* Fixed the issue where compilation failed under the simplemgr configuration.
* Fixed the issue where the crash handler would fail during rerun.
* update fmt
---------
Co-authored-by: h1k0 <h1k0naka@outlook.com>
* Completely remove Input as an associated type in multiple traits
* Unify usage of Input as generic instead
* Remove many unused bounds, in particular HasCorpus
* fix multiple generic ordering
* update and fix CONTRIBUTING.md
* update MIGRATION
* use the same generic input type for new / with_max_iterations to make typing easier in most cases.
* Restore libafl_libfuzzer test in CI
* the first step of the last step
* wip
* 99% done
* 99.9% done
* 99.99
* Hello from windows
* aaa
* 99.999
* aa
* 1
* 2
* 3
* 4
* 5
* plz
* plzplzplz
---------
Co-authored-by: Your Name <you@example.com>
* remove UsesInput from libafl_qemu
* Insert I bound instead of ugly Corpus::Input stuff
* Uses a C generic for Commands
* adapt nyx api to new generics
* add qemu linux fuzzers to CI for building.
* more nyx hypercalls implemented, among them:
- panic hypercall
- range filtering hypercall
* fixed some nyx hypercalls behavior.
* added generic read / write to qemu memory
* port linux kernel example to also have nyx API, add better filtering as well.
* make nyx api structs volatile to avoid optimization issues
* Introduce a method create a Vec in place, using a closure.
* use new vec_init function in relevant places.
* removed unused unsafe keywork
* add more allocated memory r/w callbacks
* add more safety notes
* move emulator hooks to separate struct
* update QEMU version
* first step
* wip
* lol
* making progress, slowly
* add
* a bit more
* progress
* 80%done
* 90% done
* done from linux
* Hello from windows
* 1
* 2
* 3
* 4
* 5
* 6
* 7
* Hello from windows
* 9
* 10
* 11
* 11
* 12
* 13
* aa
* fixer
* a
* oops
---------
Co-authored-by: Your Name <you@example.com>
* Nyx hypercall API support
* fix linux kernel fuzzer
* hash_me -> hash_64_fast
* fix multiple bug in kernel harness
* do not check libmozjpeg's C files format.
* Qemu config refactoring.
* QEMU error refactoring.
* Single QEMU init function.
* Light refactor of EmulatorModules.
* Qemu is now a parameter to EmulatorModule callbacks and most function hooks.
* EmulatorModules is initialized before QEMU is initialized.
* refactor asan and asanguest modules to avoid custom init of QEMU and use the module interface instead.
* asan fixed size accesses working with generics.
* use pre_syscall_* and post_syscall_* everywhere for consistency.
* adapt qemu_launcher example to fully work with Emulator, since Qemu must now be initialized by Emulator.
* start writing Emulator / EmulatorBuilder / QemuConfig doc.
* fix broken intel pt doc.
* fixing empty multipart name
* fixing clippy
* New rules for the contributing (#2752)
* Rules
* more
* aa
* Improve Flexibility of DumpToDiskStage (#2753)
* fixing empty multipart name
* fixing clippy
* improve flexibility of DumpToDiskStage
* adding note to MIGRATION.md
* Update bindgen requirement from 0.70.1 to 0.71.1 (#2756)
Updates the requirements on [bindgen](https://github.com/rust-lang/rust-bindgen) to permit the latest version.
- [Release notes](https://github.com/rust-lang/rust-bindgen/releases)
- [Changelog](https://github.com/rust-lang/rust-bindgen/blob/main/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/rust-bindgen/compare/v0.70.1...v0.71.1)
---
updated-dependencies:
- dependency-name: bindgen
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* No Use* from stages (#2745)
* no from stage
* fixer
* doc fix
* how was this working????
