From a56f4af7da8df94593c7ff8169d4125a1e9ca435 Mon Sep 17 00:00:00 2001 From: Andrea Fioraldi Date: Thu, 3 Mar 2022 14:27:37 +0100 Subject: [PATCH] CorpusScheduler -> Scheduler and move them to the schedulers folder (#560) * CorpusScheduler -> Scheduler * fix book * update fuzzers * fix tests * fix sugar * fix * fix tutorial * fix tutorial * fmt * fix * fmt * fmt --- docs/src/baby_fuzzer.md | 9 +- fuzzers/baby_fuzzer/src/main.rs | 5 +- fuzzers/baby_fuzzer_gramatron/src/main.rs | 5 +- fuzzers/baby_fuzzer_grimoire/src/main.rs | 5 +- fuzzers/baby_fuzzer_nautilus/src/main.rs | 5 +- fuzzers/baby_fuzzer_tokens/src/main.rs | 5 +- .../baby_fuzzer_with_forkexecutor/src/main.rs | 5 +- fuzzers/baby_no_std/src/main.rs | 5 +- .../c_code_with_fork_executor/src/main.rs | 5 +- .../src/main.rs | 5 +- .../command_executor/src/main.rs | 5 +- .../forkserver_executor/src/main.rs | 5 +- .../rust_code_with_fork_executor/src/main.rs | 5 +- .../src/main.rs | 5 +- fuzzers/forkserver_simple/src/main.rs | 8 +- fuzzers/frida_libpng/src/fuzzer.rs | 15 +- fuzzers/fuzzbench/src/lib.rs | 7 +- fuzzers/fuzzbench_fork_qemu/src/fuzzer.rs | 7 +- fuzzers/fuzzbench_qemu/src/fuzzer.rs | 7 +- fuzzers/fuzzbench_text/src/lib.rs | 9 +- fuzzers/generic_inmemory/.gitignore | 1 - fuzzers/generic_inmemory/Cargo.toml | 32 -- fuzzers/generic_inmemory/Makefile.toml | 79 ----- fuzzers/generic_inmemory/README.md | 3 - fuzzers/generic_inmemory/fuzz.c | 16 - fuzzers/generic_inmemory/src/bin/libafl_cc.rs | 36 -- .../generic_inmemory/src/bin/libafl_cxx.rs | 5 - fuzzers/generic_inmemory/src/lib.rs | 314 ------------------ fuzzers/libafl_atheris/src/lib.rs | 8 +- fuzzers/libfuzzer_libmozjpeg/src/lib.rs | 5 +- fuzzers/libfuzzer_libpng/src/lib.rs | 8 +- .../libfuzzer_libpng_accounting/src/lib.rs | 15 +- fuzzers/libfuzzer_libpng_ctx/src/lib.rs | 8 +- fuzzers/libfuzzer_libpng_launcher/src/lib.rs | 8 +- fuzzers/libfuzzer_reachability/src/lib.rs | 5 +- fuzzers/libfuzzer_stb_image/src/main.rs | 8 +- .../fuzzer/src/main.rs | 8 +- fuzzers/push_harness/src/main.rs | 5 +- fuzzers/push_stage_harness/src/main.rs | 7 +- fuzzers/qemu_launcher/src/fuzzer.rs | 8 +- fuzzers/tutorial/src/lib.rs | 5 +- fuzzers/tutorial/src/metadata.rs | 7 +- libafl/src/corpus/mod.rs | 104 +----- libafl/src/events/llmp.rs | 5 +- libafl/src/fuzzer/mod.rs | 35 +- libafl/src/lib.rs | 6 +- .../src/{corpus => schedulers}/accounting.rs | 33 +- .../src/{corpus => schedulers}/fav_factor.rs | 0 .../src/{corpus => schedulers}/minimizer.rs | 43 +-- libafl/src/schedulers/mod.rs | 106 ++++++ .../src/{corpus => schedulers}/powersched.rs | 13 +- .../probabilistic_sampling.rs | 25 +- libafl/src/{corpus => schedulers}/queue.rs | 22 +- libafl/src/stages/mod.rs | 16 +- libafl/src/stages/power.rs | 3 +- libafl/src/stages/push/mod.rs | 24 +- libafl/src/stages/push/mutational.rs | 25 +- libafl_concolic/symcc_runtime/symcc | 2 +- libafl_sugar/src/forkserver.rs | 9 +- libafl_sugar/src/inmemory.rs | 9 +- libafl_sugar/src/qemu.rs | 9 +- scripts/fmt_all.sh | 9 +- 62 files changed, 360 insertions(+), 856 deletions(-) delete mode 100644 fuzzers/generic_inmemory/.gitignore delete mode 100644 fuzzers/generic_inmemory/Cargo.toml delete mode 100644 fuzzers/generic_inmemory/Makefile.toml delete mode 100644 fuzzers/generic_inmemory/README.md delete mode 100644 fuzzers/generic_inmemory/fuzz.c delete mode 100644 fuzzers/generic_inmemory/src/bin/libafl_cc.rs delete mode 100644 fuzzers/generic_inmemory/src/bin/libafl_cxx.rs delete mode 100644 fuzzers/generic_inmemory/src/lib.rs rename libafl/src/{corpus => schedulers}/accounting.rs (89%) rename libafl/src/{corpus => schedulers}/fav_factor.rs (100%) rename libafl/src/{corpus => schedulers}/minimizer.rs (81%) create mode 100644 libafl/src/schedulers/mod.rs rename libafl/src/{corpus => schedulers}/powersched.rs (88%) rename libafl/src/{corpus => schedulers}/probabilistic_sampling.rs (87%) rename libafl/src/{corpus => schedulers}/queue.rs (82%) diff --git a/docs/src/baby_fuzzer.md b/docs/src/baby_fuzzer.md index 0d255f7492..5614fafacf 100644 --- a/docs/src/baby_fuzzer.md +++ b/docs/src/baby_fuzzer.md @@ -135,12 +135,12 @@ let mon = SimpleMonitor::new(|s| println!("{}", s)); let mut mgr = SimpleEventManager::new(mon); ``` -In addition, we have the Fuzzer, an entity that contains some actions that alter the State. One of these actions is the scheduling of the testcases to the fuzzer using a CorpusScheduler. -We create it as QueueCorpusScheduler, a scheduler that serves testcases to the fuzzer in a FIFO fashion. +In addition, we have the Fuzzer, an entity that contains some actions that alter the State. One of these actions is the scheduling of the testcases to the fuzzer using a Scheduler. +We create it as QueueScheduler, a scheduler that serves testcases to the fuzzer in a FIFO fashion. ```rust,ignore // A queue policy to get testcasess from the corpus -let scheduler = QueueCorpusScheduler::new(); +let scheduler = QueueScheduler::new(); // A fuzzer with feedbacks and a corpus scheduler let mut fuzzer = StdFuzzer::new(scheduler, (), ()); @@ -187,13 +187,14 @@ extern crate libafl; use std::path::PathBuf; use libafl::{ bolts::{current_nanos, rands::StdRand}, - corpus::{InMemoryCorpus, OnDiskCorpus, QueueCorpusScheduler}, + corpus::{InMemoryCorpus, OnDiskCorpus}, events::SimpleEventManager, executors::{inprocess::InProcessExecutor, ExitKind}, fuzzer::StdFuzzer, generators::RandPrintablesGenerator, inputs::{BytesInput, HasTargetBytes}, monitors::SimpleMonitor, + schedulers::QueueScheduler, state::StdState, }; ``` diff --git a/fuzzers/baby_fuzzer/src/main.rs b/fuzzers/baby_fuzzer/src/main.rs index 2d6d6ce2d8..5b2dda45da 100644 --- a/fuzzers/baby_fuzzer/src/main.rs +++ b/fuzzers/baby_fuzzer/src/main.rs @@ -5,7 +5,7 @@ use std::ptr::write_volatile; use libafl::{ bolts::{current_nanos, rands::StdRand, tuples::tuple_list, AsSlice}, - corpus::{InMemoryCorpus, OnDiskCorpus, QueueCorpusScheduler}, + corpus::{InMemoryCorpus, OnDiskCorpus}, events::SimpleEventManager, executors::{inprocess::InProcessExecutor, ExitKind}, feedbacks::{CrashFeedback, MapFeedbackState, MaxMapFeedback}, @@ -15,6 +15,7 @@ use libafl::{ monitors::SimpleMonitor, mutators::scheduled::{havoc_mutations, StdScheduledMutator}, observers::StdMapObserver, + schedulers::QueueScheduler, stages::mutational::StdMutationalStage, state::StdState, }; @@ -90,7 +91,7 @@ pub fn main() { let mut mgr = SimpleEventManager::new(mon); // A queue policy to get testcasess from the corpus - let scheduler = QueueCorpusScheduler::new(); + let scheduler = QueueScheduler::new(); // A fuzzer with feedbacks and a corpus scheduler let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective); diff --git a/fuzzers/baby_fuzzer_gramatron/src/main.rs b/fuzzers/baby_fuzzer_gramatron/src/main.rs index fe914d8bda..46e304f225 100644 --- a/fuzzers/baby_fuzzer_gramatron/src/main.rs +++ b/fuzzers/baby_fuzzer_gramatron/src/main.rs @@ -10,7 +10,7 @@ use std::ptr::write_volatile; use libafl::{ bolts::{current_nanos, rands::StdRand, tuples::tuple_list}, - corpus::{InMemoryCorpus, OnDiskCorpus, QueueCorpusScheduler}, + corpus::{InMemoryCorpus, OnDiskCorpus}, events::SimpleEventManager, executors::{inprocess::InProcessExecutor, ExitKind}, feedbacks::{CrashFeedback, MapFeedbackState, MaxMapFeedback}, @@ -23,6 +23,7 @@ use libafl::{ StdScheduledMutator, }, observers::StdMapObserver, + schedulers::QueueScheduler, stages::mutational::StdMutationalStage, state::StdState, }; @@ -91,7 +92,7 @@ pub fn main() { let mut mgr = SimpleEventManager::new(monitor); // A queue policy to get testcasess from the corpus - let scheduler = QueueCorpusScheduler::new(); + let scheduler = QueueScheduler::new(); // A fuzzer with feedbacks and a corpus scheduler let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective); diff --git a/fuzzers/baby_fuzzer_grimoire/src/main.rs b/fuzzers/baby_fuzzer_grimoire/src/main.rs index e344cf85e5..fd83e92fcf 100644 --- a/fuzzers/baby_fuzzer_grimoire/src/main.rs +++ b/fuzzers/baby_fuzzer_grimoire/src/main.rs @@ -6,7 +6,7 @@ use std::ptr::write_volatile; use libafl::{ bolts::{current_nanos, rands::StdRand, tuples::tuple_list, AsSlice}, - corpus::{InMemoryCorpus, OnDiskCorpus, QueueCorpusScheduler}, + corpus::{InMemoryCorpus, OnDiskCorpus}, events::SimpleEventManager, executors::{inprocess::InProcessExecutor, ExitKind}, feedbacks::{CrashFeedback, MapFeedbackState, MaxMapFeedback}, @@ -19,6 +19,7 @@ use libafl::{ GrimoireStringReplacementMutator, Tokens, }, observers::StdMapObserver, + schedulers::QueueScheduler, stages::{mutational::StdMutationalStage, GeneralizationStage}, state::{HasMetadata, StdState}, }; @@ -126,7 +127,7 @@ pub fn main() { let mut mgr = SimpleEventManager::new(monitor); // A queue policy to get testcasess from the corpus - let scheduler = QueueCorpusScheduler::new(); + let scheduler = QueueScheduler::new(); // A fuzzer with feedbacks and a corpus scheduler let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective); diff --git a/fuzzers/baby_fuzzer_nautilus/src/main.rs b/fuzzers/baby_fuzzer_nautilus/src/main.rs index 776cd7435d..997caf48c1 100644 --- a/fuzzers/baby_fuzzer_nautilus/src/main.rs +++ b/fuzzers/baby_fuzzer_nautilus/src/main.rs @@ -5,7 +5,7 @@ use std::ptr::write_volatile; use libafl::{ bolts::{current_nanos, rands::StdRand, tuples::tuple_list}, - corpus::{InMemoryCorpus, OnDiskCorpus, QueueCorpusScheduler}, + corpus::{InMemoryCorpus, OnDiskCorpus}, events::SimpleEventManager, executors::{inprocess::InProcessExecutor, ExitKind}, feedback_or, @@ -20,6 +20,7 @@ use libafl::{ NautilusRandomMutator, NautilusRecursionMutator, NautilusSpliceMutator, StdScheduledMutator, }, observers::StdMapObserver, + schedulers::QueueScheduler, stages::mutational::StdMutationalStage, state::{HasMetadata, StdState}, }; @@ -88,7 +89,7 @@ pub fn main() { let mut mgr = SimpleEventManager::new(monitor); // A queue policy to get testcasess from the corpus - let scheduler = QueueCorpusScheduler::new(); + let scheduler = QueueScheduler::new(); // A fuzzer with feedbacks and a corpus scheduler let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective); diff --git a/fuzzers/baby_fuzzer_tokens/src/main.rs b/fuzzers/baby_fuzzer_tokens/src/main.rs index 6e8ada2013..6a0b94b603 100644 --- a/fuzzers/baby_fuzzer_tokens/src/main.rs +++ b/fuzzers/baby_fuzzer_tokens/src/main.rs @@ -6,7 +6,7 @@ use std::ptr::write_volatile; use libafl::{ bolts::{current_nanos, rands::StdRand, tuples::tuple_list}, - corpus::{InMemoryCorpus, OnDiskCorpus, QueueCorpusScheduler}, + corpus::{InMemoryCorpus, OnDiskCorpus}, events::SimpleEventManager, executors::{inprocess::InProcessExecutor, ExitKind}, feedbacks::{CrashFeedback, MapFeedbackState, MaxMapFeedback}, @@ -15,6 +15,7 @@ use libafl::{ monitors::SimpleMonitor, mutators::{encoded_mutations::encoded_mutations, scheduled::StdScheduledMutator}, observers::StdMapObserver, + schedulers::QueueScheduler, stages::mutational::StdMutationalStage, state::StdState, }; @@ -99,7 +100,7 @@ pub fn main() { let mut mgr = SimpleEventManager::new(monitor); // A queue policy to get testcasess from the corpus - let scheduler = QueueCorpusScheduler::new(); + let scheduler = QueueScheduler::new(); // A fuzzer with feedbacks and a corpus scheduler let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective); diff --git a/fuzzers/baby_fuzzer_with_forkexecutor/src/main.rs b/fuzzers/baby_fuzzer_with_forkexecutor/src/main.rs index 4e60ced717..dc6aa75aee 100644 --- a/fuzzers/baby_fuzzer_with_forkexecutor/src/main.rs +++ b/fuzzers/baby_fuzzer_with_forkexecutor/src/main.rs @@ -11,7 +11,7 @@ use libafl::{ tuples::tuple_list, AsMutSlice, AsSlice, }, - corpus::{InMemoryCorpus, OnDiskCorpus, QueueCorpusScheduler}, + corpus::{InMemoryCorpus, OnDiskCorpus}, events::SimpleEventManager, executors::{ExitKind, InProcessForkExecutor}, feedbacks::{CrashFeedback, MapFeedbackState, MaxMapFeedback}, @@ -21,6 +21,7 @@ use libafl::{ monitors::SimpleMonitor, mutators::scheduled::{havoc_mutations, StdScheduledMutator}, observers::StdMapObserver, + schedulers::QueueScheduler, stages::mutational::StdMutationalStage, state::StdState, }; @@ -98,7 +99,7 @@ pub fn main() { let mut mgr = SimpleEventManager::new(mon); // A queue policy to get testcasess from the corpus - let scheduler = QueueCorpusScheduler::new(); + let scheduler = QueueScheduler::new(); // A fuzzer with feedbacks and a corpus scheduler let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective); diff --git a/fuzzers/baby_no_std/src/main.rs b/fuzzers/baby_no_std/src/main.rs index a9ba389e2b..9bdefe8b16 100644 --- a/fuzzers/baby_no_std/src/main.rs +++ b/fuzzers/baby_no_std/src/main.rs @@ -6,7 +6,7 @@ use libafl::{ bolts::{current_nanos, rands::StdRand, tuples::tuple_list, AsSlice}, - corpus::{InMemoryCorpus, QueueCorpusScheduler}, + corpus::InMemoryCorpus, events::SimpleEventManager, executors::{inprocess::InProcessExecutor, ExitKind}, feedbacks::{CrashFeedback, MapFeedbackState, MaxMapFeedback}, @@ -16,6 +16,7 @@ use libafl::{ monitors::SimpleMonitor, mutators::scheduled::{havoc_mutations, StdScheduledMutator}, observers::StdMapObserver, + schedulers::QueueScheduler, stages::mutational::StdMutationalStage, state::StdState, }; @@ -116,7 +117,7 @@ pub fn main() { let mut mgr = SimpleEventManager::new(monitor); // A queue policy to get testcasess from the corpus - let scheduler = QueueCorpusScheduler::new(); + let scheduler = QueueScheduler::new(); // A fuzzer with feedbacks and a corpus scheduler let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective); diff --git a/fuzzers/backtrace_baby_fuzzers/c_code_with_fork_executor/src/main.rs b/fuzzers/backtrace_baby_fuzzers/c_code_with_fork_executor/src/main.rs index adff58deba..7b29ada057 100644 --- a/fuzzers/backtrace_baby_fuzzers/c_code_with_fork_executor/src/main.rs +++ b/fuzzers/backtrace_baby_fuzzers/c_code_with_fork_executor/src/main.rs @@ -10,7 +10,7 @@ use libafl::{ shmem::{ShMem, StdShMemProvider}, tuples::tuple_list, }, - corpus::{InMemoryCorpus, OnDiskCorpus, QueueCorpusScheduler}, + corpus::{InMemoryCorpus, OnDiskCorpus}, events::SimpleEventManager, executors::InProcessForkExecutor, feedback_and, @@ -23,6 +23,7 @@ use libafl::{ monitors::SimpleMonitor, mutators::scheduled::{havoc_mutations, StdScheduledMutator}, observers::BacktraceObserver, + schedulers::QueueScheduler, stages::mutational::StdMutationalStage, state::StdState, }; @@ -93,7 +94,7 @@ pub fn main() { let mut mgr = SimpleEventManager::new(mon); // A queue policy to get testcasess from the corpus - let scheduler = QueueCorpusScheduler::new(); + let scheduler = QueueScheduler::new(); // A fuzzer with feedbacks and a corpus scheduler let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective); diff --git a/fuzzers/backtrace_baby_fuzzers/c_code_with_inprocess_executor/src/main.rs b/fuzzers/backtrace_baby_fuzzers/c_code_with_inprocess_executor/src/main.rs index 4868db153d..5bac4277d2 100644 --- a/fuzzers/backtrace_baby_fuzzers/c_code_with_inprocess_executor/src/main.rs +++ b/fuzzers/backtrace_baby_fuzzers/c_code_with_inprocess_executor/src/main.rs @@ -5,7 +5,7 @@ use libafl::executors::InProcessExecutor; use libafl::observers::ConstMapObserver; use libafl::{ bolts::{current_nanos, rands::StdRand, tuples::tuple_list}, - corpus::{InMemoryCorpus, OnDiskCorpus, QueueCorpusScheduler}, + corpus::{InMemoryCorpus, OnDiskCorpus}, events::SimpleEventManager, feedback_and, feedbacks::{ @@ -17,6 +17,7 @@ use libafl::{ monitors::SimpleMonitor, mutators::scheduled::{havoc_mutations, StdScheduledMutator}, observers::BacktraceObserver, + schedulers::QueueScheduler, stages::mutational::StdMutationalStage, state::StdState, }; @@ -82,7 +83,7 @@ pub fn main() { let mut mgr = SimpleEventManager::new(mon); // A queue policy to get testcasess from the corpus - let scheduler = QueueCorpusScheduler::new(); + let scheduler = QueueScheduler::new(); // A fuzzer with feedbacks and a corpus scheduler let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective); diff --git a/fuzzers/backtrace_baby_fuzzers/command_executor/src/main.rs b/fuzzers/backtrace_baby_fuzzers/command_executor/src/main.rs index 3b4219a106..2b214fa8d4 100644 --- a/fuzzers/backtrace_baby_fuzzers/command_executor/src/main.rs +++ b/fuzzers/backtrace_baby_fuzzers/command_executor/src/main.rs @@ -6,7 +6,7 @@ use libafl::{ tuples::tuple_list, AsMutSlice, AsSlice, }, - corpus::{InMemoryCorpus, OnDiskCorpus, QueueCorpusScheduler}, + corpus::{InMemoryCorpus, OnDiskCorpus}, events::SimpleEventManager, executors::command::CommandConfigurator, feedback_and, @@ -19,6 +19,7 @@ use libafl::{ monitors::SimpleMonitor, mutators::scheduled::{havoc_mutations, StdScheduledMutator}, observers::{get_asan_runtime_flags, ASANBacktraceObserver, StdMapObserver}, + schedulers::QueueScheduler, stages::mutational::StdMutationalStage, state::StdState, Error, @@ -81,7 +82,7 @@ pub fn main() { let mut mgr = SimpleEventManager::new(mon); // A queue policy to get testcasess from the corpus - let scheduler = QueueCorpusScheduler::new(); + let scheduler = QueueScheduler::new(); // A fuzzer with feedbacks and a corpus scheduler let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective); diff --git a/fuzzers/backtrace_baby_fuzzers/forkserver_executor/src/main.rs b/fuzzers/backtrace_baby_fuzzers/forkserver_executor/src/main.rs index 1034eb8013..f8218c2a11 100644 --- a/fuzzers/backtrace_baby_fuzzers/forkserver_executor/src/main.rs +++ b/fuzzers/backtrace_baby_fuzzers/forkserver_executor/src/main.rs @@ -6,7 +6,7 @@ use libafl::{ tuples::tuple_list, AsMutSlice, }, - corpus::{InMemoryCorpus, OnDiskCorpus, QueueCorpusScheduler}, + corpus::{InMemoryCorpus, OnDiskCorpus, QueueScheduler}, events::SimpleEventManager, executors::forkserver::ForkserverExecutor, feedback_and, @@ -19,6 +19,7 @@ use libafl::{ monitors::SimpleMonitor, mutators::scheduled::{havoc_mutations, StdScheduledMutator}, observers::{ASANBacktraceObserver, ConstMapObserver, HitcountsMapObserver}, + schedulers::QueueScheduler, stages::mutational::StdMutationalStage, state::StdState, }; @@ -80,7 +81,7 @@ pub fn main() { let mut mgr = SimpleEventManager::new(monitor); // A minimization+queue policy to get testcasess from the corpus - let scheduler = QueueCorpusScheduler::new(); + let scheduler = QueueScheduler::new(); // A fuzzer with feedbacks and a corpus scheduler let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective); diff --git a/fuzzers/backtrace_baby_fuzzers/rust_code_with_fork_executor/src/main.rs b/fuzzers/backtrace_baby_fuzzers/rust_code_with_fork_executor/src/main.rs index e04a56a8df..1887a896c2 100644 --- a/fuzzers/backtrace_baby_fuzzers/rust_code_with_fork_executor/src/main.rs +++ b/fuzzers/backtrace_baby_fuzzers/rust_code_with_fork_executor/src/main.rs @@ -11,7 +11,7 @@ use libafl::{ tuples::tuple_list, AsMutSlice, AsSlice, }, - corpus::{InMemoryCorpus, OnDiskCorpus, QueueCorpusScheduler}, + corpus::{InMemoryCorpus, OnDiskCorpus}, events::SimpleEventManager, executors::{ExitKind, InProcessForkExecutor}, feedback_and, @@ -24,6 +24,7 @@ use libafl::{ monitors::SimpleMonitor, mutators::scheduled::{havoc_mutations, StdScheduledMutator}, observers::{BacktraceObserver, StdMapObserver}, + schedulers::QueueScheduler, stages::mutational::StdMutationalStage, state::StdState, }; @@ -110,7 +111,7 @@ pub fn main() { let mut mgr = SimpleEventManager::new(mon); // A queue policy to get testcasess from the corpus - let scheduler = QueueCorpusScheduler::new(); + let scheduler = QueueScheduler::new(); // A fuzzer with feedbacks and a corpus scheduler let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective); diff --git a/fuzzers/backtrace_baby_fuzzers/rust_code_with_inprocess_executor/src/main.rs b/fuzzers/backtrace_baby_fuzzers/rust_code_with_inprocess_executor/src/main.rs index 831e68f14d..24fbe392c3 100644 --- a/fuzzers/backtrace_baby_fuzzers/rust_code_with_inprocess_executor/src/main.rs +++ b/fuzzers/backtrace_baby_fuzzers/rust_code_with_inprocess_executor/src/main.rs @@ -5,7 +5,7 @@ use std::ptr::write_volatile; use libafl::{ bolts::{current_nanos, rands::StdRand, tuples::tuple_list, AsSlice}, - corpus::{InMemoryCorpus, OnDiskCorpus, QueueCorpusScheduler}, + corpus::{InMemoryCorpus, OnDiskCorpus, QueueScheduler}, events::SimpleEventManager, executors::{inprocess::InProcessExecutor, ExitKind}, feedback_and, @@ -18,6 +18,7 @@ use libafl::{ monitors::SimpleMonitor, mutators::scheduled::{havoc_mutations, StdScheduledMutator}, observers::{BacktraceObserver, StdMapObserver}, + schedulers::QueueScheduler, stages::mutational::StdMutationalStage, state::StdState, }; @@ -104,7 +105,7 @@ pub fn main() { let mut mgr = SimpleEventManager::new(mon); // A queue policy to get testcasess from the corpus - let scheduler = QueueCorpusScheduler::new(); + let scheduler = QueueScheduler::new(); // A fuzzer with feedbacks and a corpus scheduler let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective); diff --git a/fuzzers/forkserver_simple/src/main.rs b/fuzzers/forkserver_simple/src/main.rs index 4f3dc1bb01..e72f23d655 100644 --- a/fuzzers/forkserver_simple/src/main.rs +++ b/fuzzers/forkserver_simple/src/main.rs @@ -8,10 +8,7 @@ use libafl::{ tuples::{tuple_list, Merge}, AsMutSlice, }, - corpus::{ - Corpus, InMemoryCorpus, IndexesLenTimeMinimizerCorpusScheduler, OnDiskCorpus, - QueueCorpusScheduler, - }, + corpus::{Corpus, InMemoryCorpus, OnDiskCorpus}, events::SimpleEventManager, executors::forkserver::{ForkserverExecutor, TimeoutForkserverExecutor}, feedback_and_fast, feedback_or, @@ -21,6 +18,7 @@ use libafl::{ monitors::SimpleMonitor, mutators::{scheduled::havoc_mutations, tokens_mutations, StdScheduledMutator, Tokens}, observers::{ConstMapObserver, HitcountsMapObserver, TimeObserver}, + schedulers::{IndexesLenTimeMinimizerScheduler, QueueScheduler}, stages::mutational::StdMutationalStage, state::{HasCorpus, HasMetadata, StdState}, }; @@ -138,7 +136,7 @@ pub fn main() { let mut mgr = SimpleEventManager::new(monitor); // A minimization+queue policy to get testcasess from the corpus - let scheduler = IndexesLenTimeMinimizerCorpusScheduler::new(QueueCorpusScheduler::new()); + let scheduler = IndexesLenTimeMinimizerScheduler::new(QueueScheduler::new()); // A fuzzer with feedbacks and a corpus scheduler let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective); diff --git a/fuzzers/frida_libpng/src/fuzzer.rs b/fuzzers/frida_libpng/src/fuzzer.rs index 7c9119b774..295a552f19 100644 --- a/fuzzers/frida_libpng/src/fuzzer.rs +++ b/fuzzers/frida_libpng/src/fuzzer.rs @@ -17,10 +17,7 @@ use libafl::{ tuples::{tuple_list, Merge}, AsSlice, }, - corpus::{ - ondisk::OnDiskMetadataFormat, CachedOnDiskCorpus, Corpus, - IndexesLenTimeMinimizerCorpusScheduler, OnDiskCorpus, QueueCorpusScheduler, - }, + corpus::{ondisk::OnDiskMetadataFormat, CachedOnDiskCorpus, Corpus, OnDiskCorpus}, events::{llmp::LlmpRestartingEventManager, EventConfig}, executors::{inprocess::InProcessExecutor, ExitKind, ShadowExecutor}, feedback_or, feedback_or_fast, @@ -34,6 +31,7 @@ use libafl::{ token_mutations::Tokens, }, observers::{HitcountsMapObserver, StdMapObserver, TimeObserver}, + schedulers::{IndexesLenTimeMinimizerScheduler, QueueScheduler}, stages::{ShadowTracingStage, StdMutationalStage}, state::{HasCorpus, HasMetadata, StdState}, Error, @@ -176,8 +174,7 @@ unsafe fn fuzz(options: FuzzerOptions) -> Result<(), Error> { let mutator = StdScheduledMutator::new(havoc_mutations().merge(tokens_mutations())); // A minimization+queue policy to get testcasess from the corpus - let scheduler = - IndexesLenTimeMinimizerCorpusScheduler::new(QueueCorpusScheduler::new()); + let scheduler = IndexesLenTimeMinimizerScheduler::new(QueueScheduler::new()); // A fuzzer with feedbacks and a corpus scheduler let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective); @@ -295,8 +292,7 @@ unsafe fn fuzz(options: FuzzerOptions) -> Result<(), Error> { let mutator = StdScheduledMutator::new(havoc_mutations().merge(tokens_mutations())); // A minimization+queue policy to get testcasess from the corpus - let scheduler = - IndexesLenTimeMinimizerCorpusScheduler::new(QueueCorpusScheduler::new()); + let scheduler = IndexesLenTimeMinimizerScheduler::new(QueueScheduler::new()); // A fuzzer with feedbacks and a corpus scheduler let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective); @@ -430,8 +426,7 @@ unsafe fn fuzz(options: FuzzerOptions) -> Result<(), Error> { let mutator = StdScheduledMutator::new(havoc_mutations().merge(tokens_mutations())); // A minimization+queue policy to get testcasess from the corpus - let scheduler = - IndexesLenTimeMinimizerCorpusScheduler::new(QueueCorpusScheduler::new()); + let scheduler = IndexesLenTimeMinimizerScheduler::new(QueueScheduler::new()); // A fuzzer with feedbacks and a corpus scheduler let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective); diff --git a/fuzzers/fuzzbench/src/lib.rs b/fuzzers/fuzzbench/src/lib.rs index 8e84dcf2a8..be6cb25459 100644 --- a/fuzzers/fuzzbench/src/lib.rs +++ b/fuzzers/fuzzbench/src/lib.rs @@ -26,9 +26,7 @@ use libafl::{ tuples::{tuple_list, Merge}, AsSlice, }, - corpus::{ - Corpus, IndexesLenTimeMinimizerCorpusScheduler, OnDiskCorpus, PowerQueueCorpusScheduler, - }, + corpus::{Corpus, OnDiskCorpus}, events::SimpleRestartingEventManager, executors::{inprocess::InProcessExecutor, ExitKind, TimeoutExecutor}, feedback_or, @@ -41,6 +39,7 @@ use libafl::{ StdMOptMutator, StdScheduledMutator, Tokens, }, observers::{HitcountsMapObserver, StdMapObserver, TimeObserver}, + schedulers::{IndexesLenTimeMinimizerScheduler, PowerQueueScheduler}, stages::{ calibrate::CalibrationStage, power::{PowerMutationalStage, PowerSchedule}, @@ -311,7 +310,7 @@ fn fuzz( let power = PowerMutationalStage::new(mutator, PowerSchedule::FAST, &edges_observer); // A minimization+queue policy to get testcasess from