CorpusScheduler -> Scheduler and move them to the schedulers folder (#560)

* CorpusScheduler -> Scheduler

* fix book

* update fuzzers

* fix tests

* fix sugar

* fix

* fix tutorial

* fix tutorial

* fmt

* fix

* fmt

* fmt

docs/src/baby_fuzzer.md

@@ -135,12 +135,12 @@ let mon = SimpleMonitor::new(|s| println!("{}", s));
 let mut mgr = SimpleEventManager::new(mon);
 ```
 
-In addition, we have the Fuzzer, an entity that contains some actions that alter the State. One of these actions is the scheduling of the testcases to the fuzzer using a CorpusScheduler.
+In addition, we have the Fuzzer, an entity that contains some actions that alter the State. One of these actions is the scheduling of the testcases to the fuzzer using a Scheduler.
-We create it as QueueCorpusScheduler, a scheduler that serves testcases to the fuzzer in a FIFO fashion.
+We create it as QueueScheduler, a scheduler that serves testcases to the fuzzer in a FIFO fashion.
 
 ```rust,ignore
 // A queue policy to get testcasess from the corpus
-let scheduler = QueueCorpusScheduler::new();
+let scheduler = QueueScheduler::new();
 
 // A fuzzer with feedbacks and a corpus scheduler
 let mut fuzzer = StdFuzzer::new(scheduler, (), ());
@@ -187,13 +187,14 @@ extern crate libafl;
 use std::path::PathBuf;
 use libafl::{
     bolts::{current_nanos, rands::StdRand},
-    corpus::{InMemoryCorpus, OnDiskCorpus, QueueCorpusScheduler},
+    corpus::{InMemoryCorpus, OnDiskCorpus},
     events::SimpleEventManager,
     executors::{inprocess::InProcessExecutor, ExitKind},
     fuzzer::StdFuzzer,
     generators::RandPrintablesGenerator,
     inputs::{BytesInput, HasTargetBytes},
     monitors::SimpleMonitor,
+    schedulers::QueueScheduler,
     state::StdState,
 };
 ```

fuzzers/baby_fuzzer/src/main.rs

@@ -5,7 +5,7 @@ use std::ptr::write_volatile;
 
 use libafl::{
     bolts::{current_nanos, rands::StdRand, tuples::tuple_list, AsSlice},
-    corpus::{InMemoryCorpus, OnDiskCorpus, QueueCorpusScheduler},
+    corpus::{InMemoryCorpus, OnDiskCorpus},
     events::SimpleEventManager,
     executors::{inprocess::InProcessExecutor, ExitKind},
     feedbacks::{CrashFeedback, MapFeedbackState, MaxMapFeedback},
@@ -15,6 +15,7 @@ use libafl::{
     monitors::SimpleMonitor,
     mutators::scheduled::{havoc_mutations, StdScheduledMutator},
     observers::StdMapObserver,
+    schedulers::QueueScheduler,
     stages::mutational::StdMutationalStage,
     state::StdState,
 };
@@ -90,7 +91,7 @@ pub fn main() {
     let mut mgr = SimpleEventManager::new(mon);
 
     // A queue policy to get testcasess from the corpus
-    let scheduler = QueueCorpusScheduler::new();
+    let scheduler = QueueScheduler::new();
 
     // A fuzzer with feedbacks and a corpus scheduler
     let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective);

fuzzers/baby_fuzzer_gramatron/src/main.rs

@@ -10,7 +10,7 @@ use std::ptr::write_volatile;
 
 use libafl::{
     bolts::{current_nanos, rands::StdRand, tuples::tuple_list},
-    corpus::{InMemoryCorpus, OnDiskCorpus, QueueCorpusScheduler},
+    corpus::{InMemoryCorpus, OnDiskCorpus},
     events::SimpleEventManager,
     executors::{inprocess::InProcessExecutor, ExitKind},
     feedbacks::{CrashFeedback, MapFeedbackState, MaxMapFeedback},
@@ -23,6 +23,7 @@ use libafl::{
         StdScheduledMutator,
     },
     observers::StdMapObserver,
+    schedulers::QueueScheduler,
     stages::mutational::StdMutationalStage,
     state::StdState,
 };
@@ -91,7 +92,7 @@ pub fn main() {
     let mut mgr = SimpleEventManager::new(monitor);
 
     // A queue policy to get testcasess from the corpus
-    let scheduler = QueueCorpusScheduler::new();
+    let scheduler = QueueScheduler::new();
 
     // A fuzzer with feedbacks and a corpus scheduler
     let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective);

fuzzers/baby_fuzzer_grimoire/src/main.rs

@@ -6,7 +6,7 @@ use std::ptr::write_volatile;
 
 use libafl::{
     bolts::{current_nanos, rands::StdRand, tuples::tuple_list, AsSlice},
-    corpus::{InMemoryCorpus, OnDiskCorpus, QueueCorpusScheduler},
+    corpus::{InMemoryCorpus, OnDiskCorpus},
     events::SimpleEventManager,
     executors::{inprocess::InProcessExecutor, ExitKind},
     feedbacks::{CrashFeedback, MapFeedbackState, MaxMapFeedback},
@@ -19,6 +19,7 @@ use libafl::{
         GrimoireStringReplacementMutator, Tokens,
     },
     observers::StdMapObserver,
+    schedulers::QueueScheduler,
     stages::{mutational::StdMutationalStage, GeneralizationStage},
     state::{HasMetadata, StdState},
 };
@@ -126,7 +127,7 @@ pub fn main() {
     let mut mgr = SimpleEventManager::new(monitor);
 
     // A queue policy to get testcasess from the corpus
-    let scheduler = QueueCorpusScheduler::new();
+    let scheduler = QueueScheduler::new();
 
     // A fuzzer with feedbacks and a corpus scheduler
     let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective);

fuzzers/baby_fuzzer_nautilus/src/main.rs

@@ -5,7 +5,7 @@ use std::ptr::write_volatile;
 
 use libafl::{
     bolts::{current_nanos, rands::StdRand, tuples::tuple_list},
-    corpus::{InMemoryCorpus, OnDiskCorpus, QueueCorpusScheduler},
+    corpus::{InMemoryCorpus, OnDiskCorpus},
     events::SimpleEventManager,
     executors::{inprocess::InProcessExecutor, ExitKind},
     feedback_or,
@@ -20,6 +20,7 @@ use libafl::{
         NautilusRandomMutator, NautilusRecursionMutator, NautilusSpliceMutator, StdScheduledMutator,
     },
     observers::StdMapObserver,
+    schedulers::QueueScheduler,
     stages::mutational::StdMutationalStage,
     state::{HasMetadata, StdState},
 };
@@ -88,7 +89,7 @@ pub fn main() {
     let mut mgr = SimpleEventManager::new(monitor);
 
     // A queue policy to get testcasess from the corpus
-    let scheduler = QueueCorpusScheduler::new();
+    let scheduler = QueueScheduler::new();
 
     // A fuzzer with feedbacks and a corpus scheduler
     let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective);

fuzzers/baby_fuzzer_tokens/src/main.rs

@@ -6,7 +6,7 @@ use std::ptr::write_volatile;
 
 use libafl::{
     bolts::{current_nanos, rands::StdRand, tuples::tuple_list},
-    corpus::{InMemoryCorpus, OnDiskCorpus, QueueCorpusScheduler},
+    corpus::{InMemoryCorpus, OnDiskCorpus},
     events::SimpleEventManager,
     executors::{inprocess::InProcessExecutor, ExitKind},
     feedbacks::{CrashFeedback, MapFeedbackState, MaxMapFeedback},
@@ -15,6 +15,7 @@ use libafl::{
     monitors::SimpleMonitor,
     mutators::{encoded_mutations::encoded_mutations, scheduled::StdScheduledMutator},
     observers::StdMapObserver,
+    schedulers::QueueScheduler,
     stages::mutational::StdMutationalStage,
     state::StdState,
 };
@@ -99,7 +100,7 @@ pub fn main() {
     let mut mgr = SimpleEventManager::new(monitor);
 
     // A queue policy to get testcasess from the corpus
-    let scheduler = QueueCorpusScheduler::new();
+    let scheduler = QueueScheduler::new();
 
     // A fuzzer with feedbacks and a corpus scheduler
     let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective);

fuzzers/baby_fuzzer_with_forkexecutor/src/main.rs

@@ -11,7 +11,7 @@ use libafl::{
         tuples::tuple_list,
         AsMutSlice, AsSlice,
     },
-    corpus::{InMemoryCorpus, OnDiskCorpus, QueueCorpusScheduler},
+    corpus::{InMemoryCorpus, OnDiskCorpus},
     events::SimpleEventManager,
     executors::{ExitKind, InProcessForkExecutor},
     feedbacks::{CrashFeedback, MapFeedbackState, MaxMapFeedback},
@@ -21,6 +21,7 @@ use libafl::{
     monitors::SimpleMonitor,
     mutators::scheduled::{havoc_mutations, StdScheduledMutator},
     observers::StdMapObserver,
+    schedulers::QueueScheduler,
     stages::mutational::StdMutationalStage,
     state::StdState,
 };
@@ -98,7 +99,7 @@ pub fn main() {
     let mut mgr = SimpleEventManager::new(mon);
 
     // A queue policy to get testcasess from the corpus
-    let scheduler = QueueCorpusScheduler::new();
+    let scheduler = QueueScheduler::new();
 
     // A fuzzer with feedbacks and a corpus scheduler
     let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective);

fuzzers/baby_no_std/src/main.rs

@@ -6,7 +6,7 @@
 
 use libafl::{
     bolts::{current_nanos, rands::StdRand, tuples::tuple_list, AsSlice},
-    corpus::{InMemoryCorpus, QueueCorpusScheduler},
+    corpus::InMemoryCorpus,
     events::SimpleEventManager,
     executors::{inprocess::InProcessExecutor, ExitKind},
     feedbacks::{CrashFeedback, MapFeedbackState, MaxMapFeedback},
@@ -16,6 +16,7 @@ use libafl::{
     monitors::SimpleMonitor,
     mutators::scheduled::{havoc_mutations, StdScheduledMutator},
     observers::StdMapObserver,
+    schedulers::QueueScheduler,
     stages::mutational::StdMutationalStage,
     state::StdState,
 };
@@ -116,7 +117,7 @@ pub fn main() {
     let mut mgr = SimpleEventManager::new(monitor);
 
     // A queue policy to get testcasess from the corpus
-    let scheduler = QueueCorpusScheduler::new();
+    let scheduler = QueueScheduler::new();
 
     // A fuzzer with feedbacks and a corpus scheduler
     let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective);

fuzzers/backtrace_baby_fuzzers/c_code_with_fork_executor/src/main.rs

@@ -10,7 +10,7 @@ use libafl::{
         shmem::{ShMem, StdShMemProvider},
         tuples::tuple_list,
     },
-    corpus::{InMemoryCorpus, OnDiskCorpus, QueueCorpusScheduler},
+    corpus::{InMemoryCorpus, OnDiskCorpus},
     events::SimpleEventManager,
     executors::InProcessForkExecutor,
     feedback_and,
@@ -23,6 +23,7 @@ use libafl::{
     monitors::SimpleMonitor,
     mutators::scheduled::{havoc_mutations, StdScheduledMutator},
     observers::BacktraceObserver,
+    schedulers::QueueScheduler,
     stages::mutational::StdMutationalStage,
     state::StdState,
 };
@@ -93,7 +94,7 @@ pub fn main() {
     let mut mgr = SimpleEventManager::new(mon);
 
     // A queue policy to get testcasess from the corpus
-    let scheduler = QueueCorpusScheduler::new();
+    let scheduler = QueueScheduler::new();
 
     // A fuzzer with feedbacks and a corpus scheduler
     let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective);

fuzzers/backtrace_baby_fuzzers/c_code_with_inprocess_executor/src/main.rs

@@ -5,7 +5,7 @@ use libafl::executors::InProcessExecutor;
 use libafl::observers::ConstMapObserver;
 use libafl::{
     bolts::{current_nanos, rands::StdRand, tuples::tuple_list},
-    corpus::{InMemoryCorpus, OnDiskCorpus, QueueCorpusScheduler},
+    corpus::{InMemoryCorpus, OnDiskCorpus},
     events::SimpleEventManager,
     feedback_and,
     feedbacks::{
@@ -17,6 +17,7 @@ use libafl::{
     monitors::SimpleMonitor,
     mutators::scheduled::{havoc_mutations, StdScheduledMutator},
     observers::BacktraceObserver,
+    schedulers::QueueScheduler,
     stages::mutational::StdMutationalStage,
     state::StdState,
 };
@@ -82,7 +83,7 @@ pub fn main() {
     let mut mgr = SimpleEventManager::new(mon);
 
     // A queue policy to get testcasess from the corpus
-    let scheduler = QueueCorpusScheduler::new();
+    let scheduler = QueueScheduler::new();
 
     // A fuzzer with feedbacks and a corpus scheduler
     let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective);

fuzzers/backtrace_baby_fuzzers/command_executor/src/main.rs

@@ -6,7 +6,7 @@ use libafl::{
         tuples::tuple_list,
         AsMutSlice, AsSlice,
     },
-    corpus::{InMemoryCorpus, OnDiskCorpus, QueueCorpusScheduler},
+    corpus::{InMemoryCorpus, OnDiskCorpus},
     events::SimpleEventManager,
     executors::command::CommandConfigurator,
     feedback_and,
@@ -19,6 +19,7 @@ use libafl::{
     monitors::SimpleMonitor,
     mutators::scheduled::{havoc_mutations, StdScheduledMutator},
     observers::{get_asan_runtime_flags, ASANBacktraceObserver, StdMapObserver},
+    schedulers::QueueScheduler,
     stages::mutational::StdMutationalStage,
     state::StdState,
     Error,
@@ -81,7 +82,7 @@ pub fn main() {
     let mut mgr = SimpleEventManager::new(mon);
 
     // A queue policy to get testcasess from the corpus
-    let scheduler = QueueCorpusScheduler::new();
+    let scheduler = QueueScheduler::new();
 
     // A fuzzer with feedbacks and a corpus scheduler
     let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective);

fuzzers/backtrace_baby_fuzzers/forkserver_executor/src/main.rs

@@ -6,7 +6,7 @@ use libafl::{
         tuples::tuple_list,
         AsMutSlice,
     },
-    corpus::{InMemoryCorpus, OnDiskCorpus, QueueCorpusScheduler},
+    corpus::{InMemoryCorpus, OnDiskCorpus, QueueScheduler},
     events::SimpleEventManager,
     executors::forkserver::ForkserverExecutor,
     feedback_and,
@@ -19,6 +19,7 @@ use libafl::{
     monitors::SimpleMonitor,
     mutators::scheduled::{havoc_mutations, StdScheduledMutator},
     observers::{ASANBacktraceObserver, ConstMapObserver, HitcountsMapObserver},
+    schedulers::QueueScheduler,
     stages::mutational::StdMutationalStage,
     state::StdState,
 };
