From afa2965f3c608b06887711e6c3024b57d1d183ac Mon Sep 17 00:00:00 2001 From: "Dongjia \"toka\" Zhang" Date: Wed, 13 Mar 2024 18:49:09 +0100 Subject: [PATCH] Remove some arguments from pre_exec/post_exec in ExecutorHook (#1933) * refactor * no std, fmt * win mac * state * frida * ctx * trait bound * clip --- fuzzers/fuzzbench_ctx/src/lib.rs | 10 +- libafl/src/executors/hooks/inprocess.rs | 53 +++++--- libafl/src/executors/hooks/inprocess_fork.rs | 33 ++--- libafl/src/executors/hooks/mod.rs | 106 ++++++---------- libafl/src/executors/hooks/unix.rs | 2 +- libafl/src/executors/hooks/windows.rs | 2 +- libafl/src/executors/inprocess/inner.rs | 36 +++--- libafl/src/executors/inprocess/mod.rs | 39 +++--- libafl/src/executors/inprocess/stateful.rs | 32 ++--- libafl/src/executors/inprocess_fork/inner.rs | 25 ++-- libafl/src/executors/inprocess_fork/mod.rs | 14 +- .../src/executors/inprocess_fork/stateful.rs | 14 +- libafl_frida/src/executor.rs | 6 +- libafl_qemu/src/executor/mod.rs | 4 +- libafl_targets/src/sancov_pcguard.rs | 120 ++++++++++++------ 15 files changed, 266 insertions(+), 230 deletions(-) diff --git a/fuzzers/fuzzbench_ctx/src/lib.rs b/fuzzers/fuzzbench_ctx/src/lib.rs index 7c195bbc2b..2d3e5be8ef 100644 --- a/fuzzers/fuzzbench_ctx/src/lib.rs +++ b/fuzzers/fuzzbench_ctx/src/lib.rs @@ -18,7 +18,10 @@ use clap::{Arg, Command}; use libafl::{ corpus::{Corpus, InMemoryOnDiskCorpus, OnDiskCorpus}, events::SimpleRestartingEventManager, - executors::{inprocess::HookableInProcessExecutor, ExitKind}, + executors::{ + inprocess::{HookableInProcessExecutor, InProcessExecutor}, + ExitKind, + }, feedback_or, feedbacks::{CrashFeedback, MaxMapFeedback, TimeFeedback}, fuzzer::{Fuzzer, StdFuzzer}, @@ -332,7 +335,7 @@ fn fuzz( }; let mut tracing_harness = harness; - let ctx_hook = CtxHook::default(); + let ctx_hook = CtxHook::new(); // Create the executor for an in-process function with one observer for edge coverage and one for the execution time let mut executor = HookableInProcessExecutor::with_timeout_generic( tuple_list!(ctx_hook), @@ -346,8 +349,7 @@ fn fuzz( // Setup a tracing stage in which we log comparisons let tracing = TracingStage::new( - HookableInProcessExecutor::with_timeout_generic( - tuple_list!(ctx_hook), + InProcessExecutor::with_timeout( &mut tracing_harness, tuple_list!(cmplog_observer), &mut fuzzer, diff --git a/libafl/src/executors/hooks/inprocess.rs b/libafl/src/executors/hooks/inprocess.rs index bfff146059..8733c37a36 100644 --- a/libafl/src/executors/hooks/inprocess.rs +++ b/libafl/src/executors/hooks/inprocess.rs @@ -5,6 +5,7 @@ use core::ptr::addr_of_mut; use core::sync::atomic::{compiler_fence, Ordering}; use core::{ ffi::c_void, + marker::PhantomData, ptr::{self, null_mut}, time::Duration, }; @@ -30,12 +31,16 @@ use crate::{ events::{EventFirer, EventRestarter}, executors::{hooks::ExecutorHook, inprocess::HasInProcessHooks, Executor, HasObservers}, feedbacks::Feedback, + inputs::UsesInput, state::{HasCorpus, HasExecutions, HasSolutions}, Error, HasObjective, }; /// The inmem executor's handlers. #[allow(missing_debug_implementations)] -pub struct InProcessHooks { +pub struct InProcessHooks +where + S: UsesInput, +{ /// On crash C function pointer #[cfg(feature = "std")] pub crash_handler: *const c_void, @@ -45,6 +50,7 @@ pub struct InProcessHooks { /// `TImer` struct #[cfg(feature = "std")] pub timer: TimerStruct, + phantom: PhantomData, } /// Any hooks that is about timeout @@ -80,7 +86,10 @@ pub trait HasTimeout { fn handle_timeout(&mut self, data: &mut InProcessExecutorHandlerData) -> bool; } -impl HasTimeout for InProcessHooks { +impl HasTimeout for InProcessHooks +where + S: UsesInput, +{ #[cfg(feature = "std")] fn timer(&self) -> &TimerStruct { &self.timer @@ -184,13 +193,15 @@ impl HasTimeout for InProcessHooks { } } -impl ExecutorHook for InProcessHooks { - fn init(&mut self, _state: &mut S) {} - +impl ExecutorHook for InProcessHooks +where + S: UsesInput, +{ + fn init(&mut self, _state: &mut S) {} /// Call before running a target. #[allow(clippy::unused_self)] #[allow(unused_variables)] - fn pre_exec(&mut self, fuzzer: &mut Z, state: &mut S, mgr: &mut EM, input: &I) { + fn pre_exec(&mut self, state: &mut S, input: &S::Input) { #[cfg(feature = "std")] unsafe { let data = addr_of_mut!