FRET-LibAFL

Author	SHA1	Message	Date
Youssef	e307dfb16f	Implement backtrace observers for crash dedupe (#379 ) * create stacktrace observer * create stacktrace feedback * post-merge fixes * address comments * update Cargo.toml * fix CI issue + dynamic naming * duplicate baby_fizzer * update stacktrace baby_fuzzer * force unwinding tables * ignore test dumps * fix stacktrace baby_fuzzer logic * upgrade Backtrace version * trigger observers.post_exec in crash_handler * implement NewHashFeedbackState and update logic * digest symbols pointers * cleanup * minimal output * fix backdated EventFirer generic param * add baby_fuzzer example with a fork executor * duplicate baby_fuzzer_stacktrace with forkexecutor * backtrace collection implemented * add c app fuzzer example with a fork executor * group backtrace baby fuzzers * added c code baby fuzzer with inprocess executor * remove need for static COLLECT_BACKTRACE * moved code to stacktrace.rs + fixed bug * add comment * add command executor fuzzer example * post merge cleanup * add missing doc * address comment * fix nit * clean duplicate variable in timeout handler * fix command executor bt collection * clean code and use StdShMem * cleanup * add ObserverWithHashField + rename StacktraceObserver * rename + refactor some code * add CommandBacktraceObserver * update command executor * update baby fuzzers * simplify BacktraceSharedMemoryWrapper * use better names + static methods * use std feature macro on BacktraceObserver + fix bug * use Box in HashValueWrapper to minimize variants size diff * use copy_from_slice * std conditional backtrace collection * fix std import * fix comment * add exit_kind to observer.post_exec * added hash trait to Input * collect backtrace in post_exec * add crash handlers to InProcessForkExecutor * fix panic message * duplicate forkserver fuzzer example minimal example update * proto bt collection working * rename CommandBacktraceExecutor to ASANBacktraceExecutor * refactor ASANBacktraceObserver * support for forkserver working * update fuzzer example * less verbosity * Post merge fixes * implement hash for GeneralizedInput * update forkserver example after merge * clippy fixes * fix inproc test * fixes for cargo hack --feature-powerset * fix baby_no_std * implement Hash for NautilusInput * update fork executor baby fuzzer * fix doc * implement Hash for PacketData * fix windows build * fix windows no_std * fix backtrace baby fuzzers README * add comments * move setup_bt_panic to constructor * pre/post child exec hooks in Observer * setup_child_panic_hook * fix ObserversOwnedMap on nightly * add backtrace fuzzers to CI checks * fix typo * fix relative paths in test_all_fuzzers.sh Co-authored-by: Andrea Fioraldi <andreafioraldi@gmail.com>	2022-01-31 15:58:15 +01:00
epi	62e514e61d	Make harness-args available to all subcommands in opt parser (#509 )	2022-01-31 12:53:59 +01:00
epi	4862928e1e	[READY] Add options parser (#493 ) * added parser to workspace * added parser to utils * added must_use/docstring * added qemu_args/removed mod names * implemented subcommands, added example * added crate docs * updated based on StdFuzzer options * added frida optiosn * added qemu parser example * added repeat option * added custom subcommands * comments and nitpickery * pedantic fixes * updated per review * additional doc-comment over attribute fixes * moved everything to bolts::cli; updated docs and things * removed utils/fuzzer-options from cargo.toml * forgot std flag; added * fmt	2022-01-28 18:10:09 +01:00
epi	2a8efa7d6d	extended inmemory; added exit to qemu (#506 )	2022-01-28 18:09:04 +01:00
