These methods force a `MapObserver` to own an initial value, but
there's no reason for this to be the case - If you don't need to allow a
dynamically-changeable initial value, it might be nice to use `<<Self as
MapObserver>::Entry as Default>::default()` everywhere and have the compiler
statically propagate that value.
Not a lot of code used these methods (which seems like a good argument that
they aren't a fundamental part of the inteface).
* step1 for tinyinst
* step2: minimal executor
* updated libafl
* Tinyinst Update (#853)
* Mac OS Autotokens (#723)
* mac_tokens
* more
* win fix
* fmt
* fmt c
* Use nightly fmt (#728)
* Fix compilation for aarch64 qemu (#731)
Typo lead to fail to compile for arm64
* Simd Fix (#729)
* simd fix
* fmt
* Fixing readme & docs (#730)
* fix
* fix
* add
* add
* fmt
* 0.8.1 (#732)
* New Pass Manager Arguments (#724)
* new pm arguments
* enable abgeana's code
* Fix tui with 1 client (#734)
* unbreak tui with 1 client
* clippy
* Add core affinity support for FreeBSD (#736)
* NYX Executor (GSoC '22) (#693)
* Add ccache
* Update codecov.yml
* Add libnyx
* Fix
* Add nyx build script
* Fix build.sh && init executor.rs
* Fix commit
* Fix code
* initialize `exector.rs`
* refine API in `nyx_bridge.rs`
* initialze `run_target`
* add `test_nyxhelper`
* initize `test_executor`
* remove `nyx_beidge.rs`
* make `test_executor` compile
* Improve test
* refine code
* update version
* fix docker
* fix docker
* Fix clippy
* Fix build
* fix build && add `set_timeout`
* Fix and refine CI
* fix CI
* Fix CI
* Add platform restrict
* cargo fmt
* add parallel mode
* add example `nyx_libxml2_parallel`
* fix fuzzer example
* fix CI
* add README
* fix CI
* fix CI
* fix CI
* remove unwrap and NyxResult
* code format fix
* add libnyx's rev
* fix format
* change Duration format && Fix CI
* caego fmt
* fix CI
* fix CI
* Add doc
* test CI
* Update test_all_fuzzers.sh
* Update test_all_fuzzers.sh
* Update test_all_fuzzers.sh
* add cache for apt and cargo-install
* Update build_and_test.yml
* Update build_and_test.yml
* tmp test CI
* fix CI
* remove debug cmd
* remove test
* code refine
* code refine
* code refine
* code refine
* add Makefile
* fix example doc for nyx
* add `NyxHelper::new_with_initial_timeout`
* fix `NyxHelper::new`
* fix curl parameter
* code refine
* add check for setup script
* use afl-clang-fast in nyx
* fix logic
* fix makefile
* fix CI
* Update build_and_test.yml
* Update build_and_test.yml
* remove debug cmd
Co-authored-by: syheliel <syheliel@gmail.com>
Co-authored-by: Dominik Maier <dmnk@google.com>
* Fix spelling error (#745)
* OSX force_load option (#743)
* Update clang.rs
* fmt
* Add continous JSON Logging monitor (#738)
* Add simple JSON Monitor
* Add documentation
* Log global state
* Fix formatting
* Save state depending on closure outcome, have file opened all the time
* Make OnDiskJSONMonitor cloneable
* Switch to FnMut to allow stateful closures
* Use &mut M: Monitor for the closure
* Fix documentation of Rand::below (#747)
* Netopenbsd build fix (#746)
* core affinity netbsd implementation.
* openbsd build fix
* Fix autotokens doc (#751)
* fix
* remove wrong doc
* Simplification for netbsd-specific code (#750)
the cpuset api is already present in libc...
* Add test case minimising stage (tmin) (#735)
* add test case minimising stage
* general purpose minimiser impl, with fuzzer example
* reorganise, document, and other cleanup
* correct python API return value
* correct some docs
* nit: versioning in fuzzers
* ise -> ize
* Implement a corpus minimiser (cmin) (#739)
* initial try
* correct case where cull attempts to fetch non-existent corpus entries
* various on_remove, on_replace implementations
* ise -> ize (consistency), use TestcaseScore instead of rolling our own
* oops, feature gate
* documentation!
