* update pyo3 to latest version
* add python bindings to workspace
* make pyo3 stuff dependent of workspace again
* adapt implementation for the newest version of pyo3
* Replace addr_of with &raw across the codebase
* fix fixes
* more fix
* undo clang fmt?
* oops
* fix?
* allocator fix
* more fix
* more more
* more docs
* more fix
* mas mas mas
* hm
* more
* fix Frida
* needed
* more error
* qemu
* libafl_qemu: Add RISCV support
Adds the following targets (as features):
- riscv32
- riscv64
Added `RISCVCPU` and `CPURISCVState` to the bindings allow list.
Added riscv.rs to the arch module, with all necessary functions and
registers implemented and mapped.
The registers are the same as the ones found in qemus gdbstub xml found
after a build.
Additionally we added all syscall numbers for riscv 64 bit (already
supported by the `syscall_numbers` crate) and also added the missing
ones for riscv 32 bit. We compared both lists and their differences /
equalities with a simple python script and generated a list of the
missing ones, to be complete.
We might PR those to the `syscall_numbers` crate later on.
---------
Co-authored-by: Romain Malmain <romain.malmain@pm.me>
* add python grammar loader for Nautilus
* fmt
* fmt toml
* add python to macos CI deps
* install python
* fmt
* ci
* clippy
* fix workflow
* fmt
* fix baby nautilus
* fix nautilus sync
* fmt
* fmt
* clippy
* typo
* fix miri
* remove pyo3 from workspace to packages which need it and make it optional
* go back to AsRef<Path> for nautilus grammar loading
* replace hardcoded python flags for macos build
* typo
* taplo fmt
* revert formatting of libafl_qemu_arch
* ci
* typo
* remove expects in NautilusContext::from_file and make them Results
* remove not(miri) clause in test
* try and fix python build fir ios and android
* again
* android
* tmate
* fix android build
* document load_python_grammar
* log if python or json when loading nautilus grammar
* make nautilus optional
* add nautilus as feature to forkserver_simple_nautilus
* nonzero_lit
* nonzero
* std instead of core
* a
* l
* test
* import
* api
* api
* aaaaa
* apiapi
* api
* api
* api
* mm
* api
* non zero
* FMT
* pls
* nnnaaasdfadsfafdsa
* pls
* MM
* fix
* a
* sat add
* aa
* mistake
* unreachable
* no generic
* api change
* a
* centralize clippy definition
* fmt
* add update bindings script
* add a checked and unchecked version of memory read to qemu stuff
also, a lot of clippy thing
* update binding position
* rm old script, new one is a bit better
* update doc
* macos clippy
* adapt fuzzers
* windows clippy
* fix fuzzer
* windows clippy
* remove old allowed clippy
* remove some allowed clippy
* use default features for serde_json in gramatron
* better error handler for failed rw to memory
* change fuzzbench_qemu
* real test
* fix qemu crash hook
* update bindings
* fix fork executor, reduce trait bound overhead
* make EdgeModule depend on observer to get ptrs.
* do not make EdgeCoverageModule::new public
* map observer as builder call
* adapt examples with new edge coverage module builder.
* TMP: everyone is a variable length map observer
* reuse profile path script
* fix absolute paths
* remove some dependencies to make pipeline faster
* compile-time builder initialization check
---------
Co-authored-by: Romain Malmain <romain.malmain@pm.me>
* versioning unification: use x.y.z format everywhere
* do not compile low-level logs (< info level) by default in fuzzers
* update dependencies to the latest versions
* add members to workspace.
* use workspace for common dependencies
* add vscode native support
---------
Co-authored-by: Toka <tokazerkje@outlook.com>
* Rand below should take a NonZero parameter
* More
* more
* More
* fix build
* bit of clippy
* more clippy
* more clippy
* More clippy
* More more
* more nonzero
* fix multipart
* Cleanup, more unsafe
* fix
* fix unicode
* clippy, fmt
* more
* More safer and more better
* MaxStackPow
* fix merge fails
* make random_slize_size faster
* fix
* more
* fix
* linux kernel (x509_cert) and process fuzzing example
* rework filters
* update to latest qemu
* working for process and kernel fuzzing
* new i2s mutator for binary only fuzzers
* refactoring modules with new filtering interface
* add state as parameter of harness
* hide unused global in usermode
* Script for stub bindings generation
* do not try to check whether it is worth generating the bindings, always
generate when the env variable is on.
