Make harness function take mut ref (#1338)

* Change executor trait to allow \&mut Input * Add mut inprocess executor * Add mut inprocess executor * Format and fix clippy errors * Fix more clippy errors * Revert accidental refactoring of InMemoryCorpus * Add mut versions of all executors that can support it * Do not persist possible testcase mutation in stages, shadow/differential executors, or corpus minimization * Fix missing imports * Fix executor type for missed qemu items * Add re-exports for mut executors * Use InProcessForkExecutorMut in QemuForkExecutorMut * Update BytesInput harnesses to take mutable references * Update other-input-type-taking harnesses to take mut references * Clippy fixes * Feature gate TryFromIntError import * Fix missed harness input type in baby_fuzzer * Fix additional clippy issues * Fix unnecessary hashes on string literal * Even MORE clippy fixes * Fix one more clippy issue --------- Co-authored-by: Dongjia "toka" Zhang <tokazerkje@outlook.com>
2023-07-10 04:06:38 -07:00 · 2023-07-10 04:06:38 -07:00 · fe6daecf0b
commit fe6daecf0b
parent 52ab8c02d6
86 changed files with 263 additions and 247 deletions
--- a/docs/listings/baby_fuzzer/listing-03/src/main.rs
+++ b/docs/listings/baby_fuzzer/listing-03/src/main.rs
@ -6,7 +6,7 @@ use libafl::{
 };
 fn main() {
-    let mut harness = |input: &BytesInput| {
+    let mut harness = |input: &mut BytesInput| {
        let target = input.target_bytes();
        let buf = target.as_slice();
        if buf.len() > 0 && buf[0] == 'a' as u8 {
--- a/docs/listings/baby_fuzzer/listing-04/src/main.rs
+++ b/docs/listings/baby_fuzzer/listing-04/src/main.rs
@ -17,7 +17,7 @@ use std::path::PathBuf;
 /* ANCHOR_END: use */
 fn main() {
-    let mut harness = |input: &BytesInput| {
+    let mut harness = |input: &mut BytesInput| {
        let target = input.target_bytes();
        let buf = target.as_slice();
        if buf.len() > 0 && buf[0] == 'a' as u8 {
--- a/docs/listings/baby_fuzzer/listing-05/src/main.rs
+++ b/docs/listings/baby_fuzzer/listing-05/src/main.rs
@ -28,7 +28,7 @@ fn signals_set(idx: usize) {
 fn main() {
    // The closure that we want to fuzz
-    let mut harness = |input: &BytesInput| {
+    let mut harness = |input: &mut BytesInput| {
        let target = input.target_bytes();
        let buf = target.as_slice();
        signals_set(0); // set SIGNALS[0]
--- a/docs/listings/baby_fuzzer/listing-06/src/main.rs
+++ b/docs/listings/baby_fuzzer/listing-06/src/main.rs
@ -29,7 +29,7 @@ fn signals_set(idx: usize) {
 fn main() {
    // The closure that we want to fuzz
-    let mut harness = |input: &BytesInput| {
+    let mut harness = |input: &mut BytesInput| {
        let target = input.target_bytes();
        let buf = target.as_slice();
        signals_set(0); // set SIGNALS[0]
--- a/fuzzers/baby_fuzzer/src/main.rs
+++ b/fuzzers/baby_fuzzer/src/main.rs
@ -34,7 +34,7 @@ fn signals_set(idx: usize) {
 #[allow(clippy::similar_names, clippy::manual_assert)]
 pub fn main() {
    // The closure that we want to fuzz
-    let mut harness = |input: &BytesInput| {
+    let mut harness = |input: &mut BytesInput| {
        let target = input.target_bytes();
        let buf = target.as_slice();
        signals_set(0);
--- a/fuzzers/baby_fuzzer_gramatron/src/main.rs
+++ b/fuzzers/baby_fuzzer_gramatron/src/main.rs
@ -49,7 +49,7 @@ pub fn main() {
    let mut bytes = vec![];
    // The closure that we want to fuzz
-    let mut harness = |input: &GramatronInput| {
+    let mut harness = |input: &mut GramatronInput| {
        input.unparse(&mut bytes);
        unsafe {
            println!(">>> {}", std::str::from_utf8_unchecked(&bytes));
--- a/fuzzers/baby_fuzzer_grimoire/src/main.rs
+++ b/fuzzers/baby_fuzzer_grimoire/src/main.rs
@ -65,7 +65,7 @@ pub fn main() {
    }
    // The closure that we want to fuzz
-    let mut harness = |input: &BytesInput| {
+    let mut harness = |input: &mut BytesInput| {
        let target_bytes = input.target_bytes();
        let bytes = target_bytes.as_slice();
--- a/fuzzers/baby_fuzzer_minimizing/src/main.rs
+++ b/fuzzers/baby_fuzzer_minimizing/src/main.rs
@ -16,7 +16,7 @@ fn signals_set(idx: usize) {
 #[allow(clippy::similar_names)]
 pub fn main() -> Result<(), Error> {
    // The closure that we want to fuzz
-    let mut harness = |input: &BytesInput| {
+    let mut harness = |input: &mut BytesInput| {
        let target = input.target_bytes();
        let buf = target.as_slice();
        signals_set(0);
--- a/fuzzers/baby_fuzzer_nautilus/src/main.rs
+++ b/fuzzers/baby_fuzzer_nautilus/src/main.rs
@ -38,7 +38,7 @@ pub fn main() {
    let mut bytes = vec![];
    // The closure that we want to fuzz
-    let mut harness = |input: &NautilusInput| {
+    let mut harness = |input: &mut NautilusInput| {
        input.unparse(&context, &mut bytes);
        unsafe {
            println!(">>> {}", std::str::from_utf8_unchecked(&bytes));
--- a/fuzzers/baby_fuzzer_swap_differential/src/main.rs
+++ b/fuzzers/baby_fuzzer_swap_differential/src/main.rs
@ -67,7 +67,7 @@ use slicemap::{HitcountsMapObserver, EDGES};
 #[allow(clippy::too_many_lines)]
 pub fn main() {
    // The closure that we want to fuzz
-    let mut first_harness = |input: &BytesInput| {
+    let mut first_harness = |input: &mut BytesInput| {
        let target = input.target_bytes();
        let buf = target.as_slice();
        if unsafe { inspect_first(buf.as_ptr(), buf.len()) } {
@ -76,7 +76,7 @@ pub fn main() {
            ExitKind::Ok
        }
    };
-    let mut second_harness = |input: &BytesInput| {
+    let mut second_harness = |input: &mut BytesInput| {
        let target = input.target_bytes();
        let buf = target.as_slice();
        if unsafe { inspect_second(buf.as_ptr(), buf.len()) } {
--- a/fuzzers/baby_fuzzer_tokens/src/main.rs
+++ b/fuzzers/baby_fuzzer_tokens/src/main.rs
@ -57,7 +57,7 @@ pub fn main() {
    }
    // The closure that we want to fuzz
-    let mut harness = |input: &EncodedInput| {
+    let mut harness = |input: &mut EncodedInput| {
        decoded_bytes.clear();
        encoder_decoder.decode(input, &mut decoded_bytes).unwrap();
        unsafe {
--- a/fuzzers/baby_fuzzer_wasm/src/lib.rs
+++ b/fuzzers/baby_fuzzer_wasm/src/lib.rs
@ -44,7 +44,7 @@ pub fn fuzz() {
    };
    // The closure that we want to fuzz
-    let mut harness = |input: &BytesInput| {
+    let mut harness = |input: &mut BytesInput| {
        let target = input.target_bytes();
        let buf = target.as_slice();
        signals_set(0);
--- a/fuzzers/baby_fuzzer_with_forkexecutor/src/main.rs
+++ b/fuzzers/baby_fuzzer_with_forkexecutor/src/main.rs
@ -37,7 +37,7 @@ pub fn main() {
    };
    // The closure that we want to fuzz
-    let mut harness = |input: &BytesInput| {
+    let mut harness = |input: &mut BytesInput| {
        let target = input.target_bytes();
        let buf = target.as_slice();
        signals_set(0);
--- a/fuzzers/baby_no_std/src/main.rs
+++ b/fuzzers/baby_no_std/src/main.rs
@ -69,7 +69,7 @@ pub extern "C" fn external_current_millis() -> u64 {
 #[no_mangle]
 pub extern "C" fn main(_argc: isize, _argv: *const *const u8) -> isize {
    // The closure that we want to fuzz
-    let mut harness = |input: &BytesInput| {
+    let mut harness = |input: &mut BytesInput| {
        let target = input.target_bytes();
        let buf = target.as_slice();
        signals_set(0);
--- a/fuzzers/backtrace_baby_fuzzers/c_code_with_fork_executor/src/main.rs
+++ b/fuzzers/backtrace_baby_fuzzers/c_code_with_fork_executor/src/main.rs
@ -38,7 +38,7 @@ pub fn main() {
    let mut shmem_provider = StdShMemProvider::new().unwrap();
    unsafe { create_shmem_array() };
    let map_ptr = unsafe { get_ptr() };
-    let mut harness = |input: &BytesInput| {
+    let mut harness = |input: &mut BytesInput| {
        let target = input.target_bytes();
        let buf = target.as_slice();
        unsafe { c_harness(buf.as_ptr()) }
--- a/fuzzers/backtrace_baby_fuzzers/c_code_with_inprocess_executor/src/main.rs
+++ b/fuzzers/backtrace_baby_fuzzers/c_code_with_inprocess_executor/src/main.rs
@ -28,7 +28,7 @@ extern "C" {
 #[allow(clippy::similar_names)]
 pub fn main() {
-    let mut harness = |input: &BytesInput| {
+    let mut harness = |input: &mut BytesInput| {
        let target = input.target_bytes();
        let buf = target.as_slice();
        unsafe { c_harness(buf.as_ptr()) }
--- a/fuzzers/backtrace_baby_fuzzers/rust_code_with_fork_executor/src/main.rs
+++ b/fuzzers/backtrace_baby_fuzzers/rust_code_with_fork_executor/src/main.rs
@ -39,7 +39,7 @@ pub fn main() {
    };
    // The closure that we want to fuzz
-    let mut harness = |input: &BytesInput| {
+    let mut harness = |input: &mut BytesInput| {
        let target = input.target_bytes();
        let buf = target.as_slice();
        signals_set(0);
--- a/fuzzers/backtrace_baby_fuzzers/rust_code_with_inprocess_executor/src/main.rs
+++ b/fuzzers/backtrace_baby_fuzzers/rust_code_with_inprocess_executor/src/main.rs
@ -32,7 +32,7 @@ fn signals_set(idx: usize) {
 #[allow(clippy::similar_names)]
 pub fn main() {
    // The closure that we want to fuzz
-    let mut harness = |input: &BytesInput| {
+    let mut harness = |input: &mut BytesInput| {
        let target = input.target_bytes();
        let buf = target.as_slice();
        signals_set(0);
--- a/fuzzers/frida_executable_libpng/src/fuzzer.rs
+++ b/fuzzers/frida_executable_libpng/src/fuzzer.rs
@ -55,7 +55,7 @@ pub unsafe fn lib(main: extern "C" fn(i32, *const *const u8, *const *const u8) -
    let options = parse_args();
-    let mut frida_harness = |input: &BytesInput| {
+    let mut frida_harness = |input: &mut BytesInput| {
        let target = input.target_bytes();
        let buf = target.as_slice();
        let len = buf.len().to_string();
@ -87,7 +87,7 @@ pub unsafe fn lib(main: extern "C" fn(i32, *const *const u8, *const *const u8) -
 #[allow(clippy::too_many_lines, clippy::too_many_arguments)]
 unsafe fn fuzz(
    options: &FuzzerOptions,
-    mut frida_harness: &dyn Fn(&BytesInput) -> ExitKind,
+    mut frida_harness: &dyn Fn(&mut BytesInput) -> ExitKind,
 ) -> Result<(), Error> {
    // 'While the stats are state, they are usually used in the broker - which is likely never restarted
    let monitor = MultiMonitor::new(|s| println!("{s}"));
--- a/fuzzers/frida_gdiplus/src/fuzzer.rs
+++ b/fuzzers/frida_gdiplus/src/fuzzer.rs
@ -85,7 +85,7 @@ unsafe fn fuzz(options: &FuzzerOptions) -> Result<(), Error> {
            unsafe extern "C" fn(data: *const u8, size: usize) -> i32,
        > = lib.get(options.harness_function.as_bytes()).unwrap();
-        let mut frida_harness = |input: &BytesInput| {
+        let mut frida_harness = |input: &mut BytesInput| {
            let target = input.target_bytes();
            let buf = target.as_slice();
            (target_func)(buf.as_ptr(), buf.len());
--- a/fuzzers/frida_libpng/src/fuzzer.rs
+++ b/fuzzers/frida_libpng/src/fuzzer.rs
@ -82,7 +82,7 @@ unsafe fn fuzz(options: &FuzzerOptions) -> Result<(), Error> {
            unsafe extern "C" fn(data: *const u8, size: usize) -> i32,
        > = lib.get(options.harness_function.as_bytes()).unwrap();
-        let mut frida_harness = |input: &BytesInput| {
