alwin.berger/FRET-LibAFL
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1,943 Commits 19 Branches 28 Tags
Commit Graph

76 Commits

Author SHA1 Message Date
Dongjia "toka" Zhang
6f21cb3848
Bump to 0.10.1 (#1280) 
* bmp

* remove DEBUG env var
 2023-05-22 12:42:36 +02:00
Langston Barrett
aa3f126100
LibAFL_qemu: Return errors from Emulator::new instead of asserting (#1197) 
* qemu: Return errors from Emulator::new instead of asserting

Libraries should not `assert!` except in cases of unrecoverable (library)
programmer error. These errors are all potentially recoverable, and aren't
internal errors in `libafl_qemu` itself.

* Respond to review comments
 2023-04-09 21:27:27 +02:00
Andrea Fioraldi
0f633962ff
Bump to 0.10.0 (#1156) 
* Bump to 0.10.0

* fix

* Fix CI

* Fix copyright

* fmt

---------

Co-authored-by: Dominik Maier <domenukk@gmail.com>
Co-authored-by: Dongjia "toka" Zhang <tokazerkje@outlook.com>
 2023-04-05 17:49:53 +02:00
Dongjia "toka" Zhang
ccd1211cd2
Remove qemu_arm_launcher test from CI (#1179) 
* remove qemu arm

* trigger all

* debug

* revert

* api chg

* fix

* try

* debug

* remove qemu

* no_std

* Update build_and_test.yml

* llvm16

* revert z3

* macos

* fix

* remove test

* don't grep on mac

* fix

* ok

* f

* f

* f

* aaa
 2023-04-04 14:49:58 +02:00
Dongjia "toka" Zhang
0c9933c3e4
Remove libfuzzer_stb_image_sugar for now (#1177) 
* a

* better check

* slow
 2023-03-24 02:41:15 +09:00
Dominik Maier
bbe4e85768
Removed new_ from constructors that don't need it (API consistency) (#1159) 
* Removed new_ from constructors that don't need it (API consistency)

* un-change python bindings
 2023-03-17 17:02:21 +01:00
Matheus Baptistella
c38405ef83
Shorthand functions to get typed metadata, renamed metatdata -> metadata_map (#1123) 
* Created macro to get the metadata form State and Testcase

* Expanded the macros for mutable, or not, State and Testcase metadata

* Created functions on traits HasMetadata and HasNamedMetadatato get, mutable or not, metadata

* Created the functions to get metadata

* Added #[inline] attribute and renamed the functions

* Renamed the functions and added #[inline] attribute

* Temporarily added testcase() function

* Added testcase() function

* Changed Ref import to core::cell:Ref

* Added testcase_mut() and renamed occurences of metadata() and metadata_mut()

* Renamed more occurences

* Renamed the metadata() on impl HasMetadata for NopState

---------

Co-authored-by: Andrea Fioraldi <andreafioraldi@gmail.com>
 2023-03-14 14:24:33 +01:00
Vincent
c8254dbd0e
Check CI result on cargo make test for available fuzzers (#1107) 
* fix libfuzzer_libpng_cmin

* fix libfuzzer_libpng_ctx

* revert libfuzzer_libpng_cmin and check ci by grepping broker stdout result instead

* revert libfuzzer_libpng_ctx and check ci by grepping broker stdout result instead

* add check ci for fuzzers

* add check ci for fuzzers

* add check ci

* add fuzzbench test

* add validation for qemu fuzzer

---------

Co-authored-by: Dongjia "toka" Zhang <tokazerkje@outlook.com>
 2023-03-06 23:21:24 +09:00
Dominik Maier
fbe8cce1b8
Real OnDiskCorpus (#1096) 
* Real OnDiskCorpus

* clippy

* python

* docs

* clippy

* docs

* move to reuse cachedinmem corpus

* fmt
 2023-02-28 15:41:05 +01:00
Andrea Fioraldi
dc800f0814
on_evaluation Scheduler method (#1106) 
* add on evaluation hook in schedulers