(GLOBAL_STATE); @@ -204,26 +215,23 @@ impl ExecutorHook for InProcessHooks { /// Call after running a target. #[allow(clippy::unused_self)] - fn post_exec( - &mut self, - _fuzzer: &mut Z, - _state: &mut S, - _mgr: &mut EM, - _input: &I, - ) { + fn post_exec(&mut self, _state: &mut S, _input: &S::Input) { // timeout stuff #[cfg(all(feature = "std", not(all(miri, target_vendor = "apple"))))] self.timer_mut().unset_timer(); } } -impl InProcessHooks { +impl InProcessHooks +where + S: UsesInput, +{ /// Create new [`InProcessHooks`]. #[cfg(unix)] #[allow(unused_variables)] pub fn new(exec_tmout: Duration) -> Result where - E: Executor + HasObservers + HasInProcessHooks, + E: Executor + HasObservers + HasInProcessHooks, EM: EventFirer + EventRestarter, OF: Feedback, E::State: HasExecutions + HasSolutions + HasCorpus, @@ -246,6 +254,7 @@ impl InProcessHooks { as *const _, #[cfg(feature = "std")] timer: TimerStruct::new(exec_tmout), + phantom: PhantomData, }) } } @@ -255,7 +264,7 @@ impl InProcessHooks { #[allow(unused)] pub fn new(exec_tmout: Duration) -> Result where - E: Executor + HasObservers + HasInProcessHooks, + E: Executor + HasObservers + HasInProcessHooks, EM: EventFirer + EventRestarter, OF: Feedback, E::State: State + HasExecutions + HasSolutions + HasCorpus, @@ -292,11 +301,14 @@ impl InProcessHooks { crash_handler, timeout_handler, timer, + phantom: PhantomData, }); } #[cfg(not(feature = "std"))] { - ret = Ok(Self {}); + ret = Ok(Self { + phantom: PhantomData, + }); } ret @@ -307,14 +319,16 @@ impl InProcessHooks { #[allow(unused_variables)] pub fn new(exec_tmout: Duration) -> Result where - E: Executor + HasObservers + HasInProcessHooks, + E: Executor + HasObservers + HasInProcessHooks, EM: EventFirer + EventRestarter, OF: Feedback, E::State: HasExecutions + HasSolutions + HasCorpus, Z: HasObjective, { #[cfg_attr(miri, allow(unused_variables))] - let ret = Self {}; + let ret = Self { + phantom: PhantomData, + }; Ok(ret) } @@ -329,6 +343,7 @@ impl InProcessHooks { timeout_handler: ptr::null(), #[cfg(feature = "std")] timer: TimerStruct::new(Duration::from_millis(5000)), + phantom: PhantomData, } } } diff --git a/libafl/src/executors/hooks/inprocess_fork.rs b/libafl/src/executors/hooks/inprocess_fork.rs index 1b7ba6dfb4..819bbe30df 100644 --- a/libafl/src/executors/hooks/inprocess_fork.rs +++ b/libafl/src/executors/hooks/inprocess_fork.rs @@ -2,6 +2,7 @@ use alloc::vec::Vec; use core::{ ffi::c_void, + marker::PhantomData, ptr::{addr_of_mut, null}, sync::atomic::{compiler_fence, Ordering}, }; @@ -19,30 +20,29 @@ use crate::{ inprocess_fork::{child_signal_handlers, ForkHandlerFuncPtr}, HasObservers, }, + inputs::UsesInput, Error, }; /// The inmem fork executor's hooks. #[derive(Debug)] -pub struct InChildProcessHooks { +pub struct InChildProcessHooks { /// On crash C function pointer pub crash_handler: *const c_void, /// On timeout C function pointer pub timeout_handler: *const c_void, + phantom: PhantomData, } -impl ExecutorHook for InChildProcessHooks { +impl ExecutorHook for InChildProcessHooks +where + S: UsesInput, +{ /// Init this hook - fn init(&mut self, _state: &mut S) {} + fn init(&mut self, _state: &mut S) {} /// Call before running a target. - fn pre_exec( - &mut self, - _fuzzer: &mut Z, - _state: &mut S, - _mgr: &mut EM, - _input: &I, - ) { + fn pre_exec(&mut self, _state: &mut S, _input: &S::Input) { unsafe { let data = addr_of_mut!(FORK_EXECUTOR_GLOBAL_DATA); (*data).crash_handler = self.crash_handler; @@ -51,17 +51,10 @@ impl ExecutorHook for InChildProcessHooks { } } - fn post_exec( - &mut self, - _fuzzer: &mut Z, - _state: &mut S, - _mgr: &mut EM, - _input: &I, - ) { - } + fn post_exec(&mut self, _state: &mut S, _input: &S::Input) {} } -impl InChildProcessHooks { +impl InChildProcessHooks { /// Create new [`InChildProcessHooks`]. pub fn new() -> Result where @@ -77,6 +70,7 @@ impl InChildProcessHooks { Ok(Self { crash_handler: child_signal_handlers::child_crash_handler:: as *const c_void, timeout_handler: child_signal_handlers::child_timeout_handler:: as *const c_void, + phantom: PhantomData, }) } } @@ -87,6 +81,7 @@ impl InChildProcessHooks { Self { crash_handler: null(), timeout_handler: null(), + phantom: PhantomData, } } } diff --git a/libafl/src/executors/hooks/mod.rs b/libafl/src/executors/hooks/mod.rs index add21cde11..35453192fa 100644 --- a/libafl/src/executors/hooks/mod.rs +++ b/libafl/src/executors/hooks/mod.rs @@ -1,7 +1,7 @@ //! Hooks for the executors. //! These will be executed