* fix ci
track: https://github.com/dtolnay/proc-macro2/pull/501
* format toml
* fix typo
* Use nightly for libafl_frida
* Install nightly for splitter
* Use dtolnay/rust-toolchain@nightly
* install ca-certificates
* Implement `Send` for `Shm`
it is safe because we take the ownership of the inner map pointer. Only potential
violation is deref the underlying pointer but that’s already unsafe. Therefore,
the properties of Send still hold within the safe world.
* Bump 1.87
* use std::io::pipe so that they are `Send`
* clippy
* upgrade
* Avoid phantomdata to make ForkserverExecutor !Send
* Missing gates
* Fix nostd
* bump in Dockerfile
* use dtolnay/rust-toolchain@stable instead
* setup latest toolchain on non Linux
* Fix typo
* no more shellscript
* metadatas
* clp
* clippo
* this language breaks everyday
* stop
* 2404?
* purge rust
* everything is broken
* test
* ci dead
* aa
* aa
* remove broken shit
* remove broken shit
* broken shit
* a
* lol
* aaaaa
* AI fix
* aa
* aaa
* yes?
* a
* FK
* tmate
* wtf who tf did this shit????
* aa
* useless printlnt
* for system too
* unset first
* make fuzzer great again
* crash handlers
* hello from windows
* fk
* gee
* m
* temporary fix
* f
* mm
* CICI
* fixer
* Fix Dockerfile
* lol
* clp
* Fuck you clippy
* This lint makes no sense, 0
* ??
* a
* fix
* this lint makes 0 sense
* mm
* clp
* a
* a
* clp
* clippy
* clp
* mm
* FMT
* p
---------
Co-authored-by: Your Name <you@example.com>
Co-authored-by: toka <toka@tokas-MacBook-Air.local>
* Fix just
* Update dockerfile
* Changes to test all architectures for qemu-user fuzzers
* Update version of QEMU
* Fix qemu on aarch64
* Fix qemu on i386
---------
Co-authored-by: Your Name <you@example.com>
* feat: unicorn support
* feat: update
* fix: remove unused files
* fix: clean
* fix: remove undeeded parameters
* fix: typo
* moved to justfile
* use log::debug!
* fix cargo and created justfile
* feat: add CI
* add runs on
* fix: CI
* fix: CI
* fix: don't use fork executor
* not needed anymore
* fix: CI
* fix: CI
* remove extra space
* WIP: IntelPT qemu systemmode
* use perf-event-open-sys instead of bindgen
* intelPT Add enable and disable tracing, add test
* Use static_assertions crate
* Fix volatiles, finish test
* Add Intel PT availability check
* Use LibAFL errors in Result
* Improve filtering
* Add KVM pt_mode check
* move static_assertions use
* Check for perf_event_open support
* Add (empty) IntelPT module
* Add IntelPTModule POC
* partial ideas to implement intel pt
* forgot smth
* trace decoding draft
* add libipt decoder
* use cpuid instead of reading /proc/cpuinfo
* investigating nondeterministic behaviour
* intel_pt module add thread creation hook
* Fully identify deps versions
Cargo docs: Although it looks like a specific version of the crate, it actually specifies a range of versions and allows SemVer compatible updates
* Move mem image to module, output to file for debug
* fixup! Use static_assertions crate
* Exclude host kernel from traces
* Bump libipt-rs
* Callback to get memory as an alterantive to image
* WIP Add bootloader fuzzer example
* Split availability check: add availability_with_qemu
* Move IntelPT to observer
* Improve test docs
* Clippy happy now
* Taplo happy now
* Add IntelPTObserver boilerplate
* Hook instead of Observer
* Clippy & Taplo
* Add psb_freq setting
* Extremely bad and dirty babyfuzzer stealing
* Use thread local cell instead of mutex
* Try a trace diff based naive feedback
* fix perf aux buffer wrap handling
* Use f64 for feedback score
* Fix clippy for cargo test
* Add config format tests
* WIP intelpt babyfuzzer with fork
* Fix not wrapped tail offset in split buffer
* Baby PT with raw traces diff working
* Cache nr_filters
* Use Lazy_lock for perf_type
* Add baby_fuzzer_intel_pt
* restore baby fuzzer
* baby_fuzzer with block decoder
