* documentation, warnings
* fixed docs
* docs
* no_std
* test
* windows
* nautilus docs
* more fixes
* more docs
* nits
* windows clippy
* docs, windows
* nits
* debug all the things
* derive debug for all core library components
* Docu for libafl_targets
* nits
* reordered generics
* add docs to frida, debug
* nits
* fixes
* more docu for frida, nits
* more docu
* more docu
* Sugar docs
* debug for qemu
* more debug
* import debug
* fmt
* debug
* anyap_debug feature no longer needed
* tidy up unused fn
* indicate if we left out values for struct debug
* implement Debug for sugar
* debug allthethings
* ci
* Add minibsod
* fmt'
* clippy
* nostd/mac fixes
* windows fix
* woops. Mac fixes
* Get rid of unneccesary sleep
* Fix missing unsafe
* clippy fixes
* make ucontext,siginfo not a reference
* fmt
* fix _context
* Add stubs for non-apple, non-linux, non-android; add a todo
* Fmt
* macos x64, testcase, cleanup
* no_std
* added fault address to minibsod for apple x64
* added err, hexlified values (as per mac panic)
* informing user about lack of registers
Co-authored-by: Dominik Maier <domenukk@gmail.com>
* nautilus dep
* nautilus generation
* fix mutator
* start new mutator for nautilus
* other mutators
* baby
* ci
* NautilusFeedback
* fix unparse
* ci
* ci
* ci
* ci
* nigghtly clippy
* ci
* fix
* ci
* ci
* update construct automatata
* fix
* ci
* clippy
* clippy
* nightly clippy
* more clippy
* minor clippy
Co-authored-by: Dominik Maier <domenukk@gmail.com>
* update packages related to concolic
* install z3 on CI macOS
I have no clue how this worked before...
Co-authored-by: Dominik Maier <domenukk@gmail.com>
* clippy
* clippy on windows
* clippy fixes on windows
* clippy, fmt
* fixed testcases for windows
* fixing workspace.yml
* testcase no longer fails without clang
* fix github dependencies to specific revisions
* fix qemu without python
* cleanup HookResult
* llmp docs skeleton
* llmp documentation
* more llmp docu
* llmp
* some core concepts
* start working on tutorial
* adapted rng_core to lain
* fix tutorial build
* warnings, format
* add explanation
* No need to own the types
* metadata
* writing
* fmt
* tutorial folder
* lain needs nightly
* added mdbook test to ci
* fix ci, add linkcheck
* more book
* baby
* tutorial target
* fix mdbook build
* fix mdbook test
* more book
* fixed typo
* fixed build
* spawn instances'
* 'finish' book
* added sugar crate information
Co-authored-by: Dominik Maier <domenukk@gmail.com>
* add stub runtime that links with symcc common runtime code
* implement tracing runtime to generate message file
* move ShMemCursor to libafl proper
* qualify enum imports to make clippy happy
* fix warnings
* formatting
* update symcc submodule to point to AFL++ org repo
* fix naming of ShMemCursor and remove std requirement
* ensure runtime is named correctly after compilation
* add devcontainer files for easier development
(will be removed later)
* move rust nightly install into devcontainer.json
this makes it run after the container has been built
* dev container: install recommended packages
* switch to building rust runtime from SymCC cmake
* install corrosion in dev container for cmake-cargo integration
* add smoke test for symcc-runtime integration
* update symcc submodule
* add rustfmt to devcontainer
* properly mark the end of a constraint trace
Using a special "End" message
* small tool to dump constraints from a traced process
* extend smoke test to include parsing & printing of constraints
* update symcc submodule
* first draft of expression filters for concolic
* fix type in runtime method name
* update symcc submodule
* implement extensions to serdeany map:
* remove -> Option<T>
* insert_boxed(Box<T>) (avoids allocation if value is already boxed)
* implement std::io::Seek for ShMemCursor
* implement framing for in-memory traces
this allows to efficiently get the length of trace.
this is important for efficiently copying the trace out of the shared
memory region.
* fix for serdeany map
* fuzzer that associates concolic traces with test
case
* ensure runtime can handle 0-expressions
* move metadata, observer and feedback into separate files
* convert executor to command executor and move to separate file
* refactoring and streamlining
* move panic mode configuration to cmake script
* compile cmake from source, because debians version is too old.........
