* Improve CI
* Fix markup errors
* Remove unnecessary matrix parameters
* Rename matrix jobs to tidy up the UI
* Allow the docker cache to be updated
* Fix cache name
* Share some caches
* Rename tools
* Move all unnecessary std uses to core,alloc
* More
* more fix
* more
* more
* Remove libafl-fuzz grimoire
* more
* more
* more cleanup
* remove bins
* fix
* more fix
* just port for binary only / systemmode fuzzers
* introduce just libraries, with pre-initialized variables and common recipes
---------
Co-authored-by: Dongjia "toka" Zhang <tokazerkje@outlook.com>
* more nyx hypercalls implemented, among them:
- panic hypercall
- range filtering hypercall
* fixed some nyx hypercalls behavior.
* added generic read / write to qemu memory
* port linux kernel example to also have nyx API, add better filtering as well.
* make nyx api structs volatile to avoid optimization issues
* Introduce a method create a Vec in place, using a closure.
* use new vec_init function in relevant places.
* removed unused unsafe keywork
* add more allocated memory r/w callbacks
* add more safety notes
* move emulator hooks to separate struct
* update QEMU version
* first step
* wip
* lol
* making progress, slowly
* add
* a bit more
* progress
* 80%done
* 90% done
* done from linux
* Hello from windows
* 1
* 2
* 3
* 4
* 5
* 6
* 7
* Hello from windows
* 9
* 10
* 11
* 11
* 12
* 13
* aa
* fixer
* a
* oops
---------
Co-authored-by: Your Name <you@example.com>
* Nyx hypercall API support
* fix linux kernel fuzzer
* hash_me -> hash_64_fast
* fix multiple bug in kernel harness
* do not check libmozjpeg's C files format.
* Qemu config refactoring.
* QEMU error refactoring.
* Single QEMU init function.
* Light refactor of EmulatorModules.
* Qemu is now a parameter to EmulatorModule callbacks and most function hooks.
* EmulatorModules is initialized before QEMU is initialized.
* refactor asan and asanguest modules to avoid custom init of QEMU and use the module interface instead.
* asan fixed size accesses working with generics.
* use pre_syscall_* and post_syscall_* everywhere for consistency.
* adapt qemu_launcher example to fully work with Emulator, since Qemu must now be initialized by Emulator.
* start writing Emulator / EmulatorBuilder / QemuConfig doc.
* fix broken intel pt doc.
* Use expect instead of allow, remove unnecessary allows
* Remove more whitelist lint warnings
* tranisitioning more subprojects
* Re-add some necessary allows
* Re-add more required allows
* Some more windows clippy fixes
* Re-add more whitelist items for expect
* More clippy whitelist fun
* Reset changes to generated files
* Reset generated files to correct version
* Move libafl_concolic to expect instead of allow
* Move libafl_frida to expect from allow
* Move libafl_libfuzzer to expect from allow
* Remove more whitelist items for macOS
* Fix unknown clippy allow
* Remove more unnecessary allow statements
* moving fuzzers
* Remove mistakenly added subdirs
* fixing imports
* Remove more unnecessary whitelisted lints
* Fix test for /home/ubuntu/LibAFL/fuzzers/inprocess/libfuzzer_libpng_accounting
* More clippy improvements for libafl_qemu
* fmt
* Some pedantic options
* Fix more stuff
* Remove Little-CMS again
* Add note to static_mut_refs
* Reset the changed testing routine since it is unnecessary
* libafl_qemu: Add RISCV support
Adds the following targets (as features):
- riscv32
- riscv64
Added `RISCVCPU` and `CPURISCVState` to the bindings allow list.
Added riscv.rs to the arch module, with all necessary functions and
registers implemented and mapped.
The registers are the same as the ones found in qemus gdbstub xml found
after a build.
Additionally we added all syscall numbers for riscv 64 bit (already
supported by the `syscall_numbers` crate) and also added the missing
ones for riscv 32 bit. We compared both lists and their differences /
equalities with a simple python script and generated a list of the
missing ones, to be complete.
