* remove libafl_tests
* fmt
* fix
* fix
* fix
* first
* width
* start working on runtime side
* experimental c code for generate_shadow_check_function
* generate shadow_check_blob
* add
* debuggin
* fix
* passes assert tests
* cargo fmt
* generate_shadow_check_blob, untested
* save flags
* add
* make registers numbers a const
* register frames?
* comment
* debugging memcpy
* fix a bug, more to come
* finally error removed
* finally working function hooking & clean up
* fix for arm & update stub
* fix
* blob
* blob_check_mem works? (at least no errors) & fmt
* add an link to show how the asm code are generated
* put probe code for aarch64 back & clippy
* fmt
* still blob emitting errors
* fmt
* now that blob works?
* stack alignment
* testing speed with hook_function only
* comment some printlns out
* small fix: ignore rep, jmp to current_report_impl iff blob_check_mems are emitted
* make rip accessible by pc()
* Program counter accessors for both arch
* fmt
* fix
* fix offset
* retrieve accessed memory addr, r/w rip
* inspect the fault triggering instruction
* AsanError Classification
* clippy fixes
* pass basereg/indexreg/disp to AsanErros
* update asanerrors for amd64
* clippy
* fmt
* use frida/frida-rust
* just use 44
* fix debug build
* fix
* fix
* crate.io
* change
* fmt
* fix ondisk corpus race condition
* move metadata name to be a dotfile
* note ExitKind for crashes and timeouts in inprocess executor
* potential fix for windows
* added write_file_atomic
* no_std fixes
* no_std testcase fix
* typo fix, windows
* clippy
* more no_std testing
* Add core_id to launcher run_client closure signature
* Format
* Attempt to fix windows build
* windows
* Sleep for index seconds instead of id seconds when launching cores (#292)
* starting to fix macos linker bugs
* mdetailed error prints
* start shmem service manually
* not a doc comment
* Some fixes
* only send exit msg to shmemservice when start was successful
* incorporated shmem service into provider
* removed unused imports
* trying to fix fuzzers
* fixed build
* check if join_handle is_some
* more debug prints
* fixed shmem service autolaunch
* fixed macos linker
* ignoring broken libpng testcase on macos for now (see #252)
* fmt
* try to fix missing llvm_config (see #253)
* empty issue template added
* Mmanually look for llvm-config on MacOS
* fixing CI
* fixed docs
* ignoring libmozjpg for CI, see #254
* add stub runtime that links with symcc common runtime code
* implement tracing runtime to generate message file
* move ShMemCursor to libafl proper
* qualify enum imports to make clippy happy
* fix warnings
* formatting
* update symcc submodule to point to AFL++ org repo
* fix naming of ShMemCursor and remove std requirement
* ensure runtime is named correctly after compilation
* add devcontainer files for easier development
(will be removed later)
* move rust nightly install into devcontainer.json
this makes it run after the container has been built
* dev container: install recommended packages
* switch to building rust runtime from SymCC cmake
* install corrosion in dev container for cmake-cargo integration
* add smoke test for symcc-runtime integration
* update symcc submodule
* add rustfmt to devcontainer
* properly mark the end of a constraint trace
Using a special "End" message
* small tool to dump constraints from a traced process
* extend smoke test to include parsing & printing of constraints
* update symcc submodule
* first draft of expression filters for concolic
* fix type in runtime method name
* update symcc submodule
* implement extensions to serdeany map:
* remove -> Option<T>
* insert_boxed(Box<T>) (avoids allocation if value is already boxed)
* implement std::io::Seek for ShMemCursor
* implement framing for in-memory traces
this allows to efficiently get the length of trace.
this is important for efficiently copying the trace out of the shared
memory region.
* fix for serdeany map
* fuzzer that associates concolic traces with test
case
* ensure runtime can handle 0-expressions
* move metadata, observer and feedback into separate files
* convert executor to command executor and move to separate file
* refactoring and streamlining
* move panic mode configuration to cmake script
* compile cmake from source, because debians version is too old.........