the corpus - let scheduler = IndexesLenTimeMinimizerCorpusScheduler::new(PowerQueueCorpusScheduler::new()); + let scheduler = IndexesLenTimeMinimizerScheduler::new(PowerQueueScheduler::new()); // A fuzzer with feedbacks and a corpus scheduler let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective); diff --git a/fuzzers/fuzzbench_fork_qemu/src/fuzzer.rs b/fuzzers/fuzzbench_fork_qemu/src/fuzzer.rs index e165336c27..96d35f0ac4 100644 --- a/fuzzers/fuzzbench_fork_qemu/src/fuzzer.rs +++ b/fuzzers/fuzzbench_fork_qemu/src/fuzzer.rs @@ -23,9 +23,7 @@ use libafl::{ tuples::{tuple_list, Merge}, AsMutSlice, AsSlice, }, - corpus::{ - Corpus, IndexesLenTimeMinimizerCorpusScheduler, OnDiskCorpus, PowerQueueCorpusScheduler, - }, + corpus::{Corpus, OnDiskCorpus}, events::SimpleRestartingEventManager, executors::{ExitKind, ShadowExecutor}, feedback_or, @@ -38,6 +36,7 @@ use libafl::{ StdMOptMutator, StdScheduledMutator, Tokens, }, observers::{ConstMapObserver, HitcountsMapObserver, TimeObserver}, + schedulers::{IndexesLenTimeMinimizerScheduler, PowerQueueScheduler}, stages::{ calibrate::CalibrationStage, power::{PowerMutationalStage, PowerSchedule}, @@ -282,7 +281,7 @@ fn fuzz( let power = PowerMutationalStage::new(mutator, PowerSchedule::FAST, &edges_observer); // A minimization+queue policy to get testcasess from the corpus - let scheduler = IndexesLenTimeMinimizerCorpusScheduler::new(PowerQueueCorpusScheduler::new()); + let scheduler = IndexesLenTimeMinimizerScheduler::new(PowerQueueScheduler::new()); // A fuzzer with feedbacks and a corpus scheduler let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective); diff --git a/fuzzers/fuzzbench_qemu/src/fuzzer.rs b/fuzzers/fuzzbench_qemu/src/fuzzer.rs index 32371f2f06..103092194e 100644 --- a/fuzzers/fuzzbench_qemu/src/fuzzer.rs +++ b/fuzzers/fuzzbench_qemu/src/fuzzer.rs @@ -23,9 +23,7 @@ use libafl::{ tuples::{tuple_list, Merge}, AsSlice, }, - corpus::{ - Corpus, IndexesLenTimeMinimizerCorpusScheduler, OnDiskCorpus, PowerQueueCorpusScheduler, - }, + corpus::{Corpus, OnDiskCorpus}, events::SimpleRestartingEventManager, executors::{ExitKind, ShadowExecutor, TimeoutExecutor}, feedback_or, @@ -38,6 +36,7 @@ use libafl::{ StdMOptMutator, StdScheduledMutator, Tokens, }, observers::{HitcountsMapObserver, TimeObserver, VariableMapObserver}, + schedulers::{IndexesLenTimeMinimizerScheduler, PowerQueueScheduler}, stages::{ calibrate::CalibrationStage, power::{PowerMutationalStage, PowerSchedule}, @@ -295,7 +294,7 @@ fn fuzz( let power = PowerMutationalStage::new(mutator, PowerSchedule::FAST, &edges_observer); // A minimization+queue policy to get testcasess from the corpus - let scheduler = IndexesLenTimeMinimizerCorpusScheduler::new(PowerQueueCorpusScheduler::new()); + let scheduler = IndexesLenTimeMinimizerScheduler::new(PowerQueueScheduler::new()); // A fuzzer with feedbacks and a corpus scheduler let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective); diff --git a/fuzzers/fuzzbench_text/src/lib.rs b/fuzzers/fuzzbench_text/src/lib.rs index c9499c01be..c6c556746e 100644 --- a/fuzzers/fuzzbench_text/src/lib.rs +++ b/fuzzers/fuzzbench_text/src/lib.rs @@ -27,9 +27,7 @@ use libafl::{ tuples::{tuple_list, Merge}, AsSlice, }, - corpus::{ - Corpus, IndexesLenTimeMinimizerCorpusScheduler, OnDiskCorpus, PowerQueueCorpusScheduler, - }, + corpus::{Corpus, OnDiskCorpus}, events::SimpleRestartingEventManager, executors::{inprocess::InProcessExecutor, ExitKind, TimeoutExecutor}, feedback_or, @@ -47,6 +45,7 @@ use libafl::{ tokens_mutations, StdMOptMutator, StdScheduledMutator, Tokens, }, observers::{HitcountsMapObserver, StdMapObserver, TimeObserver}, + schedulers::{IndexesLenTimeMinimizerScheduler, PowerQueueScheduler}, stages::{ calibrate::CalibrationStage, power::{PowerMutationalStage, PowerSchedule}, @@ -372,7 +371,7 @@ fn fuzz_binary( let power = PowerMutationalStage::new(mutator, PowerSchedule::FAST, &edges_observer); // A minimization+queue policy to get testcasess from the corpus - let scheduler = IndexesLenTimeMinimizerCorpusScheduler::new(PowerQueueCorpusScheduler::new()); + let scheduler = IndexesLenTimeMinimizerScheduler::new(PowerQueueScheduler::new()); // A fuzzer with feedbacks and a corpus scheduler let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective); @@ -589,7 +588,7 @@ fn fuzz_text( let grimoire = StdMutationalStage::new(grimoire_mutator); // A minimization+queue policy to get testcasess from the corpus - let scheduler = IndexesLenTimeMinimizerCorpusScheduler::new(PowerQueueCorpusScheduler::new()); + let scheduler = IndexesLenTimeMinimizerScheduler::new(PowerQueueScheduler::new()); // A fuzzer with feedbacks and a corpus scheduler let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective); diff --git a/fuzzers/generic_inmemory/.gitignore b/fuzzers/generic_inmemory/.gitignore deleted file mode 100644 index 6d1d246c00..0000000000 --- a/fuzzers/generic_inmemory/.gitignore +++ /dev/null @@ -1 +0,0 @@ -fuzzer diff --git a/fuzzers/generic_inmemory/Cargo.toml b/fuzzers/generic_inmemory/Cargo.toml deleted file mode 100644 index ee2ddc5a52..0000000000 --- a/fuzzers/generic_inmemory/Cargo.toml +++ /dev/null @@ -1,32 +0,0 @@ -[package] -name = "generic_inmemory" -version = "0.7.1" -authors = ["Andrea Fioraldi ", "Dominik Maier "] -edition = "2021" - -[features] -default = ["std"] -std = [] - -[profile.release] -lto = true -codegen-units = 1 -opt-level = 3 -debug = true - -[build-dependencies] -cc = { version = "1.0", features = ["parallel"] } -which = { version = "4.0.2" } -num_cpus = "1.0" - -[dependencies] -libafl = { path = "../../libafl/" } -libafl_targets = { path = "../../libafl_targets/", features = ["sancov_pcguard_hitcounts", "sancov_cmplog", "libfuzzer"] } -# TODO Include it only when building cc -libafl_cc = { path = "../../libafl_cc/" } -clap = { version = "3.0", features = ["derive"] } -mimalloc = { version = "*", default-features = false } - -[lib] -name = "generic_inmemory" -crate-type = ["staticlib"] diff --git a/fuzzers/generic_inmemory/Makefile.toml b/fuzzers/generic_inmemory/Makefile.toml deleted file mode 100644 index 85b5f28b9a..0000000000 --- a/fuzzers/generic_inmemory/Makefile.toml +++ /dev/null @@ -1,79 +0,0 @@ -[env] -FUZZER_NAME="fuzzer" -PROJECT_DIR = { script = ["pwd"] } - -[tasks.unsupported] -script_runner="@shell" -script=''' -echo "Cargo-make not integrated yet on this" -''' - -# Compilers -[tasks.cxx] -linux_alias = "cxx_unix" -mac_alias = "cxx_unix" -windows_alias = "unsupported" - -[tasks.cxx_unix] -command = "cargo" -args = ["build" , "--release"] - -[tasks.cc] -linux_alias = "cc_unix" -mac_alias = "cc_unix" -windows_alias = "unsupported" - -[tasks.cc_unix] -command = "cargo" -args = ["build" , "--release"] - -# Fuzzer -[tasks.fuzzer] -linux_alias = "fuzzer_unix" -mac_alias = "fuzzer_unix" -windows_alias = "unsupported" - -[tasks.fuzzer_unix] -command = "target/release/libafl_cc" -args = ["-O3", "fuzz.c", "-o", "fuzzer"] -dependencies = ["cc", "cxx"] - -# Run -[tasks.run] -linux_alias = "run_unix" -mac_alias = "run_unix" -windows_alias = "unsupported" - -[tasks.run_unix] -script_runner="@shell" -script=''' -./${FUZZER_NAME} --cores 0 --broker-port 31337 -''' -dependencies = ["fuzzer"] - - -# Test -[tasks.test] -linux_alias = "test_unix" -mac_alias = "test_unix" -windows_alias = "unsupported" - -[tasks.test_unix] -script_runner="@shell" -script=''' -timeout 10s ./${FUZZER_NAME} --cores 0 --broker-port 31337 || [ $? -eq 124 ] -''' -dependencies = ["fuzzer"] - -# Clean -[tasks.clean] -linux_alias = "clean_unix" -mac_alias = "clean_unix" -windows_alias = "unsupported" - -[tasks.clean_unix] -script_runner="@shell" -script=''' -rm ./${FUZZER_NAME} || true - -''' \ No newline at end of file diff --git a/fuzzers/generic_inmemory/README.md b/fuzzers/generic_inmemory/README.md deleted file mode 100644 index 8028d0d543..0000000000 --- a/fuzzers/generic_inmemory/README.md +++ /dev/null @@ -1,3 +0,0 @@ -# Generic In-Memory Fuzzer - -This is a generic in-memory fuzzer based on LibAFL diff --git a/fuzzers/generic_inmemory/fuzz.c b/fuzzers/generic_inmemory/fuzz.c deleted file mode 100644 index 3f4a38f939..0000000000 --- a/fuzzers/generic_inmemory/fuzz.c +++ /dev/null @@ -1,16 +0,0 @@ -#include -#include - -int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { - if (Size >= 8 && *(uint32_t*)Data == 0xaabbccdd) - return 1; - return 0; -} - -/* -int main() { - - char buf [10] = {0}; - LLVMFuzzerTestOneInput(buf, 10); - -}*/ diff --git a/fuzzers/generic_inmemory/src/bin/libafl_cc.rs b/fuzzers/generic_inmemory/src/bin/libafl_cc.rs deleted file mode 100644 index 518f27a081..0000000000 --- a/fuzzers/generic_inmemory/src/bin/libafl_cc.rs +++ /dev/null @@ -1,36 +0,0 @@ -use libafl_cc::{ClangWrapper, CompilerWrapper, LLVMPasses}; -use std::env; - -pub fn main() { - let args: Vec = env::args().collect(); - if args.len() > 1 { - let mut dir = env::current_exe().unwrap(); - let wrapper_name = dir.file_name().unwrap().to_str().unwrap(); - - let is_cpp = match wrapper_name[wrapper_name.len()-2..].to_lowercase().as_str() { - "cc" => false, - "++" | "pp" | "xx" => true, - _ => panic!("Could not figure out if c or c++ warpper was called. Expected {:?} to end with c or cxx", dir), - }; - - dir.pop(); - - let mut cc = ClangWrapper::new(); - if let Some(code) = cc - .cpp(is_cpp) - // silence the compiler wrapper output, needed for some configure scripts. - .silence(true) - .parse_args(&args) - .expect("Failed to parse the command line") - .link_staticlib(&dir, "generic_inmemory") - .add_arg("-fsanitize-coverage=trace-pc-guard,trace-cmp") - .add_pass(LLVMPasses::CmpLogRtn) - .run() - .expect("Failed to run the wrapped compiler") - { - std::process::exit(code); - } - } else { - panic!("LibAFL CC: No Arguments given"); - } -} diff --git a/fuzzers/generic_inmemory/src/bin/libafl_cxx.rs b/fuzzers/generic_inmemory/src/bin/libafl_cxx.rs deleted file mode 100644 index ce786239b0..0000000000 --- a/fuzzers/generic_inmemory/src/bin/libafl_cxx.rs +++ /dev/null @@ -1,5 +0,0 @@ -pub mod libafl_cc; - -fn main() { - libafl_cc::main() -} diff --git a/fuzzers/generic_inmemory/src/lib.rs b/fuzzers/generic_inmemory/src/lib.rs deleted file mode 100644 index c230bd1afb..0000000000 --- a/fuzzers/generic_inmemory/src/lib.rs +++ /dev/null @@ -1,314 +0,0 @@ -//! A libfuzzer-like fuzzer with llmp-multithreading support and restarts -//! The `launcher` will spawn new processes for each cpu core. -use mimalloc::MiMalloc; -#[global_allocator] -static GLOBAL: MiMalloc = MiMalloc; - -use clap::{self, StructOpt}; -use core::time::Duration; -use std::{env, net::SocketAddr, path::PathBuf}; - -use libafl::{ - bolts::{ - current_nanos, - launcher::Launcher, - os::Cores, - rands::StdRand, - shmem::{ShMemProvider, StdShMemProvider}, - tuples::{tuple_list, Merge}, - AsSlice, - }, - corpus::{ - Corpus, InMemoryCorpus, IndexesLenTimeMinimizerCorpusScheduler, OnDiskCorpus, - QueueCorpusScheduler, - }, - events::EventConfig, - executors::{inprocess::InProcessExecutor, ExitKind, TimeoutExecutor}, - feedback_or, - feedbacks::{CrashFeedback, MapFeedbackState, MaxMapFeedback, TimeFeedback, TimeoutFeedback}, - fuzzer::{Fuzzer, StdFuzzer}, - generators::RandBytesGenerator, - inputs::{BytesInput, HasTargetBytes}, - monitors::MultiMonitor, - mutators::{ - scheduled::{havoc_mutations, tokens_mutations, StdScheduledMutator}, - token_mutations::{I2SRandReplace, Tokens}, - }, - observers::{HitcountsMapObserver, StdMapObserver, TimeObserver}, - stages::{StdMutationalStage, TracingStage}, - state::{HasCorpus, HasMetadata, StdState}, - Error, -}; - -use libafl_targets::{ - libfuzzer_initialize, libfuzzer_test_one_input, CmpLogObserver, CMPLOG_MAP, EDGES_MAP, - MAX_EDGES_NUM, -}; - -/// Parses a millseconds int into a [`Duration`], used for commandline arg parsing -fn timeout_from_millis_str(time: &str) -> Result { - Ok(Duration::from_millis(time.parse()?)) -} - -#[derive(Debug, StructOpt)] -#[clap( - name = "generic_inmemory", - about = "A generic libfuzzer-like fuzzer with llmp-multithreading support", - author = "Andrea Fioraldi , Dominik Maier " -)] -struct Opt { - #[clap( - short, - long, - parse(try_from_str = Cores::from_cmdline), - help = "Spawn a client in each of the provided cores. Broker runs in the 0th core. 'all' to select all available cores. 