alwin.berger/FRET-LibAFL
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
2,837 Commits 19 Branches 28 Tags
Commit Graph

228 Commits

Author SHA1 Message Date
Dominik Maier
6810e6085b
Builder for CommandExecutor & Tokens Refactoring (#508) 
* builder for CommandExecutor

* tokens api cleanup, clippy

* fix doctest

* cleanup

* added testcase, remodelled

* command executor builder fix

* fix fuzzer(?)

* implemented From for configurator

* nits

* clippy

* unused

* autotokens

* cleanup

* nits

* Err instead of empty tokens

* fix tokens fn

* fix err

* more error fixing

* tokens remodelling

* typo

* recoverable fail on missing autotokens

* clippy, nostd

* asslice, into_iter, etc. for tokens

* adapt fuzzers

* iter

* fixes, clippy

* fix

* more clippy

* no_std

* more fix

* fixed typo

* cmd_executor builds again

* bring back ASAN stuff to Command Executor

* forkserver speedup

* no need to static

* back to earlier
 2022-02-01 10:10:47 +01:00
Youssef
e307dfb16f
Implement backtrace observers for crash dedupe (#379) 
* create stacktrace observer

* create stacktrace feedback

* post-merge fixes

* address comments

* update Cargo.toml

* fix CI issue + dynamic naming

* duplicate baby_fizzer

* update stacktrace baby_fuzzer

* force unwinding tables

* ignore test dumps

* fix stacktrace baby_fuzzer logic

* upgrade Backtrace version

* trigger observers.post_exec in crash_handler

* implement NewHashFeedbackState and update logic

* digest symbols pointers

* cleanup

* minimal output

* fix backdated EventFirer generic param

* add baby_fuzzer example with a fork executor

* duplicate baby_fuzzer_stacktrace with forkexecutor

* backtrace collection implemented

* add c app fuzzer example with a fork executor

* group backtrace baby fuzzers

* added c code baby fuzzer with inprocess executor

* remove need for static COLLECT_BACKTRACE

* moved code to stacktrace.rs + fixed bug

* add comment

* add command executor fuzzer example

* post merge cleanup

* add missing doc

* address comment

* fix nit

* clean duplicate variable in timeout handler

* fix command executor bt collection

* clean code and use StdShMem

* cleanup

* add ObserverWithHashField + rename StacktraceObserver

* rename + refactor some code

* add CommandBacktraceObserver

* update command executor

* update baby fuzzers

* simplify BacktraceSharedMemoryWrapper

* use better names + static methods

* use std feature macro on BacktraceObserver + fix bug

* use Box in HashValueWrapper to minimize variants size diff

* use copy_from_slice

* std conditional backtrace collection

* fix std import

* fix comment

* add exit_kind to observer.post_exec

* added hash trait to Input

* collect backtrace in post_exec

* add crash handlers to InProcessForkExecutor

* fix panic message

* duplicate forkserver fuzzer example

minimal example

update

* proto bt collection working

* rename CommandBacktraceExecutor to ASANBacktraceExecutor

* refactor ASANBacktraceObserver

* support for forkserver working

* update fuzzer example

* less verbosity

* Post merge fixes

* implement hash for GeneralizedInput

* update forkserver example after merge

* clippy fixes

* fix inproc test

* fixes for cargo hack --feature-powerset

* fix baby_no_std

* implement Hash for NautilusInput

* update fork executor baby fuzzer

* fix doc

* implement Hash for PacketData

* fix windows build

* fix windows no_std

* fix backtrace baby fuzzers README

* add comments

* move setup_bt_panic to constructor

* pre/post child exec hooks in Observer

* setup_child_panic_hook

* fix ObserversOwnedMap on nightly

* add backtrace fuzzers to CI checks

* fix typo

* fix relative paths in test_all_fuzzers.sh

Co-authored-by: Andrea Fioraldi <andreafioraldi@gmail.com>
 2022-01-31 15:58:15 +01:00
Andrea Fioraldi
408431ba5c
Fix libafl import features in libafl_targets (#495) 
* fix