@@ -80,7 +81,7 @@ pub fn main() {
     let mut mgr = SimpleEventManager::new(monitor);
 
     // A minimization+queue policy to get testcasess from the corpus
-    let scheduler = QueueCorpusScheduler::new();
+    let scheduler = QueueScheduler::new();
 
     // A fuzzer with feedbacks and a corpus scheduler
     let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective);

fuzzers/backtrace_baby_fuzzers/rust_code_with_fork_executor/src/main.rs

@@ -11,7 +11,7 @@ use libafl::{
         tuples::tuple_list,
         AsMutSlice, AsSlice,
     },
-    corpus::{InMemoryCorpus, OnDiskCorpus, QueueCorpusScheduler},
+    corpus::{InMemoryCorpus, OnDiskCorpus},
     events::SimpleEventManager,
     executors::{ExitKind, InProcessForkExecutor},
     feedback_and,
@@ -24,6 +24,7 @@ use libafl::{
     monitors::SimpleMonitor,
     mutators::scheduled::{havoc_mutations, StdScheduledMutator},
     observers::{BacktraceObserver, StdMapObserver},
+    schedulers::QueueScheduler,
     stages::mutational::StdMutationalStage,
     state::StdState,
 };
@@ -110,7 +111,7 @@ pub fn main() {
     let mut mgr = SimpleEventManager::new(mon);
 
     // A queue policy to get testcasess from the corpus
-    let scheduler = QueueCorpusScheduler::new();
+    let scheduler = QueueScheduler::new();
 
     // A fuzzer with feedbacks and a corpus scheduler
     let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective);

fuzzers/backtrace_baby_fuzzers/rust_code_with_inprocess_executor/src/main.rs

@@ -5,7 +5,7 @@ use std::ptr::write_volatile;
 
 use libafl::{
     bolts::{current_nanos, rands::StdRand, tuples::tuple_list, AsSlice},
-    corpus::{InMemoryCorpus, OnDiskCorpus, QueueCorpusScheduler},
+    corpus::{InMemoryCorpus, OnDiskCorpus, QueueScheduler},
     events::SimpleEventManager,
     executors::{inprocess::InProcessExecutor, ExitKind},
     feedback_and,
@@ -18,6 +18,7 @@ use libafl::{
     monitors::SimpleMonitor,
     mutators::scheduled::{havoc_mutations, StdScheduledMutator},
     observers::{BacktraceObserver, StdMapObserver},
+    schedulers::QueueScheduler,
     stages::mutational::StdMutationalStage,
     state::StdState,
 };
@@ -104,7 +105,7 @@ pub fn main() {
     let mut mgr = SimpleEventManager::new(mon);
 
     // A queue policy to get testcasess from the corpus
-    let scheduler = QueueCorpusScheduler::new();
+    let scheduler = QueueScheduler::new();
 
     // A fuzzer with feedbacks and a corpus scheduler
     let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective);

fuzzers/forkserver_simple/src/main.rs

@@ -8,10 +8,7 @@ use libafl::{
         tuples::{tuple_list, Merge},
         AsMutSlice,
     },
-    corpus::{
+    corpus::{Corpus, InMemoryCorpus, OnDiskCorpus},
-        Corpus, InMemoryCorpus, IndexesLenTimeMinimizerCorpusScheduler, OnDiskCorpus,
-        QueueCorpusScheduler,
-    },
     events::SimpleEventManager,
     executors::forkserver::{ForkserverExecutor, TimeoutForkserverExecutor},
     feedback_and_fast, feedback_or,
@@ -21,6 +18,7 @@ use libafl::{
     monitors::SimpleMonitor,
     mutators::{scheduled::havoc_mutations, tokens_mutations, StdScheduledMutator, Tokens},
     observers::{ConstMapObserver, HitcountsMapObserver, TimeObserver},
+    schedulers::{IndexesLenTimeMinimizerScheduler, QueueScheduler},
     stages::mutational::StdMutationalStage,
     state::{HasCorpus, HasMetadata, StdState},
 };
@@ -138,7 +136,7 @@ pub fn main() {
     let mut mgr = SimpleEventManager::new(monitor);
 
     // A minimization+queue policy to get testcasess from the corpus
-    let scheduler = IndexesLenTimeMinimizerCorpusScheduler::new(QueueCorpusScheduler::new());
+    let scheduler = IndexesLenTimeMinimizerScheduler::new(QueueScheduler::new());
 
     // A fuzzer with feedbacks and a corpus scheduler
     let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective);

fuzzers/frida_libpng/src/fuzzer.rs

@@ -17,10 +17,7 @@ use libafl::{
         tuples::{tuple_list, Merge},
         AsSlice,
     },
-    corpus::{
+    corpus::{ondisk::OnDiskMetadataFormat, CachedOnDiskCorpus, Corpus, OnDiskCorpus},
-        ondisk::OnDiskMetadataFormat, CachedOnDiskCorpus, Corpus,
-        IndexesLenTimeMinimizerCorpusScheduler, OnDiskCorpus, QueueCorpusScheduler,
-    },
     events::{llmp::LlmpRestartingEventManager, EventConfig},
     executors::{inprocess::InProcessExecutor, ExitKind, ShadowExecutor},
     feedback_or, feedback_or_fast,
@@ -34,6 +31,7 @@ use libafl::{
         token_mutations::Tokens,
     },
     observers::{HitcountsMapObserver, StdMapObserver, TimeObserver},
+    schedulers::{IndexesLenTimeMinimizerScheduler, QueueScheduler},
     stages::{ShadowTracingStage, StdMutationalStage},
     state::{HasCorpus, HasMetadata, StdState},
     Error,
@@ -176,8 +174,7 @@ unsafe fn fuzz(options: FuzzerOptions) -> Result<(), Error> {
                 let mutator = StdScheduledMutator::new(havoc_mutations().merge(tokens_mutations()));
 
                 // A minimization+queue policy to get testcasess from the corpus
-                let scheduler =
+                let scheduler = IndexesLenTimeMinimizerScheduler::new(QueueScheduler::new());
-                    IndexesLenTimeMinimizerCorpusScheduler::new(QueueCorpusScheduler::new());
 
                 // A fuzzer with feedbacks and a corpus scheduler
                 let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective);
@@ -295,8 +292,7 @@ unsafe fn fuzz(options: FuzzerOptions) -> Result<(), Error> {
                 let mutator = StdScheduledMutator::new(havoc_mutations().merge(tokens_mutations()));
 
                 // A minimization+queue policy to get testcasess from the corpus
-                let scheduler =
+                let scheduler = IndexesLenTimeMinimizerScheduler::new(QueueScheduler::new());
-                    IndexesLenTimeMinimizerCorpusScheduler::new(QueueCorpusScheduler::new());
 
                 // A fuzzer with feedbacks and a corpus scheduler
                 let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective);
@@ -430,8 +426,7 @@ unsafe fn fuzz(options: FuzzerOptions) -> Result<(), Error> {
                 let mutator = StdScheduledMutator::new(havoc_mutations().merge(tokens_mutations()));
 
                 // A minimization+queue policy to get testcasess from the corpus
-                let scheduler =
+                let scheduler = IndexesLenTimeMinimizerScheduler::new(QueueScheduler::new());
-                    IndexesLenTimeMinimizerCorpusScheduler::new(QueueCorpusScheduler::new());
 
                 // A fuzzer with feedbacks and a corpus scheduler
                 let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective);

fuzzers/fuzzbench/src/lib.rs

@@ -26,9 +26,7 @@ use libafl::{
         tuples::{tuple_list, Merge},
         AsSlice,
     },
-    corpus::{
+    corpus::{Corpus, OnDiskCorpus},
-        Corpus, IndexesLenTimeMinimizerCorpusScheduler, OnDiskCorpus, PowerQueueCorpusScheduler,
-    },
     events::SimpleRestartingEventManager,
     executors::{inprocess::InProcessExecutor, ExitKind, TimeoutExecutor},
     feedback_or,
@@ -41,6 +39,7 @@ use libafl::{
         StdMOptMutator, StdScheduledMutator, Tokens,
     },
     observers::{HitcountsMapObserver, StdMapObserver, TimeObserver},
+    schedulers::{IndexesLenTimeMinimizerScheduler, PowerQueueScheduler},
     stages::{
         calibrate::CalibrationStage,
         power::{PowerMutationalStage, PowerSchedule},
@@ -311,7 +310,7 @@ fn fuzz(
     let power = PowerMutationalStage::new(mutator, PowerSchedule::FAST, &edges_observer);
 
     // A minimization+queue policy to get testcasess from the corpus
-    let scheduler = IndexesLenTimeMinimizerCorpusScheduler::new(PowerQueueCorpusScheduler::new());
+    let scheduler = IndexesLenTimeMinimizerScheduler::new(PowerQueueScheduler::new());
 
     // A fuzzer with feedbacks and a corpus scheduler
     let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective);

fuzzers/fuzzbench_fork_qemu/src/fuzzer.rs

@@ -23,9 +23,7 @@ use libafl::{
         tuples::{tuple_list, Merge},
         AsMutSlice, AsSlice,
     },
-    corpus::{
+    corpus::{Corpus, OnDiskCorpus},
-        Corpus, IndexesLenTimeMinimizerCorpusScheduler, OnDiskCorpus, PowerQueueCorpusScheduler,
-    },
     events::SimpleRestartingEventManager,
     executors::{ExitKind, ShadowExecutor},
     feedback_or,
@@ -38,6 +36,7 @@ use libafl::{
         StdMOptMutator, StdScheduledMutator, Tokens,
     },
     observers::{ConstMapObserver, HitcountsMapObserver, TimeObserver},
+    schedulers::{IndexesLenTimeMinimizerScheduler, PowerQueueScheduler},
     stages::{
         calibrate::CalibrationStage,
         power::{PowerMutationalStage, PowerSchedule},
@@ -282,7 +281,7 @@ fn fuzz(
     let power = PowerMutationalStage::new(mutator, PowerSchedule::FAST, &edges_observer);
 
     // A minimization+queue policy to get testcasess from the corpus
-    let scheduler = IndexesLenTimeMinimizerCorpusScheduler::new(PowerQueueCorpusScheduler::new());
+    let scheduler = IndexesLenTimeMinimizerScheduler::new(PowerQueueScheduler::new());
 
     // A fuzzer with feedbacks and a corpus scheduler
     let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective);

fuzzers/fuzzbench_qemu/src/fuzzer.rs

@@ -23,9 +23,7 @@ use libafl::{
         tuples::{tuple_list, Merge},
         AsSlice,
     },
-    corpus::{
+    corpus::{Corpus, OnDiskCorpus},
-        Corpus, IndexesLenTimeMinimizerCorpusScheduler, OnDiskCorpus, PowerQueueCorpusScheduler,
-    },
     events::SimpleRestartingEventManager,
     executors::{ExitKind, ShadowExecutor, TimeoutExecutor},
     feedback_or,
@@ -38,6 +36,7 @@ use libafl::{
         StdMOptMutator, StdScheduledMutator, Tokens,
     },
     observers::{HitcountsMapObserver, TimeObserver, VariableMapObserver},
+    schedulers::{IndexesLenTimeMinimizerScheduler, PowerQueueScheduler},
     stages::{
         calibrate::CalibrationStage,
         power::{PowerMutationalStage, PowerSchedule},
@@ -295,7 +294,7 @@ fn fuzz(
     let power = PowerMutationalStage::new(mutator, PowerSchedule::FAST, &edges_observer);
 
     // A minimization+queue policy to get testcasess from the corpus
-    let scheduler = IndexesLenTimeMinimizerCorpusScheduler::new(PowerQueueCorpusScheduler::new());
+    let scheduler = IndexesLenTimeMinimizerScheduler::new(PowerQueueScheduler::new());
 
     // A fuzzer with feedbacks and a corpus scheduler
     let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective);

fuzzers/fuzzbench_text/src/lib.rs

@@ -27,9 +27,7 @@ use libafl::{
         tuples::{tuple_list, Merge},
         AsSlice,
     },
-    corpus::{
+    corpus::{Corpus, OnDiskCorpus},
-        Corpus, IndexesLenTimeMinimizerCorpusScheduler, OnDiskCorpus, PowerQueueCorpusScheduler,
-    },
     events::SimpleRestartingEventManager,
     executors::{inprocess::InProcessExecutor, ExitKind, TimeoutExecutor},
     feedback_or,
@@ -47,6 +45,7 @@ use libafl::{
         tokens_mutations, StdMOptMutator, StdScheduledMutator, Tokens,
     },
     observers::{HitcountsMapObserver, StdMapObserver, TimeObserver},
+    schedulers::{IndexesLenTimeMinimizerScheduler, PowerQueueScheduler},
     stages::{
         calibrate::CalibrationStage,
         power::{PowerMutationalStage, PowerSchedule},
@@ -372,7 +371,7 @@ fn fuzz_binary(
     let power = PowerMutationalStage::new(mutator, PowerSchedule::FAST, &edges_observer);
 
     // A minimization+queue policy to get testcasess from the corpus
-    let scheduler = IndexesLenTimeMinimizerCorpusScheduler::new(PowerQueueCorpusScheduler::new());
+    let scheduler = IndexesLenTimeMinimizerScheduler::new(PowerQueueScheduler::new());
 
     // A fuzzer with feedbacks and a corpus scheduler
     let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective);
@@ -589,7 +588,7 @@ fn fuzz_text(
     let grimoire = StdMutationalStage::new(grimoire_mutator);
 
     // A minimization+queue policy to get testcasess from the corpus
-    let scheduler = IndexesLenTimeMinimizerCorpusScheduler::new(PowerQueueCorpusScheduler::new());
+    let scheduler = IndexesLenTimeMinimizerScheduler::new(PowerQueueScheduler::new());
 
     // A fuzzer with feedbacks and a corpus scheduler
     let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective);

fuzzers/generic_inmemory/.gitignore

@@ -1 +0,0 @@
-fuzzer

fuzzers/generic_inmemory/Cargo.toml

@@ -1,32 +0,0 @@
-[package]
-name = "generic_inmemory"
-version = "0.7.1"
-authors = ["Andrea Fioraldi <andreafioraldi@gmail.com>", "Dominik Maier <domenukk@gmail.com>"]
-edition = "2021"
-
-[features]
-default = ["std"]
-std = []
-
-[profile.release]
-lto = true
-codegen-units = 1
-opt-level = 3
-debug = true
-
-[build-dependencies]
-cc = { version = "1.0", features = ["parallel"] }
-which = { version = "4.0.2" }
-num_cpus = "1.0"
-
-[dependencies]
-libafl = { path = "../../libafl/" }
-libafl_targets = { path = "../../libafl_targets/", features = ["sancov_pcguard_hitcounts", "sancov_cmplog", "libfuzzer"] }
