* emu::current_cpu() is now kept after vm stop and it is the CPU that hitted the breakpoint
* clippy
* uninit
* clippy
* clippy
* clippy
* clippy
* nightly override in CI
* nightly override in CI
* components
* components
* targets
* targets
* clippy
* clippy
* clippy
* clippy
* clippy (again)
* MaybeUninit
Co-authored-by: Dominik Maier <dmnk@google.com>
For some reason, Apple's aarch64 processor throws a SIGILL when encountering LDP x5, x5 (or any other repeating register). STP works, but I changed both for symmetry.
* libafl_qemu: fix systemmode with slirp dependency
libslirp will be dropped from future QEMU releases (see https://wiki.qemu.org/ChangeLog/7.0).
This change adds the "slirp" feature,
which links with the host-systems libslirp.
* libafl_qemu: enable systemmode snapshots, vm_start
Re-enable snapshot functions.
Start the VM before qemu_main_loop.
* libafl_qemu: allow synchronous snapshotting
Add a flag to take snapshots synchronosly.
This should be used to take or load snapshots while the emulator is not
running.
* libafl_qemu: fallback cpu for read-/write_mem
In systemmode, current_cpu may not be set.
In such cases use the first cpus memory access methods.
* fuzzers: add example for libafl_qemu in systemmode
* libafl_qemu: update libafl-qemu-bridge revision
* libafl_qemu: add memory access by physcial address
* fix liabfl_qemu example
Use GuestAddr and physical memory access
* ci: install libslirp-dev for libafl_qemu
* fuzzers/qemu_systemmode: clean up example
* libafl_qemu: remove obsolete functions
emu::libafl_cpu_thread_fn
emu::libafl_start_vcpu
emu::start
* fuzzers/qemu_systemmode: simplify example
* improve build_linux.rs
* Update qemu_systemmode fuzzer
* upd
* clippy
* Save and restore CPU state in libafl_qemu
* clippy
* Clone
* upd
* upd
Co-authored-by: Alwin Berger <alwin.berger@tu-dortmund.de>
* libafl_qemu: fix systemmode with slirp dependency
libslirp will be dropped from future QEMU releases (see https://wiki.qemu.org/ChangeLog/7.0).
This change adds the "slirp" feature,
which links with the host-systems libslirp.
* libafl_qemu: enable systemmode snapshots, vm_start
Re-enable snapshot functions.
Start the VM before qemu_main_loop.
* libafl_qemu: allow synchronous snapshotting
Add a flag to take snapshots synchronosly.
This should be used to take or load snapshots while the emulator is not
running.
* libafl_qemu: fallback cpu for read-/write_mem
In systemmode, current_cpu may not be set.
In such cases use the first cpus memory access methods.
* fuzzers: add example for libafl_qemu in systemmode
* libafl_qemu: update libafl-qemu-bridge revision
* libafl_qemu: add memory access by physcial address
* fix liabfl_qemu example
Use GuestAddr and physical memory access
* ci: install libslirp-dev for libafl_qemu
* fuzzers/qemu_systemmode: clean up example
* libafl_qemu: remove obsolete functions
emu::libafl_cpu_thread_fn
emu::libafl_start_vcpu
emu::start
* fuzzers/qemu_systemmode: simplify example
* improve build_linux.rs
* Update qemu_systemmode fuzzer
* upd
* clippy
Co-authored-by: Alwin Berger <alwin.berger@tu-dortmund.de>
Co-authored-by: Andrea Fioraldi <andreafioraldi@gmail.com>
* reduce diffexecutor constraints for new (so it may be used in a manager-less environment)
* add differential observers
* finish differential observeration
* requirement for observers (weak), default impl for time observer
* make the map swapper, revisit how differentialobserver is implemented
* semi-specialise multimap, add example
* improve example slightly
* fix clippy lints
* fix last clippy issue
* better docs + example flow
* improve example: correct map sizing + multimap vs split slice
* correct some comments
* fix tests + slight bit more docs