right before and after the executor's harness run. -use crate::executors::HasObservers; +use crate::{executors::HasObservers, inputs::UsesInput}; /// windows crash/timeout handler and asan death callback #[cfg(windows)] @@ -23,80 +23,58 @@ pub mod inprocess; pub mod timer; /// The hook that runs before and after the executor runs the target -pub trait ExecutorHook { +pub trait ExecutorHook +where + S: UsesInput, +{ /// Init this hook - fn init(&mut self, state: &mut S); + fn init(&mut self, state: &mut S); /// The hook that runs before runs the target - fn pre_exec(&mut self, fuzzer: &mut Z, state: &mut S, mgr: &mut EM, input: &I); + fn pre_exec(&mut self, state: &mut S, input: &S::Input); /// The hook that runs before runs the target - fn post_exec(&mut self, fuzzer: &mut Z, state: &mut S, mgr: &mut EM, input: &I); + fn post_exec(&mut self, state: &mut S, input: &S::Input); } /// The hook that runs before and after the executor runs the target -pub trait ExecutorHooksTuple { - /// Init these hooks - fn init_all(&mut self, state: &mut S); - /// The hooks that runs before runs the target - fn pre_exec_all(&mut self, fuzzer: &mut Z, state: &mut S, mgr: &mut EM, input: &I); - /// The hooks that runs after runs the target - fn post_exec_all( - &mut self, - fuzzer: &mut Z, - state: &mut S, - mgr: &mut EM, - input: &I, - ); -} - -impl ExecutorHooksTuple for () { - fn init_all(&mut self, _state: &mut S) {} - fn pre_exec_all( - &mut self, - _fuzzer: &mut Z, - _state: &mut S, - _mgr: &mut EM, - _input: &I, - ) { - } - fn post_exec_all( - &mut self, - _fuzzer: &mut Z, - _state: &mut S, - _mgr: &mut EM, - _input: &I, - ) { - } -} - -impl ExecutorHooksTuple for (Head, Tail) +pub trait ExecutorHooksTuple where - Head: ExecutorHook, - Tail: ExecutorHooksTuple, + S: UsesInput, { - fn init_all(&mut self, state: &mut S) { - self.0.init::(state); - self.1.init_all::(state); + /// Init these hooks + fn init_all(&mut self, state: &mut S); + /// The hooks that runs before runs the target + fn pre_exec_all(&mut self, state: &mut S, input: &S::Input); + /// The hooks that runs after runs the target + fn post_exec_all(&mut self, state: &mut S, input: &S::Input); +} + +impl ExecutorHooksTuple for () +where + S: UsesInput, +{ + fn init_all(&mut self, _state: &mut S) {} + fn pre_exec_all(&mut self, _state: &mut S, _input: &S::Input) {} + fn post_exec_all(&mut self, _state: &mut S, _input: &S::Input) {} +} + +impl ExecutorHooksTuple for (Head, Tail) +where + S: UsesInput, + Head: ExecutorHook, + Tail: ExecutorHooksTuple, +{ + fn init_all(&mut self, state: &mut S) { + self.0.init::(state); + self.1.init_all::(state); } - fn pre_exec_all( - &mut self, - fuzzer: &mut Z, - state: &mut S, - mgr: &mut EM, - input: &I, - ) { - self.0.pre_exec(fuzzer, state, mgr, input); - self.1.pre_exec_all(fuzzer, state, mgr, input); + fn pre_exec_all(&mut self, state: &mut S, input: &S::Input) { + self.0.pre_exec(state, input); + self.1.pre_exec_all(state, input); } - fn post_exec_all( - &mut self, - fuzzer: &mut Z, - state: &mut S, - mgr: &mut EM, - input: &I, - ) { - self.0.post_exec(fuzzer, state, mgr, input); - self.1.post_exec_all(fuzzer, state, mgr, input); + fn post_exec_all(&mut self, state: &mut S, input: &S::Input) { + self.0.post_exec(state, input); + self.1.post_exec_all(state, input); } } diff --git a/libafl/src/executors/hooks/unix.rs b/libafl/src/executors/hooks/unix.rs index adb0de9f20..7a4544b82c 100644 --- a/libafl/src/executors/hooks/unix.rs +++ b/libafl/src/executors/hooks/unix.rs @@ -122,7 +122,7 @@ pub mod unix_signal_handler { _context: Option<&mut ucontext_t>, data: &mut InProcessExecutorHandlerData, ) where - E: HasObservers + HasInProcessHooks, + E: HasObservers + HasInProcessHooks, EM: EventFirer + EventRestarter, OF: Feedback, E::State: HasExecutions + HasSolutions + HasCorpus, diff --git a/libafl/src/executors/hooks/windows.rs b/libafl/src/executors/hooks/windows.rs index bd72fa2d19..baf740c5b1 100644 --- a/libafl/src/executors/hooks/windows.rs +++ b/libafl/src/executors/hooks/windows.rs @@ -233,7 +233,7 @@ pub mod windows_exception_handler { global_state: *mut c_void, _p1: *mut u8, ) where - E: HasObservers + HasInProcessHooks, + E: HasObservers + HasInProcessHooks, EM: EventFirer + EventRestarter, OF: Feedback, E::State: State + HasExecutions + HasSolutions + HasCorpus, diff --git a/libafl/src/executors/inprocess/inner.rs