* rands: use splitmix64 for seeding
Seeding with splitmix64 is a good way to avoid starting with
low-entropy PRNG states, and is explicitly recommended
by the authors of both xoshiro256++ and Romu.
While at it, give the xoshiro256++ PRNG its proper name.
* rands: use fast_bound() to generate number in range
* rands: add top-level choose()
* rands: add Rand::next_float()
* rands: add Rand::coinflip() helper
* libafl: unbreak tests that relied on direct seeding
* rands: add SFC64 PRNG
SFC64 is a well-established and well-understood PRNG designed by
Chris Doty-Humphrey, the author of PractRand. It has been tested
quite a lot over the years, and to date has no known weaknesses.
Compared to xoshiro256++, it is slightly faster and is likely to
be a more future-proof design (xoshiro/xoroshiro family of generators
come with quite long history of [flaws][1] found over the years).
Compared to Romu, it is slightly slower, but guarantees absense
of bias, minimum period of at least 2^64 for any seed, and
non-overlapping streams for different seeds.
[1]: https://tom-kaitchuck.medium.com/designing-a-new-prng-1c4ffd27124d
* run qemu fuzzers (qemu_systemmode only for now) in self-hosted runners
* Remove qemu-related fuzzers to general fuzzers
* fix
* Install dependencies before anything else
* Do not use sudo
* Install sudo
* Revert "Install dependencies before anything else"
This reverts commit 107addad5d9f68dec5a9af50831112cd72c28f4d.
* added qemu specific prerequisites
* add -y flag
* Format with nightly
* Do not use nightly only.
Install fmt and clippy for stable as well.
* Install qemu-img for qemu
* fix qemu-img install
* apt update
* Changed timeout.
* Fix qemu_systemmode test
* fmt
* clippy + decorrelate build and run for qemu_systemmode.
* fix fuzzer
* clippy
* add sqlite3-dev to package prerequisites.
* add arm-none-eabi-gcc
* fix profile dir
* fix condition.
* Run less QEMU stuff faster
---------
Co-authored-by: Toka <tokazerkje@outlook.com>
* speed up cargo check
* fix
* composite
* plural
* wrong name
* go brrrrrrrr
* bash
* aaaaa
* why not even more?
* more composite
* fix
* miri
* test for llvm >= 16
* v2
* v2
* naaaa
* JUST MORE INSTANCES
* aa
* fix
* no bash for windows
* reduce a bit as some guys are delayed
* no deps
* Build cargo-fuzz end to end
* Workaroudn failing CI
* Fix toml
* Build
* Exclude from workspace
* Fix version
* Fix workspace
* Fix workspace
* FIx workspace
* Fix path
* Set path correctly
* Install llvm-tools
* Test with distro llvm installed
* Use build
* complete
* remove from includes
* add back fuzzer tests, format
* add test for whether all fuzzers are actually tested in pipeline
* whoops
* I hate CI I hate CI I hate CI
* revert removal of llvm
* sh compatibility
* sigh
---------
Co-authored-by: Max Ammann <max@maxammann.org>
* Revert "Revert splitting libafl_edges_map_max and libafl_edges_map_in_use (#2…"
This reverts commit c68b3816fb680b635f99c337f78185e699864705.
* all
* more
* add
* add
* Revert "Revert splitting libafl_edges_map_max and libafl_edges_map_in_use (#2…"
This reverts commit c68b3816fb680b635f99c337f78185e699864705.
* all
* more
* MapObserver implements Hash
* Rename the hash utility function (in MapObserver) to hash_easy
* Use hash_slice as a helper function to impl Hash trait
* define_python_map_observer macro implements Hash trait
* Also rename hash_easy to hash_simple
* Rename hash_slice to hash_helper
* hash_helper is used to define the implementation of hash function/trait
* Factor out the Hash trait and function for runtime library structs (#1977)
* Simplify hash_simple (of trait MapObserver) (#1977)
* Use hash_one function to make hash_simple a one-liner
* remove hash_helper
---------
Co-authored-by: Edwin Fernando <ef322@ic.ac.uk>
Co-authored-by: Addison Crump <addison.crump@cispa.de>
* LibAFL QEMU can now be dynamically linked
* LibAFL QEMU reconfiguration happens less frequently (now using a signature check)
* Possibility to have custom rpath in QEMU
* sample implementation of tracking enforcement (incomplete)
* helpful compiler output
* make it look like a real compiler output
* ensure that the macro may be used outside of libafl
* separate index/novelty tracking funcs
* default const generic values so that we don't need to change this everywhere
* fix tests
* rollback unnecessary specification of stdmapobserver
* register metadata in doc tests
* doc fixes
* doc cleanup
* doc cleanup 2
* reduce implementor overhead to zero
* renaming/docs fixes
* asref isn't reflexive??