Andrea Fioraldi	95ba7d61ce	remvoe fprintf from autotokens pass (#505 )	2022-01-28 13:51:55 +01:00
Dongjia Zhang	93f28b41be	Update frida README.md (#503 )	2022-01-28 10:11:06 +01:00
epi	78bbe034a1	extend python forkserver api (#500 ) * initial attempt at api extension; untested * updated/tested on forkserver_simple	2022-01-28 09:43:21 +01:00
Evan Richter	4e3e31df4e	[libafl_qemu] GuestAddr type (#501 ) Guest addresses now represented by correct sized integers. Previously u64 was used to represent guest addresses. This is great for 64-bit targets, but clunky for other architectures. This introduces a GuestAddr type alias that is defined based on the selected emulation architecture. Note: This changes only the user-facing Rust interface. Before traversing the FFI boundary, all GuestAddrs are sized back to u64. Another Note: Guest addresses _from_ the FFI boundary are completely trusted. Values that are too large are truncated to fit into a GuestAddr using the `as GuestAddr` cast. This may not be ideal, as errors could be masked. If desired and the performance is ok, a non-breaking update could change all `as` casts to `.try_into().unwrap()` so that critical failures in FFI are always checked.	2022-01-28 09:42:23 +01:00
Dongjia Zhang	efb5e25411	Fix shadow bit for libafl_frida on Linux (#502 )	2022-01-28 09:26:24 +01:00
epi	21668b094b	Expose more options to python qemu sugar (#492 ) * registered forkserver sugar, if unix * exposed multiple options to python sugar constructor * pedantic clippy is pedantic * fixes from review/shortened attribute	2022-01-27 09:27:25 +01:00
Evan Richter	4a6616bdfe	[libafl_qemu] simplify emu::{read,write}_mem (#496 ) Methods read_mem and write_mem now operate on &[u8], not &[T] The generic T slice interface was prone to various footguns: * i32 is the default Rust integer type, but buffers are often expected to hold u8. This means the following code writes 16 bytes to the guest, not 4: let buf = [0; 4]; emu.write_mem(addr, &buf); * If a buffer of 16-bit or larger integers (&[u64] for example) is needed to read/write, the user will need to consider host/guest endianness. The byte array methods in std are a good, explicit alternative. Perhaps libafl_qemu could expose/define "to/from guest endianness" helper functions or extension traits using the established cfg flags, so that guest endianness is always right by default. * emu::read_mem causes insta-UB if a user did something like: let mut my_bool = false; emu.read_mem(addr, &mut my_bool); It's less surprising for users to just operate on plain-ol' bytes, which they can explicitly transmute if they wish.	2022-01-27 09:05:33 +01:00
Andrea Fioraldi	408431ba5c	Fix libafl import features in libafl_targets (#495 ) * fix * fix	2022-01-26 22:29:25 +01:00
Dongjia Zhang	62614ce101	LLVM AutoTokens (#470 ) * posix dict2file llvm pass * new PM * working * clean up * fmt * fix * silence clippy * bring the println back * early return * rename * weak symbols * linux onky * fuzzbench change * only linux * linux only * cfg * cfg * fix * fix * fix * why * fix * bug fix * rename * rename * macros & rename * add_from_autotokens * fix fuzzbench * std -> core * builder pattern? * clippy * wrong cfg * cfgstd * fuzzbench fmt * no unsafe * update fuzzbench_text * use TokenSectiopn Co-authored-by: Andrea Fioraldi <andreafioraldi@gmail.com>	2022-01-26 19:23:04 +01:00