-# TODO Include it only when building cc
-libafl_cc = { path = "../../libafl_cc/" }
-clap = { version = "3.0", features = ["derive"] }
-mimalloc = { version = "*", default-features = false }
-
-[lib]
-name = "generic_inmemory"
-crate-type = ["staticlib"]

fuzzers/generic_inmemory/Makefile.toml

@@ -1,79 +0,0 @@
-[env]
-FUZZER_NAME="fuzzer"
-PROJECT_DIR = { script = ["pwd"] }
-
-[tasks.unsupported]
-script_runner="@shell"
-script='''
-echo "Cargo-make not integrated yet on this"
-'''
-
-# Compilers
-[tasks.cxx]
-linux_alias = "cxx_unix"
-mac_alias = "cxx_unix"
-windows_alias = "unsupported"
-
-[tasks.cxx_unix]
-command = "cargo"
-args = ["build" , "--release"]
-
-[tasks.cc]
-linux_alias = "cc_unix"
-mac_alias = "cc_unix"
-windows_alias = "unsupported"
-
-[tasks.cc_unix]
-command = "cargo"
-args = ["build" , "--release"]
-
-# Fuzzer
-[tasks.fuzzer]
-linux_alias = "fuzzer_unix"
-mac_alias = "fuzzer_unix"
-windows_alias = "unsupported"
-
-[tasks.fuzzer_unix]
-command = "target/release/libafl_cc"
-args = ["-O3", "fuzz.c", "-o", "fuzzer"]
-dependencies = ["cc", "cxx"]
-
-# Run
-[tasks.run]
-linux_alias = "run_unix"
-mac_alias = "run_unix"
-windows_alias = "unsupported"
-
-[tasks.run_unix]
-script_runner="@shell"
-script='''
-./${FUZZER_NAME} --cores 0 --broker-port 31337
-'''
-dependencies = ["fuzzer"]
-
-
-# Test
-[tasks.test]
-linux_alias = "test_unix"
-mac_alias = "test_unix"
-windows_alias = "unsupported"
-
-[tasks.test_unix]
-script_runner="@shell"
-script='''
-timeout 10s ./${FUZZER_NAME} --cores 0 --broker-port 31337 || [ $? -eq 124 ]
-'''
-dependencies = ["fuzzer"]
-
-# Clean
-[tasks.clean]
-linux_alias = "clean_unix"
-mac_alias = "clean_unix"
-windows_alias = "unsupported"
-
-[tasks.clean_unix]
-script_runner="@shell"
-script='''
-rm ./${FUZZER_NAME} || true
-
-'''

fuzzers/generic_inmemory/README.md

@@ -1,3 +0,0 @@
-# Generic In-Memory Fuzzer
-
-This is a generic in-memory fuzzer based on LibAFL

fuzzers/generic_inmemory/fuzz.c

@@ -1,16 +0,0 @@
-#include <stdint.h>
-#include <stdlib.h>
-
-int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
-    if (Size >= 8 && *(uint32_t*)Data == 0xaabbccdd)
-      return 1;
-    return 0;
-}
-
-/*
-int main() {
-
-  char buf [10] = {0};
-  LLVMFuzzerTestOneInput(buf, 10);
-
-}*/

fuzzers/generic_inmemory/src/bin/libafl_cc.rs

@@ -1,36 +0,0 @@
-use libafl_cc::{ClangWrapper, CompilerWrapper, LLVMPasses};
-use std::env;
-
-pub fn main() {
-    let args: Vec<String> = env::args().collect();
-    if args.len() > 1 {
-        let mut dir = env::current_exe().unwrap();
-        let wrapper_name = dir.file_name().unwrap().to_str().unwrap();
-
-        let is_cpp = match wrapper_name[wrapper_name.len()-2..].to_lowercase().as_str() {
-            "cc" => false,
-            "++" | "pp" | "xx" => true,
-            _ => panic!("Could not figure out if c or c++ warpper was called. Expected {:?} to end with c or cxx", dir),
-        };
-
-        dir.pop();
-
-        let mut cc = ClangWrapper::new();
-        if let Some(code) = cc
-            .cpp(is_cpp)
-            // silence the compiler wrapper output, needed for some configure scripts.
-            .silence(true)
-            .parse_args(&args)
-            .expect("Failed to parse the command line")
-            .link_staticlib(&dir, "generic_inmemory")
-            .add_arg("-fsanitize-coverage=trace-pc-guard,trace-cmp")
-            .add_pass(LLVMPasses::CmpLogRtn)
-            .run()
-            .expect("Failed to run the wrapped compiler")
-        {
-            std::process::exit(code);
-        }
-    } else {
-        panic!("LibAFL CC: No Arguments given");
-    }
-}

fuzzers/generic_inmemory/src/bin/libafl_cxx.rs

@@ -1,5 +0,0 @@
-pub mod libafl_cc;
-
-fn main() {
-    libafl_cc::main()
-}

fuzzers/generic_inmemory/src/lib.rs

@@ -1,314 +0,0 @@
-//! A libfuzzer-like fuzzer with llmp-multithreading support and restarts
-//! The `launcher` will spawn new processes for each cpu core.
-use mimalloc::MiMalloc;
-#[global_allocator]
-static GLOBAL: MiMalloc = MiMalloc;
-
-use clap::{self, StructOpt};
-use core::time::Duration;
-use std::{env, net::SocketAddr, path::PathBuf};
-
-use libafl::{
-    bolts::{
-        current_nanos,
-        launcher::Launcher,
-        os::Cores,
-        rands::StdRand,
-        shmem::{ShMemProvider, StdShMemProvider},
-        tuples::{tuple_list, Merge},
-        AsSlice,
-    },
-    corpus::{
-        Corpus, InMemoryCorpus, IndexesLenTimeMinimizerCorpusScheduler, OnDiskCorpus,
-        QueueCorpusScheduler,
-    },
-    events::EventConfig,
-    executors::{inprocess::InProcessExecutor, ExitKind, TimeoutExecutor},
-    feedback_or,
-    feedbacks::{CrashFeedback, MapFeedbackState, MaxMapFeedback, TimeFeedback, TimeoutFeedback},
-    fuzzer::{Fuzzer, StdFuzzer},
-    generators::RandBytesGenerator,
-    inputs::{BytesInput, HasTargetBytes},
-    monitors::MultiMonitor,
-    mutators::{
-        scheduled::{havoc_mutations, tokens_mutations, StdScheduledMutator},
-        token_mutations::{I2SRandReplace, Tokens},
-    },
-    observers::{HitcountsMapObserver, StdMapObserver, TimeObserver},
-    stages::{StdMutationalStage, TracingStage},
-    state::{HasCorpus, HasMetadata, StdState},
-    Error,
-};
-
-use libafl_targets::{
-    libfuzzer_initialize, libfuzzer_test_one_input, CmpLogObserver, CMPLOG_MAP, EDGES_MAP,
-    MAX_EDGES_NUM,
-};
-
-/// Parses a millseconds int into a [`Duration`], used for commandline arg parsing
-fn timeout_from_millis_str(time: &str) -> Result<Duration, Error> {
-    Ok(Duration::from_millis(time.parse()?))
-}
-
-#[derive(Debug, StructOpt)]
-#[clap(
-    name = "generic_inmemory",
-    about = "A generic libfuzzer-like fuzzer with llmp-multithreading support",
-    author = "Andrea Fioraldi <andreafioraldi@gmail.com>, Dominik Maier <domenukk@gmail.com>"
-)]
-struct Opt {
-    #[clap(
-        short,
-        long,
-        parse(try_from_str = Cores::from_cmdline),
-        help = "Spawn a client in each of the provided cores. Broker runs in the 0th core. 'all' to select all available cores. 'none' to run a client without binding to any core. eg: '1,2-4,6' selects the cores 1,2,3,4,6.",
-        name = "CORES"
-    )]
-    cores: Cores,
-
-    #[clap(
-        short = 'p',
-        long,
-        help = "Choose the broker TCP port, default is 1337",
-        name = "PORT"
-    )]
-    broker_port: u16,
-
-    #[clap(
-        parse(try_from_str),
-        short = 'a',
-        long,
-        help = "Specify a remote broker",
-        name = "REMOTE"
-    )]
-    remote_broker_addr: Option<SocketAddr>,
-
-    #[clap(
-        parse(try_from_str),
-        short,
-        long,
-        help = "Set an initial corpus directory",
-        name = "INPUT"
-    )]
-    input: Vec<PathBuf>,
-
-    #[clap(
-        short,
-        long,
-        parse(try_from_str),
-        help = "Set the output directory, default is ./out",
-        name = "OUTPUT",
-        default_value = "./out"
-    )]
-    output: PathBuf,
-
-    #[clap(
-        parse(try_from_str = timeout_from_millis_str),
-        short,
-        long,
-        help = "Set the exeucution timeout in milliseconds, default is 1000",
-        name = "TIMEOUT",
-        default_value = "1000"
-    )]
-    timeout: Duration,
-
-    #[clap(
-        parse(from_os_str),
-        short = 'x',
-        long,
-        help = "Feed the fuzzer with an user-specified list of tokens (often called \"dictionary\"",
-        name = "TOKENS",
-        multiple_occurrences = true
-    )]
-    tokens: Vec<PathBuf>,
-}
-
-/// The main fn, `no_mangle` as it is a C symbol
-#[no_mangle]
-pub fn libafl_main() {
-    // Registry the metadata types used in this fuzzer
-    // Needed only on no_std
-    //RegistryBuilder::register::<Tokens>();
-
-    let workdir = env::current_dir().unwrap();
-
-    let opt = Opt::parse();
-
-    let cores = opt.cores;
-    let broker_port = opt.broker_port;
-    let remote_broker_addr = opt.remote_broker_addr;
-    let input_dirs = opt.input;
-    let output_dir = opt.output;
-    let token_files = opt.tokens;
-    let timeout_ms = opt.timeout;
-    // let cmplog_enabled = matches.is_present("cmplog");
-
-    println!("Workdir: {:?}", workdir.to_string_lossy().to_string());
-
-    let shmem_provider = StdShMemProvider::new().expect("Failed to init shared memory");
-
-    let monitor = MultiMonitor::new(|s| println!("{}", s));
-
-    let mut run_client = |state: Option<StdState<_, _, _, _, _>>, mut mgr, _core_id| {
-        // Create an observation channel using the coverage map
-        let edges = unsafe { &mut EDGES_MAP[0..MAX_EDGES_NUM] };
-        let edges_observer = HitcountsMapObserver::new(StdMapObserver::new("edges", edges));
-
-        // Create an observation channel to keep track of the execution time
-        let time_observer = TimeObserver::new("time");
-
-        // Create the Cmp observer
-        let cmplog = unsafe { &mut CMPLOG_MAP };
-        let cmplog_observer = CmpLogObserver::new("cmplog", cmplog, true);
-
-        // The state of the edges feedback.
-        let feedback_state = MapFeedbackState::with_observer(&edges_observer);
-
-        // Feedback to rate the interestingness of an input
-        // This one is composed by two Feedbacks in OR
-        let feedback = feedback_or!(
-            // New maximization map feedback linked to the edges observer and the feedback state
-            MaxMapFeedback::new_tracking(&feedback_state, &edges_observer, true, false),
-            // Time feedback, this one does not need a feedback state
-            TimeFeedback::new_with_observer(&time_observer)
-        );
-
-        // A feedback to choose if an input is a solution or not
-        let objective = feedback_or!(CrashFeedback::new(), TimeoutFeedback::new());
-
-        // If not restarting, create a State from scratch
-        let mut state = state.unwrap_or_else(|| {
-            StdState::new(
-                // RNG
-                StdRand::with_seed(current_nanos()),
-                // Corpus that will be evolved, we keep it in memory for performance
-                InMemoryCorpus::new(),
-                // Corpus in which we store solutions (crashes in this example),
-                // on disk so the user can get them after stopping the fuzzer
-                OnDiskCorpus::new(output_dir.clone()).unwrap(),
-                // States of the feedbacks.
-                // They are the data related to the feedbacks that you want to persist in the State.
-                tuple_list!(feedback_state),
-            )
-        });
-
-        // Create a dictionary if not existing
-        if state.metadata().get::<Tokens>().is_none() {
-            for tokens_file in &token_files {
-                state.add_metadata(Tokens::from_file(tokens_file)?);
-            }
-        }
-
-        // A minimization+queue policy to get testcasess from the corpus
-        let scheduler = IndexesLenTimeMinimizerCorpusScheduler::new(QueueCorpusScheduler::new());
-
-        // A fuzzer with feedbacks and a corpus scheduler
-        let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective);
-
-        // The wrapped harness function, calling out to the LLVM-style harness
-        let mut harness = |input: &BytesInput| {
-            let target = input.target_bytes();
-            let buf = target.as_slice();
-            libfuzzer_test_one_input(buf);
-            ExitKind::Ok
-        };
-
-        // Create the executor for an in-process function with one observer for edge coverage and one for the execution time
-        let mut executor = TimeoutExecutor::new(
-            InProcessExecutor::new(
-                &mut harness,
-                tuple_list!(edges_observer, time_observer),
-                &mut fuzzer,
-                &mut state,
-                &mut mgr,
-            )?,
-            timeout_ms,
-        );
-
-        // Secondary harness due to mut ownership
-        let mut harness = |input: &BytesInput| {
-            let target = input.target_bytes();
-            let buf = target.as_slice();
-            libfuzzer_test_one_input(buf);
-            ExitKind::Ok
-        };
-
-        // Setup a tracing stage in which we log comparisons
-        let tracing = TracingStage::new(InProcessExecutor::new(
-            &mut harness,
-            tuple_list!(cmplog_observer),
-            &mut fuzzer,
-            &mut state,
-            &mut mgr,
-        )?);
-
-        // Setup a randomic Input2State stage
-        let i2s =
-            StdMutationalStage::new(StdScheduledMutator::new(tuple_list!(I2SRandReplace::new())));
-
-        // Setup a basic mutator
-        let mutator = StdScheduledMutator::new(havoc_mutations().merge(tokens_mutations()));
-        let mutational = StdMutationalStage::new(mutator);
-
-        // The order of the stages matter!
-        let mut stages = tuple_list!(tracing, i2s, mutational);
-