* use separate stage for tracing
* fix dockerfile
* move runtime into the workspace
using prior work on compilation flags from cmake
* actually make use of selective symbolication filter
* update to support latest symcc changes
* implement hitmap for concolic runtime
* clippy
* implement selective symbolization and coverage map for dump_constraints tool
* use concolic runtime coverage for concolic fuzzer feedback
* actually kill process on timeout
* be extra careful after killing process
* increase command executor busy wait to 5ms
* implement concolic tracing stage
* address naming issue
* implement floating point expression filter for runtime
* rename expression filters to be less verbose
* implement expression pruning
* implement ConcolicMutationalStage
* refactor command executor and remove busy loop
* implement generic command executor
* remove debug prints
* refactor + documentation
* refactor
* add stub runtime that links with symcc common runtime code
* implement tracing runtime to generate message file
* move ShMemCursor to libafl proper
* qualify enum imports to make clippy happy
* fix warnings
* formatting
* update symcc submodule to point to AFL++ org repo
* fix naming of ShMemCursor and remove std requirement
* ensure runtime is named correctly after compilation
* add devcontainer files for easier development
(will be removed later)
* move rust nightly install into devcontainer.json
this makes it run after the container has been built
* dev container: install recommended packages
* switch to building rust runtime from SymCC cmake
* install corrosion in dev container for cmake-cargo integration
* add smoke test for symcc-runtime integration
* update symcc submodule
* add rustfmt to devcontainer
* properly mark the end of a constraint trace
Using a special "End" message
* small tool to dump constraints from a traced process
* extend smoke test to include parsing & printing of constraints
* update symcc submodule
* first draft of expression filters for concolic
* fix type in runtime method name
* update symcc submodule
* implement extensions to serdeany map:
* remove -> Option<T>
* insert_boxed(Box<T>) (avoids allocation if value is already boxed)
* implement std::io::Seek for ShMemCursor
* implement framing for in-memory traces
this allows to efficiently get the length of trace.
this is important for efficiently copying the trace out of the shared
memory region.
* fix for serdeany map
* fuzzer that associates concolic traces with test
case
* ensure runtime can handle 0-expressions
* move metadata, observer and feedback into separate files
* convert executor to command executor and move to separate file
* refactoring and streamlining
* move panic mode configuration to cmake script
* compile cmake from source, because debians version is too old.........
* use separate stage for tracing
* fix dockerfile
* move runtime into the workspace
using prior work on compilation flags from cmake
* actually make use of selective symbolication filter
* update to support latest symcc changes
* implement hitmap for concolic runtime
* clippy
* implement selective symbolization and coverage map for dump_constraints tool
* use concolic runtime coverage for concolic fuzzer feedback
* actually kill process on timeout
* be extra careful after killing process
* increase command executor busy wait to 5ms
* implement concolic tracing stage
* address naming issue
* implement floating point expression filter for runtime
* rename expression filters to be less verbose
* implement expression pruning
* implement ConcolicMutationalStage
* refactor command executor and remove busy loop
* implement generic command executor
* remove debug prints
* refactor + documentation
* refactor
* fixed build, clippy
* no_std
* implement WithObservers executor as discussed
* add symqemu as a submodule
* fix symqemu submodule URL to be relative
* update the concolic runtime to match the new interface
* update the trace file header regularly to save constraints in case the program crashes
* add build dependencies for symqemu
* handle full mesage buffer properly
* better policy for updating trace header
* less aggregiously inefficient GC information serialization
* move concolic runtime hitmap count to filter
this is in preparation for the new runtime interface
* very WIP new runtime interface
* use more convenient types in rust runtime
* EmptyRuntime -> NopRuntime
* hide cpp_runtime and formatting
* implement tracing runtime using new runtime interface
* implement filters with new runtime interface
* use a local checkout for symcc_runtime
* make test runtime tracing
* use test_runtime in smoke test
* fix formatting
* make the clippy overlord happy?
* disable symcc build on everything but linux
* make more of symcc_runtime linux only
* fix linking symcc_runtime with C++ stdlib
* will clippy ever be happy?
* formatting
* don't export symcc runtime when compiling tests
* clippy...
