alwin.berger/FRET-LibAFL
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1,651 Commits 19 Branches 28 Tags
Commit Graph

608 Commits

Author SHA1 Message Date
Dongjia Zhang
fa69b9eff9
Powerschedule::RAND (#596) 2022-04-07 21:00:59 +09:00
Dongjia Zhang
eaa46075cc
COE Fix (#593) 
* fix

* clp
 2022-04-04 18:07:19 +02:00
Dongjia Zhang
f732b76115
Make calibration stage independent of powerschedules (#589) 
* fix

* clippy
 2022-04-04 18:02:16 +02:00
Dongjia Zhang
e77e147a74
Update Clap (#591) 
* upd

* fix
 2022-04-04 17:59:34 +02:00
Dongjia Zhang
034a4870e2
Set the number of stacked mutations in MOpt mutator (#587) 
* max_stack_pow

* fix

* fix

* fmt

* rename
 2022-04-03 09:25:59 +09:00
Toka
1167389149
Fix metadata loss across state-restore. (#582) 
* bug fix

* fix

* fix

* remove getter
 2022-03-30 12:00:49 +09:00
Andrea Fioraldi
88a14cbbd2
Fix GeneralizedInput::wrapped_as_testcase (#584) 2022-03-29 14:56:48 +02:00
Toka
abf1a66028
Rename FavFactor to TestcaseScore; More TestcaseScores (#574) 
* rework aflfast

* more

* move fuzz_Mu

* weighted

* fix

* borrow checker fix

* compute_weight

* alias_table

* fmt

* fix & rename

* fix & less mut

* no_std

* no_std

* clippy

* 32bit clippy fix

* top_rated for compute_weight

* fix

* clippy & metadata Init

* fix

* fix

* fix

* clippy & fmt

* change fuzzers

* fuzzbench_selected

* fmt

* compute() has state

* use favfactor for powerschedules also

* fix merge

* rename

* fmt & clippy

* no_std

* fmt

* clippy

* rename

* fmt

* rename

* fmt

* fix

* fix

* fmt

* fix

* fix
 2022-03-27 04:04:46 +09:00
Dongjia Zhang
f906201dcb
Calibration fix (#578) 
* fix

* fix

* fix

* fix

* fmt
 2022-03-26 13:49:17 +01:00
Dongjia Zhang
c72f773ca0
Weighted corpus entry selection (#570) 
* rework aflfast

* more

* move fuzz_Mu

* weighted

* fix

* borrow checker fix

* compute_weight

* alias_table

* fmt

* fix & rename

* fix & less mut

* no_std

* no_std

* clippy

* 32bit clippy fix

* top_rated for compute_weight

* fix

* clippy & metadata Init

* fix

* fix

* fix

* clippy & fmt

* change fuzzers

* fuzzbench_selected

* fmt
 2022-03-23 02:01:00 +09:00
Dongjia Zhang
c3d3c93bc0
CI Fix (#572) 
* clippy

* doc

* refactor
 2022-03-21 07:54:46 +01:00
Andrea Fioraldi
e36522cf21
Fix find_gaps_in_closures (#568) 2022-03-16 11:07:36 +01:00
Andrea Fioraldi
09cf136c63
Fix CI (#562) 
* fix libfuzzer_libpng_ctx

* fix

* fix
 2022-03-04 15:51:54 +01:00
Andrea Fioraldi
e6bc89555f
Fix GeneralizationStage (#561) 
* fmt

* Fix generalization
 2022-03-03 15:20:37 +01:00
Andrea Fioraldi
a56f4af7da
CorpusScheduler -> Scheduler and move them to the schedulers folder (#560) 
* CorpusScheduler -> Scheduler

* fix book

* update fuzzers

* fix tests

* fix sugar

* fix

* fix tutorial

* fix tutorial

* fmt

* fix

* fmt

* fmt
 2022-03-03 14:27:37 +01:00
s1341
f4c4d9044f
Use the new bolts::cli with the frida_libpng sample (#541) 
* Use the new bolts::cli with the frida_libpng sample