* more fixes
* delete more
* rq
* cargo-fuzz
* m
* aa
* Update CONTRIBUTING.md MIGRATION.md (#2762)
* No Uses* from `fuzzer` (#2761)
* go
* fixing stuf
* hello from windows
* more
* lolg
* lolf
* fix
* a
---------
Co-authored-by: Your Name <you@example.com>
* Remove useless cfgs (#2764)
* Link libresolv on all Apple OSs (#2767)
* Somewhat ugly CI fix... (#2768)
* Maybe fix CI
* does this help?
* Very dirty 'fix'
* Add Input Types and Mutators for Numeric Types (#2760)
* fixing empty multipart name
* fixing clippy
* New rules for the contributing (#2752)
* Rules
* more
* aa
* Improve Flexibility of DumpToDiskStage (#2753)
* fixing empty multipart name
* fixing clippy
* improve flexibility of DumpToDiskStage
* adding note to MIGRATION.md
* Introduce WrappingMutator
* introducing mutators for int types
* fixing no_std
* random fixes
* Add hash derivation for WrappingInput
* Revert fixes that broke things
* Derive Default on WrappingInput
* Add unit tests
* Fixes according to code review
* introduce mappable ValueInputs
* remove unnecessary comments
* Elide more lifetimes
* remove dead code
* simplify hashing
* improve docs
* improve randomization
* rename method to align with standard library
* add typedefs for int types for ValueMutRefInput
* rename test
* add safety notice to trait function
* improve randomize performance for i128/u128
* rename macro
* improve comment
* actually check return values in test
* make 128 bit int randomize even more efficient
* shifting signed values
---------
Co-authored-by: Dongjia "toka" Zhang <tokazerkje@outlook.com>
Co-authored-by: Dominik Maier <domenukk@gmail.com>
* Add HashMutator
* Fix docs
* Fix docs again
* introducing bloom filter
* fix tests
* Implement evaluate_filtered
* Add macros to libafl_bolts tuples for mapping and merging types (#2788)
* Add macros
* Use the macros for havoc_mutations
* Fix docs
* improve merge_tuple_list_type to accept n items
* libafl_cc: Automatically find llvm_ar path (#2790)
* imemory_ondisk: Don't fail write under any circumstances if locking is disabled (#2791)
* imemory_ondisk: Don't fail write under any circumstances if locking is disabled
* fmt
* inmemory_ondisk: Add a log message on failure
* clippy'
* micro optimization
* Revert changes to global Cargo.toml
* Hide std-dependent dependency behind std feature
* Fix example fuzzer
* Rename constructor for filtered fuzzer
* Reorder generics alphabetically
* Rename HashingMutator, add note to MutationResult about filtered fuzzers
* Improve StdFuzzer according to feedback
* rename hashing mutator
* Fix english in comment
* Cleanup of old PRs that break the CI
* Fix more CI bugs
* Code cleanup
* Remove unnecessary comments
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Dongjia "toka" Zhang <tokazerkje@outlook.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Your Name <you@example.com>
Co-authored-by: Sharad Khanna <sharad@mineo333.dev>
Co-authored-by: Dominik Maier <domenukk@gmail.com>
Co-authored-by: s1341 <s1341@users.noreply.github.com>
* Use expect instead of allow, remove unnecessary allows
* Remove more whitelist lint warnings
* tranisitioning more subprojects
* Re-add some necessary allows
* Re-add more required allows
* Some more windows clippy fixes
* Re-add more whitelist items for expect
* More clippy whitelist fun
* Reset changes to generated files
* Reset generated files to correct version
* Move libafl_concolic to expect instead of allow
* Move libafl_frida to expect from allow
* Move libafl_libfuzzer to expect from allow
* Remove more whitelist items for macOS
* Fix unknown clippy allow
* Remove more unnecessary allow statements
* moving fuzzers
* Remove mistakenly added subdirs
* fixing imports
* Remove more unnecessary whitelisted lints
* Fix test for /home/ubuntu/LibAFL/fuzzers/inprocess/libfuzzer_libpng_accounting
* More clippy improvements for libafl_qemu
* fmt
* Some pedantic options
* Fix more stuff
* Remove Little-CMS again
* Add note to static_mut_refs
* Reset the changed testing routine since it is unnecessary
