* step1 for tinyinst
* step2: minimal executor
* updated libafl
* Tinyinst Update (#853)
* Mac OS Autotokens (#723)
* mac_tokens
* more
* win fix
* fmt
* fmt c
* Use nightly fmt (#728)
* Fix compilation for aarch64 qemu (#731)
Typo lead to fail to compile for arm64
* Simd Fix (#729)
* simd fix
* fmt
* Fixing readme & docs (#730)
* fix
* fix
* add
* add
* fmt
* 0.8.1 (#732)
* New Pass Manager Arguments (#724)
* new pm arguments
* enable abgeana's code
* Fix tui with 1 client (#734)
* unbreak tui with 1 client
* clippy
* Add core affinity support for FreeBSD (#736)
* NYX Executor (GSoC '22) (#693)
* Add ccache
* Update codecov.yml
* Add libnyx
* Fix
* Add nyx build script
* Fix build.sh && init executor.rs
* Fix commit
* Fix code
* initialize `exector.rs`
* refine API in `nyx_bridge.rs`
* initialze `run_target`
* add `test_nyxhelper`
* initize `test_executor`
* remove `nyx_beidge.rs`
* make `test_executor` compile
* Improve test
* refine code
* update version
* fix docker
* fix docker
* Fix clippy
* Fix build
* fix build && add `set_timeout`
* Fix and refine CI
* fix CI
* Fix CI
* Add platform restrict
* cargo fmt
* add parallel mode
* add example `nyx_libxml2_parallel`
* fix fuzzer example
* fix CI
* add README
* fix CI
* fix CI
* fix CI
* remove unwrap and NyxResult
* code format fix
* add libnyx's rev
* fix format
* change Duration format && Fix CI
* caego fmt
* fix CI
* fix CI
* Add doc
* test CI
* Update test_all_fuzzers.sh
* Update test_all_fuzzers.sh
* Update test_all_fuzzers.sh
* add cache for apt and cargo-install
* Update build_and_test.yml
* Update build_and_test.yml
* tmp test CI
* fix CI
* remove debug cmd
* remove test
* code refine
* code refine
* code refine
* code refine
* add Makefile
* fix example doc for nyx
* add `NyxHelper::new_with_initial_timeout`
* fix `NyxHelper::new`
* fix curl parameter
* code refine
* add check for setup script
* use afl-clang-fast in nyx
* fix logic
* fix makefile
* fix CI
* Update build_and_test.yml
* Update build_and_test.yml
* remove debug cmd
Co-authored-by: syheliel <syheliel@gmail.com>
Co-authored-by: Dominik Maier <dmnk@google.com>
* Fix spelling error (#745)
* OSX force_load option (#743)
* Update clang.rs
* fmt
* Add continous JSON Logging monitor (#738)
* Add simple JSON Monitor
* Add documentation
* Log global state
* Fix formatting
* Save state depending on closure outcome, have file opened all the time
* Make OnDiskJSONMonitor cloneable
* Switch to FnMut to allow stateful closures
* Use &mut M: Monitor for the closure
* Fix documentation of Rand::below (#747)
* Netopenbsd build fix (#746)
* core affinity netbsd implementation.
* openbsd build fix
* Fix autotokens doc (#751)
* fix
* remove wrong doc
* Simplification for netbsd-specific code (#750)
the cpuset api is already present in libc...
* Add test case minimising stage (tmin) (#735)
* add test case minimising stage
* general purpose minimiser impl, with fuzzer example
* reorganise, document, and other cleanup
* correct python API return value
* correct some docs
* nit: versioning in fuzzers
* ise -> ize
* Implement a corpus minimiser (cmin) (#739)
* initial try
* correct case where cull attempts to fetch non-existent corpus entries
* various on_remove, on_replace implementations
* ise -> ize (consistency), use TestcaseScore instead of rolling our own
* oops, feature gate
* documentation!
* link c++
* doc-nit: correction in opt explanation
don't write documentation at 0300
* better linking
* Skippable stage, generator wrapper for Grimoire (#748)
* Skippable stage, generator wrapper for Grimoire
* more fancy wrapper
* MapFeedback: Adding support for with_name() (#752)
* Adding support for with_name()
* Adding with_name() function description
* dragonflybsd build fix for core affinity. (#753)
supporting most of linux sched api here.
