* libafl_qemu: Add RISCV support
Adds the following targets (as features):
- riscv32
- riscv64
Added `RISCVCPU` and `CPURISCVState` to the bindings allow list.
Added riscv.rs to the arch module, with all necessary functions and
registers implemented and mapped.
The registers are the same as the ones found in qemus gdbstub xml found
after a build.
Additionally we added all syscall numbers for riscv 64 bit (already
supported by the `syscall_numbers` crate) and also added the missing
ones for riscv 32 bit. We compared both lists and their differences /
equalities with a simple python script and generated a list of the
missing ones, to be complete.
We might PR those to the `syscall_numbers` crate later on.
---------
Co-authored-by: Romain Malmain <romain.malmain@pm.me>
* centralize clippy definition
* fmt
* add update bindings script
* add a checked and unchecked version of memory read to qemu stuff
also, a lot of clippy thing
* update binding position
* rm old script, new one is a bit better
* update doc
* macos clippy
* adapt fuzzers
* windows clippy
* fix fuzzer
* windows clippy
* remove old allowed clippy
* remove some allowed clippy
* use default features for serde_json in gramatron
* better error handler for failed rw to memory
* change fuzzbench_qemu
* real test
* fix qemu crash hook
* update bindings
* fix fork executor, reduce trait bound overhead
* make EdgeModule depend on observer to get ptrs.
* do not make EdgeCoverageModule::new public
* map observer as builder call
* adapt examples with new edge coverage module builder.
* TMP: everyone is a variable length map observer
* reuse profile path script
* fix absolute paths
* remove some dependencies to make pipeline faster
* compile-time builder initialization check
---------
Co-authored-by: Romain Malmain <romain.malmain@pm.me>
* versioning unification: use x.y.z format everywhere
* do not compile low-level logs (< info level) by default in fuzzers
* update dependencies to the latest versions
* add members to workspace.
* use workspace for common dependencies
* add vscode native support
---------
Co-authored-by: Toka <tokazerkje@outlook.com>
* Mark unsafe functions unsafe, as Ferris inteded
* More
* more safety?
* more fix
* actually safe
* More cleanup
* More fix
* more unsafe
* fix imports
* more unsafe
* fixes
* bring back the memories
* linux kernel (x509_cert) and process fuzzing example
* rework filters
* update to latest qemu
* working for process and kernel fuzzing
* new i2s mutator for binary only fuzzers
* refactoring modules with new filtering interface
* add state as parameter of harness
* hide unused global in usermode
* Script for stub bindings generation
* do not try to check whether it is worth generating the bindings, always
generate when the env variable is on.
* add taplo to fmt_all.sh
* Moved fuzzers (again) in a target-centric way.
* fix rust 2024 warnings.
* new libafl_qemu harness structure.
* rename qemu_systemmode into qemu_baremetal
* fix qemu baremetal makefile
* fix formatter
---------
Co-authored-by: Toka <tokazerkje@outlook.com>
* Better documentation headers (clippy)
* more doc
* more fixes
* Even more
* more
* even more
* concrete
* fmt
* even more more
* tiny typo
* more
* more
* More
* more
* more docs?
* more docs
* Add a custom typed builder for Emulator
* Unify qemu_init for usermode and systemmode
* Remove env from qemu init args (it is unused in QEMU in practice)
* expose thread hooks to systemmode
* rename qemu_config to config
* Replace ExitHandler by EmulatorDriver
* Reorder generics alphabetically for Qemu{,Fork}Executor
* Moved snapshot manager to Emulator to continue centralizing mains objects in the same structure
* Reimplementation of CommandManager working with enums instead of tables
* Macro has been adapted to do this work automatically
* Moved snapshot stuff to dedicated module
* Removed many Rc<RefCell<...>>, now useless with the removal of vtables
* Builder given by Emulator via `Emulator::builder`. Reduced trait bound overhead
* Remove stateless qemu executor
* All harnesses take a reference to an emulator as parameter now
* harness takes an emulator as first parameter, and input as second parameter (opposite of previous definition)
* bump libafl qemu dependencies to the latest version
* Update LibAFL QEMU to the latest version (V9.0.2 update, important bug fixes, ... - check the dedicated repo for more info)
* fix bug in hook execution, causing first execution hooks to be run multiple times.
* Helper is now called Module.
* Emulator now contains hooks state.
* Emulator is managed by QemuExecutor.
* QEMU hooks have been completely refactored on the rust side.
* Generics cleanup.
* Fix publish errors
* publish.sh
* remove include_str readme in libafl_qemu
* execute libafl_qemu_build::maybe_generate_stub_bindings() only if in cargo doc
* try this thing
* this?
* use new mmap signature in nix.
* fix import
* fix to work with addr2line v0.23.
* remove unused flag
* update strum also for dependency...
* clippy
* clippy
* update lain git hash
* bump many outdated crates
* fix hash
* QEMU generic memory iterator + Refactoring
* Generic Memory Iterator (systemmode only for now): It is now possible to iterator over memory ranges, independently of the address kind
* Refactoring or Emulator / Qemu structures: they are now handled separately in different files
* Refactoring of Exit Handlers: Result / Error structs have been clarified
* Simple handler for signals
* add new `check-cfg` calls for libafl qemu
* run qemu fuzzers (qemu_systemmode only for now) in self-hosted runners
* Remove qemu-related fuzzers to general fuzzers
* fix
* Install dependencies before anything else
* Do not use sudo
* Install sudo
* Revert "Install dependencies before anything else"
This reverts commit 107addad5d9f68dec5a9af50831112cd72c28f4d.
* added qemu specific prerequisites
* add -y flag
* Format with nightly
* Do not use nightly only.
Install fmt and clippy for stable as well.
* Install qemu-img for qemu
* fix qemu-img install
* apt update
* Changed timeout.
* Fix qemu_systemmode test
* fmt
* clippy + decorrelate build and run for qemu_systemmode.
* fix fuzzer
* clippy
* add sqlite3-dev to package prerequisites.
* add arm-none-eabi-gcc
* fix profile dir
* fix condition.
* Run less QEMU stuff faster
---------
Co-authored-by: Toka <tokazerkje@outlook.com>
* LibAFL QEMU can now be dynamically linked
* LibAFL QEMU reconfiguration happens less frequently (now using a signature check)
* Possibility to have custom rpath in QEMU
* fix(libafl_qemu_build): assert command success
* fix(libafl_qemu_build): make sure linker_interceptor.py picks up correct compiler
Currently linker_interceptor.py uses 'cc' as the __LIBAFL_QEMU_BUILD_CC environment variable is never set
* remove redudant arg