* link c++
* doc-nit: correction in opt explanation
don't write documentation at 0300
* better linking
* Skippable stage, generator wrapper for Grimoire (#748)
* Skippable stage, generator wrapper for Grimoire
* more fancy wrapper
* MapFeedback: Adding support for with_name() (#752)
* Adding support for with_name()
* Adding with_name() function description
* dragonflybsd build fix for core affinity. (#753)
supporting most of linux sched api here.
* CI for FreeBSD (#754)
* CI for FreeBSD
* rustup -y?
* fixed path, switched to clippy
* bsd don't source
* added llvm
* clippy
* more yml
* ?
* testing ci
* llvm?
* llvm??
* more llvm, more tests
* fixed testcase'
* mem limits
* more sudo
* reenable all the CI
* Fixes for new Clippy (#755)
* New Clippy fixes for QEMU (#757)
* Core affinity for FreeBSD pinning task to the wanted cpu (#756)
* Do not zero-init struct in QEMU (#758)
* New Clippy fixes for QEMU
* no need to 0-initialize mem
* clippy
* Add doc for libafl_nyx (#759)
Co-authored-by: syheliel <syheliel@gmail.com>
* Adjust NyxExecutor trait bound to HasTargetBytes from HasBytesVec (#760)
* adjust NyxExecutor trait bound to HasTargetBytes from HasBytesVec
* oops actually use HasTargetBytes instead
* libafl_frida: ASan hook adding Apple's memset_pattern* api. (#761)
* Fix cargo doc on windows (#762)
* add doc cfg
* fix nostd docs
* ignore CommandConfigurator doc test execution on non-unix platform
* add cargo doc step pipeline on windows platform
* Enable memset_patter ASan hooks for Apple on libafl_frida (#763)
* Fix forkserver options (#771)
* Stability improve (#773)
* initial
* add
* fmt & fix
* dbg remove
* clp
* clp
* more
* clippy
* del
* fix
* remove unused
* fix
* doc
* Fix doc (#780)
* Add track_stability option to CalibrationStage (#781)
* add
* Update gramatron.rs
* Update emu.rs
* try
* clp
* Dump registers on freebsd x86_64 (#779)
* Illumos support (#775)
implementing core affinity too.
* Reduce clang warnings for version output in libafl_cc. (#778)
* Extend gramatron recursive mutator (#783)
* Dump registers on NetBSD amd64 (#786)
* Add support for ARMBE8 (#768)
* Changes to build QEMU out-of-tree so that we don't need to clone the repo for each feature combination we build
* Add be support to libafl_qemu
* More config tweaks
Co-authored-by: Your Name <you@example.com>
* [AFLplusplus/LibAFL] dump registers on OpenBSD amd64 (PR #787)
* dump registers on openbsd
* write_crash implementations
* Windows gdiplus (#789)
* Initial steps
* Harness code cleanup
* don't panic on linux in order not to break the CI
* formatting once again
* restored cfg unix to unbreak linux build
* Remove clang download from windows CI (#791)
* Attempt to remove clang 12 setup
* frida_gdiplus added to CI
* Gdiplus comments (#792)
* Attempt to remove clang 12 setup
* frida_gdiplus added to CI
* Redundancy note
* formatting again :\
* mistake of directory name
* Fix len miscalculation in grimoire string replace (#794)
* Fix len miscalculation in grimoire string replace
* ok Rust i was writing JS these days
Co-authored-by: Andrea Fioraldi <andrea.fioraldi@trellix.com>
* Fix doc typos (#796)
* Fix CI (#798)
* bump (#799)
* Support for write_crash on netbsd (#788)
* Support for bolts::cpu::read_time_counter on arm64 (#790)
* Add ability to use virtual dispatch to StagesTuple (#801)
* Add ability to use virtual dispatch to stagesTuple
* Fix lint
* Adding CPSR register for arm qemu (#800)
* trying to add in observer
* writing test
* got up to running with instrumentation but i still need to get the map
* fixing fuzzer code
* adding tinyinst fuzzer
* adding ffi to store all the map data into vec.