* instruction decoder instead of block
* Fix after upstream merge
* OwnedRefMut instead of Cow
* Read mem directly instead of going through files
* Fix cache lifetime and tail update
* clippy
* Taplo
* Compile caps only on linux
* clippy
* Fail compilation on unsupported OSes
* Add baby_fuzzer_intel_pt to CI
* Cleanup
* Move intel pt + linux check
* fix baby pt
* rollback forkexecutor
* Remove unused dep
* Cleanup
* Lints
* Compute an edge id instead of using only block ip
* Binary only intelPT POC
* put linux specific code behind target_os=linux
* Clippy & Taplo
* fix CI
* Disable relocation
* No unwrap in decode
* No expect in decode
* Better logging, smaller aux buffer
* add IntelPTBuilder
* some lints
* Add exclude_hv config
* Per CPU tracing and inheritance
* Parametrize buffer size
* Try not to break commandExecutor API pt.1
* Try not to break commandExecutor API pt.2
* Try not to break commandExecutor API pt.3
* fix baby PT
* Support on_crash & on_timeout callbacks for libafl_qemu modules (#2620)
* support (unsafe) on_crash / on_timeout callbacks for modules
* use libc types in bindgen
* Move common code to bolts
* Cleanup
* Revert changes to backtrace_baby_fuzzers/command_executor
* Move intel_pt in one file
* Use workspace deps
* add nr_addr_filter fallback
* Cleaning
* Improve decode
* Clippy
* Improve errors and docs
* Impl from<PtError> for libafl::Error
* Merge hooks
* Docs
* Clean command executor
* fix baby PT
* fix baby PT warnings
* decoder fills the map with no vec alloc
* WIP command executor intel PT
* filter_map() instead of filter().map()
* fix docs
* fix windows?
* Baby lints
* Small cleanings
* Use personality to disable ASLR at runtime
* Fix nix dep
* Use prc-maps in babyfuzzer
* working ET_DYN elf
* Cleanup Cargo.toml
* Clean command executor
* introduce PtraceCommandConfigurator
* Fix clippy & taplo
* input via stdin
* libipt as workspace dep
* Check kernel version
* support Arg input location
* Reorder stuff
* File input
* timeout support for PtraceExec
* Lints
* Move out method not needing self form IntelPT
* unimplemented
* Lints
* Move intel_pt_baby_fuzzer
* Move intel_pt_command_executor
* Document the need for smp_rmb
* Better comment
* Readme and Makefile.toml instead of build.rs
* Move out from libafl_bolts to libafl_intelpt
* Fix hooks
* (Almost) fix intel_pt command exec
* fix intel_pt command exec debug
* Fix baby_fuzzer
* &raw over addr_of!
* cfg(target_os = "linux")
* bolts Cargo.toml leftover
* minimum wage README.md
* extract join_split_trace from decode
* extract decode_block from decode
* add 1 to `previous_block_ip` to avoid that all the recursive basic blocks map to 0
* More generic hook
* fix windows
* Update CI, fmt
* No bitbybit
* Fix docker?
* Fix Apple silicon?
* Use old libipt from crates.io
---------
Co-authored-by: Romain Malmain <romain.malmain@pm.me>
Co-authored-by: Dominik Maier <domenukk@gmail.com>
* versioning unification: use x.y.z format everywhere
* do not compile low-level logs (< info level) by default in fuzzers
* update dependencies to the latest versions
* add members to workspace.
* use workspace for common dependencies
* add vscode native support
---------
Co-authored-by: Toka <tokazerkje@outlook.com>
* feat: revert now unecessary workaround, use rust-lang.rust-analyzer
* fix: specify llvm version and symlink llvm. Thanks @tokatoka
* fix: pass the llvm version to createAliases.sh
* fix: shell script lints
* fix: shell script lints
* feat: use cargo binstall to make the container build faster
* run qemu fuzzers (qemu_systemmode only for now) in self-hosted runners
* Remove qemu-related fuzzers to general fuzzers
* fix
* Install dependencies before anything else
* Do not use sudo
* Install sudo
* Revert "Install dependencies before anything else"
This reverts commit 107addad5d9f68dec5a9af50831112cd72c28f4d.