+        let mut frida_harness = |input: &mut BytesInput| {
            let target = input.target_bytes();
            let buf = target.as_slice();
            (target_func)(buf.as_ptr(), buf.len());
--- a/fuzzers/fuzzbench/src/lib.rs
+++ b/fuzzers/fuzzbench/src/lib.rs
@ -317,7 +317,7 @@ fn fuzz(
    let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective);
    // The wrapped harness function, calling out to the LLVM-style harness
-    let mut harness = |input: &BytesInput| {
+    let mut harness = |input: &mut BytesInput| {
        let target = input.target_bytes();
        let buf = target.as_slice();
        libfuzzer_test_one_input(buf);
--- a/fuzzers/fuzzbench_fork_qemu/src/fuzzer.rs
+++ b/fuzzers/fuzzbench_fork_qemu/src/fuzzer.rs
@ -305,7 +305,7 @@ fn fuzz(
    let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective);
    // The wrapped harness function, calling out to the LLVM-style harness
-    let mut harness = |input: &BytesInput| {
+    let mut harness = |input: &mut BytesInput| {
        let target = input.target_bytes();
        let mut buf = target.as_slice();
        let mut len = buf.len();
--- a/fuzzers/fuzzbench_qemu/src/fuzzer.rs
+++ b/fuzzers/fuzzbench_qemu/src/fuzzer.rs
@ -317,7 +317,7 @@ fn fuzz(
    let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective);
    // The wrapped harness function, calling out to the LLVM-style harness
-    let mut harness = |input: &BytesInput| {
+    let mut harness = |input: &mut BytesInput| {
        let target = input.target_bytes();
        let mut buf = target.as_slice();
        let mut len = buf.len();
--- a/fuzzers/fuzzbench_text/src/lib.rs
+++ b/fuzzers/fuzzbench_text/src/lib.rs
@ -384,7 +384,7 @@ fn fuzz_binary(
    let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective);
    // The wrapped harness function, calling out to the LLVM-style harness
-    let mut harness = |input: &BytesInput| {
+    let mut harness = |input: &mut BytesInput| {
        let target = input.target_bytes();
        let buf = target.as_slice();
        libfuzzer_test_one_input(buf);
@ -609,7 +609,7 @@ fn fuzz_text(
    let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective);
    // The wrapped harness function, calling out to the LLVM-style harness
-    let mut harness = |input: &BytesInput| {
+    let mut harness = |input: &mut BytesInput| {
        let target = input.target_bytes();
        let buf = target.as_slice();
        libfuzzer_test_one_input(buf);
--- a/fuzzers/libafl_atheris/src/lib.rs
+++ b/fuzzers/libafl_atheris/src/lib.rs
@ -249,7 +249,7 @@ pub fn LLVMFuzzerRunDriver(
        let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective);
        // The wrapped harness function, calling out to the LLVM-style harness
-        let mut harness = |input: &BytesInput| {
+        let mut harness = |input: &mut BytesInput| {
            let target = input.target_bytes();
            let buf = target.as_slice();
            harness_fn(buf.as_ptr(), buf.len());
@ -269,7 +269,7 @@ pub fn LLVMFuzzerRunDriver(
        );
        // Secondary harness due to mut ownership
-        let mut harness = |input: &BytesInput| {
+        let mut harness = |input: &mut BytesInput| {
            let target = input.target_bytes();
            let buf = target.as_slice();
            harness_fn(buf.as_ptr(), buf.len());
--- a/fuzzers/libfuzzer_libmozjpeg/src/lib.rs
+++ b/fuzzers/libfuzzer_libmozjpeg/src/lib.rs
@ -133,7 +133,7 @@ fn fuzz(corpus_dirs: &[PathBuf], objective_dir: PathBuf, broker_port: u16) -> Re
    let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective);
    // The wrapped harness function, calling out to the LLVM-style harness
-    let mut harness = |input: &BytesInput| {
+    let mut harness = |input: &mut BytesInput| {
        let target = input.target_bytes();
        let buf = target.as_slice();
        libfuzzer_test_one_input(buf);
--- a/fuzzers/libfuzzer_libpng/src/lib.rs
+++ b/fuzzers/libfuzzer_libpng/src/lib.rs
@ -157,7 +157,7 @@ fn fuzz(corpus_dirs: &[PathBuf], objective_dir: PathBuf, broker_port: u16) -> Re
    let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective);
    // The wrapped harness function, calling out to the LLVM-style harness
-    let mut harness = |input: &BytesInput| {
+    let mut harness = |input: &mut BytesInput| {
        let target = input.target_bytes();
        let buf = target.as_slice();
        #[cfg(feature = "crash")]
--- a/fuzzers/libfuzzer_libpng_accounting/src/lib.rs
+++ b/fuzzers/libfuzzer_libpng_accounting/src/lib.rs
@ -198,7 +198,7 @@ pub fn libafl_main() {
        let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective);
        // The wrapped harness function, calling out to the LLVM-style harness
-        let mut harness = |input: &BytesInput| {
+        let mut harness = |input: &mut BytesInput| {
            let target = input.target_bytes();
            let buf = target.as_slice();
            libfuzzer_test_one_input(buf);
--- a/fuzzers/libfuzzer_libpng_centralized/src/lib.rs
+++ b/fuzzers/libfuzzer_libpng_centralized/src/lib.rs
@ -230,7 +230,7 @@ pub fn libafl_main() {
        let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective);
        // The wrapped harness function, calling out to the LLVM-style harness
-        let mut harness = |input: &BytesInput| {
+        let mut harness = |input: &mut BytesInput| {
            let target = input.target_bytes();
            let buf = target.as_slice();
            libfuzzer_test_one_input(buf);
--- a/fuzzers/libfuzzer_libpng_cmin/src/lib.rs
+++ b/fuzzers/libfuzzer_libpng_cmin/src/lib.rs
@ -156,7 +156,7 @@ fn fuzz(corpus_dirs: &[PathBuf], objective_dir: PathBuf, broker_port: u16) -> Re
    let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective);
    // The wrapped harness function, calling out to the LLVM-style harness
-    let mut harness = |input: &BytesInput| {
+    let mut harness = |input: &mut BytesInput| {
        let target = input.target_bytes();
        let buf = target.as_slice();
        #[cfg(feature = "crash")]
--- a/fuzzers/libfuzzer_libpng_ctx/src/lib.rs
+++ b/fuzzers/libfuzzer_libpng_ctx/src/lib.rs
@ -189,7 +189,7 @@ pub fn libafl_main() {
        let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective);
        // The wrapped harness function, calling out to the LLVM-style harness
-        let mut harness = |input: &BytesInput| {
+        let mut harness = |input: &mut BytesInput| {
            let target = input.target_bytes();
            let buf = target.as_slice();
            libfuzzer_test_one_input(buf);
--- a/fuzzers/libfuzzer_libpng_launcher/src/lib.rs
+++ b/fuzzers/libfuzzer_libpng_launcher/src/lib.rs
@ -194,7 +194,7 @@ pub fn libafl_main() {
        let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective);
        // The wrapped harness function, calling out to the LLVM-style harness
-        let mut harness = |input: &BytesInput| {
+        let mut harness = |input: &mut BytesInput| {
            let target = input.target_bytes();
            let buf = target.as_slice();
            libfuzzer_test_one_input(buf);
--- a/fuzzers/libfuzzer_libpng_norestart/src/lib.rs
+++ b/fuzzers/libfuzzer_libpng_norestart/src/lib.rs
@ -215,7 +215,7 @@ pub fn libafl_main() {
        let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective);
        // The wrapped harness function, calling out to the LLVM-style harness
-        let mut harness = |input: &BytesInput| {
+        let mut harness = |input: &mut BytesInput| {
            let target = input.target_bytes();
            let buf = target.as_slice();
            libfuzzer_test_one_input(buf);
--- a/fuzzers/libfuzzer_libpng_tcp_manager/src/lib.rs
+++ b/fuzzers/libfuzzer_libpng_tcp_manager/src/lib.rs
@ -155,7 +155,7 @@ fn fuzz(corpus_dirs: &[PathBuf], objective_dir: PathBuf, broker_port: u16) -> Re
    let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective);
    // The wrapped harness function, calling out to the LLVM-style harness
-    let mut harness = |input: &BytesInput| {
+    let mut harness = |input: &mut BytesInput| {
        let target = input.target_bytes();
        let buf = target.as_slice();
        #[cfg(feature = "crash")]
--- a/fuzzers/libfuzzer_reachability/src/lib.rs
+++ b/fuzzers/libfuzzer_reachability/src/lib.rs
@ -112,7 +112,7 @@ fn fuzz(corpus_dirs: &[PathBuf], objective_dir: PathBuf, broker_port: u16) -> Re
    let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective);
    // The wrapped harness function, calling out to the LLVM-style harness
-    let mut harness = |input: &BytesInput| {
+    let mut harness = |input: &mut BytesInput| {
        let target = input.target_bytes();
        let buf = target.as_slice();
        libfuzzer_test_one_input(buf);
--- a/fuzzers/libfuzzer_stb_image/src/main.rs
+++ b/fuzzers/libfuzzer_stb_image/src/main.rs
@ -115,7 +115,7 @@ fn fuzz(corpus_dirs: &[PathBuf], objective_dir: PathBuf, broker_port: u16) -> Re
    let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective);
    // The wrapped harness function, calling out to the LLVM-style harness
-    let mut harness = |input: &BytesInput| {
+    let mut harness = |input: &mut BytesInput| {
        let target = input.target_bytes();
        let buf = target.as_slice();
        libfuzzer_test_one_input(buf);
--- a/fuzzers/libfuzzer_stb_image_concolic/fuzzer/src/main.rs
+++ b/fuzzers/libfuzzer_stb_image_concolic/fuzzer/src/main.rs
@ -153,7 +153,7 @@ fn fuzz(
    let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective);
    // The wrapped harness function, calling out to the LLVM-style harness
-    let mut harness = |input: &BytesInput| {
+    let mut harness = |input: &mut BytesInput| {
        let target = input.target_bytes();
        let buf = target.as_slice();
        libfuzzer_test_one_input(buf);
--- a/fuzzers/libfuzzer_windows_asan/src/lib.rs
+++ b/fuzzers/libfuzzer_windows_asan/src/lib.rs
@ -122,7 +122,7 @@ fn fuzz(corpus_dirs: &[PathBuf], objective_dir: PathBuf, broker_port: u16) -> Re
    let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective);
    // The wrapped harness function, calling out to the LLVM-style harness
-    let mut harness = |input: &BytesInput| {
+    let mut harness = |input: &mut BytesInput| {
        let target = input.target_bytes();
        let buf = target.as_slice();
        libfuzzer_test_one_input(buf);
--- a/fuzzers/nautilus_sync/src/lib.rs
+++ b/fuzzers/nautilus_sync/src/lib.rs
@ -135,7 +135,7 @@ pub fn libafl_main() {
        let mut bytes = vec![];
        // The closure that we want to fuzz
-        let mut harness = |input: &NautilusInput| {
+        let mut harness = |input: &mut NautilusInput| {
            input.unparse(&context, &mut bytes);
            libfuzzer_test_one_input(&bytes);
            ExitKind::Ok
--- a/fuzzers/push_harness/src/main.rs
+++ b/fuzzers/push_harness/src/main.rs
@ -32,7 +32,7 @@ fn signals_set(idx: usize) {
 #[allow(clippy::similar_names)]
 fn input_generator() {
    // The closure that produced the input for the generator
-    let mut harness = |input: &BytesInput| {
+    let mut harness = |input: &mut BytesInput| {
        // The `yield_` switches execution context back to the loop in `main`.
