens_mutations, HavocScheduledMutator, + StdMOptMutator, Tokens, }, observers::{ CanTrack, HitcountsMapObserver, ObserversTuple, TimeObserver, VariableMapObserver, @@ -319,7 +319,7 @@ impl Instance<'_, M> { let tracing = ShadowTracingStage::new(); // Setup a randomic Input2State stage - let i2s = StdMutationalStage::new(StdScheduledMutator::new(tuple_list!( + let i2s = StdMutationalStage::new(HavocScheduledMutator::new(tuple_list!( I2SRandReplace::new() ))); @@ -359,7 +359,7 @@ impl Instance<'_, M> { )?; // Setup an havoc mutator with a mutational stage - let mutator = StdScheduledMutator::new(havoc_mutations().merge(tokens_mutations())); + let mutator = HavocScheduledMutator::new(havoc_mutations().merge(tokens_mutations())); let power: StdPowerMutationalStage<_, _, BytesInput, _, _, _> = StdPowerMutationalStage::new(mutator); let mut stages = tuple_list!(calibration, power, stats_stage); diff --git a/fuzzers/binary_only/tinyinst_simple/src/main.rs b/fuzzers/binary_only/tinyinst_simple/src/main.rs index aa32678f58..747f41235f 100644 --- a/fuzzers/binary_only/tinyinst_simple/src/main.rs +++ b/fuzzers/binary_only/tinyinst_simple/src/main.rs @@ -6,7 +6,7 @@ use libafl::{ feedbacks::{CrashFeedback, ListFeedback}, inputs::BytesInput, monitors::SimpleMonitor, - mutators::{havoc_mutations, StdScheduledMutator}, + mutators::{havoc_mutations, HavocScheduledMutator}, observers::ListObserver, schedulers::RandScheduler, stages::StdMutationalStage, @@ -73,7 +73,7 @@ fn main() { .build(tuple_list!(observer)) .unwrap(); - let mutator = StdScheduledMutator::new(havoc_mutations()); + let mutator = HavocScheduledMutator::new(havoc_mutations()); let mut stages = tuple_list!(StdMutationalStage::new(mutator)); fuzzer .fuzz_loop(&mut stages, &mut executor, &mut state, &mut mgr) diff --git a/fuzzers/forkserver/baby_fuzzer_with_forkexecutor/src/main.rs b/fuzzers/forkserver/baby_fuzzer_with_forkexecutor/src/main.rs index 1a84e91cc5..5d94f08c35 100644 --- a/fuzzers/forkserver/baby_fuzzer_with_forkexecutor/src/main.rs +++ b/fuzzers/forkserver/baby_fuzzer_with_forkexecutor/src/main.rs @@ -11,7 +11,7 @@ use libafl::{ generators::RandPrintablesGenerator, inputs::{BytesInput, HasTargetBytes}, monitors::SimpleMonitor, - mutators::{havoc_mutations::havoc_mutations, scheduled::StdScheduledMutator}, + mutators::{havoc_mutations::havoc_mutations, scheduled::HavocScheduledMutator}, observers::StdMapObserver, schedulers::QueueScheduler, stages::mutational::StdMutationalStage, @@ -125,7 +125,7 @@ pub fn main() { .expect("Failed to generate the initial corpus"); // Setup a mutational stage with a basic bytes mutator - let mutator = StdScheduledMutator::new(havoc_mutations()); + let mutator = HavocScheduledMutator::new(havoc_mutations()); let mut stages = tuple_list!(StdMutationalStage::new(mutator)); fuzzer diff --git a/fuzzers/forkserver/forkserver_libafl_cc/src/main.rs b/fuzzers/forkserver/forkserver_libafl_cc/src/main.rs index 9a7fa41581..e24e87d832 100644 --- a/fuzzers/forkserver/forkserver_libafl_cc/src/main.rs +++ b/fuzzers/forkserver/forkserver_libafl_cc/src/main.rs @@ -11,7 +11,7 @@ use libafl::{ fuzzer::{Fuzzer, StdFuzzer}, inputs::BytesInput, monitors::SimpleMonitor, - mutators::{havoc_mutations, tokens_mutations, StdScheduledMutator, Tokens}, + mutators::{havoc_mutations, tokens_mutations, HavocScheduledMutator, Tokens}, observers::{CanTrack, HitcountsMapObserver, StdMapObserver, TimeObserver}, schedulers::{IndexesLenTimeMinimizerScheduler, QueueScheduler}, stages::mutational::StdMutationalStage, @@ -207,7 +207,7 @@ pub fn main() { // Setup a mutational stage with a basic bytes mutator let mutator = - StdScheduledMutator::with_max_stack_pow(havoc_mutations().merge(tokens_mutations()), 6); + HavocScheduledMutator::with_max_stack_pow(havoc_mutations().merge(tokens_mutations()), 6); let mut stages = tuple_list!(StdMutationalStage::new(mutator)); fuzzer diff --git a/fuzzers/forkserver/forkserver_simple/src/main.rs b/fuzzers/forkserver/forkserver_simple/src/main.rs index 13c6705139..a5ae55a17c 100644 --- a/fuzzers/forkserver/forkserver_simple/src/main.rs +++ b/fuzzers/forkserver/forkserver_simple/src/main.rs @@ -12,7 +12,7 @@ use libafl::{ fuzzer::{Fuzzer, StdFuzzer}, inputs::BytesInput, monitors::SimpleMonitor, - mutators::{StdScheduledMutator, Tokens, havoc_mutations, tokens_mutations}, + mutators::{HavocScheduledMutator, Tokens, havoc_mutations, tokens_mutations}, observers::{CanTrack, HitcountsMapObserver, StdMapObserver, TimeObserver}, schedulers::{IndexesLenTimeMinimizerScheduler, QueueScheduler}, stages::mutational::StdMutationalStage, @@ -202,7 +202,7 @@ pub fn main() { // Setup a mutational stage with a basic bytes mutator let mutator = - StdScheduledMutator::with_max_stack_pow(havoc_mutations().merge(tokens_mutations()), 6); + HavocScheduledMutator::with_max_stack_pow(havoc_mutations().merge(tokens_mutations()), 6); let mut stages = tuple_list!(StdMutationalStage::new(mutator)); fuzzer diff --git a/fuzzers/forkserver/fuzzbench_forkserver/src/main.rs b/fuzzers/forkserver/fuzzbench_forkserver/src/main.rs index c1acaffaf8..44667a43e5 100644 --- a/fuzzers/forkserver/fuzzbench_forkserver/src/main.rs +++ b/fuzzers/forkserver/fuzzbench_forkserver/src/main.rs @@ -18,8 +18,8 @@ use libafl::{ inputs::BytesInput, monitors::SimpleMonitor, mutators::{ - havoc_mutations, token_mutations::I2SRandReplace, tokens_mutations, StdMOptMutator, - StdScheduledMutator, Tokens, + havoc_mutations, token_mutations::I2SRandReplace, tokens_mutations, HavocScheduledMutator, + StdMOptMutator, Tokens, }, observers::{CanTrack, HitcountsMapObserver, StdCmpObserver, StdMapObserver, TimeObserver}, schedulers::{ @@ -371,8 +371,9 @@ fn fuzz( let tracing = TracingStage::new(cmplog_executor); // Setup a randomic Input2State stage - let i2s = - StdMutationalStage::new(StdScheduledMutator::new(tuple_list!(I2SRandReplace::new()))); + let i2s = StdMutationalStage::new(HavocScheduledMutator::new(tuple_list!( + I2SRandReplace::new() + ))); // The order of the stages matter! let mut stages = tuple_list!(calibration, tracing, i2s, power); diff --git a/fuzzers/forkserver/fuzzbench_forkserver_sand/src/main.rs b/fuzzers/forkserver/fuzzbench_forkserver_sand/src/main.rs index e751bd770f..a9585133ac 100644 --- a/fuzzers/forkserver/fuzzbench_forkserver_sand/src/main.rs +++ b/fuzzers/forkserver/fuzzbench_forkserver_sand/src/main.rs @@ -18,8 +18,8 @@ use libafl::{ inputs::BytesInput, monitors::SimpleMonitor, mutators::{ - havoc_mutations, token_mutations::I2SRandReplace, tokens_mutations, StdMOptMutator, - StdScheduledMutator, Tokens, + havoc_mutations, token_mutations::I2SRandReplace, tokens_mutations, HavocScheduledMutator, + StdMOptMutator, Tokens, }, observers::{CanTrack, HitcountsMapObserver, StdCmpObserver, StdMapObserver, TimeObserver}, schedulers::{ @@ -418,8 +418,9 @@ fn fuzz( let tracing = TracingStage::new(cmplog_executor); // Setup a randomic Input2State stage - let i2s = - StdMutationalStage::new(StdScheduledMutator::new(tuple_list!(I2SRandReplace::new()))); + let i2s = StdMutationalStage::new(HavocScheduledMutator::new(tuple_list!( + I2SRandReplace::new() + ))); // The order of the stages matter! let mut stages = tuple_list!(calibration, tracing, i2s, power); diff --git a/fuzzers/forkserver/libafl-fuzz/src/fuzzer.rs b/fuzzers/forkserver/libafl-fuzz/src/fuzzer.rs index 8f238a6c97..9ff3c5b07c 100644 --- a/fuzzers/forkserver/libafl-fuzz/src/fuzzer.rs +++ b/fuzzers/forkserver/libafl-fuzz/src/fuzzer.rs @@ -23,7 +23,7 @@ use libafl::{ }, fuzzer::StdFuzzer, inputs::{BytesInput, NopTargetBytesConverter}, - mutators::{havoc_mutations, tokens_mutations, AFLppRedQueen, StdScheduledMutator, Tokens}, + mutators::{havoc_mutations, tokens_mutations, AFLppRedQueen, HavocScheduledMutator, Tokens}, observers::{CanTrack, HitcountsMapObserver, StdMapObserver, TimeObserver}, schedulers::{ powersched::{BaseSchedule, PowerSchedule}, @@ -263,7 +263,7 @@ define_run_client!