* CI for FreeBSD (#754)
* CI for FreeBSD
* rustup -y?
* fixed path, switched to clippy
* bsd don't source
* added llvm
* clippy
* more yml
* ?
* testing ci
* llvm?
* llvm??
* more llvm, more tests
* fixed testcase'
* mem limits
* more sudo
* reenable all the CI
* Fixes for new Clippy (#755)
* New Clippy fixes for QEMU (#757)
* Core affinity for FreeBSD pinning task to the wanted cpu (#756)
* Do not zero-init struct in QEMU (#758)
* New Clippy fixes for QEMU
* no need to 0-initialize mem
* clippy
* Add doc for libafl_nyx (#759)
Co-authored-by: syheliel <syheliel@gmail.com>
* Adjust NyxExecutor trait bound to HasTargetBytes from HasBytesVec (#760)
* adjust NyxExecutor trait bound to HasTargetBytes from HasBytesVec
* oops actually use HasTargetBytes instead
* libafl_frida: ASan hook adding Apple's memset_pattern* api. (#761)
* Fix cargo doc on windows (#762)
* add doc cfg
* fix nostd docs
* ignore CommandConfigurator doc test execution on non-unix platform
* add cargo doc step pipeline on windows platform
* Enable memset_patter ASan hooks for Apple on libafl_frida (#763)
* Fix forkserver options (#771)
* Stability improve (#773)
* initial
* add
* fmt & fix
* dbg remove
* clp
* clp
* more
* clippy
* del
* fix
* remove unused
* fix
* doc
* Fix doc (#780)
* Add track_stability option to CalibrationStage (#781)
* add
* Update gramatron.rs
* Update emu.rs
* try
* clp
* Dump registers on freebsd x86_64 (#779)
* Illumos support (#775)
implementing core affinity too.
* Reduce clang warnings for version output in libafl_cc. (#778)
* Extend gramatron recursive mutator (#783)
* Dump registers on NetBSD amd64 (#786)
* Add support for ARMBE8 (#768)
* Changes to build QEMU out-of-tree so that we don't need to clone the repo for each feature combination we build
* Add be support to libafl_qemu
* More config tweaks
Co-authored-by: Your Name <you@example.com>
* [AFLplusplus/LibAFL] dump registers on OpenBSD amd64 (PR #787)
* dump registers on openbsd
* write_crash implementations
* Windows gdiplus (#789)
* Initial steps
* Harness code cleanup
* don't panic on linux in order not to break the CI
* formatting once again
* restored cfg unix to unbreak linux build
* Remove clang download from windows CI (#791)
* Attempt to remove clang 12 setup
* frida_gdiplus added to CI
* Gdiplus comments (#792)
* Attempt to remove clang 12 setup
* frida_gdiplus added to CI
* Redundancy note
* formatting again :\
* mistake of directory name
* Fix len miscalculation in grimoire string replace (#794)
* Fix len miscalculation in grimoire string replace
* ok Rust i was writing JS these days
Co-authored-by: Andrea Fioraldi <andrea.fioraldi@trellix.com>
* Fix doc typos (#796)
* Fix CI (#798)
* bump (#799)
* Support for write_crash on netbsd (#788)
* Support for bolts::cpu::read_time_counter on arm64 (#790)
* Add ability to use virtual dispatch to StagesTuple (#801)
* Add ability to use virtual dispatch to stagesTuple
* Fix lint
* Adding CPSR register for arm qemu (#800)
* trying to add in observer
* writing test
* got up to running with instrumentation but i still need to get the map
* fixing fuzzer code
* adding tinyinst fuzzer
* adding ffi to store all the map data into vec.
* adding some new things
* adding somewhat state of how i would like it should work
* fixing some things
* alot of false positives.
* fixing before adding args
* updated to use FileInput!