* on_evaluation for WeightedScheduler

* fix PowerQueueScheduler

* fix fuzzers

* upd qemu

* tests

* upd
 2023-02-28 11:33:26 +01:00
Addison Crump
e42cd9c12f
Fixes for on_replace/on_remove and related for StdFuzzer and MapFeedback (#1067) 
* scheduler replace fixes

* oops, no-std

* add

* changes on the fuzzers

* move map feedback history updates to append_metadata

* fixes for python bindings

* learn to clippy

* fix for fuzzer add_input

* clippy fixes for frida

* additional powersched differences

* corrections for bitmap_size

* off-by-one

* I live in a prison of my own creation and clippy is the warden

* clear the novelties map for the situation where is_interesting is invoked, but not append_metadata

---------

Co-authored-by: tokatoka <tokazerkje@outlook.com>
 2023-02-15 17:04:18 +01:00
R. Elliott Childre
4d5a759955
Update deps for libafl (#1042) 
Reduces total number of packages from 577 to 571 on building with:
`cargo +nightly build --workspace --all-features`

* ahash 0.7 -> 0.8
  * Move `AHasher::new_with_keys` to `RandomState::with_seeds` given the
    recommendation from: aHash maintainer:
    https://github.com/tkaitchuck/aHash/issues/132#issuecomment-1288207069

* bindgen: 0.61 -> 0.63

* c2rust-bitfields: 0.3 -> 0.17

* criterion: 0.3 -> 0.4

* crossterm: 0.25 -> 0.26

* dynasmrt: 1.2 -> 2

* goblin: 0.5.3 -> 0.6

* hashbrown: 0.12 -> 0.13

* nix: 0.25 -> 0.26
  * The `addr` arg of `mmap` is now of type `Option<NonZeroUsize>`
  * The `length` arg of `mmap` is now of type `NonZeroUsize`
  * Requires updating implementers to update `nix` as well

* prometheus-client: 0.18.0 -> 0.19
  * Do not box metrics
  * Gauges (a majority of the LibAFL metrics) are now i64 types so there
    is a small chance of overflow, with the u64 values that LibAFL
    tracks, but unlikely to be problematic.
 * Keep `exec_rate` as a floating point value

* serial_test: 0.8 -> 1

* typed-builder: 0.10.0 -> 0.12

* windows: 0.42.0 -> 0.44

Co-authored-by: Dominik Maier <domenukk@gmail.com>
 2023-02-06 12:24:42 +01:00
R. Elliott Childre
5d76707ede
Bump deps and fix Clippy warns in example fuzzers (#1043) 
* Mostly addressing changing the `uninlined_format_args` lint which was
  changed to warn-by-default in rust clippy 1.67

* Bump dependencies:
  bindgen:  0.61 -> 0.63
  cc:       1.0 -> 1.0.42 (Exclue versions w/incompat rayon dependency)
  clap:     3.x -> 4.0
  rangemap: 0.1 -> 1
  xz -> xz2:  move to updated version

* Add fallthrough default return to `LLVMFuzzerTestOneInput` in
  **/fuzz.c to prevent Clang's -Wreturn-type

* libafl_atheris: Improve POSIX compatibility and reduce warnings
  * Check for .dylib and .so libraries
  * `source` -> `.` for POSIX shells
  * install wheel into the venv to support newer Python packaging
    standards
  * `LDPRELOAD` -> `LD_PRELOAD`
 2023-02-05 21:53:45 +01:00
Andrea Fioraldi
eaf5ff9de0
Restart loading initial inputs even after a crash/timeout (#1040) 
* Track initial inputs loading

* libfuzzer libpng

* fuzzbench

* fix no_std

* fix no_std

* clippy

* fuzzers
 2023-02-03 11:56:47 +01:00
Andrea Fioraldi
fdf579bcd5
Bump to 0.9.0 (#946) 
* bump to 0.9.0