'none' to run a client without binding to any core. eg: '1,2-4,6' selects the cores 1,2,3,4,6.", - name = "CORES" - )] - cores: Cores, - - #[clap( - short = 'p', - long, - help = "Choose the broker TCP port, default is 1337", - name = "PORT" - )] - broker_port: u16, - - #[clap( - parse(try_from_str), - short = 'a', - long, - help = "Specify a remote broker", - name = "REMOTE" - )] - remote_broker_addr: Option, - - #[clap( - parse(try_from_str), - short, - long, - help = "Set an initial corpus directory", - name = "INPUT" - )] - input: Vec, - - #[clap( - short, - long, - parse(try_from_str), - help = "Set the output directory, default is ./out", - name = "OUTPUT", - default_value = "./out" - )] - output: PathBuf, - - #[clap( - parse(try_from_str = timeout_from_millis_str), - short, - long, - help = "Set the exeucution timeout in milliseconds, default is 1000", - name = "TIMEOUT", - default_value = "1000" - )] - timeout: Duration, - - #[clap( - parse(from_os_str), - short = 'x', - long, - help = "Feed the fuzzer with an user-specified list of tokens (often called \"dictionary\"", - name = "TOKENS", - multiple_occurrences = true - )] - tokens: Vec, -} - -/// The main fn, `no_mangle` as it is a C symbol -#[no_mangle] -pub fn libafl_main() { - // Registry the metadata types used in this fuzzer - // Needed only on no_std - //RegistryBuilder::register::(); - - let workdir = env::current_dir().unwrap(); - - let opt = Opt::parse(); - - let cores = opt.cores; - let broker_port = opt.broker_port; - let remote_broker_addr = opt.remote_broker_addr; - let input_dirs = opt.input; - let output_dir = opt.output; - let token_files = opt.tokens; - let timeout_ms = opt.timeout; - // let cmplog_enabled = matches.is_present("cmplog"); - - println!("Workdir: {:?}", workdir.to_string_lossy().to_string()); - - let shmem_provider = StdShMemProvider::new().expect("Failed to init shared memory"); - - let monitor = MultiMonitor::new(|s| println!("{}", s)); - - let mut run_client = |state: Option>, mut mgr, _core_id| { - // Create an observation channel using the coverage map - let edges = unsafe { &mut EDGES_MAP[0..MAX_EDGES_NUM] }; - let edges_observer = HitcountsMapObserver::new(StdMapObserver::new("edges", edges)); - - // Create an observation channel to keep track of the execution time - let time_observer = TimeObserver::new("time"); - - // Create the Cmp observer - let cmplog = unsafe { &mut CMPLOG_MAP }; - let cmplog_observer = CmpLogObserver::new("cmplog", cmplog, true); - - // The state of the edges feedback. - let feedback_state = MapFeedbackState::with_observer(&edges_observer); - - // Feedback to rate the interestingness of an input - // This one is composed by two Feedbacks in OR - let feedback = feedback_or!( - // New maximization map feedback linked to the edges observer and the feedback state - MaxMapFeedback::new_tracking(&feedback_state, &edges_observer, true, false), - // Time feedback, this one does not need a feedback state - TimeFeedback::new_with_observer(&time_observer) - ); - - // A feedback to choose if an input is a solution or not - let objective = feedback_or!(CrashFeedback::new(), TimeoutFeedback::new()); - - // If not restarting, create a State from scratch - let mut state = state.unwrap_or_else(|| { - StdState::new( - // RNG - StdRand::with_seed(current_nanos()), - // Corpus that will be evolved, we keep it in memory for performance - InMemoryCorpus::new(), - // Corpus in which we store solutions (crashes in this example), - // on disk so the user can get them after stopping the fuzzer - OnDiskCorpus::new(output_dir.clone()).unwrap(), - // States of the feedbacks. - // They are the data related to the feedbacks that you want to persist in the State. - tuple_list!(feedback_state), - ) - }); - - // Create a dictionary if not existing - if state.metadata().get::().is_none() { - for tokens_file in &token_files { - state.add_metadata(Tokens::from_file(tokens_file)?); - } - } - - // A minimization+queue policy to get testcasess from the corpus - let scheduler = IndexesLenTimeMinimizerCorpusScheduler::new(QueueCorpusScheduler::new()); - - // A fuzzer with feedbacks and a corpus scheduler - let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective); - - // The wrapped harness function, calling out to the LLVM-style harness - let mut harness = |input: &BytesInput| { - let target = input.target_bytes(); - let buf = target.as_slice(); - libfuzzer_test_one_input(buf); - ExitKind::Ok - }; - - // Create the executor for an in-process function with one observer for edge coverage and one for the execution time - let mut executor = TimeoutExecutor::new( - InProcessExecutor::new( - &mut harness, - tuple_list!(edges_observer, time_observer), - &mut fuzzer, - &mut state, - &mut mgr, - )?, - timeout_ms, - ); - - // Secondary harness due to mut ownership - let mut harness = |input: &BytesInput| { - let target = input.target_bytes(); - let buf = target.as_slice(); - libfuzzer_test_one_input(buf); - ExitKind::Ok - }; - - // Setup a tracing stage in which we log comparisons - let tracing = TracingStage::new(InProcessExecutor::new( - &mut harness, - tuple_list!(cmplog_observer), - &mut fuzzer, - &mut state, - &mut mgr, - )?); - - // Setup a randomic Input2State stage - let i2s = - StdMutationalStage::new(StdScheduledMutator::new(tuple_list!(I2SRandReplace::new()))); - - // Setup a basic mutator - let mutator = StdScheduledMutator::new(havoc_mutations().merge(tokens_mutations())); - let mutational = StdMutationalStage::new(mutator); - - // The order of the stages matter! - let mut stages = tuple_list!(tracing, i2s, mutational); - - // The actual target run starts here. - // Call LLVMFUzzerInitialize() if present. - let args: Vec = env::args().collect(); - if libfuzzer_initialize(&args) == -1 { - println!("Warning: LLVMFuzzerInitialize failed with -1") - } - - // In case the corpus is empty (on first run), reset - if state.corpus().count() < 1 { - if input_dirs.is_empty() { - // Generator of printable bytearrays of max size 32 - let mut generator = RandBytesGenerator::new(32); - - // Generate 8 initial inputs - state - .generate_initial_inputs( - &mut fuzzer, - &mut executor, - &mut generator, - &mut mgr, - 8, - ) - .expect("Failed to generate the initial corpus"); - println!( - "We imported {} inputs from the generator.", - state.corpus().count() - ); - } else { - println!("Loading from {:?}", &input_dirs); - // Load from disk - state - .load_initial_inputs(&mut fuzzer, &mut executor, &mut mgr, &input_dirs) - .unwrap_or_else(|_| { - panic!("Failed to load initial corpus at {:?}", &input_dirs) - }); - println!("We imported {} inputs from disk.", state.corpus().count()); - } - } - - fuzzer.fuzz_loop(&mut stages, &mut executor, &mut state, &mut mgr)?; - Ok(()) - }; - - match Launcher::builder() - .shmem_provider(shmem_provider) - .configuration(EventConfig::from_name("default")) - .monitor(monitor) - .run_client(&mut run_client) - .cores(&cores) - .broker_port(broker_port) - .remote_broker_addr(remote_broker_addr) - //.stdout_file(Some("/dev/null")) - .build() - .launch() - { - Ok(_) | Err(Error::ShuttingDown) => (), - Err(e) => panic!("{:?}", e), - }; -} diff --git a/fuzzers/libafl_atheris/src/lib.rs b/fuzzers/libafl_atheris/src/lib.rs index 739f33e286..f83dff345c 100644 --- a/fuzzers/libafl_atheris/src/lib.rs +++ b/fuzzers/libafl_atheris/src/lib.rs @@ -21,10 +21,7 @@ use libafl::{ tuples::{tuple_list, Merge}, AsSlice, }, - corpus::{ - Corpus, InMemoryCorpus, IndexesLenTimeMinimizerCorpusScheduler, OnDiskCorpus, - QueueCorpusScheduler, - }, + corpus::{Corpus, OnDiskCorpus}, events::EventConfig, executors::{inprocess::InProcessExecutor, ExitKind, TimeoutExecutor}, feedback_or, @@ -36,6 +33,7 @@ use libafl::{ mutators::scheduled::{havoc_mutations, tokens_mutations, StdScheduledMutator}, mutators::token_mutations::{I2SRandReplace, Tokens}, observers::{HitcountsMapObserver, StdMapObserver, TimeObserver}, + schedulers::{IndexesLenTimeMinimizerScheduler, PowerQueueScheduler}, stages::{StdMutationalStage, TracingStage}, state::{HasCorpus, HasMetadata, StdState}, Error, @@ -271,7 +269,7 @@ pub fn LLVMFuzzerRunDriver( } // A minimization+queue policy to get testcasess from the corpus - let scheduler = IndexesLenTimeMinimizerCorpusScheduler::new(QueueCorpusScheduler::new()); + let scheduler = IndexesLenTimeMinimizerScheduler::new(QueueScheduler::new()); // A fuzzer with feedbacks and a corpus scheduler let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective); diff --git a/fuzzers/libfuzzer_libmozjpeg/src/lib.rs b/fuzzers/libfuzzer_libmozjpeg/src/lib.rs index 9b2b75ac82..655f7dfdc0 100644 --- a/fuzzers/libfuzzer_libmozjpeg/src/lib.rs +++ b/fuzzers/libfuzzer_libmozjpeg/src/lib.rs @@ -13,7 +13,7 @@ use libafl::{ tuples::{tuple_list, Merge}, AsSlice, }, - corpus::{Corpus, InMemoryCorpus, OnDiskCorpus, RandCorpusScheduler}, + corpus::{Corpus, InMemoryCorpus, OnDiskCorpus}, events::{setup_restarting_mgr_std, EventConfig}, executors::{inprocess::InProcessExecutor, ExitKind}, feedback_or, @@ -24,6 +24,7 @@ use libafl::{ mutators::scheduled::{havoc_mutations, tokens_mutations, StdScheduledMutator}, mutators::token_mutations::Tokens, observers::StdMapObserver, + schedulers::RandScheduler, stages::mutational::StdMutationalStage, state::{HasCorpus, HasMetadata, StdState}, Error, @@ -136,7 +137,7 @@ fn fuzz(corpus_dirs: &[PathBuf], objective_dir: PathBuf, broker_port: u16) -> Re let mut stages = tuple_list!(StdMutationalStage::new(mutator)); // A random policy to get testcasess from the corpus - let scheduler = RandCorpusScheduler::new(); + let scheduler = RandScheduler::new(); // A fuzzer with feedbacks and a corpus scheduler let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective); diff --git a/fuzzers/libfuzzer_libpng/src/lib.rs b/fuzzers/libfuzzer_libpng/src/lib.rs index fb84b8cd3d..aabcf4e55d 100644 --- a/fuzzers/libfuzzer_libpng/src/lib.rs +++ b/fuzzers/libfuzzer_libpng/src/lib.rs @@ -14,10 +14,7 @@ use libafl::{ tuples::{tuple_list, Merge}, AsSlice, }, - corpus::{ - Corpus, InMemoryCorpus, IndexesLenTimeMinimizerCorpusScheduler, OnDiskCorpus, - PowerQueueCorpusScheduler, - }, + corpus::{Corpus, InMemoryCorpus, OnDiskCorpus}, events::{setup_restarting_mgr_std, EventConfig, EventRestarter}, executors::{inprocess::InProcessExecutor, ExitKind, TimeoutExecutor}, feedback_or, feedback_or_fast, @@ -28,6 +25,7 @@ use libafl::{ mutators::scheduled::{havoc_mutations, tokens_mutations, StdScheduledMutator}, mutators::token_mutations::Tokens, observers::{HitcountsMapObserver, StdMapObserver, TimeObserver}, + schedulers::{IndexesLenTimeMinimizerScheduler, PowerQueueScheduler}, stages::{ calibrate::CalibrationStage, power::{PowerMutationalStage, PowerSchedule}, @@ -138,7 +136,7 @@ fn fuzz(corpus_dirs: &[PathBuf], objective_dir: PathBuf, broker_port: u16) -> Re let mut stages = tuple_list!(calibration, power); // A minimization+queue policy to get testcasess from the corpus - let scheduler = IndexesLenTimeMinimizerCorpusScheduler::new(PowerQueueCorpusScheduler::new()); + let scheduler = IndexesLenTimeMinimizerScheduler::new(PowerQueueScheduler::new()); // A fuzzer with feedbacks and a corpus scheduler let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective); diff --git a/fuzzers/libfuzzer_libpng_accounting/src/lib.rs b/fuzzers/libfuzzer_libpng_accounting/src/lib.rs index 36c0ff3b4a..c8eb0a6704 100644 --- a/fuzzers/libfuzzer_libpng_accounting/src/lib.rs +++ b/fuzzers/libfuzzer_libpng_accounting/src/lib.rs @@ -20,10 +20,7 @@ use libafl::{ tuples::{tuple_list, Merge}, AsSlice, }, - corpus::{ - Corpus, CoverageAccountingCorpusScheduler, InMemoryCorpus, OnDiskCorpus, - QueueCorpusScheduler, - }, + corpus::{Corpus, InMemoryCorpus, OnDiskCorpus}, events::EventConfig, executors::{inprocess::InProcessExecutor, ExitKind, TimeoutExecutor}, feedback_or, feedback_or_fast, @@ -34,6 +31,7 @@ use libafl::{ mutators::scheduled::{havoc_mutations, tokens_mutations, StdScheduledMutator}, mutators::token_mutations::Tokens, observers::{HitcountsMapObserver, StdMapObserver, TimeObserver}, + schedulers::{CoverageAccountingScheduler, QueueScheduler}, stages::mutational::StdMutationalStage, state::{HasCorpus, HasMetadata, StdState}, Error, @@ -202,11 +200,10 @@ pub fn libafl_main() { let mut stages = tuple_list!(StdMutationalStage::new(mutator)); // A minimization+queue policy to get testcasess from the corpus - let scheduler = CoverageAccountingCorpusScheduler::new( - &mut state, - QueueCorpusScheduler::new(), - unsafe { &ACCOUNTING_MEMOP_MAP }, - ); + let scheduler = + CoverageAccountingScheduler::new(&mut state, QueueScheduler::new(), unsafe { + &ACCOUNTING_MEMOP_MAP + }); // A fuzzer with feedbacks and a corpus scheduler let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective); diff --git a/fuzzers/libfuzzer_libpng_ctx/src/lib.rs b/fuzzers/libfuzzer_libpng_ctx/src/lib.rs index a01268af77..84ea38ef51 100644 --- a/fuzzers/libfuzzer_libpng_ctx/src/lib.rs +++ b/fuzzers/libfuzzer_libpng_ctx/src/lib.rs @@ -20,10 +20,7 @@ use libafl::{ tuples::{tuple_list, Merge}, AsSlice, }, - corpus::{ - Corpus, InMemoryCorpus, IndexesLenTimeMinimizerCorpusScheduler, OnDiskCorpus, - QueueCorpusScheduler, - }, + corpus::{Corpus, InMemoryCorpus, OnDiskCorpus}, events::EventConfig, executors::{inprocess::InProcessExecutor, ExitKind, TimeoutExecutor}, feedback_or, feedback_or_fast, @@ -36,6 +33,7 @@ use libafl::{ token_mutations::Tokens, }, observers::{HitcountsMapObserver, StdMapObserver, TimeObserver}, + schedulers::{IndexesLenTimeMinimizerScheduler, PowerQueueScheduler}, stages::mutational::StdMutationalStage, state::{HasCorpus, HasMetadata, StdState}, Error, @@ -201,7 +199,7 @@ pub fn libafl_main() { let mut stages = tuple_list!