* Fix comment and add must_use

* Fix windows

* Fix windows more

* Fix windows more, more

* Fix windows more, more, more

* Remove comma

* fmt
 2022-03-01 11:25:11 +01:00
Andrea Fioraldi
bf9d2b4c57
Fix snapshots in libafl_qemu (#556) 
* afl_exec_sec feature, disabled by default

* Fix snapshots in libafl_qemu

* working memory snapshots
 2022-02-28 21:23:20 +01:00
Chaofan Shou
c4fb92a1a4
Add probabilistic sampling corpus scheduler (#544) 
* Add probabilistic sampling corpus scheduler

* Linting

* Fix ToOwned error

* Move if-stmt of checking `ProbabilityMetadata` existence and revert powersched removal

* Use `Error::IllegalState` instead of `Error::DivByZero`
 2022-02-24 10:19:38 +01:00
Andrea Fioraldi
04c8e96923
afl_exec_sec feature, disabled by default (#555) 2022-02-23 16:06:22 +01:00
Andrea Fioraldi
05b10ad56d
Fix no_std after #553 (#554) 
* Fix no_std after #553

* clippy
 2022-02-23 11:32:25 +01:00
Andrea Fioraldi
5ffddcfd4a
List observer and feedback (#553) 2022-02-23 10:26:46 +01:00
Andrea Fioraldi
a03d733cf9
libafl_qemu decouple hooks from the executor and QemuForkExecutor (#528) 
* QemuHooks

* option state hooks

* QemuForkExecutor

* enforce no side effects in QemuForkExecutor

* child hooks fixes

* fixes

* qemu_launcher

* examples and fixes

* fix sugar

* clippy

* fmt

* no timeout for fuzzbench_fork_qemu

* Update libafl_qemu/src/hooks.rs

Co-authored-by: Alwin Berger <50980804+alwinber@users.noreply.github.com>

* clippy

Co-authored-by: Alwin Berger <50980804+alwinber@users.noreply.github.com>
 2022-02-15 22:11:24 +01:00
Dongjia Zhang
86b4ff9c2f
Set default connect address to IP (#539) 2022-02-15 17:44:58 +01:00
Andrea Fioraldi
479f9471ff
Walk the map observer using as_ref_iter() in the map feedback (#535) 
* Walk the map observer using into_iter() in the map feedback

* fmt

* map observers as iterators

* perf

* IntoMutIterator and IntoRefIterator

* Clone

* clippy
 2022-02-14 18:12:19 +01:00
Farouk Faiz
2dcdaaa89f
Intial support to Python bindings for the libafl crate (#429) 
* Add libafl py module

* Hardcoded baby_fuzzer

* Trait abstraction: MapObserver
Send type name as a param as it's needed for extracting the rust struct from the PyObject

* Fix merge

* Impl traits for python wrappers

* Add PythonExecutor
Not buildable version

* Executor trait bindings

* Monitor trait bindings

* EventManager trait bindings

* Fix warnings

* Add corpus trait bindings

* Use corpus trait bindings

* Rand trait bindings

* Remove python feature from default

* Add cfg attribute

* Fix fmt

* No std box

* Fix clippy

* turn OwnedInProcessExecutor in a simple type alias

* remove crate-type from libafl's Cargo.toml

* Add python baby_fuzzer

* Fix doc

* Maturin doc

* multiple map observer

* fmt

* build pylibafl with nightly

* macro for map element type

* Update py baby_fuzzer & fmt

* Mutator bindings

* fmt

* merge conflicts

* StdMutationalStage bindings
Not working: Cannot pass mutator to new method because not clonable

* Stage bindings

* StagesOwnedList bindings
Not working: Stage not clonable

* Unsafe transmute copy fix

* Use Stage bindings in baby_fuzzer

* fmt

* fmt

* Fix doc

* fix merge

* Remove x86_64 feature from pylibafl

Co-authored-by: Andrea Fioraldi <andreafioraldi@gmail.com>
 2022-02-14 11:41:39 +01:00
Dominik Maier
7dad2153e2
Clippy for Cargo (#532) 
* Clippy for Cargo