b/libafl/src/executors/inprocess/inner.rs index 8f84d5a4fd..bad296bce3 100644 --- a/libafl/src/executors/inprocess/inner.rs +++ b/libafl/src/executors/inprocess/inner.rs @@ -36,20 +36,20 @@ use crate::{ /// The internal state of `GenericInProcessExecutor`. pub struct GenericInProcessExecutorInner where - HT: ExecutorHooksTuple, + HT: ExecutorHooksTuple, OT: ObserversTuple, S: State, { /// The observers, observing each run pub(super) observers: OT, // Crash and timeout hah - pub(super) hooks: (InProcessHooks, HT), + pub(super) hooks: (InProcessHooks, HT), phantom: PhantomData, } impl Debug for GenericInProcessExecutorInner where - HT: ExecutorHooksTuple, + HT: ExecutorHooksTuple, OT: ObserversTuple + Debug, S: State, { @@ -62,7 +62,7 @@ where impl UsesState for GenericInProcessExecutorInner where - HT: ExecutorHooksTuple, + HT: ExecutorHooksTuple, OT: ObserversTuple, S: State, { @@ -71,7 +71,7 @@ where impl UsesObservers for GenericInProcessExecutorInner where - HT: ExecutorHooksTuple, + HT: ExecutorHooksTuple, OT: ObserversTuple, S: State, { @@ -80,7 +80,7 @@ where impl HasObservers for GenericInProcessExecutorInner where - HT: ExecutorHooksTuple, + HT: ExecutorHooksTuple, OT: ObserversTuple, S: State, { @@ -97,7 +97,7 @@ where impl GenericInProcessExecutorInner where - HT: ExecutorHooksTuple, + HT: ExecutorHooksTuple, OT: ObserversTuple, S: State, { @@ -160,7 +160,7 @@ where impl GenericInProcessExecutorInner where - HT: ExecutorHooksTuple, + HT: ExecutorHooksTuple, OT: ObserversTuple, S: HasExecutions + HasSolutions + HasCorpus + State, { @@ -173,7 +173,7 @@ where event_mgr: &mut EM, ) -> Result where - E: Executor + HasObservers + HasInProcessHooks, + E: Executor + HasObservers + HasInProcessHooks, EM: EventFirer + EventRestarter, OF: Feedback, S: State, @@ -200,7 +200,7 @@ where exec_tmout: Duration, ) -> Result where - E: Executor + HasObservers + HasInProcessHooks, + E: Executor + HasObservers + HasInProcessHooks, EM: EventFirer + EventRestarter, OF: Feedback, S: State, @@ -229,7 +229,7 @@ where timeout: Duration, ) -> Result where - E: Executor + HasObservers + HasInProcessHooks, + E: Executor + HasObservers + HasInProcessHooks, EM: EventFirer + EventRestarter, OF: Feedback, S: State, @@ -237,7 +237,7 @@ where { let default = InProcessHooks::new::(timeout)?; let mut hooks = tuple_list!(default).merge(user_hooks); - hooks.init_all::(state); + hooks.init_all::(state); #[cfg(windows)] // Some initialization necessary for windows. @@ -271,32 +271,32 @@ where /// The inprocess handlers #[inline] - pub fn hooks(&self) -> &(InProcessHooks, HT) { + pub fn hooks(&self) -> &(InProcessHooks, HT) { &self.hooks } /// The inprocess handlers (mutable) #[inline] - pub fn hooks_mut(&mut self) -> &mut (InProcessHooks, HT) { + pub fn hooks_mut(&mut self) -> &mut (InProcessHooks, HT) { &mut self.hooks } } -impl HasInProcessHooks for GenericInProcessExecutorInner +impl HasInProcessHooks for GenericInProcessExecutorInner where - HT: ExecutorHooksTuple, + HT: ExecutorHooksTuple, OT: ObserversTuple, S: State + HasExecutions + HasSolutions + HasCorpus, { /// the timeout handler #[inline] - fn inprocess_hooks(&self) -> &InProcessHooks { + fn inprocess_hooks(&self) -> &InProcessHooks { &self.hooks.0 } /// the timeout handler #[inline] - fn inprocess_hooks_mut(&mut self) -> &mut InProcessHooks { + fn inprocess_hooks_mut(&mut self) -> &mut InProcessHooks { &mut self.hooks.0 } } diff --git a/libafl/src/executors/inprocess/mod.rs b/libafl/src/executors/inprocess/mod.rs index a6e6f09252..903a03d372 100644 --- a/libafl/src/executors/inprocess/mod.rs +++ b/libafl/src/executors/inprocess/mod.rs @@ -62,7 +62,7 @@ pub struct GenericInProcessExecutor where H: FnMut(&S::Input) -> ExitKind + ?Sized, HB: BorrowMut, - HT: ExecutorHooksTuple, + HT: ExecutorHooksTuple, OT: ObserversTuple, S: State, { @@ -75,7 +75,7 @@ impl Debug for GenericInProcessExecutor where H: FnMut(&S::Input) -> ExitKind + ?Sized, HB: BorrowMut, - HT: ExecutorHooksTuple, + HT: ExecutorHooksTuple, OT: ObserversTuple + Debug, S: State, { @@ -91,7 +91,7 @@ impl UsesState for GenericInProcessExecutor where H: FnMut(&S::Input) -> ExitKind + ?Sized, HB: BorrowMut, - HT: ExecutorHooksTuple, + HT: ExecutorHooksTuple, OT: ObserversTuple, S: State, { @@ -102,7 +102,7 @@ impl UsesObservers for GenericInProcessExecutor ExitKind + ?Sized, HB: BorrowMut, - HT: ExecutorHooksTuple, + HT: ExecutorHooksTuple, OT: ObserversTuple, S: State, { @@ -114,7 +114,7 @@ where EM: UsesState, H: FnMut(&S::Input) -> ExitKind + ?Sized, HB: BorrowMut, - HT: ExecutorHooksTuple, + HT: ExecutorHooksTuple, OT: ObserversTuple, S: State + HasExecutions, Z: UsesState, @@ -132,11 +132,11 @@ where self.inner .enter_target(fuzzer, state, mgr, input, executor_ptr); } - self.inner.hooks.pre_exec_all(fuzzer, state, mgr, input); + self.inner.hooks.pre_exec_all(state, input); let ret = (self.harness_fn.borrow_mut())(input); - self.inner.hooks.post_exec_all(fuzzer, state, mgr, input); + self.inner.hooks.post_exec_all(state, input); self.inner.leave_target(fuzzer, state, mgr, input); Ok(ret) } @@ -146,7 +146,7 @@ impl HasObservers for GenericInProcessExecutor ExitKind + ?Sized, HB: BorrowMut, - HT: ExecutorHooksTuple, + HT: ExecutorHooksTuple, OT: ObserversTuple, S: State, { @@ -269,7 +269,7 @@ impl GenericInProcessExecutor where H: FnMut(&S::Input) -> ExitKind + ?Sized, HB: BorrowMut, - HT: ExecutorHooksTuple, + HT: ExecutorHooksTuple, OT: ObserversTuple, S: State + HasExecutions + HasSolutions + HasCorpus, { @@ -377,43 +377,46 @@ where /// The inprocess handlers #[inline] - pub fn hooks(&self) -> &(InProcessHooks, HT) { + pub fn hooks(&self) -> &(InProcessHooks, HT) { self.inner.hooks() } /// The inprocess handlers (mutable) #[inline] - pub fn hooks_mut(&mut self) -> &mut (InProcessHooks, HT) { + pub fn hooks_mut(&mut self) -> &mut (InProcessHooks, HT) { self.inner.hooks_mut() } } /// The struct has [`InProcessHooks`]. -pub trait HasInProcessHooks { +pub trait HasInProcessHooks +where + S: UsesInput, +{ /// Get the in-process handlers. - fn inprocess_hooks(&self) -> &InProcessHooks; + fn inprocess_hooks(&self) -> &InProcessHooks; /// Get the mut in-process handlers. - fn inprocess_hooks_mut(&mut self) -> &mut InProcessHooks; + fn inprocess_hooks_mut(&mut self) -> &mut InProcessHooks; } -impl HasInProcessHooks for GenericInProcessExecutor +impl HasInProcessHooks for GenericInProcessExecutor where H: FnMut(&::Input) -> ExitKind + ?Sized, HB: BorrowMut, - HT: ExecutorHooksTuple, + HT: ExecutorHooksTuple, OT: ObserversTuple, S: State + HasExecutions + HasSolutions + HasCorpus, { /// the timeout handler #[inline] - fn inprocess_hooks(&self) -> &InProcessHooks { + fn inprocess_hooks(&self) -> &InProcessHooks { self.inner.inprocess_hooks() } /// the timeout handler #[inline] - fn inprocess_hooks_mut(&mut self) -> &mut InProcessHooks { + fn inprocess_hooks_mut(&mut self) -> &mut InProcessHooks { self.inner.inprocess_hooks_mut() } } diff --git a/libafl/src/executors/inprocess/stateful.rs b/libafl/src/executors/inprocess/stateful.rs index ea4ce97812..6454d4d6a9 100644 --- a/libafl/src/executors/inprocess/stateful.rs +++ b/libafl/src/executors/inprocess/stateful.rs @@ -48,7 +48,7 @@ pub struct StatefulGenericInProcessExecutor where H: FnMut(&S::Input, &mut ES) -> ExitKind + ?Sized, HB: BorrowMut, - HT: ExecutorHooksTuple, + HT: ExecutorHooksTuple, OT: ObserversTuple, S: State, { @@ -65,7 +65,7 @@ impl Debug for StatefulGenericInProcessExecutor ExitKind + ?Sized, HB: BorrowMut, - HT: ExecutorHooksTuple, + HT: ExecutorHooksTuple, OT: ObserversTuple + Debug, S: State, { @@ -81,7 +81,7 @@ impl UsesState for StatefulGenericInProcessExecutor ExitKind + ?Sized, HB: BorrowMut, - HT: ExecutorHooksTuple, + HT: ExecutorHooksTuple, OT: ObserversTuple, S: State, { @@ -92,7 +92,7 @@ impl UsesObservers for StatefulGenericInProcessExecutor ExitKind + ?Sized, HB: BorrowMut, - HT: ExecutorHooksTuple, + HT: ExecutorHooksTuple, OT: ObserversTuple, S: State, { @@ -105,7 +105,7 @@ where EM: UsesState, H: FnMut(&S::Input, &mut ES) -> ExitKind + ?Sized, HB: BorrowMut, - HT: ExecutorHooksTuple, + HT: ExecutorHooksTuple, OT: ObserversTuple, S: State + HasExecutions, Z: UsesState, @@ -123,11 +123,11 @@ where self.inner .enter_target(fuzzer, state, mgr, input, executor_ptr); } - self.inner.hooks.pre_exec_all(fuzzer, state, mgr, input); + self.inner.hooks.pre_exec_all(state, input); let ret = (self.harness_fn.borrow_mut())(input, &mut self.exposed_executor_state); - self.inner.hooks.post_exec_all(fuzzer, state, mgr, input); + self.inner.hooks.post_exec_all(state, input); self.inner.leave_target(fuzzer, state, mgr, input); Ok(ret) } @@ -137,7 +137,7 @@ impl HasObservers for StatefulGenericInProcessExecutor ExitKind + ?Sized, HB: BorrowMut, - HT: ExecutorHooksTuple, + HT: ExecutorHooksTuple, OT: ObserversTuple, S: State, { @@ -266,7 +266,7 @@ impl StatefulGenericInProcessExecutor ExitKind + ?Sized, HB: BorrowMut, - HT: ExecutorHooksTuple, + HT: ExecutorHooksTuple, OT: ObserversTuple, S: State, { @@ -285,7 +285,7 @@ impl StatefulGenericInProcessExecutor ExitKind + ?Sized, HB: BorrowMut, - HT: ExecutorHooksTuple, + HT: ExecutorHooksTuple, OT: ObserversTuple, S: State + HasExecutions + HasSolutions + HasCorpus, { @@ -398,35 +398,35 @@ where /// The inprocess handlers #[inline] - pub fn hooks(&self) -> &(InProcessHooks, HT) { + pub fn hooks(&self) -> &(InProcessHooks, HT) { self.inner.hooks() } /// The inprocess handlers (mutable) #[inline] - pub fn hooks_mut(&mut self) -> &mut (InProcessHooks, HT) { + pub fn hooks_mut(&mut self) -> &mut (InProcessHooks, HT) { self.inner.hooks_mut() } } -impl HasInProcessHooks +impl HasInProcessHooks for StatefulGenericInProcessExecutor where H: FnMut(&::Input, &mut ES) -> ExitKind + ?Sized, HB: BorrowMut, - HT: ExecutorHooksTuple, + HT: ExecutorHooksTuple, OT: ObserversTuple, S: State + HasExecutions + HasSolutions + HasCorpus, { /// the timeout handler #[inline] - fn inprocess_hooks(&self) -> &InProcessHooks { + fn inprocess_hooks(&self) -> &InProcessHooks { self.inner.inprocess_hooks() } /// the timeout handler #[inline] - fn inprocess_hooks_mut(&mut self) -> &mut InProcessHooks { + fn inprocess_hooks_mut(&mut self) -> &mut InProcessHooks { self.inner.inprocess_hooks_mut() } } diff --git a/libafl/src/executors/inprocess_fork/inner.rs b/libafl/src/executors/inprocess_fork/inner.rs index 9e3c505b8b..3c26c9d6ad 100644 --- a/libafl/src/executors/inprocess_fork/inner.rs +++ b/libafl/src/executors/inprocess_fork/inner.rs @@ -40,11 +40,11 @@ where OT: ObserversTuple, S: UsesInput, SP: ShMemProvider, - HT: ExecutorHooksTuple, + HT: ExecutorHooksTuple, EM: UsesState, Z: UsesState, { - pub(super) hooks: (InChildProcessHooks, HT), + pub(super) hooks: (InChildProcessHooks, HT), pub(super) shmem_provider: SP, pub(super) observers: OT, #[cfg(target_os = "linux")] @@ -59,14 +59,13 @@ where OT: ObserversTuple + Debug, S: UsesInput, SP: ShMemProvider, - HT: ExecutorHooksTuple + Debug, + HT: ExecutorHooksTuple + Debug, EM: UsesState, Z: UsesState, { #[cfg(target_os = "linux")] fn fmt(&self, f: &mut Formatter<'_>) -> fmt::Result { f.debug_struct("GenericInProcessForkExecutorInner") - .field("hooks", &self.hooks) .field("observers", &self.observers) .field("shmem_provider", &self.shmem_provider) .field("itimerspec", &self.itimerspec) @@ -90,7 +89,7 @@ where OT: ObserversTuple, S: State, SP: ShMemProvider, - HT: ExecutorHooksTuple, + HT: ExecutorHooksTuple, EM: UsesState, Z: UsesState, { @@ -102,7 +101,7 @@ where OT: ObserversTuple + Debug, S: State + UsesInput, SP: ShMemProvider, - HT: ExecutorHooksTuple, + HT: ExecutorHooksTuple, EM: EventFirer + EventRestarter, Z: UsesState, { @@ -116,7 +115,7 @@ where self.shmem_provider.post_fork(true)?; self.enter_target(fuzzer, state, mgr, input); - self.hooks.pre_exec_all(fuzzer, state, mgr, input); + self.hooks.pre_exec_all(state, input); self.observers .pre_exec_child_all(state, input) @@ -152,7 +151,7 @@ where .post_exec_child_all(state, input, &ExitKind::Ok) .expect("Failed to run post_exec on observers"); - self.hooks.post_exec_all(fuzzer, state, mgr, input); + self.hooks.post_exec_all(state, input); self.leave_target(fuzzer, state, mgr, input); libc::_exit(0); @@ -193,7 +192,7 @@ where impl GenericInProcessForkExecutorInner where - HT: ExecutorHooksTuple, + HT: ExecutorHooksTuple, S: State, OT: ObserversTuple, SP: ShMemProvider, @@ -253,7 +252,7 @@ where ) -> Result { let default_hooks = InChildProcessHooks::new::()?; let mut hooks = tuple_list!(default_hooks).merge(userhooks); - hooks.init_all::(state); + hooks.init_all::(state); let milli_sec = timeout.as_millis(); let it_value = libc::timespec { @@ -292,7 +291,7 @@ where ) -> Result { let default_hooks = InChildProcessHooks::new::()?; let mut hooks = tuple_list!