* add taplo to fmt_all.sh
* Moved fuzzers (again) in a target-centric way.
* fix rust 2024 warnings.
* new libafl_qemu harness structure.
* rename qemu_systemmode into qemu_baremetal
* fix qemu baremetal makefile
* fix formatter
---------
Co-authored-by: Toka <tokazerkje@outlook.com>
* introducing MappingMutator
* extending mapping mutators
* adding example fuzzer
* making crossover mutators more flexible.
* moving example fuzzer
* fixing dependency paths
* formatting
* fixing no std error
* fixing broken docs link
* fixing import paths
* fixing imports
* more format fixing
* adding new example fuzzer to CI
* fixing further imports
* fixing formatting
* formatting fixes
* improving docs for the example fuzzer
* adding documentation and tests to mapping mutators
* make extraction function for mapped crossover mutators more general
* adding MutVecFunctionMappingMutator
* Introducing WrapsReference
* code cleanup for mapping mutators
* adding tests and docs to mapping mutators
* reformatting comments
* fixing merging of mutators in example fuzzer
* formatting
* formatting v2
* cleanup according to PR comments
* adding type constraint to MappedInput helper functions to remove the need to specify types
* matching functions passed to mapped_havoc_mutations
* removing unnecessary constraints
* mapping mutators now contain the name of their inner mutator
---------
Co-authored-by: Dominik Maier <domenukk@gmail.com>
* Add a custom typed builder for Emulator
* Unify qemu_init for usermode and systemmode
* Remove env from qemu init args (it is unused in QEMU in practice)
* expose thread hooks to systemmode
* rename qemu_config to config
* Replace ExitHandler by EmulatorDriver
* Reorder generics alphabetically for Qemu{,Fork}Executor
* Moved snapshot manager to Emulator to continue centralizing mains objects in the same structure
* Reimplementation of CommandManager working with enums instead of tables
* Macro has been adapted to do this work automatically
* Moved snapshot stuff to dedicated module
* Removed many Rc<RefCell<...>>, now useless with the removal of vtables
* Builder given by Emulator via `Emulator::builder`. Reduced trait bound overhead
* Remove stateless qemu executor
* All harnesses take a reference to an emulator as parameter now
* harness takes an emulator as first parameter, and input as second parameter (opposite of previous definition)
* bump libafl qemu dependencies to the latest version
* Helper is now called Module.
* Emulator now contains hooks state.
* Emulator is managed by QemuExecutor.
* QEMU hooks have been completely refactored on the rust side.
* Generics cleanup.
* aa
* why??????????????
* ppp
* aa
* aa
* abcde
* fixer
* ppp
* aa
* fix from windows
* sugar
* ff
* ??
* a
* to log::error
* exclude
* exclude libafl_qemu clippy on windows
* pp
* aa
---------
Co-authored-by: Your Name <you@example.com>
* Make every builder ::builder()
* Fix no_std
* More
* Fix clippy, stuff
* More fun
* Make NopShMem do something
* Alloc
* more fmt
* Remove UB in tinyinst executor builder
* Make builder order not matter for tinyinst
* More better
* fix
* docs
* fmt
* more fmt
* clippy
* fix fixes
* tiny thing
* more betterg
* more more
* more builder
* more builder
* more nyx
* undo breaking clippy
* clip
* QEMU generic memory iterator + Refactoring
* Generic Memory Iterator (systemmode only for now): It is now possible to iterator over memory ranges, independently of the address kind
* Refactoring or Emulator / Qemu structures: they are now handled separately in different files
* Refactoring of Exit Handlers: Result / Error structs have been clarified
* Simple handler for signals
* add new `check-cfg` calls for libafl qemu
* rands: simpler rand_trait code, remove useless test
* rands: provide and use proper random_seed()
* rands: add missing golden tests
* Don't use current_nanos() for seeding
* rands: remove RandomSeed trait
* match by ref fix
* impl Named for Reference
* rename
* magic indexing
* whoops
* docs, clippy
* some additional CI complaints
* other libafl_qemu fixes
* missed an alloc feature
* a smattering of fixes
* use from not direct construction
* tinyinst fix
* horrible double-mutability things
* fixup nyx
* from not new
* forkserver_simple fixes
* dogfood: forkserver
* mmmm yummy dogfood
* round one CI fixes
* clippy appeasement
* deref generic impl to simplify usage
* adaptive serialization (ouch)
* remaining clippy items
* I am tired
* new not with
* fixup: aflpp tracing was not actually constructable
* fix tmin
* reduce complexity of map feedback now that we do not need to constrain
* frida fixes
* fix concolic
* type_ref => reference
* run qemu fuzzers (qemu_systemmode only for now) in self-hosted runners
* Remove qemu-related fuzzers to general fuzzers
* fix
* Install dependencies before anything else
* Do not use sudo
* Install sudo
* Revert "Install dependencies before anything else"
This reverts commit 107addad5d9f68dec5a9af50831112cd72c28f4d.