(StdMutationalStage::new(mutator)); // A minimization+queue policy to get testcasess from the corpus - let scheduler = IndexesLenTimeMinimizerCorpusScheduler::new(QueueCorpusScheduler::new()); + let scheduler = IndexesLenTimeMinimizerScheduler::new(QueueScheduler::new()); // A fuzzer with feedbacks and a corpus scheduler let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective); diff --git a/fuzzers/libfuzzer_libpng_launcher/src/lib.rs b/fuzzers/libfuzzer_libpng_launcher/src/lib.rs index 3033958660..82a1d579b0 100644 --- a/fuzzers/libfuzzer_libpng_launcher/src/lib.rs +++ b/fuzzers/libfuzzer_libpng_launcher/src/lib.rs @@ -20,10 +20,7 @@ use libafl::{ tuples::{tuple_list, Merge}, AsSlice, }, - corpus::{ - Corpus, InMemoryCorpus, IndexesLenTimeMinimizerCorpusScheduler, OnDiskCorpus, - QueueCorpusScheduler, - }, + corpus::{Corpus, InMemoryCorpus, OnDiskCorpus}, events::EventConfig, executors::{inprocess::InProcessExecutor, ExitKind, TimeoutExecutor}, feedback_or, feedback_or_fast, @@ -34,6 +31,7 @@ use libafl::{ mutators::scheduled::{havoc_mutations, tokens_mutations, StdScheduledMutator}, mutators::token_mutations::Tokens, observers::{HitcountsMapObserver, StdMapObserver, TimeObserver}, + schedulers::{IndexesLenTimeMinimizerScheduler, PowerQueueScheduler}, stages::mutational::StdMutationalStage, state::{HasCorpus, HasMetadata, StdState}, Error, @@ -200,7 +198,7 @@ pub fn libafl_main() { let mut stages = tuple_list!(StdMutationalStage::new(mutator)); // A minimization+queue policy to get testcasess from the corpus - let scheduler = IndexesLenTimeMinimizerCorpusScheduler::new(QueueCorpusScheduler::new()); + let scheduler = IndexesLenTimeMinimizerScheduler::new(QueueScheduler::new()); // A fuzzer with feedbacks and a corpus scheduler let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective); diff --git a/fuzzers/libfuzzer_reachability/src/lib.rs b/fuzzers/libfuzzer_reachability/src/lib.rs index 82ff8232d4..84e1f25502 100644 --- a/fuzzers/libfuzzer_reachability/src/lib.rs +++ b/fuzzers/libfuzzer_reachability/src/lib.rs @@ -8,7 +8,7 @@ use std::{env, path::PathBuf}; use libafl::{ bolts::{current_nanos, rands::StdRand, tuples::tuple_list, AsSlice}, - corpus::{Corpus, InMemoryCorpus, OnDiskCorpus, RandCorpusScheduler}, + corpus::{Corpus, InMemoryCorpus, OnDiskCorpus}, events::{setup_restarting_mgr_std, EventConfig, EventRestarter}, executors::{inprocess::InProcessExecutor, ExitKind}, feedbacks::{MapFeedbackState, MaxMapFeedback, ReachabilityFeedback}, @@ -17,6 +17,7 @@ use libafl::{ monitors::SimpleMonitor, mutators::scheduled::{havoc_mutations, StdScheduledMutator}, observers::{HitcountsMapObserver, StdMapObserver}, + schedulers::RandScheduler, stages::mutational::StdMutationalStage, state::{HasCorpus, StdState}, Error, @@ -106,7 +107,7 @@ fn fuzz(corpus_dirs: &[PathBuf], objective_dir: PathBuf, broker_port: u16) -> Re let mut stages = tuple_list!(StdMutationalStage::new(mutator)); // A random policy to get testcasess from the corpus - let scheduler = RandCorpusScheduler::new(); + let scheduler = RandScheduler::new(); // A fuzzer with feedbacks and a corpus scheduler let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective); diff --git a/fuzzers/libfuzzer_stb_image/src/main.rs b/fuzzers/libfuzzer_stb_image/src/main.rs index 456968a694..0742d44f10 100644 --- a/fuzzers/libfuzzer_stb_image/src/main.rs +++ b/fuzzers/libfuzzer_stb_image/src/main.rs @@ -8,10 +8,7 @@ use std::{env, path::PathBuf}; use libafl::{ bolts::{current_nanos, rands::StdRand, tuples::tuple_list, AsSlice}, - corpus::{ - Corpus, InMemoryCorpus, IndexesLenTimeMinimizerCorpusScheduler, OnDiskCorpus, - QueueCorpusScheduler, - }, + corpus::{Corpus, InMemoryCorpus, OnDiskCorpus}, events::{setup_restarting_mgr_std, EventConfig}, executors::{inprocess::InProcessExecutor, ExitKind, ShadowExecutor}, feedback_or, @@ -22,6 +19,7 @@ use libafl::{ mutators::scheduled::{havoc_mutations, StdScheduledMutator}, mutators::token_mutations::I2SRandReplace, observers::{StdMapObserver, TimeObserver}, + schedulers::{IndexesLenTimeMinimizerScheduler, PowerQueueScheduler}, stages::{ShadowTracingStage, StdMutationalStage}, state::{HasCorpus, StdState}, Error, @@ -113,7 +111,7 @@ fn fuzz(corpus_dirs: &[PathBuf], objective_dir: PathBuf, broker_port: u16) -> Re println!("We're a client, let's fuzz :)"); // A minimization+queue policy to get testcasess from the corpus - let scheduler = IndexesLenTimeMinimizerCorpusScheduler::new(QueueCorpusScheduler::new()); + let scheduler = IndexesLenTimeMinimizerScheduler::new(QueueScheduler::new()); // A fuzzer with feedbacks and a corpus scheduler let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective); diff --git a/fuzzers/libfuzzer_stb_image_concolic/fuzzer/src/main.rs b/fuzzers/libfuzzer_stb_image_concolic/fuzzer/src/main.rs index bf1f261646..99d41ecc61 100644 --- a/fuzzers/libfuzzer_stb_image_concolic/fuzzer/src/main.rs +++ b/fuzzers/libfuzzer_stb_image_concolic/fuzzer/src/main.rs @@ -15,10 +15,7 @@ use libafl::{ tuples::{tuple_list, Named}, AsMutSlice, AsSlice, }, - corpus::{ - Corpus, InMemoryCorpus, IndexesLenTimeMinimizerCorpusScheduler, OnDiskCorpus, - QueueCorpusScheduler, - }, + corpus::{Corpus, InMemoryCorpus, OnDiskCorpus}, events::{setup_restarting_mgr_std, EventConfig}, executors::{ command::CommandConfigurator, inprocess::InProcessExecutor, ExitKind, ShadowExecutor, @@ -39,6 +36,7 @@ use libafl::{ }, StdMapObserver, TimeObserver, }, + schedulers::{IndexesLenTimeMinimizerScheduler, PowerQueueScheduler}, stages::{ ConcolicTracingStage, ShadowTracingStage, SimpleConcolicMutationalStage, StdMutationalStage, TracingStage, @@ -148,7 +146,7 @@ fn fuzz( println!("We're a client, let's fuzz :)"); // A minimization+queue policy to get testcasess from the corpus - let scheduler = IndexesLenTimeMinimizerCorpusScheduler::new(QueueCorpusScheduler::new()); + let scheduler = IndexesLenTimeMinimizerScheduler::new(QueueScheduler::new()); // A fuzzer with feedbacks and a corpus scheduler let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective); diff --git a/fuzzers/push_harness/src/main.rs b/fuzzers/push_harness/src/main.rs index ddc4696cd7..c6eaadbdc5 100644 --- a/fuzzers/push_harness/src/main.rs +++ b/fuzzers/push_harness/src/main.rs @@ -4,7 +4,7 @@ use klo_routines::*; use libafl::inputs::{BytesInput, HasTargetBytes}; use libafl::{ bolts::{current_nanos, rands::StdRand, tuples::tuple_list, AsSlice}, - corpus::{InMemoryCorpus, OnDiskCorpus, QueueCorpusScheduler}, + corpus::{InMemoryCorpus, OnDiskCorpus}, events::SimpleEventManager, executors::{inprocess::InProcessExecutor, ExitKind}, feedbacks::{CrashFeedback, MapFeedbackState, MaxMapFeedback}, @@ -13,6 +13,7 @@ use libafl::{ monitors::SimpleMonitor, mutators::scheduled::{havoc_mutations, StdScheduledMutator}, observers::StdMapObserver, + schedulers::QueueScheduler, stages::mutational::StdMutationalStage, state::StdState, }; @@ -71,7 +72,7 @@ fn input_generator() { let mut mgr = SimpleEventManager::new(monitor); // A queue policy to get testcasess from the corpus - let scheduler = QueueCorpusScheduler::new(); + let scheduler = QueueScheduler::new(); // A fuzzer with feedbacks and a corpus scheduler let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective); diff --git a/fuzzers/push_stage_harness/src/main.rs b/fuzzers/push_stage_harness/src/main.rs index 43398fa749..f89f537942 100644 --- a/fuzzers/push_stage_harness/src/main.rs +++ b/fuzzers/push_stage_harness/src/main.rs @@ -9,9 +9,7 @@ use std::{path::PathBuf, rc::Rc}; use libafl::{ bolts::{current_nanos, rands::StdRand, tuples::tuple_list, AsSlice}, - corpus::{ - Corpus, CorpusScheduler, InMemoryCorpus, OnDiskCorpus, QueueCorpusScheduler, Testcase, - }, + corpus::{Corpus, InMemoryCorpus, OnDiskCorpus, Testcase}, events::SimpleEventManager, executors::ExitKind, feedbacks::{CrashFeedback, MapFeedbackState, MaxMapFeedback}, @@ -20,6 +18,7 @@ use libafl::{ monitors::SimpleMonitor, mutators::scheduled::{havoc_mutations, StdScheduledMutator}, observers::StdMapObserver, + schedulers::{QueueScheduler, Scheduler}, stages::push::{PushStageSharedState, StdMutationalPushStage}, state::{HasCorpus, StdState}, }; @@ -68,7 +67,7 @@ pub fn main() { let mgr = SimpleEventManager::new(monitor); // A queue policy to get testcasess from the corpus - let scheduler = QueueCorpusScheduler::new(); + let scheduler = QueueScheduler::new(); // Create the executor for an in-process function with just one observer //let mut executor = InProcessExecutor::new(&mut harness, &mut fuzzer, &mut state, &mut mgr) diff --git a/fuzzers/qemu_launcher/src/fuzzer.rs b/fuzzers/qemu_launcher/src/fuzzer.rs index f1bed73f37..c39e42be59 100644 --- a/fuzzers/qemu_launcher/src/fuzzer.rs +++ b/fuzzers/qemu_launcher/src/fuzzer.rs @@ -13,10 +13,7 @@ use libafl::{ tuples::tuple_list, AsSlice, }, - corpus::{ - Corpus, InMemoryCorpus, IndexesLenTimeMinimizerCorpusScheduler, OnDiskCorpus, - QueueCorpusScheduler, - }, + corpus::{Corpus, InMemoryCorpus, OnDiskCorpus}, events::EventConfig, executors::{ExitKind, TimeoutExecutor}, feedback_or, feedback_or_fast, @@ -26,6 +23,7 @@ use libafl::{ monitors::MultiMonitor, mutators::scheduled::{havoc_mutations, StdScheduledMutator}, observers::{HitcountsMapObserver, TimeObserver, VariableMapObserver}, + schedulers::{IndexesLenTimeMinimizerScheduler, QueueScheduler}, stages::StdMutationalStage, state::{HasCorpus, StdState}, Error, @@ -154,7 +152,7 @@ pub fn fuzz() { }); // A minimization+queue policy to get testcasess from the corpus - let scheduler = IndexesLenTimeMinimizerCorpusScheduler::new(QueueCorpusScheduler::new()); + let scheduler = IndexesLenTimeMinimizerScheduler::new(QueueScheduler::new()); // A fuzzer with feedbacks and a corpus scheduler let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective); diff --git a/fuzzers/tutorial/src/lib.rs b/fuzzers/tutorial/src/lib.rs index 14e5ffec33..a2bc2adcd8 100644 --- a/fuzzers/tutorial/src/lib.rs +++ b/fuzzers/tutorial/src/lib.rs @@ -8,7 +8,7 @@ use std::{env, path::PathBuf}; use libafl::{ bolts::{current_nanos, rands::StdRand, tuples::tuple_list, AsSlice}, - corpus::{Corpus, InMemoryCorpus, OnDiskCorpus, PowerQueueCorpusScheduler}, + corpus::{Corpus, InMemoryCorpus, OnDiskCorpus}, events::{setup_restarting_mgr_std, EventConfig, EventRestarter}, executors::{inprocess::InProcessExecutor, ExitKind, TimeoutExecutor}, feedback_or, feedback_or_fast, @@ -17,6 +17,7 @@ use libafl::{ inputs::HasTargetBytes, monitors::MultiMonitor, observers::{HitcountsMapObserver, StdMapObserver, TimeObserver}, + schedulers::PowerQueueScheduler, stages::{ calibrate::CalibrationStage, power::{PowerMutationalStage, PowerSchedule}, @@ -133,7 +134,7 @@ fn fuzz(corpus_dirs: &[PathBuf], objective_dir: PathBuf, broker_port: u16) -> Re let mut stages = tuple_list!