* cleanup warnings in fuzz_anything
* Refactor: Removed MatchNameRef from tuple import
* Used addr_of! macro instead of taking direct reference
* Remove unecessary unsafe block when getting references to SIGNALS array
* Switched from StdMapObserve to ConstMapObserver to create observer
Also updated signals_set to directly modify SIGNALS array
* Format code using fmt_all.sh
* fixing empty multipart name
* fixing clippy
* New rules for the contributing (#2752)
* Rules
* more
* aa
* Improve Flexibility of DumpToDiskStage (#2753)
* fixing empty multipart name
* fixing clippy
* improve flexibility of DumpToDiskStage
* adding note to MIGRATION.md
* Introduce WrappingMutator
* introducing mutators for int types
* fixing no_std
* random fixes
* Add hash derivation for WrappingInput
* Revert fixes that broke things
* Derive Default on WrappingInput
* Add unit tests
* Fixes according to code review
* introduce mappable ValueInputs
* remove unnecessary comments
* Elide more lifetimes
* remove dead code
* simplify hashing
* improve docs
* improve randomization
* rename method to align with standard library
* add typedefs for int types for ValueMutRefInput
* rename test
* add safety notice to trait function
* improve randomize performance for i128/u128
* rename macro
* improve comment
* actually check return values in test
* make 128 bit int randomize even more efficient
* shifting signed values
---------
Co-authored-by: Dongjia "toka" Zhang <tokazerkje@outlook.com>
Co-authored-by: Dominik Maier <domenukk@gmail.com>
* Fix build target
Create target directory if doesn't exist
* Remove filter on speculatively exec blocks
since also committed blocks can have this flag
* Add current ip_filters getter
* Fix possibile infinite loop in trace decode
* Add comment about target_path
* waitpid_filtered to ignore SIGWINCH
* Fix warnings unused manifest key: *.version
* Add export_raw feature to libafl_intelpt
* derive Debug for IntelPTHook
* Clippy
* Update target program ELF offsets
* Add comment to KVM pt_mode check
* refactor
* Add intel_pt_export_raw feature in libafl
* map_error instead of unwrap
* borrow checker friendly join_split_trace
and copy trace before deocde to prevent decoding failures
* Set ip_filters (also) with builder
* Move trace to file
* Fix Cargo.toml docs
* Ignore blocks with no instruction
most likely they are filtered out
* launcher now uses client_id instead of core_id
* adding overcommit to an example fuzzer
* Replace addr_of with &raw across the codebase (#2669)
* Replace addr_of with &raw across the codebase
* fix fixes
* more fix
* undo clang fmt?
* oops
* fix?
* allocator fix
* more fix
* more more
* more docs
* more fix
* mas mas mas
* hm
* more
* fix Frida
* needed
* more error
* qemu
* Introduce workspace (again) (#2673)
* Trying to redo workspace deps again after #2672
* unused
* clippy
* Replace addr_of with &raw across the codebase (#2669)
* Replace addr_of with &raw across the codebase
* fix fixes
* more fix
* undo clang fmt?
* oops
* fix?
* allocator fix
* more fix
* more more
* more docs
* more fix
* mas mas mas
* hm
* more
* fix Frida
* needed
* more error
* qemu
* Introduce workspace (again) (#2673)
* Trying to redo workspace deps again after #2672
* unused
* clippy
* fixing formatting issues
* cloning values to make borrow checker happy
* simplifying cfg constraints, removing excessive clippy allows
* printing clang version that is used to find inconsistencies between CI and local formatting
* some fixes according to the CI
* Specifying types
* improved logging for formatter
* more attempts at logging for the CI formatting
* fixing setting LLVM version in formatting in CI
* fixing cippy allows
* renaming launcher's ClientID to ClientDescription
* Lower capped RAND generators (#2671)
* Lower capped rand generators
* Updated all references to RAND generators
* Formatting updates
* New RAND bytes generator constructor
* Revert "Updated all references to RAND generators"
This reverts commit 9daad894b25ec3867daf93c4fe67c03abec1d8c6.