* adding some new things
* adding somewhat state of how i would like it should work
* fixing some things
* alot of false positives.
* fixing before adding args
* updated to use FileInput!
* adding build script to pull tinyinst
* fixing git issue
* writing instruction to run how to run tinyinst fuzzer
Co-authored-by: Dongjia Zhang <tokazerkje@outlook.com>
Co-authored-by: Dominik Maier <dmnk@google.com>
Co-authored-by: Phan Thanh Duy <phanthanhduypr@gmail.com>
Co-authored-by: Nicholas Lang <97475577+nicklangsysdig@users.noreply.github.com>
Co-authored-by: David CARLIER <devnexen@gmail.com>
Co-authored-by: syheliel <45957390+syheliel@users.noreply.github.com>
Co-authored-by: syheliel <syheliel@gmail.com>
Co-authored-by: Aiden Hall <AidenRHall@users.noreply.github.com>
Co-authored-by: Sönke <eknoes@users.noreply.github.com>
Co-authored-by: Sirui Mu <msrlancern@gmail.com>
Co-authored-by: Addison Crump <me@addisoncrump.info>
Co-authored-by: Patrick Gersch <gersch.patrick@gmail.com>
Co-authored-by: Teddy Heinen <teddy@heinen.dev>
Co-authored-by: Vincent <space_white@yahoo.com>
Co-authored-by: Andrea Fioraldi <andreafioraldi@gmail.com>
Co-authored-by: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com>
Co-authored-by: Your Name <you@example.com>
Co-authored-by: expend20 <36543551+expend20@users.noreply.github.com>
Co-authored-by: Andrea Fioraldi <andrea.fioraldi@trellix.com>
Co-authored-by: Ben Davis <ben@thebendavis.net>
Co-authored-by: radl97 <radl97@users.noreply.github.com>
* fix
* fmt
* Submodule
* Submodule?
* Tinyinst Update V2 (#905)
* updated to lastest libafl
* going to replace tinyinst to more like jackalope with tinyinstrumentation
* fixing clippy
* keep working on cpp ffi. sad
* updating litecov to tinyinst. also start making our own litecov
* revert to map instead of list. not sure why its not working
* making fuzzer listobserver
* working with listobserver!:
* cleaning up
* adding cargo make run
* updating cargo for tinyinst
* updating readme
* readme, clippy
* fmt
* fmt
* fix
* fix
* docker
* fix
* fmt
Co-authored-by: Dominik Maier <dmnk@google.com>
Co-authored-by: biazo <eric.l.biazo@gmail.com>
Co-authored-by: Phan Thanh Duy <phanthanhduypr@gmail.com>
Co-authored-by: Nicholas Lang <97475577+nicklangsysdig@users.noreply.github.com>
Co-authored-by: David CARLIER <devnexen@gmail.com>
Co-authored-by: syheliel <45957390+syheliel@users.noreply.github.com>
Co-authored-by: syheliel <syheliel@gmail.com>
Co-authored-by: Aiden Hall <AidenRHall@users.noreply.github.com>
Co-authored-by: Sönke <eknoes@users.noreply.github.com>
Co-authored-by: Sirui Mu <msrlancern@gmail.com>
Co-authored-by: Addison Crump <me@addisoncrump.info>
Co-authored-by: Patrick Gersch <gersch.patrick@gmail.com>
Co-authored-by: Teddy Heinen <teddy@heinen.dev>
Co-authored-by: Vincent <space_white@yahoo.com>
Co-authored-by: Andrea Fioraldi <andreafioraldi@gmail.com>
Co-authored-by: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com>
Co-authored-by: Your Name <you@example.com>
Co-authored-by: expend20 <36543551+expend20@users.noreply.github.com>
Co-authored-by: Andrea Fioraldi <andrea.fioraldi@trellix.com>
Co-authored-by: Ben Davis <ben@thebendavis.net>
Co-authored-by: radl97 <radl97@users.noreply.github.com>
Co-authored-by: Dominik Maier <domenukk@gmail.com>
* drop not working
* why drop_in_place works but drop does not
* stop shmem leak
* don't kill -9 fuzzer
* don't put fuzzer background
* no &
* nostd
* fix
* fix
* windows, clippy
* fix
* fmt
* windows
* Handle broker-to-broker connection interruptions more gracefully
Exit gracefully instead of panicking or getting stuck in infinite loops
* Run cargo-fmt
* libafl: ValueObserver, a simple and safe observer of a single value
* libafl: Generalize ValueObserver, don't force it to be a RefCell
There are other types with interior mutability that may be more suitable.