* use separate stage for tracing
* fix dockerfile
* move runtime into the workspace
using prior work on compilation flags from cmake
* actually make use of selective symbolication filter
* update to support latest symcc changes
* implement hitmap for concolic runtime
* clippy
* implement selective symbolization and coverage map for dump_constraints tool
* use concolic runtime coverage for concolic fuzzer feedback
* actually kill process on timeout
* be extra careful after killing process
* increase command executor busy wait to 5ms
* implement concolic tracing stage
* address naming issue
* implement floating point expression filter for runtime
* rename expression filters to be less verbose
* implement expression pruning
* implement ConcolicMutationalStage
* refactor command executor and remove busy loop
* implement generic command executor
* remove debug prints
* refactor + documentation
* refactor
* add stub runtime that links with symcc common runtime code
* implement tracing runtime to generate message file
* move ShMemCursor to libafl proper
* qualify enum imports to make clippy happy
* fix warnings
* formatting
* update symcc submodule to point to AFL++ org repo
* fix naming of ShMemCursor and remove std requirement
* ensure runtime is named correctly after compilation
* add devcontainer files for easier development
(will be removed later)
* move rust nightly install into devcontainer.json
this makes it run after the container has been built
* dev container: install recommended packages
* switch to building rust runtime from SymCC cmake
* install corrosion in dev container for cmake-cargo integration
* add smoke test for symcc-runtime integration
* update symcc submodule
* add rustfmt to devcontainer
* properly mark the end of a constraint trace
Using a special "End" message
* small tool to dump constraints from a traced process
* extend smoke test to include parsing & printing of constraints
* update symcc submodule
* first draft of expression filters for concolic
* fix type in runtime method name
* update symcc submodule
* implement extensions to serdeany map:
* remove -> Option<T>
* insert_boxed(Box<T>) (avoids allocation if value is already boxed)
* implement std::io::Seek for ShMemCursor
* implement framing for in-memory traces
this allows to efficiently get the length of trace.
this is important for efficiently copying the trace out of the shared
memory region.
* fix for serdeany map
* fuzzer that associates concolic traces with test
case
* ensure runtime can handle 0-expressions
* move metadata, observer and feedback into separate files
* convert executor to command executor and move to separate file
* refactoring and streamlining
* move panic mode configuration to cmake script
* compile cmake from source, because debians version is too old.........
* use separate stage for tracing
* fix dockerfile
* move runtime into the workspace
using prior work on compilation flags from cmake
* actually make use of selective symbolication filter
* update to support latest symcc changes
* implement hitmap for concolic runtime
* clippy
* implement selective symbolization and coverage map for dump_constraints tool
* use concolic runtime coverage for concolic fuzzer feedback
* actually kill process on timeout
* be extra careful after killing process
* increase command executor busy wait to 5ms
* implement concolic tracing stage
* address naming issue
* implement floating point expression filter for runtime
* rename expression filters to be less verbose
* implement expression pruning
* implement ConcolicMutationalStage
* refactor command executor and remove busy loop
* implement generic command executor
* remove debug prints
* refactor + documentation
* refactor
* fixed build, clippy
* no_std
* implement WithObservers executor as discussed
* add symqemu as a submodule
* fix symqemu submodule URL to be relative
* update the concolic runtime to match the new interface
* update the trace file header regularly to save constraints in case the program crashes
* add build dependencies for symqemu
* handle full mesage buffer properly
* better policy for updating trace header
* less aggregiously inefficient GC information serialization
* move concolic runtime hitmap count to filter
this is in preparation for the new runtime interface
* very WIP new runtime interface
* use more convenient types in rust runtime
* EmptyRuntime -> NopRuntime
* hide cpp_runtime and formatting
* implement tracing runtime using new runtime interface
* implement filters with new runtime interface
* use a local checkout for symcc_runtime
* make test runtime tracing
* use test_runtime in smoke test
* fix formatting
* make the clippy overlord happy?
* disable symcc build on everything but linux
* make more of symcc_runtime linux only
* fix linking symcc_runtime with C++ stdlib
* will clippy ever be happy?
* formatting
* don't export symcc runtime when compiling tests
* clippy...
