From e7f27a96fd42630c3959db78f1942b42610a257a Mon Sep 17 00:00:00 2001
From: Andrea Fioraldi <andreafioraldi@gmail.com>
Date: Tue, 9 Feb 2021 10:08:17 +0100
Subject: [PATCH 1/2] tokens mutations

---
 afl/src/mutators/mod.rs             |  2 +
 afl/src/mutators/mutations.rs       |  5 +-
 afl/src/mutators/token_mutations.rs | 86 ++++++++++++++++++++++++-----
 afl/src/state/mod.rs                |  5 --
 4 files changed, 75 insertions(+), 23 deletions(-)

diff --git a/afl/src/mutators/mod.rs b/afl/src/mutators/mod.rs
index a41aaf48bc..4f365a2dc7 100644
--- a/afl/src/mutators/mod.rs
+++ b/afl/src/mutators/mod.rs
@@ -2,6 +2,8 @@ pub mod scheduled;
 pub use scheduled::*;
 pub mod mutations;
 pub use mutations::*;
+pub mod token_mutations;
+pub use token_mutations::*;
 
 use crate::{
     corpus::Corpus,
diff --git a/afl/src/mutators/mutations.rs b/afl/src/mutators/mutations.rs
index 9b019e0793..beda48e61f 100644
--- a/afl/src/mutators/mutations.rs
+++ b/afl/src/mutators/mutations.rs
@@ -1,9 +1,7 @@
 use crate::{
-    corpus::InMemoryCorpus,
-    inputs::{BytesInput, HasBytesVec, Input},
+    inputs::{HasBytesVec, Input},
     mutators::Corpus,
     mutators::*,
-    state::State,
     utils::Rand,
     AflError,
 };
@@ -914,7 +912,6 @@ mod tests {
     use super::*;
     use crate::{
         corpus::{Corpus, InMemoryCorpus},
-        executors::InProcessExecutor,
         inputs::BytesInput,
         state::State,
         utils::StdRand,
diff --git a/afl/src/mutators/token_mutations.rs b/afl/src/mutators/token_mutations.rs
index 8622947f47..955caedc6b 100644
--- a/afl/src/mutators/token_mutations.rs
+++ b/afl/src/mutators/token_mutations.rs
@@ -1,11 +1,61 @@
 
+use crate::{
+    inputs::{HasBytesVec, Input},
+    mutators::*,
+    utils::Rand,
+    serde_anymap::SerdeAny,
+    AflError,
+};
 
-struct Tokens {
-    vec: Vec<Vec<u8>>,
+use alloc::{vec::Vec};
+use serde::{Serialize, Deserialize};
+use core::any::Any;
+
+/// Mem move in the own vec
+#[inline]
+fn self_mem_move(data: &mut [u8], from: usize, to: usize, len: usize) {
+    debug_assert!(data.len() > 0);
+    debug_assert!(from + len < data.len());
+    debug_assert!(to + len < data.len());
+    if len != 0 && from != to {
+        let ptr = data.as_mut_ptr();
+        unsafe { core::ptr::copy(ptr.offset(from as isize), ptr.offset(to as isize), len) }
+    }
 }
 
-impl AsAny for Tokens {
+/// Mem move between vecs
+#[inline]
+fn mem_move(dst: &mut [u8], src: &[u8], from: usize, to: usize, len: usize) {
+    debug_assert!(dst.len() > 0);
+    debug_assert!(src.len() > 0);
+    debug_assert!(from + len < src.len());
+    debug_assert!(to + len < dst.len());
+    let dst_ptr = dst.as_mut_ptr();
+    let src_ptr = src.as_ptr();
+    if len != 0 {
+        unsafe {
+            core::ptr::copy(
+                src_ptr.offset(from as isize),
+                dst_ptr.offset(to as isize),
+                len,
+            )
+        }
+    }
+}
 
+#[derive(Serialize, Deserialize)]
+pub struct TokensMetadata {
+    tokens: Vec<Vec<u8>>
+}
+
+impl SerdeAny for TokensMetadata {
+    fn as_any(&self) -> &Any {
+        self
+    }
+
+    fn as_any_mut(&mut self) -> &mut Any {
+        self
+    }
 }
 