(state, mgr, fuzzer_dir, core_id, opt, is_main_node, { // Create our Mutational Stage. // We can either have a simple MutationalStage (for Queue scheduling) // Or one that utilizes scheduling metadadata (Weighted Random scheduling) - let mutation = StdScheduledMutator::new(havoc_mutations().merge(tokens_mutations())); + let mutation = HavocScheduledMutator::new(havoc_mutations().merge(tokens_mutations())); let inner_mutational_stage = if opt.sequential_queue { SupportedMutationalStages::StdMutational(StdMutationalStage::new(mutation), PhantomData) } else { diff --git a/fuzzers/full_system/nyx_launcher/src/instance.rs b/fuzzers/full_system/nyx_launcher/src/instance.rs index a2d1fcd055..1aeeecea6f 100644 --- a/fuzzers/full_system/nyx_launcher/src/instance.rs +++ b/fuzzers/full_system/nyx_launcher/src/instance.rs @@ -13,7 +13,7 @@ use libafl::{ inputs::BytesInput, monitors::Monitor, mutators::{ - havoc_mutations, tokens_mutations, I2SRandReplace, StdMOptMutator, StdScheduledMutator, + havoc_mutations, tokens_mutations, HavocScheduledMutator, I2SRandReplace, StdMOptMutator, Tokens, }, observers::{CanTrack, HitcountsMapObserver, StdMapObserver, TimeObserver}, @@ -188,7 +188,7 @@ impl Instance<'_, M> { let mut executor = ShadowExecutor::new(executor, tuple_list!(cmplog_observer)); // Setup a randomic Input2State stage - let i2s = StdMutationalStage::new(StdScheduledMutator::new(tuple_list!( + let i2s = StdMutationalStage::new(HavocScheduledMutator::new(tuple_list!( I2SRandReplace::new() ))); @@ -214,7 +214,7 @@ impl Instance<'_, M> { let mut executor = NyxExecutor::builder().build(helper, observers); // Setup an havoc mutator with a mutational stage - let mutator = StdScheduledMutator::new(havoc_mutations().merge(tokens_mutations())); + let mutator = HavocScheduledMutator::new(havoc_mutations().merge(tokens_mutations())); let mut stages = tuple_list!(StdMutationalStage::new(mutator)); diff --git a/fuzzers/full_system/nyx_libxml2_parallel/src/main.rs b/fuzzers/full_system/nyx_libxml2_parallel/src/main.rs index 02de207cf9..b0a4eb4405 100644 --- a/fuzzers/full_system/nyx_libxml2_parallel/src/main.rs +++ b/fuzzers/full_system/nyx_libxml2_parallel/src/main.rs @@ -6,7 +6,7 @@ use libafl::{ feedbacks::{CrashFeedback, MaxMapFeedback}, inputs::BytesInput, monitors::MultiMonitor, - mutators::{havoc_mutations, StdScheduledMutator}, + mutators::{havoc_mutations, HavocScheduledMutator}, observers::StdMapObserver, schedulers::RandScheduler, stages::StdMutationalStage, @@ -64,7 +64,7 @@ fn main() { }); println!("We're a client, let's fuzz :)"); - let mutator = StdScheduledMutator::new(havoc_mutations()); + let mutator = HavocScheduledMutator::new(havoc_mutations()); let mut stages = tuple_list!(StdMutationalStage::new(mutator)); // A fuzzer with feedbacks and a corpus scheduler diff --git a/fuzzers/full_system/nyx_libxml2_standalone/src/main.rs b/fuzzers/full_system/nyx_libxml2_standalone/src/main.rs index bd9bc00f38..ead170f908 100644 --- a/fuzzers/full_system/nyx_libxml2_standalone/src/main.rs +++ b/fuzzers/full_system/nyx_libxml2_standalone/src/main.rs @@ -6,7 +6,7 @@ use libafl::{ feedbacks::{CrashFeedback, MaxMapFeedback}, inputs::BytesInput, monitors::tui::TuiMonitor, - mutators::{havoc_mutations, StdScheduledMutator}, + mutators::{havoc_mutations, HavocScheduledMutator}, observers::StdMapObserver, schedulers::RandScheduler, stages::StdMutationalStage, @@ -44,7 +44,7 @@ fn main() { let mut mgr = SimpleEventManager::new(monitor); let mut executor = NyxExecutor::builder().build(helper, tuple_list!(observer)); - let mutator = StdScheduledMutator::new(havoc_mutations()); + let mutator = HavocScheduledMutator::new(havoc_mutations()); let mut stages = tuple_list!(StdMutationalStage::new(mutator)); // start fuzz diff --git a/fuzzers/full_system/qemu_baremetal/src/fuzzer_breakpoint.rs b/fuzzers/full_system/qemu_baremetal/src/fuzzer_breakpoint.rs index e3de64500e..61b186918a 100644 --- a/fuzzers/full_system/qemu_baremetal/src/fuzzer_breakpoint.rs +++ b/fuzzers/full_system/qemu_baremetal/src/fuzzer_breakpoint.rs @@ -11,7 +11,7 @@ use libafl::{ fuzzer::{Fuzzer, StdFuzzer}, inputs::BytesInput, monitors::MultiMonitor, - mutators::{havoc_mutations::havoc_mutations, scheduled::StdScheduledMutator}, + mutators::{havoc_mutations::havoc_mutations, scheduled::HavocScheduledMutator}, observers::{CanTrack, HitcountsMapObserver, TimeObserver, VariableMapObserver}, schedulers::{IndexesLenTimeMinimizerScheduler, QueueScheduler}, stages::{CalibrationStage, StdMutationalStage}, @@ -180,7 +180,7 @@ pub fn fuzz() { let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective); // Setup an havoc mutator with a mutational stage - let mutator = StdScheduledMutator::new(havoc_mutations()); + let mutator = HavocScheduledMutator::new(havoc_mutations()); let calibration_feedback = MaxMapFeedback::new(&edges_observer); let mut stages = tuple_list!( StdMutationalStage::new(mutator), diff --git a/fuzzers/full_system/qemu_baremetal/src/fuzzer_low_level.rs b/fuzzers/full_system/qemu_baremetal/src/fuzzer_low_level.rs index a0cca215ca..bac0fa9e11 100644 --- a/fuzzers/full_system/qemu_baremetal/src/fuzzer_low_level.rs +++ b/fuzzers/full_system/qemu_baremetal/src/fuzzer_low_level.rs @@ -11,7 +11,7 @@ use libafl::{ fuzzer::{Fuzzer, StdFuzzer}, inputs::{BytesInput, HasTargetBytes}, monitors::MultiMonitor, - mutators::{havoc_mutations::havoc_mutations, scheduled::StdScheduledMutator}, + mutators::{havoc_mutations::havoc_mutations, scheduled::HavocScheduledMutator}, observers::{CanTrack, HitcountsMapObserver, TimeObserver, VariableMapObserver}, schedulers::{IndexesLenTimeMinimizerScheduler, QueueScheduler}, stages::StdMutationalStage, @@ -262,7 +262,7 @@ pub fn fuzz() { } // Setup an havoc mutator with a mutational stage - let mutator = StdScheduledMutator::new(havoc_mutations()); + let mutator = HavocScheduledMutator::new(havoc_mutations()); let mut stages = tuple_list!(StdMutationalStage::new(mutator)); fuzzer diff --git a/fuzzers/full_system/qemu_baremetal/src/fuzzer_sync_exit.rs b/fuzzers/full_system/qemu_baremetal/src/fuzzer_sync_exit.rs index 6d490d1f5f..5d985f54d1 100644 --- a/fuzzers/full_system/qemu_baremetal/src/fuzzer_sync_exit.rs +++ b/fuzzers/full_system/qemu_baremetal/src/fuzzer_sync_exit.rs @@ -10,7 +10,7 @@ use libafl::{ fuzzer::{Fuzzer, StdFuzzer}, inputs::BytesInput, monitors::MultiMonitor, - mutators::{havoc_mutations::havoc_mutations, scheduled::StdScheduledMutator}, + mutators::{havoc_mutations::havoc_mutations, scheduled::HavocScheduledMutator}, observers::{CanTrack, HitcountsMapObserver, TimeObserver, VariableMapObserver}, schedulers::{IndexesLenTimeMinimizerScheduler, QueueScheduler}, stages::{CalibrationStage, StdMutationalStage}, @@ -118,7 +118,7 @@ pub fn fuzz() { let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective); // Setup an havoc mutator with a mutational stage - let mutator = StdScheduledMutator::new(havoc_mutations()); + let mutator = HavocScheduledMutator::new(havoc_mutations()); let calibration_feedback = MaxMapFeedback::new(&edges_observer); let mut stages = tuple_list!( StdMutationalStage::new(mutator), diff --git a/fuzzers/full_system/qemu_linux_kernel/src/fuzzer.rs b/fuzzers/full_system/qemu_linux_kernel/src/fuzzer.rs index 9e07067ddf..4782943a06 100644 --- a/fuzzers/full_system/qemu_linux_kernel/src/fuzzer.rs +++ b/fuzzers/full_system/qemu_linux_kernel/src/fuzzer.rs @@ -14,7 +14,7 @@ use libafl::{ fuzzer::{Fuzzer, StdFuzzer}, inputs::{BytesInput, HasTargetBytes}, monitors::MultiMonitor, - mutators::{havoc_mutations, scheduled::StdScheduledMutator, I2SRandReplaceBinonly}, + mutators::{havoc_mutations, scheduled::HavocScheduledMutator, I2SRandReplaceBinonly}, observers::{CanTrack, HitcountsMapObserver, TimeObserver, VariableMapObserver}, schedulers::{IndexesLenTimeMinimizerScheduler, QueueScheduler}, stages::{ShadowTracingStage, StdMutationalStage}, @@ -227,13 +227,13 @@ pub fn fuzz() { } // a CmpLog-based mutational stage - let i2s = StdMutationalStage::new(StdScheduledMutator::new(tuple_list!( + let i2s = StdMutationalStage::new(HavocScheduledMutator::new(tuple_list!( I2SRandReplaceBinonly::new() ))); // Setup an havoc mutator with a mutational stage let tracing = ShadowTracingStage::new(); - let mutator = StdScheduledMutator::new(havoc_mutations()); + let mutator = HavocScheduledMutator::new(havoc_mutations()); let mut stages = tuple_list!