* "don't export symcc runtime when compiling tests" for runtime crate as well
* clippy
* move command executor to LibAFL
* move concolic crate into LibAFL
* move concolic{metada,observer} into LibAFL
* move ConcolicFeedback into LibAFL
* move ConolicStage into LibAFL
* fix bug in symcc part of concolic runtime
* stb_image fuzzer with concolic as example fuzzer
* clean up basic_concolic_fuzzer
* clean up and document concolic example fuzzer
* formatting
* clippy
* remove basic_concolic_fuzzer (it is now part of the examples)
* remove the runtime crate in favor of symcc_runtime
* re-architect concolic smoke test and remove git submodules
* remove old submodule directories
* make coverage filter public
* focker docker build
* clippy
* clippy fixes
* fix ubuntu as well
* remove .gitmodules
* move concolic mutational stage into libafl behind feature flag
* script to install dependencies for concolic smoke test
* fix bug
* clippy
* add github action to run smoke test
* fix action
* ensure smoke test is run in correct directory
* remove devcontainer files
* address feedback
* clippy
* more clippy
* address more feedback
Co-authored-by: Dominik Maier <domenukk@gmail.com>
* Get rid of extra deactivate
* Fix realloc, posix_memalign/memalign bugs
* Fix cfg attributes; Add instrumented ranges and translated PC to func errors
* Formatting
* Make hook_functionss aarch64 only for now.
* Move from gothook to frida-based hooks
* Force link against libc++
* Clippy + cleanup prints
* exclude ranges
* Add back guard pages; Implement libc hooks
* Bump frida-rust version
* Add hooks for mmap/munmap, as per issue #105
* Refactor to get rid of global allocator singleton
* Cleanup imports; Fix free out-of-range; Move to fixed addresses for asan allocatoins
* use frida-rust from crates.io now that it has caught up
* cargo fmt
* Clippy fixes
* Better clippy fix
* More clippy fix
* Formatting
* Review changes
* Fix incorrect encoding of and imm: use a register for now
* Fix assumption regarding length of ashmem clients list
* Make harness less chatty
* Fix refcounting in the ashmem server
* Always work around the frida allocate-near bug, not just when doing asan.
* Add support for ashmem on devices which have a boot secret, but don't use it
* Formatting
* launcher in linux
* silence stdout and stderr linux
* arg parser and other changes
* retry instead of sleep
* no_std fixes
* reordered includes
* launcher for windows and kill clients when broker returns
* cargo fmt
* started launcher api cleanup
* use closures instead of functions
* small change
* reordered launcher params
* fixed clippy warnings
* fixed no_std
* moved launcher example to own folder
* docu
* cleanup launcher
* more docs
* Fix merge issues
* Rework the launcher code to provide a cleaner API
* Open file before spawning clients
* launcher: fix merge issue, sleep for a different amount for each core
* fixed no_std
* Tcp Broker to Broker Communication (#66)
* initial b2b implementation
* no_std and clippy fixes
* b2b testcase added
* more correct testcases
* fixed b2b
* typo
* fixed unused warning
* some clippy warning ignored
* using clippy.sh
* Update README.md
* fixed clippy run in workflow
* fixing clippy::match-same-arms
* make clippy less pedantic
* fixed some minor typos in the book
* launcher: use s1341's fork of core_affinity
* Build warning fix proposal, mostly about reference to packed fields. (#79)
* Observers refactor (#84)