* "don't export symcc runtime when compiling tests" for runtime crate as well
* clippy
* move command executor to LibAFL
* move concolic crate into LibAFL
* move concolic{metada,observer} into LibAFL
* move ConcolicFeedback into LibAFL
* move ConolicStage into LibAFL
* fix bug in symcc part of concolic runtime
* stb_image fuzzer with concolic as example fuzzer
* clean up basic_concolic_fuzzer
* clean up and document concolic example fuzzer
* formatting
* clippy
* remove basic_concolic_fuzzer (it is now part of the examples)
* remove the runtime crate in favor of symcc_runtime
* re-architect concolic smoke test and remove git submodules
* remove old submodule directories
* make coverage filter public
* focker docker build
* clippy
* clippy fixes
* fix ubuntu as well
* remove .gitmodules
* move concolic mutational stage into libafl behind feature flag
* script to install dependencies for concolic smoke test
* fix bug
* clippy
* add github action to run smoke test
* fix action
* ensure smoke test is run in correct directory
* remove devcontainer files
* address feedback
* clippy
* more clippy
* address more feedback
Co-authored-by: Dominik Maier <domenukk@gmail.com>
* builds on no_std
* fixed std build
* nightly fmt on CI
* nightly fmt on CI (again)
* fmt
* no_std build on unix
* more mem
* added no_std from #212 to gh workflow
* more ci, less nightly
* clippy
* more toolchains?
* docu
* y u no build
* more ci?
* next try
* fixed dockr
* more dockerfile fixes
* ondisk corpus fixed
* panic:?
* ubunutu
Co-authored-by: Andrea Fioraldi <andreafioraldi@gmail.com>
* Bump minimal xxhash_rust version to 0.8.2
Note that 0.8.1 bug doesn't affect current usage, but still do it just in case
* Do not use const xxh3 not in cosnt context
* ci: check every feature with cargo-hack
* fix introspection on no_std
* ci: the dev branch is not a thing anymore
* ci: run tests with --all-features
* launcher in linux
* silence stdout and stderr linux
* arg parser and other changes
* retry instead of sleep
* no_std fixes
* reordered includes
* launcher for windows and kill clients when broker returns
* cargo fmt
* started launcher api cleanup
* use closures instead of functions
* small change
* reordered launcher params
* fixed clippy warnings
* fixed no_std
* moved launcher example to own folder
* docu
* cleanup launcher
* more docs
* Fix merge issues
* Rework the launcher code to provide a cleaner API
* Open file before spawning clients
* launcher: fix merge issue, sleep for a different amount for each core
* fixed no_std
* Tcp Broker to Broker Communication (#66)
* initial b2b implementation
* no_std and clippy fixes
* b2b testcase added
* more correct testcases
* fixed b2b
* typo
* fixed unused warning
* some clippy warning ignored
* using clippy.sh
* Update README.md
* fixed clippy run in workflow
* fixing clippy::match-same-arms
* make clippy less pedantic
* fixed some minor typos in the book
* launcher: use s1341's fork of core_affinity
* Build warning fix proposal, mostly about reference to packed fields. (#79)
* Observers refactor (#84)
* new observer structure with HasExecHooks
* adapt libafl_frida to new observers
* docstrings
* Composing feedback (#85)
* composing feedbacks as logic operations and bump to 0.2
* adapt fuzzers and libafl_frida
* fix windows build
* fixed clippy warnings
* Frida suppress instrumentation locations option (#87)
* Implement frida option
* Format
* add append/discard_metadata for and/or/not feedback (#86)
* add append/discard_metadata for and/or/not feedback
* fix
* Call append_metadata on crash (#88)
* Call append_metadata on crash
* Formatting
* Reachability example (#65)
* add reachability observer/feedback
* add fuzzer exmaple
* fmt
* remove reachabilityobserver, use stdmapobserver instead
* update diff.patch
* update README
* fix the clippy warning
* Squashed commit of the following:
commit f20524ebd77011481e86b420c925e8504bd11308
Author: Andrea Fioraldi <andreafioraldi@gmail.com>
Date: Tue May 4 16:00:39 2021 +0200
Composing feedback (#85)
* composing feedbacks as logic operations and bump to 0.2