* adding build script to pull tinyinst
* fixing git issue
* writing instruction to run how to run tinyinst fuzzer
Co-authored-by: Dongjia Zhang <tokazerkje@outlook.com>
Co-authored-by: Dominik Maier <dmnk@google.com>
Co-authored-by: Phan Thanh Duy <phanthanhduypr@gmail.com>
Co-authored-by: Nicholas Lang <97475577+nicklangsysdig@users.noreply.github.com>
Co-authored-by: David CARLIER <devnexen@gmail.com>
Co-authored-by: syheliel <45957390+syheliel@users.noreply.github.com>
Co-authored-by: syheliel <syheliel@gmail.com>
Co-authored-by: Aiden Hall <AidenRHall@users.noreply.github.com>
Co-authored-by: Sönke <eknoes@users.noreply.github.com>
Co-authored-by: Sirui Mu <msrlancern@gmail.com>
Co-authored-by: Addison Crump <me@addisoncrump.info>
Co-authored-by: Patrick Gersch <gersch.patrick@gmail.com>
Co-authored-by: Teddy Heinen <teddy@heinen.dev>
Co-authored-by: Vincent <space_white@yahoo.com>
Co-authored-by: Andrea Fioraldi <andreafioraldi@gmail.com>
Co-authored-by: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com>
Co-authored-by: Your Name <you@example.com>
Co-authored-by: expend20 <36543551+expend20@users.noreply.github.com>
Co-authored-by: Andrea Fioraldi <andrea.fioraldi@trellix.com>
Co-authored-by: Ben Davis <ben@thebendavis.net>
Co-authored-by: radl97 <radl97@users.noreply.github.com>
* fix
* fmt
* Submodule
* Submodule?
* Tinyinst Update V2 (#905)
* updated to lastest libafl
* going to replace tinyinst to more like jackalope with tinyinstrumentation
* fixing clippy
* keep working on cpp ffi. sad
* updating litecov to tinyinst. also start making our own litecov
* revert to map instead of list. not sure why its not working
* making fuzzer listobserver
* working with listobserver!:
* cleaning up
* adding cargo make run
* updating cargo for tinyinst
* updating readme
* readme, clippy
* fmt
* fmt
* fix
* fix
* docker
* fix
* fmt
Co-authored-by: Dominik Maier <dmnk@google.com>
Co-authored-by: biazo <eric.l.biazo@gmail.com>
Co-authored-by: Phan Thanh Duy <phanthanhduypr@gmail.com>
Co-authored-by: Nicholas Lang <97475577+nicklangsysdig@users.noreply.github.com>
Co-authored-by: David CARLIER <devnexen@gmail.com>
Co-authored-by: syheliel <45957390+syheliel@users.noreply.github.com>
Co-authored-by: syheliel <syheliel@gmail.com>
Co-authored-by: Aiden Hall <AidenRHall@users.noreply.github.com>
Co-authored-by: Sönke <eknoes@users.noreply.github.com>
Co-authored-by: Sirui Mu <msrlancern@gmail.com>
Co-authored-by: Addison Crump <me@addisoncrump.info>
Co-authored-by: Patrick Gersch <gersch.patrick@gmail.com>
Co-authored-by: Teddy Heinen <teddy@heinen.dev>
Co-authored-by: Vincent <space_white@yahoo.com>
Co-authored-by: Andrea Fioraldi <andreafioraldi@gmail.com>
Co-authored-by: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com>
Co-authored-by: Your Name <you@example.com>
Co-authored-by: expend20 <36543551+expend20@users.noreply.github.com>
Co-authored-by: Andrea Fioraldi <andrea.fioraldi@trellix.com>
Co-authored-by: Ben Davis <ben@thebendavis.net>
Co-authored-by: radl97 <radl97@users.noreply.github.com>
Co-authored-by: Dominik Maier <domenukk@gmail.com>
* initial atheris libfuzzer harness
* cmplog, kinda
* added makefile to generic_inmemory
* Makefile for atheris fuzzer
* moved away from clap yaml
* fixed arg parsing
* fuzzing
* ldpreload lib to replace exit with abort
* fixed docker, docs
* fix docker some more
* better documentation
* less commented out important things
* Make makefile less crashy
* starting to fix macos linker bugs
* mdetailed error prints
* start shmem service manually
* not a doc comment
* Some fixes
* only send exit msg to shmemservice when start was successful
* incorporated shmem service into provider
* removed unused imports
* trying to fix fuzzers
* fixed build
* check if join_handle is_some
* more debug prints
* fixed shmem service autolaunch
* fixed macos linker
* ignoring broken libpng testcase on macos for now (see #252)
* fmt
* try to fix missing llvm_config (see #253)
* empty issue template added
* Mmanually look for llvm-config on MacOS
* fixing CI
* fixed docs
* ignoring libmozjpg for CI, see #254
* create a separate crate for symcc url and commit hash
also contains functions to checkout and build symcc from a build script
* fix dockerfile
* clippy