        // When `resume` is called, we return to this function.
        yield_(input);
--- a/fuzzers/qemu_coverage/src/fuzzer.rs
+++ b/fuzzers/qemu_coverage/src/fuzzer.rs
@ -203,7 +203,7 @@ pub fn fuzz() {
    let input_addr = emu.map_private(0, 4096, MmapPerms::ReadWrite).unwrap();
    println!("Placing input at {input_addr:#x}");
-    let mut harness = |input: &BytesInput| {
+    let mut harness = |input: &mut BytesInput| {
        let target = input.target_bytes();
        let buf = target
            .as_slice()
--- a/fuzzers/qemu_launcher/src/fuzzer.rs
+++ b/fuzzers/qemu_launcher/src/fuzzer.rs
@ -210,7 +210,7 @@ pub fn fuzz() {
    let input_addr = emu.map_private(0, 4096, MmapPerms::ReadWrite).unwrap();
    println!("Placing input at {input_addr:#x}");
-    let mut harness = |input: &BytesInput| {
+    let mut harness = |input: &mut BytesInput| {
        let target = input.target_bytes();
        let buf = target
            .as_slice()
--- a/fuzzers/qemu_systemmode/src/fuzzer.rs
+++ b/fuzzers/qemu_systemmode/src/fuzzer.rs
@ -99,7 +99,7 @@ pub fn fuzz() {
        let snap = emu.create_fast_snapshot(true);
        // The wrapped harness function, calling out to the LLVM-style harness
-        let mut harness = |input: &BytesInput| {
+        let mut harness = |input: &mut BytesInput| {
            let target = input.target_bytes();
            let mut buf = target.as_slice();
            let len = buf.len();
--- a/fuzzers/tutorial/src/lib.rs
+++ b/fuzzers/tutorial/src/lib.rs
@ -56,7 +56,7 @@ pub fn libafl_main() {
 /// The actual fuzzer
 fn fuzz(corpus_dirs: &[PathBuf], objective_dir: PathBuf, broker_port: u16) -> Result<(), Error> {
    // The wrapped harness function, calling out to the LLVM-style harness
-    let mut harness = |input: &PacketData| {
+    let mut harness = |input: &mut PacketData| {
        let target = input.target_bytes();
        let buf = target.as_slice();
        libfuzzer_test_one_input(buf);
--- a/libafl/src/bolts/minibsod.rs
+++ b/libafl/src/bolts/minibsod.rs
@ -54,11 +54,11 @@ pub fn dump_registers<W: Write>(
    writer: &mut BufWriter<W>,
    ucontext: &ucontext_t,
 ) -> Result<(), std::io::Error> {
-    for reg in 0..31 {
+    for reg in 0..31_usize {
        write!(
            writer,
            "x{:02}: 0x{:016x} ",
-            reg, ucontext.uc_mcontext.regs[reg as usize]
+            reg, ucontext.uc_mcontext.regs[reg]
        )?;
        if reg % 4 == 3 {
            writeln!(writer)?;
--- a/libafl/src/bolts/shmem.rs
+++ b/libafl/src/bolts/shmem.rs
@ -2,6 +2,8 @@
 //! too.)
 use alloc::{rc::Rc, string::ToString};
 #[cfg(feature = "std")]
 use core::num::TryFromIntError;
 use core::{
    cell::RefCell,
    fmt::{self, Debug, Display},
@ -1442,23 +1444,34 @@ impl<T: ShMem> std::io::Seek for ShMemCursor<T> {
            std::io::SeekFrom::Start(s) => s,
            std::io::SeekFrom::End(offset) => {
                let map_len = self.inner.as_slice().len();
-                i64::try_from(map_len).unwrap();
+                let signed_pos: i64 = map_len.try_into().map_err(|e: TryFromIntError| {
-                let signed_pos = i64::try_from(map_len).unwrap();
+                    std::io::Error::new(std::io::ErrorKind::Other, e)
-                let effective = signed_pos.checked_add(offset).unwrap();
+                })?;
                let effective = signed_pos.checked_add(offset).ok_or_else(|| {
                    std::io::Error::new(std::io::ErrorKind::Other, "Invalid offset")
                })?;
                assert!(effective >= 0);
-                effective.try_into().unwrap()
+                effective.try_into().map_err(|e: TryFromIntError| {
                    std::io::Error::new(std::io::ErrorKind::Other, e)
                })?
            }
            std::io::SeekFrom::Current(offset) => {
                let current_pos = self.pos;
-                i64::try_from(current_pos).unwrap();
+                let signed_pos: i64 = current_pos.try_into().map_err(|e: TryFromIntError| {
-                let signed_pos = i64::try_from(current_pos).unwrap();
+                    std::io::Error::new(std::io::ErrorKind::Other, e)
-                let effective = signed_pos.checked_add(offset).unwrap();
+                })?;
                let effective = signed_pos.checked_add(offset).ok_or_else(|| {
                    std::io::Error::new(std::io::ErrorKind::Other, "Invalid offset")
                })?;
                assert!(effective >= 0);
-                effective.try_into().unwrap()
+                effective.try_into().map_err(|e: TryFromIntError| {
                    std::io::Error::new(std::io::ErrorKind::Other, e)
                })?
            }
        };
-        usize::try_from(effective_new_pos).unwrap();
+        self.pos = effective_new_pos
-        self.pos = effective_new_pos as usize;
+            .try_into()
            .map_err(|e: TryFromIntError| std::io::Error::new(std::io::ErrorKind::Other, e))?;
        Ok(effective_new_pos)
    }
 }
--- a/libafl/src/corpus/minimizer.rs
+++ b/libafl/src/corpus/minimizer.rs
@ -128,7 +128,7 @@ where
            // Execute the input; we cannot rely on the metadata already being present.
            executor.observers_mut().pre_exec_all(state, &input)?;
-            let kind = executor.run_target(fuzzer, state, manager, &input)?;
+            let kind = executor.run_target(fuzzer, state, manager, &mut input.clone())?;
            executor
                .observers_mut()
                .post_exec_all(state, &input, &kind)?;
--- a/libafl/src/events/llmp.rs
+++ b/libafl/src/events/llmp.rs
@ -1558,7 +1558,7 @@ mod tests {
        let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective);
-        let mut harness = |_buf: &BytesInput| ExitKind::Ok;
+        let mut harness = |_buf: &mut BytesInput| ExitKind::Ok;
        let mut executor = InProcessExecutor::new(
            &mut harness,
            tuple_list!(),
--- a/libafl/src/executors/combined.rs
+++ b/libafl/src/executors/combined.rs
@ -52,7 +52,7 @@ where
        fuzzer: &mut Z,
        state: &mut Self::State,
        mgr: &mut EM,
-        input: &Self::Input,
+        input: &mut Self::Input,
    ) -> Result<ExitKind, Error> {
        let ret = self.primary.run_target(fuzzer, state, mgr, input);
        self.primary.post_run_reset();
--- a/libafl/src/executors/command.rs
+++ b/libafl/src/executors/command.rs
@ -323,7 +323,7 @@ where
        _fuzzer: &mut Z,
        _state: &mut Self::State,
        _mgr: &mut EM,
-        input: &Self::Input,
+        input: &mut Self::Input,
    ) -> Result<ExitKind, Error> {
        use std::os::unix::prelude::ExitStatusExt;
@ -712,7 +712,7 @@ mod tests {
                &mut NopFuzzer::new(),
                &mut NopState::new(),
                &mut mgr,
-                &BytesInput::new(b"test".to_vec()),
+                &mut BytesInput::new(b"test".to_vec()),
            )
            .unwrap();
    }
@ -740,7 +740,7 @@ mod tests {
                &mut NopFuzzer::new(),
                &mut NopState::new(),
                &mut mgr,
-                &BytesInput::new(b"test".to_vec()),
+                &mut BytesInput::new(b"test".to_vec()),
            )
            .unwrap();
    }
--- a/libafl/src/executors/differential.rs
+++ b/libafl/src/executors/differential.rs
@ -68,7 +68,7 @@ where
        fuzzer: &mut Z,
        state: &mut Self::State,
        mgr: &mut EM,
-        input: &Self::Input,
+        input: &mut Self::Input,
    ) -> Result<ExitKind, Error> {
        self.observers(); // update in advance
        let observers = self.observers.get_mut();
--- a/libafl/src/executors/forkserver.rs
+++ b/libafl/src/executors/forkserver.rs
@ -429,7 +429,7 @@ where
        _fuzzer: &mut Z,
        _state: &mut Self::State,
        _mgr: &mut EM,
-        input: &Self::Input,
+        input: &mut Self::Input,
    ) -> Result<ExitKind, Error> {
        let mut exit_kind = ExitKind::Ok;
@ -1091,7 +1091,7 @@ where
        _fuzzer: &mut Z,
        _state: &mut Self::State,
        _mgr: &mut EM,
-        input: &Self::Input,
+        input: &mut Self::Input,
    ) -> Result<ExitKind, Error> {
        let mut exit_kind = ExitKind::Ok;
--- a/libafl/src/executors/inprocess.rs
+++ b/libafl/src/executors/inprocess.rs
@ -56,22 +56,27 @@ use crate::{
    Error,
 };
-/// The process executor simply calls a target function, as mutable reference to a closure
+/// [`InProcessExecutor`] calls a target function as a mutable reference to a closure with a
 /// mutable reference to the input as an argument to allow the harness to mutate the input
 pub type InProcessExecutor<'a, H, OT, S> = GenericInProcessExecutor<H, &'a mut H, OT, S>;
-/// The process executor simply calls a target function, as boxed `FnMut` trait object
+/// [`OwnedInProcessExecutor`] calls a boxed target function as a mutable reference
 /// to a closure with a mutable reference to the input as an argument to allow the
 /// harness to mutate the input
 pub type OwnedInProcessExecutor<OT, S> = GenericInProcessExecutor<
-    dyn FnMut(&<S as UsesInput>::Input) -> ExitKind,
+    dyn FnMut(&mut <S as UsesInput>::Input) -> ExitKind,
-    Box<dyn FnMut(&<S as UsesInput>::Input) -> ExitKind>,
+    Box<dyn FnMut(&mut <S as UsesInput>::Input) -> ExitKind>,
    OT,
    S,
 >;
-/// The inmem executor simply calls a target function, then returns afterwards.