* added qemu specific prerequisites
* add -y flag
* Format with nightly
* Do not use nightly only.
Install fmt and clippy for stable as well.
* Install qemu-img for qemu
* fix qemu-img install
* apt update
* Changed timeout.
* Fix qemu_systemmode test
* fmt
* clippy + decorrelate build and run for qemu_systemmode.
* fix fuzzer
* clippy
* add sqlite3-dev to package prerequisites.
* add arm-none-eabi-gcc
* fix profile dir
* fix condition.
* Run less QEMU stuff faster
---------
Co-authored-by: Toka <tokazerkje@outlook.com>
* fix(Dockerfile): add build_linux.rs to libafl_qemu and libafl_qemu_sys
* fix(Dockerfile): workaround for llvm.sh failing on bookworm
Revert this once https://github.com/llvm/llvm-project/issues/62475 has been resolved
* fix(libafl_qemu): add unsafe to callbacks
* chore(devcontainer): update devcontainer to work with newer VSCode versions
* revert(libafl_qemu): revert unsafe keyword
* fix(devcontainer): move settings and extension under customizations.vscode
* fix(devcontainer): use postCreateCommand instead of initializeCommand
Add `--locked` flag when installing `sccache` in the first stages to ensure the image gets built when the base image's Rust version satisfies `sccache`'s MSRV.
Fixes#1923🐛
Co-authored-by: Dongjia "toka" Zhang <tokazerkje@outlook.com>
* fix(Dockerfile): allow running commands with docker run
According to
<https://gitlab.com/gitlab-org/gitlab-runner/-/issues/2109#note_47480476>
adding the "-c" to the ENTRYPOINT is necessary to be able to run
commands like `docker run libafl "cargo build"`
* fix(Dockerfile): restore ability to docker run without command
As `bash -c` always requires a string, the previous commit
removed the ability to just `docker run -it libafl` and
get a shell.
This commit restores that ability
* add
* rdm
* CHATGPT
* CHATDUMB
* different action
* no
* fix
* ci
* ci
* ci
* fuck
* dir
* checkout?
* ci
* ci
* ci
* ci
* ci
* ci
* ci
* ci
* ci
* ci
* ci
* ci
* ci
* ci
* don't use shit
* ci
* ci
* ci
* squash libfuzzer edits
* fixup: compat with custom mutators
* use tui flag
* add introspection support
* use libfuzzer dep now that we've merged
* force input loading
* some fixes
* begin docs, impl shrink
* make whole-archive conditional and not default
* make more copies of counters maps
* lol, remember to add the observer
* make size edge map observer an observer
* fixup: make def of run driver conditional
* add sanity checks for insertion
* revert silencing of forks
* add experimental tmin support; add default asan flags
* use default options instead of specifying our own
* implement lockless mode
* fix merge
* fixup lockless corpus
* fixup for generalisation
* remove erroneous drop_in_place
* improve error logging in the case of corpus loading failure
* ok, use lock files 😔
* fix tmin
* implement merge (again); fix rare cases with maps being too small
* implement a scheduler for removing excess
* implement a walking strategy for corpus loading for large corpora
* revert filename parameter; rename and remove duplicates
* various cleanup and clippy satisfaction
* fix no_std tests
* clang-format
* expand and satisfy the clippy gods
* fix sanitizer_ifaces bindgen for no_std
* fix wasm fuzzer
* fixup clippy script
* rename and provide a small amount of explanation for sanitizer_interfaces
* fixup: HasLastReportTime
* fix clippy oddities
* restrict clippy checks to linux-only for libafl_libfuzzer_runtime
* name the mutators
* format
* fix clippy warning
* hope docker is fixed
* fix cmin lint
* clippy pass
* more docs
* more clippy
* fix remaining clippy complaints
* fix import
* miri fixes (no constructors executed)
* exclude libafl_libfuzzer from cargo-hack
* fix clippy check for sanitizer_interfaces
* fmt
* fix CI (?)