(default_hooks).merge(userhooks); - hooks.init_all::(state); + hooks.init_all::(state); let milli_sec = timeout.as_millis(); let it_value = Timeval { @@ -320,7 +319,7 @@ where impl UsesObservers for GenericInProcessForkExecutorInner where - HT: ExecutorHooksTuple, + HT: ExecutorHooksTuple, OT: ObserversTuple, S: State, SP: ShMemProvider, @@ -332,7 +331,7 @@ where impl HasObservers for GenericInProcessForkExecutorInner where - HT: ExecutorHooksTuple, + HT: ExecutorHooksTuple, S: State, OT: ObserversTuple, SP: ShMemProvider, diff --git a/libafl/src/executors/inprocess_fork/mod.rs b/libafl/src/executors/inprocess_fork/mod.rs index 2c7e814cf5..67e1eb8233 100644 --- a/libafl/src/executors/inprocess_fork/mod.rs +++ b/libafl/src/executors/inprocess_fork/mod.rs @@ -86,7 +86,7 @@ where OT: ObserversTuple, S: UsesInput, SP: ShMemProvider, - HT: ExecutorHooksTuple, + HT: ExecutorHooksTuple, EM: UsesState, Z: UsesState, { @@ -101,7 +101,7 @@ where OT: ObserversTuple + Debug, S: UsesInput, SP: ShMemProvider, - HT: ExecutorHooksTuple + Debug, + HT: ExecutorHooksTuple + Debug, EM: UsesState, Z: UsesState, { @@ -129,7 +129,7 @@ where OT: ObserversTuple, S: State, SP: ShMemProvider, - HT: ExecutorHooksTuple, + HT: ExecutorHooksTuple, EM: UsesState, Z: UsesState, { @@ -143,7 +143,7 @@ where OT: ObserversTuple + Debug, S: State + HasExecutions, SP: ShMemProvider, - HT: ExecutorHooksTuple, + HT: ExecutorHooksTuple, EM: EventFirer + EventRestarter, Z: UsesState, { @@ -181,7 +181,7 @@ where impl<'a, H, HT, OT, S, SP, EM, Z, OF> GenericInProcessForkExecutor<'a, H, HT, OT, S, SP, EM, Z> where H: FnMut(&S::Input) -> ExitKind + ?Sized, - HT: ExecutorHooksTuple, + HT: ExecutorHooksTuple, OT: ObserversTuple, SP: ShMemProvider, EM: EventFirer + EventRestarter, @@ -233,7 +233,7 @@ impl<'a, H, HT, OT, S, SP, EM, Z> UsesObservers for GenericInProcessForkExecutor<'a, H, HT, OT, S, SP, EM, Z> where H: FnMut(&S::Input) -> ExitKind + ?Sized, - HT: ExecutorHooksTuple, + HT: ExecutorHooksTuple, OT: ObserversTuple, S: State, SP: ShMemProvider, @@ -247,7 +247,7 @@ impl<'a, H, HT, OT, S, SP, EM, Z> HasObservers for GenericInProcessForkExecutor<'a, H, HT, OT, S, SP, EM, Z> where H: FnMut(&S::Input) -> ExitKind + ?Sized, - HT: ExecutorHooksTuple, + HT: ExecutorHooksTuple, S: State, OT: ObserversTuple, SP: ShMemProvider, diff --git a/libafl/src/executors/inprocess_fork/stateful.rs b/libafl/src/executors/inprocess_fork/stateful.rs index b38182ca40..cbe3e67caf 100644 --- a/libafl/src/executors/inprocess_fork/stateful.rs +++ b/libafl/src/executors/inprocess_fork/stateful.rs @@ -69,7 +69,7 @@ where OT: ObserversTuple, S: UsesInput, SP: ShMemProvider, - HT: ExecutorHooksTuple, + HT: ExecutorHooksTuple, EM: UsesState, Z: UsesState, { @@ -86,7 +86,7 @@ where OT: ObserversTuple + Debug, S: UsesInput, SP: ShMemProvider, - HT: ExecutorHooksTuple + Debug, + HT: ExecutorHooksTuple + Debug, EM: UsesState, Z: UsesState, { @@ -114,7 +114,7 @@ where OT: ObserversTuple, S: State, SP: ShMemProvider, - HT: ExecutorHooksTuple, + HT: ExecutorHooksTuple, EM: UsesState, Z: UsesState, { @@ -128,7 +128,7 @@ where OT: ObserversTuple + Debug, S: State + HasExecutions, SP: ShMemProvider, - HT: ExecutorHooksTuple, + HT: ExecutorHooksTuple, EM: EventFirer + EventRestarter, Z: HasObjective, OF: Feedback, @@ -168,7 +168,7 @@ impl<'a, H, HT, OT, S, SP, ES, EM, Z, OF> StatefulGenericInProcessForkExecutor<'a, H, HT, OT, S, SP, ES, EM, Z> where H: FnMut(&S::Input, &mut ES) -> ExitKind + ?Sized, - HT: ExecutorHooksTuple, + HT: ExecutorHooksTuple, OT: ObserversTuple, SP: ShMemProvider, Z: UsesState, @@ -223,7 +223,7 @@ impl<'a, H, HT, OT, S, SP, ES, EM, Z> UsesObservers for StatefulGenericInProcessForkExecutor<'a, H, HT, OT, S, SP, ES, EM, Z> where H: FnMut(&S::Input, &mut ES) -> ExitKind + ?Sized, - HT: ExecutorHooksTuple, + HT: ExecutorHooksTuple, OT: ObserversTuple, S: State, SP: ShMemProvider, @@ -237,7 +237,7 @@ impl<'a, H, HT, OT, S, SP, ES, EM, Z> HasObservers for StatefulGenericInProcessForkExecutor<'a, H, HT, OT, S, SP, ES, EM, Z> where H: FnMut(&S::Input, &mut ES) -> ExitKind + ?Sized, - HT: ExecutorHooksTuple, + HT: ExecutorHooksTuple, S: State, OT: ObserversTuple, SP: ShMemProvider, diff --git a/libafl_frida/src/executor.rs b/libafl_frida/src/executor.rs index e918977bad..21109542f0 100644 --- a/libafl_frida/src/executor.rs +++ b/libafl_frida/src/executor.rs @@ -230,7 +230,7 @@ where } #[cfg(windows)] -impl<'a, 'b, 'c, H, OT, RT, S> HasInProcessHooks +impl<'a, 'b, 'c, H, OT, RT, S> HasInProcessHooks for FridaInProcessExecutor<'a, 'b, 'c, H, OT, RT, S> where H: FnMut(&S::Input) -> ExitKind, @@ -241,13 +241,13 @@ where { /// the timeout handler #[inline] - fn inprocess_hooks(&self) -> &InProcessHooks { + fn inprocess_hooks(&self) -> &InProcessHooks { &self.base.hooks().0 } /// the timeout