Add a few more methods, too.
* libafl: Use OwnedRef in ValueObserver
The previous version had ValueObserver take ownership, but that doesn't
actually work for working with types with interior mutability: both the
observer and the target need to take immutable references.
* libafl: ValueObserver shouldn't reset the contained value
Otherwise, it is useless for containing a `RefCell`.
* libafl: Add doctests to ValueObserver
* libafl: Fix clippy lints
Co-authored-by: Dominik Maier <domenukk@gmail.com>
* emu::current_cpu() is now kept after vm stop and it is the CPU that hitted the breakpoint
* clippy
* uninit
* clippy
* clippy
* clippy
* clippy
* nightly override in CI
* nightly override in CI
* components
* components
* targets
* targets
* clippy
* clippy
* clippy
* clippy
* clippy (again)
* MaybeUninit
Co-authored-by: Dominik Maier <dmnk@google.com>
* reduce diffexecutor constraints for new (so it may be used in a manager-less environment)
* add differential observers
* finish differential observeration
* requirement for observers (weak), default impl for time observer
* make the map swapper, revisit how differentialobserver is implemented
* semi-specialise multimap, add example
* improve example slightly
* fix clippy lints
* fix last clippy issue
* better docs + example flow
* improve example: correct map sizing + multimap vs split slice
* correct some comments
* fix tests + slight bit more docs
* fix bindings
* fixups for the CI
* typo fix
Co-authored-by: Dominik Maier <domenukk@gmail.com>
Co-authored-by: Dominik Maier <dmnk@google.com>
* fix incorrect assert condition and document it
* update symcc
* adapt to changes in symcc API
* more fixes
* fix formatting
* more fixes
* speed up smoke test by building multiple crates in one command
* update symcc commit to latest main
* make use of clap derive in forkserver_simple
* (re)introduce use_shmem_testcase flag to ForkserverExecutor
* set use_shmem_testcase flag automatically based on forkserver handshake
* remove illegal_state and just .unwrap instead as the None case is unreachable
* fix: removed pub method
* cargo fmt
* remove illegal_state #2 and just .unwrap instead as the None case is unreachable
* change shmem unwrap to unwrap_unchecked
* fix double mut
* removed @@ warning
Previously, the `CommandExecutor` attempted to decode its child
process's stdout and stderr as UTF-8 `String`s. This could fail
if the output was not UTF-8. However, the `Std{Out,Err}Observer`s
should probably be able to be used in such a situation - Consider
fuzzing `echo` with a random `BytesInput`.
The fix is to not decode the output, but rather directly store and
provide the bytes of stdout/stderr in the observers.
* add custom monitor prometheus as a baseline to build functionality
* working server, set up function to update metrics in the registry
* for a test
* metrics for corpus count, objective count, executions, execution rate are intermittently updated and exposed on /metrics
* add runtime metric, clean up some comments
* IP:PORT as argument instead of hardcoded
* add client # as label attached to fuzzer metrics for filtering by client. add clients_count as a tracked metric
* added support for custom metrics added to client_stats via feedbacks, such as edges count. cleaned up code
* cargo fmt
* clean up prometheus.rs
* ran autofix and fmt scripts, and put optional dependencies behind prometheus_monitor feature
Co-authored-by: Dominik Maier <domenukk@gmail.com>
* sort of fix core affinity on mac arm64
we can t pin to a coreid however we can at least choose the performance
cores for our thread.