* deduplicate sancov 8bit for improved perf on ASAN
* merge 8bit coverage regions + comment out insane deduplication
* no erroring out on free hooks
* fixup for non-forking merge
* skip the corpus dir if we use it
* fixup: recent libafl changes and feature flags
* libafl_libfuzzer: use rust-lld for whole-archive feature
* clarify cause of failure
* mark unsafe
* clippy :cursed_cowboy:
* attempt to fix wasm
* spooky unknowable bug 👻
* more clippy lints
* clippy fix for merge
* use the version pin
* add unsafe to ::register
* Serdeany autoreg fix
* make type assert actionable
* miri fixes
---------
Co-authored-by: Dominik Maier <domenukk@gmail.com>
Co-authored-by: Dominik Maier <dmnk@google.com>
Co-authored-by: Mrmaxmeier <Mrmaxmeier@gmail.com>
* step1 for tinyinst
* step2: minimal executor
* updated libafl
* Tinyinst Update (#853)
* Mac OS Autotokens (#723)
* mac_tokens
* more
* win fix
* fmt
* fmt c
* Use nightly fmt (#728)
* Fix compilation for aarch64 qemu (#731)
Typo lead to fail to compile for arm64
* Simd Fix (#729)
* simd fix
* fmt
* Fixing readme & docs (#730)
* fix
* fix
* add
* add
* fmt
* 0.8.1 (#732)
* New Pass Manager Arguments (#724)
* new pm arguments
* enable abgeana's code
* Fix tui with 1 client (#734)
* unbreak tui with 1 client
* clippy
* Add core affinity support for FreeBSD (#736)
* NYX Executor (GSoC '22) (#693)
* Add ccache
* Update codecov.yml
* Add libnyx
* Fix
* Add nyx build script
* Fix build.sh && init executor.rs
* Fix commit
* Fix code
* initialize `exector.rs`
* refine API in `nyx_bridge.rs`
* initialze `run_target`
* add `test_nyxhelper`
* initize `test_executor`
* remove `nyx_beidge.rs`
* make `test_executor` compile
* Improve test
* refine code
* update version
* fix docker
* fix docker
* Fix clippy
* Fix build
* fix build && add `set_timeout`
* Fix and refine CI
* fix CI
* Fix CI
* Add platform restrict
* cargo fmt
* add parallel mode
* add example `nyx_libxml2_parallel`
* fix fuzzer example
* fix CI
* add README
* fix CI
* fix CI
* fix CI
* remove unwrap and NyxResult
* code format fix
* add libnyx's rev
* fix format
* change Duration format && Fix CI
* caego fmt
* fix CI
* fix CI
* Add doc
* test CI
* Update test_all_fuzzers.sh
* Update test_all_fuzzers.sh
* Update test_all_fuzzers.sh
* add cache for apt and cargo-install
* Update build_and_test.yml
* Update build_and_test.yml
* tmp test CI
* fix CI
* remove debug cmd
* remove test
* code refine
* code refine
* code refine
* code refine
* add Makefile
* fix example doc for nyx
* add `NyxHelper::new_with_initial_timeout`
* fix `NyxHelper::new`
* fix curl parameter
* code refine
* add check for setup script
* use afl-clang-fast in nyx
* fix logic
* fix makefile
* fix CI
* Update build_and_test.yml
* Update build_and_test.yml
* remove debug cmd
Co-authored-by: syheliel <syheliel@gmail.com>
Co-authored-by: Dominik Maier <dmnk@google.com>
* Fix spelling error (#745)
* OSX force_load option (#743)
* Update clang.rs
* fmt
* Add continous JSON Logging monitor (#738)
* Add simple JSON Monitor
* Add documentation
* Log global state
* Fix formatting
* Save state depending on closure outcome, have file opened all the time
* Make OnDiskJSONMonitor cloneable
* Switch to FnMut to allow stateful closures
* Use &mut M: Monitor for the closure
* Fix documentation of Rand::below (#747)
* Netopenbsd build fix (#746)
* core affinity netbsd implementation.
* openbsd build fix
* Fix autotokens doc (#751)
* fix
* remove wrong doc
* Simplification for netbsd-specific code (#750)
the cpuset api is already present in libc...
* Add test case minimising stage (tmin) (#735)
* add test case minimising stage
* general purpose minimiser impl, with fuzzer example
* reorganise, document, and other cleanup
* correct python API return value
* correct some docs
* nit: versioning in fuzzers
* ise -> ize
* Implement a corpus minimiser (cmin) (#739)
* initial try
* correct case where cull attempts to fetch non-existent corpus entries
* various on_remove, on_replace implementations
* ise -> ize (consistency), use TestcaseScore instead of rolling our own
* oops, feature gate
* documentation!