+/// The [`GenericInProcessExecutor`] calls a target function as a mutable reference
 /// to a closure with a mutable reference to the input as an argument to allow the
 /// harness to mutate the input, and returns afterwards
 #[allow(dead_code)]
 pub struct GenericInProcessExecutor<H, HB, OT, S>
 where
-    H: FnMut(&S::Input) -> ExitKind + ?Sized,
+    H: FnMut(&mut S::Input) -> ExitKind + ?Sized,
    HB: BorrowMut<H>,
    OT: ObserversTuple<S>,
    S: UsesInput,
@ -87,7 +92,7 @@ where
 impl<H, HB, OT, S> Debug for GenericInProcessExecutor<H, HB, OT, S>
 where
-    H: FnMut(&S::Input) -> ExitKind + ?Sized,
+    H: FnMut(&mut S::Input) -> ExitKind + ?Sized,
    HB: BorrowMut<H>,
    OT: ObserversTuple<S>,
    S: UsesInput,
@ -102,7 +107,7 @@ where
 impl<H, HB, OT, S> UsesState for GenericInProcessExecutor<H, HB, OT, S>
 where
-    H: ?Sized + FnMut(&S::Input) -> ExitKind,
+    H: ?Sized + FnMut(&mut S::Input) -> ExitKind,
    HB: BorrowMut<H>,
    OT: ObserversTuple<S>,
    S: UsesInput,
@ -112,7 +117,7 @@ where
 impl<H, HB, OT, S> UsesObservers for GenericInProcessExecutor<H, HB, OT, S>
 where
-    H: ?Sized + FnMut(&S::Input) -> ExitKind,
+    H: ?Sized + FnMut(&mut S::Input) -> ExitKind,
    HB: BorrowMut<H>,
    OT: ObserversTuple<S>,
    S: UsesInput,
@ -122,7 +127,7 @@ where
 impl<EM, H, HB, OT, S, Z> Executor<EM, Z> for GenericInProcessExecutor<H, HB, OT, S>
 where
-    H: FnMut(&S::Input) -> ExitKind + ?Sized,
+    H: FnMut(&mut S::Input) -> ExitKind + ?Sized,
    HB: BorrowMut<H>,
    EM: UsesState<State = S>,
    OT: ObserversTuple<S>,
@ -134,7 +139,7 @@ where
        fuzzer: &mut Z,
        state: &mut Self::State,
        mgr: &mut EM,
-        input: &Self::Input,
+        input: &mut Self::Input,
    ) -> Result<ExitKind, Error> {
        self.handlers
            .pre_run_target(self, fuzzer, state, mgr, input);
@ -146,27 +151,9 @@ where
    }
 }
 impl<H, HB, OT, S> HasObservers for GenericInProcessExecutor<H, HB, OT, S>
 where
    H: FnMut(&S::Input) -> ExitKind + ?Sized,
    HB: BorrowMut<H>,
    OT: ObserversTuple<S>,
    S: UsesInput,
 {
    #[inline]
    fn observers(&self) -> &OT {
        &self.observers
    }
    #[inline]
    fn observers_mut(&mut self) -> &mut OT {
        &mut self.observers
    }
 }
 impl<H, HB, OT, S> GenericInProcessExecutor<H, HB, OT, S>
 where
-    H: FnMut(&<S as UsesInput>::Input) -> ExitKind + ?Sized,
+    H: FnMut(&mut <S as UsesInput>::Input) -> ExitKind + ?Sized,
    HB: BorrowMut<H>,
    OT: ObserversTuple<S>,
    S: HasSolutions + HasClientPerfMonitor + HasCorpus + HasExecutions,
@ -174,7 +161,8 @@ where
    /// Create a new in mem executor.
    /// Caution: crash and restart in one of them will lead to odd behavior if multiple are used,
    /// depending on different corpus or state.
-    /// * `harness_fn` - the harness, executing the function
+    /// * `harness_fn` - the harness, executing the function. The harness may also mutate the
    ///   input.
    /// * `observers` - the observers observing the target during execution
    /// This may return an error on unix, if signal handler setup fails
    pub fn new<CF, EM, OF, Z>(
@ -243,6 +231,24 @@ where
    }
 }
 impl<H, HB, OT, S> HasObservers for GenericInProcessExecutor<H, HB, OT, S>
 where
    H: FnMut(&mut S::Input) -> ExitKind + ?Sized,
    HB: BorrowMut<H>,
    OT: ObserversTuple<S>,
    S: UsesInput,
 {
    #[inline]
    fn observers(&self) -> &OT {
        &self.observers
    }
    #[inline]
    fn observers_mut(&mut self) -> &mut OT {
        &mut self.observers
    }
 }
 /// The struct has [`InProcessHandlers`].
 #[cfg(windows)]
 pub trait HasInProcessHandlers {
@ -253,7 +259,7 @@ pub trait HasInProcessHandlers {
 #[cfg(windows)]
 impl<H, HB, OT, S> HasInProcessHandlers for GenericInProcessExecutor<H, HB, OT, S>
 where
-    H: FnMut(&<S as UsesInput>::Input) -> ExitKind + ?Sized,
+    H: FnMut(&mut <S as UsesInput>::Input) -> ExitKind + ?Sized,
    HB: BorrowMut<H>,
    OT: ObserversTuple<S>,
    S: HasSolutions + HasClientPerfMonitor + HasCorpus + HasExecutions,
@ -1584,10 +1590,12 @@ extern "C" {
 const ITIMER_REAL: libc::c_int = 0;
 /// [`InProcessForkExecutor`] is an executor that forks the current process before each execution.
 /// It is the same as [`InProcessForkExecutor`] except that it allows the harness input to be
 /// mutated.
 #[cfg(all(feature = "std", unix))]
 pub struct InProcessForkExecutor<'a, H, OT, S, SP>
 where
-    H: FnMut(&S::Input) -> ExitKind + ?Sized,
+    H: FnMut(&mut S::Input) -> ExitKind + ?Sized,
    OT: ObserversTuple<S>,
    S: UsesInput,
    SP: ShMemProvider,
@ -1603,7 +1611,7 @@ where
 #[cfg(all(feature = "std", unix))]
 pub struct TimeoutInProcessForkExecutor<'a, H, OT, S, SP>
 where
-    H: FnMut(&S::Input) -> ExitKind + ?Sized,
+    H: FnMut(&mut S::Input) -> ExitKind + ?Sized,
    OT: ObserversTuple<S>,
    S: UsesInput,
    SP: ShMemProvider,
@ -1622,7 +1630,7 @@ where
 #[cfg(all(feature = "std", unix))]
 impl<'a, H, OT, S, SP> Debug for InProcessForkExecutor<'a, H, OT, S, SP>
 where
-    H: FnMut(&S::Input) -> ExitKind + ?Sized,
+    H: FnMut(&mut S::Input) -> ExitKind + ?Sized,
    OT: ObserversTuple<S>,
    S: UsesInput,
    SP: ShMemProvider,
@ -1638,7 +1646,7 @@ where
 #[cfg(all(feature = "std", unix))]
 impl<'a, H, OT, S, SP> Debug for TimeoutInProcessForkExecutor<'a, H, OT, S, SP>
 where
-    H: FnMut(&S::Input) -> ExitKind + ?Sized,
+    H: FnMut(&mut S::Input) -> ExitKind + ?Sized,
    OT: ObserversTuple<S>,
    S: UsesInput,
    SP: ShMemProvider,
@ -1667,7 +1675,7 @@ where
 #[cfg(all(feature = "std", unix))]
 impl<'a, H, OT, S, SP> UsesState for InProcessForkExecutor<'a, H, OT, S, SP>
 where
-    H: ?Sized + FnMut(&S::Input) -> ExitKind,
+    H: ?Sized + FnMut(&mut S::Input) -> ExitKind,
    OT: ObserversTuple<S>,
    S: UsesInput,
    SP: ShMemProvider,
@ -1678,7 +1686,7 @@ where
 #[cfg(all(feature = "std", unix))]
 impl<'a, H, OT, S, SP> UsesState for TimeoutInProcessForkExecutor<'a, H, OT, S, SP>
 where
-    H: ?Sized + FnMut(&S::Input) -> ExitKind,
+    H: ?Sized + FnMut(&mut S::Input) -> ExitKind,
    OT: ObserversTuple<S>,
    S: UsesInput,
    SP: ShMemProvider,
@ -1690,7 +1698,7 @@ where
 impl<'a, EM, H, OT, S, SP, Z> Executor<EM, Z> for InProcessForkExecutor<'a, H, OT, S, SP>
 where
    EM: UsesState<State = S>,
-    H: FnMut(&S::Input) -> ExitKind + ?Sized,
+    H: FnMut(&mut S::Input) -> ExitKind + ?Sized,
    OT: ObserversTuple<S>,
    S: UsesInput,
    SP: ShMemProvider,
@ -1703,7 +1711,7 @@ where
        _fuzzer: &mut Z,
        state: &mut Self::State,
        _mgr: &mut EM,
-        input: &Self::Input,
+        input: &mut Self::Input,
    ) -> Result<ExitKind, Error> {
        unsafe {
            self.shmem_provider.pre_fork()?;
@ -1758,7 +1766,7 @@ where
 impl<'a, EM, H, OT, S, SP, Z> Executor<EM, Z> for TimeoutInProcessForkExecutor<'a, H, OT, S, SP>
 where
    EM: UsesState<State = S>,
-    H: FnMut(&S::Input) -> ExitKind + ?Sized,
+    H: FnMut(&mut S::Input) -> ExitKind + ?Sized,
    OT: ObserversTuple<S>,
    S: UsesInput,
    SP: ShMemProvider,
@ -1771,7 +1779,7 @@ where
        _fuzzer: &mut Z,
        state: &mut Self::State,
        _mgr: &mut EM,
-        input: &Self::Input,
+        input: &mut Self::Input,
    ) -> Result<ExitKind, Error> {
        unsafe {
            self.shmem_provider.pre_fork()?;
@ -1860,7 +1868,7 @@ where
 #[cfg(all(feature = "std", unix))]
 impl<'a, H, OT, S, SP> InProcessForkExecutor<'a, H, OT, S, SP>
 where
-    H: FnMut(&S::Input) -> ExitKind + ?Sized,
+    H: FnMut(&mut S::Input) -> ExitKind + ?Sized,
    OT: ObserversTuple<S>,
    S: UsesInput + HasCorpus,
    SP: ShMemProvider,
@ -1909,7 +1917,7 @@ where
 #[cfg(all(feature = "std", unix))]
 impl<'a, H, OT, S, SP> TimeoutInProcessForkExecutor<'a, H, OT, S, SP>
 where
-    H: FnMut(&S::Input) -> ExitKind + ?Sized,
+    H: FnMut(&mut S::Input) -> ExitKind + ?Sized,
    S: UsesInput + HasCorpus,
    OT: ObserversTuple<S>,
    SP: ShMemProvider,
@ -2020,7 +2028,7 @@ where
 #[cfg(all(feature = "std", unix))]
 impl<'a, H, OT, S, SP> UsesObservers for InProcessForkExecutor<'a, H, OT, S, SP>
 where
-    H: ?Sized + FnMut(&S::Input) -> ExitKind,
+    H: ?Sized + FnMut(&mut S::Input) -> ExitKind,
    OT: ObserversTuple<S>,
    S: UsesInput,
    SP: ShMemProvider,
@ -2031,7 +2039,7 @@ where
 #[cfg(all(feature = "std", unix))]
 impl<'a, H, OT, S, SP> UsesObservers for TimeoutInProcessForkExecutor<'a, H, OT, S, SP>
 where
-    H: ?Sized + FnMut(&S::Input) -> ExitKind,
+    H: ?Sized + FnMut(&mut S::Input) -> ExitKind,
    OT: ObserversTuple<S>,
    S: UsesInput,
    SP: ShMemProvider,
@ -2042,7 +2050,7 @@ where
 #[cfg(all(feature = "std", unix))]
 impl<'a, H, OT, S, SP> HasObservers for InProcessForkExecutor<'a, H, OT, S, SP>
 where
-    H: FnMut(&S::Input) -> ExitKind + ?Sized,
+    H: FnMut(&mut S::Input) -> ExitKind + ?Sized,
    S: UsesInput,
    OT: ObserversTuple<S>,
    SP: ShMemProvider,
@ -2061,7 +2069,7 @@ where
 #[cfg(all(feature = "std", unix))]
 impl<'a, H, OT, S, SP> HasObservers for TimeoutInProcessForkExecutor<'a, H, OT, S, SP>
 where
-    H: FnMut(&S::Input) -> ExitKind + ?Sized,
+    H: FnMut(&mut S::Input) -> ExitKind + ?Sized,
    S: UsesInput,
    OT: ObserversTuple<S>,
    SP: ShMemProvider,
@ -2189,7 +2197,7 @@ mod tests {
    #[test]
    fn test_inmem_exec() {
-        let mut harness = |_buf: &NopInput| ExitKind::Ok;
+        let mut harness = |_buf: &mut NopInput| ExitKind::Ok;
        let mut in_process_executor = InProcessExecutor::<_, _, _> {
            harness_fn: &mut harness,
@ -2197,13 +2205,13 @@ mod tests {
            handlers: InProcessHandlers::nop(),
            phantom: PhantomData,
        };
-        let input = NopInput {};
+        let mut input = NopInput {};
        in_process_executor
            .run_target(
                &mut NopFuzzer::new(),
                &mut NopState::new(),
                &mut NopEventManager::new(),
-                &input,
+                &mut input,
            )
            .unwrap();
    }
@ -2223,7 +2231,7 @@ mod tests {
        let provider = StdShMemProvider::new().unwrap();
-        let mut harness = |_buf: &NopInput| ExitKind::Ok;
+        let mut harness = |_buf: &mut NopInput| ExitKind::Ok;
        let mut in_process_fork_executor = InProcessForkExecutor::<_, (), _, _> {
            harness_fn: &mut harness,
            shmem_provider: provider,
@ -2231,12 +2239,12 @@ mod tests {
            handlers: InChildProcessHandlers::nop(),