* clippy fixes

* clippy fixes

* edition

* fix

* wrong self hidden

* fix

* more clippy
 2022-02-11 14:34:01 +01:00
Andrea Fioraldi
a4c9d2d19e
Fix ASAN backtrace (#534) 2022-02-11 14:31:18 +01:00
Dongjia Zhang
42cab49f3e
Forkserver builder fix (#529) 
* fix

* fix

* fmt

* no @@

* fuzzer change

* parse_afl_cmdline

* comma
 2022-02-11 09:38:26 +01:00
Andrea Fioraldi
eb668384bb
Fix hardcoded BacktraceObserver (#530) 
* refactor BacktraceObserver and InProcessForkExecutor

* cleanup

* fix improcess

* fix

* mormanti

* win fix

* clippy

* fix backtrace_baby_fuzzers/command_executor

* win fix

* clippy
 2022-02-10 21:45:20 +01:00
Dongjia Zhang
9d38fff662
Autodict forkserver (#525) 
* Builder for ForkserverExecutor

* add

* clippy warnings

* comment

* stash

* tmp

* change

* revert

* use_shmem_feature field

* change the harness back

* wip

* wip

* revert

* works

* clippy

* Makefile fix

* doc

* clippy

* rename to program

* rename, fix, envs

* lifetime

* arg_input_file

* stash

* read autodict from forkserver

* works

* clippy & fmt

* fmt

* fix

* fix

* fmt

* better harness

* arg_input_file_std

* rename

* fix
 2022-02-10 10:27:51 +01:00
Dongjia Zhang
9482433e54
Forkserver builder (#523) 
* Builder for ForkserverExecutor

* add

* clippy warnings

* comment

* stash

* tmp

* change

* revert

* use_shmem_feature field

* change the harness back

* wip

* wip

* revert

* works

* clippy

* Makefile fix

* doc

* clippy

* rename to program

* rename, fix, envs

* lifetime

* arg_input_file

* bug fix

* arg_input_file

* builder()

* doc

* clippy & fmt

* clippy & fmt
 2022-02-09 22:07:15 +01:00
Andrea Fioraldi
63d89463a3
Improve libafl_qemu snapshots (#484) 
* mprotect

* expose EnumIter

* thread safe mem snapshot

* update qemu hash

* clippy

* child helpers

* fixes

* fix build

* fix dep
 2022-02-09 09:40:59 +01:00
Dominik Maier
a3345902c2
Shorthand for differential fuzzing results (#526) 
* Shorthand for differential fuzzing results

* must_use
 2022-02-08 04:07:42 +01:00
Dominik Maier
98fbe83c15
Differential executor, diff feedback, stdio observers for command executor (#521) 
* started diff fuzzer

* finished DifferentialExecutor

* adapt builder, more diff fuzz infra

* diff eq feedback

* stdout observer started:

* stdio observers

* stdio observers

* no_std, fixes

* no_std tests
 2022-02-06 18:20:57 +01:00
Sagittarius-a
2bb60fb756
Fix documentation typos (#514) 
* Fix typos in LibAFL doc comments

* Fix doc comment for ProgressReporter trait

* Remove unused comment

* Link ShMem by name in doc comment
 2022-02-03 16:31:19 +01:00
epi
3dcb191baf
Removed subcommands from FuzzerOptions (#516) 
* updated code that removes subcommands from FuzzerOptions

* updated docs, added headings

* updated test to reflect new api

* repeat requires replay

* removed global; removed Option where appropriate; housekeeping; tests

* removed unnecessary cfg check from tests
 2022-02-03 16:29:54 +01:00
Andrea Fioraldi
c561182f07
Set map observers initial value to T::default() on creation (#520) 2022-02-03 14:25:25 +01:00
Andrea Fioraldi
465275aecb
Allow incomplete feature (#517) 
suppress the specialization feature warning
 2022-02-02 17:55:46 +01:00
Dongjia Zhang
3c4ec38d83
Win Fix (#513) 
* win_fix