* using other cores as well
* Fix CI yml (#871)
* Fix CI again (#872)
* Fix CI yml
* Fix CI
* Add dump_register/write_crash for freebsd arm64 (#870)
Co-authored-by: Dominik Maier <domenukk@gmail.com>
* Remove QEMU-Nyx & packer submodules
Co-authored-by: Dominik Maier <domenukk@gmail.com>
Co-authored-by: Dongjia "toka" Zhang <tokazerkje@outlook.com>
* Associated types for Corpus, State
* cleanup
* fix no_std
* drop unused clauses
* Corpus
* cleanup
* adding things
* fixed fuzzer
* remove phantom data
* python
* progress?
* more more
* oof
* wow it builds?
* python fixes, tests
* fix python fun
* black fmt for python
* clippy, added Nop things
* fixes
* fix merge
* make it compile (#836)
* doc-test fixes, prelude-b-gone for cargo-hack compat
* fixes for windows, concolic
* really fix windows, maybe
* imagine using windows
* ...
* elide I generic when used with S: State
* Elide many, many generics, but at what cost?
* progress on push
* Constraint HasCorpus, HasSolutions at trait definition
* remove unused feature
* remove unstable usage since we constrained HasCorpus at definition
* compiled, but still no type inference for MaxMapFeedback
* cleanup inprocess
* resolve some std conflicts
* simplify map
* undo unnecessary cfg specification
* fix breaking test case for CI on no-std
* fix concolic build failures
* fix macos build
* fixes for windows build
* timeout fixes for windows build
* fix pybindings issues
* fixup qemu
* fix outstanding local build issues
* maybe fix windows inprocess
* doc fixes
* unbridled fury
* de-associate State from Feedback, replace with generic as AT inference is not sufficient to derive specialisation for MapFeedback
* merge update
* refactor + speed up fuzzer builds by sharing build work
* cleanup lingering compiler errors
* lol missed one
* revert QEMU-Nyx change, not sure how I did that
* move HasInput to inputs
* HasInput => KnowsInput
* update bounds to enforce via associated types
* disentangle observers with fuzzer
* revert --target; update some fuzzers to match new API
* resolve outstanding fuzzer build blockers (that I can run on my system)
* fixes for non-linux unixes
* fix for windows
* Knows => Uses, final fixes for windows
* <guttural screaming>
* fixes for concolic
* loosen bound for frida executor so windows builds correctly
* cleanup generics for eventmanager/eventprocessor to drop observers requirement
* improve inference over fuzz_one and friends
* update migration notes
* fixes for python bindings
* fixes for generic counts in event managers
* finish migration notes
* post-merge fix
Co-authored-by: Addison Crump <addison.crump@cispa.de>
* DifferentialExecutor for CommandExecutor along with StdIO observer
* format
* fix CI issues
* fix format and unit test
* fix documentation
* allow three structs and doc only for linux
* resolve documentation test failure
* minor
* running fmt_all.sh
* into_executor() takes 4 params, not just 1
Co-authored-by: Dominik Maier <domenukk@gmail.com>
* token mutations: set MutationResult for CmpValues::Bytes
I haven't measured this and am not even sure if CmpValues::Bytes is
currently populated by any executor, but this seems like an oversight.
* replace dead zlib-1.2.12.tar.gz URL
See https://zlib.net/fossils/OBSOLETE
* autofix
* you're just asking for a clamping
* autofmt on linux
* fix nits
* change back nit
* unfixing as u64 for GuestAddr
* fix
* ignoring clippy for GuestAddress
* First working attempt
* formatting issues
* Safety comment
* got rid of mutex
* Pass gum as a parameter
* removed debug println
* Review comments
* review: switched back to panic