            phantom: PhantomData,
        };
-        let input = NopInput {};
+        let mut input = NopInput {};
        let mut fuzzer = NopFuzzer::new();
        let mut state = NopState::new();
        let mut mgr = SimpleEventManager::printing();
        in_process_fork_executor
-            .run_target(&mut fuzzer, &mut state, &mut mgr, &input)
+            .run_target(&mut fuzzer, &mut state, &mut mgr, &mut input)
            .unwrap();
    }
 }
@ -2278,7 +2286,7 @@ pub mod pybind {
        ) -> Self {
            Self {
                inner: OwnedInProcessExecutor::new(
-                    Box::new(move |input: &BytesInput| {
+                    Box::new(move |input: &mut BytesInput| {
                        Python::with_gil(|py| -> PyResult<()> {
                            let args = (PyBytes::new(py, input.bytes()),);
                            harness.call1(py, args)?;
--- a/libafl/src/executors/mod.rs
+++ b/libafl/src/executors/mod.rs
@ -3,7 +3,7 @@
 pub mod inprocess;
 pub use inprocess::InProcessExecutor;
 #[cfg(all(feature = "std", feature = "fork", unix))]
-pub use inprocess::InProcessForkExecutor;
+pub use inprocess::{InProcessForkExecutor, TimeoutInProcessForkExecutor};
 pub mod differential;
 pub use differential::DiffExecutor;
@ -121,7 +121,7 @@ where
        fuzzer: &mut Z,
        state: &mut Self::State,
        mgr: &mut EM,
-        input: &Self::Input,
+        input: &mut Self::Input,
    ) -> Result<ExitKind, Error>;
    /// Wraps this Executor with the given [`ObserversTuple`] to implement [`HasObservers`].
@ -167,7 +167,7 @@ where
        _fuzzer: &mut Z,
        _state: &mut Self::State,
        _mgr: &mut EM,
-        input: &Self::Input,
+        input: &mut Self::Input,
    ) -> Result<ExitKind, Error> {
        if input.target_bytes().as_slice().is_empty() {
            Err(Error::empty("Input Empty"))
@ -186,8 +186,8 @@ mod test {
    #[test]
    fn nop_executor() {
-        let empty_input = BytesInput::new(vec![]);
+        let mut empty_input = BytesInput::new(vec![]);
-        let nonempty_input = BytesInput::new(vec![1u8]);
+        let mut nonempty_input = BytesInput::new(vec![1u8]);
        let mut executor = NopExecutor {
            phantom: PhantomData,
        };
@ -200,7 +200,7 @@ mod test {
                &mut fuzzer,
                &mut state,
                &mut NopEventManager::new(),
-                &empty_input,
+                &mut empty_input,
            )
            .unwrap_err();
        executor
@ -208,7 +208,7 @@ mod test {
                &mut fuzzer,
                &mut state,
                &mut NopEventManager::new(),
-                &nonempty_input,
+                &mut nonempty_input,
            )
            .unwrap();
    }
@ -352,7 +352,7 @@ pub mod pybind {
            fuzzer: &mut PythonStdFuzzer,
            state: &mut Self::State,
            mgr: &mut PythonEventManager,
-            input: &Self::Input,
+            input: &mut Self::Input,
        ) -> Result<ExitKind, Error> {
            let ek = Python::with_gil(|py| -> PyResult<_> {
                let ek: PythonExitKind = self
@ -475,7 +475,7 @@ pub mod pybind {
            fuzzer: &mut PythonStdFuzzer,
            state: &mut Self::State,
            mgr: &mut PythonEventManager,
-            input: &Self::Input,
+            input: &mut Self::Input,
        ) -> Result<ExitKind, Error> {
            unwrap_me_mut!(self.wrapper, e, { e.run_target(fuzzer, state, mgr, input) })
        }
--- a/libafl/src/executors/shadow.rs
+++ b/libafl/src/executors/shadow.rs
@ -68,9 +68,10 @@ where
        fuzzer: &mut Z,
        state: &mut Self::State,
        mgr: &mut EM,
-        input: &Self::Input,
+        input: &mut Self::Input,
    ) -> Result<ExitKind, Error> {
-        self.executor.run_target(fuzzer, state, mgr, input)
+        let mut input = input.clone();
        self.executor.run_target(fuzzer, state, mgr, &mut input)
    }
 }
--- a/libafl/src/executors/timeout.rs
+++ b/libafl/src/executors/timeout.rs
@ -385,7 +385,7 @@ where
        fuzzer: &mut Z,
        state: &mut Self::State,
        mgr: &mut EM,
-        input: &Self::Input,
+        input: &mut Self::Input,
    ) -> Result<ExitKind, Error> {
        unsafe {
            let data = &mut GLOBAL_STATE;
@ -460,7 +460,7 @@ where
        fuzzer: &mut Z,
        state: &mut Self::State,
        mgr: &mut EM,
-        input: &Self::Input,
+        input: &mut Self::Input,
    ) -> Result<ExitKind, Error> {
        unsafe {
            if self.batch_mode {
@ -533,7 +533,7 @@ where
        fuzzer: &mut Z,
        state: &mut Self::State,
        mgr: &mut EM,
-        input: &Self::Input,
+        input: &mut Self::Input,
    ) -> Result<ExitKind, Error> {
        unsafe {
            setitimer(ITIMER_REAL, &mut self.itimerval, null_mut());
--- a/libafl/src/executors/with_observers.rs
+++ b/libafl/src/executors/with_observers.rs
@ -28,7 +28,7 @@ where
        fuzzer: &mut Z,
        state: &mut Self::State,
        mgr: &mut EM,
-        input: &Self::Input,
+        input: &mut Self::Input,
    ) -> Result<ExitKind, Error> {
        self.executor.run_target(fuzzer, state, mgr, input)
    }
--- a/libafl/src/fuzzer/mod.rs
+++ b/libafl/src/fuzzer/mod.rs
@ -456,14 +456,14 @@ where
        state: &mut Self::State,
        executor: &mut E,
        manager: &mut EM,
-        input: <Self::State as UsesInput>::Input,
+        mut input: <Self::State as UsesInput>::Input,
        send_events: bool,
    ) -> Result<(ExecuteInputResult, Option<CorpusId>), Error>
    where
        E: Executor<EM, Self> + HasObservers<Observers = OT, State = Self::State>,
        EM: EventFirer<State = Self::State>,
    {
-        let exit_kind = self.execute_input(state, executor, manager, &input)?;
+        let exit_kind = self.execute_input(state, executor, manager, &mut input)?;
        let observers = executor.observers();
        self.scheduler.on_evaluation(state, &input, observers)?;
@ -501,9 +501,9 @@ where
        state: &mut CS::State,
        executor: &mut E,
        manager: &mut EM,
-        input: <CS::State as UsesInput>::Input,
+        mut input: <CS::State as UsesInput>::Input,
    ) -> Result<CorpusId, Error> {
-        let exit_kind = self.execute_input(state, executor, manager, &input)?;
+        let exit_kind = self.execute_input(state, executor, manager, &mut input)?;
        let observers = executor.observers();
        // Always consider this to be "interesting"
@ -647,7 +647,7 @@ where
        state: &mut CS::State,
        executor: &mut E,
        event_mgr: &mut EM,
-        input: &<CS::State as UsesInput>::Input,
+        input: &mut <CS::State as UsesInput>::Input,
    ) -> Result<ExitKind, Error>
    where
        E: Executor<EM, Self> + HasObservers<Observers = OT, State = CS::State>,
@ -686,7 +686,7 @@ where
        state: &mut Self::State,
        executor: &mut E,
        event_mgr: &mut EM,
-        input: &<Self::State as UsesInput>::Input,
+        input: &mut <Self::State as UsesInput>::Input,
    ) -> Result<ExitKind, Error>;
 }
@ -705,7 +705,7 @@ where
        state: &mut CS::State,
        executor: &mut E,
        event_mgr: &mut EM,
-        input: &<CS::State as UsesInput>::Input,
+        input: &mut <CS::State as UsesInput>::Input,
    ) -> Result<ExitKind, Error> {
        start_timer!(state);
        executor.observers_mut().pre_exec_all(state, input)?;
--- a/libafl/src/lib.rs
+++ b/libafl/src/lib.rs
@ -502,7 +502,7 @@ mod tests {
        let scheduler = RandScheduler::new();
        let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective);
-        let mut harness = |_buf: &BytesInput| ExitKind::Ok;
+        let mut harness = |_buf: &mut BytesInput| ExitKind::Ok;
        let mut executor = InProcessExecutor::new(
            &mut harness,
            tuple_list!(),
--- a/libafl/src/mutators/mutations.rs
+++ b/libafl/src/mutators/mutations.rs
@ -1239,20 +1239,20 @@ impl CrossoverReplaceMutator {
 }
 /// Returns the first and last diff position between the given vectors, stopping at the min len
-fn locate_diffs(this: &[u8], other: &[u8]) -> (i64, i64) {
+fn locate_diffs(this: &[u8], other: &[u8]) -> Result<(i64, i64), Error> {
    let mut first_diff: i64 = -1;
    let mut last_diff: i64 = -1;
    for (i, (this_el, other_el)) in this.iter().zip(other.iter()).enumerate() {
        #[allow(clippy::cast_possible_wrap)]
        if this_el != other_el {
            if first_diff < 0 {
-                first_diff = i as i64;
+                first_diff = i.try_into()?;
            }
-            last_diff = i as i64;
+            last_diff = i.try_into()?;
        }
    }
-    (first_diff, last_diff)
+    Ok((first_diff, last_diff))
 }
 /// Splice mutation for inputs with a bytes vector
@ -1285,7 +1285,7 @@ where
            let mut counter: u32 = 0;
            loop {
-                let (f, l) = locate_diffs(input.bytes(), other.bytes());
+                let (f, l) = locate_diffs(input.bytes(), other.bytes())?;
                if f != l && f >= 0 && l >= 2 {
                    break (f as u64, l as u64);
--- a/libafl/src/mutators/token_mutations.rs
+++ b/libafl/src/mutators/token_mutations.rs
@ -1867,13 +1867,13 @@ mod tests {
    #[test]
    fn test_read_tokens() {
        let _res = fs::remove_file("test.tkns");
-        let data = r###"
+        let data = r#"
 # comment
 token1@123="AAA"
 token1="A\x41A"
 "A\AA"
 token2="B"
-        "###;
+        "#;
        fs::write("test.tkns", data).expect("Unable to write test.tkns");
        let tokens = Tokens::from_file("test.tkns").unwrap();
        log::info!("Token file entries: {:?}", tokens.tokens());
--- a/libafl/src/schedulers/ecofuzz.rs
+++ b/libafl/src/schedulers/ecofuzz.rs
@ -148,10 +148,8 @@ where
        for id in state.corpus().ids() {
            let was_fuzzed = state.testcase(id)?.scheduled_count() > 0;
            if !was_fuzzed {
                let selection = Some(id);
                state.metadata_mut::<EcoMetadata>()?.state = EcoState::Exploration;
-                #[allow(clippy::unnecessary_literal_unwrap)] // false positive
+                return Ok(id);
                return Ok(selection.expect("Error in the algorithm, this cannot be None"));
            }
        }
--- a/libafl/src/stages/calibrate.rs
+++ b/libafl/src/stages/calibrate.rs
@ -122,7 +122,7 @@ where
        let mut start = current_time();
-        let exit_kind = executor.run_target(fuzzer, state, mgr, &input)?;