* fix
 2022-01-26 22:29:25 +01:00
Dongjia Zhang
62614ce101
LLVM AutoTokens (#470) 
* posix dict2file llvm pass

* new PM

* working

* clean up

* fmt

* fix

* silence clippy

* bring the println back

* early return

* rename

* weak symbols

* linux onky

* fuzzbench change

* only linux

* linux only

* cfg

* cfg

* fix

* fix

* fix

* why

* fix

* bug fix

* rename

* rename

* macros & rename

* add_from_autotokens

* fix fuzzbench

* std -> core

* builder pattern?

* clippy

* wrong cfg

* cfgstd

* fuzzbench fmt

* no unsafe

* update fuzzbench_text

* use TokenSectiopn

Co-authored-by: Andrea Fioraldi <andreafioraldi@gmail.com>
 2022-01-26 19:23:04 +01:00
Dominik Maier
77e5965e97
Add AsSlice, AsMutSlice traits, refactor MapObservers to be iterable, and have associated types (#477) 
* from warning

* fix latest clippy

* clippy fixes++

* renamed shmem parameters

* renamed map to shmem

* make forkserver executor work for any (non-system) shmem

* Mem -> ShMem

* rework windows

* fix nit

* fix symbolic

* refacctor map observers

* iterator for map observers

* removed unused ownedptr, added asslice trait to most functions

* make map entry type an associated type

* fix fuzzers

* fix docs

* typo fix

* fix windows, add try_from_slice to shmid

* missing import

* fix fuzzbench

* cleanup

* fmt

* more asslice

* fmt

* added doc link about token-level fuzzing

* cods
 2022-01-19 00:02:33 +01:00
Dominik Maier
2dd88998bd
Clippy fixes for latest toolchain (#471) 
* from warning

* fix latest clippy

* clippy fixes++

* more nits
 2022-01-17 11:02:42 +01:00
Andrea Fioraldi
bca1f392a7
Bump to 0.7.1 (#465) 
* bump to 0.7.1

* bump libafl_qemu
 2022-01-13 11:32:57 +01:00
Dominik Maier
30eb1508de
Add OwnedSlice::RefRaw to keep track of raw pointers (#448) 
* add OwnedSlice::RefRaw to keep track of raw pointers

* clippy

* fmt

* new from ownedref

* clippy

* OwnedSliceInner

* fix,From

* as_slice()

* fmt

* fix doc

* OwnedSliceMut

* fixes

* clippy

* fix

* ownedmut -> owned

* to owned

* to_owned -> clone

* removed comment

Co-authored-by: tokatoka <tokazerkje@outlook.com>
 2022-01-05 01:15:23 +01:00
Dominik Maier
a1a6d5f478
Disable pita 🥙 compiler in debug mode (#454) 2022-01-04 16:20:52 +01:00
Dominik Maier
af3d321213
Derive debug for all structs in LibAFL (#442) 
* documentation, warnings

* fixed docs

* docs

* no_std

* test

* windows

* nautilus docs

* more fixes

* more docs

* nits

* windows clippy

* docs, windows

* nits

* debug all the things

* derive debug for all core library components

* Docu for libafl_targets

* nits

* reordered generics

* add docs to frida, debug

* nits

* fixes

* more docu for frida, nits

* more docu

* more docu

* Sugar docs

* debug for qemu

* more debug

* import debug

* fmt

* debug

* anyap_debug feature no longer needed

* tidy up unused fn

* indicate if we left out values for struct debug

* implement Debug for sugar

* debug allthethings

* ci
 2022-01-03 00:47:17 +01:00
Dominik Maier
efc804fe7d
Updated dependencies (#443) 
* updated dependencies

* updated info in toml

* Windows fixes

* fixed immport

* u32 -> i32

* ignore i32 overflows in constants

* removed unused double allow
 2022-01-02 17:52:44 +01:00
Dominik Maier
6b5181250c
Drcov remodelling (#415) 
* drcov remodelling