(calibration, power); // A minimization+queue policy to get testcasess from the corpus - let scheduler = PacketLenMinimizerCorpusScheduler::new(PowerQueueCorpusScheduler::new()); + let scheduler = PacketLenMinimizerScheduler::new(PowerQueueScheduler::new()); // A fuzzer with feedbacks and a corpus scheduler let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective); diff --git a/fuzzers/tutorial/src/metadata.rs b/fuzzers/tutorial/src/metadata.rs index e41fc8dec8..820dce15fa 100644 --- a/fuzzers/tutorial/src/metadata.rs +++ b/fuzzers/tutorial/src/metadata.rs @@ -1,10 +1,11 @@ use libafl::{ bolts::tuples::Named, - corpus::{FavFactor, MinimizerCorpusScheduler, Testcase}, + corpus::Testcase, events::EventFirer, executors::ExitKind, feedbacks::{Feedback, MapIndexesMetadata}, observers::ObserversTuple, + schedulers::{FavFactor, MinimizerScheduler}, state::{HasClientPerfMonitor, HasMetadata}, Error, SerdeAny, }; @@ -29,8 +30,8 @@ impl FavFactor for PacketLenFavFactor { } } -pub type PacketLenMinimizerCorpusScheduler = - MinimizerCorpusScheduler; +pub type PacketLenMinimizerScheduler = + MinimizerScheduler; #[derive(Serialize, Deserialize, Default, Clone, Debug)] pub struct PacketLenFeedback { diff --git a/libafl/src/corpus/mod.rs b/libafl/src/corpus/mod.rs index de14872949..4f13353122 100644 --- a/libafl/src/corpus/mod.rs +++ b/libafl/src/corpus/mod.rs @@ -16,36 +16,9 @@ pub mod cached; #[cfg(feature = "std")] pub use cached::CachedOnDiskCorpus; -pub mod queue; -pub use queue::QueueCorpusScheduler; - -pub mod probabilistic_sampling; -pub use probabilistic_sampling::ProbabilitySamplingCorpusScheduler; - -pub mod accounting; -pub use accounting::*; - -pub mod fav_factor; -pub use fav_factor::{FavFactor, LenTimeMulFavFactor}; - -pub mod minimizer; -pub use minimizer::{ - IndexesLenTimeMinimizerCorpusScheduler, IsFavoredMetadata, LenTimeMinimizerCorpusScheduler, - MinimizerCorpusScheduler, TopRatedsMetadata, -}; - -pub mod powersched; -pub use powersched::PowerQueueCorpusScheduler; - -use alloc::borrow::ToOwned; use core::cell::RefCell; -use crate::{ - bolts::rands::Rand, - inputs::Input, - state::{HasCorpus, HasRand}, - Error, -}; +use crate::{inputs::Input, Error}; /// Corpus with all current testcases pub trait Corpus: serde::Serialize + serde::de::DeserializeOwned @@ -79,81 +52,6 @@ where fn current_mut(&mut self) -> &mut Option; } -/// The scheduler define how the fuzzer requests a testcase from the corpus. -/// It has hooks to corpus add/replace/remove to allow complex scheduling algorithms to collect data. -pub trait CorpusScheduler -where - I: Input, -{ - /// Add an entry to the corpus and return its index - fn on_add(&self, _state: &mut S, _idx: usize) -> Result<(), Error> { - Ok(()) - } - - /// Replaces the testcase at the given idx - fn on_replace( - &self, - _state: &mut S, - _idx: usize, - _testcase: &Testcase, - ) -> Result<(), Error> { - Ok(()) - } - - /// Removes an entry from the corpus, returning it if it was present. - fn on_remove( - &self, - _state: &mut S, - _idx: usize, - _testcase: &Option>, - ) -> Result<(), Error> { - Ok(()) - } - - /// Gets the next entry - fn next(&self, state: &mut S) -> Result; -} - -/// Feed the fuzzer simpply with a random testcase on request -#[derive(Debug, Clone)] -pub struct RandCorpusScheduler; - -impl CorpusScheduler for RandCorpusScheduler -where - S: HasCorpus + HasRand, - I: Input, -{ - /// Gets the next entry at random - fn next(&self, state: &mut S) -> Result { - if state.corpus().count() == 0 { - Err(Error::Empty("No entries in corpus".to_owned())) - } else { - let len = state.corpus().count(); - let id = state.rand_mut().below(len as u64) as usize; - *state.corpus_mut().current_mut() = Some(id); - Ok(id) - } - } -} - -impl RandCorpusScheduler { - /// Create a new [`RandCorpusScheduler`] that just schedules randomly. - #[must_use] - pub fn new() -> Self { - Self - } -} - -impl Default for RandCorpusScheduler { - fn default() -> Self { - Self::new() - } -} - -/// A [`StdCorpusScheduler`] uses the default scheduler in `LibAFL` to schedule [`Testcase`]s. -/// The current `Std` is a [`RandCorpusScheduler`], although this may change in the future, if another [`CorpusScheduler`] delivers better results. -pub type StdCorpusScheduler = RandCorpusScheduler; - /// `Corpus` Python bindings #[cfg(feature = "python")] pub mod pybind { diff --git a/libafl/src/events/llmp.rs b/libafl/src/events/llmp.rs index beb30a43ed..61c75a98e8 100644 --- a/libafl/src/events/llmp.rs +++ b/libafl/src/events/llmp.rs @@ -948,11 +948,12 @@ mod tests { staterestore::StateRestorer, tuples::tuple_list, }, - corpus::{Corpus, InMemoryCorpus, RandCorpusScheduler, Testcase}, + corpus::{Corpus, InMemoryCorpus, Testcase}, events::{llmp::_ENV_FUZZER_SENDER, LlmpEventManager}, executors::{ExitKind, InProcessExecutor}, inputs::BytesInput, mutators::BitFlipMutator, + schedulers::RandScheduler, stages::StdMutationalStage, state::StdState, Fuzzer, StdFuzzer, @@ -988,7 +989,7 @@ mod tests { let mut llmp_mgr = LlmpEventManager::::new(llmp_client, "fuzzer".into()).unwrap(); - let scheduler = RandCorpusScheduler::new(); + let scheduler = RandScheduler::new(); let mut fuzzer = StdFuzzer::new(scheduler, (), ()); diff --git a/libafl/src/fuzzer/mod.rs b/libafl/src/fuzzer/mod.rs index b5331bb96d..0015e1a6ae 100644 --- a/libafl/src/fuzzer/mod.rs +++ b/libafl/src/fuzzer/mod.rs @@ -2,13 +2,14 @@ use crate::{ bolts::current_time, - corpus::{Corpus, CorpusScheduler, Testcase}, + corpus::{Corpus, Testcase}, events::{Event, EventConfig, EventFirer, EventManager, ProgressReporter}, executors::{Executor, ExitKind, HasObservers}, feedbacks::Feedback, inputs::Input, mark_feature_time, observers::ObserversTuple, + schedulers::Scheduler, stages::StagesTuple, start_timer, state::{HasClientPerfMonitor, HasCorpus, HasExecutions, HasSolutions}, @@ -25,9 +26,9 @@ use core::{marker::PhantomData, time::Duration}; const STATS_TIMEOUT_DEFAULT: Duration = Duration::from_secs(15); /// Holds a scheduler -pub trait HasCorpusScheduler +pub trait HasScheduler where - CS: CorpusScheduler, + CS: Scheduler, I: Input, { /// The scheduler @@ -235,7 +236,7 @@ pub enum ExecuteInputResult { #[derive(Debug)] pub struct StdFuzzer where - CS: CorpusScheduler, + CS: Scheduler, F: Feedback, I: Input, OF: Feedback, @@ -247,9 +248,9 @@ where phantom: PhantomData<(I, OT, S)>, } -impl HasCorpusScheduler for StdFuzzer +impl HasScheduler for StdFuzzer where - CS: CorpusScheduler, + CS: Scheduler, F: Feedback, I: Input, OF: Feedback, @@ -266,7 +267,7 @@ where impl HasFeedback for StdFuzzer where - CS: CorpusScheduler, + CS: Scheduler, F: Feedback, I: Input, OF: Feedback, @@ -283,7 +284,7 @@ where impl HasObjective for StdFuzzer where - CS: CorpusScheduler, + CS: Scheduler, F: Feedback, I: Input, OF: Feedback, @@ -300,7 +301,7 @@ where impl ExecutionProcessor for StdFuzzer where - CS: CorpusScheduler, + CS: Scheduler, F: Feedback, I: Input, OF: Feedback, @@ -414,7 +415,7 @@ where impl EvaluatorObservers for StdFuzzer where - CS: CorpusScheduler, + CS: Scheduler, OT: ObserversTuple + serde::Serialize + serde::de::DeserializeOwned, F: Feedback, I: Input, @@ -443,7 +444,7 @@ where impl Evaluator for StdFuzzer where - CS: CorpusScheduler, + CS: Scheduler, E: Executor + HasObservers, OT: ObserversTuple + serde::Serialize + serde::de::DeserializeOwned, EM: EventManager, @@ -509,7 +510,7 @@ where impl Fuzzer for StdFuzzer where - CS: CorpusScheduler, + CS: Scheduler, EM: EventManager, F: Feedback, I: Input, @@ -559,7 +560,7 @@ where impl StdFuzzer where - CS: CorpusScheduler, + CS: Scheduler, F: Feedback, I: Input, OF: Feedback, @@ -628,7 +629,7 @@ where impl ExecutesInput for StdFuzzer where - CS: CorpusScheduler, + CS: Scheduler, F: Feedback, I: Input, OT: ObserversTuple, @@ -670,10 +671,10 @@ where #[cfg(feature = "python")] /// `Fuzzer` Python bindings pub mod pybind { - use crate::corpus::QueueCorpusScheduler; use crate::feedbacks::{CrashFeedback, MaxMapFeedback}; use crate::fuzzer::{Fuzzer, StdFuzzer}; use crate::inputs::BytesInput; + use crate::schedulers::QueueScheduler; use pyo3::prelude::*; macro_rules! define_python_fuzzer { @@ -688,7 +689,7 @@ pub mod pybind { /// `StdFuzzer` with fixed generics pub type $type_name = StdFuzzer< - QueueCorpusScheduler, + QueueScheduler, MaxMapFeedback, BytesInput, CrashFeedback, @@ -709,7 +710,7 @@ pub mod pybind { fn new(py_max_map_feedback: $max_map_feedback_py_name) -> Self { Self { std_fuzzer: StdFuzzer::new( - QueueCorpusScheduler::new(), + QueueScheduler::new(), py_max_map_feedback.max_map_feedback, CrashFeedback::new(), ), diff --git a/libafl/src/lib.rs b/libafl/src/lib.rs index 27199e2ac7..c16c2a7c3c 100644 --- a/libafl/src/lib.rs +++ b/libafl/src/lib.rs @@ -93,6 +93,7 @@ pub mod inputs; pub mod monitors; pub mod mutators; pub mod observers; +pub mod schedulers; pub mod stages; pub mod state; @@ -234,11 +235,12 @@ impl std::error::Error for Error {} mod tests { use crate::{ bolts::{rands::StdRand, tuples::tuple_list}, - corpus::{Corpus, InMemoryCorpus, RandCorpusScheduler, Testcase}, + corpus::{Corpus, InMemoryCorpus, Testcase}, executors::{ExitKind, InProcessExecutor}, inputs::BytesInput, monitors::SimpleMonitor, mutators::{mutations::BitFlipMutator, StdScheduledMutator}, + schedulers::RandScheduler, stages::StdMutationalStage, state::{HasCorpus, StdState}, Fuzzer, StdFuzzer, @@ -268,7 +270,7 @@ mod tests { }); let mut event_manager = SimpleEventManager::new(monitor); - let scheduler = RandCorpusScheduler::new(); + let scheduler = RandScheduler::new(); let mut fuzzer = StdFuzzer::new(scheduler, (), ()); let mut harness = |_buf: &BytesInput| ExitKind::Ok; diff --git a/libafl/src/corpus/accounting.rs b/libafl/src/schedulers/accounting.rs similarity index 89% rename from libafl/src/corpus/accounting.rs rename to libafl/src/schedulers/accounting.rs index 21ccb0a1fa..3652404ef1 100644 --- a/libafl/src/corpus/accounting.rs +++ b/libafl/src/schedulers/accounting.rs @@ -2,12 +2,13 @@ use crate::{ bolts::{rands::Rand, AsMutSlice, AsSlice, HasLen, HasRefCnt}, - corpus::{ - minimizer::{IsFavoredMetadata, MinimizerCorpusScheduler, DEFAULT_SKIP_NON_FAVORED_PROB}, - Corpus, CorpusScheduler, LenTimeMulFavFactor, Testcase, - }, + corpus::{Corpus, Testcase}, feedbacks::MapIndexesMetadata, inputs::Input, + schedulers::{ + minimizer::{IsFavoredMetadata, MinimizerScheduler, DEFAULT_SKIP_NON_FAVORED_PROB}, + LenTimeMulFavFactor, Scheduler, + }, state::{HasCorpus, HasMetadata, HasRand}, Error, }; @@ -91,20 +92,20 @@ impl TopAccountingMetadata { /// A minimizer scheduler using coverage accounting #[derive(Debug)] -pub struct CoverageAccountingCorpusScheduler<'a, CS, I, S> +pub struct CoverageAccountingScheduler<'a, CS, I, S> where - CS: CorpusScheduler, + CS: Scheduler, I: Input + HasLen, S: HasCorpus + HasMetadata + HasRand, { accounting_map: &'a [u32], skip_non_favored_prob: u64, - inner: MinimizerCorpusScheduler, I, MapIndexesMetadata, S>, + inner: MinimizerScheduler, I, MapIndexesMetadata, S>, } -impl<'a, CS, I, S> CorpusScheduler for CoverageAccountingCorpusScheduler<'a, CS, I, S> +impl<'a, CS, I, S> Scheduler for CoverageAccountingScheduler<'a, CS, I, S> where - CS: CorpusScheduler, + CS: Scheduler, I: Input + HasLen, S: HasCorpus + HasMetadata + HasRand, { @@ -152,9 +153,9 @@ where } } -impl<'a, CS, I, S> CoverageAccountingCorpusScheduler<'a, CS, I, S> +impl<'a, CS, I, S> CoverageAccountingScheduler<'a, CS, I, S> where - CS: CorpusScheduler, + CS: Scheduler, I: Input + HasLen, S: HasCorpus + HasMetadata + HasRand, { @@ -188,7 +189,7 @@ where let must_remove = { let old_meta = old.metadata_mut().get_mut::().ok_or_else(|| { Error::KeyNotFound(format!( - "AccountingIndexesMetadata, needed by CoverageAccountingCorpusScheduler, not found in testcase #{}", + "AccountingIndexesMetadata, needed by CoverageAccountingScheduler, not found in testcase #{}", old_idx )) })?; @@ -259,18 +260,18 @@ where Ok(()) } - /// Creates a new [`CoverageAccountingCorpusScheduler`] that wraps a `base` [`CorpusScheduler`] + /// Creates a new [`CoverageAccountingScheduler`] that wraps a `base` [`Scheduler`] /// and has a default probability to skip non-faved [`Testcase`]s of [`DEFAULT_SKIP_NON_FAVORED_PROB`]. pub fn new(state: &mut S, base: CS, accounting_map: &'a [u32]) -> Self { state.add_metadata(TopAccountingMetadata::new(accounting_map.len())); Self { accounting_map, - inner: MinimizerCorpusScheduler::new(base), + inner: MinimizerScheduler::new(base), skip_non_favored_prob: DEFAULT_SKIP_NON_FAVORED_PROB, } } - /// Creates a new [`CoverageAccountingCorpusScheduler`] that wraps a `base` [`CorpusScheduler`] + /// Creates a new [`CoverageAccountingScheduler`] that wraps a `base` [`Scheduler`] /// and has a non-default probability to skip non-faved [`Testcase`]s using (`skip_non_favored_prob`). pub fn with_skip_prob( state: &mut S, @@ -281,7 +282,7 @@ where state.add_metadata(TopAccountingMetadata::new(accounting_map.len())); Self { accounting_map, - inner: MinimizerCorpusScheduler::with_skip_prob(base, skip_non_favored_prob), + inner: MinimizerScheduler::with_skip_prob(base, skip_non_favored_prob), skip_non_favored_prob, } } diff --git a/libafl/src/corpus/fav_factor.rs b/libafl/src/schedulers/fav_factor.rs similarity index 100% rename from libafl/src/corpus/fav_factor.rs rename to libafl/src/schedulers/fav_factor.rs diff --git a/libafl/src/corpus/minimizer.rs b/libafl/src/schedulers/minimizer.rs similarity index 81% rename from libafl/src/corpus/minimizer.rs rename to libafl/src/schedulers/minimizer.rs index 01718bca64..339eeab40c 100644 --- a/libafl/src/corpus/minimizer.rs +++ b/libafl/src/schedulers/minimizer.rs @@ -3,9 +3,10 @@ use crate::{ bolts::{rands::Rand, serdeany::SerdeAny, AsSlice, HasRefCnt}, - corpus::{Corpus, CorpusScheduler, FavFactor, LenTimeMulFavFactor, Testcase}, + corpus::{Corpus, Testcase}, feedbacks::MapIndexesMetadata, inputs::Input, + schedulers::{FavFactor, LenTimeMulFavFactor, Scheduler}, state::{HasCorpus, HasMetadata, HasRand}, Error, }; @@ -48,13 +49,13 @@ impl Default for TopRatedsMetadata { } } -/// The [`MinimizerCorpusScheduler`] employs a genetic algorithm to compute a subset of the +/// The [`MinimizerScheduler`] employs a genetic algorithm to compute a subset of the /// corpus that exercise all the requested features (e.g. all the coverage seen so far) /// prioritizing [`Testcase`]`s` using [`FavFactor`] #[derive(Debug, Clone)] -pub struct MinimizerCorpusScheduler +pub struct MinimizerScheduler where - CS: CorpusScheduler, + CS: Scheduler, F: FavFactor, I: Input, M: AsSlice + SerdeAny + HasRefCnt, @@ -65,9 +66,9 @@ where phantom: PhantomData<(F, I, M, S)>, } -impl CorpusScheduler for MinimizerCorpusScheduler +impl Scheduler for MinimizerScheduler where - CS: CorpusScheduler, + CS: Scheduler, F: FavFactor, I: Input, M: AsSlice + SerdeAny + HasRefCnt, @@ -113,15 +114,15 @@ where } } -impl MinimizerCorpusScheduler +impl MinimizerScheduler where - CS: CorpusScheduler, + CS: Scheduler, F: FavFactor, I: Input, M: AsSlice + SerdeAny + HasRefCnt, S: HasCorpus + HasMetadata + HasRand, { - /// Update the `Corpus` score using the `MinimizerCorpusScheduler` + /// Update the `Corpus` score using the `MinimizerScheduler` #[allow(clippy::unused_self)] #[allow(clippy::cast_possible_wrap)] pub fn update_score(&self, state: &mut S, idx: usize) -> Result<(), Error> { @@ -136,7 +137,7 @@ where let factor = F::compute(&mut *entry)?; let meta = entry.metadata_mut().get_mut::().ok_or_else(|| { Error::KeyNotFound(format!