* adapt fuzzers and libafl_frida
* fix windows build
commit e06efaa03bc96ef71740d7376c7381572bf11c6c
Author: Andrea Fioraldi <andreafioraldi@gmail.com>
Date: Tue May 4 13:54:46 2021 +0200
Observers refactor (#84)
* new observer structure with HasExecHooks
* adapt libafl_frida to new observers
* docstrings
commit 17c6fcd31cb746c099654be2b7a168bd04d46381
Merge: 08a2d43 a78a4b7
Author: Andrea Fioraldi <andreafioraldi@gmail.com>
Date: Mon May 3 11:16:49 2021 +0200
Merge branch 'main' into dev
commit 08a2d43790797d8864565fec99e7043289a46283
Author: David CARLIER <devnexen@gmail.com>
Date: Mon May 3 10:15:28 2021 +0100
Build warning fix proposal, mostly about reference to packed fields. (#79)
commit 88fe8fa532ac34cbc10782f5f71264f620385dda
Merge: d5d46ad d2e7719
Author: Andrea Fioraldi <andreafioraldi@gmail.com>
Date: Mon May 3 11:05:42 2021 +0200
Merge pull request #80 from marcograss/book-typos
fixed some minor typos in the book
commit a78a4b73fa798c1ed7a3d053369cca435e57aa07
Author: s1341 <s1341@users.noreply.github.com>
Date: Mon May 3 10:34:15 2021 +0300
frida-asan: Un-inline report funclet to reduce code bloat (#81)
* frida-asan: Outline report funclet to reduce code bloat
* fmt
commit d2e7719a8bea3a993394c187e2183d3e91f02c75
Author: Marco Grassi <marco.gra@gmail.com>
Date: Sun May 2 21:58:33 2021 +0800
fixed some minor typos in the book
commit d5d46ad7e440fd4a2925352ed1ccb9ced5d9463d
Author: Dominik Maier <domenukk@gmail.com>
Date: Sat May 1 23:09:10 2021 +0200
make clippy less pedantic
commit 52d25e979e23589587c885803641058dc36aa998
Author: Dominik Maier <domenukk@gmail.com>
Date: Sat May 1 22:23:59 2021 +0200
fixing clippy::match-same-arms
commit cd66f880dea830d1e38e89fd1bf3c20fd89c9d70
Author: Dominik Maier <domenukk@gmail.com>
Date: Sat May 1 14:02:07 2021 +0200
fixed clippy run in workflow
commit ddcf086acde2b703c36e4ec3976588313fc3d591
Author: Dominik Maier <domenukk@gmail.com>
Date: Sat May 1 13:53:29 2021 +0200
Update README.md
commit c715f1fe6e42942e53bd13ea6a23214620f6c829
Author: Dominik Maier <domenukk@gmail.com>
Date: Sat May 1 13:48:38 2021 +0200
using clippy.sh
commit 9374b26b1d2d44c6042fdd653a8d960ce698592c
Author: Dominik Maier <domenukk@gmail.com>
Date: Sat May 1 13:47:44 2021 +0200
some clippy warning ignored
commit b9e75c0c98fdfb1e70778e6f3612a94b71dcd21a
Author: Dominik Maier <domenukk@gmail.com>
Date: Sat May 1 13:24:02 2021 +0200
Tcp Broker to Broker Communication (#66)
* initial b2b implementation
* no_std and clippy fixes
* b2b testcase added
* more correct testcases
* fixed b2b
* typo
* fixed unused warning
* feedbacks now return a boolean value
* use feedback_or, and modify Cargo.toml
* fix diff between dev and this branch
* fmt
Co-authored-by: Dominik Maier <domenukk@gmail.com>
* clippy fixes
* clippy fixes
* clippy fixes, x86_64 warnings
* more docs
* Observers lifetime (#89)
* introduce MatchName and alow lifetimes in observers
* adapt fuzzers to observers with lifetime
* introduce type_eq when on nightly
* fix no_std
* fmt
* Better docu (#90)
* more docs
* more docs:
* more docu
* more docu
* finished docs
* cleaned up markup
* must_use tags added
* more docs
* more docu, less clippy
* more fixes
* Clippy fixes (#92)
* more docs
* more docs:
* more docu
* more docu
* finished docs
* cleaned up markup
* must_use tags added
* more docs
* swapped if/else, as per clippy
* more docu, less clippy
* more fixes
* Fix merge issues
* Get rid of unneeded prints
* Fix merge errors
* added b2b to restarting interface
* Setting SO_REUSEPORT
* added b2b to launcher api
* more windows launcher
* Fix merge errors
* Add b2b support to frida_libpng
* make frida_libpng bind to a public address
* Convert launcher into a builder LauncherBuilder
* formatting
* Convert setup_restarting_mgr to a builder RestartingMgrBuilder; leave setup_restarting_mgr_std as is, so that fuzzers work
* RcShmem should be locked via a mutex
* Wait at least 1 second between broker and first client, to avoid race
* update frida_libpng README for cross-compiling to android (#100)
Co-authored-by: Ariel Zentner <ArielZ@nsogroup.com>
* Fixed build for Windows