* fmt

* another fmt
 2022-02-02 00:26:10 +01:00
Andrea Fioraldi
dd002a081b
Implement coverage accounting (BB metric atm) (#507) 
* bb accounting llvm pass

* bb metric

* accoutning corpus scheduler

* fix warnings

* alloc

* clippy

* fix dockerfile

* clippy

* coverage accounting example

* finish CoverageAccountingCorpusScheduler

* fmt

* --libs in llvm-config

* merge
 2022-02-01 14:08:38 +01:00
Dominik Maier
6810e6085b
Builder for CommandExecutor & Tokens Refactoring (#508) 
* builder for CommandExecutor

* tokens api cleanup, clippy

* fix doctest

* cleanup

* added testcase, remodelled

* command executor builder fix

* fix fuzzer(?)

* implemented From for configurator

* nits

* clippy

* unused

* autotokens

* cleanup

* nits

* Err instead of empty tokens

* fix tokens fn

* fix err

* more error fixing

* tokens remodelling

* typo

* recoverable fail on missing autotokens

* clippy, nostd

* asslice, into_iter, etc. for tokens

* adapt fuzzers

* iter

* fixes, clippy

* fix

* more clippy

* no_std

* more fix

* fixed typo

* cmd_executor builds again

* bring back ASAN stuff to Command Executor

* forkserver speedup

* no need to static

* back to earlier
 2022-02-01 10:10:47 +01:00
Dongjia Zhang
c61fed6ca9
Use Unix timer_* API instead of setitimer (#510) 
* fix linter errors for armv7 (docs)

* introduce HasOnCrashReset trait; use timer_* API instead of setitimer for unix TimeoutExecutor

* fixes: PR #469 annotations and CI issues

* reintroduce setitimer for apple as macOS does not feature the POSIX timer API

* more macos and windows CI fixes

* more macos and windows CI fixes cont.

* HasOnCrashReset -> HasPostRunReset

* remove drop impl for Windows TimeoutExecutor

* adjust target cfgs for timeout stuff (android also did not work)

* add call to inner post_run_reset

* remove HasPostRunReset in favor of making it a trait fn of Executor

* add post_run_reset's to CombinedExecutor

* clippy: addr_of! instead of raw pointer casts

* link librt in libafl_cc (required by timer_* API)

* minor fixes and cleanup

* remove unused import for targets other than linux

* fix win

* merge

* fix

Co-authored-by: pr0me <g33sus@gmail.com>
 2022-02-01 04:48:03 +01:00
Dominik Maier
9dfc6aa404
CI and fixes for arm32 no_std build (#511) 
* arm32 no_std fixes and clippy

* moved criterion to benches crate

* benches no longer live here
 2022-02-01 00:57:58 +01:00
Youssef
e307dfb16f
Implement backtrace observers for crash dedupe (#379) 
* create stacktrace observer