* add stub runtime that links with symcc common runtime code
* implement tracing runtime to generate message file
* move ShMemCursor to libafl proper
* qualify enum imports to make clippy happy
* fix warnings
* formatting
* update symcc submodule to point to AFL++ org repo
* fix naming of ShMemCursor and remove std requirement
* ensure runtime is named correctly after compilation
* add devcontainer files for easier development
(will be removed later)
* move rust nightly install into devcontainer.json
this makes it run after the container has been built
* dev container: install recommended packages
* switch to building rust runtime from SymCC cmake
* install corrosion in dev container for cmake-cargo integration
* add smoke test for symcc-runtime integration
* update symcc submodule
* add rustfmt to devcontainer
* properly mark the end of a constraint trace
Using a special "End" message
* small tool to dump constraints from a traced process
* extend smoke test to include parsing & printing of constraints
* update symcc submodule
* first draft of expression filters for concolic
* fix type in runtime method name
* update symcc submodule
* implement extensions to serdeany map:
* remove -> Option<T>
* insert_boxed(Box<T>) (avoids allocation if value is already boxed)
* implement std::io::Seek for ShMemCursor
* implement framing for in-memory traces
this allows to efficiently get the length of trace.
this is important for efficiently copying the trace out of the shared
memory region.
* fix for serdeany map
* fuzzer that associates concolic traces with test
case
* ensure runtime can handle 0-expressions
* move metadata, observer and feedback into separate files
* convert executor to command executor and move to separate file
* refactoring and streamlining
* move panic mode configuration to cmake script
* compile cmake from source, because debians version is too old.........
* use separate stage for tracing
* fix dockerfile
* move runtime into the workspace
using prior work on compilation flags from cmake
* actually make use of selective symbolication filter
* update to support latest symcc changes
* implement hitmap for concolic runtime
* clippy
* implement selective symbolization and coverage map for dump_constraints tool
* use concolic runtime coverage for concolic fuzzer feedback
* actually kill process on timeout
* be extra careful after killing process
* increase command executor busy wait to 5ms
* implement concolic tracing stage
* address naming issue
* implement floating point expression filter for runtime
* rename expression filters to be less verbose
* implement expression pruning
* implement ConcolicMutationalStage
* refactor command executor and remove busy loop
* implement generic command executor
* remove debug prints
* refactor + documentation
* refactor
* add stub runtime that links with symcc common runtime code
* implement tracing runtime to generate message file
* move ShMemCursor to libafl proper
* qualify enum imports to make clippy happy
* fix warnings
* formatting
* update symcc submodule to point to AFL++ org repo
* fix naming of ShMemCursor and remove std requirement
* ensure runtime is named correctly after compilation
* add devcontainer files for easier development
(will be removed later)
* move rust nightly install into devcontainer.json
this makes it run after the container has been built
* dev container: install recommended packages
* switch to building rust runtime from SymCC cmake
* install corrosion in dev container for cmake-cargo integration
* add smoke test for symcc-runtime integration
* update symcc submodule
* add rustfmt to devcontainer
* properly mark the end of a constraint trace
Using a special "End" message
* small tool to dump constraints from a traced process
* extend smoke test to include parsing & printing of constraints
* update symcc submodule
* first draft of expression filters for concolic
* fix type in runtime method name
* update symcc submodule
* implement extensions to serdeany map:
* remove -> Option<T>
* insert_boxed(Box<T>) (avoids allocation if value is already boxed)
* implement std::io::Seek for ShMemCursor
* implement framing for in-memory traces
this allows to efficiently get the length of trace.
this is important for efficiently copying the trace out of the shared
memory region.