+        let exit_kind = executor.run_target(fuzzer, state, mgr, &mut input.clone())?;
        let mut total_time = if exit_kind == ExitKind::Ok {
            current_time() - start
        } else {
@ -158,7 +158,7 @@ where
            executor.observers_mut().pre_exec_all(state, &input)?;
            start = current_time();
-            let exit_kind = executor.run_target(fuzzer, state, mgr, &input)?;
+            let exit_kind = executor.run_target(fuzzer, state, mgr, &mut input.clone())?;
            if exit_kind != ExitKind::Ok {
                if !has_errors {
                    mgr.log(
--- a/libafl/src/stages/colorization.rs
+++ b/libafl/src/stages/colorization.rs
@ -302,7 +302,7 @@ where
    ) -> Result<usize, Error> {
        executor.observers_mut().pre_exec_all(state, &input)?;
-        let exit_kind = executor.run_target(fuzzer, state, manager, &input)?;
+        let exit_kind = executor.run_target(fuzzer, state, manager, &mut input.clone())?;
        let observer = executor
            .observers()
--- a/libafl/src/stages/generalization.rs
+++ b/libafl/src/stages/generalization.rs
@ -354,7 +354,7 @@ where
        mark_feature_time!(state, PerfFeature::PreExecObservers);
        start_timer!(state);
-        let exit_kind = executor.run_target(fuzzer, state, manager, input)?;
+        let exit_kind = executor.run_target(fuzzer, state, manager, &mut input.clone())?;
        mark_feature_time!(state, PerfFeature::TargetExecution);
        *state.executions_mut() += 1;
--- a/libafl/src/stages/mod.rs
+++ b/libafl/src/stages/mod.rs
@ -276,14 +276,14 @@ where
        push_stage.init(fuzzer, state, event_mgr, executor.observers_mut())?;
        loop {
-            let input =
+            let mut input =
                match push_stage.pre_exec(fuzzer, state, event_mgr, executor.observers_mut()) {
                    Some(Ok(next_input)) => next_input,
                    Some(Err(err)) => return Err(err),
                    None => break,
                };
-            let exit_kind = fuzzer.execute_input(state, executor, event_mgr, &input)?;
+            let exit_kind = fuzzer.execute_input(state, executor, event_mgr, &mut input)?;
            push_stage.post_exec(
                fuzzer,
--- a/libafl/src/stages/tmin.rs
+++ b/libafl/src/stages/tmin.rs
@ -78,7 +78,7 @@ where
        let base_hash = hasher.finish();
        mark_feature_time!(state, PerfFeature::GetInputFromCorpus);
-        fuzzer.execute_input(state, executor, manager, &base)?;
+        fuzzer.execute_input(state, executor, manager, &mut base)?;
        let observers = executor.observers();
        let mut feedback = self.create_feedback(observers);
@ -106,7 +106,7 @@ where
            let corpus_idx = if input.len() < before_len {
                // run the input
-                let exit_kind = fuzzer.execute_input(state, executor, manager, &input)?;
+                let exit_kind = fuzzer.execute_input(state, executor, manager, &mut input)?;
                let observers = executor.observers();
                // let the fuzzer process this execution -- it's possible that we find something
@ -156,7 +156,7 @@ where
        base.hash(&mut hasher);
        let new_hash = hasher.finish();
        if base_hash != new_hash {
-            let exit_kind = fuzzer.execute_input(state, executor, manager, &base)?;
+            let exit_kind = fuzzer.execute_input(state, executor, manager, &mut base)?;
            let observers = executor.observers();
            *state.executions_mut() += 1;
            // assumption: this input should not be marked interesting because it was not
--- a/libafl/src/stages/tracing.rs
+++ b/libafl/src/stages/tracing.rs
@ -62,9 +62,9 @@ where
        mark_feature_time!(state, PerfFeature::PreExecObservers);
        start_timer!(state);
-        let exit_kind = self
+        let exit_kind =
-            .tracer_executor
+            self.tracer_executor
-            .run_target(fuzzer, state, manager, &input)?;
+                .run_target(fuzzer, state, manager, &mut input.clone())?;
        mark_feature_time!(state, PerfFeature::TargetExecution);
        *state.executions_mut() += 1;
@ -138,7 +138,8 @@ where
    ) -> Result<(), Error> {
        // First run with the un-mutated input
-        let unmutated_input = state.corpus().cloned_input_for_id(corpus_idx)?;
+        let original_unmutated_input = state.corpus().cloned_input_for_id(corpus_idx)?;
        let mut unmutated_input = state.corpus().cloned_input_for_id(corpus_idx)?;
        if let Some(name) = &self.cmplog_observer_name {
            if let Some(ob) = self
@ -156,17 +157,19 @@ where
        self.tracer_executor
            .observers_mut()
-            .pre_exec_all(state, &unmutated_input)?;
+            .pre_exec_all(state, &original_unmutated_input)?;
        let exit_kind =
            self.tracer_executor
-                .run_target(fuzzer, state, manager, &unmutated_input)?;
+                .run_target(fuzzer, state, manager, &mut unmutated_input)?;
        *state.executions_mut() += 1;
-        self.tracer_executor
+        self.tracer_executor.observers_mut().post_exec_all(
-            .observers_mut()
+            state,
-            .post_exec_all(state, &unmutated_input, &exit_kind)?;
+            &original_unmutated_input,
            &exit_kind,
        )?;
        // Second run with the mutated input
        let mutated_input = match state.metadata_map().get::<TaintMetadata>() {
@ -192,9 +195,9 @@ where
            .observers_mut()
            .pre_exec_all(state, &mutated_input)?;
-        let exit_kind = self
+        let exit_kind =
-            .tracer_executor
+            self.tracer_executor
-            .run_target(fuzzer, state, manager, &mutated_input)?;
+                .run_target(fuzzer, state, manager, &mut mutated_input.clone())?;
        *state.executions_mut() += 1;
@ -280,7 +283,7 @@ where
        mark_feature_time!(state, PerfFeature::PreExecObservers);
        start_timer!(state);
-        let exit_kind = executor.run_target(fuzzer, state, manager, &input)?;
+        let exit_kind = executor.run_target(fuzzer, state, manager, &mut input.clone())?;
        mark_feature_time!(state, PerfFeature::TargetExecution);
        *state.executions_mut() += 1;
--- a/libafl_frida/src/alloc.rs
+++ b/libafl_frida/src/alloc.rs
@ -385,14 +385,13 @@ impl Allocator {
        metadatas.sort_by(|a, b| a.address.cmp(&b.address));
        let mut offset_to_closest = i64::max_value();
        let mut closest = None;
        let ptr: i64 = ptr.try_into().unwrap();
        for metadata in metadatas {
            let address: i64 = metadata.address.try_into().unwrap();
            let new_offset = if hint_base == metadata.address {
-                (ptr as i64 - metadata.address as i64).abs()
+                (ptr - address).abs()
            } else {
-                std::cmp::min(
+                std::cmp::min(offset_to_closest, (ptr - address).abs())
                    offset_to_closest,
                    (ptr as i64 - metadata.address as i64).abs(),
                )
            };
            if new_offset < offset_to_closest {
                offset_to_closest = new_offset;
--- a/libafl_frida/src/asan/errors.rs
+++ b/libafl_frida/src/asan/errors.rs
@ -251,14 +251,13 @@ impl AsanErrors {
                cs.set_skipdata(true).expect("failed to set skipdata");
                let start_pc = error.pc - 4 * 5;
-                for insn in cs
+                for insn in &*cs
                    .disasm_count(
                        unsafe { std::slice::from_raw_parts(start_pc as *mut u8, 4 * 11) },
                        start_pc as u64,
                        11,
                    )
                    .expect("failed to disassemble instructions")
                    .iter()
                {
                    if insn.address() as usize == error.pc {
                        output
@ -276,7 +275,9 @@ impl AsanErrors {
                #[allow(clippy::non_ascii_literal)]
                writeln!(output, "{:━^100}", " ALLOCATION INFO ").unwrap();
-                let offset: i64 = fault_address as i64 - (error.metadata.address + 0x1000) as i64;
+                let fault_address: i64 = fault_address.try_into().unwrap();
                let metadata_address: i64 = error.metadata.address.try_into().unwrap();
                let offset: i64 = fault_address - (metadata_address + 0x1000);
                let direction = if offset > 0 { "right" } else { "left" };
                writeln!(
                    output,
@ -505,14 +506,13 @@ impl AsanErrors {
                cs.set_skipdata(true).expect("failed to set skipdata");
                let start_pc = pc;
-                for insn in cs
+                for insn in &*cs
                    .disasm_count(
                        unsafe { std::slice::from_raw_parts(start_pc as *mut u8, 4 * 11) },
                        start_pc as u64,
                        11,
                    )
                    .expect("failed to disassemble instructions")
                    .iter()
                {
                    if insn.address() as usize == pc {
                        output
--- a/libafl_frida/src/coverage_rt.rs
+++ b/libafl_frida/src/coverage_rt.rs
@ -150,7 +150,7 @@ impl CoverageRuntime {
            ; mov    QWORD [rsp-0x98], rbx
            // Load the previous_pc
-            ; mov rax, QWORD prev_loc_ptr as *mut u64 as _
+            ; mov rax, QWORD prev_loc_ptr as _
            ; mov rax, QWORD [rax]
            // Calculate the edge id
@ -158,7 +158,7 @@ impl CoverageRuntime {
            ; xor rax, rbx
            // Load the map byte address
-            ; mov rbx, QWORD map_addr_ptr as *mut [u8; MAP_SIZE] as _
+            ; mov rbx, QWORD map_addr_ptr  as _
            ; add rax, rbx
            // Update the map byte
@ -168,7 +168,7 @@ impl CoverageRuntime {
            ; mov BYTE [rax],bl
            // Update the previous_pc value
-            ; mov rax, QWORD prev_loc_ptr as *mut u64 as _
+            ; mov rax, QWORD prev_loc_ptr as _
            ; mov ebx, WORD (h64 >> 1) as i32
            ; mov QWORD [rax], rbx
--- a/libafl_frida/src/executor.rs
+++ b/libafl_frida/src/executor.rs
@ -24,10 +24,12 @@ use crate::helper::{FridaInstrumentationHelper, FridaRuntimeTuple};
 #[cfg(windows)]
 use crate::windows_hooks::initialize;
-/// The [`FridaInProcessExecutor`] is an [`Executor`] that executes the target in the same process, usinig [`frida`](https://frida.re/) for binary-only instrumentation.