* no_std fixes
* reverted aa6773dcade93b3a66ce86e6b2cc75f55ce194e7 & windows fixes
* added pipes, moving to remove race conditions for rc shmem
* fix unix build
* fixed clippy:
* fixed no_std once more
* renamed b2b to remote_broker_addr
* you get a pre_fork, and you get a post_fork, forks for everyone
* switched to typed_builder
* Fix merge isseu
* Fix frida fuzzer with new Launcher builder
* Introspection (#97)
* Rework to put `ClientPerfStats` in `State` and pass that along. Still need to work on getting granular information from `Feedback` and `Observer`
* Add perf_stats feature to libafl/Cargo.toml
* Update feedbacks to have with_perf
* Remove unneeeded print statement
* cargo fmt all the things
* use local llvmint vs cpu specific asm for reading cycle counter
* Remove debug testing code
* Stats timeout to 3 seconds
* Inline smallish functions for ClientPerfStats
* Remove .libs/llvmint and have the correct conditional compilation of link_llvm_intrinsics on the perf_stats feature
* pub(crate) the NUM_FEEDBACK and NUM_STAGES consts
* Tcp Broker to Broker Communication (#66)
* initial b2b implementation
* no_std and clippy fixes
* b2b testcase added
* more correct testcases
* fixed b2b
* typo
* fixed unused warning
* clippy fixes
* fallback to systemtime on non-x86
* make clippy more strict
* small fixes
* bump 0.2.1
* readme
Co-authored-by: ctfhacker <cld251@gmail.com>
Co-authored-by: Dominik Maier <domenukk@gmail.com>
* typos (please review)
* merged clippy.sh
* utils
* Add asan cores option (#102)
* added asan-cores option for frida fuzzer
When asan is enabled (via LIBBAFL_FRIDA_OPTIONS enable-asan), you can
filter exactly which of the cores asan should run on with the
asan-cores variable.
* add is_some check instead of !None
Co-authored-by: Ariel Zentner <ArielZ@nsogroup.com>
* moved utils to bolts
* fixed typo
* no_std fixes
* unix fixes
* fixed unix no_std build
* fix llmp.rs
* adapt libfuzzer_libpng_launcher
* added all fuzzers to ci
* fmt, improved ci
* tests crate not ready for prime time
* clippy fixes
* make ci script executable
* trying to fix example fuzzers
* working libfuzzer_libpng_laucnher
* frida_libpng builds
* clippy
* bump version
* fix no_std
* fix dep version
* clippy fixes
* more fies
* clippy++
* warn again
* clearer readme
Co-authored-by: Vimal Joseph <vimaljoseph027@gmail.com>
Co-authored-by: Dominik Maier <domenukk@gmail.com>
Co-authored-by: s1341 <github@shmarya.net>
Co-authored-by: Marco Grassi <marco.gra@gmail.com>
Co-authored-by: s1341 <s1341@users.noreply.github.com>
Co-authored-by: Andrea Fioraldi <andreafioraldi@gmail.com>
Co-authored-by: David CARLIER <devnexen@gmail.com>
Co-authored-by: Toka <tokazerkje@outlook.com>
Co-authored-by: r-e-l-z <azentner@gmail.com>
Co-authored-by: Ariel Zentner <ArielZ@nsogroup.com>
Co-authored-by: ctfhacker <cld251@gmail.com>
Co-authored-by: hexcoder <hexcoder-@users.noreply.github.com>
* Rework to put `ClientPerfStats` in `State` and pass that along. Still need to work on getting granular information from `Feedback` and `Observer`
* Add perf_stats feature to libafl/Cargo.toml
* Update feedbacks to have with_perf
* Remove unneeeded print statement
* cargo fmt all the things
* use local llvmint vs cpu specific asm for reading cycle counter
* Remove debug testing code
* Stats timeout to 3 seconds
* Inline smallish functions for ClientPerfStats
* Remove .libs/llvmint and have the correct conditional compilation of link_llvm_intrinsics on the perf_stats feature
* pub(crate) the NUM_FEEDBACK and NUM_STAGES consts
* Tcp Broker to Broker Communication (#66)
* initial b2b implementation
* no_std and clippy fixes
* b2b testcase added
* more correct testcases
* fixed b2b
* typo
* fixed unused warning
* clippy fixes
* fallback to systemtime on non-x86
* make clippy more strict
* small fixes
* bump 0.2.1
* readme
Co-authored-by: ctfhacker <cld251@gmail.com>
Co-authored-by: Dominik Maier <domenukk@gmail.com>
* introduce MatchName and alow lifetimes in observers
* adapt fuzzers to observers with lifetime
* introduce type_eq when on nightly
* fix no_std
* fmt