 /// Insert a dictionary token
@@ -21,25 +71,28 @@ where
     R: Rand,
     S: HasMetadata,
 {
-    let tokens: &Tokens = &state.metadata().get::<Tokens>().unwrap();
-    let tokens = tokens.token_vec;
-    if mutator.tokens.size() == 0 {
+    let meta;
+    match state.metadata().get::<TokensMetadata>() {
+        Some(t) => { meta = t; },
+        None => { return Ok(MutationResult::Skipped); }
+    };
+    if meta.tokens.len() == 0 {
         return Ok(MutationResult::Skipped);
     }
-    let token = &mutator.tokens[rand.below(token.size())];
-    let token_len = token.size();
+    let token = &meta.tokens[rand.below(meta.tokens.len() as u64) as usize];
+    let token_len = token.len();
     let size = input.bytes().len();
     let off = if size == 0 {
         0
     } else {
         rand.below(core::cmp::min(
-            size,
+            size as u64,
             (mutator.max_size() - token_len) as u64,
         )) as usize
     } as usize;
 
     input.bytes_mut().resize(size + token_len, 0);
-    mem_move(input.bytes_mut(), token, 0, off, len);
+    mem_move(input.bytes_mut(), token, 0, off, size);
     Ok(MutationResult::Mutated)
 }
 
@@ -56,13 +109,18 @@ where
     R: Rand,
     S: HasMetadata,
 {
-    if mutator.tokens.size() > len || !len {
+    let meta;
+    match state.metadata().get::<TokensMetadata>() {
+        Some(t) => { meta = t; },
+        None => { return Ok(MutationResult::Skipped); }
+    };
+    if meta.tokens.len() == 0 {
         return Ok(MutationResult::Skipped);
     }
-    let token = &mutator.tokens[rand.below(token.size())];
-    let token_len = token.size();
+    let token = &meta.tokens[rand.below(meta.tokens.len() as u64) as usize];
+    let token_len = token.len();
     let size = input.bytes().len();
     let off = rand.below((mutator.max_size() - token_len) as u64) as usize;
-    mem_move(input.bytes_mut(), token, 0, off, len);
+    mem_move(input.bytes_mut(), token, 0, off, size);
     Ok(MutationResult::Mutated)
 }
diff --git a/afl/src/state/mod.rs b/afl/src/state/mod.rs
index 3a194a48c1..88b6522349 100644
--- a/afl/src/state/mod.rs
+++ b/afl/src/state/mod.rs
@@ -24,11 +24,6 @@ use crate::{
 #[cfg(feature = "std")]
 use crate::inputs::bytes::BytesInput;
 
-pub trait StateMetadata: Debug {
-    /// The name of this metadata - used to find it in the list of avaliable metadata
-    fn name(&self) -> &'static str;
-}
-
 /// Trait for elements offering a corpus
 pub trait HasCorpus<C> {
     /// The testcase corpus

From 4944384ac9523248786b8ab28b8e0d39d08e49a6 Mon Sep 17 00:00:00 2001
From: Andrea Fioraldi <andreafioraldi@gmail.com>
Date: Tue, 9 Feb 2021 10:10:10 +0100
Subject: [PATCH 2/2] warnings

---
 afl/src/mutators/token_mutations.rs | 16 ++--------------
 1 file changed, 2 insertions(+), 14 deletions(-)

diff --git a/afl/src/mutators/token_mutations.rs b/afl/src/mutators/token_mutations.rs
index 955caedc6b..252a8caef2 100644
--- a/afl/src/mutators/token_mutations.rs
+++ b/afl/src/mutators/token_mutations.rs
@@ -11,18 +11,6 @@ use alloc::{vec::Vec};
 use serde::{Serialize, Deserialize};
 use core::any::Any;
 
-/// Mem move in the own vec
-#[inline]
-fn self_mem_move(data: &mut [u8], from: usize, to: usize, len: usize) {
-    debug_assert!(data.len() > 0);
-    debug_assert!(from + len < data.len());
-    debug_assert!(to + len < data.len());
-    if len != 0 && from != to {
-        let ptr = data.as_mut_ptr();
-        unsafe { core::ptr::copy(ptr.offset(from as isize), ptr.offset(to as isize), len) }
-    }
-}
-
 /// Mem move between vecs
 #[inline]
 fn mem_move(dst: &mut [u8], src: &[u8], from: usize, to: usize, len: usize) {
@@ -49,11 +37,11 @@ pub struct TokensMetadata {
 }
 
 impl SerdeAny for TokensMetadata {
-    fn as_any(&self) -> &Any {
+    fn as_any(&self) -> &dyn Any {
         self
     }
 
-    fn as_any_mut(&mut self) -> &mut Any {
+    fn as_any_mut(&mut self) -> &mut dyn Any {
         self
     }
 }