+/// The [`FridaInProcessExecutor`] is an [`Executor`] that executes the target in the
 /// same process, usinig [`frida`](https://frida.re/) for binary-only instrumentation. It is
 /// the same as [`FridaInProcessExecutor`] except it allows mutating the input
 pub struct FridaInProcessExecutor<'a, 'b, 'c, H, OT, RT, S>
 where
-    H: FnMut(&S::Input) -> ExitKind,
+    H: FnMut(&mut S::Input) -> ExitKind,
    S::Input: HasTargetBytes,
    S: UsesInput,
    OT: ObserversTuple<S>,
@ -44,7 +46,7 @@ where
 impl<'a, 'b, 'c, H, OT, RT, S> Debug for FridaInProcessExecutor<'a, 'b, 'c, H, OT, RT, S>
 where
-    H: FnMut(&S::Input) -> ExitKind,
+    H: FnMut(&mut S::Input) -> ExitKind,
    S: UsesInput,
    S::Input: HasTargetBytes,
    OT: ObserversTuple<S>,
@ -62,7 +64,7 @@ impl<'a, 'b, 'c, EM, H, OT, RT, S, Z> Executor<EM, Z>
    for FridaInProcessExecutor<'a, 'b, 'c, H, OT, RT, S>
 where
    EM: UsesState<State = S>,
-    H: FnMut(&S::Input) -> ExitKind,
+    H: FnMut(&mut S::Input) -> ExitKind,
    S: UsesInput,
    S::Input: HasTargetBytes,
    OT: ObserversTuple<S>,
@ -76,7 +78,7 @@ where
        fuzzer: &mut Z,
        state: &mut Self::State,
        mgr: &mut EM,
-        input: &Self::Input,
+        input: &mut Self::Input,
    ) -> Result<ExitKind, Error> {
        self.helper.pre_exec(input)?;
        if self.helper.stalker_enabled() {
@ -106,7 +108,7 @@ where
 impl<'a, 'b, 'c, H, OT, RT, S> UsesObservers for FridaInProcessExecutor<'a, 'b, 'c, H, OT, RT, S>
 where
-    H: FnMut(&S::Input) -> ExitKind,
+    H: FnMut(&mut S::Input) -> ExitKind,
    OT: ObserversTuple<S>,
    S: UsesInput,
    S::Input: HasTargetBytes,
@ -116,7 +118,7 @@ where
 impl<'a, 'b, 'c, H, OT, RT, S> UsesState for FridaInProcessExecutor<'a, 'b, 'c, H, OT, RT, S>
 where
-    H: FnMut(&S::Input) -> ExitKind,
+    H: FnMut(&mut S::Input) -> ExitKind,
    OT: ObserversTuple<S>,
    S: UsesInput,
    S::Input: HasTargetBytes,
@ -126,7 +128,7 @@ where
 impl<'a, 'b, 'c, H, OT, RT, S> HasObservers for FridaInProcessExecutor<'a, 'b, 'c, H, OT, RT, S>
 where
-    H: FnMut(&S::Input) -> ExitKind,
+    H: FnMut(&mut S::Input) -> ExitKind,
    S::Input: HasTargetBytes,
    S: UsesInput,
    OT: ObserversTuple<S>,
@ -144,7 +146,7 @@ where
 impl<'a, 'b, 'c, H, OT, S, RT> FridaInProcessExecutor<'a, 'b, 'c, H, OT, RT, S>
 where
-    H: FnMut(&S::Input) -> ExitKind,
+    H: FnMut(&mut S::Input) -> ExitKind,
    S: UsesInput,
    S::Input: HasTargetBytes,
    OT: ObserversTuple<S>,
@ -199,7 +201,7 @@ where
 impl<'a, 'b, 'c, H, OT, RT, S> HasInProcessHandlers
    for FridaInProcessExecutor<'a, 'b, 'c, H, OT, RT, S>
 where
-    H: FnMut(&S::Input) -> ExitKind,
+    H: FnMut(&mut S::Input) -> ExitKind,
    S: UsesInput + HasClientPerfMonitor + HasSolutions + HasCorpus + HasExecutions,
    S::Input: HasTargetBytes,
    OT: ObserversTuple<S>,
--- a/libafl_nyx/src/executor.rs
+++ b/libafl_nyx/src/executor.rs
@ -57,7 +57,7 @@ where
        _fuzzer: &mut Z,
        _state: &mut Self::State,
        _mgr: &mut EM,
-        input: &Self::Input,
+        input: &mut Self::Input,
    ) -> Result<ExitKind, Error> {
        let input_owned = input.target_bytes();
        let input = input_owned.as_slice();
--- a/libafl_qemu/src/asan.rs
+++ b/libafl_qemu/src/asan.rs
@ -395,7 +395,7 @@ impl AsanGiovese {
        if self.snapshot_shadow {
            let set = self.dirty_shadow.lock().unwrap();
-            for &page in set.iter() {
+            for &page in &*set {
                let data = Self::get_shadow_page(emu, page).to_vec();
                self.saved_shadow.insert(page, data);
            }
@ -425,7 +425,7 @@ impl AsanGiovese {
        if self.snapshot_shadow {
            let mut set = self.dirty_shadow.lock().unwrap();
-            for &page in set.iter() {
+            for &page in &*set {
                let original = self.saved_shadow.get(&page);
                if let Some(data) = original {
                    let cur = Self::get_shadow_page(emu, page);
@ -472,7 +472,7 @@ pub fn init_with_asan(
        |e: &str| "LD_PRELOAD=".to_string() + &asan_lib + " " + &e["LD_PRELOAD=".len()..];
    let mut added = false;
-    for (k, v) in env.iter_mut() {
+    for (k, v) in &mut *env {
        if k == "QEMU_SET_ENV" {
            let mut new_v = vec![];
            for e in v.split(',') {
--- a/libafl_qemu/src/drcov.rs
+++ b/libafl_qemu/src/drcov.rs
@ -102,8 +102,8 @@ where
        if self.full_trace {
            if DRCOV_IDS.lock().unwrap().as_ref().unwrap().len() > self.drcov_len {
                let mut drcov_vec = Vec::<DrCovBasicBlock>::new();
-                for id in DRCOV_IDS.lock().unwrap().as_ref().unwrap().iter() {
+                for id in DRCOV_IDS.lock().unwrap().as_ref().unwrap() {
-                    'pcs_full: for (pc, idm) in DRCOV_MAP.lock().unwrap().as_ref().unwrap().iter() {
+                    'pcs_full: for (pc, idm) in DRCOV_MAP.lock().unwrap().as_ref().unwrap() {
                        let mut module_found = false;
                        for module in self.module_mapping.iter() {
                            let (range, (_, _)) = module;
@ -141,7 +141,7 @@ where
        } else {
            if DRCOV_MAP.lock().unwrap().as_ref().unwrap().len() > self.drcov_len {
                let mut drcov_vec = Vec::<DrCovBasicBlock>::new();
-                'pcs: for (pc, _) in DRCOV_MAP.lock().unwrap().as_ref().unwrap().iter() {
+                'pcs: for (pc, _) in DRCOV_MAP.lock().unwrap().as_ref().unwrap() {
                    let mut module_found = false;
                    for module in self.module_mapping.iter() {
                        let (range, (_, _)) = module;
--- a/libafl_qemu/src/elf.rs
+++ b/libafl_qemu/src/elf.rs
@ -41,7 +41,7 @@ impl<'a> EasyElf<'a> {
    #[must_use]
    pub fn resolve_symbol(&self, name: &str, load_addr: GuestAddr) -> Option<GuestAddr> {
-        for sym in self.elf.syms.iter() {
+        for sym in &self.elf.syms {
            if let Some(sym_name) = self.elf.strtab.get_at(sym.st_name) {
                if sym_name == name {
                    return if sym.st_value == 0 {
--- a/libafl_qemu/src/emu.rs
+++ b/libafl_qemu/src/emu.rs
@ -739,18 +739,10 @@ impl Emulator {
        envp.push(null());
        unsafe {
            #[cfg(emulation_mode = "usermode")]
-            qemu_user_init(
+            qemu_user_init(argc, argv.as_ptr(), envp.as_ptr());
                argc,
                argv.as_ptr() as *const *const u8,
                envp.as_ptr() as *const *const u8,
            );
            #[cfg(emulation_mode = "systemmode")]
            {
-                qemu_init(
+                qemu_init(argc, argv.as_ptr(), envp.as_ptr());
                    argc,
                    argv.as_ptr() as *const *const u8,
                    envp.as_ptr() as *const *const u8,
                );
                libc::atexit(qemu_cleanup_atexit);
                libafl_qemu_sys::syx_snapshot_init();
            }
--- a/libafl_qemu/src/executor.rs
+++ b/libafl_qemu/src/executor.rs
@ -21,7 +21,7 @@ use crate::{emu::Emulator, helper::QemuHelperTuple, hooks::QemuHooks};
 pub struct QemuExecutor<'a, H, OT, QT, S>
 where
-    H: FnMut(&S::Input) -> ExitKind,
+    H: FnMut(&mut S::Input) -> ExitKind,
    S: UsesInput,
    OT: ObserversTuple<S>,
    QT: QemuHelperTuple<S>,
@ -33,7 +33,7 @@ where
 impl<'a, H, OT, QT, S> Debug for QemuExecutor<'a, H, OT, QT, S>
 where
-    H: FnMut(&S::Input) -> ExitKind,
+    H: FnMut(&mut S::Input) -> ExitKind,
    S: UsesInput,
    OT: ObserversTuple<S>,
    QT: QemuHelperTuple<S>,
@ -48,7 +48,7 @@ where
 impl<'a, H, OT, QT, S> QemuExecutor<'a, H, OT, QT, S>
 where
-    H: FnMut(&S::Input) -> ExitKind,
+    H: FnMut(&mut S::Input) -> ExitKind,
    S: UsesInput,
    OT: ObserversTuple<S>,
    QT: QemuHelperTuple<S>,
@ -101,7 +101,7 @@ where
 impl<'a, EM, H, OT, QT, S, Z> Executor<EM, Z> for QemuExecutor<'a, H, OT, QT, S>
 where