( - "Metadata needed for MinimizerCorpusScheduler not found in testcase #{}", + "Metadata needed for MinimizerScheduler not found in testcase #{}", idx )) })?; @@ -156,7 +157,7 @@ where let must_remove = { let old_meta = old.metadata_mut().get_mut::().ok_or_else(|| { Error::KeyNotFound(format!( - "Metadata needed for MinimizerCorpusScheduler not found in testcase #{}", + "Metadata needed for MinimizerScheduler not found in testcase #{}", old_idx )) })?; @@ -198,7 +199,7 @@ where Ok(()) } - /// Cull the `Corpus` using the `MinimizerCorpusScheduler` + /// Cull the `Corpus` using the `MinimizerScheduler` #[allow(clippy::unused_self)] pub fn cull(&self, state: &mut S) -> Result<(), Error> { let top_rated = match state.metadata().get::() { @@ -213,7 +214,7 @@ where let mut entry = state.corpus().get(*idx)?.borrow_mut(); let meta = entry.metadata().get::().ok_or_else(|| { Error::KeyNotFound(format!( - "Metadata needed for MinimizerCorpusScheduler not found in testcase #{}", + "Metadata needed for MinimizerScheduler not found in testcase #{}", idx )) })?; @@ -233,7 +234,7 @@ where &self.base } - /// Creates a new [`MinimizerCorpusScheduler`] that wraps a `base` [`CorpusScheduler`] + /// Creates a new [`MinimizerScheduler`] that wraps a `base` [`Scheduler`] /// and has a default probability to skip non-faved [`Testcase`]s of [`DEFAULT_SKIP_NON_FAVORED_PROB`]. pub fn new(base: CS) -> Self { Self { @@ -243,7 +244,7 @@ where } } - /// Creates a new [`MinimizerCorpusScheduler`] that wraps a `base` [`CorpusScheduler`] + /// Creates a new [`MinimizerScheduler`] that wraps a `base` [`Scheduler`] /// and has a non-default probability to skip non-faved [`Testcase`]s using (`skip_non_favored_prob`). pub fn with_skip_prob(base: CS, skip_non_favored_prob: u64) -> Self { Self { @@ -254,11 +255,11 @@ where } } -/// A [`MinimizerCorpusScheduler`] with [`LenTimeMulFavFactor`] to prioritize quick and small [`Testcase`]`s`. -pub type LenTimeMinimizerCorpusScheduler = - MinimizerCorpusScheduler, I, M, S>; +/// A [`MinimizerScheduler`] with [`LenTimeMulFavFactor`] to prioritize quick and small [`Testcase`]`s`. +pub type LenTimeMinimizerScheduler = + MinimizerScheduler, I, M, S>; -/// A [`MinimizerCorpusScheduler`] with [`LenTimeMulFavFactor`] to prioritize quick and small [`Testcase`]`s` +/// A [`MinimizerScheduler`] with [`LenTimeMulFavFactor`] to prioritize quick and small [`Testcase`]`s` /// that exercise all the entries registered in the [`MapIndexesMetadata`]. -pub type IndexesLenTimeMinimizerCorpusScheduler = - MinimizerCorpusScheduler, I, MapIndexesMetadata, S>; +pub type IndexesLenTimeMinimizerScheduler = + MinimizerScheduler, I, MapIndexesMetadata, S>; diff --git a/libafl/src/schedulers/mod.rs b/libafl/src/schedulers/mod.rs new file mode 100644 index 0000000000..b644bc08a3 --- /dev/null +++ b/libafl/src/schedulers/mod.rs @@ -0,0 +1,106 @@ +//! Schedule the access to the Corpus. + +pub mod queue; +pub use queue::QueueScheduler; + +pub mod probabilistic_sampling; +pub use probabilistic_sampling::ProbabilitySamplingScheduler; + +pub mod accounting; +pub use accounting::CoverageAccountingScheduler; + +pub mod fav_factor; +pub use fav_factor::{FavFactor, LenTimeMulFavFactor}; + +pub mod minimizer; +pub use minimizer::{ + IndexesLenTimeMinimizerScheduler, LenTimeMinimizerScheduler, MinimizerScheduler, +}; + +pub mod powersched; +pub use powersched::PowerQueueScheduler; + +use alloc::borrow::ToOwned; + +use crate::{ + bolts::rands::Rand, + corpus::{Corpus, Testcase}, + inputs::Input, + state::{HasCorpus, HasRand}, + Error, +}; + +/// The scheduler define how the fuzzer requests a testcase from the corpus. +/// It has hooks to corpus add/replace/remove to allow complex scheduling algorithms to collect data. +pub trait Scheduler +where + I: Input, +{ + /// Add an entry to the corpus and return its index + fn on_add(&self, _state: &mut S, _idx: usize) -> Result<(), Error> { + Ok(()) + } + + /// Replaces the testcase at the given idx + fn on_replace( + &self, + _state: &mut S, + _idx: usize, + _testcase: &Testcase, + ) -> Result<(), Error> { + Ok(()) + } + + /// Removes an entry from the corpus, returning it if it was present. + fn on_remove( + &self, + _state: &mut S, + _idx: usize, + _testcase: &Option>, + ) -> Result<(), Error> { + Ok(()) + } + + /// Gets the next entry + fn next(&self, state: &mut S) -> Result; +} + +/// Feed the fuzzer simpply with a random testcase on request +#[derive(Debug, Clone)] +pub struct RandScheduler; + +impl Scheduler for RandScheduler +where + S: HasCorpus + HasRand, + I: Input, +{ + /// Gets the next entry at random + fn next(&self, state: &mut S) -> Result { + if state.corpus().count() == 0 { + Err(Error::Empty("No entries in corpus".to_owned())) + } else { + let len = state.corpus().count(); + let id = state.rand_mut().below(len as u64) as usize; + *state.corpus_mut().current_mut() = Some(id); + Ok(id) + } + } +} + +impl RandScheduler { + /// Create a new [`RandScheduler`] that just schedules randomly. + #[must_use] + pub fn new() -> Self { + Self + } +} + +impl Default for RandScheduler { + fn default() -> Self { + Self::new() + } +} + +/// A [`StdScheduler`] uses the default scheduler in `LibAFL` to schedule [`Testcase`]s. +/// The current `Std` is a [`RandScheduler`], although this may change in the future, if another [`Scheduler`] delivers better results. +pub type StdScheduler = RandScheduler; diff --git a/libafl/src/corpus/powersched.rs b/libafl/src/schedulers/powersched.rs similarity index 88% rename from libafl/src/corpus/powersched.rs rename to libafl/src/schedulers/powersched.rs index 8d837508ea..d8572c436e 100644 --- a/libafl/src/corpus/powersched.rs +++ b/libafl/src/schedulers/powersched.rs @@ -3,8 +3,9 @@ use alloc::string::{String, ToString}; use crate::{ - corpus::{Corpus, CorpusScheduler, PowerScheduleTestcaseMetaData}, + corpus::{Corpus, PowerScheduleTestcaseMetaData}, inputs::Input, + schedulers::Scheduler, stages::PowerScheduleMetadata, state::{HasCorpus, HasMetadata}, Error, @@ -12,15 +13,15 @@ use crate::{ /// A corpus scheduler using power schedules #[derive(Clone, Debug)] -pub struct PowerQueueCorpusScheduler; +pub struct PowerQueueScheduler; -impl Default for PowerQueueCorpusScheduler { +impl Default for PowerQueueScheduler { fn default() -> Self { Self::new() } } -impl CorpusScheduler for PowerQueueCorpusScheduler +impl Scheduler for PowerQueueScheduler where S: HasCorpus + HasMetadata, I: Input, @@ -78,8 +79,8 @@ where } } -impl PowerQueueCorpusScheduler { - /// Create a new [`PowerQueueCorpusScheduler`] +impl PowerQueueScheduler { + /// Create a new [`PowerQueueScheduler`] #[must_use] pub fn new() -> Self { Self diff --git a/libafl/src/corpus/probabilistic_sampling.rs b/libafl/src/schedulers/probabilistic_sampling.rs similarity index 87% rename from libafl/src/corpus/probabilistic_sampling.rs rename to libafl/src/schedulers/probabilistic_sampling.rs index b172c77cbd..c5bef87c6c 100644 --- a/libafl/src/corpus/probabilistic_sampling.rs +++ b/libafl/src/schedulers/probabilistic_sampling.rs @@ -3,8 +3,9 @@ use crate::{ bolts::rands::Rand, - corpus::{Corpus, CorpusScheduler, FavFactor}, + corpus::Corpus, inputs::Input, + schedulers::{FavFactor, Scheduler}, state::{HasCorpus, HasMetadata, HasRand}, Error, }; @@ -15,7 +16,7 @@ use serde::{Deserialize, Serialize}; /// Conduct reservoir sampling (probabilistic sampling) over all corpus elements. #[derive(Debug, Clone)] -pub struct ProbabilitySamplingCorpusScheduler +pub struct ProbabilitySamplingScheduler where I: Input, S: HasCorpus + HasMetadata + HasRand, @@ -52,13 +53,13 @@ impl Default for ProbabilityMetadata { } } -impl ProbabilitySamplingCorpusScheduler +impl ProbabilitySamplingScheduler where I: Input, S: HasCorpus + HasMetadata + HasRand, F: FavFactor, { - /// Creates a new [`struct@ProbabilitySamplingCorpusScheduler`] + /// Creates a new [`struct@ProbabilitySamplingScheduler`] #[must_use] pub fn new() -> Self { Self { @@ -87,7 +88,7 @@ where } } -impl CorpusScheduler for ProbabilitySamplingCorpusScheduler +impl Scheduler for ProbabilitySamplingScheduler where I: Input, S: HasCorpus + HasMetadata + HasRand, @@ -121,7 +122,7 @@ where } } -impl Default for ProbabilitySamplingCorpusScheduler +impl Default for ProbabilitySamplingScheduler where I: Input, S: HasCorpus + HasMetadata + HasRand, @@ -139,11 +140,9 @@ mod tests { use crate::{ bolts::rands::StdRand, - corpus::{ - Corpus, CorpusScheduler, FavFactor, InMemoryCorpus, ProbabilitySamplingCorpusScheduler, - Testcase, - }, + corpus::{Corpus, InMemoryCorpus, Testcase}, inputs::{bytes::BytesInput, Input}, + schedulers::{FavFactor, ProbabilitySamplingScheduler, Scheduler}, state::StdState, Error, }; @@ -168,15 +167,15 @@ mod tests { } } - pub type UniformProbabilitySamplingCorpusScheduler = - ProbabilitySamplingCorpusScheduler>; + pub type UniformProbabilitySamplingScheduler = + ProbabilitySamplingScheduler>; #[test] fn test_prob_sampling() { // the first 3 probabilities will be .69, .86, .44 let rand = StdRand::with_seed(12); - let scheduler = UniformProbabilitySamplingCorpusScheduler::new(); + let scheduler = UniformProbabilitySamplingScheduler::new(); let mut corpus = InMemoryCorpus::new(); let t1 = Testcase::with_filename(BytesInput::new(vec![0_u8; 4]), "1".into()); diff --git a/libafl/src/corpus/queue.rs b/libafl/src/schedulers/queue.rs similarity index 82% rename from libafl/src/corpus/queue.rs rename to libafl/src/schedulers/queue.rs index 96a9bbfd39..fa22d9f4ff 100644 --- a/libafl/src/corpus/queue.rs +++ b/libafl/src/schedulers/queue.rs @@ -2,18 +2,13 @@ use alloc::borrow::ToOwned; -use crate::{ - corpus::{Corpus, CorpusScheduler}, - inputs::Input, - state::HasCorpus, - Error, -}; +use crate::{corpus::Corpus, inputs::Input, schedulers::Scheduler, state::HasCorpus, Error}; /// Walk the corpus in a queue-like fashion #[derive(Debug, Clone)] -pub struct QueueCorpusScheduler; +pub struct QueueScheduler; -impl CorpusScheduler for QueueCorpusScheduler +impl Scheduler for QueueScheduler where S: HasCorpus, I: Input, @@ -39,15 +34,15 @@ where } } -impl QueueCorpusScheduler { - /// Creates a new `QueueCorpusScheduler` +impl QueueScheduler { + /// Creates a new `QueueScheduler` #[must_use] pub fn new() -> Self { Self } } -impl Default for QueueCorpusScheduler { +impl Default for QueueScheduler { fn default() -> Self { Self::new() } @@ -61,15 +56,16 @@ mod tests { use crate::{ bolts::rands::StdRand, - corpus::{Corpus, CorpusScheduler, OnDiskCorpus, QueueCorpusScheduler, Testcase}, + corpus::{Corpus, OnDiskCorpus, Testcase}, inputs::bytes::BytesInput, + schedulers::{QueueScheduler, Scheduler}, state::{HasCorpus, StdState}, }; #[test] fn test_queuecorpus() { let rand = StdRand::with_seed(4); - let scheduler = QueueCorpusScheduler::new(); + let scheduler = QueueScheduler::new(); let mut q = OnDiskCorpus::::new(PathBuf::from("target/.test/fancy/path")).unwrap(); diff --git a/libafl/src/stages/mod.rs b/libafl/src/stages/mod.rs index d1803835b4..b3648349a7 100644 --- a/libafl/src/stages/mod.rs +++ b/libafl/src/stages/mod.rs @@ -38,15 +38,15 @@ pub mod sync; pub use sync::*; use crate::{ - corpus::CorpusScheduler, events::{EventFirer, EventRestarter, HasEventManagerId, ProgressReporter}, executors::{Executor, HasObservers}, inputs::Input, observers::ObserversTuple, + schedulers::Scheduler, state::{ HasExecutions, HasRand, {HasClientPerfMonitor, HasCorpus}, }, - Error, EvaluatorObservers, ExecutesInput, ExecutionProcessor, HasCorpusScheduler, + Error, EvaluatorObservers, ExecutesInput, ExecutionProcessor, HasScheduler, }; use core::{convert::From, marker::PhantomData}; @@ -171,13 +171,13 @@ where #[derive(Debug)] pub struct PushStageAdapter where - CS: CorpusScheduler, + CS: Scheduler, EM: EventFirer + EventRestarter + HasEventManagerId + ProgressReporter, I: Input, OT: ObserversTuple, PS: PushStage, S: HasClientPerfMonitor + HasCorpus + HasRand + HasExecutions, - Z: ExecutionProcessor + EvaluatorObservers + HasCorpusScheduler, + Z: ExecutionProcessor + EvaluatorObservers + HasScheduler, { push_stage: PS, phantom: PhantomData<(CS, EM, I, OT, S, Z)>, @@ -185,13 +185,13 @@ where impl PushStageAdapter where - CS: CorpusScheduler, + CS: Scheduler, EM: EventFirer + EventRestarter + HasEventManagerId + ProgressReporter, I: Input, OT: ObserversTuple, PS: PushStage, S: HasClientPerfMonitor + HasCorpus + HasRand + HasExecutions, - Z: ExecutionProcessor + EvaluatorObservers + HasCorpusScheduler, + Z: ExecutionProcessor + EvaluatorObservers + HasScheduler, { /// Create a new [`PushStageAdapter`], wrapping the given [`PushStage`] /// to be used as a normal [`Stage`] @@ -206,7 +206,7 @@ where impl Stage for PushStageAdapter where - CS: CorpusScheduler, + CS: Scheduler, E: Executor + HasObservers, EM: EventFirer + EventRestarter + HasEventManagerId + ProgressReporter, I: Input, @@ -216,7 +216,7 @@ where Z: ExecutesInput + ExecutionProcessor + EvaluatorObservers - + HasCorpusScheduler, + + HasScheduler, { fn perform( &mut self, diff --git a/libafl/src/stages/power.rs b/libafl/src/stages/power.rs index 5dff22eadd..3355c9c8c7 100644 --- a/libafl/src/stages/power.rs +++ b/libafl/src/stages/power.rs @@ -4,12 +4,13 @@ use alloc::string::{String, ToString}; use core::{fmt::Debug, marker::PhantomData}; use crate::{ - corpus::{Corpus, IsFavoredMetadata, PowerScheduleTestcaseMetaData, Testcase}, + corpus::{Corpus, PowerScheduleTestcaseMetaData, Testcase}, executors::{Executor, HasObservers}, fuzzer::Evaluator, inputs::Input, mutators::Mutator, observers::{MapObserver, ObserversTuple}, + schedulers::minimizer::IsFavoredMetadata, stages::{MutationalStage, PowerScheduleMetadata, Stage}, state::{HasClientPerfMonitor, HasCorpus, HasMetadata}, Error, diff --git a/libafl/src/stages/push/mod.rs b/libafl/src/stages/push/mod.rs index 6d221a3ce0..bb579c0c67 100644 --- a/libafl/src/stages/push/mod.rs +++ b/libafl/src/stages/push/mod.rs @@ -17,13 +17,13 @@ use core::{ use crate::{ bolts::current_time, - corpus::CorpusScheduler, events::{EventFirer, EventRestarter, HasEventManagerId, ProgressReporter}, executors::ExitKind, inputs::Input, observers::ObserversTuple, + schedulers::Scheduler, state::{HasClientPerfMonitor, HasCorpus, HasExecutions, HasRand}, - Error, EvaluatorObservers, ExecutionProcessor, HasCorpusScheduler, + Error, EvaluatorObservers, ExecutionProcessor, HasScheduler, }; /// Send a monitor update all 15 (or more) seconds @@ -34,12 +34,12 @@ const STATS_TIMEOUT_DEFAULT: Duration = Duration::from_secs(15); #[derive(Clone, Debug)] pub struct PushStageSharedState where - CS: CorpusScheduler, + CS: Scheduler, EM: EventFirer + EventRestarter + HasEventManagerId, I: Input, OT: ObserversTuple, S: HasClientPerfMonitor + HasCorpus + HasRand, - Z: ExecutionProcessor + EvaluatorObservers + HasCorpusScheduler, + Z: ExecutionProcessor + EvaluatorObservers + HasScheduler, { /// The [`crate::state::State`] pub state: S, @@ -54,12 +54,12 @@ where impl PushStageSharedState where - CS: CorpusScheduler, + CS: Scheduler, EM: EventFirer + EventRestarter + HasEventManagerId, I: Input, OT: ObserversTuple, S: HasClientPerfMonitor + HasCorpus + HasRand, - Z: ExecutionProcessor + EvaluatorObservers + HasCorpusScheduler, + Z: ExecutionProcessor + EvaluatorObservers + HasScheduler, { /// Create a new `PushStageSharedState` that can be used by all [`PushStage`]s #[must_use] @@ -78,12 +78,12 @@ where #[derive(Clone, Debug)] pub struct PushStageHelper where - CS: CorpusScheduler, + CS: Scheduler, EM: EventFirer + EventRestarter + HasEventManagerId, I: Input, OT: ObserversTuple, S: HasClientPerfMonitor + HasCorpus + HasRand, - Z: ExecutionProcessor + EvaluatorObservers + HasCorpusScheduler, + Z: ExecutionProcessor + EvaluatorObservers + HasScheduler, { /// If this stage has already been initalized. /// This gets reset to `false` after one iteration of the stage is done. @@ -109,12 +109,12 @@ where impl PushStageHelper where - CS: CorpusScheduler, + CS: Scheduler, EM: EventFirer + EventRestarter + HasEventManagerId, I: Input, OT: ObserversTuple, S: HasClientPerfMonitor + HasCorpus + HasRand, - Z: ExecutionProcessor + EvaluatorObservers + HasCorpusScheduler, + Z: ExecutionProcessor + EvaluatorObservers + HasScheduler, { /// Create a new [`PushStageHelper`] #[must_use] @@ -182,12 +182,12 @@ where /// After it has finished once, we will call it agan for the next fuzzer round. pub trait PushStage: Iterator where - CS: CorpusScheduler, + CS: Scheduler, EM: EventFirer + EventRestarter + HasEventManagerId + ProgressReporter, I: Input, OT: ObserversTuple, S: HasClientPerfMonitor + HasCorpus + HasRand + HasExecutions, - Z: ExecutionProcessor + EvaluatorObservers + HasCorpusScheduler, + Z: ExecutionProcessor + EvaluatorObservers + HasScheduler, { /// Gets the [`PushStageHelper`] fn push_stage_helper(&self) -> &PushStageHelper; diff --git a/libafl/src/stages/push/mutational.rs b/libafl/src/stages/push/mutational.rs index b344ddf718..55b6f16d58 100644 --- a/libafl/src/stages/push/mutational.rs +++ b/libafl/src/stages/push/mutational.rs @@ -6,16 +6,17 @@ use core::cell::{Cell, RefCell}; use crate::{ bolts::rands::Rand, - corpus::{Corpus, CorpusScheduler}, + corpus::Corpus, events::{EventFirer, EventRestarter, HasEventManagerId, ProgressReporter}, executors::ExitKind, inputs::Input, mark_feature_time, mutators::Mutator, observers::ObserversTuple, + schedulers::Scheduler, start_timer, state::{HasClientPerfMonitor, HasCorpus, HasExecutions, HasRand}, - Error, EvaluatorObservers, ExecutionProcessor, HasCorpusScheduler, + Error, EvaluatorObservers, ExecutionProcessor, HasScheduler, }; #[cfg(feature = "introspection")] @@ -37,13 +38,13 @@ pub static DEFAULT_MUTATIONAL_MAX_ITERATIONS: u64 = 128; #[derive(Clone, Debug)] pub struct StdMutationalPushStage where - CS: CorpusScheduler, + CS: Scheduler, EM: EventFirer + EventRestarter + HasEventManagerId, I: Input, M: Mutator, OT: ObserversTuple, S: HasClientPerfMonitor + HasCorpus + HasRand, - Z: ExecutionProcessor + EvaluatorObservers + HasCorpusScheduler, + Z: ExecutionProcessor + EvaluatorObservers + HasScheduler, { current_corpus_idx: Option, testcases_to_do: usize, @@ -58,13 +59,13 @@ where impl StdMutationalPushStage where - CS: CorpusScheduler, + CS: Scheduler, EM: EventFirer + EventRestarter + HasEventManagerId, I: Input, M: Mutator, OT: ObserversTuple, S: HasClientPerfMonitor + HasCorpus + HasRand, - Z: ExecutionProcessor + EvaluatorObservers + HasCorpusScheduler, + Z: ExecutionProcessor + EvaluatorObservers + HasScheduler, { /// Gets the number of iterations as a random number #[allow(clippy::unused_self, clippy::unnecessary_wraps)] // TODO: we should put this function into a trait later @@ -81,13 +82,13 @@ where impl PushStage for StdMutationalPushStage where - CS: CorpusScheduler, + CS: Scheduler, EM: EventFirer + EventRestarter + HasEventManagerId + ProgressReporter, I: Input, M: Mutator, OT: ObserversTuple, S: HasClientPerfMonitor + HasCorpus + HasRand + HasExecutions, - Z: ExecutionProcessor + EvaluatorObservers + HasCorpusScheduler, + Z: ExecutionProcessor + EvaluatorObservers + HasScheduler, { /// Creates a new default mutational stage fn init( @@ -192,13 +193,13 @@ where impl Iterator for StdMutationalPushStage where - CS: CorpusScheduler, + CS: Scheduler, EM: EventFirer + EventRestarter + HasEventManagerId + ProgressReporter, I: Input, M: Mutator, OT: ObserversTuple, S: HasClientPerfMonitor + HasCorpus + HasRand + HasExecutions, - Z: ExecutionProcessor + EvaluatorObservers + HasCorpusScheduler, + Z: ExecutionProcessor + EvaluatorObservers + HasScheduler, { type Item = Result; @@ -209,13 +210,13 @@ where impl StdMutationalPushStage where - CS: CorpusScheduler, + CS: Scheduler, EM: EventFirer + EventRestarter + HasEventManagerId, I: Input, M: Mutator, OT: ObserversTuple, S: HasClientPerfMonitor + HasCorpus + HasRand, - Z: ExecutionProcessor + EvaluatorObservers + HasCorpusScheduler, + Z: ExecutionProcessor + EvaluatorObservers + HasScheduler, { /// Creates a new default mutational stage #[must_use] diff --git a/libafl_concolic/symcc_runtime/symcc b/libafl_concolic/symcc_runtime/symcc index 3133c0b37d..45cde0269a 160000 --- a/libafl_concolic/symcc_runtime/symcc +++ b/libafl_concolic/symcc_runtime/symcc @@ -1 +1 @@ -Subproject commit 3133c0b37d3c498db9addf2331378c7c9cadbf10 +Subproject commit 45cde0269ae22aef4cca2e1fb98c3b24f7bb2984 diff --git a/libafl_sugar/src/forkserver.rs b/libafl_sugar/src/forkserver.rs index ff17b15f32..7e9d423d06 100644 --- a/libafl_sugar/src/forkserver.rs +++ b/libafl_sugar/src/forkserver.rs @@ -13,10 +13,7 @@ use libafl::{ tuples::{tuple_list, Merge}, AsMutSlice, }, - corpus::{ - CachedOnDiskCorpus, Corpus, IndexesLenTimeMinimizerCorpusScheduler, OnDiskCorpus, - QueueCorpusScheduler, - }, + corpus::{CachedOnDiskCorpus, Corpus, OnDiskCorpus}, events::{EventConfig, EventRestarter, LlmpRestartingEventManager}, executors::{forkserver::ForkserverExecutorBuilder, TimeoutForkserverExecutor}, feedback_or, feedback_or_fast, @@ -27,6 +24,7 @@ use libafl::{ mutators::scheduled::{havoc_mutations, tokens_mutations, StdScheduledMutator}, mutators::token_mutations::Tokens, observers::{ConstMapObserver, HitcountsMapObserver, TimeObserver}, + schedulers::{IndexesLenTimeMinimizerScheduler, QueueScheduler}, stages::StdMutationalStage, state::{HasCorpus, HasMetadata, StdState}, Error, @@ -171,8 +169,7 @@ impl<'a, const MAP_SIZE: usize> ForkserverBytesCoverageSugar<'a, MAP_SIZE> { } // A minimization+queue policy to get testcasess from the corpus - let scheduler = - IndexesLenTimeMinimizerCorpusScheduler::new(QueueCorpusScheduler::new()); + let scheduler = IndexesLenTimeMinimizerScheduler::new(QueueScheduler::new()); // A fuzzer with feedbacks and a corpus scheduler let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective); diff --git a/libafl_sugar/src/inmemory.rs b/libafl_sugar/src/inmemory.rs index 292702625a..0433268d08 100644 --- a/libafl_sugar/src/inmemory.rs +++ b/libafl_sugar/src/inmemory.rs @@ -15,10 +15,7 @@ use libafl::{ tuples::{tuple_list, Merge}, AsSlice, }, - corpus::{ - CachedOnDiskCorpus, Corpus, IndexesLenTimeMinimizerCorpusScheduler, OnDiskCorpus, - QueueCorpusScheduler, - }, + corpus::{CachedOnDiskCorpus, Corpus, OnDiskCorpus}, events::{EventConfig, EventRestarter, LlmpRestartingEventManager}, executors::{inprocess::InProcessExecutor, ExitKind, ShadowExecutor, TimeoutExecutor}, feedback_or, feedback_or_fast, @@ -30,6 +27,7 @@ use libafl::{ mutators::scheduled::{havoc_mutations, tokens_mutations, StdScheduledMutator}, mutators::token_mutations::{I2SRandReplace, Tokens}, observers::{HitcountsMapObserver, StdMapObserver, TimeObserver}, + schedulers::{IndexesLenTimeMinimizerScheduler, QueueScheduler}, stages::{ShadowTracingStage, StdMutationalStage}, state::{HasCorpus, HasMetadata, StdState}, Error, @@ -192,8 +190,7 @@ where } // A minimization+queue policy to get testcasess from the corpus - let scheduler = - IndexesLenTimeMinimizerCorpusScheduler::new(QueueCorpusScheduler::new()); + let scheduler = IndexesLenTimeMinimizerScheduler::new(QueueScheduler::new()); // A fuzzer with feedbacks and a corpus scheduler let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective); diff --git a/libafl_sugar/src/qemu.rs b/libafl_sugar/src/qemu.rs index 98471dcd43..85b55c8aa2 100644 --- a/libafl_sugar/src/qemu.rs +++ b/libafl_sugar/src/qemu.rs @@ -14,10 +14,7 @@ use libafl::{ tuples::{tuple_list, Merge}, AsSlice, }, - corpus::{ - CachedOnDiskCorpus, Corpus, IndexesLenTimeMinimizerCorpusScheduler, OnDiskCorpus, - QueueCorpusScheduler, - }, + corpus::{CachedOnDiskCorpus, Corpus, OnDiskCorpus}, events::{EventConfig, EventRestarter, LlmpRestartingEventManager}, executors::{ExitKind, ShadowExecutor, TimeoutExecutor}, feedback_or, feedback_or_fast, @@ -29,6 +26,7 @@ use libafl::{ mutators::scheduled::{havoc_mutations, tokens_mutations, StdScheduledMutator}, mutators::{token_mutations::Tokens, I2SRandReplace}, observers::{HitcountsMapObserver, TimeObserver, VariableMapObserver}, + schedulers::{IndexesLenTimeMinimizerScheduler, QueueScheduler}, stages::{ShadowTracingStage, StdMutationalStage}, state::{HasCorpus, HasMetadata, StdState}, }; @@ -198,8 +196,7 @@ where } // A minimization+queue policy to get testcasess from the corpus - let scheduler = - IndexesLenTimeMinimizerCorpusScheduler::new(QueueCorpusScheduler::new()); + let scheduler = IndexesLenTimeMinimizerScheduler::new(QueueScheduler::new()); // A fuzzer with feedbacks and a corpus scheduler let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective); diff --git a/scripts/fmt_all.sh b/scripts/fmt_all.sh index 3d993fa953..f765111bcd 100755 --- a/scripts/fmt_all.sh +++ b/scripts/fmt_all.sh @@ -9,12 +9,13 @@ echo "Welcome to the happy fmt script. :)" echo "[*] Running fmt for the main crates" cargo fmt -cd fuzzers +fuzzers=$(find ./fuzzers -maxdepth 1 -type d) +backtrace_fuzzers=$(find ./fuzzers/backtrace_baby_fuzzers -maxdepth 1 -type d) -for fuzzer in *; +for fuzzer in $(echo $fuzzers $backtrace_fuzzers); do - cd $fuzzer + pushd $fuzzer echo "[*] Running fmt for $fuzzer" cargo fmt --all - cd .. + popd done