(tracing, i2s, StdMutationalStage::new(mutator),); match fuzzer.fuzz_loop(&mut stages, &mut executor, &mut state, &mut mgr) { diff --git a/fuzzers/full_system/qemu_linux_process/src/fuzzer.rs b/fuzzers/full_system/qemu_linux_process/src/fuzzer.rs index 0e4626782e..b9c09815f1 100644 --- a/fuzzers/full_system/qemu_linux_process/src/fuzzer.rs +++ b/fuzzers/full_system/qemu_linux_process/src/fuzzer.rs @@ -14,7 +14,7 @@ use libafl::{ fuzzer::{Fuzzer, StdFuzzer}, inputs::{BytesInput, HasTargetBytes}, monitors::MultiMonitor, - mutators::{havoc_mutations, I2SRandReplaceBinonly, StdScheduledMutator}, + mutators::{havoc_mutations, HavocScheduledMutator, I2SRandReplaceBinonly}, observers::{CanTrack, HitcountsMapObserver, TimeObserver, VariableMapObserver}, schedulers::{IndexesLenTimeMinimizerScheduler, QueueScheduler}, stages::{ShadowTracingStage, StdMutationalStage}, @@ -235,13 +235,13 @@ pub fn fuzz() { } // a CmpLog-based mutational stage - let i2s = StdMutationalStage::new(StdScheduledMutator::new(tuple_list!( + let i2s = StdMutationalStage::new(HavocScheduledMutator::new(tuple_list!( I2SRandReplaceBinonly::new() ))); // Setup an havoc mutator with a mutational stage let tracing = ShadowTracingStage::new(); - let mutator = StdScheduledMutator::new(havoc_mutations()); + let mutator = HavocScheduledMutator::new(havoc_mutations()); let mut stages = tuple_list!(tracing, i2s, StdMutationalStage::new(mutator),); match fuzzer.fuzz_loop(&mut stages, &mut executor, &mut state, &mut mgr) { diff --git a/fuzzers/full_system/unicorn/src/main.rs b/fuzzers/full_system/unicorn/src/main.rs index 9faff784d3..98124393ff 100644 --- a/fuzzers/full_system/unicorn/src/main.rs +++ b/fuzzers/full_system/unicorn/src/main.rs @@ -10,7 +10,7 @@ use libafl::{ generators::RandBytesGenerator, inputs::{BytesInput, HasTargetBytes}, monitors::MultiMonitor, - mutators::{havoc_mutations, scheduled::StdScheduledMutator}, + mutators::{havoc_mutations, scheduled::HavocScheduledMutator}, nonzero, observers::{ConstMapObserver, HitcountsMapObserver, TimeObserver}, schedulers::QueueScheduler, @@ -310,7 +310,7 @@ fn fuzzer(should_emulate: bool, arch: Arch) { .expect("Failed to generate the initial corpus"); // Setup a mutational stage with a basic bytes mutator - let mutator = StdScheduledMutator::new(havoc_mutations()); + let mutator = HavocScheduledMutator::new(havoc_mutations()); let mut stages = tuple_list!(StdMutationalStage::new(mutator)); fuzzer diff --git a/fuzzers/fuzz_anything/baby_fuzzer_wasm/src/lib.rs b/fuzzers/fuzz_anything/baby_fuzzer_wasm/src/lib.rs index 904f93f456..6971aaa494 100644 --- a/fuzzers/fuzz_anything/baby_fuzzer_wasm/src/lib.rs +++ b/fuzzers/fuzz_anything/baby_fuzzer_wasm/src/lib.rs @@ -9,7 +9,7 @@ use libafl::{ generators::RandPrintablesGenerator, inputs::{BytesInput, HasTargetBytes}, monitors::SimpleMonitor, - mutators::{havoc_mutations, StdScheduledMutator}, + mutators::{havoc_mutations, HavocScheduledMutator}, observers::StdMapObserver, schedulers::QueueScheduler, stages::{RetryCountRestartHelper, StdMutationalStage}, @@ -143,7 +143,7 @@ pub fn fuzz() { .expect("Failed to generate the initial corpus"); // Setup a mutational stage with a basic bytes mutator - let mutator = StdScheduledMutator::new(havoc_mutations()); + let mutator = HavocScheduledMutator::new(havoc_mutations()); let mut stages = tuple_list!(StdMutationalStage::new(mutator)); while state.solutions().is_empty() { diff --git a/fuzzers/fuzz_anything/baby_no_std/src/main.rs b/fuzzers/fuzz_anything/baby_no_std/src/main.rs index f64132105d..a4e170a915 100644 --- a/fuzzers/fuzz_anything/baby_no_std/src/main.rs +++ b/fuzzers/fuzz_anything/baby_no_std/src/main.rs @@ -18,7 +18,7 @@ use libafl::{ generators::RandPrintablesGenerator, inputs::{BytesInput, HasTargetBytes}, monitors::SimpleMonitor, - mutators::{havoc_mutations::havoc_mutations, scheduled::StdScheduledMutator}, + mutators::{havoc_mutations::havoc_mutations, scheduled::HavocScheduledMutator}, observers::ConstMapObserver, schedulers::QueueScheduler, stages::mutational::StdMutationalStage, @@ -148,7 +148,7 @@ pub extern "C" fn main(_argc: isize, _argv: *const *const u8) -> isize { .expect("Failed to generate the initial corpus"); // Setup a mutational stage with a basic bytes mutator - let mutator = StdScheduledMutator::new(havoc_mutations()); + let mutator = HavocScheduledMutator::new(havoc_mutations()); let mut stages = tuple_list!(StdMutationalStage::new(mutator)); fuzzer diff --git a/fuzzers/fuzz_anything/libafl_atheris/src/lib.rs b/fuzzers/fuzz_anything/libafl_atheris/src/lib.rs index f8b000ddd2..41449d2dd7 100644 --- a/fuzzers/fuzz_anything/libafl_atheris/src/lib.rs +++ b/fuzzers/fuzz_anything/libafl_atheris/src/lib.rs @@ -23,7 +23,7 @@ use libafl::{ monitors::MultiMonitor, mutators::{ havoc_mutations::havoc_mutations, - scheduled::{tokens_mutations, StdScheduledMutator}, + scheduled::{tokens_mutations, HavocScheduledMutator}, token_mutations::{I2SRandReplace, Tokens}, }, observers::{CanTrack, HitcountsMapObserver, StdMapObserver, TimeObserver}, @@ -221,11 +221,12 @@ pub extern "C" fn LLVMFuzzerRunDriver( let tracing = ShadowTracingStage::new(); // Setup a randomic Input2State stage - let i2s = - StdMutationalStage::new(StdScheduledMutator::new(tuple_list!(I2SRandReplace::new()))); + let i2s = StdMutationalStage::new(HavocScheduledMutator::new(tuple_list!( + I2SRandReplace::new() + ))); // Setup a basic mutator - let mutator = StdScheduledMutator::new(havoc_mutations().merge(tokens_mutations())); + let mutator = HavocScheduledMutator::new(havoc_mutations().merge(tokens_mutations())); let mutational = StdMutationalStage::new(mutator); // The order of the stages matter! diff --git a/fuzzers/fuzz_anything/push_harness/src/main.rs b/fuzzers/fuzz_anything/push_harness/src/main.rs index 87c561b422..181744fce1 100644 --- a/fuzzers/fuzz_anything/push_harness/src/main.rs +++ b/fuzzers/fuzz_anything/push_harness/src/main.rs @@ -12,7 +12,7 @@ use libafl::{ generators::RandPrintablesGenerator, inputs::{BytesInput, HasTargetBytes}, monitors::SimpleMonitor, - mutators::{havoc_mutations::havoc_mutations, scheduled::StdScheduledMutator}, + mutators::{havoc_mutations::havoc_mutations, scheduled::HavocScheduledMutator}, observers::StdMapObserver, schedulers::QueueScheduler, stages::mutational::StdMutationalStage, @@ -101,7 +101,7 @@ fn input_generator() { .expect("Failed to generate the initial corpus"); // Setup a mutational stage with a basic bytes mutator - let mutator = StdScheduledMutator::new(havoc_mutations()); + let mutator = HavocScheduledMutator::new(havoc_mutations()); let mut stages = tuple_list!(StdMutationalStage::new(mutator)); fuzzer diff --git a/fuzzers/fuzz_anything/push_stage_harness/src/main.rs b/fuzzers/fuzz_anything/push_stage_harness/src/main.rs index a95fe17d34..a866e61b51 100644 --- a/fuzzers/fuzz_anything/push_stage_harness/src/main.rs +++ b/fuzzers/fuzz_anything/push_stage_harness/src/main.rs @@ -15,7 +15,7 @@ use libafl::{ fuzzer::StdFuzzer, inputs::{BytesInput, HasTargetBytes}, monitors::SimpleMonitor, - mutators::{havoc_mutations::havoc_mutations, scheduled::StdScheduledMutator}, + mutators::{havoc_mutations::havoc_mutations, scheduled::HavocScheduledMutator}, observers::StdMapObserver, schedulers::{QueueScheduler, Scheduler}, stages::push::{PushStageSharedState, StdMutationalPushStage}, @@ -89,7 +89,7 @@ pub fn main() { // .expect("Failed to generate the initial corpus"); // Setup a mutational stage with a basic bytes mutator - let mutator = StdScheduledMutator::new(havoc_mutations()); + let mutator = HavocScheduledMutator::new(havoc_mutations()); let exit_kind = Rc::new(Cell::new(None)); diff --git a/fuzzers/inprocess/fuzzbench/src/lib.rs b/fuzzers/inprocess/fuzzbench/src/lib.rs index 49f94465b8..e8e3b39a1d 100644 --- a/fuzzers/inprocess/fuzzbench/src/lib.rs +++ b/fuzzers/inprocess/fuzzbench/src/lib.rs @@ -26,7 +26,7 @@ use libafl::{ inputs::{BytesInput, HasTargetBytes}, monitors::SimpleMonitor, mutators::{ - StdMOptMutator, StdScheduledMutator, Tokens, havoc_mutations, + HavocScheduledMutator, StdMOptMutator, Tokens, havoc_mutations, token_mutations::I2SRandReplace, tokens_mutations, }, observers::{CanTrack, HitcountsMapObserver, TimeObserver}, @@ -295,7 +295,9 @@ fn fuzz( } // Setup a randomic Input2State stage - let i2s = StdMutationalStage::new(StdScheduledMutator::new(tuple_list!(I2SRandReplace::new()))); + let i2s = StdMutationalStage::new(HavocScheduledMutator::new(tuple_list!