We might PR those to the `syscall_numbers` crate later on.
---------
Co-authored-by: Romain Malmain <romain.malmain@pm.me>
* centralize clippy definition
* fmt
* add update bindings script
* add a checked and unchecked version of memory read to qemu stuff
also, a lot of clippy thing
* update binding position
* rm old script, new one is a bit better
* update doc
* macos clippy
* adapt fuzzers
* windows clippy
* fix fuzzer
* windows clippy
* remove old allowed clippy
* remove some allowed clippy
* use default features for serde_json in gramatron
* better error handler for failed rw to memory
* change fuzzbench_qemu
* real test
* fix qemu crash hook
* update bindings
* fix fork executor, reduce trait bound overhead
* make EdgeModule depend on observer to get ptrs.
* do not make EdgeCoverageModule::new public
* map observer as builder call
* adapt examples with new edge coverage module builder.
* TMP: everyone is a variable length map observer
* reuse profile path script
* fix absolute paths
* remove some dependencies to make pipeline faster
* compile-time builder initialization check
---------
Co-authored-by: Romain Malmain <romain.malmain@pm.me>
* versioning unification: use x.y.z format everywhere
* do not compile low-level logs (< info level) by default in fuzzers
* update dependencies to the latest versions
* add members to workspace.
* use workspace for common dependencies
* add vscode native support
---------
Co-authored-by: Toka <tokazerkje@outlook.com>
* Mark unsafe functions unsafe, as Ferris inteded
* More
* more safety?
* more fix
* actually safe
* More cleanup
* More fix
* more unsafe
* fix imports
* more unsafe
* fixes
* bring back the memories
* linux kernel (x509_cert) and process fuzzing example
* rework filters
* update to latest qemu
* working for process and kernel fuzzing
* new i2s mutator for binary only fuzzers
* refactoring modules with new filtering interface
* add state as parameter of harness
* hide unused global in usermode
* Script for stub bindings generation
* do not try to check whether it is worth generating the bindings, always
generate when the env variable is on.
* add taplo to fmt_all.sh
* Moved fuzzers (again) in a target-centric way.
* fix rust 2024 warnings.
* new libafl_qemu harness structure.
* rename qemu_systemmode into qemu_baremetal
* fix qemu baremetal makefile
* fix formatter
---------
Co-authored-by: Toka <tokazerkje@outlook.com>
* Better documentation headers (clippy)
* more doc
* more fixes
* Even more
* more
* even more
* concrete
* fmt
* even more more
* tiny typo
* more
* more
* More
* more
* more docs?
* more docs
* Add a custom typed builder for Emulator
* Unify qemu_init for usermode and systemmode
* Remove env from qemu init args (it is unused in QEMU in practice)
* expose thread hooks to systemmode
* rename qemu_config to config
* Replace ExitHandler by EmulatorDriver
* Reorder generics alphabetically for Qemu{,Fork}Executor
* Moved snapshot manager to Emulator to continue centralizing mains objects in the same structure
* Reimplementation of CommandManager working with enums instead of tables
* Macro has been adapted to do this work automatically
* Moved snapshot stuff to dedicated module
* Removed many Rc<RefCell<...>>, now useless with the removal of vtables
* Builder given by Emulator via `Emulator::builder`. Reduced trait bound overhead
* Remove stateless qemu executor
* All harnesses take a reference to an emulator as parameter now
* harness takes an emulator as first parameter, and input as second parameter (opposite of previous definition)
* bump libafl qemu dependencies to the latest version
* Update LibAFL QEMU to the latest version (V9.0.2 update, important bug fixes, ... - check the dedicated repo for more info)
* fix bug in hook execution, causing first execution hooks to be run multiple times.
* Helper is now called Module.
* Emulator now contains hooks state.
* Emulator is managed by QemuExecutor.
* QEMU hooks have been completely refactored on the rust side.
* Generics cleanup.