-        // The actual target run starts here.
-        // Call LLVMFUzzerInitialize() if present.
-        let args: Vec<String> = env::args().collect();
-        if libfuzzer_initialize(&args) == -1 {
-            println!("Warning: LLVMFuzzerInitialize failed with -1")
-        }
-
-        // In case the corpus is empty (on first run), reset
-        if state.corpus().count() < 1 {
-            if input_dirs.is_empty() {
-                // Generator of printable bytearrays of max size 32
-                let mut generator = RandBytesGenerator::new(32);
-
-                // Generate 8 initial inputs
-                state
-                    .generate_initial_inputs(
-                        &mut fuzzer,
-                        &mut executor,
-                        &mut generator,
-                        &mut mgr,
-                        8,
-                    )
-                    .expect("Failed to generate the initial corpus");
-                println!(
-                    "We imported {} inputs from the generator.",
-                    state.corpus().count()
-                );
-            } else {
-                println!("Loading from {:?}", &input_dirs);
-                // Load from disk
-                state
-                    .load_initial_inputs(&mut fuzzer, &mut executor, &mut mgr, &input_dirs)
-                    .unwrap_or_else(|_| {
-                        panic!("Failed to load initial corpus at {:?}", &input_dirs)
-                    });
-                println!("We imported {} inputs from disk.", state.corpus().count());
-            }
-        }
-
-        fuzzer.fuzz_loop(&mut stages, &mut executor, &mut state, &mut mgr)?;
-        Ok(())
-    };
-
-    match Launcher::builder()
-        .shmem_provider(shmem_provider)
-        .configuration(EventConfig::from_name("default"))
-        .monitor(monitor)
-        .run_client(&mut run_client)
-        .cores(&cores)
-        .broker_port(broker_port)
-        .remote_broker_addr(remote_broker_addr)
-        //.stdout_file(Some("/dev/null"))
-        .build()
-        .launch()
-    {
-        Ok(_) | Err(Error::ShuttingDown) => (),
-        Err(e) => panic!("{:?}", e),
-    };
-}

fuzzers/libafl_atheris/src/lib.rs

@@ -21,10 +21,7 @@ use libafl::{
         tuples::{tuple_list, Merge},
         AsSlice,
     },
-    corpus::{
+    corpus::{Corpus, OnDiskCorpus},
-        Corpus, InMemoryCorpus, IndexesLenTimeMinimizerCorpusScheduler, OnDiskCorpus,
-        QueueCorpusScheduler,
-    },
     events::EventConfig,
     executors::{inprocess::InProcessExecutor, ExitKind, TimeoutExecutor},
     feedback_or,
@@ -36,6 +33,7 @@ use libafl::{
     mutators::scheduled::{havoc_mutations, tokens_mutations, StdScheduledMutator},
     mutators::token_mutations::{I2SRandReplace, Tokens},
     observers::{HitcountsMapObserver, StdMapObserver, TimeObserver},
+    schedulers::{IndexesLenTimeMinimizerScheduler, PowerQueueScheduler},
     stages::{StdMutationalStage, TracingStage},
     state::{HasCorpus, HasMetadata, StdState},
     Error,
@@ -271,7 +269,7 @@ pub fn LLVMFuzzerRunDriver(
         }
 
         // A minimization+queue policy to get testcasess from the corpus
-        let scheduler = IndexesLenTimeMinimizerCorpusScheduler::new(QueueCorpusScheduler::new());
+        let scheduler = IndexesLenTimeMinimizerScheduler::new(QueueScheduler::new());
 
         // A fuzzer with feedbacks and a corpus scheduler
         let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective);

fuzzers/libfuzzer_libmozjpeg/src/lib.rs

@@ -13,7 +13,7 @@ use libafl::{
         tuples::{tuple_list, Merge},
         AsSlice,
     },
-    corpus::{Corpus, InMemoryCorpus, OnDiskCorpus, RandCorpusScheduler},
+    corpus::{Corpus, InMemoryCorpus, OnDiskCorpus},
     events::{setup_restarting_mgr_std, EventConfig},
     executors::{inprocess::InProcessExecutor, ExitKind},
     feedback_or,
@@ -24,6 +24,7 @@ use libafl::{
     mutators::scheduled::{havoc_mutations, tokens_mutations, StdScheduledMutator},
     mutators::token_mutations::Tokens,
     observers::StdMapObserver,
+    schedulers::RandScheduler,
     stages::mutational::StdMutationalStage,
     state::{HasCorpus, HasMetadata, StdState},
     Error,
@@ -136,7 +137,7 @@ fn fuzz(corpus_dirs: &[PathBuf], objective_dir: PathBuf, broker_port: u16) -> Re
     let mut stages = tuple_list!(StdMutationalStage::new(mutator));
 
     // A random policy to get testcasess from the corpus
-    let scheduler = RandCorpusScheduler::new();
+    let scheduler = RandScheduler::new();
 
     // A fuzzer with feedbacks and a corpus scheduler
     let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective);

fuzzers/libfuzzer_libpng/src/lib.rs

@@ -14,10 +14,7 @@ use libafl::{
         tuples::{tuple_list, Merge},
         AsSlice,
     },
-    corpus::{
+    corpus::{Corpus, InMemoryCorpus, OnDiskCorpus},
-        Corpus, InMemoryCorpus, IndexesLenTimeMinimizerCorpusScheduler, OnDiskCorpus,
-        PowerQueueCorpusScheduler,
-    },
     events::{setup_restarting_mgr_std, EventConfig, EventRestarter},
     executors::{inprocess::InProcessExecutor, ExitKind, TimeoutExecutor},
     feedback_or, feedback_or_fast,
@@ -28,6 +25,7 @@ use libafl::{
     mutators::scheduled::{havoc_mutations, tokens_mutations, StdScheduledMutator},
     mutators::token_mutations::Tokens,
     observers::{HitcountsMapObserver, StdMapObserver, TimeObserver},
+    schedulers::{IndexesLenTimeMinimizerScheduler, PowerQueueScheduler},
     stages::{
         calibrate::CalibrationStage,
         power::{PowerMutationalStage, PowerSchedule},
@@ -138,7 +136,7 @@ fn fuzz(corpus_dirs: &[PathBuf], objective_dir: PathBuf, broker_port: u16) -> Re
     let mut stages = tuple_list!(calibration, power);
 
     // A minimization+queue policy to get testcasess from the corpus
-    let scheduler = IndexesLenTimeMinimizerCorpusScheduler::new(PowerQueueCorpusScheduler::new());
+    let scheduler = IndexesLenTimeMinimizerScheduler::new(PowerQueueScheduler::new());
 
     // A fuzzer with feedbacks and a corpus scheduler
     let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective);

fuzzers/libfuzzer_libpng_accounting/src/lib.rs

@@ -20,10 +20,7 @@ use libafl::{
         tuples::{tuple_list, Merge},
         AsSlice,
     },
-    corpus::{
+    corpus::{Corpus, InMemoryCorpus, OnDiskCorpus},
-        Corpus, CoverageAccountingCorpusScheduler, InMemoryCorpus, OnDiskCorpus,
-        QueueCorpusScheduler,
-    },
     events::EventConfig,
     executors::{inprocess::InProcessExecutor, ExitKind, TimeoutExecutor},
     feedback_or, feedback_or_fast,
@@ -34,6 +31,7 @@ use libafl::{
     mutators::scheduled::{havoc_mutations, tokens_mutations, StdScheduledMutator},
     mutators::token_mutations::Tokens,
     observers::{HitcountsMapObserver, StdMapObserver, TimeObserver},
+    schedulers::{CoverageAccountingScheduler, QueueScheduler},
     stages::mutational::StdMutationalStage,
     state::{HasCorpus, HasMetadata, StdState},
     Error,
@@ -202,11 +200,10 @@ pub fn libafl_main() {
         let mut stages = tuple_list!(StdMutationalStage::new(mutator));
 
         // A minimization+queue policy to get testcasess from the corpus
-        let scheduler = CoverageAccountingCorpusScheduler::new(
+        let scheduler =
-            &mut state,
+            CoverageAccountingScheduler::new(&mut state, QueueScheduler::new(), unsafe {
-            QueueCorpusScheduler::new(),
+                &ACCOUNTING_MEMOP_MAP
-            unsafe { &ACCOUNTING_MEMOP_MAP },
+            });
-        );
 
         // A fuzzer with feedbacks and a corpus scheduler
         let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective);

fuzzers/libfuzzer_libpng_ctx/src/lib.rs

@@ -20,10 +20,7 @@ use libafl::{
         tuples::{tuple_list, Merge},
         AsSlice,
     },
-    corpus::{
+    corpus::{Corpus, InMemoryCorpus, OnDiskCorpus},
-        Corpus, InMemoryCorpus, IndexesLenTimeMinimizerCorpusScheduler, OnDiskCorpus,
-        QueueCorpusScheduler,
-    },
     events::EventConfig,
     executors::{inprocess::InProcessExecutor, ExitKind, TimeoutExecutor},
     feedback_or, feedback_or_fast,
@@ -36,6 +33,7 @@ use libafl::{
         token_mutations::Tokens,
     },
     observers::{HitcountsMapObserver, StdMapObserver, TimeObserver},
+    schedulers::{IndexesLenTimeMinimizerScheduler, PowerQueueScheduler},
     stages::mutational::StdMutationalStage,
     state::{HasCorpus, HasMetadata, StdState},
     Error,
@@ -201,7 +199,7 @@ pub fn libafl_main() {
         let mut stages = tuple_list!(StdMutationalStage::new(mutator));
 
         // A minimization+queue policy to get testcasess from the corpus
-        let scheduler = IndexesLenTimeMinimizerCorpusScheduler::new(QueueCorpusScheduler::new());
+        let scheduler = IndexesLenTimeMinimizerScheduler::new(QueueScheduler::new());
 
         // A fuzzer with feedbacks and a corpus scheduler
         let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective);

fuzzers/libfuzzer_libpng_launcher/src/lib.rs

@@ -20,10 +20,7 @@ use libafl::{
         tuples::{tuple_list, Merge},
         AsSlice,
     },
-    corpus::{
+    corpus::{Corpus, InMemoryCorpus, OnDiskCorpus},
-        Corpus, InMemoryCorpus, IndexesLenTimeMinimizerCorpusScheduler, OnDiskCorpus,
-        QueueCorpusScheduler,
-    },
     events::EventConfig,
     executors::{inprocess::InProcessExecutor, ExitKind, TimeoutExecutor},
     feedback_or, feedback_or_fast,
@@ -34,6 +31,7 @@ use libafl::{
     mutators::scheduled::{havoc_mutations, tokens_mutations, StdScheduledMutator},
     mutators::token_mutations::Tokens,
     observers::{HitcountsMapObserver, StdMapObserver, TimeObserver},
+    schedulers::{IndexesLenTimeMinimizerScheduler, PowerQueueScheduler},
     stages::mutational::StdMutationalStage,
     state::{HasCorpus, HasMetadata, StdState},
     Error,
@@ -200,7 +198,7 @@ pub fn libafl_main() {
         let mut stages = tuple_list!(StdMutationalStage::new(mutator));
 
         // A minimization+queue policy to get testcasess from the corpus
-        let scheduler = IndexesLenTimeMinimizerCorpusScheduler::new(QueueCorpusScheduler::new());
+        let scheduler = IndexesLenTimeMinimizerScheduler::new(QueueScheduler::new());
 
         // A fuzzer with feedbacks and a corpus scheduler
         let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective);

fuzzers/libfuzzer_reachability/src/lib.rs

@@ -8,7 +8,7 @@ use std::{env, path::PathBuf};
 
 use libafl::{
     bolts::{current_nanos, rands::StdRand, tuples::tuple_list, AsSlice},
-    corpus::{Corpus, InMemoryCorpus, OnDiskCorpus, RandCorpusScheduler},
+    corpus::{Corpus, InMemoryCorpus, OnDiskCorpus},
     events::{setup_restarting_mgr_std, EventConfig, EventRestarter},
     executors::{inprocess::InProcessExecutor, ExitKind},
     feedbacks::{MapFeedbackState, MaxMapFeedback, ReachabilityFeedback},
@@ -17,6 +17,7 @@ use libafl::{
     monitors::SimpleMonitor,
     mutators::scheduled::{havoc_mutations, StdScheduledMutator},
     observers::{HitcountsMapObserver, StdMapObserver},
+    schedulers::RandScheduler,
     stages::mutational::StdMutationalStage,
     state::{HasCorpus, StdState},
     Error,
@@ -106,7 +107,7 @@ fn fuzz(corpus_dirs: &[PathBuf], objective_dir: PathBuf, broker_port: u16) -> Re
     let mut stages = tuple_list!(StdMutationalStage::new(mutator));
 
     // A random policy to get testcasess from the corpus
-    let scheduler = RandCorpusScheduler::new();
+    let scheduler = RandScheduler::new();
 
     // A fuzzer with feedbacks and a corpus scheduler
     let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective);

fuzzers/libfuzzer_stb_image/src/main.rs

@@ -8,10 +8,7 @@ use std::{env, path::PathBuf};
 
 use libafl::{
     bolts::{current_nanos, rands::StdRand, tuples::tuple_list, AsSlice},
-    corpus::{
+    corpus::{Corpus, InMemoryCorpus, OnDiskCorpus},
-        Corpus, InMemoryCorpus, IndexesLenTimeMinimizerCorpusScheduler, OnDiskCorpus,
-        QueueCorpusScheduler,
-    },
     events::{setup_restarting_mgr_std, EventConfig},
     executors::{inprocess::InProcessExecutor, ExitKind, ShadowExecutor},
     feedback_or,
@@ -22,6 +19,7 @@ use libafl::{
     mutators::scheduled::{havoc_mutations, StdScheduledMutator},
     mutators::token_mutations::I2SRandReplace,
     observers::{StdMapObserver, TimeObserver},
+    schedulers::{IndexesLenTimeMinimizerScheduler, PowerQueueScheduler},
     stages::{ShadowTracingStage, StdMutationalStage},
     state::{HasCorpus, StdState},
     Error,
@@ -113,7 +111,7 @@ fn fuzz(corpus_dirs: &[PathBuf], objective_dir: PathBuf, broker_port: u16) -> Re
     println!("We're a client, let's fuzz :)");
 
     // A minimization+queue policy to get testcasess from the corpus
-    let scheduler = IndexesLenTimeMinimizerCorpusScheduler::new(QueueCorpusScheduler::new());
+    let scheduler = IndexesLenTimeMinimizerScheduler::new(QueueScheduler::new());
 