( + I2SRandReplace::new() + ))); // Setup a MOPT mutator let mutator = StdMOptMutator::new( diff --git a/fuzzers/inprocess/fuzzbench_ctx/src/lib.rs b/fuzzers/inprocess/fuzzbench_ctx/src/lib.rs index bb9b961bfd..fc794dedd5 100644 --- a/fuzzers/inprocess/fuzzbench_ctx/src/lib.rs +++ b/fuzzers/inprocess/fuzzbench_ctx/src/lib.rs @@ -25,8 +25,8 @@ use libafl::{ inputs::{BytesInput, HasTargetBytes}, monitors::SimpleMonitor, mutators::{ - havoc_mutations, token_mutations::I2SRandReplace, tokens_mutations, StdMOptMutator, - StdScheduledMutator, Tokens, + havoc_mutations, token_mutations::I2SRandReplace, tokens_mutations, HavocScheduledMutator, + StdMOptMutator, Tokens, }, observers::{CanTrack, HitcountsMapObserver, StdMapObserver, TimeObserver}, schedulers::{ @@ -304,7 +304,9 @@ fn fuzz( } // Setup a randomic Input2State stage - let i2s = StdMutationalStage::new(StdScheduledMutator::new(tuple_list!(I2SRandReplace::new()))); + let i2s = StdMutationalStage::new(HavocScheduledMutator::new(tuple_list!( + I2SRandReplace::new() + ))); // Setup a MOPT mutator let mutator = StdMOptMutator::new( diff --git a/fuzzers/inprocess/fuzzbench_text/src/lib.rs b/fuzzers/inprocess/fuzzbench_text/src/lib.rs index afbe5a6d87..9a6e264feb 100644 --- a/fuzzers/inprocess/fuzzbench_text/src/lib.rs +++ b/fuzzers/inprocess/fuzzbench_text/src/lib.rs @@ -32,7 +32,7 @@ use libafl::{ }, havoc_mutations, token_mutations::I2SRandReplace, - tokens_mutations, StdMOptMutator, StdScheduledMutator, Tokens, + tokens_mutations, HavocScheduledMutator, StdMOptMutator, Tokens, }, observers::{CanTrack, HitcountsMapObserver, TimeObserver}, schedulers::{ @@ -364,7 +364,9 @@ fn fuzz_binary( } // Setup a randomic Input2State stage - let i2s = StdMutationalStage::new(StdScheduledMutator::new(tuple_list!(I2SRandReplace::new()))); + let i2s = StdMutationalStage::new(HavocScheduledMutator::new(tuple_list!( + I2SRandReplace::new() + ))); // Setup a MOPT mutator let mutator = StdMOptMutator::new( @@ -572,7 +574,9 @@ fn fuzz_text( } // Setup a randomic Input2State stage - let i2s = StdMutationalStage::new(StdScheduledMutator::new(tuple_list!(I2SRandReplace::new()))); + let i2s = StdMutationalStage::new(HavocScheduledMutator::new(tuple_list!( + I2SRandReplace::new() + ))); // Setup a MOPT mutator let mutator = StdMOptMutator::new( @@ -585,7 +589,7 @@ fn fuzz_text( let power: StdPowerMutationalStage<_, _, BytesInput, _, _, _> = StdPowerMutationalStage::new(mutator); - let grimoire_mutator = StdScheduledMutator::with_max_stack_pow( + let grimoire_mutator = HavocScheduledMutator::with_max_stack_pow( tuple_list!( GrimoireExtensionMutator::new(), GrimoireRecursiveReplacementMutator::new(), diff --git a/fuzzers/inprocess/libfuzzer_libmozjpeg/src/lib.rs b/fuzzers/inprocess/libfuzzer_libmozjpeg/src/lib.rs index fa696fda5f..861b449354 100644 --- a/fuzzers/inprocess/libfuzzer_libmozjpeg/src/lib.rs +++ b/fuzzers/inprocess/libfuzzer_libmozjpeg/src/lib.rs @@ -17,7 +17,7 @@ use libafl::{ monitors::SimpleMonitor, mutators::{ havoc_mutations::havoc_mutations, - scheduled::{tokens_mutations, StdScheduledMutator}, + scheduled::{tokens_mutations, HavocScheduledMutator}, token_mutations::Tokens, }, observers::StdMapObserver, @@ -134,7 +134,7 @@ fn fuzz(corpus_dirs: &[PathBuf], objective_dir: PathBuf, broker_port: u16) -> Re } // Setup a basic mutator with a mutational stage - let mutator = StdScheduledMutator::new(havoc_mutations().merge(tokens_mutations())); + let mutator = HavocScheduledMutator::new(havoc_mutations().merge(tokens_mutations())); let mut stages = tuple_list!(StdMutationalStage::new(mutator)); // A random policy to get testcasess from the corpus diff --git a/fuzzers/inprocess/libfuzzer_libpng/src/lib.rs b/fuzzers/inprocess/libfuzzer_libpng/src/lib.rs index 36cb52df62..9aab597312 100644 --- a/fuzzers/inprocess/libfuzzer_libpng/src/lib.rs +++ b/fuzzers/inprocess/libfuzzer_libpng/src/lib.rs @@ -16,7 +16,7 @@ use libafl::{ monitors::MultiMonitor, mutators::{ havoc_mutations::havoc_mutations, - scheduled::{tokens_mutations, StdScheduledMutator}, + scheduled::{tokens_mutations, HavocScheduledMutator}, token_mutations::Tokens, }, observers::{CanTrack, HitcountsMapObserver, StdMapObserver, TimeObserver}, @@ -144,7 +144,7 @@ fn fuzz(corpus_dirs: &[PathBuf], objective_dir: PathBuf, broker_port: u16) -> Re // Setup a basic mutator with a mutational stage - let mutator = StdScheduledMutator::new(havoc_mutations().merge(tokens_mutations())); + let mutator = HavocScheduledMutator::new(havoc_mutations().merge(tokens_mutations())); let power: StdPowerMutationalStage<_, _, BytesInput, _, _, _> = StdPowerMutationalStage::new(mutator); diff --git a/fuzzers/inprocess/libfuzzer_libpng_accounting/src/lib.rs b/fuzzers/inprocess/libfuzzer_libpng_accounting/src/lib.rs index 1619b1410a..cafe1e16ce 100644 --- a/fuzzers/inprocess/libfuzzer_libpng_accounting/src/lib.rs +++ b/fuzzers/inprocess/libfuzzer_libpng_accounting/src/lib.rs @@ -17,7 +17,7 @@ use libafl::{ monitors::MultiMonitor, mutators::{ havoc_mutations::havoc_mutations, - scheduled::{tokens_mutations, StdScheduledMutator}, + scheduled::{tokens_mutations, HavocScheduledMutator}, token_mutations::Tokens, }, observers::{CanTrack, HitcountsMapObserver, StdMapObserver, TimeObserver}, @@ -194,7 +194,7 @@ pub extern "C" fn libafl_main() { } // Setup a basic mutator with a mutational stage - let mutator = StdScheduledMutator::new(havoc_mutations().merge(tokens_mutations())); + let mutator = HavocScheduledMutator::new(havoc_mutations().merge(tokens_mutations())); let mut stages = tuple_list!(StdMutationalStage::new(mutator)); // A minimization+queue policy to get testcasess from the corpus diff --git a/fuzzers/inprocess/libfuzzer_libpng_centralized/src/lib.rs b/fuzzers/inprocess/libfuzzer_libpng_centralized/src/lib.rs index 9f6869f715..188085a07b 100644 --- a/fuzzers/inprocess/libfuzzer_libpng_centralized/src/lib.rs +++ b/fuzzers/inprocess/libfuzzer_libpng_centralized/src/lib.rs @@ -20,7 +20,7 @@ use libafl::{ monitors::MultiMonitor, mutators::{ havoc_mutations::havoc_mutations, - scheduled::{tokens_mutations, StdScheduledMutator}, + scheduled::{tokens_mutations, HavocScheduledMutator}, token_mutations::Tokens, }, observers::{CanTrack, HitcountsMapObserver, TimeObserver}, @@ -196,7 +196,7 @@ pub extern "C" fn libafl_main() { } // Setup a basic mutator with a mutational stage - let mutator = StdScheduledMutator::new(havoc_mutations().merge(tokens_mutations())); + let mutator = HavocScheduledMutator::new(havoc_mutations().merge(tokens_mutations())); let mut stages = tuple_list!(StdMutationalStage::new(mutator)); // A minimization+queue policy to get testcasess from the corpus diff --git a/fuzzers/inprocess/libfuzzer_libpng_cmin/src/lib.rs b/fuzzers/inprocess/libfuzzer_libpng_cmin/src/lib.rs index 850d15ed27..ae6b62183a 100644 --- a/fuzzers/inprocess/libfuzzer_libpng_cmin/src/lib.rs +++ b/fuzzers/inprocess/libfuzzer_libpng_cmin/src/lib.rs @@ -19,7 +19,7 @@ use libafl::{ monitors::MultiMonitor, mutators::{ havoc_mutations::havoc_mutations, - scheduled::{tokens_mutations, StdScheduledMutator}, + scheduled::{tokens_mutations, HavocScheduledMutator}, token_mutations::Tokens, }, observers::{CanTrack, HitcountsMapObserver, TimeObserver}, @@ -141,7 +141,7 @@ fn fuzz(corpus_dirs: &[PathBuf], objective_dir: PathBuf, broker_port: u16) -> Re // Setup a basic mutator with a mutational stage - let mutator = StdScheduledMutator::new(havoc_mutations().merge(tokens_mutations())); + let mutator = HavocScheduledMutator::new(havoc_mutations().merge(tokens_mutations())); let power: StdPowerMutationalStage<_, _, BytesInput, _, _, _> = StdPowerMutationalStage::new(mutator); diff --git a/fuzzers/inprocess/libfuzzer_libpng_launcher/src/lib.rs b/fuzzers/inprocess/libfuzzer_libpng_launcher/src/lib.rs index c3c5022a32..2f3155bf55 100644 --- a/fuzzers/inprocess/libfuzzer_libpng_launcher/src/lib.rs +++ b/fuzzers/inprocess/libfuzzer_libpng_launcher/src/lib.rs @@ -17,7 +17,7 @@ use libafl::{ monitors::{MultiMonitor, OnDiskTomlMonitor}, mutators::{ havoc_mutations::havoc_mutations, - scheduled::{tokens_mutations, StdScheduledMutator}, + scheduled::{tokens_mutations, HavocScheduledMutator}, token_mutations::Tokens, }, observers::{CanTrack, HitcountsMapObserver, TimeObserver}, @@ -198,7 +198,7 @@ pub extern "C" fn libafl_main() { } // Setup a basic mutator with a mutational stage - let mutator = StdScheduledMutator::new(havoc_mutations().merge(tokens_mutations())); + let mutator = HavocScheduledMutator::new(havoc_mutations().merge(tokens_mutations())); let mut stages = tuple_list!