* Revert "Formatting updates"
This reverts commit ff2a61a366c48b3f313878f62409e51b1e1ed663.
* cargo nightly format
* Added must_use to with_min_size
* fix error '#' is not followed by a macro parameter (#2678)
* Use version.workspace (#2682)
* LibAFL_QEMU: Don't return a generic Address from Register reads (#2681)
* LibAFL_QEMU: Make ReadReg always return GuestReg type
* Don't return a generic address
* fix fuzzers
* fix mips
* Add DrCovReader to read DrCov files and DrCov dumper and merge utils (#2680)
* Add DrCov Reader
* Removed libafl_jumper deps
* Fix DrCovWriter, add dump_drcov_addrs
* Taplo
* Move frida from usize to u64
* DrCov usize=>u64
* Better error print
* More u64
* ?
* debug
* clippy
* clippy
* Add Merge option to DrCovReader
* Add drcov_merge tool
* Move folder around
* DrCov
* More assert
* fmt
* Move around
* Fix print
* Add option to read multiple files/full folders
* Fix build_all_fuzzers.sh for local runs (#2686)
* Add Intel PT tracing support (#2471)
* WIP: IntelPT qemu systemmode
* use perf-event-open-sys instead of bindgen
* intelPT Add enable and disable tracing, add test
* Use static_assertions crate
* Fix volatiles, finish test
* Add Intel PT availability check
* Use LibAFL errors in Result
* Improve filtering
* Add KVM pt_mode check
* move static_assertions use
* Check for perf_event_open support
* Add (empty) IntelPT module
* Add IntelPTModule POC
* partial ideas to implement intel pt
* forgot smth
* trace decoding draft
* add libipt decoder
* use cpuid instead of reading /proc/cpuinfo
* investigating nondeterministic behaviour
* intel_pt module add thread creation hook
* Fully identify deps versions
Cargo docs: Although it looks like a specific version of the crate, it actually specifies a range of versions and allows SemVer compatible updates
* Move mem image to module, output to file for debug
* fixup! Use static_assertions crate
* Exclude host kernel from traces
* Bump libipt-rs
* Callback to get memory as an alterantive to image
* WIP Add bootloader fuzzer example
* Split availability check: add availability_with_qemu
* Move IntelPT to observer
* Improve test docs
* Clippy happy now
* Taplo happy now
* Add IntelPTObserver boilerplate
* Hook instead of Observer
* Clippy & Taplo
* Add psb_freq setting
* Extremely bad and dirty babyfuzzer stealing
* Use thread local cell instead of mutex
* Try a trace diff based naive feedback
* fix perf aux buffer wrap handling
* Use f64 for feedback score
* Fix clippy for cargo test
* Add config format tests
* WIP intelpt babyfuzzer with fork
* Fix not wrapped tail offset in split buffer
* Baby PT with raw traces diff working
* Cache nr_filters
* Use Lazy_lock for perf_type
* Add baby_fuzzer_intel_pt
* restore baby fuzzer
* baby_fuzzer with block decoder
* instruction decoder instead of block
* Fix after upstream merge
* OwnedRefMut instead of Cow
* Read mem directly instead of going through files
* Fix cache lifetime and tail update
* clippy
* Taplo
* Compile caps only on linux
* clippy
* Fail compilation on unsupported OSes
* Add baby_fuzzer_intel_pt to CI
* Cleanup
* Move intel pt + linux check
* fix baby pt
* rollback forkexecutor
* Remove unused dep
* Cleanup
* Lints
* Compute an edge id instead of using only block ip
* Binary only intelPT POC
* put linux specific code behind target_os=linux
* Clippy & Taplo
* fix CI