* fix libafl_tinyinst

* fix

---------

Co-authored-by: Dominik Maier <domenukk@gmail.com>
 2023-01-31 10:42:01 +01:00
Dominik Maier
97e88af0c5
OnDiskCorpus: Write metadata by default, metadata gzip compression (#995) 
* Write metadata by default

* fix fuzzers

* Cleanup, gzip feature

* Fix casing for ondisk corpus

* fix fmt, clippy

* clippy

* clippy for gdiplus fuzzer

* fmt
 2023-01-13 01:07:36 +01:00
Dominik Maier
75f12bd0eb
Remodelling Observers/Examples that rely on UB, API cleanups (#950) 
* Tackling UB

* PtrMut -> MutPtr, moved mapobservers to non-UB

* QEMU fixes

* test fixes

* qemu

* Change all interfaces, fix all fuzzers

* fixes

* fix more fixes

* fmt

* fix qemu sugar

* fix some qemus

* atheris

* fmt

* more fmt

* most fmt

* more fix

* nyx fyx

* fix qemu

* clippy, fixes

* more fixes

* no unfix, only fix

* fix

* fix

* more clippy

* fixes

* ListObserver

* fmt, clippy

* fix qemu on arm

* update zlib target

* fix?

* fix

* added migration guide

* ignore doc

* fix symcc

* fix new win fuzzer

* Fixes, rename PTR_SIZE to PTR_NUM

* Try fix linking on win

* Trying to fix win linking

* more cov

* trying to fix win some more

* trying to fix mac

* trying to fix mac

* Fix tests

* Fix tests

* trying to fix win

* more mac

* giving up for windows

* fmt

* python3

* mac?

* undo windows tests
 2022-12-24 14:20:44 +01:00
Patrick Gersch
cf9c4188c0
Disabling qemu dependecies for qemu fullsystem (#737) 
* Disabling qemu dependecies by default

* Adding full emulation_mode support

* Removing usermode from libafl_qemu default features

* Fixing refactoring

* Fixing typo in systemmode

* Fixing clippy:needless-borrow

* Mark libafl_load/save_qemu_snapshot as unused + cpu_reset

* Fixing clippy::needless-borrow

* Fixing needless-borrow yet again

* reset_cpu -> cpu_reset

* Fixing github workflow yet again

* Fixing clippy::uninlined-format-args

* Adding current libafl_qemu_bridge

Co-authored-by: Andrea Fioraldi <andreafioraldi@gmail.com>
 2022-10-25 14:16:11 +02:00
Andrea Fioraldi
5571a03641
Implement thread-safe AsanGiovese in Rust with snapshots support (#851) 
* Purge C impl of asan-giovese

* Compiling

* reset asan

* Restore asan state in qemu

* clippy

* upd

* Asan snapshots

* fuzzbench_qemu

* fix snap mmap limit

* fix

* compiles again

* clippy

* update meminterval

* autofix

* fix 32 bit targets

* try to clean intermediate builds

Co-authored-by: Dominik Maier <dmnk@google.com>
 2022-10-25 09:48:59 +02:00
Dominik Maier
e8b3d33bf4
Update dependencies, removed unused deps, CI fixes (#839) 
* update clap, remove unused deps

* update grammartek

* update pyo3

* update pyo3

* undid clap update

* not changing nyx

* updated deps

* Update more deps, fixes

* not needed clippy

* fix windows

* try to enable deprecated pyproto for pyo3

* unused

* moving some things to clap4 after all

* initial move to clap 4

* fix clap

* more clap4, removed accidental file

* fixes, fmt

* fix

* all fix no play

* fix
 2022-10-18 20:36:43 +02:00
Andrea Fioraldi
089bc49d55
Bump to 0.8.2 and update versions script (#828) 2022-10-12 14:57:08 +02:00
Dongjia "toka" Zhang
d17269d3d5
Stability improve (#773) 
* initial

