* Rework to put `ClientPerfStats` in `State` and pass that along. Still need to work on getting granular information from `Feedback` and `Observer`
* Add perf_stats feature to libafl/Cargo.toml
* Update feedbacks to have with_perf
* Remove unneeeded print statement
* cargo fmt all the things
* use local llvmint vs cpu specific asm for reading cycle counter
* Remove debug testing code
* Stats timeout to 3 seconds
* Inline smallish functions for ClientPerfStats
* Remove .libs/llvmint and have the correct conditional compilation of link_llvm_intrinsics on the perf_stats feature
* pub(crate) the NUM_FEEDBACK and NUM_STAGES consts
* Tcp Broker to Broker Communication (#66)
* initial b2b implementation
* no_std and clippy fixes
* b2b testcase added
* more correct testcases
* fixed b2b
* typo
* fixed unused warning
* clippy fixes
* fallback to systemtime on non-x86
* make clippy more strict
* small fixes
* bump 0.2.1
* readme
Co-authored-by: ctfhacker <cld251@gmail.com>
Co-authored-by: Dominik Maier <domenukk@gmail.com>
* more docs
* more docs:
* more docu
* more docu
* finished docs
* cleaned up markup
* must_use tags added
* more docs
* swapped if/else, as per clippy
* more docu, less clippy
* more fixes
* more docs
* more docs:
* more docu
* more docu
* finished docs
* cleaned up markup
* must_use tags added
* more docs
* more docu, less clippy
* more fixes
* introduce MatchName and alow lifetimes in observers
* adapt fuzzers to observers with lifetime
* introduce type_eq when on nightly
* fix no_std
* fmt
* frida_asan: Implemented initial asan runtime library
* frida_asan: Switch to hashbrown
* Implemented GOT-based hooking to isolate the hooking of the memory functions. Implemented initial ASAN instrumentation
* WIP: Shadowing all used memory. Currently tracking pages using a BTreeSet. Slow AF!
* Add SigTrap to unix_signals and inprocess
* Working frida-asan, almost no speed degradation.
Currently the shadow check is reversed, so it checks only that the shadow is not 0.
We need to implement sub-8-byte checking.
* Format
* Cleanup and formatting
* Sub-qword and 16-byte checks implemented; Fixed unaligned access to QWORD
* Pass the ucontext_t to signal handlers. Initial regdump on crash
* Fix typo
* Make the context argument a mut ref
* Add missing files; Implement initial reporting
* Refactor out gothook; Move safety checkers to dynasm
* Get rid of const assembly blobs no longer needed
* Move to a handler function instead of using SIGTRAP.
This bloats the transformed code, but doesn't seem to have a major impact on performance.
Also, implemented pretty backtraces and assembly output.
* Formatting
* Get rid of all the pinning crap I wasted my day on, We don't need it
* windows fixes
* ashmem
* ashmem_service: server side ready
* ashmem_service: client side ready. Ready for integration
* ashmem_service: changes to UnixShMem to make it 'threadable'
* ashmem_service: format
* ashmem_service: Undo changes to UnixShMem, make the thread own the AshmemService instead; Fix protocol bug
* ashmem_service: working ashmem service. Fix merge issues
* use the newly released capston e 0.8.0; Fix a nasty bug where the afl_area an pc_pointer were reversed. Changed Vectors to Boxed [u8]
* Implement type detection for reporting; Implement double-free/unallocated free checking
* fmt
* Cleanup code a little
* frida-asan: This is an omnibus commit. Should probably have been a bunch of small commits, but I don't have the time/patience.
- Implemented DrCov support in order to debug a failing harness. This is actually
generic and should be moved out of libafl_frida.
- Implemented LIBAFL_FRIDA_OPTIONS env var to pass options to the frida helper,
to dynamically enable/disable asan and drcov.
- Implemented memory reuse - after each test case the used pages are recycled and
can be reused in the next test case.
- Implemented and tested vectorized instruction instrumentation.
- Implemented not instrumenting atomic load/store instructions. The cost of
trying to emulate their behaviour is too high at the moment.
- Implemented probing of shadow bit to determine the best match for the current
system.
- Implemented shadow memory pre-mapping where it is available. We probe for this
too.
- Implemented ability to specify a list of modules to instrument on the command
line. This allows fine-grained control of which modules are instrumented for
coverage/asan/drcov.
- Implemented unpoisoning of the Input target_bytes in a pre_exec hook.
- Added support for zero-sized allocations. We return 0x10 bytes at the moment.
- Added all known operator new/delete functions to hooks.
- Added workaround for frida_gum_allocate_near bug.
- Cleaned up reporting, added reporting for different error types.
* frida-asan: Implement leak detection
* Fix merge issues
* Rebased on dev to get llmp/shmem changes; Clippy fixes
* Add FridaOptions struct
* Add the Custom ExitKind; Get rid of Clone/PartialEq on ExitKind
* Make it possible to recover from an ASAN error
* Add SIGTRAP to crashing signals
* Add back (conditional) crashing on Asan errors.
* Fix too-large immediates in add instruction
* Implement RcShMemProvider, finally fix the EOP bug
* Clear ASAN_ERRORS before each test
* Fix warnings; Fix review issues
* Cleanup prints
* Add timeout to Frida mode
* Make allocation-/free-site backtraces optional
* CPU Context and backtrace (on android/aarch64 atm) on crash
* Make stalker conditional
* Add metadata to solution, and write metadata files
* Add addresses to backtrace; Add reporting of ASAN stack errors; Fix ASAN reporting bugs
* Remove meaningless backtrace on crash
* Fix the x0, x1 load in report
* use upstream color-backtrace
* use __builtin_thread_pointer instead of custom asm
* Don't unwrap ASAN_ERRORS if it isn't some
* Fix bug where we weren't clearing the drcov basicblocks after each run
* Fix bug where we were dropping an ashmem too soon
* Fix OwnedPtr instead of CPtr
* Fix gettls for all archs
* cfg guards for target arch, disabling Frida-ASAN/-DrCov if not on aarch64
* Cargo fmt
* Only panic in options when asan/drcov are turned on; Merge fixes
* gothook only supported on unix
* Fix gettls on msvc
* Another attempt to fix MSVC gettls
* Fix backtrace use
* nostd fixes; warning fixes
* formatting
* Migrate FridaEdgeCoverageHelper into libafl_frida, and rename to FridaInstrumentationHelper
* Clean up uses
* Move DrCovWriter to libafl_targets
* Refactor DrCovWriter to get a vec of DrCovBasicBlocks; formatting
* Update to newer backtrace which supports android with gimli
* windows fixes
Co-authored-by: Dominik Maier <domenukk@gmail.com>
Co-authored-by: andreafioraldi <andreafioraldi@gmail.com>