(StdMutationalStage::new(mutator)); // A minimization+queue policy to get testcasess from the corpus diff --git a/fuzzers/inprocess/libfuzzer_libpng_norestart/src/lib.rs b/fuzzers/inprocess/libfuzzer_libpng_norestart/src/lib.rs index 684d616f76..c0b6186d05 100644 --- a/fuzzers/inprocess/libfuzzer_libpng_norestart/src/lib.rs +++ b/fuzzers/inprocess/libfuzzer_libpng_norestart/src/lib.rs @@ -22,7 +22,7 @@ use libafl::{ monitors::{MultiMonitor, OnDiskTomlMonitor}, mutators::{ havoc_mutations::havoc_mutations, - scheduled::{tokens_mutations, StdScheduledMutator}, + scheduled::{tokens_mutations, HavocScheduledMutator}, token_mutations::Tokens, }, observers::{CanTrack, HitcountsMapObserver, TimeObserver}, @@ -216,7 +216,7 @@ pub extern "C" fn libafl_main() { } // Setup a basic mutator with a mutational stage - let mutator = StdScheduledMutator::new(havoc_mutations().merge(tokens_mutations())); + let mutator = HavocScheduledMutator::new(havoc_mutations().merge(tokens_mutations())); let mut stages = tuple_list!(StdMutationalStage::new(mutator)); // A minimization+queue policy to get testcasess from the corpus diff --git a/fuzzers/inprocess/libfuzzer_libpng_tcp_manager/src/lib.rs b/fuzzers/inprocess/libfuzzer_libpng_tcp_manager/src/lib.rs index 65a2044d19..581d1bf036 100644 --- a/fuzzers/inprocess/libfuzzer_libpng_tcp_manager/src/lib.rs +++ b/fuzzers/inprocess/libfuzzer_libpng_tcp_manager/src/lib.rs @@ -16,7 +16,7 @@ use libafl::{ monitors::MultiMonitor, mutators::{ havoc_mutations::havoc_mutations, - scheduled::{tokens_mutations, StdScheduledMutator}, + scheduled::{tokens_mutations, HavocScheduledMutator}, token_mutations::Tokens, }, observers::{CanTrack, HitcountsMapObserver, StdMapObserver, TimeObserver}, @@ -141,7 +141,7 @@ fn fuzz(corpus_dirs: &[PathBuf], objective_dir: PathBuf, broker_port: u16) -> Re // Setup a basic mutator with a mutational stage - let mutator = StdScheduledMutator::new(havoc_mutations().merge(tokens_mutations())); + let mutator = HavocScheduledMutator::new(havoc_mutations().merge(tokens_mutations())); let power: StdPowerMutationalStage<_, _, BytesInput, _, _, _> = StdPowerMutationalStage::new(mutator); diff --git a/fuzzers/inprocess/libfuzzer_stb_image/src/main.rs b/fuzzers/inprocess/libfuzzer_stb_image/src/main.rs index a6c938b8ed..35d27b3d45 100644 --- a/fuzzers/inprocess/libfuzzer_stb_image/src/main.rs +++ b/fuzzers/inprocess/libfuzzer_stb_image/src/main.rs @@ -16,7 +16,7 @@ use libafl::{ inputs::{BytesInput, HasTargetBytes}, monitors::MultiMonitor, mutators::{ - havoc_mutations::havoc_mutations, scheduled::StdScheduledMutator, + havoc_mutations::havoc_mutations, scheduled::HavocScheduledMutator, token_mutations::I2SRandReplace, }, observers::{CanTrack, TimeObserver}, @@ -155,10 +155,12 @@ fn fuzz(corpus_dirs: &[PathBuf], objective_dir: PathBuf, broker_port: u16) -> Re let tracing = ShadowTracingStage::new(); // Setup a randomic Input2State stage - let i2s = StdMutationalStage::new(StdScheduledMutator::new(tuple_list!(I2SRandReplace::new()))); + let i2s = StdMutationalStage::new(HavocScheduledMutator::new(tuple_list!( + I2SRandReplace::new() + ))); // Setup a basic mutator - let mutator = StdScheduledMutator::new(havoc_mutations()); + let mutator = HavocScheduledMutator::new(havoc_mutations()); let mutational = StdMutationalStage::new(mutator); // The order of the stages matter! diff --git a/fuzzers/inprocess/libfuzzer_windows_asan/src/lib.rs b/fuzzers/inprocess/libfuzzer_windows_asan/src/lib.rs index 89b50d70ab..caeb3a8a69 100644 --- a/fuzzers/inprocess/libfuzzer_windows_asan/src/lib.rs +++ b/fuzzers/inprocess/libfuzzer_windows_asan/src/lib.rs @@ -12,7 +12,7 @@ use libafl::{ monitors::MultiMonitor, mutators::{ havoc_mutations::havoc_mutations, - scheduled::{tokens_mutations, StdScheduledMutator}, + scheduled::{tokens_mutations, HavocScheduledMutator}, }, observers::{CanTrack, HitcountsMapObserver, TimeObserver}, schedulers::{ @@ -108,7 +108,7 @@ fn fuzz(corpus_dirs: &[PathBuf], objective_dir: PathBuf, broker_port: u16) -> Re // Setup a basic mutator with a mutational stage - let mutator = StdScheduledMutator::new(havoc_mutations().merge(tokens_mutations())); + let mutator = HavocScheduledMutator::new(havoc_mutations().merge(tokens_mutations())); let power: StdPowerMutationalStage<_, _, BytesInput, _, _, _> = StdPowerMutationalStage::new(mutator); diff --git a/fuzzers/inprocess/sqlite_centralized_multi_machine/src/lib.rs b/fuzzers/inprocess/sqlite_centralized_multi_machine/src/lib.rs index f7e634888c..c264ef27ec 100644 --- a/fuzzers/inprocess/sqlite_centralized_multi_machine/src/lib.rs +++ b/fuzzers/inprocess/sqlite_centralized_multi_machine/src/lib.rs @@ -20,7 +20,7 @@ use libafl::{ monitors::MultiMonitor, mutators::{ havoc_mutations::havoc_mutations, - scheduled::{tokens_mutations, StdScheduledMutator}, + scheduled::{tokens_mutations, HavocScheduledMutator}, token_mutations::Tokens, }, observers::{CanTrack, HitcountsMapObserver, TimeObserver}, @@ -212,7 +212,7 @@ pub extern "C" fn libafl_main() { } // Setup a basic mutator with a mutational stage - let mutator = StdScheduledMutator::new(havoc_mutations().merge(tokens_mutations())); + let mutator = HavocScheduledMutator::new(havoc_mutations().merge(tokens_mutations())); let mut stages = tuple_list!(StdMutationalStage::new(mutator)); // A minimization+queue policy to get testcasess from the corpus diff --git a/fuzzers/structure_aware/baby_fuzzer_custom_input/src/main.rs b/fuzzers/structure_aware/baby_fuzzer_custom_input/src/main.rs index e741403416..04d4c416a8 100644 --- a/fuzzers/structure_aware/baby_fuzzer_custom_input/src/main.rs +++ b/fuzzers/structure_aware/baby_fuzzer_custom_input/src/main.rs @@ -19,7 +19,7 @@ use libafl::{ feedbacks::{CrashFeedback, MaxMapFeedback}, fuzzer::{Fuzzer, StdFuzzer}, monitors::SimpleMonitor, - mutators::scheduled::StdScheduledMutator, + mutators::scheduled::HavocScheduledMutator, observers::StdMapObserver, schedulers::QueueScheduler, stages::mutational::StdMutationalStage, @@ -197,7 +197,7 @@ pub fn main() { .prepend(ToggleBooleanMutator); // Scheduling layer for the mutations - let mutator_scheduler = StdScheduledMutator::new(mutators); + let mutator_scheduler = HavocScheduledMutator::new(mutators); // Defining the mutator stage let mut stages = tuple_list!(StdMutationalStage::new(mutator_scheduler)); diff --git a/fuzzers/structure_aware/baby_fuzzer_gramatron/src/main.rs b/fuzzers/structure_aware/baby_fuzzer_gramatron/src/main.rs index f60f9596fb..bf4229cc1f 100644 --- a/fuzzers/structure_aware/baby_fuzzer_gramatron/src/main.rs +++ b/fuzzers/structure_aware/baby_fuzzer_gramatron/src/main.rs @@ -17,7 +17,7 @@ use libafl::{ monitors::SimpleMonitor, mutators::{ GramatronRandomMutator, GramatronRecursionMutator, GramatronSpliceMutator, - StdScheduledMutator, + HavocScheduledMutator, }, observers::StdMapObserver, schedulers::QueueScheduler, @@ -145,7 +145,7 @@ pub fn main() { .expect("Failed to generate the initial corpus"); // Setup a mutational stage with a basic bytes mutator - let mutator = StdScheduledMutator::with_max_stack_pow( + let mutator = HavocScheduledMutator::with_max_stack_pow( tuple_list!( GramatronRandomMutator::new(&generator), GramatronRandomMutator::new(&generator), diff --git a/fuzzers/structure_aware/baby_fuzzer_grimoire/src/main.rs b/fuzzers/structure_aware/baby_fuzzer_grimoire/src/main.rs index 8129da78a3..b95de1f7a8 100644 --- a/fuzzers/structure_aware/baby_fuzzer_grimoire/src/main.rs +++ b/fuzzers/structure_aware/baby_fuzzer_grimoire/src/main.rs @@ -11,7 +11,7 @@ use libafl::{ inputs::{BytesInput, GeneralizedInputMetadata, HasTargetBytes}, monitors::SimpleMonitor, mutators::{ - havoc_mutations, scheduled::StdScheduledMutator, GrimoireExtensionMutator, + havoc_mutations, scheduled::HavocScheduledMutator, GrimoireExtensionMutator, GrimoireRandomDeleteMutator, GrimoireRecursiveReplacementMutator, GrimoireStringReplacementMutator, Tokens, }, @@ -142,8 +142,8 @@ pub fn main() { .expect("Failed to create the Executor"); // Setup a mutational stage with a basic bytes mutator - let mutator = StdScheduledMutator::with_max_stack_pow(havoc_mutations(), 2); - let grimoire_mutator = StdScheduledMutator::with_max_stack_pow( + let mutator = HavocScheduledMutator::with_max_stack_pow(havoc_mutations(), 2); + let grimoire_mutator = HavocScheduledMutator::with_max_stack_pow( tuple_list!