* Disable relocation
* No unwrap in decode
* No expect in decode
* Better logging, smaller aux buffer
* add IntelPTBuilder
* some lints
* Add exclude_hv config
* Per CPU tracing and inheritance
* Parametrize buffer size
* Try not to break commandExecutor API pt.1
* Try not to break commandExecutor API pt.2
* Try not to break commandExecutor API pt.3
* fix baby PT
* Support on_crash & on_timeout callbacks for libafl_qemu modules (#2620)
* support (unsafe) on_crash / on_timeout callbacks for modules
* use libc types in bindgen
* Move common code to bolts
* Cleanup
* Revert changes to backtrace_baby_fuzzers/command_executor
* Move intel_pt in one file
* Use workspace deps
* add nr_addr_filter fallback
* Cleaning
* Improve decode
* Clippy
* Improve errors and docs
* Impl from<PtError> for libafl::Error
* Merge hooks
* Docs
* Clean command executor
* fix baby PT
* fix baby PT warnings
* decoder fills the map with no vec alloc
* WIP command executor intel PT
* filter_map() instead of filter().map()
* fix docs
* fix windows?
* Baby lints
* Small cleanings
* Use personality to disable ASLR at runtime
* Fix nix dep
* Use prc-maps in babyfuzzer
* working ET_DYN elf
* Cleanup Cargo.toml
* Clean command executor
* introduce PtraceCommandConfigurator
* Fix clippy & taplo
* input via stdin
* libipt as workspace dep
* Check kernel version
* support Arg input location
* Reorder stuff
* File input
* timeout support for PtraceExec
* Lints
* Move out method not needing self form IntelPT
* unimplemented
* Lints
* Move intel_pt_baby_fuzzer
* Move intel_pt_command_executor
* Document the need for smp_rmb
* Better comment
* Readme and Makefile.toml instead of build.rs
* Move out from libafl_bolts to libafl_intelpt
* Fix hooks
* (Almost) fix intel_pt command exec
* fix intel_pt command exec debug
* Fix baby_fuzzer
* &raw over addr_of!
* cfg(target_os = "linux")
* bolts Cargo.toml leftover
* minimum wage README.md
* extract join_split_trace from decode
* extract decode_block from decode
* add 1 to `previous_block_ip` to avoid that all the recursive basic blocks map to 0
* More generic hook
* fix windows
* Update CI, fmt
* No bitbybit
* Fix docker?
* Fix Apple silicon?
* Use old libipt from crates.io
---------
Co-authored-by: Romain Malmain <romain.malmain@pm.me>
Co-authored-by: Dominik Maier <domenukk@gmail.com>
* libafl-fuzz: introduce nyx_mode (#2503)
* add nyx_mode
* fix frida ci?
* damn clippy
* clippy
* LibAFL: Remove `tui_monitor` from default features (#2685)
* No Usermode default
* no tui
* gg
* try fix CI
* fmt
---------
Co-authored-by: Dominik Maier <dmnk@google.com>
* Actually make ConstMapObserver work, introduce `nonnull_raw_mut` macro (#2687)
* Actually make ConstMapObserver work
* fixes
* does that work?
* mas
* Feature: libafl-fuzzfuzzbench (#2689)
* fuzzbench
* clippy
* fmt
* fix unicorn CI?
* Move bitfields to bitbybit (#2688)
* move to bitbybit
* Restore bitbybit dependent code
* Clippy
* Fix NautilusContext::from_file for python files (#2690)
* Bump to 0.14.0 (#2692)
* Fix versions in libafl and libafl_intelpt for crates.io (#2693)
* Fix versions in libafl and libafl_intelpt for crates
* Add libafl_intelpt to publish
* StdMOptMutator:🆕 remove unused type parameter (#2695)
`I` is unused in `::new` and thus requires callers to explicitly specify
any type as it can't be determined by type inference.