* add

* fmt & fix

* dbg remove

* clp

* clp

* more

* clippy

* del

* fix

* remove unused

* fix

* doc
 2022-09-12 18:08:07 +02:00
Dongjia Zhang
eac7307c5a
0.8.1 (#732) 2022-08-18 10:23:57 +02:00
syheliel
2504b6dae3
Add rustfmt.toml (#722) 
* add `rustfmt.toml`

* format fix

Co-authored-by: syheliel <syheliel@gmail.com>
 2022-08-12 02:28:32 +02:00
Dominik Maier
5a8bdae26f
Update requirements (#714) 
* Update requirements

* more updates

* nits

* more updates

* update nix for fuzzers

* use any regex 1 instead of 1.6
 2022-07-29 09:54:16 +02:00
Dongjia Zhang
ffe8dbf6af
Bump to 0.8.0 (#696) 
* upd

* more
 2022-07-11 21:59:11 +02:00
Andrea Fioraldi
7147170240
New hooks for libafl_qemu (#673) 
* new block and edge hooks

* Wrking new hooks

* no Pin, just box

* working call tracing

* invalidate_block flag

* working call stack tracking helper

* callstack push

* fixes

* py

* fixes

* clippy

* clippy

* gdb api

* kill introspection

* fix

* upd qemu

* upd qemu
 2022-06-16 11:09:07 +02:00
Dominik Maier
bfe69aea09
Format C/Cpp code in ./scripts/fmt_all.sh (#653) 
* format all (clang format 13)

* added clang-format check

* re-add missing newline

* cargo doc was missing

* more brackets

* fixed fmt workflow

* clang format

* shellcheck

* install clang-format-13

* update ubuntu for maximum clang-formattability

* yml whitespaces

* fmt

* shellcheck only for .sh

* oops path

* ignored shellcheck warning
 2022-05-29 03:23:02 +02:00
Andrea Fioraldi
a544bc042d
Move build_id to bolts (#649) 
* Drop the build_id depedency and move to bolts

* tabs->spaces

* clippy build_id fixes

* frida clippy

Co-authored-by: Dominik Maier <dmnk@google.com>
 2022-05-27 01:05:03 +02:00
Andrea Fioraldi
da537aae83
FeedbackState as metadata (#627) 
* SerdeAny MapFeedbackState

* Fix macro syntax

* alloc

* fix

* Metadata calibrate and map feedback

* metadata feedback states

* compile

* fmt

* Register common generic types

* tests

* sugar

* no_std

* fix book

* alloc

* fix fuzzers

* fix

* fmt

* disable python bindings for libafl

* clippy

* fmt

* fixes

* fmt

* fix

* fix

* fix

* fix

* fix

* release autofix

* fix

* fix

* fix

* fmt

* fix

* fix

* name

* fix

Co-authored-by: Dominik Maier <dmnk@google.com>
 2022-05-24 16:05:22 +02:00
Dongjia Zhang
283ceaac9b
Make weigthed scheduler independent of powersheduler stage (#599) 
* rename & add metadata in scheduler, not stage

* Update testcase_score

* rename

* fix

* update handicap in scheduler

* fmt

* update fuzzers

* doc

* fmt

* fix

* fmt

* more

* fix

* fix

* fix

* fmt
 2022-05-08 16:43:02 +02:00
Dongjia Zhang
2ba32c0173
Update Clap dependency (#621) 2022-05-06 01:12:25 +02:00
Dongjia Zhang
034a4870e2
Set the number of stacked mutations in MOpt mutator (#587) 
* max_stack_pow

* fix

* fix

* fmt

* rename
 2022-04-03 09:25:59 +09:00
Toka
abf1a66028
Rename FavFactor to TestcaseScore; More TestcaseScores (#574) 
* rework aflfast