( GrimoireExtensionMutator::new(), GrimoireRecursiveReplacementMutator::new(), diff --git a/fuzzers/structure_aware/baby_fuzzer_multi/src/main.rs b/fuzzers/structure_aware/baby_fuzzer_multi/src/main.rs index 7ced193195..39a5d028af 100644 --- a/fuzzers/structure_aware/baby_fuzzer_multi/src/main.rs +++ b/fuzzers/structure_aware/baby_fuzzer_multi/src/main.rs @@ -14,7 +14,7 @@ use libafl::{ feedbacks::{CrashFeedback, MaxMapFeedback, MinMapFeedback}, fuzzer::{Fuzzer, StdFuzzer}, inputs::{BytesInput, HasTargetBytes, MultipartInput}, - mutators::{havoc_mutations::havoc_mutations, scheduled::StdScheduledMutator}, + mutators::{havoc_mutations::havoc_mutations, scheduled::HavocScheduledMutator}, observers::ConstMapObserver, schedulers::QueueScheduler, stages::mutational::StdMutationalStage, @@ -152,7 +152,7 @@ pub fn main() { .unwrap(); // Setup a mutational stage with a basic bytes mutator - let mutator = StdScheduledMutator::new(havoc_mutations()); + let mutator = HavocScheduledMutator::new(havoc_mutations()); let mut stages = tuple_list!(StdMutationalStage::new(mutator)); fuzzer diff --git a/fuzzers/structure_aware/baby_fuzzer_nautilus/src/main.rs b/fuzzers/structure_aware/baby_fuzzer_nautilus/src/main.rs index 71dcb912f8..07d33f0208 100644 --- a/fuzzers/structure_aware/baby_fuzzer_nautilus/src/main.rs +++ b/fuzzers/structure_aware/baby_fuzzer_nautilus/src/main.rs @@ -13,7 +13,8 @@ use libafl::{ inputs::NautilusInput, monitors::SimpleMonitor, mutators::{ - NautilusRandomMutator, NautilusRecursionMutator, NautilusSpliceMutator, StdScheduledMutator, + HavocScheduledMutator, NautilusRandomMutator, NautilusRecursionMutator, + NautilusSpliceMutator, }, observers::StdMapObserver, schedulers::QueueScheduler, @@ -145,7 +146,7 @@ pub fn main() { } // Setup a mutational stage with a basic bytes mutator - let mutator = StdScheduledMutator::with_max_stack_pow( + let mutator = HavocScheduledMutator::with_max_stack_pow( tuple_list!( NautilusRandomMutator::new(&context), NautilusRandomMutator::new(&context), diff --git a/fuzzers/structure_aware/baby_fuzzer_tokens/src/main.rs b/fuzzers/structure_aware/baby_fuzzer_tokens/src/main.rs index 194c2acd72..600f9b13ac 100644 --- a/fuzzers/structure_aware/baby_fuzzer_tokens/src/main.rs +++ b/fuzzers/structure_aware/baby_fuzzer_tokens/src/main.rs @@ -10,7 +10,7 @@ use libafl::{ fuzzer::{Evaluator, Fuzzer, StdFuzzer}, inputs::{EncodedInput, InputDecoder, InputEncoder, NaiveTokenizer, TokenInputEncoderDecoder}, monitors::SimpleMonitor, - mutators::{encoded_mutations::encoded_mutations, scheduled::StdScheduledMutator}, + mutators::{encoded_mutations::encoded_mutations, scheduled::HavocScheduledMutator}, observers::StdMapObserver, schedulers::QueueScheduler, stages::mutational::StdMutationalStage, @@ -119,7 +119,7 @@ pub fn main() { .expect("Failed to create the Executor"); // Setup a mutational stage with a basic bytes mutator - let mutator = StdScheduledMutator::with_max_stack_pow(encoded_mutations(), 2); + let mutator = HavocScheduledMutator::with_max_stack_pow(encoded_mutations(), 2); let mut stages = tuple_list!(StdMutationalStage::new(mutator)); println!("Decoder {:?} ...", &encoder_decoder); diff --git a/fuzzers/structure_aware/forkserver_simple_nautilus/src/main.rs b/fuzzers/structure_aware/forkserver_simple_nautilus/src/main.rs index c54b7265c4..37776ad6dc 100644 --- a/fuzzers/structure_aware/forkserver_simple_nautilus/src/main.rs +++ b/fuzzers/structure_aware/forkserver_simple_nautilus/src/main.rs @@ -15,8 +15,8 @@ use libafl::{ inputs::{NautilusInput, NautilusTargetBytesConverter}, monitors::SimpleMonitor, mutators::{ - NautilusRandomMutator, NautilusRecursionMutator, NautilusSpliceMutator, - StdScheduledMutator, Tokens, + HavocScheduledMutator, NautilusRandomMutator, NautilusRecursionMutator, + NautilusSpliceMutator, Tokens, }, observers::{CanTrack, HitcountsMapObserver, StdMapObserver, TimeObserver}, schedulers::{IndexesLenTimeMinimizerScheduler, QueueScheduler}, @@ -207,7 +207,7 @@ pub fn main() { state.add_metadata(tokens); // Setup a mutational stage with a basic bytes mutator - let mutator = StdScheduledMutator::with_max_stack_pow( + let mutator = HavocScheduledMutator::with_max_stack_pow( tuple_list!( NautilusRandomMutator::new(&context), NautilusRandomMutator::new(&context), diff --git a/fuzzers/structure_aware/libfuzzer_stb_image_concolic/fuzzer/src/main.rs b/fuzzers/structure_aware/libfuzzer_stb_image_concolic/fuzzer/src/main.rs index 71cd19251b..9c2b6a8ee7 100644 --- a/fuzzers/structure_aware/libfuzzer_stb_image_concolic/fuzzer/src/main.rs +++ b/fuzzers/structure_aware/libfuzzer_stb_image_concolic/fuzzer/src/main.rs @@ -20,7 +20,7 @@ use libafl::{ inputs::{BytesInput, HasTargetBytes, Input}, monitors::MultiMonitor, mutators::{ - havoc_mutations::havoc_mutations, scheduled::StdScheduledMutator, + havoc_mutations::havoc_mutations, scheduled::HavocScheduledMutator, token_mutations::I2SRandReplace, }, observers::{ @@ -193,10 +193,12 @@ fn fuzz( let tracing = ShadowTracingStage::new(); // Setup a randomic Input2State stage - let i2s = StdMutationalStage::new(StdScheduledMutator::new(tuple_list!(I2SRandReplace::new()))); + let i2s = StdMutationalStage::new(HavocScheduledMutator::new(tuple_list!( + I2SRandReplace::new() + ))); // Setup a basic mutator - let mutator = StdScheduledMutator::new(havoc_mutations()); + let mutator = HavocScheduledMutator::new(havoc_mutations()); let mutational = StdMutationalStage::new(mutator); if concolic { diff --git a/fuzzers/structure_aware/nautilus_sync/src/lib.rs b/fuzzers/structure_aware/nautilus_sync/src/lib.rs index ebe5654e8b..25d984622c 100644 --- a/fuzzers/structure_aware/nautilus_sync/src/lib.rs +++ b/fuzzers/structure_aware/nautilus_sync/src/lib.rs @@ -18,7 +18,8 @@ use libafl::{ inputs::{NautilusInput, NautilusToBytesInputConverter}, monitors::SimpleMonitor, mutators::{ - NautilusRandomMutator, NautilusRecursionMutator, NautilusSpliceMutator, StdScheduledMutator, + HavocScheduledMutator, NautilusRandomMutator, NautilusRecursionMutator, + NautilusSpliceMutator, }, none_input_converter, schedulers::QueueScheduler, @@ -216,7 +217,7 @@ pub extern "C" fn libafl_main() { .expect("Failed to generate the initial corpus"); // Setup a mutational stage with a basic bytes mutator - let mutator = StdScheduledMutator::with_max_stack_pow( + let mutator = HavocScheduledMutator::with_max_stack_pow( tuple_list!( NautilusRandomMutator::new(&context), NautilusRandomMutator::new(&context), diff --git a/libafl/src/lib.rs b/libafl/src/lib.rs index a6082407bd..dab08eb764 100644 --- a/libafl/src/lib.rs +++ b/libafl/src/lib.rs @@ -124,7 +124,7 @@ mod tests { fuzzer::Fuzzer, inputs::BytesInput, monitors::SimpleMonitor, - mutators::{StdScheduledMutator, mutations::BitFlipMutator}, + mutators::{HavocScheduledMutator, mutations::BitFlipMutator}, schedulers::RandScheduler, stages::StdMutationalStage, state::{HasCorpus, StdState}, @@ -178,7 +178,7 @@ mod tests { ) .unwrap(); - let mutator = StdScheduledMutator::new(tuple_list!(BitFlipMutator::new())); + let mutator = HavocScheduledMutator::new(tuple_list!(BitFlipMutator::new())); let mut stages = tuple_list!(StdMutationalStage::new(mutator)); for i in 0..1000 { diff --git a/libafl/src/mutators/scheduled.rs b/libafl/src/mutators/scheduled.rs index 4124d46dc5..e2f9d17344 100644 --- a/libafl/src/mutators/scheduled.rs +++ b/libafl/src/mutators/scheduled.rs @@ -99,19 +99,18 @@ where /// A [`Mutator`] that schedules one of the embedded mutations on each call. #[derive(Debug)] -pub struct StdScheduledMutator { +pub struct SingleChoiceScheduledMutator { name: Cow<'static, str>, mutations: MT, - max_stack_pow: usize, } -impl Named for StdScheduledMutator { +impl Named for SingleChoiceScheduledMutator { fn name(&self) -> &Cow<'static, str> { &self.name } } -impl Mutator for StdScheduledMutator +impl Mutator for SingleChoiceScheduledMutator where MT: MutatorsTuple, S: HasRand, @@ -122,7 +121,7 @@ where } } -impl ComposedByMutations for StdScheduledMutator { +impl ComposedByMutations for SingleChoiceScheduledMutator { type Mutations = MT; /// Get the mutations #[inline] @@ -137,7 +136,85 @@ impl ComposedByMutations for StdScheduledMutator { } } -impl ScheduledMutator for StdScheduledMutator +impl ScheduledMutator for SingleChoiceScheduledMutator +where + MT: MutatorsTuple, + S: HasRand, +{ + /// Compute the number of iterations used to apply stacked mutations + fn iterations(&self, _state: &mut S, _: &I) -> u64 { + 1 + } + + /// Get the next mutation to apply + fn schedule(&self, state: &mut S, _: &I) -> MutationId { + debug_assert_ne!