    EM: UsesState<State = S>,
-    H: FnMut(&S::Input) -> ExitKind,
+    H: FnMut(&mut S::Input) -> ExitKind,
    S: UsesInput,
    OT: ObserversTuple<S>,
    QT: QemuHelperTuple<S>,
@ -112,7 +112,7 @@ where
        fuzzer: &mut Z,
        state: &mut Self::State,
        mgr: &mut EM,
-        input: &Self::Input,
+        input: &mut Self::Input,
    ) -> Result<ExitKind, Error> {
        let emu = Emulator::new_empty();
        if self.first_exec {
@ -133,7 +133,7 @@ where
 impl<'a, H, OT, QT, S> UsesState for QemuExecutor<'a, H, OT, QT, S>
 where
-    H: FnMut(&S::Input) -> ExitKind,
+    H: FnMut(&mut S::Input) -> ExitKind,
    OT: ObserversTuple<S>,
    QT: QemuHelperTuple<S>,
    S: UsesInput,
@ -143,7 +143,7 @@ where
 impl<'a, H, OT, QT, S> UsesObservers for QemuExecutor<'a, H, OT, QT, S>
 where
-    H: FnMut(&S::Input) -> ExitKind,
+    H: FnMut(&mut S::Input) -> ExitKind,
    OT: ObserversTuple<S>,
    QT: QemuHelperTuple<S>,
    S: UsesInput,
@ -153,7 +153,7 @@ where
 impl<'a, H, OT, QT, S> HasObservers for QemuExecutor<'a, H, OT, QT, S>
 where
-    H: FnMut(&S::Input) -> ExitKind,
+    H: FnMut(&mut S::Input) -> ExitKind,
    S: UsesInput,
    OT: ObserversTuple<S>,
    QT: QemuHelperTuple<S>,
@ -172,7 +172,7 @@ where
 #[cfg(feature = "fork")]
 pub struct QemuForkExecutor<'a, H, OT, QT, S, SP>
 where
-    H: FnMut(&S::Input) -> ExitKind,
+    H: FnMut(&mut S::Input) -> ExitKind,
    S: UsesInput,
    OT: ObserversTuple<S>,
    QT: QemuHelperTuple<S>,
@ -186,7 +186,7 @@ where
 #[cfg(feature = "fork")]
 impl<'a, H, OT, QT, S, SP> Debug for QemuForkExecutor<'a, H, OT, QT, S, SP>
 where
-    H: FnMut(&S::Input) -> ExitKind,
+    H: FnMut(&mut S::Input) -> ExitKind,
    S: UsesInput,
    OT: ObserversTuple<S>,
    QT: QemuHelperTuple<S>,
@ -203,7 +203,7 @@ where
 #[cfg(feature = "fork")]
 impl<'a, H, OT, QT, S, SP> QemuForkExecutor<'a, H, OT, QT, S, SP>
 where
-    H: FnMut(&S::Input) -> ExitKind,
+    H: FnMut(&mut S::Input) -> ExitKind,
    S: UsesInput + HasCorpus,
    OT: ObserversTuple<S>,
    QT: QemuHelperTuple<S>,
@ -268,7 +268,7 @@ where
 impl<'a, EM, H, OT, QT, S, Z, SP> Executor<EM, Z> for QemuForkExecutor<'a, H, OT, QT, S, SP>
 where
    EM: EventManager<InProcessForkExecutor<'a, H, OT, S, SP>, Z, State = S>,
-    H: FnMut(&S::Input) -> ExitKind,
+    H: FnMut(&mut S::Input) -> ExitKind,
    S: UsesInput + HasClientPerfMonitor + HasMetadata + HasExecutions,
    OT: ObserversTuple<S>,
    QT: QemuHelperTuple<S>,
@ -280,7 +280,7 @@ where
        fuzzer: &mut Z,
        state: &mut Self::State,
        mgr: &mut EM,
-        input: &Self::Input,
+        input: &mut Self::Input,
    ) -> Result<ExitKind, Error> {
        let emu = Emulator::new_empty();
        if self.first_exec {
@ -302,7 +302,7 @@ where
 #[cfg(feature = "fork")]
 impl<'a, H, OT, QT, S, SP> UsesObservers for QemuForkExecutor<'a, H, OT, QT, S, SP>
 where
-    H: FnMut(&S::Input) -> ExitKind,
+    H: FnMut(&mut S::Input) -> ExitKind,
    OT: ObserversTuple<S>,
    QT: QemuHelperTuple<S>,
    S: UsesInput,
@ -314,7 +314,7 @@ where
 #[cfg(feature = "fork")]
 impl<'a, H, OT, QT, S, SP> UsesState for QemuForkExecutor<'a, H, OT, QT, S, SP>
 where
-    H: FnMut(&S::Input) -> ExitKind,
+    H: FnMut(&mut S::Input) -> ExitKind,
    OT: ObserversTuple<S>,
    QT: QemuHelperTuple<S>,
    S: UsesInput,
@ -326,7 +326,7 @@ where
 #[cfg(feature = "fork")]
 impl<'a, H, OT, QT, S, SP> HasObservers for QemuForkExecutor<'a, H, OT, QT, S, SP>
 where
-    H: FnMut(&S::Input) -> ExitKind,
+    H: FnMut(&mut S::Input) -> ExitKind,
    S: UsesInput,
    OT: ObserversTuple<S>,
    QT: QemuHelperTuple<S>,
--- a/libafl_qemu/src/snapshot.rs
+++ b/libafl_qemu/src/snapshot.rs
@ -211,7 +211,7 @@ impl QemuSnapshotHelper {
        {
            let new_maps = self.new_maps.get_mut().unwrap();
-            for acc in self.accesses.iter_mut() {
+            for acc in &mut self.accesses {
                unsafe { &mut (*acc.get()) }.dirty.retain(|page| {
                    if let Some(info) = self.pages.get_mut(page) {
                        // TODO avoid duplicated memcpy
@ -251,7 +251,7 @@ impl QemuSnapshotHelper {
        self.reset_maps(emulator);
        // This one is after that we remapped potential regions mapped at snapshot time but unmapped during execution
-        for acc in self.accesses.iter_mut() {
+        for acc in &mut self.accesses {
            for page in unsafe { &(*acc.get()).dirty } {
                for entry in self
                    .maps
--- a/libafl_sugar/src/inmemory.rs
+++ b/libafl_sugar/src/inmemory.rs
@ -193,7 +193,7 @@ where
            let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective);
            // The wrapped harness function, calling out to the LLVM-style harness
-            let mut harness = |input: &BytesInput| {
+            let mut harness = |input: &mut BytesInput| {
                let target = input.target_bytes();
                let buf = target.as_slice();
                (harness_bytes)(buf);
--- a/libafl_sugar/src/qemu.rs
+++ b/libafl_sugar/src/qemu.rs
@ -204,7 +204,7 @@ where
            let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective);
            // The wrapped harness function, calling out to the LLVM-style harness
-            let mut harness = |input: &BytesInput| {
+            let mut harness = |input: &mut BytesInput| {
                let target = input.target_bytes();
                let buf = target.as_slice();
                (harness_bytes)(buf);
--- a/libafl_targets/src/sancov_8bit.rs
+++ b/libafl_targets/src/sancov_8bit.rs
@ -165,7 +165,7 @@ mod observers {
            let mut hasher = RandomState::with_seeds(0, 0, 0, 0).build_hasher();
            for map in unsafe { &COUNTERS_MAPS } {
                let slice = map.as_slice();
-                let ptr = slice.as_ptr() as *const u8;
+                let ptr = slice.as_ptr();
                let map_size = slice.len() / core::mem::size_of::<u8>();
                unsafe {
                    hasher.write(from_raw_parts(ptr, map_size));
--- a/libafl_targets/src/sancov_pcguard.rs
+++ b/libafl_targets/src/sancov_pcguard.rs
@ -22,11 +22,11 @@ pub unsafe extern "C" fn __sanitizer_cov_trace_pc_guard(guard: *mut u32) {
    {
        #[cfg(feature = "sancov_pcguard_edges")]
        {
-            (EDGES_MAP_PTR as *mut u8).add(pos).write(1);
+            (EDGES_MAP_PTR).add(pos).write(1);
        }
        #[cfg(feature = "sancov_pcguard_hitcounts")]
        {
-            let addr = (EDGES_MAP_PTR as *mut u8).add(pos);
+            let addr = (EDGES_MAP_PTR).add(pos);
            let val = addr.read().wrapping_add(1);
            addr.write(val);
        }
--- a/libafl_tinyinst/src/executor.rs
+++ b/libafl_tinyinst/src/executor.rs
@ -54,7 +54,7 @@ where
        _fuzzer: &mut Z,
        _state: &mut Self::State,
        _mgr: &mut EM,
-        input: &Self::Input,
+        input: &mut Self::Input,
    ) -> Result<ExitKind, Error> {
        match &self.map {
            Some(_) => {
--- a/utils/gramatron/construct_automata/src/main.rs
+++ b/utils/gramatron/construct_automata/src/main.rs
@ -208,7 +208,7 @@ fn postprocess(pda: &[Transition], stack_limit: usize) -> Automaton {
        //let mut culled_pda_unique = HashSet::new();
        for final_state in &finals {
-            for transition in pda.iter() {
+            for transition in pda {
                if transition.dest == *final_state && transition.stack.len() > 0 {
                    blocklist.insert(transition.dest);
                } else {
@ -267,7 +267,7 @@ fn postprocess(pda: &[Transition], stack_limit: usize) -> Automaton {
        }
    } else {
        // Running FSA construction in exact approximation mode and postprocessing it like so
-        for transition in pda.iter() {
+        for transition in pda {
            num_transition += 1;
            let state = transition.source;
            if state >= memoized.len() {