* added qemu specific prerequisites
* add -y flag
* Format with nightly
* Do not use nightly only.
Install fmt and clippy for stable as well.
* Install qemu-img for qemu
* fix qemu-img install
* apt update
* Changed timeout.
* Fix qemu_systemmode test
* fmt
* clippy + decorrelate build and run for qemu_systemmode.
* fix fuzzer
* clippy
* add sqlite3-dev to package prerequisites.
* add arm-none-eabi-gcc
* fix profile dir
* fix condition.
* Run less QEMU stuff faster
---------
Co-authored-by: Toka <tokazerkje@outlook.com>
* sample implementation of tracking enforcement (incomplete)
* helpful compiler output
* make it look like a real compiler output
* ensure that the macro may be used outside of libafl
* separate index/novelty tracking funcs
* default const generic values so that we don't need to change this everywhere
* fix tests
* rollback unnecessary specification of stdmapobserver
* register metadata in doc tests
* doc fixes
* doc cleanup
* doc cleanup 2
* reduce implementor overhead to zero
* renaming/docs fixes
* asref isn't reflexive??
* generalization stage updates
* add better documentation about require_{indices,novelties}_tracking
* remaining generic updates
* round one CI pass (knowingly introduces breaking changes)
* typo
* round 2 clippy
* rollback: libafl_frida changes
* fmt
* moar porting
* fix remaining fuzzers
* fix windows build, maybe
* fixup libafl_libfuzzer
* fmt nighlty all the things
* attempt to fix some broken additions
* fix fmt
* oops
* fix new invocation
* minimizer scheduler fixes
* fix accounting
* rename
* fix
* Fix build
* Sort generics
* Move more generics into the right place
* Rename A -> C
* Fix test
* Fix test some more
* Fix doc some more
* critical formatting
* More A->C
* CanTrack harder
---------
Co-authored-by: Dominik Maier <dmnk@google.com>
* Added paging filtering.
Reworked address range filtering to fit with new generic code.
* Fix: renamed remaining QemuInstrumentationFilter instances.
* Renamed sync breakpoint to sync exit.
* Split emu in systemmode.rs / usermode.rs for specific code.
EmuExitHandler implementation.
* sync_backdoor.rs removal.
Formatting.
* Updated `bindgen` and `which`.
Adapting code to work with update.
* fix: reconfigure cleanly if prior configure was interrupted abruptly.
* Enable sanitizers in QEMU during debug.
* Added target-usable files.
* Added breakpoint structure.
* Adapted other files to work with ExitHandler.
* Adapted existing fuzzer to work with new exit handler.
* fix: use get to avoid crashes.
* Updated README to indicate cargo-make should be installed.
* Added QEMU internal exit handler.
* Adapted qemu_systemmode example with new exit handler.
* Fixed fuzzers to work with new exit handler.
* Trying to fix CI (#1739)
* test
* dummy
* dummy
* Added new examples.
* Forgot to add build scripts.
* format
* format
* clang-format
* python emulator adaptation.
* fixed python bindings.
* clippy fixes.
* python bindings.
* fix qemu_sugar.
* fix fuzzbench.
* fixed import issues.
* misc fixes.
* renamed crate.
* Updated x86_64 stub bindings.
* Fixed static naming.
* binding fmt
* clippy
* clippy
* Removed useless return statement.
* removed advice to install cargo-make in individual repositories.