* new observer structure with HasExecHooks
* adapt libafl_frida to new observers
* docstrings
* Composing feedback (#85)
* composing feedbacks as logic operations and bump to 0.2
* adapt fuzzers and libafl_frida
* fix windows build
* fixed clippy warnings
* Frida suppress instrumentation locations option (#87)
* Implement frida option
* Format
* add append/discard_metadata for and/or/not feedback (#86)
* add append/discard_metadata for and/or/not feedback
* fix
* Call append_metadata on crash (#88)
* Call append_metadata on crash
* Formatting
* Reachability example (#65)
* add reachability observer/feedback
* add fuzzer exmaple
* fmt
* remove reachabilityobserver, use stdmapobserver instead
* update diff.patch
* update README
* fix the clippy warning
* Squashed commit of the following:
commit f20524ebd77011481e86b420c925e8504bd11308
Author: Andrea Fioraldi <andreafioraldi@gmail.com>
Date: Tue May 4 16:00:39 2021 +0200
Composing feedback (#85)
* composing feedbacks as logic operations and bump to 0.2
* adapt fuzzers and libafl_frida
* fix windows build
commit e06efaa03bc96ef71740d7376c7381572bf11c6c
Author: Andrea Fioraldi <andreafioraldi@gmail.com>
Date: Tue May 4 13:54:46 2021 +0200
Observers refactor (#84)
* new observer structure with HasExecHooks
* adapt libafl_frida to new observers
* docstrings
commit 17c6fcd31cb746c099654be2b7a168bd04d46381
Merge: 08a2d43 a78a4b7
Author: Andrea Fioraldi <andreafioraldi@gmail.com>
Date: Mon May 3 11:16:49 2021 +0200
Merge branch 'main' into dev
commit 08a2d43790797d8864565fec99e7043289a46283
Author: David CARLIER <devnexen@gmail.com>
Date: Mon May 3 10:15:28 2021 +0100
Build warning fix proposal, mostly about reference to packed fields. (#79)
commit 88fe8fa532ac34cbc10782f5f71264f620385dda
Merge: d5d46ad d2e7719
Author: Andrea Fioraldi <andreafioraldi@gmail.com>
Date: Mon May 3 11:05:42 2021 +0200
Merge pull request #80 from marcograss/book-typos
fixed some minor typos in the book
commit a78a4b73fa798c1ed7a3d053369cca435e57aa07
Author: s1341 <s1341@users.noreply.github.com>
Date: Mon May 3 10:34:15 2021 +0300
frida-asan: Un-inline report funclet to reduce code bloat (#81)
* frida-asan: Outline report funclet to reduce code bloat
* fmt
commit d2e7719a8bea3a993394c187e2183d3e91f02c75
Author: Marco Grassi <marco.gra@gmail.com>
Date: Sun May 2 21:58:33 2021 +0800
fixed some minor typos in the book
commit d5d46ad7e440fd4a2925352ed1ccb9ced5d9463d
Author: Dominik Maier <domenukk@gmail.com>
Date: Sat May 1 23:09:10 2021 +0200
make clippy less pedantic
commit 52d25e979e23589587c885803641058dc36aa998
Author: Dominik Maier <domenukk@gmail.com>
Date: Sat May 1 22:23:59 2021 +0200
fixing clippy::match-same-arms
commit cd66f880dea830d1e38e89fd1bf3c20fd89c9d70
Author: Dominik Maier <domenukk@gmail.com>
Date: Sat May 1 14:02:07 2021 +0200
fixed clippy run in workflow
commit ddcf086acde2b703c36e4ec3976588313fc3d591
Author: Dominik Maier <domenukk@gmail.com>
Date: Sat May 1 13:53:29 2021 +0200
Update README.md
commit c715f1fe6e42942e53bd13ea6a23214620f6c829
Author: Dominik Maier <domenukk@gmail.com>
Date: Sat May 1 13:48:38 2021 +0200
using clippy.sh
commit 9374b26b1d2d44c6042fdd653a8d960ce698592c
Author: Dominik Maier <domenukk@gmail.com>
Date: Sat May 1 13:47:44 2021 +0200
some clippy warning ignored
commit b9e75c0c98fdfb1e70778e6f3612a94b71dcd21a
Author: Dominik Maier <domenukk@gmail.com>
Date: Sat May 1 13:24:02 2021 +0200