* fix for serdeany map
* fuzzer that associates concolic traces with test
case
* ensure runtime can handle 0-expressions
* move metadata, observer and feedback into separate files
* convert executor to command executor and move to separate file
* refactoring and streamlining
* move panic mode configuration to cmake script
* compile cmake from source, because debians version is too old.........
* use separate stage for tracing
* fix dockerfile
* move runtime into the workspace
using prior work on compilation flags from cmake
* actually make use of selective symbolication filter
* update to support latest symcc changes
* implement hitmap for concolic runtime
* clippy
* implement selective symbolization and coverage map for dump_constraints tool
* use concolic runtime coverage for concolic fuzzer feedback
* actually kill process on timeout
* be extra careful after killing process
* increase command executor busy wait to 5ms
* implement concolic tracing stage
* address naming issue
* implement floating point expression filter for runtime
* rename expression filters to be less verbose
* implement expression pruning
* implement ConcolicMutationalStage
* refactor command executor and remove busy loop
* implement generic command executor
* remove debug prints
* refactor + documentation
* refactor
* fixed build, clippy
* no_std
* implement WithObservers executor as discussed
* add symqemu as a submodule
* fix symqemu submodule URL to be relative
* update the concolic runtime to match the new interface
* update the trace file header regularly to save constraints in case the program crashes
* add build dependencies for symqemu
* handle full mesage buffer properly
* better policy for updating trace header
* less aggregiously inefficient GC information serialization
* move concolic runtime hitmap count to filter
this is in preparation for the new runtime interface
* very WIP new runtime interface
* use more convenient types in rust runtime
* EmptyRuntime -> NopRuntime
* hide cpp_runtime and formatting
* implement tracing runtime using new runtime interface
* implement filters with new runtime interface
* use a local checkout for symcc_runtime
* make test runtime tracing
* use test_runtime in smoke test
* fix formatting
* make the clippy overlord happy?
* disable symcc build on everything but linux
* make more of symcc_runtime linux only
* fix linking symcc_runtime with C++ stdlib
* will clippy ever be happy?
* formatting
* don't export symcc runtime when compiling tests
* clippy...
* "don't export symcc runtime when compiling tests" for runtime crate as well
* clippy
* move command executor to LibAFL
* move concolic crate into LibAFL
* move concolic{metada,observer} into LibAFL
* move ConcolicFeedback into LibAFL
* move ConolicStage into LibAFL
* fix bug in symcc part of concolic runtime
* stb_image fuzzer with concolic as example fuzzer
* clean up basic_concolic_fuzzer
* clean up and document concolic example fuzzer
* formatting
* clippy
* remove basic_concolic_fuzzer (it is now part of the examples)
* remove the runtime crate in favor of symcc_runtime
* re-architect concolic smoke test and remove git submodules
* remove old submodule directories
* make coverage filter public
* focker docker build
* clippy
* clippy fixes
* fix ubuntu as well
* remove .gitmodules
* move concolic mutational stage into libafl behind feature flag
* script to install dependencies for concolic smoke test
* fix bug
* clippy
* add github action to run smoke test
* fix action
* ensure smoke test is run in correct directory
* remove devcontainer files
* address feedback
* clippy
* more clippy
* address more feedback
Co-authored-by: Dominik Maier <domenukk@gmail.com>
* builds on no_std
* fixed std build
* nightly fmt on CI
* nightly fmt on CI (again)
* fmt
* no_std build on unix
* more mem
* added no_std from #212 to gh workflow
* more ci, less nightly
* clippy
* more toolchains?
* docu
* y u no build
* more ci?
* next try
* fixed dockr
* more dockerfile fixes
* ondisk corpus fixed
* panic:?
* ubunutu
Co-authored-by: Andrea Fioraldi <andreafioraldi@gmail.com>