* fmt

* fix

Co-authored-by: tokatoka <tokazerkje@outlook.com>
 2021-12-23 17:13:18 +01:00
Andrea Fioraldi
37b8cb0d2f Bump to 0.7 2021-12-01 17:22:09 +01:00
Andrea Fioraldi
2fb1c3520a
More LLVM passes from AFL++ (#394) 
* afl coverage pass

* working ctx coverage

* MAYBE_THREAD_LOCAL

* doh

* fix for msvc

* ci

* clippy

* atheris

* thread_local
 2021-12-01 13:27:39 +01:00
Andrea Fioraldi
b4e15fe9f3
Bridge grammartec from Nautilus to libafl (#342) 
* nautilus dep

* nautilus generation

* fix mutator

* start new mutator for nautilus

* other mutators

* baby

* ci

* NautilusFeedback

* fix unparse

* ci

* ci

* ci

* ci

* nigghtly clippy

* ci

* fix

* ci

* ci

* update construct automatata

* fix

* ci

* clippy

* clippy

* nightly clippy

* more clippy

* minor clippy

Co-authored-by: Dominik Maier <domenukk@gmail.com>
 2021-11-06 02:21:53 +01:00
Andrea Fioraldi
28c5e59fb2 Fix Rust 2021 clippy 2021-11-04 10:55:54 +01:00
Andrea Fioraldi
eca605bf01
MultiMapObserver and sancov 8bit-counters instrumentation (#343) 
* MultiMapObserver and 8bit instrumentation

* fix test

* clippy

* fix

* fix tutorial

* sancov_8bit targets feature
 2021-11-04 10:08:50 +01:00
Jordan McLeod
3d436b7519
Upgrade to Rust 2021 Edition (#340) 
* Enable missing const_xxh3 feature

* Move to Rust 2021 Edition

* Fix clippy complaints

* Remove imports made unecessary in 2021 edition
 2021-11-04 09:59:49 +01:00
Andrea Fioraldi
05aeb677cf
Fix default UBSan options and avoid timeouts in crash handler (#304) 
* exit

* ignore timeouts outside the targets

* do not store timeouts

* block sigalarm in handlers

* __ubsan_default_options
 2021-09-29 09:28:55 +02:00
Dominik Maier
9d669bbc63
Fixed CI by ignoring python, resolved multiple warnings (#303) 
* fixing ci

* ignoring dev deps

* fmt

* trying to fix dockerfile

* fix cargo build

* can't build sancov edges and hitcounts together

* fixed warnings

* fixed more warnings
 2021-09-28 01:56:07 +02:00
Andrea Fioraldi
a0cdaf71ff Fix not NUL-terminated argv in libfuzzer_initialize 2021-09-27 17:48:06 +02:00
Andrea Fioraldi
54ac57b6f7 Default ASan options from AFL++ in libafl_targets 2021-09-27 15:24:35 +02:00
Dominik Maier
3db1765537 cleanup 2021-08-26 19:25:48 +02:00
Andrea Fioraldi
951b6fef36 Bump 0.6.1 2021-08-23 10:01:22 +02:00
julihoh
dcf107a30a
symcc_runtime dependency fix for next libafl version & bump to 0.6.0 (#268) 
* symcc_runtime dependency fix for next libafl version

* bump to 0.6.0

Co-authored-by: Andrea Fioraldi <andreafioraldi@gmail.com>
 2021-08-18 10:57:55 +02:00
Andrea Fioraldi
83f413f8b1 Default weak fns impl on MSVC 2021-08-18 10:45:50 +02:00
Andrea Fioraldi
cc52e20256 Weak libafl_main in libfuzzer_compatibility.c 2021-08-18 10:36:54 +02:00
Toka
7f4e341741
inprocessfork executor (#237) 
* inprocessfork executor