handler #[inline] - fn inprocess_hooks_mut(&mut self) -> &mut InProcessHooks { + fn inprocess_hooks_mut(&mut self) -> &mut InProcessHooks { &mut self.base.hooks_mut().0 } } diff --git a/libafl_qemu/src/executor/mod.rs b/libafl_qemu/src/executor/mod.rs index 11078ab8c8..7567295d35 100644 --- a/libafl_qemu/src/executor/mod.rs +++ b/libafl_qemu/src/executor/mod.rs @@ -113,7 +113,7 @@ pub unsafe fn inproc_qemu_timeout_handler<'a, E, EM, OF, Z>( context: Option<&'a mut ucontext_t>, data: &'a mut InProcessExecutorHandlerData, ) where - E: Executor + HasObservers + HasInProcessHooks, + E: Executor + HasObservers + HasInProcessHooks, EM: EventFirer + EventRestarter, OF: Feedback, E::State: HasSolutions + HasCorpus + HasExecutions, @@ -135,7 +135,7 @@ where { pub fn new(hooks: &'a mut QemuHooks) -> Result where - E: Executor + HasInProcessHooks + HasObservers, + E: Executor + HasInProcessHooks + HasObservers, EM: EventFirer + EventRestarter, OF: Feedback, OT: ObserversTuple, diff --git a/libafl_targets/src/sancov_pcguard.rs b/libafl_targets/src/sancov_pcguard.rs index 0e2188a4d1..d8ff3a2624 100644 --- a/libafl_targets/src/sancov_pcguard.rs +++ b/libafl_targets/src/sancov_pcguard.rs @@ -56,28 +56,63 @@ pub static SHR_4: Ngram4 = Ngram4::from_array([1, 1, 1, 1]); #[rustversion::nightly] pub static SHR_8: Ngram8 = Ngram8::from_array([1, 1, 1, 1, 1, 1, 1, 1]); +#[cfg(any( + feature = "sancov_ngram4", + feature = "sancov_ngram8", + feature = "sancov_ctx" +))] +use core::marker::PhantomData; + /// The hook to initialize ngram everytime we run the harness -#[cfg(feature = "sancov_ngram4")] +#[cfg(any(feature = "sancov_ngram4", feature = "sancov_ngram8"))] #[rustversion::nightly] -#[derive(Default, Debug, Clone, Copy)] -pub struct NgramHook {} +#[derive(Debug, Clone, Copy)] +pub struct NgramHook +where + S: libafl::inputs::UsesInput, +{ + phantom: PhantomData, +} /// The hook to initialize ctx everytime we run the harness #[cfg(feature = "sancov_ctx")] -#[derive(Default, Debug, Clone, Copy)] -pub struct CtxHook {} +#[derive(Debug, Clone, Copy)] +pub struct CtxHook { + phantom: PhantomData, +} + +#[cfg(feature = "sancov_ctx")] +impl CtxHook +where + S: libafl::inputs::UsesInput, +{ + /// The constructor for this struct + #[must_use] + pub fn new() -> Self { + Self { + phantom: PhantomData, + } + } +} + +#[cfg(feature = "sancov_ctx")] +impl Default for CtxHook +where + S: libafl::inputs::UsesInput, +{ + fn default() -> Self { + Self::new() + } +} #[cfg(any(feature = "sancov_ngram4", feature = "sancov_ngram8"))] #[rustversion::nightly] -impl ExecutorHook for NgramHook { - fn init(&mut self, _state: &mut S) {} - fn pre_exec( - &mut self, - _fuzzer: &mut Z, - _state: &mut S, - _mgr: &mut EM, - _input: &I, - ) { +impl ExecutorHook for NgramHook +where + S: libafl::inputs::UsesInput, +{ + fn init(&mut self, _state: &mut S) {} + fn pre_exec(&mut self, _state: &mut S, _input: &S::Input) { #[cfg(feature = "sancov_ngram4")] unsafe { PREV_ARRAY_4 = Ngram4::from_array([0, 0, 0, 0]); @@ -88,38 +123,47 @@ impl ExecutorHook for NgramHook { PREV_ARRAY_8 = Ngram8::from_array([0, 0, 0, 0, 0, 0, 0, 0]); } } - fn post_exec( - &mut self, - _fuzzer: &mut Z, - _state: &mut S, - _mgr: &mut EM, - _input: &I, - ) { + fn post_exec(&mut self, _state: &mut S, _input: &S::Input) {} +} + +#[cfg(any(feature = "sancov_ngram4", feature = "sancov_ngram8"))] +#[rustversion::nightly] +impl NgramHook +where + S: libafl::inputs::UsesInput, +{ + /// The constructor for this struct + #[must_use] + pub fn new() -> Self { + Self { + phantom: PhantomData, + } + } +} + +#[cfg(any(feature = "sancov_ngram4", feature = "sancov_ngram8"))] +#[rustversion::nightly] +impl Default for NgramHook +where + S: libafl::inputs::UsesInput, +{ + fn default() -> Self { + Self::new() } } #[cfg(feature = "sancov_ctx")] -impl ExecutorHook for CtxHook { - fn init(&mut self, _state: &mut S) {} - fn pre_exec( - &mut self, - _fuzzer: &mut Z, - _state: &mut S, - _mgr: &mut EM, - _input: &I, - ) { +impl ExecutorHook for CtxHook +where + S: libafl::inputs::UsesInput, +{ + fn init(&mut self, _state: &mut S) {} + fn pre_exec(&mut self, _state: &mut S, _input: &S::Input) { unsafe { __afl_prev_ctx = 0; } } - fn post_exec( - &mut self, - _fuzzer: &mut Z, - _state: &mut S, - _mgr: &mut EM, - _input: &I, - ) { - } + fn post_exec(&mut self, _state: &mut S, _input: &S::Input) {} } #[rustversion::nightly]