* link c++
* doc-nit: correction in opt explanation
don't write documentation at 0300
* better linking
* Skippable stage, generator wrapper for Grimoire (#748)
* Skippable stage, generator wrapper for Grimoire
* more fancy wrapper
* MapFeedback: Adding support for with_name() (#752)
* Adding support for with_name()
* Adding with_name() function description
* dragonflybsd build fix for core affinity. (#753)
supporting most of linux sched api here.
* CI for FreeBSD (#754)
* CI for FreeBSD
* rustup -y?
* fixed path, switched to clippy
* bsd don't source
* added llvm
* clippy
* more yml
* ?
* testing ci
* llvm?
* llvm??
* more llvm, more tests
* fixed testcase'
* mem limits
* more sudo
* reenable all the CI
* Fixes for new Clippy (#755)
* New Clippy fixes for QEMU (#757)
* Core affinity for FreeBSD pinning task to the wanted cpu (#756)
* Do not zero-init struct in QEMU (#758)
* New Clippy fixes for QEMU
* no need to 0-initialize mem
* clippy
* Add doc for libafl_nyx (#759)
Co-authored-by: syheliel <syheliel@gmail.com>
* Adjust NyxExecutor trait bound to HasTargetBytes from HasBytesVec (#760)
* adjust NyxExecutor trait bound to HasTargetBytes from HasBytesVec
* oops actually use HasTargetBytes instead
* libafl_frida: ASan hook adding Apple's memset_pattern* api. (#761)
* Fix cargo doc on windows (#762)
* add doc cfg
* fix nostd docs
* ignore CommandConfigurator doc test execution on non-unix platform
* add cargo doc step pipeline on windows platform
* Enable memset_patter ASan hooks for Apple on libafl_frida (#763)
* Fix forkserver options (#771)
* Stability improve (#773)
* initial
* add
* fmt & fix
* dbg remove
* clp
* clp
* more
* clippy
* del
* fix
* remove unused
* fix
* doc
* Fix doc (#780)
* Add track_stability option to CalibrationStage (#781)
* add
* Update gramatron.rs
* Update emu.rs
* try
* clp
* Dump registers on freebsd x86_64 (#779)
* Illumos support (#775)
implementing core affinity too.
* Reduce clang warnings for version output in libafl_cc. (#778)
* Extend gramatron recursive mutator (#783)
* Dump registers on NetBSD amd64 (#786)
* Add support for ARMBE8 (#768)
* Changes to build QEMU out-of-tree so that we don't need to clone the repo for each feature combination we build
* Add be support to libafl_qemu
* More config tweaks
Co-authored-by: Your Name <you@example.com>
* [AFLplusplus/LibAFL] dump registers on OpenBSD amd64 (PR #787)
* dump registers on openbsd
* write_crash implementations
* Windows gdiplus (#789)
* Initial steps
* Harness code cleanup
* don't panic on linux in order not to break the CI
* formatting once again
* restored cfg unix to unbreak linux build
* Remove clang download from windows CI (#791)
* Attempt to remove clang 12 setup
* frida_gdiplus added to CI
* Gdiplus comments (#792)
* Attempt to remove clang 12 setup
* frida_gdiplus added to CI
* Redundancy note
* formatting again :\
* mistake of directory name
* Fix len miscalculation in grimoire string replace (#794)
* Fix len miscalculation in grimoire string replace
* ok Rust i was writing JS these days
Co-authored-by: Andrea Fioraldi <andrea.fioraldi@trellix.com>
* Fix doc typos (#796)
* Fix CI (#798)
* bump (#799)
* Support for write_crash on netbsd (#788)
* Support for bolts::cpu::read_time_counter on arm64 (#790)
* Add ability to use virtual dispatch to StagesTuple (#801)
* Add ability to use virtual dispatch to stagesTuple
* Fix lint
* Adding CPSR register for arm qemu (#800)
* trying to add in observer
* writing test
* got up to running with instrumentation but i still need to get the map
* fixing fuzzer code
* adding tinyinst fuzzer
* adding ffi to store all the map data into vec.