* more

* move fuzz_Mu

* weighted

* fix

* borrow checker fix

* compute_weight

* alias_table

* fmt

* fix & rename

* fix & less mut

* no_std

* no_std

* clippy

* 32bit clippy fix

* top_rated for compute_weight

* fix

* clippy & metadata Init

* fix

* fix

* fix

* clippy & fmt

* change fuzzers

* fuzzbench_selected

* fmt

* compute() has state

* use favfactor for powerschedules also

* fix merge

* rename

* fmt & clippy

* no_std

* fmt

* clippy

* rename

* fmt

* rename

* fmt

* fix

* fix

* fmt

* fix

* fix
 2022-03-27 04:04:46 +09:00
Dongjia Zhang
c72f773ca0
Weighted corpus entry selection (#570) 
* rework aflfast

* more

* move fuzz_Mu

* weighted

* fix

* borrow checker fix

* compute_weight

* alias_table

* fmt

* fix & rename

* fix & less mut

* no_std

* no_std

* clippy

* 32bit clippy fix

* top_rated for compute_weight

* fix

* clippy & metadata Init

* fix

* fix

* fix

* clippy & fmt

* change fuzzers

* fuzzbench_selected

* fmt
 2022-03-23 02:01:00 +09:00
Andrea Fioraldi
a56f4af7da
CorpusScheduler -> Scheduler and move them to the schedulers folder (#560) 
* CorpusScheduler -> Scheduler

* fix book

* update fuzzers

* fix tests

* fix sugar

* fix

* fix tutorial

* fix tutorial

* fmt

* fix

* fmt

* fmt
 2022-03-03 14:27:37 +01:00
Dongjia Zhang
ba4cca0e15
Delete redundant makefiles (#546) 
We switched to cargo make
 2022-02-20 18:50:29 +01:00
Dongjia Zhang
fc89f2944b
Makefile.toml fix (#545) 2022-02-20 04:21:43 +01:00
Dongjia Zhang
936e2221d1
Cargo-make (#537) 
* timeout utility

* example build.toml

* upd

* ci

* Update build_and_test.yml

* Update build_and_test.yml

* rename, qemu_launcher

* libpngs

* fix

* upd

* del

* do_nothing -> unsupported

* rename

* use command

* non qemu fuzzbench

* script.sh

* mroe

* qemu

* fix

* generic

* fix

* fix

* allow 124

* quotes

* fix

* fix

* fix

* stderr to devnull

* chg
 2022-02-20 03:32:43 +01:00
Andrea Fioraldi
a03d733cf9
libafl_qemu decouple hooks from the executor and QemuForkExecutor (#528) 
* QemuHooks

* option state hooks

* QemuForkExecutor

* enforce no side effects in QemuForkExecutor

* child hooks fixes

* fixes

* qemu_launcher

* examples and fixes

* fix sugar

* clippy

* fmt

* no timeout for fuzzbench_fork_qemu

* Update libafl_qemu/src/hooks.rs

Co-authored-by: Alwin Berger <50980804+alwinber@users.noreply.github.com>

* clippy

Co-authored-by: Alwin Berger <50980804+alwinber@users.noreply.github.com>
 2022-02-15 22:11:24 +01:00
Dominik Maier
6810e6085b
Builder for CommandExecutor & Tokens Refactoring (#508) 
* builder for CommandExecutor

* tokens api cleanup, clippy

* fix doctest

* cleanup

* added testcase, remodelled

* command executor builder fix

* fix fuzzer(?)

* implemented From for configurator

* nits

* clippy

* unused

* autotokens

* cleanup

* nits

* Err instead of empty tokens

* fix tokens fn

* fix err

* more error fixing

* tokens remodelling

* typo

* recoverable fail on missing autotokens

* clippy, nostd

* asslice, into_iter, etc. for tokens

* adapt fuzzers

* iter

* fixes, clippy

* fix

* more clippy

* no_std

* more fix

* fixed typo

* cmd_executor builds again

* bring back ASAN stuff to Command Executor

* forkserver speedup

* no need to static

* back to earlier
 2022-02-01 10:10:47 +01:00
Evan Richter
4a6616bdfe
[libafl_qemu] simplify emu::{read,write}_mem (#496) 
Methods read_mem and write_mem now operate on &[u8], not &[T]

The generic T slice interface was prone to various footguns:
* i32 is the default Rust integer type, but buffers are often expected
  to hold u8. This means the following code writes 16 bytes to the
  guest, not 4:

      let buf = [0; 4];
      emu.write_mem(addr, &buf);

* If a buffer of 16-bit or larger integers (&[u64] for example) is
  needed to read/write, the user will need to consider host/guest
  endianness. The byte array methods in std are a good, explicit
  alternative.