     // A fuzzer with feedbacks and a corpus scheduler
     let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective);

fuzzers/libfuzzer_stb_image_concolic/fuzzer/src/main.rs

@@ -15,10 +15,7 @@ use libafl::{
         tuples::{tuple_list, Named},
         AsMutSlice, AsSlice,
     },
-    corpus::{
+    corpus::{Corpus, InMemoryCorpus, OnDiskCorpus},
-        Corpus, InMemoryCorpus, IndexesLenTimeMinimizerCorpusScheduler, OnDiskCorpus,
-        QueueCorpusScheduler,
-    },
     events::{setup_restarting_mgr_std, EventConfig},
     executors::{
         command::CommandConfigurator, inprocess::InProcessExecutor, ExitKind, ShadowExecutor,
@@ -39,6 +36,7 @@ use libafl::{
         },
         StdMapObserver, TimeObserver,
     },
+    schedulers::{IndexesLenTimeMinimizerScheduler, PowerQueueScheduler},
     stages::{
         ConcolicTracingStage, ShadowTracingStage, SimpleConcolicMutationalStage,
         StdMutationalStage, TracingStage,
@@ -148,7 +146,7 @@ fn fuzz(
     println!("We're a client, let's fuzz :)");
 
     // A minimization+queue policy to get testcasess from the corpus
-    let scheduler = IndexesLenTimeMinimizerCorpusScheduler::new(QueueCorpusScheduler::new());
+    let scheduler = IndexesLenTimeMinimizerScheduler::new(QueueScheduler::new());
 
     // A fuzzer with feedbacks and a corpus scheduler
     let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective);

fuzzers/push_harness/src/main.rs

@@ -4,7 +4,7 @@ use klo_routines::*;
 use libafl::inputs::{BytesInput, HasTargetBytes};
 use libafl::{
     bolts::{current_nanos, rands::StdRand, tuples::tuple_list, AsSlice},
-    corpus::{InMemoryCorpus, OnDiskCorpus, QueueCorpusScheduler},
+    corpus::{InMemoryCorpus, OnDiskCorpus},
     events::SimpleEventManager,
     executors::{inprocess::InProcessExecutor, ExitKind},
     feedbacks::{CrashFeedback, MapFeedbackState, MaxMapFeedback},
@@ -13,6 +13,7 @@ use libafl::{
     monitors::SimpleMonitor,
     mutators::scheduled::{havoc_mutations, StdScheduledMutator},
     observers::StdMapObserver,
+    schedulers::QueueScheduler,
     stages::mutational::StdMutationalStage,
     state::StdState,
 };
@@ -71,7 +72,7 @@ fn input_generator() {
     let mut mgr = SimpleEventManager::new(monitor);
 
     // A queue policy to get testcasess from the corpus
-    let scheduler = QueueCorpusScheduler::new();
+    let scheduler = QueueScheduler::new();
 
     // A fuzzer with feedbacks and a corpus scheduler
     let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective);

fuzzers/push_stage_harness/src/main.rs

@@ -9,9 +9,7 @@ use std::{path::PathBuf, rc::Rc};
 
 use libafl::{
     bolts::{current_nanos, rands::StdRand, tuples::tuple_list, AsSlice},
-    corpus::{
+    corpus::{Corpus, InMemoryCorpus, OnDiskCorpus, Testcase},
-        Corpus, CorpusScheduler, InMemoryCorpus, OnDiskCorpus, QueueCorpusScheduler, Testcase,
-    },
     events::SimpleEventManager,
     executors::ExitKind,
     feedbacks::{CrashFeedback, MapFeedbackState, MaxMapFeedback},
@@ -20,6 +18,7 @@ use libafl::{
     monitors::SimpleMonitor,
     mutators::scheduled::{havoc_mutations, StdScheduledMutator},
     observers::StdMapObserver,
+    schedulers::{QueueScheduler, Scheduler},
     stages::push::{PushStageSharedState, StdMutationalPushStage},
     state::{HasCorpus, StdState},
 };
@@ -68,7 +67,7 @@ pub fn main() {
     let mgr = SimpleEventManager::new(monitor);
 
     // A queue policy to get testcasess from the corpus
-    let scheduler = QueueCorpusScheduler::new();
+    let scheduler = QueueScheduler::new();
 
     // Create the executor for an in-process function with just one observer
     //let mut executor = InProcessExecutor::new(&mut harness, &mut fuzzer, &mut state, &mut mgr)

fuzzers/qemu_launcher/src/fuzzer.rs

@@ -13,10 +13,7 @@ use libafl::{
         tuples::tuple_list,
         AsSlice,
     },
-    corpus::{
+    corpus::{Corpus, InMemoryCorpus, OnDiskCorpus},
-        Corpus, InMemoryCorpus, IndexesLenTimeMinimizerCorpusScheduler, OnDiskCorpus,
-        QueueCorpusScheduler,
-    },
     events::EventConfig,
     executors::{ExitKind, TimeoutExecutor},
     feedback_or, feedback_or_fast,
@@ -26,6 +23,7 @@ use libafl::{
     monitors::MultiMonitor,
     mutators::scheduled::{havoc_mutations, StdScheduledMutator},
     observers::{HitcountsMapObserver, TimeObserver, VariableMapObserver},
+    schedulers::{IndexesLenTimeMinimizerScheduler, QueueScheduler},
     stages::StdMutationalStage,
     state::{HasCorpus, StdState},
     Error,
@@ -154,7 +152,7 @@ pub fn fuzz() {
         });
 
         // A minimization+queue policy to get testcasess from the corpus
-        let scheduler = IndexesLenTimeMinimizerCorpusScheduler::new(QueueCorpusScheduler::new());
+        let scheduler = IndexesLenTimeMinimizerScheduler::new(QueueScheduler::new());
 
         // A fuzzer with feedbacks and a corpus scheduler
         let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective);

fuzzers/tutorial/src/lib.rs

@@ -8,7 +8,7 @@ use std::{env, path::PathBuf};
 
 use libafl::{
     bolts::{current_nanos, rands::StdRand, tuples::tuple_list, AsSlice},
-    corpus::{Corpus, InMemoryCorpus, OnDiskCorpus, PowerQueueCorpusScheduler},
+    corpus::{Corpus, InMemoryCorpus, OnDiskCorpus},
     events::{setup_restarting_mgr_std, EventConfig, EventRestarter},
     executors::{inprocess::InProcessExecutor, ExitKind, TimeoutExecutor},
     feedback_or, feedback_or_fast,
@@ -17,6 +17,7 @@ use libafl::{
     inputs::HasTargetBytes,
     monitors::MultiMonitor,
     observers::{HitcountsMapObserver, StdMapObserver, TimeObserver},
+    schedulers::PowerQueueScheduler,
     stages::{
         calibrate::CalibrationStage,
         power::{PowerMutationalStage, PowerSchedule},
@@ -133,7 +134,7 @@ fn fuzz(corpus_dirs: &[PathBuf], objective_dir: PathBuf, broker_port: u16) -> Re
     let mut stages = tuple_list!(calibration, power);
 
     // A minimization+queue policy to get testcasess from the corpus
-    let scheduler = PacketLenMinimizerCorpusScheduler::new(PowerQueueCorpusScheduler::new());
+    let scheduler = PacketLenMinimizerScheduler::new(PowerQueueScheduler::new());
 
     // A fuzzer with feedbacks and a corpus scheduler
     let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective);

fuzzers/tutorial/src/metadata.rs

@@ -1,10 +1,11 @@
 use libafl::{
     bolts::tuples::Named,
-    corpus::{FavFactor, MinimizerCorpusScheduler, Testcase},
+    corpus::Testcase,
     events::EventFirer,
     executors::ExitKind,
     feedbacks::{Feedback, MapIndexesMetadata},
     observers::ObserversTuple,
+    schedulers::{FavFactor, MinimizerScheduler},
     state::{HasClientPerfMonitor, HasMetadata},
     Error, SerdeAny,
 };
@@ -29,8 +30,8 @@ impl FavFactor<PacketData> for PacketLenFavFactor {
     }
 }
 
-pub type PacketLenMinimizerCorpusScheduler<CS, S> =
+pub type PacketLenMinimizerScheduler<CS, S> =
-    MinimizerCorpusScheduler<CS, PacketLenFavFactor, PacketData, MapIndexesMetadata, S>;
+    MinimizerScheduler<CS, PacketLenFavFactor, PacketData, MapIndexesMetadata, S>;
 
 #[derive(Serialize, Deserialize, Default, Clone, Debug)]
 pub struct PacketLenFeedback {

libafl/src/corpus/mod.rs

@@ -16,36 +16,9 @@ pub mod cached;
 #[cfg(feature = "std")]
 pub use cached::CachedOnDiskCorpus;
 
-pub mod queue;
-pub use queue::QueueCorpusScheduler;
-
-pub mod probabilistic_sampling;
-pub use probabilistic_sampling::ProbabilitySamplingCorpusScheduler;
-
-pub mod accounting;
-pub use accounting::*;
-
-pub mod fav_factor;
-pub use fav_factor::{FavFactor, LenTimeMulFavFactor};
-
-pub mod minimizer;
-pub use minimizer::{
-    IndexesLenTimeMinimizerCorpusScheduler, IsFavoredMetadata, LenTimeMinimizerCorpusScheduler,
-    MinimizerCorpusScheduler, TopRatedsMetadata,
-};
-
-pub mod powersched;
-pub use powersched::PowerQueueCorpusScheduler;
-
-use alloc::borrow::ToOwned;
 use core::cell::RefCell;
 
-use crate::{
+use crate::{inputs::Input, Error};
-    bolts::rands::Rand,
-    inputs::Input,
-    state::{HasCorpus, HasRand},
-    Error,
-};
 
 /// Corpus with all current testcases
 pub trait Corpus<I>: serde::Serialize + serde::de::DeserializeOwned
@@ -79,81 +52,6 @@ where
     fn current_mut(&mut self) -> &mut Option<usize>;
 }
 
-/// The scheduler define how the fuzzer requests a testcase from the corpus.
-/// It has hooks to corpus add/replace/remove to allow complex scheduling algorithms to collect data.
-pub trait CorpusScheduler<I, S>
-where
-    I: Input,
-{
-    /// Add an entry to the corpus and return its index
-    fn on_add(&self, _state: &mut S, _idx: usize) -> Result<(), Error> {
-        Ok(())
-    }
-
-    /// Replaces the testcase at the given idx
-    fn on_replace(
-        &self,
-        _state: &mut S,
-        _idx: usize,
-        _testcase: &Testcase<I>,
-    ) -> Result<(), Error> {
-        Ok(())
-    }
-
-    /// Removes an entry from the corpus, returning it if it was present.
-    fn on_remove(
-        &self,
-        _state: &mut S,
-        _idx: usize,
-        _testcase: &Option<Testcase<I>>,
-    ) -> Result<(), Error> {
-        Ok(())
-    }
-
-    /// Gets the next entry
-    fn next(&self, state: &mut S) -> Result<usize, Error>;
-}
-
-/// Feed the fuzzer simpply with a random testcase on request
-#[derive(Debug, Clone)]
-pub struct RandCorpusScheduler;
-
-impl<I, S> CorpusScheduler<I, S> for RandCorpusScheduler
-where
-    S: HasCorpus<I> + HasRand,
-    I: Input,
-{
-    /// Gets the next entry at random
-    fn next(&self, state: &mut S) -> Result<usize, Error> {
-        if state.corpus().count() == 0 {
-            Err(Error::Empty("No entries in corpus".to_owned()))
-        } else {
-            let len = state.corpus().count();
-            let id = state.rand_mut().below(len as u64) as usize;
-            *state.corpus_mut().current_mut() = Some(id);
-            Ok(id)
-        }
-    }
-}
-
-impl RandCorpusScheduler {
-    /// Create a new [`RandCorpusScheduler`] that just schedules randomly.
-    #[must_use]
-    pub fn new() -> Self {
-        Self
-    }
-}
-
-impl Default for RandCorpusScheduler {
-    fn default() -> Self {
-        Self::new()
-    }
-}
-
-/// A [`StdCorpusScheduler`] uses the default scheduler in `LibAFL` to schedule [`Testcase`]s.
-/// The current `Std` is a [`RandCorpusScheduler`], although this may change in the future, if another [`CorpusScheduler`] delivers better results.
-pub type StdCorpusScheduler = RandCorpusScheduler;
-
 /// `Corpus` Python bindings
 #[cfg(feature = "python")]
 pub mod pybind {

libafl/src/events/llmp.rs

@@ -948,11 +948,12 @@ mod tests {
             staterestore::StateRestorer,
             tuples::tuple_list,
         },
-        corpus::{Corpus, InMemoryCorpus, RandCorpusScheduler, Testcase},
+        corpus::{Corpus, InMemoryCorpus, Testcase},
         events::{llmp::_ENV_FUZZER_SENDER, LlmpEventManager},
         executors::{ExitKind, InProcessExecutor},
         inputs::BytesInput,
         mutators::BitFlipMutator,
+        schedulers::RandScheduler,
         stages::StdMutationalStage,
         state::StdState,
         Fuzzer, StdFuzzer,
@@ -988,7 +989,7 @@ mod tests {
         let mut llmp_mgr =
             LlmpEventManager::<BytesInput, (), _, _>::new(llmp_client, "fuzzer".into()).unwrap();
 
-        let scheduler = RandCorpusScheduler::new();
+        let scheduler = RandScheduler::new();
 
         let mut fuzzer = StdFuzzer::new(scheduler, (), ());
 

libafl/src/fuzzer/mod.rs

@@ -2,13 +2,14 @@
 
 use crate::{
     bolts::current_time,
-    corpus::{Corpus, CorpusScheduler, Testcase},
+    corpus::{Corpus, Testcase},
     events::{Event, EventConfig, EventFirer, EventManager, ProgressReporter},
     executors::{Executor, ExitKind, HasObservers},
     feedbacks::Feedback,
     inputs::Input,
     mark_feature_time,
     observers::ObserversTuple,
+    schedulers::Scheduler,
     stages::StagesTuple,
     start_timer,
     state::{HasClientPerfMonitor, HasCorpus, HasExecutions, HasSolutions},
@@ -25,9 +26,9 @@ use core::{marker::PhantomData, time::Duration};
 const STATS_TIMEOUT_DEFAULT: Duration = Duration::from_secs(15);
 
 /// Holds a scheduler
-pub trait HasCorpusScheduler<CS, I, S>
+pub trait HasScheduler<CS, I, S>
 where
-    CS: CorpusScheduler<I, S>,
+    CS: Scheduler<I, S>,
     I: Input,
 {
     /// The scheduler
@@ -235,7 +236,7 @@ pub enum ExecuteInputResult {
 #[derive(Debug)]
 pub struct StdFuzzer<CS, F, I, OF, OT, S>
 where
-    CS: CorpusScheduler<I, S>,
+    CS: Scheduler<I, S>,
     F: Feedback<I, S>,
     I: Input,
     OF: Feedback<I, S>,
@@ -247,9 +248,9 @@ where
     phantom: PhantomData<(I, OT, S)>,
 }
 
-impl<CS, F, I, OF, OT, S> HasCorpusScheduler<CS, I, S> for StdFuzzer<CS, F, I, OF, OT, S>
+impl<CS, F, I, OF, OT, S> HasScheduler<CS, I, S> for StdFuzzer<CS, F, I, OF, OT, S>
 where
-    CS: CorpusScheduler<I, S>,
+    CS: Scheduler<I, S>,
     F: Feedback<I, S>,
     I: Input,
     OF: Feedback<I, S>,