* adding some new things
* adding somewhat state of how i would like it should work
* fixing some things
* alot of false positives.
* fixing before adding args
* updated to use FileInput!
* adding build script to pull tinyinst
* fixing git issue
* writing instruction to run how to run tinyinst fuzzer
Co-authored-by: Dongjia Zhang <tokazerkje@outlook.com>
Co-authored-by: Dominik Maier <dmnk@google.com>
Co-authored-by: Phan Thanh Duy <phanthanhduypr@gmail.com>
Co-authored-by: Nicholas Lang <97475577+nicklangsysdig@users.noreply.github.com>
Co-authored-by: David CARLIER <devnexen@gmail.com>
Co-authored-by: syheliel <45957390+syheliel@users.noreply.github.com>
Co-authored-by: syheliel <syheliel@gmail.com>
Co-authored-by: Aiden Hall <AidenRHall@users.noreply.github.com>
Co-authored-by: Sönke <eknoes@users.noreply.github.com>
Co-authored-by: Sirui Mu <msrlancern@gmail.com>
Co-authored-by: Addison Crump <me@addisoncrump.info>
Co-authored-by: Patrick Gersch <gersch.patrick@gmail.com>
Co-authored-by: Teddy Heinen <teddy@heinen.dev>
Co-authored-by: Vincent <space_white@yahoo.com>
Co-authored-by: Andrea Fioraldi <andreafioraldi@gmail.com>
Co-authored-by: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com>
Co-authored-by: Your Name <you@example.com>
Co-authored-by: expend20 <36543551+expend20@users.noreply.github.com>
Co-authored-by: Andrea Fioraldi <andrea.fioraldi@trellix.com>
Co-authored-by: Ben Davis <ben@thebendavis.net>
Co-authored-by: radl97 <radl97@users.noreply.github.com>
* fix
* fmt
* Submodule
* Submodule?
* Tinyinst Update V2 (#905)
* updated to lastest libafl
* going to replace tinyinst to more like jackalope with tinyinstrumentation
* fixing clippy
* keep working on cpp ffi. sad
* updating litecov to tinyinst. also start making our own litecov
* revert to map instead of list. not sure why its not working
* making fuzzer listobserver
* working with listobserver!:
* cleaning up
* adding cargo make run
* updating cargo for tinyinst
* updating readme
* readme, clippy
* fmt
* fmt
* fix
* fix
* docker
* fix
* fmt
Co-authored-by: Dominik Maier <dmnk@google.com>
Co-authored-by: biazo <eric.l.biazo@gmail.com>
Co-authored-by: Phan Thanh Duy <phanthanhduypr@gmail.com>
Co-authored-by: Nicholas Lang <97475577+nicklangsysdig@users.noreply.github.com>
Co-authored-by: David CARLIER <devnexen@gmail.com>
Co-authored-by: syheliel <45957390+syheliel@users.noreply.github.com>
Co-authored-by: syheliel <syheliel@gmail.com>
Co-authored-by: Aiden Hall <AidenRHall@users.noreply.github.com>
Co-authored-by: Sönke <eknoes@users.noreply.github.com>
Co-authored-by: Sirui Mu <msrlancern@gmail.com>
Co-authored-by: Addison Crump <me@addisoncrump.info>
Co-authored-by: Patrick Gersch <gersch.patrick@gmail.com>
Co-authored-by: Teddy Heinen <teddy@heinen.dev>
Co-authored-by: Vincent <space_white@yahoo.com>
Co-authored-by: Andrea Fioraldi <andreafioraldi@gmail.com>
Co-authored-by: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com>
Co-authored-by: Your Name <you@example.com>
Co-authored-by: expend20 <36543551+expend20@users.noreply.github.com>
Co-authored-by: Andrea Fioraldi <andrea.fioraldi@trellix.com>
Co-authored-by: Ben Davis <ben@thebendavis.net>
Co-authored-by: radl97 <radl97@users.noreply.github.com>
Co-authored-by: Dominik Maier <domenukk@gmail.com>
* initial atheris libfuzzer harness
* cmplog, kinda
* added makefile to generic_inmemory
* Makefile for atheris fuzzer
* moved away from clap yaml
* fixed arg parsing
* fuzzing
* ldpreload lib to replace exit with abort
* fixed docker, docs
* fix docker some more
* better documentation
* less commented out important things
* Make makefile less crashy
* starting to fix macos linker bugs
* mdetailed error prints
* start shmem service manually
* not a doc comment
* Some fixes
* only send exit msg to shmemservice when start was successful
* incorporated shmem service into provider
* removed unused imports
* trying to fix fuzzers
* fixed build
* check if join_handle is_some
* more debug prints
* fixed shmem service autolaunch
* fixed macos linker
* ignoring broken libpng testcase on macos for now (see #252)
* fmt
* try to fix missing llvm_config (see #253)
* empty issue template added
* Mmanually look for llvm-config on MacOS
* fixing CI
* fixed docs
* ignoring libmozjpg for CI, see #254
* create a separate crate for symcc url and commit hash