(self.mutations.len(), 0); + // # Safety + // We check for empty mutations + state + .rand_mut() + .below(unsafe { NonZero::new(self.mutations.len()).unwrap_unchecked() }) + .into() + } +} + +impl SingleChoiceScheduledMutator +where + MT: NamedTuple, +{ + /// Create a new [`SingleChoiceScheduledMutator`] instance specifying mutations + pub fn new(mutations: MT) -> Self { + SingleChoiceScheduledMutator { + name: Cow::from(format!( + "SingleChoiceScheduledMutator[{}]", + mutations.names().join(", ") + )), + mutations, + } + } +} + +/// A [`Mutator`] that stacks embedded mutations in a havoc manner on each call. +#[derive(Debug)] +pub struct HavocScheduledMutator { + name: Cow<'static, str>, + mutations: MT, + max_stack_pow: usize, +} + +impl Named for HavocScheduledMutator { + fn name(&self) -> &Cow<'static, str> { + &self.name + } +} + +impl Mutator for HavocScheduledMutator +where + MT: MutatorsTuple, + S: HasRand, +{ + #[inline] + fn mutate(&mut self, state: &mut S, input: &mut I) -> Result { + self.scheduled_mutate(state, input) + } +} + +impl ComposedByMutations for HavocScheduledMutator { + type Mutations = MT; + /// Get the mutations + #[inline] + fn mutations(&self) -> &MT { + &self.mutations + } + + // Get the mutations (mutable) + #[inline] + fn mutations_mut(&mut self) -> &mut MT { + &mut self.mutations + } +} + +impl ScheduledMutator for HavocScheduledMutator where MT: MutatorsTuple, S: HasRand, @@ -159,15 +236,15 @@ where } } -impl StdScheduledMutator +impl HavocScheduledMutator where MT: NamedTuple, { - /// Create a new [`StdScheduledMutator`] instance specifying mutations + /// Create a new [`HavocScheduledMutator`] instance specifying mutations pub fn new(mutations: MT) -> Self { - StdScheduledMutator { + HavocScheduledMutator { name: Cow::from(format!( - "StdScheduledMutator[{}]", + "HavocScheduledMutator[{}]", mutations.names().join(", ") )), mutations, @@ -175,15 +252,12 @@ where } } - /// Create a new [`StdScheduledMutator`] instance specifying mutations and the maximun number of iterations - /// - /// # Errors - /// Will return [`Error::IllegalArgument`] for `max_stack_pow` of 0. + /// Create a new [`HavocScheduledMutator`] instance specifying mutations and the maximun number of iterations #[inline] pub fn with_max_stack_pow(mutations: MT, max_stack_pow: usize) -> Self { Self { name: Cow::from(format!( - "StdScheduledMutator[{}]", + "HavocScheduledMutator[{}]", mutations.names().join(", ") )), mutations, @@ -198,7 +272,7 @@ pub fn tokens_mutations() -> tuple_list_type!(TokenInsert, TokenReplace) { tuple_list!(TokenInsert::new(), TokenReplace::new()) } -/// A logging [`Mutator`] that wraps around a [`StdScheduledMutator`]. +/// A logging [`Mutator`] that wraps around a [`HavocScheduledMutator`]. #[derive(Debug)] pub struct LoggerScheduledMutator { name: Cow<'static, str>, @@ -317,8 +391,10 @@ mod tests { feedbacks::ConstFeedback, inputs::{BytesInput, HasMutatorBytes}, mutators::{ - Mutator, havoc_mutations::havoc_mutations, mutations::SpliceMutator, - scheduled::StdScheduledMutator, + Mutator, + havoc_mutations::havoc_mutations, + mutations::SpliceMutator, + scheduled::{HavocScheduledMutator, SingleChoiceScheduledMutator}, }, state::StdState, }; @@ -379,7 +455,7 @@ mod tests { ) .unwrap(); - let mut havoc = StdScheduledMutator::new(havoc_mutations()); + let mut havoc = HavocScheduledMutator::new(havoc_mutations()); assert_eq!(input, input_prior); @@ -397,4 +473,45 @@ mod tests { assert_ne!(equal_in_a_row, 5); } } + + #[test] + fn test_single_choice() { + let rand = StdRand::with_seed(0x1337); + let mut corpus: InMemoryCorpus = InMemoryCorpus::new(); + corpus.add(Testcase::new(b"abc".to_vec().into())).unwrap(); + corpus.add(Testcase::new(b"def".to_vec().into())).unwrap(); + + let mut input = corpus.cloned_input_for_id(corpus.first().unwrap()).unwrap(); + let input_prior = input.clone(); + + let mut feedback = ConstFeedback::new(false); + let mut objective = ConstFeedback::new(false); + + let mut state = StdState::new( + rand, + corpus, + InMemoryCorpus::new(), + &mut feedback, + &mut objective, + ) + .unwrap(); + + let mut mutator = SingleChoiceScheduledMutator::new(havoc_mutations()); + + assert_eq!(input, input_prior); + + let mut equal_in_a_row = 0; + + for _ in 0..100 { + mutator.mutate(&mut state, &mut input).unwrap(); + + // Make sure we actually mutate something, at least sometimes + equal_in_a_row = if input == input_prior { + equal_in_a_row + 1 + } else { + 0 + }; + assert_ne!(equal_in_a_row, 20); + } + } } diff --git a/libafl_frida/src/lib.rs b/libafl_frida/src/lib.rs index 74c5337086..3445c542b6 100644 --- a/libafl_frida/src/lib.rs +++ b/libafl_frida/src/lib.rs @@ -341,7 +341,7 @@ mod tests { feedback_and_fast, feedback_or_fast, feedbacks::ConstFeedback, inputs::{BytesInput, HasTargetBytes}, - mutators::{StdScheduledMutator, mutations::BitFlipMutator}, + mutators::{HavocScheduledMutator, mutations::BitFlipMutator}, schedulers::StdScheduler, stages::StdMutationalStage, state::{HasSolutions, StdState}, @@ -517,7 +517,7 @@ mod tests { Rc::clone(&frida_helper), ); - let mutator = StdScheduledMutator::new(tuple_list!(BitFlipMutator::new())); + let mutator = HavocScheduledMutator::new(tuple_list!(BitFlipMutator::new())); let mut stages = tuple_list!(StdMutationalStage::with_max_iterations( mutator, NonZero::new(1).unwrap() diff --git a/libafl_libfuzzer/runtime/src/lib.rs b/libafl_libfuzzer/runtime/src/lib.rs index da826008ae..0439e68aa7 100644 --- a/libafl_libfuzzer/runtime/src/lib.rs +++ b/libafl_libfuzzer/runtime/src/lib.rs @@ -156,7 +156,7 @@ macro_rules! fuzz_with { mutators::{ GrimoireExtensionMutator, GrimoireRecursiveReplacementMutator, GrimoireRandomDeleteMutator, GrimoireStringReplacementMutator, havoc_crossover, havoc_mutations, havoc_mutations_no_crossover, - I2SRandReplace, StdScheduledMutator, UnicodeCategoryRandMutator, UnicodeSubcategoryRandMutator, + I2SRandReplace, HavocScheduledMutator, UnicodeCategoryRandMutator, UnicodeSubcategoryRandMutator, UnicodeCategoryTokenReplaceMutator, UnicodeSubcategoryTokenReplaceMutator, Tokens, tokens_mutations, UnicodeInput, }, @@ -302,7 +302,7 @@ macro_rules! fuzz_with { // Set up a string category analysis stage for unicode mutations let unicode_used = $options.unicode(); - let unicode_mutator = StdScheduledMutator::new( + let unicode_mutator = HavocScheduledMutator::new( tuple_list!( UnicodeCategoryRandMutator, UnicodeSubcategoryRandMutator, @@ -311,7 +311,7 @@ macro_rules! fuzz_with { UnicodeSubcategoryRandMutator, ) ); - let unicode_replace_mutator = StdScheduledMutator::new( + let unicode_replace_mutator = HavocScheduledMutator::new( tuple_list!( UnicodeCategoryTokenReplaceMutator, UnicodeSubcategoryTokenReplaceMutator, @@ -345,17 +345,17 @@ macro_rules! fuzz_with { // Setup a randomic Input2State stage, conditionally within a custom mutator let i2s = - StdMutationalStage::new(StdScheduledMutator::new(tuple_list!(I2SRandReplace::new()))); + StdMutationalStage::new(HavocScheduledMutator::new(tuple_list!(I2SRandReplace::new()))); let i2s = IfStage::new(|_, _, _, _| Ok((!mutator_status.custom_mutation).into()), (i2s, ())); let cm_i2s = StdMutationalStage::new(unsafe { - LLVMCustomMutator::mutate_unchecked(StdScheduledMutator::new(tuple_list!( + LLVMCustomMutator::mutate_unchecked(HavocScheduledMutator::new(tuple_list!