Andrea Fioraldi	0223d8a0c6	Implement Grimoire (#487 ) * GeneralizedInput * GeneralizationStage * generalization finished * GrimoireExtensionMutator * grimoire_mutated flag and propore HasTargetBytes * use alloc * working baby fuzzer for grimoire * fmt * GrimoireRecursiveReplacementMutator * extend_with_random_generalized * extend_with_random_generalized * GrimoireStringReplacementMutator * GrimoireRandomDeleteMutator * clippy * fuzzbench_text * fix fuzzbench_text	2022-01-25 21:34:10 +01:00
Andrea Fioraldi	b459933d29	AnyMap and owned collections of Observers and Stages (#491 ) * AnyMap and owned observers * owned stages * alloc * panic on (de)serializing ObserversOwnedMap * clippy	2022-01-24 20:59:37 +01:00
Dongjia Zhang	2730515c46	Asan Fix (#490 ) * fix * fmt	2022-01-24 09:17:19 +01:00
Sagittarius-a	14959c7f9c	Fix debug_child arg in forkserver_simple example (#489 ) The `debug_child` command line argument presence was not properly checked, so it couldn't be set to true. Hence it was not possible to print out the content of the buffer sent to the harness while fuzzing.	2022-01-22 09:42:05 +01:00
Sagittarius-a	68ab473c85	Fix typo in documentation of libafl::state::StdState (#488 )	2022-01-22 00:27:42 +01:00
Dongjia Zhang	03c020f4bd	Asan fix (#485 )	2022-01-21 09:08:21 +01:00
Andrea Fioraldi	cc0880e784	Monitor with UI based on tui-rs (#480 ) * first working version * full gui * remove warnings * remove errors in release * allow missing_docs in tui * tui_monitor flag * working graphs * disable tui on windows * clippy * clippy * tui module only under std * use tui from git * fmt * tui from crates	2022-01-20 23:55:48 +01:00
Evan Richter	ab7d16347f	[libafl_qemu] map_fixed and mprotect target memory (#483 )	2022-01-20 22:06:26 +01:00
Dongjia Zhang	5e1c0b96ea	Various Fixes (windows timeout race & frida options) (#482 ) * race fix * oops * no backtrace	2022-01-20 01:32:04 +01:00
Dominik Maier	77e5965e97	Add AsSlice, AsMutSlice traits, refactor MapObservers to be iterable, and have associated types (#477 ) * from warning * fix latest clippy * clippy fixes++ * renamed shmem parameters * renamed map to shmem * make forkserver executor work for any (non-system) shmem * Mem -> ShMem * rework windows * fix nit * fix symbolic * refacctor map observers * iterator for map observers * removed unused ownedptr, added asslice trait to most functions * make map entry type an associated type * fix fuzzers * fix docs * typo fix * fix windows, add try_from_slice to shmid * missing import * fix fuzzbench * cleanup * fmt * more asslice * fmt * added doc link about token-level fuzzing * cods	2022-01-19 00:02:33 +01:00
Dominik Maier	b67a7f5b60	[libafl_frida] Enabled ASan for Apple (#478 )	2022-01-18 18:37:19 +01:00
Andrea Fioraldi	929f687676	Repro arguments libfuzzer-like for fuzzbench (#475 )	2022-01-18 16:31:44 +01:00
Dominik Maier	4f6f76e857	Streamline ShMem API (#472 ) * from warning * fix latest clippy * clippy fixes++ * renamed shmem parameters * renamed map to shmem * make forkserver executor work for any (non-system) shmem * Mem -> ShMem * rework windows * fix nit * fix symbolic	2022-01-17 18:28:26 +01:00
Dominik Maier	ac43997950	Fixed additional new clippy lints for libafl_qemu, libafl_frida (#473 ) * clippy for qemu * getrlimit clippy	2022-01-17 16:24:40 +01:00
Dominik Maier	2dd88998bd	Clippy fixes for latest toolchain (#471 ) * from warning * fix latest clippy * clippy fixes++ * more nits	2022-01-17 11:02:42 +01:00
Andrea Fioraldi	aebd85f041	Bump libafl_sugar to 0.7.1 (#468 ) 0.7.1	2022-01-13 15:57:24 +01:00
Andrea Fioraldi	bbd11bc4a7	Bump libafl_frida to 0.7.1 (#467 )	2022-01-13 15:48:51 +01:00
Andrea Fioraldi	9b3a435778	Add --libafl arg in libafl_cc and enable it for fuzzbench (#466 )	2022-01-13 15:40:39 +01:00