* create stacktrace feedback

* post-merge fixes

* address comments

* update Cargo.toml

* fix CI issue + dynamic naming

* duplicate baby_fizzer

* update stacktrace baby_fuzzer

* force unwinding tables

* ignore test dumps

* fix stacktrace baby_fuzzer logic

* upgrade Backtrace version

* trigger observers.post_exec in crash_handler

* implement NewHashFeedbackState and update logic

* digest symbols pointers

* cleanup

* minimal output

* fix backdated EventFirer generic param

* add baby_fuzzer example with a fork executor

* duplicate baby_fuzzer_stacktrace with forkexecutor

* backtrace collection implemented

* add c app fuzzer example with a fork executor

* group backtrace baby fuzzers

* added c code baby fuzzer with inprocess executor

* remove need for static COLLECT_BACKTRACE

* moved code to stacktrace.rs + fixed bug

* add comment

* add command executor fuzzer example

* post merge cleanup

* add missing doc

* address comment

* fix nit

* clean duplicate variable in timeout handler

* fix command executor bt collection

* clean code and use StdShMem

* cleanup

* add ObserverWithHashField + rename StacktraceObserver

* rename + refactor some code

* add CommandBacktraceObserver

* update command executor

* update baby fuzzers

* simplify BacktraceSharedMemoryWrapper

* use better names + static methods

* use std feature macro on BacktraceObserver + fix bug

* use Box in HashValueWrapper to minimize variants size diff

* use copy_from_slice

* std conditional backtrace collection

* fix std import

* fix comment

* add exit_kind to observer.post_exec

* added hash trait to Input

* collect backtrace in post_exec

* add crash handlers to InProcessForkExecutor

* fix panic message

* duplicate forkserver fuzzer example

minimal example

update

* proto bt collection working

* rename CommandBacktraceExecutor to ASANBacktraceExecutor

* refactor ASANBacktraceObserver

* support for forkserver working

* update fuzzer example

* less verbosity

* Post merge fixes

* implement hash for GeneralizedInput

* update forkserver example after merge

* clippy fixes

* fix inproc test

* fixes for cargo hack --feature-powerset

* fix baby_no_std

* implement Hash for NautilusInput

* update fork executor baby fuzzer

* fix doc

* implement Hash for PacketData

* fix windows build

* fix windows no_std

* fix backtrace baby fuzzers README

* add comments

* move setup_bt_panic to constructor

* pre/post child exec hooks in Observer

* setup_child_panic_hook

* fix ObserversOwnedMap on nightly

* add backtrace fuzzers to CI checks

* fix typo

* fix relative paths in test_all_fuzzers.sh

Co-authored-by: Andrea Fioraldi <andreafioraldi@gmail.com>
 2022-01-31 15:58:15 +01:00
epi
62e514e61d
Make harness-args available to all subcommands in opt parser (#509) 2022-01-31 12:53:59 +01:00
epi
4862928e1e
[READY] Add options parser (#493) 
* added parser to workspace

* added parser to utils

* added must_use/docstring

* added qemu_args/removed mod names

* implemented subcommands, added example

* added crate docs

* updated based on StdFuzzer options

* added frida optiosn

* added qemu parser example

* added repeat option

* added custom subcommands

* comments and nitpickery

* pedantic fixes

* updated per review

* additional doc-comment over attribute fixes

* moved everything to bolts::cli; updated docs and things

* removed utils/fuzzer-options from cargo.toml

* forgot std flag; added

* fmt
 2022-01-28 18:10:09 +01:00
Dongjia Zhang
62614ce101
LLVM AutoTokens (#470) 
* posix dict2file llvm pass

* new PM

* working

* clean up

* fmt

* fix

* silence clippy

* bring the println back

* early return

* rename

* weak symbols

* linux onky

* fuzzbench change

* only linux

* linux only

* cfg

* cfg

* fix

* fix

* fix

* why

* fix

* bug fix

* rename

* rename

* macros & rename

* add_from_autotokens

* fix fuzzbench

* std -> core

* builder pattern?

* clippy

* wrong cfg

* cfgstd

* fuzzbench fmt

* no unsafe

* update fuzzbench_text

* use TokenSectiopn

Co-authored-by: Andrea Fioraldi <andreafioraldi@gmail.com>
 2022-01-26 19:23:04 +01:00
Andrea Fioraldi
0223d8a0c6
Implement Grimoire (#487) 
* GeneralizedInput

* GeneralizationStage

* generalization finished

* GrimoireExtensionMutator

* grimoire_mutated flag and propore HasTargetBytes

* use alloc

* working baby fuzzer for grimoire

* fmt

* GrimoireRecursiveReplacementMutator

* extend_with_random_generalized

* extend_with_random_generalized

* GrimoireStringReplacementMutator

* GrimoireRandomDeleteMutator

* clippy

* fuzzbench_text

* fix fuzzbench_text
 2022-01-25 21:34:10 +01:00
Andrea Fioraldi
b459933d29
AnyMap and owned collections of Observers and Stages (#491) 
* AnyMap and owned observers

* owned stages

* alloc

* panic on (de)serializing ObserversOwnedMap

* clippy
 2022-01-24 20:59:37 +01:00
Sagittarius-a
68ab473c85
Fix typo in documentation of libafl::state::StdState (#488) 2022-01-22 00:27:42 +01:00