* symcc_update (#1749)
* Remove unused create_anymap_for_trait macro (fixes#1719) (#1752)
* Fix `as_object` UB discussed in #1748 (#1751)
* Fix as_object UB discussed in #1748
* More cleanup, more less UB
* Fix fixes
* Added uninit_on_shmem api
* clippy
* fmt
* trying to fix fuzzers, libfuzzer wrapper
* Add OwnedRefMit::owned constructor, libfuzzer fix
* Some more fixes
* Add BacktaceObserver::owned fn
* fmt
* more fmt
* Ignore SigPipe by default (#1741)
* Ignore SigPipe by default
* Fix no_std
* fmt
* Fix incorrect imports (#1758)
* Fix incorrect imports
https://doc.rust-lang.org/core/simd/trait.SimdOrd.html
* Fix
* Try fix ci
* Documentation fixes (#1761)
* Documentation fixes
* Fix InProcessExecutor url
* Update all urls to latest
* Miri ignores for M1 regex (#1762)
* Enabling DrCov on Windows (#1765)
* Enabling DrCov for Windows
* Dedup common code in scheduler (#1702)
* dedup common code in scheduler
* del eco
* fixing
* fix
* replace `Emulator::new_empty` by `Emulator::get` calls outside of `emu.rs` for safety. (#1763)
* Add mute_inprocess_target fn, SimpleFdLogger::set_logger, and more (#1754)
* Add mute_inprocess_target fn, SimpleFdLogger::set_logger, set_error_print_panic_hook
* Trying to fix#1753
* typo
* More fix
* Fix test?
* more testcase fixes
* Fix: renamed remaining QemuInstrumentationFilter instances.
* Split emu in systemmode.rs / usermode.rs for specific code.
EmuExitHandler implementation.
* format
* format
* format
* Replace sync_exit with sync_backdoor.
* Rework command system.
* fix bad import.
* format.
* cargo fmt
* disable af-xdp as well to avoid linking errors.
* End of merging.
* format.
* Adaptation for usermode.
* format.
* injection support.
* usermode fixes.
format.
* clippy
* clippy + format
* Do not unwrap emu + format.
* fix: entry_point breakpoint
* inital commit.
* clippy
* tests
* clippy
* adapt example
* systemmode.
* renaming
* fmt
* fix lints.
* more lint fix.
* even more lint fixes.
* always more lint fixes.
* lint fix.
* allow unused qualifications for crate when it could be confusing.
* Still lint fixes.
* Lint fixes on generated code.
* Some lint fixes.
* merge continue.
* renamed modules as well.
* fixing merge.
* systemmode compiling.
* fmt
* fix early emulator drop.
* fmt
* fix cast to c_void of the wrong object.
* Added global enum for snapshot managers.
Some renaming.
* move things around.
* WIP: generic inclusion of QEMU Executor in exit handler.
* * Moved extern calls to `libafl_qemu_sys`
* Replaced old `Emulator` by `Qemu` and only kept C functions wrappers
* Now `Emulator` is for higher-level interactions with QEMU. Kept old functions for compatibility calling to `Qemu` functions
* A direct side effect of this slit is the removal of the `IsEmuExitHandler` trait dependency added in many parts of the code.
* Removed old dirty casting for `QemuExecutor` helpers and used the brand-new access to `QemuExecutorState` instead.
* Minor changes to `Qemu` and `Emulator` `get` methods for cleaner getters.
* Add missing `Qemu` function.
* Updated `qemu_systemmode` example.
* Adapted QEMU fuzzers + renaming.
* Fixed python.
* fix libafl_sugar with new implementation.
* fix dangling RefCell.
adapt new examples.
TODO: merge `libafl_systemmode.*` examples.
* clippy.
* fix more fuzzers.
* clippy.
* Implement `HasInstrumentationFilter` generically.
Updated `StdInstrumentationFilter` accordingly.
* Renamed breakpoint functions for QEMU.
`qemu.run()` handling.
* Removed OnceCell / RefCell in signature.
more explicit `MmapPerms` method names.
* minor code refactoring
* Emulator::run_handle refactoring
* deprecated Emulator functions calling directly to QEMU functions.
* IsSnapshotManager -> SnapshotManager
* IsEmuExitHandler -> EmuExitHandler + fmt
* Generic register when it makes sense.
* reverted IsSnapshotManager -> SnapshotManager because of a collision.
* fix syntax + clippy
* fmt
---------
Co-authored-by: Dongjia "toka" Zhang <tokazerkje@outlook.com>
Co-authored-by: Dominik Maier <domenukk@gmail.com>
Co-authored-by: lazymio <mio@lazym.io>
Co-authored-by: Bet4 <0xbet4@gmail.com>
Co-authored-by: mkravchik <mkravchik@hotmail.com>