* fmt

* cfg

* no_std

* no volatile rw

* wrapping_add

* fix

* mutable pointer

* ptr initialization in __sanitizer_cov_trace_pc_guard_init

* features

* more cfg

* fmt

* fix

* fmt

* post_fork

* fmt

* pre_fork

* test

* cfg
 2021-08-07 12:09:54 +02:00
Andrea Fioraldi
42b7c6d7e7
Qemu CmpLog (#223) 
* empty libafl_qemu crate

* fuzzbench qemu fuzzer skeleton

* emu.run() works without bp

* working emu loop

* resolve elf symbols

* running Qemu fuzzer without coverage

* qemu fuzzer with edge coverage

* merge into inprocess::GLOBAL_STATE

* create QemuExecutor and remove QemuEmulator

* qemu hooks and persist edges mapping storing them in State

* windows fix

* add libafl_qemu to workspace

* windows fix

* some clippy

* clippy

* fix fuzzbench_qemu

* fix fuzzbench_qemu makefile

* fuck you macos

* resolve PIC symbols

* cmp hooks

* cmplog hooks

* qemu cmplog

* clippy
 2021-07-13 16:02:53 +02:00
Andrea Fioraldi
a1fc2a5453 Bump to 0.5.0 2021-07-05 14:12:40 +02:00
Andrea Fioraldi
5b76c22ea7
Cmplog routines mutator (#204) 
* save

* routines in meta

* execute passes

* fix cmplog rtn pass

* clippy
 2021-07-05 09:54:44 +02:00
Toka
b3c52a4ad6
Test fuzzers (#187) 
* build_all_fuzzer.shj

* run.sh

* output log

* ENABLE_SHARED off

* libc6-dev

* echo

* no need to cargo build twice

* replaced realpath (not available on macos) with /Users/domenukk/tmp/libaflrs/fuzzers/libfuzzer_libpng_launcher

* replaced PWD with pwd

* trying to get llvm-config working

* more sudo?

* slash

* trying to get all deps

* more info

* delete apt install from build_all_fuzzers.sh

* correct libfuzzer_libpng makefile

* fix build for libfuzzer_libpng

* fix other makefiles

* nproc not supported on macos

* no run.sh, use make short_test

* enable_shared=false

* just Linux

* fix

* forkserver makefile

* fix

* stb_image Makefile

Co-authored-by: Dominik Maier <domenukk@gmail.com>
Co-authored-by: Andrea Fioraldi <andreafioraldi@gmail.com>
 2021-07-02 15:35:41 +02:00
Andrea Fioraldi
f0743cbb17
remove serde bounds for Observer (#202) 2021-07-02 15:07:51 +02:00
Andrea Fioraldi
44f6e4c389
Improve introspection (#200) 
* remove NUM_FEEDBACKS

* working introspection

* adust introspection stats

* bugfixes, clippy

* removed outdated define

* more clippy;

* no_std

Co-authored-by: Dominik Maier <domenukk@gmail.com>
 2021-07-02 10:58:36 +02:00
Dominik Maier
5a4e5b0a93
MacOS Build (#197) 
* macos build

* more fix

* fixed clang pass build

* fixes for libfuzzer link

* more explanation links
 2021-06-30 21:20:24 +02:00
Dominik Maier
e479b4fa24 macos fixes 2021-06-28 16:18:17 +02:00
Andrea Fioraldi
8056cbe5cb Weak main to link non-fuzzing targets 2021-06-28 11:41:04 +02:00
Andrea Fioraldi
5b54f0f068
Llvm passes (#185) 
* enable llvm passes in libafl_cc

* cmplog rtn pass in fuzzbench fuzzer

* improve libafl_cc

* silence fuzzbench compiler wrapper

* instrumentation and runtime for rtn cmplog

* fix test

* fix test

* fuck clippy

* remove anon union in CmpLogMap

* windows.h

* remove libafl_targets_cmplog_wrapper

* no inline linking

* adapt fuzzers/
 2021-06-23 09:38:15 +02:00
Andrea Fioraldi
bdb5efbf5b
Configurations (#162) 
* print sender id