* generalization stage updates
* add better documentation about require_{indices,novelties}_tracking
* remaining generic updates
* round one CI pass (knowingly introduces breaking changes)
* typo
* round 2 clippy
* rollback: libafl_frida changes
* fmt
* moar porting
* fix remaining fuzzers
* fix windows build, maybe
* fixup libafl_libfuzzer
* fmt nighlty all the things
* attempt to fix some broken additions
* fix fmt
* oops
* fix new invocation
* minimizer scheduler fixes
* fix accounting
* rename
* fix
* Fix build
* Sort generics
* Move more generics into the right place
* Rename A -> C
* Fix test
* Fix test some more
* Fix doc some more
* critical formatting
* More A->C
* CanTrack harder
---------
Co-authored-by: Dominik Maier <dmnk@google.com>
* fix(libafl_qemu_build): assert command success
* fix(libafl_qemu_build): make sure linker_interceptor.py picks up correct compiler
Currently linker_interceptor.py uses 'cc' as the __LIBAFL_QEMU_BUILD_CC environment variable is never set
* remove redudant arg
* Implement user-space QEMU ASAN
* Fix wrong cfgs
* fmt
* merge conflicts in libafl qemu
* A few more fixes to qemu_launcher
* Change commit of qemu-libafl-bridge
* Fix clippy in qemu_launcher
* Fix commit id again
* Empty commit to trigger CI
* Fix path to fuzzer for test in qemu_launcher?
* Revert location of target binary and show the full error log from qemu_launcher test
* Appease the clippy gods
* Empty
* Fix format
---------
Co-authored-by: Your Name <you@example.com>
Co-authored-by: Dominik Maier <domenukk@gmail.com>
Co-authored-by: Andrea Fioraldi <andreafioraldi@gmail.com>
* introduce disabled field to Testcase
* separate executor's processing of execution (adding to corpus/solution/discarding) and execution of input
* introduce add_disabled_input function
* enable splicing mutators to fetch disabled inputs
* reset modified example
* clean up
* update docs
* update docs for count_with_disabled
* fix random_corpus_id for splicing mutator not considering disabled entries
* fmt
* update docs
* clippy
* fix corpus_btreemap not working
* fix clippy warnings
* fix python bindings
* typo in count_with_disabled implementations
* fix certain splicing mutators not considering disabled inputs
* rename count_with_disabled to count_all
* introduce count_disabled function
* update docs for count_all, count_disabled and count
* * introduce get_from_all and nth_from_all for corpus implementations so get() and nth() do not silently fetch disabled entries.
* remove boolean flag from random_corpus_id which allowed inclusion of disabled ids and make it into a new function random_corpus_id_with_disabled
* update docs
* remove boolean is_disabled flag from corpus::insert and make it into a separate function insert_disabled
* rename do_insert to _insert
* make get_from_all inline for cached and inmemory
* add missing functions implementation for PythonCorpus
prevent writing feedback when adding disabled testcases
* fix nth_from_all overfetching enabled corpus entries
* fix clippy & rename execute_with_res to execute_no_process
* refactor _insert for corpus_btreemap
* make LibfuzzerCorpus and ArtifactCorpus to accomodate disabled entries
* fix typo
* fix missing docs for map field
* fix clippy
* test
* (hopefully) fix CachedOnDiskCorpus using incorrect corpus when caching testcase
* fix typo in inmemory_ondisk leading to fetching disabled entry from enabled corpus
---------
Co-authored-by: aarnav <aarnav@srlabs.de>
Co-authored-by: Dominik Maier <domenukk@gmail.com>
* CI: Don't run cargo clean in order to preserve build caches
* CI: run yaml formatter >:)
* CI: try sharing build caches between similar jobs
* CI: it looks like the `ucd-generate` tool is not used anymore
* CI: Sneak in merge queue support :)
* CI: split out `cargo fmt --check` job
* libafl_qemu injections: be more resilient about mapping paths