@@ -266,7 +267,7 @@ where
 
 impl<CS, F, I, OF, OT, S> HasFeedback<F, I, S> for StdFuzzer<CS, F, I, OF, OT, S>
 where
-    CS: CorpusScheduler<I, S>,
+    CS: Scheduler<I, S>,
     F: Feedback<I, S>,
     I: Input,
     OF: Feedback<I, S>,
@@ -283,7 +284,7 @@ where
 
 impl<CS, F, I, OF, OT, S> HasObjective<I, OF, S> for StdFuzzer<CS, F, I, OF, OT, S>
 where
-    CS: CorpusScheduler<I, S>,
+    CS: Scheduler<I, S>,
     F: Feedback<I, S>,
     I: Input,
     OF: Feedback<I, S>,
@@ -300,7 +301,7 @@ where
 
 impl<CS, F, I, OF, OT, S> ExecutionProcessor<I, OT, S> for StdFuzzer<CS, F, I, OF, OT, S>
 where
-    CS: CorpusScheduler<I, S>,
+    CS: Scheduler<I, S>,
     F: Feedback<I, S>,
     I: Input,
     OF: Feedback<I, S>,
@@ -414,7 +415,7 @@ where
 
 impl<CS, F, I, OF, OT, S> EvaluatorObservers<I, OT, S> for StdFuzzer<CS, F, I, OF, OT, S>
 where
-    CS: CorpusScheduler<I, S>,
+    CS: Scheduler<I, S>,
     OT: ObserversTuple<I, S> + serde::Serialize + serde::de::DeserializeOwned,
     F: Feedback<I, S>,
     I: Input,
@@ -443,7 +444,7 @@ where
 
 impl<CS, E, EM, F, I, OF, OT, S> Evaluator<E, EM, I, S> for StdFuzzer<CS, F, I, OF, OT, S>
 where
-    CS: CorpusScheduler<I, S>,
+    CS: Scheduler<I, S>,
     E: Executor<EM, I, S, Self> + HasObservers<I, OT, S>,
     OT: ObserversTuple<I, S> + serde::Serialize + serde::de::DeserializeOwned,
     EM: EventManager<E, I, S, Self>,
@@ -509,7 +510,7 @@ where
 
 impl<CS, E, EM, F, I, OF, OT, S, ST> Fuzzer<E, EM, I, S, ST> for StdFuzzer<CS, F, I, OF, OT, S>
 where
-    CS: CorpusScheduler<I, S>,
+    CS: Scheduler<I, S>,
     EM: EventManager<E, I, S, Self>,
     F: Feedback<I, S>,
     I: Input,
@@ -559,7 +560,7 @@ where
 
 impl<CS, F, I, OF, OT, S> StdFuzzer<CS, F, I, OF, OT, S>
 where
-    CS: CorpusScheduler<I, S>,
+    CS: Scheduler<I, S>,
     F: Feedback<I, S>,
     I: Input,
     OF: Feedback<I, S>,
@@ -628,7 +629,7 @@ where
 
 impl<CS, F, I, OF, OT, S> ExecutesInput<I, OT, S, Self> for StdFuzzer<CS, F, I, OF, OT, S>
 where
-    CS: CorpusScheduler<I, S>,
+    CS: Scheduler<I, S>,
     F: Feedback<I, S>,
     I: Input,
     OT: ObserversTuple<I, S>,
@@ -670,10 +671,10 @@ where
 #[cfg(feature = "python")]
 /// `Fuzzer` Python bindings
 pub mod pybind {
-    use crate::corpus::QueueCorpusScheduler;
     use crate::feedbacks::{CrashFeedback, MaxMapFeedback};
     use crate::fuzzer::{Fuzzer, StdFuzzer};
     use crate::inputs::BytesInput;
+    use crate::schedulers::QueueScheduler;
     use pyo3::prelude::*;
 
     macro_rules! define_python_fuzzer {
@@ -688,7 +689,7 @@ pub mod pybind {
 
             /// `StdFuzzer` with fixed generics
             pub type $type_name = StdFuzzer<
-                QueueCorpusScheduler,
+                QueueScheduler,
                 MaxMapFeedback<BytesInput, $map_observer_name, $my_std_state_type_name, $datatype>,
                 BytesInput,
                 CrashFeedback,
@@ -709,7 +710,7 @@ pub mod pybind {
                 fn new(py_max_map_feedback: $max_map_feedback_py_name) -> Self {
                     Self {
                         std_fuzzer: StdFuzzer::new(
-                            QueueCorpusScheduler::new(),
+                            QueueScheduler::new(),
                             py_max_map_feedback.max_map_feedback,
                             CrashFeedback::new(),
                         ),

libafl/src/lib.rs

@@ -93,6 +93,7 @@ pub mod inputs;
 pub mod monitors;
 pub mod mutators;
 pub mod observers;
+pub mod schedulers;
 pub mod stages;
 pub mod state;
 
@@ -234,11 +235,12 @@ impl std::error::Error for Error {}
 mod tests {
     use crate::{
         bolts::{rands::StdRand, tuples::tuple_list},
-        corpus::{Corpus, InMemoryCorpus, RandCorpusScheduler, Testcase},
+        corpus::{Corpus, InMemoryCorpus, Testcase},
         executors::{ExitKind, InProcessExecutor},
         inputs::BytesInput,
         monitors::SimpleMonitor,
         mutators::{mutations::BitFlipMutator, StdScheduledMutator},
+        schedulers::RandScheduler,
         stages::StdMutationalStage,
         state::{HasCorpus, StdState},
         Fuzzer, StdFuzzer,
@@ -268,7 +270,7 @@ mod tests {
         });
         let mut event_manager = SimpleEventManager::new(monitor);
 
-        let scheduler = RandCorpusScheduler::new();
+        let scheduler = RandScheduler::new();
         let mut fuzzer = StdFuzzer::new(scheduler, (), ());
 
         let mut harness = |_buf: &BytesInput| ExitKind::Ok;

libafl/src/schedulers/accounting.rs

@@ -2,12 +2,13 @@
 
 use crate::{
     bolts::{rands::Rand, AsMutSlice, AsSlice, HasLen, HasRefCnt},
-    corpus::{
+    corpus::{Corpus, Testcase},
-        minimizer::{IsFavoredMetadata, MinimizerCorpusScheduler, DEFAULT_SKIP_NON_FAVORED_PROB},
-        Corpus, CorpusScheduler, LenTimeMulFavFactor, Testcase,
-    },
     feedbacks::MapIndexesMetadata,
     inputs::Input,
+    schedulers::{
+        minimizer::{IsFavoredMetadata, MinimizerScheduler, DEFAULT_SKIP_NON_FAVORED_PROB},
+        LenTimeMulFavFactor, Scheduler,
+    },
     state::{HasCorpus, HasMetadata, HasRand},
     Error,
 };
@@ -91,20 +92,20 @@ impl TopAccountingMetadata {
 
 /// A minimizer scheduler using coverage accounting
 #[derive(Debug)]
-pub struct CoverageAccountingCorpusScheduler<'a, CS, I, S>
+pub struct CoverageAccountingScheduler<'a, CS, I, S>
 where
-    CS: CorpusScheduler<I, S>,
+    CS: Scheduler<I, S>,
     I: Input + HasLen,
     S: HasCorpus<I> + HasMetadata + HasRand,
 {
     accounting_map: &'a [u32],
     skip_non_favored_prob: u64,
-    inner: MinimizerCorpusScheduler<CS, LenTimeMulFavFactor<I>, I, MapIndexesMetadata, S>,
+    inner: MinimizerScheduler<CS, LenTimeMulFavFactor<I>, I, MapIndexesMetadata, S>,
 }
 
-impl<'a, CS, I, S> CorpusScheduler<I, S> for CoverageAccountingCorpusScheduler<'a, CS, I, S>
+impl<'a, CS, I, S> Scheduler<I, S> for CoverageAccountingScheduler<'a, CS, I, S>
 where
-    CS: CorpusScheduler<I, S>,
+    CS: Scheduler<I, S>,
     I: Input + HasLen,
     S: HasCorpus<I> + HasMetadata + HasRand,
 {
@@ -152,9 +153,9 @@ where
     }
 }
 
-impl<'a, CS, I, S> CoverageAccountingCorpusScheduler<'a, CS, I, S>
+impl<'a, CS, I, S> CoverageAccountingScheduler<'a, CS, I, S>
 where
-    CS: CorpusScheduler<I, S>,
+    CS: Scheduler<I, S>,
     I: Input + HasLen,
     S: HasCorpus<I> + HasMetadata + HasRand,
 {
@@ -188,7 +189,7 @@ where
                         let must_remove = {
                             let old_meta = old.metadata_mut().get_mut::<AccountingIndexesMetadata>().ok_or_else(|| {
                                 Error::KeyNotFound(format!(
-                                    "AccountingIndexesMetadata, needed by CoverageAccountingCorpusScheduler, not found in testcase #{}",
+                                    "AccountingIndexesMetadata, needed by CoverageAccountingScheduler, not found in testcase #{}",
                                     old_idx
                                 ))
                             })?;
@@ -259,18 +260,18 @@ where
         Ok(())
     }
 
-    /// Creates a new [`CoverageAccountingCorpusScheduler`] that wraps a `base` [`CorpusScheduler`]
+    /// Creates a new [`CoverageAccountingScheduler`] that wraps a `base` [`Scheduler`]
     /// and has a default probability to skip non-faved [`Testcase`]s of [`DEFAULT_SKIP_NON_FAVORED_PROB`].
     pub fn new(state: &mut S, base: CS, accounting_map: &'a [u32]) -> Self {
         state.add_metadata(TopAccountingMetadata::new(accounting_map.len()));
         Self {
             accounting_map,
-            inner: MinimizerCorpusScheduler::new(base),
+            inner: MinimizerScheduler::new(base),
             skip_non_favored_prob: DEFAULT_SKIP_NON_FAVORED_PROB,
         }
     }
 
-    /// Creates a new [`CoverageAccountingCorpusScheduler`] that wraps a `base` [`CorpusScheduler`]
+    /// Creates a new [`CoverageAccountingScheduler`] that wraps a `base` [`Scheduler`]
     /// and has a non-default probability to skip non-faved [`Testcase`]s using (`skip_non_favored_prob`).
     pub fn with_skip_prob(
         state: &mut S,
@@ -281,7 +282,7 @@ where
         state.add_metadata(TopAccountingMetadata::new(accounting_map.len()));
         Self {
             accounting_map,
-            inner: MinimizerCorpusScheduler::with_skip_prob(base, skip_non_favored_prob),
+            inner: MinimizerScheduler::with_skip_prob(base, skip_non_favored_prob),
             skip_non_favored_prob,
         }
     }

libafl/src/schedulers/minimizer.rs

@@ -3,9 +3,10 @@
 
 use crate::{
     bolts::{rands::Rand, serdeany::SerdeAny, AsSlice, HasRefCnt},
-    corpus::{Corpus, CorpusScheduler, FavFactor, LenTimeMulFavFactor, Testcase},
+    corpus::{Corpus, Testcase},
     feedbacks::MapIndexesMetadata,
     inputs::Input,
+    schedulers::{FavFactor, LenTimeMulFavFactor, Scheduler},
     state::{HasCorpus, HasMetadata, HasRand},
     Error,
 };
@@ -48,13 +49,13 @@ impl Default for TopRatedsMetadata {
     }
 }
 
-/// The [`MinimizerCorpusScheduler`] employs a genetic algorithm to compute a subset of the
+/// The [`MinimizerScheduler`] employs a genetic algorithm to compute a subset of the
 /// corpus that exercise all the requested features (e.g. all the coverage seen so far)
 /// prioritizing [`Testcase`]`s` using [`FavFactor`]
 #[derive(Debug, Clone)]
-pub struct MinimizerCorpusScheduler<CS, F, I, M, S>
+pub struct MinimizerScheduler<CS, F, I, M, S>
 where
-    CS: CorpusScheduler<I, S>,
+    CS: Scheduler<I, S>,
     F: FavFactor<I>,
     I: Input,
     M: AsSlice<usize> + SerdeAny + HasRefCnt,
@@ -65,9 +66,9 @@ where
     phantom: PhantomData<(F, I, M, S)>,
 }
 
-impl<CS, F, I, M, S> CorpusScheduler<I, S> for MinimizerCorpusScheduler<CS, F, I, M, S>
+impl<CS, F, I, M, S> Scheduler<I, S> for MinimizerScheduler<CS, F, I, M, S>
 where
-    CS: CorpusScheduler<I, S>,
+    CS: Scheduler<I, S>,
     F: FavFactor<I>,
     I: Input,
     M: AsSlice<usize> + SerdeAny + HasRefCnt,
@@ -113,15 +114,15 @@ where
     }
 }
 
-impl<CS, F, I, M, S> MinimizerCorpusScheduler<CS, F, I, M, S>
+impl<CS, F, I, M, S> MinimizerScheduler<CS, F, I, M, S>
 where
-    CS: CorpusScheduler<I, S>,
+    CS: Scheduler<I, S>,
     F: FavFactor<I>,
     I: Input,
     M: AsSlice<usize> + SerdeAny + HasRefCnt,
     S: HasCorpus<I> + HasMetadata + HasRand,
 {
-    /// Update the `Corpus` score using the `MinimizerCorpusScheduler`
+    /// Update the `Corpus` score using the `MinimizerScheduler`
     #[allow(clippy::unused_self)]
     #[allow(clippy::cast_possible_wrap)]
     pub fn update_score(&self, state: &mut S, idx: usize) -> Result<(), Error> {
@@ -136,7 +137,7 @@ where
             let factor = F::compute(&mut *entry)?;
             let meta = entry.metadata_mut().get_mut::<M>().ok_or_else(|| {
                 Error::KeyNotFound(format!(
-                    "Metadata needed for MinimizerCorpusScheduler not found in testcase #{}",
+                    "Metadata needed for MinimizerScheduler not found in testcase #{}",
                     idx
                 ))
             })?;
@@ -156,7 +157,7 @@ where
                     let must_remove = {
                         let old_meta = old.metadata_mut().get_mut::<M>().ok_or_else(|| {
                             Error::KeyNotFound(format!(
-                                "Metadata needed for MinimizerCorpusScheduler not found in testcase #{}",
+                                "Metadata needed for MinimizerScheduler not found in testcase #{}",
                                 old_idx
                             ))
                         })?;
@@ -198,7 +199,7 @@ where
         Ok(())
     }
 
-    /// Cull the `Corpus` using the `MinimizerCorpusScheduler`
+    /// Cull the `Corpus` using the `MinimizerScheduler`
     #[allow(clippy::unused_self)]
     pub fn cull(&self, state: &mut S) -> Result<(), Error> {
         let top_rated = match state.metadata().get::<TopRatedsMetadata>() {
@@ -213,7 +214,7 @@ where
                 let mut entry = state.corpus().get(*idx)?.borrow_mut();
                 let meta = entry.metadata().get::<M>().ok_or_else(|| {
                     Error::KeyNotFound(format!(
-                        "Metadata needed for MinimizerCorpusScheduler not found in testcase #{}",
+                        "Metadata needed for MinimizerScheduler not found in testcase #{}",
                         idx
                     ))
                 })?;
@@ -233,7 +234,7 @@ where
         &self.base
     }
 
-    /// Creates a new [`MinimizerCorpusScheduler`] that wraps a `base` [`CorpusScheduler`]
+    /// Creates a new [`MinimizerScheduler`] that wraps a `base` [`Scheduler`]
     /// and has a default probability to skip non-faved [`Testcase`]s of [`DEFAULT_SKIP_NON_FAVORED_PROB`].
     pub fn new(base: CS) -> Self {
         Self {
@@ -243,7 +244,7 @@ where
         }
     }
 
-    /// Creates a new [`MinimizerCorpusScheduler`] that wraps a `base` [`CorpusScheduler`]