* storing sender id to env

* executor in llmp handle_in_client

* compile the lib

* compiling generic_inmemory

* fix forkserver

* adapt from fuzzers

* instrospection fix

* exitkind in NewTestcase

* fix libafl_frida

* fix firda_libpng

* send conf with Newtestcase event

* bump to 0.4.0

* no_std fix

* fmt

* fix libfuzzer_libmozjpeg

Co-authored-by: Dominik Maier <domenukk@gmail.com>
 2021-06-22 15:04:14 +02:00
Andrea Fioraldi
6c926c4841 Clippy go brrr 2021-06-18 10:02:44 +02:00
Andrea Fioraldi
2fd8039f69 Fix max edges num count in pcguard 2021-06-17 16:56:35 +02:00
Andrea Fioraldi
5d49933a23 Fix libafl_targets 2021-06-17 10:55:12 +02:00
Andrea Fioraldi
1ea8442478 Set maps size at compile time with env vars 2021-06-17 10:36:27 +02:00
Andrea Fioraldi
d976b02609 Solve perf problem on CmpLog map reset 2021-06-16 18:59:15 +02:00
Andrea Fioraldi
2b0976132a
Generic Inmemory Fuzzer (#166) 
* generic inmemory fuzzer

* Link whole archive

* fmt
 2021-06-14 10:26:10 +02:00
OB
7abd7c8162
Cmplog instrumentation for Frida (#99) 
* libafl_targets: refactor sancov trace-pc

* cmp observer

* libaf_targets: new structure to isolate sancov

* fix C warning

* combined executor

* cmp observer and feedback

* I2SRandReplace mutator

* impl CmpMap for CmpLogMap in libafl_targets

* cmplog observer

* clippy

* TracingStage

* working random cmplog mutations

* enable cmplog for libfuzzer_stb_image

* re-enable new testcase stats print

* fix update stats display

* bump 0.3.1

* clippy

* clippy

* no clippy for fuzzers/

* fix

* add cmplog runtime instrumentation

* test cmplog against value profile feature

* fix compile error

* add target arch aarch64 for is_interesting_cmplog_instruction

* add cfg target aarch64 on cmplog related code within stalker loop

* revert changes in cargo.toml

* align code with 'main' branch

* revert accidently changed Cargo.toml file

* update cmplog runtime code to work with the cmplog backend implementation

* change magic to 8 bytes

* cmplog runs with observer- no crashes

* clippy fixes

* add cmplog_runtime as feature

* set cmplog command-line argument to false by default

* setup cmplog observer and mutator correctly

* decrease emitted code opcode count

* add cmplog testing to the harness

* get rid of irrelevant changes and unused code, add comments, change
feature name to "cmplog"

* get rid of some unessecery whitespaces and new lines

* fix clippy errors

Co-authored-by: Andrea Fioraldi <andreafioraldi@gmail.com>
Co-authored-by: Dominik Maier <domenukk@gmail.com>
Co-authored-by: Omree <you@example.com>
 2021-06-09 14:11:43 +02:00
Andrea Fioraldi
cd9be5b33b Merge branch 'main' of github.com:AFLplusplus/LibAFL into main 2021-06-08 09:54:08 +02:00
Andrea Fioraldi
397a43c5d3 update build.rs for libafl_targets 2021-06-08 09:53:58 +02:00
Dominik Maier
36b823548a
nightly clippy fixes (#155) 
* nightly clippy fixes

* more niglty clippy fixes

* added Safety section

* no_std fixes

* final fixes
 2021-06-07 12:30:56 +02:00
Dominik Maier
3b2ee4bb70
Added MacOS CI (#131) 
* added macos ci

* running tests on macos

* some macos fixes

* fmt

* some must_use infos

* trying' to fix MacOs testcases

* no main in test

* fixed MacOS testcases

* tried to fix build errors

* unified shmem_limits

* Revert "unified shmem_limits"

This reverts commit 8c6bb8d6a2cec71d72bb181b5b491737a771298e.

* hopefully fixed macos testcase

* removed unneeded values
 2021-06-07 01:24:41 +02:00