Andrea Fioraldi	bca1f392a7	Bump to 0.7.1 (#465 ) * bump to 0.7.1 * bump libafl_qemu	2022-01-13 11:32:57 +01:00
Dongjia Zhang	b70833f26b	Libafl_frida ASan shadow bit (#455 ) * add * debugging * remove debug code * fmt * why * writable or executable ranges * for * fmt * fix	2022-01-13 10:45:15 +01:00
Andrea Fioraldi	906bb4e653	--libaf-no-link (#464 )	2022-01-13 10:03:02 +01:00
Andrea Fioraldi	de5264efad	Clippy	2022-01-10 13:34:24 +01:00
Andrea Fioraldi	180883acb7	Panic when using nautilus with stable Rust	2022-01-10 12:17:32 +01:00
Andrea Fioraldi	d7dbd021a4	Specialization feature in nightly	2022-01-10 11:49:13 +01:00
Andrea Fioraldi	8870c50ff5	Do not build QEMU when generating docs	2022-01-10 11:27:53 +01:00
Andrea Fioraldi	eed864eb36	switch to rustversion	2022-01-10 10:12:26 +01:00
Dongjia Zhang	327ff98ea1	Asan fix (#460 ) * fix * fix * bump * fmt	2022-01-09 21:00:04 +01:00
Dongjia Zhang	82194c5fe5	Fix windows build (#462 ) * fix * fmt	2022-01-09 20:57:43 +01:00
buherator	5ac3cd6b5a	Optional signal value for kill on timeouts in TimeoutForkserverExecutor (#461 ) * Optional signal value to kill forked processes on timeout * Cargo format * Properly initialize TimeoutForkserverExecutor * Added with_signal constructor * Removed duplicate code	2022-01-09 14:31:14 +01:00
Andrea Fioraldi	e6f2f2d0b2	Merge branch 'main' of github.com:AFLplusplus/LibAFL into main	2022-01-07 11:53:54 +01:00
Andrea Fioraldi	181160d80b	Clone only one specific commit on libafl_qemu build.rs	2022-01-07 11:53:34 +01:00
Dongjia Zhang	87cd44b762	Use UserStats for Stability (#451 ) * stability:serstats * tostring * fix no_std * fix * fmt * clippy	2022-01-07 11:07:39 +01:00
Evan Richter	250ec8d1e0	Reduce generics for various Has* traits (#456 ) Specifically for Has{Rand,Corpus,Solutions,FeedbackStates} The Has* family of traits offer getters and get-mut-ers. The previous implementation had a fully generic return type: trait HasX<X: TraitX> { get_x(&self) -> &Self::X; get_mut_x(&mut self) -> &mut Self::X; } meaning a single type could implement both `HasRand<Romu>` and `HasRand<XorShift>`. The advantage of having multiple implementations is not clear at this time, so it vastly simplifies the trait (and its impls) to bring the return type in the body as an associated type: trait HasX { type X: TraitX; get_x(&self) -> &Self::X; get_mut_x(&mut self) -> &mut Self::X; } This comes with the limitation that any type that impls these traits can only do so once, choosing only one associated type. * HasRand's only generic parameter (Rand) is now an associated type * HasCorpus and HasSolutions are now only generic over the Input type they store * HasFeedbackStates generic parameter now associated type	2022-01-06 10:41:02 +01:00
Dominik Maier	30eb1508de	Add OwnedSlice::RefRaw to keep track of raw pointers (#448 ) * add OwnedSlice::RefRaw to keep track of raw pointers * clippy * fmt * new from ownedref * clippy * OwnedSliceInner * fix,From * as_slice() * fmt * fix doc * OwnedSliceMut * fixes * clippy * fix * ownedmut -> owned * to owned * to_owned -> clone * removed comment Co-authored-by: tokatoka <tokazerkje@outlook.com>	2022-01-05 01:15:23 +01:00
Dominik Maier	6d9763c51f	Move to clap 3.0 (#447 ) * move to clap 3.0 * fix cargo.toml * update symcc to use clap3	2022-01-04 23:53:12 +01:00
Dominik Maier	a1a6d5f478	Disable pita 🥙 compiler in debug mode (#454 )	2022-01-04 16:20:52 +01:00
Dongjia Zhang	674005fa61	Reorder type parameters in the correct order (#449 ) * alphabetical order * revert * revert * fix	2022-01-04 00:20:29 +01:00

... 6 7 8 9 10 ...

1651 Commits