+    /// Creates a new [`MinimizerScheduler`] that wraps a `base` [`Scheduler`]
     /// and has a non-default probability to skip non-faved [`Testcase`]s using (`skip_non_favored_prob`).
     pub fn with_skip_prob(base: CS, skip_non_favored_prob: u64) -> Self {
         Self {
@@ -254,11 +255,11 @@ where
     }
 }
 
-/// A [`MinimizerCorpusScheduler`] with [`LenTimeMulFavFactor`] to prioritize quick and small [`Testcase`]`s`.
+/// A [`MinimizerScheduler`] with [`LenTimeMulFavFactor`] to prioritize quick and small [`Testcase`]`s`.
-pub type LenTimeMinimizerCorpusScheduler<CS, I, M, S> =
+pub type LenTimeMinimizerScheduler<CS, I, M, S> =
-    MinimizerCorpusScheduler<CS, LenTimeMulFavFactor<I>, I, M, S>;
+    MinimizerScheduler<CS, LenTimeMulFavFactor<I>, I, M, S>;
 
-/// A [`MinimizerCorpusScheduler`] with [`LenTimeMulFavFactor`] to prioritize quick and small [`Testcase`]`s`
+/// A [`MinimizerScheduler`] with [`LenTimeMulFavFactor`] to prioritize quick and small [`Testcase`]`s`
 /// that exercise all the entries registered in the [`MapIndexesMetadata`].
-pub type IndexesLenTimeMinimizerCorpusScheduler<CS, I, S> =
+pub type IndexesLenTimeMinimizerScheduler<CS, I, S> =
-    MinimizerCorpusScheduler<CS, LenTimeMulFavFactor<I>, I, MapIndexesMetadata, S>;
+    MinimizerScheduler<CS, LenTimeMulFavFactor<I>, I, MapIndexesMetadata, S>;

libafl/src/schedulers/mod.rs

@@ -0,0 +1,106 @@
+//! Schedule the access to the Corpus.
+
+pub mod queue;
+pub use queue::QueueScheduler;
+
+pub mod probabilistic_sampling;
+pub use probabilistic_sampling::ProbabilitySamplingScheduler;
+
+pub mod accounting;
+pub use accounting::CoverageAccountingScheduler;
+
+pub mod fav_factor;
+pub use fav_factor::{FavFactor, LenTimeMulFavFactor};
+
+pub mod minimizer;
+pub use minimizer::{
+    IndexesLenTimeMinimizerScheduler, LenTimeMinimizerScheduler, MinimizerScheduler,
+};
+
+pub mod powersched;
+pub use powersched::PowerQueueScheduler;
+
+use alloc::borrow::ToOwned;
+
+use crate::{
+    bolts::rands::Rand,
+    corpus::{Corpus, Testcase},
+    inputs::Input,
+    state::{HasCorpus, HasRand},
+    Error,
+};
+
+/// The scheduler define how the fuzzer requests a testcase from the corpus.
+/// It has hooks to corpus add/replace/remove to allow complex scheduling algorithms to collect data.
+pub trait Scheduler<I, S>
+where
+    I: Input,
+{
+    /// Add an entry to the corpus and return its index
+    fn on_add(&self, _state: &mut S, _idx: usize) -> Result<(), Error> {
+        Ok(())
+    }
+
+    /// Replaces the testcase at the given idx
+    fn on_replace(
+        &self,
+        _state: &mut S,
+        _idx: usize,
+        _testcase: &Testcase<I>,
+    ) -> Result<(), Error> {
+        Ok(())
+    }
+
+    /// Removes an entry from the corpus, returning it if it was present.
+    fn on_remove(
+        &self,
+        _state: &mut S,
+        _idx: usize,
+        _testcase: &Option<Testcase<I>>,
+    ) -> Result<(), Error> {
+        Ok(())
+    }
+
+    /// Gets the next entry
+    fn next(&self, state: &mut S) -> Result<usize, Error>;
+}
+
+/// Feed the fuzzer simpply with a random testcase on request
+#[derive(Debug, Clone)]
+pub struct RandScheduler;
+
+impl<I, S> Scheduler<I, S> for RandScheduler
+where
+    S: HasCorpus<I> + HasRand,
+    I: Input,
+{
+    /// Gets the next entry at random
+    fn next(&self, state: &mut S) -> Result<usize, Error> {
+        if state.corpus().count() == 0 {
+            Err(Error::Empty("No entries in corpus".to_owned()))
+        } else {
+            let len = state.corpus().count();
+            let id = state.rand_mut().below(len as u64) as usize;
+            *state.corpus_mut().current_mut() = Some(id);
+            Ok(id)
+        }
+    }
+}
+
+impl RandScheduler {
+    /// Create a new [`RandScheduler`] that just schedules randomly.
+    #[must_use]
+    pub fn new() -> Self {
+        Self
+    }
+}
+
+impl Default for RandScheduler {
+    fn default() -> Self {
+        Self::new()
+    }
+}
+
+/// A [`StdScheduler`] uses the default scheduler in `LibAFL` to schedule [`Testcase`]s.
+/// The current `Std` is a [`RandScheduler`], although this may change in the future, if another [`Scheduler`] delivers better results.
+pub type StdScheduler = RandScheduler;

libafl/src/schedulers/powersched.rs

@@ -3,8 +3,9 @@
 use alloc::string::{String, ToString};
 
 use crate::{
-    corpus::{Corpus, CorpusScheduler, PowerScheduleTestcaseMetaData},
+    corpus::{Corpus, PowerScheduleTestcaseMetaData},
     inputs::Input,
+    schedulers::Scheduler,
     stages::PowerScheduleMetadata,
     state::{HasCorpus, HasMetadata},
     Error,
@@ -12,15 +13,15 @@ use crate::{
 
 /// A corpus scheduler using power schedules
 #[derive(Clone, Debug)]
-pub struct PowerQueueCorpusScheduler;
+pub struct PowerQueueScheduler;
 
-impl Default for PowerQueueCorpusScheduler {
+impl Default for PowerQueueScheduler {
     fn default() -> Self {
         Self::new()
     }
 }
 
-impl<I, S> CorpusScheduler<I, S> for PowerQueueCorpusScheduler
+impl<I, S> Scheduler<I, S> for PowerQueueScheduler
 where
     S: HasCorpus<I> + HasMetadata,
     I: Input,
@@ -78,8 +79,8 @@ where
     }
 }
 
-impl PowerQueueCorpusScheduler {
+impl PowerQueueScheduler {
-    /// Create a new [`PowerQueueCorpusScheduler`]
+    /// Create a new [`PowerQueueScheduler`]
     #[must_use]
     pub fn new() -> Self {
         Self

libafl/src/schedulers/probabilistic_sampling.rs

@@ -3,8 +3,9 @@
 
 use crate::{
     bolts::rands::Rand,
-    corpus::{Corpus, CorpusScheduler, FavFactor},
+    corpus::Corpus,
     inputs::Input,
+    schedulers::{FavFactor, Scheduler},
     state::{HasCorpus, HasMetadata, HasRand},
     Error,
 };
@@ -15,7 +16,7 @@ use serde::{Deserialize, Serialize};
 
 /// Conduct reservoir sampling (probabilistic sampling) over all corpus elements.
 #[derive(Debug, Clone)]
-pub struct ProbabilitySamplingCorpusScheduler<I, S, F>
+pub struct ProbabilitySamplingScheduler<I, S, F>
 where
     I: Input,
     S: HasCorpus<I> + HasMetadata + HasRand,
@@ -52,13 +53,13 @@ impl Default for ProbabilityMetadata {
     }
 }
 
-impl<I, S, F> ProbabilitySamplingCorpusScheduler<I, S, F>
+impl<I, S, F> ProbabilitySamplingScheduler<I, S, F>
 where
     I: Input,
     S: HasCorpus<I> + HasMetadata + HasRand,
     F: FavFactor<I>,
 {
-    /// Creates a new [`struct@ProbabilitySamplingCorpusScheduler`]
+    /// Creates a new [`struct@ProbabilitySamplingScheduler`]
     #[must_use]
     pub fn new() -> Self {
         Self {
@@ -87,7 +88,7 @@ where
     }
 }
 
-impl<I, S, F> CorpusScheduler<I, S> for ProbabilitySamplingCorpusScheduler<I, S, F>
+impl<I, S, F> Scheduler<I, S> for ProbabilitySamplingScheduler<I, S, F>
 where
     I: Input,
     S: HasCorpus<I> + HasMetadata + HasRand,
@@ -121,7 +122,7 @@ where
     }
 }
 
-impl<I, S, F> Default for ProbabilitySamplingCorpusScheduler<I, S, F>
+impl<I, S, F> Default for ProbabilitySamplingScheduler<I, S, F>
 where
     I: Input,
     S: HasCorpus<I> + HasMetadata + HasRand,
@@ -139,11 +140,9 @@ mod tests {
 
     use crate::{
         bolts::rands::StdRand,
-        corpus::{
+        corpus::{Corpus, InMemoryCorpus, Testcase},
-            Corpus, CorpusScheduler, FavFactor, InMemoryCorpus, ProbabilitySamplingCorpusScheduler,
-            Testcase,
-        },
         inputs::{bytes::BytesInput, Input},
+        schedulers::{FavFactor, ProbabilitySamplingScheduler, Scheduler},
         state::StdState,
         Error,
     };
@@ -168,15 +167,15 @@ mod tests {
         }
     }
 
-    pub type UniformProbabilitySamplingCorpusScheduler<I, S> =
+    pub type UniformProbabilitySamplingScheduler<I, S> =
-        ProbabilitySamplingCorpusScheduler<I, S, UniformDistribution<I>>;
+        ProbabilitySamplingScheduler<I, S, UniformDistribution<I>>;
 
     #[test]
     fn test_prob_sampling() {
         // the first 3 probabilities will be .69, .86, .44
         let rand = StdRand::with_seed(12);
 
-        let scheduler = UniformProbabilitySamplingCorpusScheduler::new();
+        let scheduler = UniformProbabilitySamplingScheduler::new();
 
         let mut corpus = InMemoryCorpus::new();
         let t1 = Testcase::with_filename(BytesInput::new(vec![0_u8; 4]), "1".into());

libafl/src/schedulers/queue.rs

@@ -2,18 +2,13 @@
 
 use alloc::borrow::ToOwned;
 
-use crate::{
+use crate::{corpus::Corpus, inputs::Input, schedulers::Scheduler, state::HasCorpus, Error};
-    corpus::{Corpus, CorpusScheduler},
-    inputs::Input,
-    state::HasCorpus,
-    Error,
-};
 
 /// Walk the corpus in a queue-like fashion
 #[derive(Debug, Clone)]
-pub struct QueueCorpusScheduler;
+pub struct QueueScheduler;
 
-impl<I, S> CorpusScheduler<I, S> for QueueCorpusScheduler
+impl<I, S> Scheduler<I, S> for QueueScheduler
 where
     S: HasCorpus<I>,
     I: Input,
@@ -39,15 +34,15 @@ where
     }
 }
 
-impl QueueCorpusScheduler {
+impl QueueScheduler {
-    /// Creates a new `QueueCorpusScheduler`
+    /// Creates a new `QueueScheduler`
     #[must_use]
     pub fn new() -> Self {
         Self
     }
 }
 
-impl Default for QueueCorpusScheduler {
+impl Default for QueueScheduler {
     fn default() -> Self {
         Self::new()
     }
@@ -61,15 +56,16 @@ mod tests {
 
     use crate::{
         bolts::rands::StdRand,
-        corpus::{Corpus, CorpusScheduler, OnDiskCorpus, QueueCorpusScheduler, Testcase},
+        corpus::{Corpus, OnDiskCorpus, Testcase},
         inputs::bytes::BytesInput,
+        schedulers::{QueueScheduler, Scheduler},
         state::{HasCorpus, StdState},
     };
 
     #[test]
     fn test_queuecorpus() {
         let rand = StdRand::with_seed(4);
-        let scheduler = QueueCorpusScheduler::new();
+        let scheduler = QueueScheduler::new();
 
         let mut q =
             OnDiskCorpus::<BytesInput>::new(PathBuf::from("target/.test/fancy/path")).unwrap();

libafl/src/stages/mod.rs

@@ -38,15 +38,15 @@ pub mod sync;
 pub use sync::*;
 
 use crate::{
-    corpus::CorpusScheduler,
     events::{EventFirer, EventRestarter, HasEventManagerId, ProgressReporter},
     executors::{Executor, HasObservers},
     inputs::Input,
     observers::ObserversTuple,
+    schedulers::Scheduler,
     state::{
         HasExecutions, HasRand, {HasClientPerfMonitor, HasCorpus},
     },
-    Error, EvaluatorObservers, ExecutesInput, ExecutionProcessor, HasCorpusScheduler,
+    Error, EvaluatorObservers, ExecutesInput, ExecutionProcessor, HasScheduler,
 };
 use core::{convert::From, marker::PhantomData};
 
@@ -171,13 +171,13 @@ where
 #[derive(Debug)]
 pub struct PushStageAdapter<CS, EM, I, OT, PS, S, Z>
 where
-    CS: CorpusScheduler<I, S>,
+    CS: Scheduler<I, S>,
     EM: EventFirer<I> + EventRestarter<S> + HasEventManagerId + ProgressReporter<I>,
     I: Input,
     OT: ObserversTuple<I, S>,
     PS: PushStage<CS, EM, I, OT, S, Z>,
     S: HasClientPerfMonitor + HasCorpus<I> + HasRand + HasExecutions,
-    Z: ExecutionProcessor<I, OT, S> + EvaluatorObservers<I, OT, S> + HasCorpusScheduler<CS, I, S>,
+    Z: ExecutionProcessor<I, OT, S> + EvaluatorObservers<I, OT, S> + HasScheduler<CS, I, S>,
 {
     push_stage: PS,
     phantom: PhantomData<(CS, EM, I, OT, S, Z)>,
@@ -185,13 +185,13 @@ where
 
 impl<CS, EM, I, OT, PS, S, Z> PushStageAdapter<CS, EM, I, OT, PS, S, Z>
 where
-    CS: CorpusScheduler<I, S>,
+    CS: Scheduler<I, S>,
     EM: EventFirer<I> + EventRestarter<S> + HasEventManagerId + ProgressReporter<I>,
     I: Input,
     OT: ObserversTuple<I, S>,
     PS: PushStage<CS, EM, I, OT, S, Z>,
     S: HasClientPerfMonitor + HasCorpus<I> + HasRand + HasExecutions,
-    Z: ExecutionProcessor<I, OT, S> + EvaluatorObservers<I, OT, S> + HasCorpusScheduler<CS, I, S>,
+    Z: ExecutionProcessor<I, OT, S> + EvaluatorObservers<I, OT, S> + HasScheduler<CS, I, S>,
 {
     /// Create a new [`PushStageAdapter`], wrapping the given [`PushStage`]
     /// to be used as a normal [`Stage`]
@@ -206,7 +206,7 @@ where
 
 impl<CS, E, EM, I, OT, PS, S, Z> Stage<E, EM, S, Z> for PushStageAdapter<CS, EM, I, OT, PS, S, Z>
 where
-    CS: CorpusScheduler<I, S>,
+    CS: Scheduler<I, S>,
     E: Executor<EM, I, S, Z> + HasObservers<I, OT, S>,
     EM: EventFirer<I> + EventRestarter<S> + HasEventManagerId + ProgressReporter<I>,
     I: Input,
@@ -216,7 +216,7 @@ where
     Z: ExecutesInput<I, OT, S, Z>
         + ExecutionProcessor<I, OT, S>
         + EvaluatorObservers<I, OT, S>
-        + HasCorpusScheduler<CS, I, S>,
+        + HasScheduler<CS, I, S>,
 {
     fn perform(
         &mut self,

libafl/src/stages/power.rs

@@ -4,12 +4,13 @@ use alloc::string::{String, ToString};
 use core::{fmt::Debug, marker::PhantomData};
 
 use crate::{
-    corpus::{Corpus, IsFavoredMetadata, PowerScheduleTestcaseMetaData, Testcase},
+    corpus::{Corpus, PowerScheduleTestcaseMetaData, Testcase},
     executors::{Executor, HasObservers},
     fuzzer::Evaluator,
     inputs::Input,
     mutators::Mutator,
     observers::{MapObserver, ObserversTuple},
+    schedulers::minimizer::IsFavoredMetadata,