Tcp Broker to Broker Communication (#66)
* initial b2b implementation
* no_std and clippy fixes
* b2b testcase added
* more correct testcases
* fixed b2b
* typo
* fixed unused warning
* feedbacks now return a boolean value
* use feedback_or, and modify Cargo.toml
* fix diff between dev and this branch
* fmt
Co-authored-by: Dominik Maier <domenukk@gmail.com>
* clippy fixes
* clippy fixes
* clippy fixes, x86_64 warnings
* more docs
* Observers lifetime (#89)
* introduce MatchName and alow lifetimes in observers
* adapt fuzzers to observers with lifetime
* introduce type_eq when on nightly
* fix no_std
* fmt
* Better docu (#90)
* more docs
* more docs:
* more docu
* more docu
* finished docs
* cleaned up markup
* must_use tags added
* more docs
* more docu, less clippy
* more fixes
* Clippy fixes (#92)
* more docs
* more docs:
* more docu
* more docu
* finished docs
* cleaned up markup
* must_use tags added
* more docs
* swapped if/else, as per clippy
* more docu, less clippy
* more fixes
* Fix merge issues
* Get rid of unneeded prints
* Fix merge errors
* added b2b to restarting interface
* Setting SO_REUSEPORT
* added b2b to launcher api
* more windows launcher
* Fix merge errors
* Add b2b support to frida_libpng
* make frida_libpng bind to a public address
* Convert launcher into a builder LauncherBuilder
* formatting
* Convert setup_restarting_mgr to a builder RestartingMgrBuilder; leave setup_restarting_mgr_std as is, so that fuzzers work
* RcShmem should be locked via a mutex
* Wait at least 1 second between broker and first client, to avoid race
* update frida_libpng README for cross-compiling to android (#100)
Co-authored-by: Ariel Zentner <ArielZ@nsogroup.com>
* Fixed build for Windows
* no_std fixes
* reverted aa6773dcade93b3a66ce86e6b2cc75f55ce194e7 & windows fixes
* added pipes, moving to remove race conditions for rc shmem
* fix unix build
* fixed clippy:
* fixed no_std once more
* renamed b2b to remote_broker_addr
* you get a pre_fork, and you get a post_fork, forks for everyone
* switched to typed_builder
* Fix merge isseu
* Fix frida fuzzer with new Launcher builder
* Introspection (#97)
* Rework to put `ClientPerfStats` in `State` and pass that along. Still need to work on getting granular information from `Feedback` and `Observer`
* Add perf_stats feature to libafl/Cargo.toml
* Update feedbacks to have with_perf
* Remove unneeeded print statement
* cargo fmt all the things
* use local llvmint vs cpu specific asm for reading cycle counter
* Remove debug testing code
* Stats timeout to 3 seconds
* Inline smallish functions for ClientPerfStats
* Remove .libs/llvmint and have the correct conditional compilation of link_llvm_intrinsics on the perf_stats feature
* pub(crate) the NUM_FEEDBACK and NUM_STAGES consts
* Tcp Broker to Broker Communication (#66)
* initial b2b implementation
* no_std and clippy fixes
* b2b testcase added
* more correct testcases
* fixed b2b
* typo
* fixed unused warning
* clippy fixes
* fallback to systemtime on non-x86
* make clippy more strict
* small fixes
* bump 0.2.1
* readme
Co-authored-by: ctfhacker <cld251@gmail.com>
Co-authored-by: Dominik Maier <domenukk@gmail.com>
* typos (please review)
* merged clippy.sh
* utils
* Add asan cores option (#102)
* added asan-cores option for frida fuzzer
When asan is enabled (via LIBBAFL_FRIDA_OPTIONS enable-asan), you can
filter exactly which of the cores asan should run on with the
asan-cores variable.