( I2SRandReplace::new() ))) }); let cm_i2s = IfStage::new(|_, _, _, _| Ok(mutator_status.custom_mutation.into()), (cm_i2s, ())); // TODO configure with mutation stacking options from libfuzzer - let std_mutator = StdScheduledMutator::new(havoc_mutations().merge(tokens_mutations())); + let std_mutator = HavocScheduledMutator::new(havoc_mutations().merge(tokens_mutations())); let std_power: StdPowerMutationalStage<_, _, BytesInput, _, _, _> = StdPowerMutationalStage::new(std_mutator); let std_power = IfStage::new(|_, _, _, _| Ok(mutator_status.std_mutational.into()), (std_power, ())); @@ -374,10 +374,10 @@ macro_rules! fuzz_with { // we opt not to use crossover in the LLVMFuzzerMutate and instead have a second crossover pass, // though it is likely an error for fuzzers to provide custom mutators but not custom crossovers let custom_mutator = unsafe { - LLVMCustomMutator::mutate_unchecked(StdScheduledMutator::new(havoc_mutations_no_crossover().merge(tokens_mutations()))) + LLVMCustomMutator::mutate_unchecked(HavocScheduledMutator::new(havoc_mutations_no_crossover().merge(tokens_mutations()))) }; // Safe to unwrap: stack pow is not 0. - let std_mutator_no_mutate = StdScheduledMutator::with_max_stack_pow(havoc_crossover(),3); + let std_mutator_no_mutate = HavocScheduledMutator::with_max_stack_pow(havoc_crossover(),3); let cm_power: StdPowerMutationalStage<_, _, BytesInput, _, _, _> = StdPowerMutationalStage::new(custom_mutator); let cm_power = IfStage::new(|_, _, _, _| Ok(mutator_status.custom_mutation.into()), (cm_power, ())); @@ -390,12 +390,12 @@ macro_rules! fuzz_with { // we handle it here explicitly anyways // Safe to unwrap: stack pow is not 0. let custom_crossover = unsafe { - LLVMCustomMutator::crossover_unchecked(StdScheduledMutator::with_max_stack_pow( + LLVMCustomMutator::crossover_unchecked(HavocScheduledMutator::with_max_stack_pow( havoc_mutations_no_crossover().merge(tokens_mutations()), 3, )) }; - let std_mutator_no_crossover = StdScheduledMutator::new(havoc_mutations_no_crossover().merge(tokens_mutations())); + let std_mutator_no_crossover = HavocScheduledMutator::new(havoc_mutations_no_crossover().merge(tokens_mutations())); let cc_power = StdMutationalStage::new(custom_crossover); let cc_power = IfStage::new(|_, _, _, _| Ok(mutator_status.custom_crossover.into()), (cc_power, ())); @@ -404,7 +404,7 @@ macro_rules! fuzz_with { IfStage::new(|_, _, _, _| Ok(mutator_status.std_no_crossover.into()), (cc_std_power, ())); // Safe to unwrap: stack pow is not 0. - let grimoire_mutator = StdScheduledMutator::with_max_stack_pow( + let grimoire_mutator = HavocScheduledMutator::with_max_stack_pow( tuple_list!( GrimoireExtensionMutator::new(), GrimoireRecursiveReplacementMutator::new(), diff --git a/libafl_libfuzzer/runtime/src/tmin.rs b/libafl_libfuzzer/runtime/src/tmin.rs index 7afb05d214..2cc245bac8 100644 --- a/libafl_libfuzzer/runtime/src/tmin.rs +++ b/libafl_libfuzzer/runtime/src/tmin.rs @@ -10,7 +10,7 @@ use libafl::{ executors::{ExitKind, inprocess_fork::InProcessForkExecutor}, feedbacks::{CrashFeedback, TimeoutFeedback}, inputs::{BytesInput, HasMutatorBytes, HasTargetBytes}, - mutators::{Mutator, StdScheduledMutator, havoc_mutations_no_crossover}, + mutators::{HavocScheduledMutator, Mutator, havoc_mutations_no_crossover}, schedulers::QueueScheduler, stages::StdTMinMutationalStage, state::{HasCorpus, StdState}, @@ -165,13 +165,13 @@ pub fn minimize_crash( // TODO configure with mutation stacking options from libfuzzer if mutator_status.custom_mutation { let custom_mutator = unsafe { - LLVMCustomMutator::mutate_unchecked(StdScheduledMutator::new( + LLVMCustomMutator::mutate_unchecked(HavocScheduledMutator::new( havoc_mutations_no_crossover(), )) }; minimize_crash_with_mutator(options, harness, custom_mutator, state) } else { - let std_mutator = StdScheduledMutator::new(havoc_mutations_no_crossover()); + let std_mutator = HavocScheduledMutator::new(havoc_mutations_no_crossover()); minimize_crash_with_mutator(options, harness, std_mutator, state) } } diff --git a/libafl_sugar/src/forkserver.rs b/libafl_sugar/src/forkserver.rs index 5fc5f0b914..f28c595b66 100644 --- a/libafl_sugar/src/forkserver.rs +++ b/libafl_sugar/src/forkserver.rs @@ -15,7 +15,7 @@ use libafl::{ monitors::MultiMonitor, mutators::{ havoc_mutations::havoc_mutations, - scheduled::{StdScheduledMutator, tokens_mutations}, + scheduled::{HavocScheduledMutator, tokens_mutations}, token_mutations::Tokens, }, observers::{CanTrack, HitcountsMapObserver, StdMapObserver, TimeObserver}, @@ -247,7 +247,8 @@ impl ForkserverBytesCoverageSugar<'_> { if self.tokens_file.is_some() { // Setup a basic mutator - let mutator = StdScheduledMutator::new(havoc_mutations().merge(tokens_mutations())); + let mutator = + HavocScheduledMutator::new(havoc_mutations().merge(tokens_mutations())); let mutational = StdMutationalStage::new(mutator); // The order of the stages matter! @@ -268,7 +269,7 @@ impl ForkserverBytesCoverageSugar<'_> { } } else { // Setup a basic mutator - let mutator = StdScheduledMutator::new(havoc_mutations()); + let mutator = HavocScheduledMutator::new(havoc_mutations()); let mutational = StdMutationalStage::new(mutator); // The order of the stages matter! diff --git a/libafl_sugar/src/inmemory.rs b/libafl_sugar/src/inmemory.rs index d16800eb61..e2b6e59f10 100644 --- a/libafl_sugar/src/inmemory.rs +++ b/libafl_sugar/src/inmemory.rs @@ -21,7 +21,7 @@ use libafl::{ monitors::MultiMonitor, mutators::{ havoc_mutations::havoc_mutations, - scheduled::{StdScheduledMutator, tokens_mutations}, + scheduled::{HavocScheduledMutator, tokens_mutations}, token_mutations::{I2SRandReplace, Tokens}, }, observers::{CanTrack, HitcountsMapObserver, StdMapObserver, TimeObserver}, @@ -264,13 +264,14 @@ where let tracing = ShadowTracingStage::new(); // Setup a randomic Input2State stage - let i2s = StdMutationalStage::new(StdScheduledMutator::new(tuple_list!( + let i2s = StdMutationalStage::new(HavocScheduledMutator::new(tuple_list!( I2SRandReplace::new() ))); if self.tokens_file.is_some() { // Setup a basic mutator - let mutator = StdScheduledMutator::new(havoc_mutations().merge(tokens_mutations())); + let mutator = + HavocScheduledMutator::new(havoc_mutations().merge(tokens_mutations())); let mutational = StdMutationalStage::new(mutator); // The order of the stages matter! @@ -307,7 +308,7 @@ where } } else { // Setup a basic mutator - let mutator = StdScheduledMutator::new(havoc_mutations()); + let mutator = HavocScheduledMutator::new(havoc_mutations()); let mutational = StdMutationalStage::new(mutator); // The order of the stages matter! diff --git a/libafl_sugar/src/qemu.rs b/libafl_sugar/src/qemu.rs index ac94749698..cef7772715 100644 --- a/libafl_sugar/src/qemu.rs +++ b/libafl_sugar/src/qemu.rs @@ -20,7 +20,7 @@ use libafl::{ mutators::{ I2SRandReplace, havoc_mutations::havoc_mutations, - scheduled::{StdScheduledMutator, tokens_mutations}, + scheduled::{HavocScheduledMutator, tokens_mutations}, token_mutations::Tokens, }, observers::{CanTrack, HitcountsMapObserver, TimeObserver, VariableMapObserver}, @@ -302,14 +302,14 @@ where let tracing = ShadowTracingStage::new(); // Setup a randomic Input2State stage - let i2s = StdMutationalStage::new(StdScheduledMutator::new(tuple_list!( + let i2s = StdMutationalStage::new(HavocScheduledMutator::new(tuple_list!( I2SRandReplace::new() ))); if self.tokens_file.is_some() { // Setup a basic mutator let mutator = - StdScheduledMutator::new(havoc_mutations().merge(tokens_mutations())); + HavocScheduledMutator::new(havoc_mutations().merge(tokens_mutations())); let mutational = StdMutationalStage::new(mutator); // The order of the stages matter! @@ -330,7 +330,7 @@ where } } else { // Setup a basic mutator - let mutator = StdScheduledMutator::new(havoc_mutations()); + let mutator = HavocScheduledMutator::new(havoc_mutations()); let mutational = StdMutationalStage::new(mutator); // The order of the stages matter! @@ -423,7 +423,7 @@ where if self.tokens_file.is_some() { // Setup a basic mutator let mutator = - StdScheduledMutator::new(havoc_mutations().merge(tokens_mutations())); + HavocScheduledMutator::new(havoc_mutations().merge(tokens_mutations())); let mutational = StdMutationalStage::new(mutator); // The order of the stages matter! @@ -444,7 +444,7 @@ where } } else { // Setup a basic mutator - let mutator = StdScheduledMutator::new(havoc_mutations()); + let mutator = HavocScheduledMutator::new(havoc_mutations()); let mutational = StdMutationalStage::new(mutator); // The order of the stages matter!