also contains functions to checkout and build symcc from a build script
* fix dockerfile
* clippy
* add stub runtime that links with symcc common runtime code
* implement tracing runtime to generate message file
* move ShMemCursor to libafl proper
* qualify enum imports to make clippy happy
* fix warnings
* formatting
* update symcc submodule to point to AFL++ org repo
* fix naming of ShMemCursor and remove std requirement
* ensure runtime is named correctly after compilation
* add devcontainer files for easier development
(will be removed later)
* move rust nightly install into devcontainer.json
this makes it run after the container has been built
* dev container: install recommended packages
* switch to building rust runtime from SymCC cmake
* install corrosion in dev container for cmake-cargo integration
* add smoke test for symcc-runtime integration
* update symcc submodule
* add rustfmt to devcontainer
* properly mark the end of a constraint trace
Using a special "End" message
* small tool to dump constraints from a traced process
* extend smoke test to include parsing & printing of constraints
* update symcc submodule
* first draft of expression filters for concolic
* fix type in runtime method name
* update symcc submodule
* implement extensions to serdeany map:
* remove -> Option<T>
* insert_boxed(Box<T>) (avoids allocation if value is already boxed)
* implement std::io::Seek for ShMemCursor
* implement framing for in-memory traces
this allows to efficiently get the length of trace.
this is important for efficiently copying the trace out of the shared
memory region.
* fix for serdeany map
* fuzzer that associates concolic traces with test
case
* ensure runtime can handle 0-expressions
* move metadata, observer and feedback into separate files
* convert executor to command executor and move to separate file
* refactoring and streamlining
* move panic mode configuration to cmake script
* compile cmake from source, because debians version is too old.........
* use separate stage for tracing
* fix dockerfile
* move runtime into the workspace
using prior work on compilation flags from cmake
* actually make use of selective symbolication filter
* update to support latest symcc changes
* implement hitmap for concolic runtime
* clippy
* implement selective symbolization and coverage map for dump_constraints tool
* use concolic runtime coverage for concolic fuzzer feedback
* actually kill process on timeout
* be extra careful after killing process
* increase command executor busy wait to 5ms
* implement concolic tracing stage
* address naming issue
* implement floating point expression filter for runtime
* rename expression filters to be less verbose
* implement expression pruning
* implement ConcolicMutationalStage
* refactor command executor and remove busy loop
* implement generic command executor
* remove debug prints
* refactor + documentation
* refactor
* add stub runtime that links with symcc common runtime code
* implement tracing runtime to generate message file
* move ShMemCursor to libafl proper
* qualify enum imports to make clippy happy
* fix warnings
* formatting
* update symcc submodule to point to AFL++ org repo
* fix naming of ShMemCursor and remove std requirement
* ensure runtime is named correctly after compilation
* add devcontainer files for easier development
(will be removed later)
* move rust nightly install into devcontainer.json
this makes it run after the container has been built
* dev container: install recommended packages
* switch to building rust runtime from SymCC cmake
* install corrosion in dev container for cmake-cargo integration
* add smoke test for symcc-runtime integration
* update symcc submodule
* add rustfmt to devcontainer
* properly mark the end of a constraint trace
Using a special "End" message
* small tool to dump constraints from a traced process
* extend smoke test to include parsing & printing of constraints
* update symcc submodule
* first draft of expression filters for concolic
* fix type in runtime method name
* update symcc submodule
* implement extensions to serdeany map:
* remove -> Option<T>
* insert_boxed(Box<T>) (avoids allocation if value is already boxed)
* implement std::io::Seek for ShMemCursor
* implement framing for in-memory traces
this allows to efficiently get the length of trace.
this is important for efficiently copying the trace out of the shared
memory region.