* add is_some check instead of !None
Co-authored-by: Ariel Zentner <ArielZ@nsogroup.com>
* moved utils to bolts
* fixed typo
* no_std fixes
* unix fixes
* fixed unix no_std build
* fix llmp.rs
* adapt libfuzzer_libpng_launcher
* added all fuzzers to ci
* fmt, improved ci
* tests crate not ready for prime time
* clippy fixes
* make ci script executable
* trying to fix example fuzzers
* working libfuzzer_libpng_laucnher
* frida_libpng builds
* clippy
* bump version
* fix no_std
* fix dep version
* clippy fixes
* more fies
* clippy++
* warn again
* clearer readme
Co-authored-by: Vimal Joseph <vimaljoseph027@gmail.com>
Co-authored-by: Dominik Maier <domenukk@gmail.com>
Co-authored-by: s1341 <github@shmarya.net>
Co-authored-by: Marco Grassi <marco.gra@gmail.com>
Co-authored-by: s1341 <s1341@users.noreply.github.com>
Co-authored-by: Andrea Fioraldi <andreafioraldi@gmail.com>
Co-authored-by: David CARLIER <devnexen@gmail.com>
Co-authored-by: Toka <tokazerkje@outlook.com>
Co-authored-by: r-e-l-z <azentner@gmail.com>
Co-authored-by: Ariel Zentner <ArielZ@nsogroup.com>
Co-authored-by: ctfhacker <cld251@gmail.com>
Co-authored-by: hexcoder <hexcoder-@users.noreply.github.com>
* save work
* it builds
* MutationalStage builds
* compile lib.rs test
* libafl tests work
* adapt stb_image example
* change fuzzer to not hold executor and event manager as type field
* libfuzzer_stb_image running example
* restore ReachabilityFeedback
* restore introspection
* adapt fuzzers except frida_libpng
* format
* compile on windows
* clippy
* fix libafl_frida
* adapt frida_libpng
* more docs
* more docs:
* more docu
* more docu
* finished docs
* cleaned up markup
* must_use tags added
* more docs
* more docu, less clippy
* more fixes
* introduce MatchName and alow lifetimes in observers
* adapt fuzzers to observers with lifetime
* introduce type_eq when on nightly
* fix no_std
* fmt
* frida_asan: Implemented initial asan runtime library
* frida_asan: Switch to hashbrown
* Implemented GOT-based hooking to isolate the hooking of the memory functions. Implemented initial ASAN instrumentation
* WIP: Shadowing all used memory. Currently tracking pages using a BTreeSet. Slow AF!
* Add SigTrap to unix_signals and inprocess
* Working frida-asan, almost no speed degradation.
Currently the shadow check is reversed, so it checks only that the shadow is not 0.
We need to implement sub-8-byte checking.
* Format
* Cleanup and formatting
* Sub-qword and 16-byte checks implemented; Fixed unaligned access to QWORD
* Pass the ucontext_t to signal handlers. Initial regdump on crash
* Fix typo
* Make the context argument a mut ref
* Add missing files; Implement initial reporting
* Refactor out gothook; Move safety checkers to dynasm
* Get rid of const assembly blobs no longer needed
* Move to a handler function instead of using SIGTRAP.
This bloats the transformed code, but doesn't seem to have a major impact on performance.
Also, implemented pretty backtraces and assembly output.
* Formatting
* Get rid of all the pinning crap I wasted my day on, We don't need it
* windows fixes
* ashmem
* ashmem_service: server side ready
* ashmem_service: client side ready. Ready for integration
* ashmem_service: changes to UnixShMem to make it 'threadable'
* ashmem_service: format
* ashmem_service: Undo changes to UnixShMem, make the thread own the AshmemService instead; Fix protocol bug
* ashmem_service: working ashmem service. Fix merge issues
* use the newly released capston e 0.8.0; Fix a nasty bug where the afl_area an pc_pointer were reversed. Changed Vectors to Boxed [u8]
* Implement type detection for reporting; Implement double-free/unallocated free checking
* fmt
* Cleanup code a little
* frida-asan: This is an omnibus commit. Should probably have been a bunch of small commits, but I don't have the time/patience.
- Implemented DrCov support in order to debug a failing harness. This is actually
generic and should be moved out of libafl_frida.
- Implemented LIBAFL_FRIDA_OPTIONS env var to pass options to the frida helper,
to dynamically enable/disable asan and drcov.
- Implemented memory reuse - after each test case the used pages are recycled and
can be reused in the next test case.
- Implemented and tested vectorized instruction instrumentation.
- Implemented not instrumenting atomic load/store instructions. The cost of
trying to emulate their behaviour is too high at the moment.
- Implemented probing of shadow bit to determine the best match for the current
system.
- Implemented shadow memory pre-mapping where it is available. We probe for this
too.
- Implemented ability to specify a list of modules to instrument on the command
line. This allows fine-grained control of which modules are instrumented for
coverage/asan/drcov.
- Implemented unpoisoning of the Input target_bytes in a pre_exec hook.
- Added support for zero-sized allocations. We return 0x10 bytes at the moment.
- Added all known operator new/delete functions to hooks.