Clippy's `extra_unused_type_parameters` should pick this up, but is
tuned a bit too conservative in order to avoid false positives AFAICT.
* Move test_harness from source directory to OUT_DIR (#2694)
* remove test_harness from source directory
* fmt
* Add package.metadata.docs.rs for libafl_intelpt (#2696)
* libafl-fuzz: fix cmplog running on inputs more than once (#2697)
* libafl-fuzz: fix cmplog running on inputs more than once
* fmt
* fix afl++ cmplog header
* update to latest afl stable commit
* Libafl workspace internal deps in workspace Cargo.toml (#2691)
* Add internal deps to workspace
* libafl: use workspace internal deps
* libafl_bolts: use workspace internal deps
* 0.14.0
* use workspace internal deps
* Fix tui monitor for example fuzzers (#2699)
* Fix tui monitor for example fuzzers
* New clippy lint
* fix
* Update pyo3-build-config requirement from 0.22.3 to 0.23.1 (#2701)
Updates the requirements on [pyo3-build-config](https://github.com/pyo3/pyo3) to permit the latest version.
- [Release notes](https://github.com/pyo3/pyo3/releases)
- [Changelog](https://github.com/PyO3/pyo3/blob/main/CHANGELOG.md)
- [Commits](https://github.com/pyo3/pyo3/compare/v0.22.3...v0.23.1)
---
updated-dependencies:
- dependency-name: pyo3-build-config
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* bolts: fix build for tiers 3 platforms. (#2700)
cater to platforms knowingly support this feature instead.
* Pre init module hooks (#2704)
* differenciate pre qemu init and post qemu init hooks
* api breakage: Emulator::new_with_qemu is not public anymore.
* Fix edge module generators (#2702)
* fix generators
* fix metadata removal for ExecutionCountRestartHelper (#2705)
* Ignore pyo3 update (#2709)
* libafl-fuzz: feature-flag nyx mode (#2712)
* Bump ctor dependency to make nightly compile again (#2713)
* Batched timeout doc (#2716)
* timeout doc
* clp
* FMT
* More batched timeout doc (#2717)
* timeout doc
* clp
* FMT
* more
* fixing an overexited cast
* renaming variables
* removing unnecessary brackets
* fixing imports
* fixing imports
* renaming more variables
* even more variable renaming
* removing duplicate clap short options
* reverting mistaken variable renaming
* comparing the actual cores instead of an enumeration index
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Dominik Maier <domenukk@gmail.com>
Co-authored-by: Subhojeet Mukherjee, PhD <57270300+CowBoy4mH3LL@users.noreply.github.com>
Co-authored-by: jejuisland87654 <jejuisland87654@gmail.com>
Co-authored-by: Marco C. <46560192+Marcondiro@users.noreply.github.com>
Co-authored-by: Dongjia "toka" Zhang <tokazerkje@outlook.com>
Co-authored-by: Romain Malmain <romain.malmain@pm.me>
Co-authored-by: Aarnav <aarnav@srlabs.de>
Co-authored-by: Dominik Maier <dmnk@google.com>
Co-authored-by: Andrea Fioraldi <andreafioraldi@gmail.com>
Co-authored-by: Mrmaxmeier <3913977+Mrmaxmeier@users.noreply.github.com>
Co-authored-by: Sharad Khanna <sharad@mineo333.dev>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: David CARLIER <devnexen@gmail.com>
Co-authored-by: Henry Chu <henrytech@outlook.com>
`I` is unused in `::new` and thus requires callers to explicitly specify
any type as it can't be determined by type inference.
Clippy's `extra_unused_type_parameters` should pick this up, but is
tuned a bit too conservative in order to avoid false positives AFAICT.