* fix for serdeany map
* fuzzer that associates concolic traces with test
case
* ensure runtime can handle 0-expressions
* move metadata, observer and feedback into separate files
* convert executor to command executor and move to separate file
* refactoring and streamlining
* move panic mode configuration to cmake script
* compile cmake from source, because debians version is too old.........
* use separate stage for tracing
* fix dockerfile
* move runtime into the workspace
using prior work on compilation flags from cmake
* actually make use of selective symbolication filter
* update to support latest symcc changes
* implement hitmap for concolic runtime
* clippy
* implement selective symbolization and coverage map for dump_constraints tool
* use concolic runtime coverage for concolic fuzzer feedback
* actually kill process on timeout
* be extra careful after killing process
* increase command executor busy wait to 5ms
* implement concolic tracing stage
* address naming issue
* implement floating point expression filter for runtime
* rename expression filters to be less verbose
* implement expression pruning
* implement ConcolicMutationalStage
* refactor command executor and remove busy loop
* implement generic command executor
* remove debug prints
* refactor + documentation
* refactor
* fixed build, clippy
* no_std
* implement WithObservers executor as discussed
* add symqemu as a submodule
* fix symqemu submodule URL to be relative
* update the concolic runtime to match the new interface
* update the trace file header regularly to save constraints in case the program crashes
* add build dependencies for symqemu
* handle full mesage buffer properly
* better policy for updating trace header
* less aggregiously inefficient GC information serialization
* move concolic runtime hitmap count to filter
this is in preparation for the new runtime interface
* very WIP new runtime interface
* use more convenient types in rust runtime
* EmptyRuntime -> NopRuntime
* hide cpp_runtime and formatting
* implement tracing runtime using new runtime interface
* implement filters with new runtime interface
* use a local checkout for symcc_runtime
* make test runtime tracing
* use test_runtime in smoke test
* fix formatting
* make the clippy overlord happy?
* disable symcc build on everything but linux
* make more of symcc_runtime linux only
* fix linking symcc_runtime with C++ stdlib
* will clippy ever be happy?
* formatting
* don't export symcc runtime when compiling tests
* clippy...
* "don't export symcc runtime when compiling tests" for runtime crate as well
* clippy
* move command executor to LibAFL
* move concolic crate into LibAFL
* move concolic{metada,observer} into LibAFL
* move ConcolicFeedback into LibAFL
* move ConolicStage into LibAFL
* fix bug in symcc part of concolic runtime
* stb_image fuzzer with concolic as example fuzzer
* clean up basic_concolic_fuzzer
* clean up and document concolic example fuzzer
* formatting
* clippy
* remove basic_concolic_fuzzer (it is now part of the examples)
* remove the runtime crate in favor of symcc_runtime
* re-architect concolic smoke test and remove git submodules
* remove old submodule directories
* make coverage filter public
* focker docker build
* clippy
* clippy fixes
* fix ubuntu as well
* remove .gitmodules
* move concolic mutational stage into libafl behind feature flag
* script to install dependencies for concolic smoke test
* fix bug
* clippy
* add github action to run smoke test
* fix action
* ensure smoke test is run in correct directory
* remove devcontainer files
* address feedback
* clippy
* more clippy
* address more feedback
Co-authored-by: Dominik Maier <domenukk@gmail.com>
* builds on no_std
* fixed std build
* nightly fmt on CI
* nightly fmt on CI (again)
* fmt
* no_std build on unix
* more mem
* added no_std from #212 to gh workflow
* more ci, less nightly
* clippy
* more toolchains?
* docu
* y u no build
* more ci?
* next try
* fixed dockr
* more dockerfile fixes
* ondisk corpus fixed
* panic:?
* ubunutu
Co-authored-by: Andrea Fioraldi <andreafioraldi@gmail.com>