- Added workaround for frida_gum_allocate_near bug.
- Cleaned up reporting, added reporting for different error types.
* frida-asan: Implement leak detection
* Fix merge issues
* Rebased on dev to get llmp/shmem changes; Clippy fixes
* Add FridaOptions struct
* Add the Custom ExitKind; Get rid of Clone/PartialEq on ExitKind
* Make it possible to recover from an ASAN error
* Add SIGTRAP to crashing signals
* Add back (conditional) crashing on Asan errors.
* Fix too-large immediates in add instruction
* Implement RcShMemProvider, finally fix the EOP bug
* Clear ASAN_ERRORS before each test
* Fix warnings; Fix review issues
* Cleanup prints
* Add timeout to Frida mode
* Make allocation-/free-site backtraces optional
* CPU Context and backtrace (on android/aarch64 atm) on crash
* Make stalker conditional
* Add metadata to solution, and write metadata files
* Add addresses to backtrace; Add reporting of ASAN stack errors; Fix ASAN reporting bugs
* Remove meaningless backtrace on crash
* Fix the x0, x1 load in report
* use upstream color-backtrace
* use __builtin_thread_pointer instead of custom asm
* Don't unwrap ASAN_ERRORS if it isn't some
* Fix bug where we weren't clearing the drcov basicblocks after each run
* Fix bug where we were dropping an ashmem too soon
* Fix OwnedPtr instead of CPtr
* Fix gettls for all archs
* cfg guards for target arch, disabling Frida-ASAN/-DrCov if not on aarch64
* Cargo fmt
* Only panic in options when asan/drcov are turned on; Merge fixes
* gothook only supported on unix
* Fix gettls on msvc
* Another attempt to fix MSVC gettls
* Fix backtrace use
* nostd fixes; warning fixes
* formatting
* Migrate FridaEdgeCoverageHelper into libafl_frida, and rename to FridaInstrumentationHelper
* Clean up uses
* Move DrCovWriter to libafl_targets
* Refactor DrCovWriter to get a vec of DrCovBasicBlocks; formatting
* Update to newer backtrace which supports android with gimli
* windows fixes
Co-authored-by: Dominik Maier <domenukk@gmail.com>
Co-authored-by: andreafioraldi <andreafioraldi@gmail.com>
* shmeme/llmp refactor to convert ShMem into a stateful ShMemProvider
factory.
At the moment we use parking_lot::ReentrantMutex. That may not be
necessary.
* fix merge issue
* formatting
* Fix fuzzer examples for new ShMemProvider
* Fix clippy warnings
* Fix build and clippy for x86_64
* Resolve review comments
* Remove ReentrantMutex and RefCell - they are not needed
* Hopefully fix win32 build
* Fix tests, windows build
* Rename ShMemProvider to ShMem
* Revert "Rename ShMemProvider to ShMem"
This reverts commit eca07c8d7bb3d5e829fecf3f7213c763470a41e9.
* Rename ShMemMapping to ShMem; Test fixes
* Add missing trait to scope
* Fix from_int
* Fix try_into
* Move to alloc::sync::Arc and spin::Mutex to support nostd
* Fix tests
* nostd fixes; Make new() a part of the ShMemProvider trait
* Fix errant ?
* Fix windows
* Fix missing trait
* nostd remove dbg!
* Add Default and Clone to ShMemProvider
* Formatting
* Fix windows
* Get rid of ArcMutex in favor of RefCell
* Rc RefCell
* moved to refs
* SHP->SP
* Use alloc::rc::Rc instead of std::rc::Rc
* Format
* Add setup_restarting_mgr_std which selects the right ShMemProvider; changed fuzzers to use it
* Get rid of unnecessary clone
* Fix clippy error on windows
* Fix nostd
* Fix formatting
* Make StdShmemProvider include ServedShMemProvider
* Get rid of lifetime specifiers now that we are using Rc
* Get rid of unneccesary spin
* Rename ShMemProvider::Mapping to ShMemProvider::Mem
* Formatting
* fix Windows
* Rename DefaultUnixShmem* to CommonUnixShmem*
Co-authored-by: Dominik Maier <domenukk@gmail.com>