     stages::{MutationalStage, PowerScheduleMetadata, Stage},
     state::{HasClientPerfMonitor, HasCorpus, HasMetadata},
     Error,

libafl/src/stages/push/mod.rs

@@ -17,13 +17,13 @@ use core::{
 
 use crate::{
     bolts::current_time,
-    corpus::CorpusScheduler,
     events::{EventFirer, EventRestarter, HasEventManagerId, ProgressReporter},
     executors::ExitKind,
     inputs::Input,
     observers::ObserversTuple,
+    schedulers::Scheduler,
     state::{HasClientPerfMonitor, HasCorpus, HasExecutions, HasRand},
-    Error, EvaluatorObservers, ExecutionProcessor, HasCorpusScheduler,
+    Error, EvaluatorObservers, ExecutionProcessor, HasScheduler,
 };
 
 /// Send a monitor update all 15 (or more) seconds
@@ -34,12 +34,12 @@ const STATS_TIMEOUT_DEFAULT: Duration = Duration::from_secs(15);
 #[derive(Clone, Debug)]
 pub struct PushStageSharedState<CS, EM, I, OT, S, Z>
 where
-    CS: CorpusScheduler<I, S>,
+    CS: Scheduler<I, S>,
     EM: EventFirer<I> + EventRestarter<S> + HasEventManagerId,
     I: Input,
     OT: ObserversTuple<I, S>,
     S: HasClientPerfMonitor + HasCorpus<I> + HasRand,
-    Z: ExecutionProcessor<I, OT, S> + EvaluatorObservers<I, OT, S> + HasCorpusScheduler<CS, I, S>,
+    Z: ExecutionProcessor<I, OT, S> + EvaluatorObservers<I, OT, S> + HasScheduler<CS, I, S>,
 {
     /// The [`crate::state::State`]
     pub state: S,
@@ -54,12 +54,12 @@ where
 
 impl<CS, EM, I, OT, S, Z> PushStageSharedState<CS, EM, I, OT, S, Z>
 where
-    CS: CorpusScheduler<I, S>,
+    CS: Scheduler<I, S>,
     EM: EventFirer<I> + EventRestarter<S> + HasEventManagerId,
     I: Input,
     OT: ObserversTuple<I, S>,
     S: HasClientPerfMonitor + HasCorpus<I> + HasRand,
-    Z: ExecutionProcessor<I, OT, S> + EvaluatorObservers<I, OT, S> + HasCorpusScheduler<CS, I, S>,
+    Z: ExecutionProcessor<I, OT, S> + EvaluatorObservers<I, OT, S> + HasScheduler<CS, I, S>,
 {
     /// Create a new `PushStageSharedState` that can be used by all [`PushStage`]s
     #[must_use]
@@ -78,12 +78,12 @@ where
 #[derive(Clone, Debug)]
 pub struct PushStageHelper<CS, EM, I, OT, S, Z>
 where
-    CS: CorpusScheduler<I, S>,
+    CS: Scheduler<I, S>,
     EM: EventFirer<I> + EventRestarter<S> + HasEventManagerId,
     I: Input,
     OT: ObserversTuple<I, S>,
     S: HasClientPerfMonitor + HasCorpus<I> + HasRand,
-    Z: ExecutionProcessor<I, OT, S> + EvaluatorObservers<I, OT, S> + HasCorpusScheduler<CS, I, S>,
+    Z: ExecutionProcessor<I, OT, S> + EvaluatorObservers<I, OT, S> + HasScheduler<CS, I, S>,
 {
     /// If this stage has already been initalized.
     /// This gets reset to `false` after one iteration of the stage is done.
@@ -109,12 +109,12 @@ where
 
 impl<CS, EM, I, OT, S, Z> PushStageHelper<CS, EM, I, OT, S, Z>
 where
-    CS: CorpusScheduler<I, S>,
+    CS: Scheduler<I, S>,
     EM: EventFirer<I> + EventRestarter<S> + HasEventManagerId,
     I: Input,
     OT: ObserversTuple<I, S>,
     S: HasClientPerfMonitor + HasCorpus<I> + HasRand,
-    Z: ExecutionProcessor<I, OT, S> + EvaluatorObservers<I, OT, S> + HasCorpusScheduler<CS, I, S>,
+    Z: ExecutionProcessor<I, OT, S> + EvaluatorObservers<I, OT, S> + HasScheduler<CS, I, S>,
 {
     /// Create a new [`PushStageHelper`]
     #[must_use]
@@ -182,12 +182,12 @@ where
 /// After it has finished once, we will call it agan for the next fuzzer round.
 pub trait PushStage<CS, EM, I, OT, S, Z>: Iterator
 where
-    CS: CorpusScheduler<I, S>,
+    CS: Scheduler<I, S>,
     EM: EventFirer<I> + EventRestarter<S> + HasEventManagerId + ProgressReporter<I>,
     I: Input,
     OT: ObserversTuple<I, S>,
     S: HasClientPerfMonitor + HasCorpus<I> + HasRand + HasExecutions,
-    Z: ExecutionProcessor<I, OT, S> + EvaluatorObservers<I, OT, S> + HasCorpusScheduler<CS, I, S>,
+    Z: ExecutionProcessor<I, OT, S> + EvaluatorObservers<I, OT, S> + HasScheduler<CS, I, S>,
 {
     /// Gets the [`PushStageHelper`]
     fn push_stage_helper(&self) -> &PushStageHelper<CS, EM, I, OT, S, Z>;

libafl/src/stages/push/mutational.rs

@@ -6,16 +6,17 @@ use core::cell::{Cell, RefCell};
 
 use crate::{
     bolts::rands::Rand,
-    corpus::{Corpus, CorpusScheduler},
+    corpus::Corpus,
     events::{EventFirer, EventRestarter, HasEventManagerId, ProgressReporter},
     executors::ExitKind,
     inputs::Input,
     mark_feature_time,
     mutators::Mutator,
     observers::ObserversTuple,
+    schedulers::Scheduler,
     start_timer,
     state::{HasClientPerfMonitor, HasCorpus, HasExecutions, HasRand},
-    Error, EvaluatorObservers, ExecutionProcessor, HasCorpusScheduler,
+    Error, EvaluatorObservers, ExecutionProcessor, HasScheduler,
 };
 
 #[cfg(feature = "introspection")]
@@ -37,13 +38,13 @@ pub static DEFAULT_MUTATIONAL_MAX_ITERATIONS: u64 = 128;
 #[derive(Clone, Debug)]
 pub struct StdMutationalPushStage<CS, EM, I, M, OT, S, Z>
 where
-    CS: CorpusScheduler<I, S>,
+    CS: Scheduler<I, S>,
     EM: EventFirer<I> + EventRestarter<S> + HasEventManagerId,
     I: Input,
     M: Mutator<I, S>,
     OT: ObserversTuple<I, S>,
     S: HasClientPerfMonitor + HasCorpus<I> + HasRand,
-    Z: ExecutionProcessor<I, OT, S> + EvaluatorObservers<I, OT, S> + HasCorpusScheduler<CS, I, S>,
+    Z: ExecutionProcessor<I, OT, S> + EvaluatorObservers<I, OT, S> + HasScheduler<CS, I, S>,
 {
     current_corpus_idx: Option<usize>,
     testcases_to_do: usize,
@@ -58,13 +59,13 @@ where
 
 impl<CS, EM, I, M, OT, S, Z> StdMutationalPushStage<CS, EM, I, M, OT, S, Z>
 where
-    CS: CorpusScheduler<I, S>,
+    CS: Scheduler<I, S>,
     EM: EventFirer<I> + EventRestarter<S> + HasEventManagerId,
     I: Input,
     M: Mutator<I, S>,
     OT: ObserversTuple<I, S>,
     S: HasClientPerfMonitor + HasCorpus<I> + HasRand,
-    Z: ExecutionProcessor<I, OT, S> + EvaluatorObservers<I, OT, S> + HasCorpusScheduler<CS, I, S>,
+    Z: ExecutionProcessor<I, OT, S> + EvaluatorObservers<I, OT, S> + HasScheduler<CS, I, S>,
 {
     /// Gets the number of iterations as a random number
     #[allow(clippy::unused_self, clippy::unnecessary_wraps)] // TODO: we should put this function into a trait later
@@ -81,13 +82,13 @@ where
 impl<CS, EM, I, M, OT, S, Z> PushStage<CS, EM, I, OT, S, Z>
     for StdMutationalPushStage<CS, EM, I, M, OT, S, Z>
 where
-    CS: CorpusScheduler<I, S>,
+    CS: Scheduler<I, S>,
     EM: EventFirer<I> + EventRestarter<S> + HasEventManagerId + ProgressReporter<I>,
     I: Input,
     M: Mutator<I, S>,
     OT: ObserversTuple<I, S>,
     S: HasClientPerfMonitor + HasCorpus<I> + HasRand + HasExecutions,
-    Z: ExecutionProcessor<I, OT, S> + EvaluatorObservers<I, OT, S> + HasCorpusScheduler<CS, I, S>,
+    Z: ExecutionProcessor<I, OT, S> + EvaluatorObservers<I, OT, S> + HasScheduler<CS, I, S>,
 {
     /// Creates a new default mutational stage
     fn init(
@@ -192,13 +193,13 @@ where
 
 impl<CS, EM, I, M, OT, S, Z> Iterator for StdMutationalPushStage<CS, EM, I, M, OT, S, Z>
 where
-    CS: CorpusScheduler<I, S>,
+    CS: Scheduler<I, S>,
     EM: EventFirer<I> + EventRestarter<S> + HasEventManagerId + ProgressReporter<I>,
     I: Input,
     M: Mutator<I, S>,
     OT: ObserversTuple<I, S>,
     S: HasClientPerfMonitor + HasCorpus<I> + HasRand + HasExecutions,
-    Z: ExecutionProcessor<I, OT, S> + EvaluatorObservers<I, OT, S> + HasCorpusScheduler<CS, I, S>,
+    Z: ExecutionProcessor<I, OT, S> + EvaluatorObservers<I, OT, S> + HasScheduler<CS, I, S>,
 {
     type Item = Result<I, Error>;
 
@@ -209,13 +210,13 @@ where
 
 impl<CS, EM, I, M, OT, S, Z> StdMutationalPushStage<CS, EM, I, M, OT, S, Z>
 where
-    CS: CorpusScheduler<I, S>,
+    CS: Scheduler<I, S>,
     EM: EventFirer<I> + EventRestarter<S> + HasEventManagerId,
     I: Input,
     M: Mutator<I, S>,
     OT: ObserversTuple<I, S>,
     S: HasClientPerfMonitor + HasCorpus<I> + HasRand,
-    Z: ExecutionProcessor<I, OT, S> + EvaluatorObservers<I, OT, S> + HasCorpusScheduler<CS, I, S>,
+    Z: ExecutionProcessor<I, OT, S> + EvaluatorObservers<I, OT, S> + HasScheduler<CS, I, S>,
 {
     /// Creates a new default mutational stage
     #[must_use]

libafl_concolic/symcc_runtime/symcc

@@ -1 +1 @@
-Subproject commit 3133c0b37d3c498db9addf2331378c7c9cadbf10
+Subproject commit 45cde0269ae22aef4cca2e1fb98c3b24f7bb2984

libafl_sugar/src/forkserver.rs

@@ -13,10 +13,7 @@ use libafl::{
         tuples::{tuple_list, Merge},
         AsMutSlice,
     },
-    corpus::{
+    corpus::{CachedOnDiskCorpus, Corpus, OnDiskCorpus},
-        CachedOnDiskCorpus, Corpus, IndexesLenTimeMinimizerCorpusScheduler, OnDiskCorpus,
-        QueueCorpusScheduler,
-    },
     events::{EventConfig, EventRestarter, LlmpRestartingEventManager},
     executors::{forkserver::ForkserverExecutorBuilder, TimeoutForkserverExecutor},
     feedback_or, feedback_or_fast,
@@ -27,6 +24,7 @@ use libafl::{
     mutators::scheduled::{havoc_mutations, tokens_mutations, StdScheduledMutator},
     mutators::token_mutations::Tokens,
     observers::{ConstMapObserver, HitcountsMapObserver, TimeObserver},
+    schedulers::{IndexesLenTimeMinimizerScheduler, QueueScheduler},
     stages::StdMutationalStage,
     state::{HasCorpus, HasMetadata, StdState},
     Error,
@@ -171,8 +169,7 @@ impl<'a, const MAP_SIZE: usize> ForkserverBytesCoverageSugar<'a, MAP_SIZE> {
             }
 
             // A minimization+queue policy to get testcasess from the corpus
-            let scheduler =
+            let scheduler = IndexesLenTimeMinimizerScheduler::new(QueueScheduler::new());
-                IndexesLenTimeMinimizerCorpusScheduler::new(QueueCorpusScheduler::new());
 
             // A fuzzer with feedbacks and a corpus scheduler
             let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective);

libafl_sugar/src/inmemory.rs

@@ -15,10 +15,7 @@ use libafl::{
         tuples::{tuple_list, Merge},
         AsSlice,
     },
-    corpus::{
+    corpus::{CachedOnDiskCorpus, Corpus, OnDiskCorpus},
-        CachedOnDiskCorpus, Corpus, IndexesLenTimeMinimizerCorpusScheduler, OnDiskCorpus,
-        QueueCorpusScheduler,
-    },
     events::{EventConfig, EventRestarter, LlmpRestartingEventManager},
     executors::{inprocess::InProcessExecutor, ExitKind, ShadowExecutor, TimeoutExecutor},
     feedback_or, feedback_or_fast,
@@ -30,6 +27,7 @@ use libafl::{
     mutators::scheduled::{havoc_mutations, tokens_mutations, StdScheduledMutator},
     mutators::token_mutations::{I2SRandReplace, Tokens},
     observers::{HitcountsMapObserver, StdMapObserver, TimeObserver},
+    schedulers::{IndexesLenTimeMinimizerScheduler, QueueScheduler},
     stages::{ShadowTracingStage, StdMutationalStage},
     state::{HasCorpus, HasMetadata, StdState},
     Error,
@@ -192,8 +190,7 @@ where
             }
 
             // A minimization+queue policy to get testcasess from the corpus
-            let scheduler =
+            let scheduler = IndexesLenTimeMinimizerScheduler::new(QueueScheduler::new());
-                IndexesLenTimeMinimizerCorpusScheduler::new(QueueCorpusScheduler::new());
 
             // A fuzzer with feedbacks and a corpus scheduler
             let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective);

libafl_sugar/src/qemu.rs

@@ -14,10 +14,7 @@ use libafl::{
         tuples::{tuple_list, Merge},
         AsSlice,
     },
-    corpus::{
+    corpus::{CachedOnDiskCorpus, Corpus, OnDiskCorpus},
-        CachedOnDiskCorpus, Corpus, IndexesLenTimeMinimizerCorpusScheduler, OnDiskCorpus,
-        QueueCorpusScheduler,
-    },
     events::{EventConfig, EventRestarter, LlmpRestartingEventManager},
     executors::{ExitKind, ShadowExecutor, TimeoutExecutor},
     feedback_or, feedback_or_fast,
@@ -29,6 +26,7 @@ use libafl::{
     mutators::scheduled::{havoc_mutations, tokens_mutations, StdScheduledMutator},
     mutators::{token_mutations::Tokens, I2SRandReplace},
     observers::{HitcountsMapObserver, TimeObserver, VariableMapObserver},
+    schedulers::{IndexesLenTimeMinimizerScheduler, QueueScheduler},
     stages::{ShadowTracingStage, StdMutationalStage},
     state::{HasCorpus, HasMetadata, StdState},
 };
@@ -198,8 +196,7 @@ where
             }
 
             // A minimization+queue policy to get testcasess from the corpus
-            let scheduler =
+            let scheduler = IndexesLenTimeMinimizerScheduler::new(QueueScheduler::new());
-                IndexesLenTimeMinimizerCorpusScheduler::new(QueueCorpusScheduler::new());
 
             // A fuzzer with feedbacks and a corpus scheduler
             let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective);

scripts/fmt_all.sh

@@ -9,12 +9,13 @@ echo "Welcome to the happy fmt script. :)"
 echo "[*] Running fmt for the main crates"
 cargo fmt
 
-cd fuzzers
+fuzzers=$(find ./fuzzers -maxdepth 1 -type d)
+backtrace_fuzzers=$(find ./fuzzers/backtrace_baby_fuzzers -maxdepth 1 -type d)
 
-for fuzzer in *;
+for fuzzer in $(echo $fuzzers $backtrace_fuzzers);
 do
-    cd $fuzzer
+    pushd $fuzzer
     echo "[*] Running fmt for $fuzzer"
     cargo fmt --all
-    cd ..
+    popd
 done