  Perhaps libafl_qemu could expose/define "to/from guest endianness"
  helper functions or extension traits using the established cfg flags,
  so that guest endianness is always right by default.

* emu::read_mem causes insta-UB if a user did something like:

      let mut my_bool = false;
      emu.read_mem(addr, &mut my_bool);

  It's less surprising for users to just operate on plain-ol' bytes,
  which they can explicitly transmute if they wish.
 2022-01-27 09:05:33 +01:00
Dominik Maier
77e5965e97
Add AsSlice, AsMutSlice traits, refactor MapObservers to be iterable, and have associated types (#477) 
* from warning

* fix latest clippy

* clippy fixes++

* renamed shmem parameters

* renamed map to shmem

* make forkserver executor work for any (non-system) shmem

* Mem -> ShMem

* rework windows

* fix nit

* fix symbolic

* refacctor map observers

* iterator for map observers

* removed unused ownedptr, added asslice trait to most functions

* make map entry type an associated type

* fix fuzzers

* fix docs

* typo fix

* fix windows, add try_from_slice to shmid

* missing import

* fix fuzzbench

* cleanup

* fmt

* more asslice

* fmt

* added doc link about token-level fuzzing

* cods
 2022-01-19 00:02:33 +01:00
Andrea Fioraldi
bca1f392a7
Bump to 0.7.1 (#465) 
* bump to 0.7.1

* bump libafl_qemu
 2022-01-13 11:32:57 +01:00
Dominik Maier
6d9763c51f
Move to clap 3.0 (#447) 
* move to clap 3.0

* fix cargo.toml

* update symcc to use clap3
 2022-01-04 23:53:12 +01:00
Dominik Maier
efc804fe7d
Updated dependencies (#443) 
* updated dependencies

* updated info in toml

* Windows fixes

* fixed immport

* u32 -> i32

* ignore i32 overflows in constants

* removed unused double allow
 2022-01-02 17:52:44 +01:00
Andrea Fioraldi
6274ad4594
Refactor libafl_qemu creating the Emulator struct and post syscall hooks (#430) 
* working without asan.rs

* working asan

* update fuzzers

* mremap in snapshot

* sugar

* python

* fix python

* clippy

* fmt

* fuck you loader
 2021-12-23 09:10:13 +01:00
Andrea Fioraldi
0cce1e2b91 Update fuzzbench and fuzzbench_qemu, delete fuzzbench_gsoc 2021-12-21 11:26:04 +01:00
Dominik Maier
304eda724f
Various fixes for CI (#423) 
* Various fixes

* fix try_from for cores

* no_std
 2021-12-15 18:11:40 +01:00
Dominik Maier
217a7dee1d
Use Structopt instead of yaml for example fuzzers, introduce Cores API (#420) 
* reworked generic_inmemory to structopt

* moved core parsing to a struct

* added Cores

* added structopt to libpng_ctx

* improved libafl, added structopt to libpng launcher

* fix deexit ub

* move more to structopt

* improve llvm-config detection

* move construct_automata to structopt

* clippy, fixes, ...

* no_std

* clippy

* frida core parsing

* fixed no-fork cores

* updated clap

* added missing import

* missing borrow

* reworked frida to structopt

* fixed build

* using Cores api for atheris

Co-authored-by: Dominik Maier <d.maier@avm.de>
 2021-12-15 03:58:35 +01:00