* fix bindings
* fixups for the CI
* typo fix
Co-authored-by: Dominik Maier <domenukk@gmail.com>
Co-authored-by: Dominik Maier <dmnk@google.com>
* Adding DrCov for qemu
* Fixing cargo fmt
* Trying to fix maturin build
* Fixing clippy
* libafl_qemu --no-default-features fix
* Adding make module mapping a user input as suggested from @WorksButNotTested
* Switching from blocks_raw() -> blocks() and full_tracing as an option
* Avoiding get before get_mut
* HashSet to Vec
* Avoiding lazy_static
* Adding DrCov for example fuzzer qemu_arm_launcher
* Removing mut for globals in DrCov
* Using emu.mappings() for drcov module mappings
* Fixing clippy
Co-authored-by: Dominik Maier <domenukk@gmail.com>
Co-authored-by: Andrea Fioraldi <andreafioraldi@gmail.com>
Co-authored-by: Dongjia "toka" Zhang <tokazerkje@outlook.com>
* fix incorrect assert condition and document it
* update symcc
* adapt to changes in symcc API
* more fixes
* fix formatting
* more fixes
* speed up smoke test by building multiple crates in one command
* update symcc commit to latest main
* Add pthread_introspection_hook support on macos
See-also: #68
* Remove lazy_static
* all of apple are created equal
Co-authored-by: Fabian Freyer <fabian.freyer@physik.tu-berlin.de>
* make use of clap derive in forkserver_simple
* (re)introduce use_shmem_testcase flag to ForkserverExecutor
* set use_shmem_testcase flag automatically based on forkserver handshake
* remove illegal_state and just .unwrap instead as the None case is unreachable
* fix: removed pub method
* cargo fmt
* remove illegal_state #2 and just .unwrap instead as the None case is unreachable
* change shmem unwrap to unwrap_unchecked
* fix double mut
* removed @@ warning
Previously, the `CommandExecutor` attempted to decode its child
process's stdout and stderr as UTF-8 `String`s. This could fail
if the output was not UTF-8. However, the `Std{Out,Err}Observer`s
should probably be able to be used in such a situation - Consider
fuzzing `echo` with a random `BytesInput`.
The fix is to not decode the output, but rather directly store and
provide the bytes of stdout/stderr in the observers.
* add custom monitor prometheus as a baseline to build functionality
* working server, set up function to update metrics in the registry
* for a test
* metrics for corpus count, objective count, executions, execution rate are intermittently updated and exposed on /metrics
* add runtime metric, clean up some comments
* IP:PORT as argument instead of hardcoded
* add client # as label attached to fuzzer metrics for filtering by client. add clients_count as a tracked metric
* added support for custom metrics added to client_stats via feedbacks, such as edges count. cleaned up code
* cargo fmt
* clean up prometheus.rs
* ran autofix and fmt scripts, and put optional dependencies behind prometheus_monitor feature
Co-authored-by: Dominik Maier <domenukk@gmail.com>
* sort of fix core affinity on mac arm64
we can t pin to a coreid however we can at least choose the performance
cores for our thread.
* using other cores as well
* Fix CI yml (#871)
* Fix CI again (#872)
* Fix CI yml
* Fix CI
* Add dump_register/write_crash for freebsd arm64 (#870)
Co-authored-by: Dominik Maier <domenukk@gmail.com>
* Remove QEMU-Nyx & packer submodules
Co-authored-by: Dominik Maier <domenukk@gmail.com>
Co-authored-by: Dongjia "toka" Zhang <tokazerkje@outlook.com>
* Associated types for Corpus, State
* cleanup
* fix no_std
* drop unused clauses
* Corpus
* cleanup
* adding things
* fixed fuzzer
* remove phantom data
* python
* progress?
* more more
* oof
* wow it builds?
* python fixes, tests
* fix python fun
* black fmt for python
* clippy, added Nop things
* fixes
* fix merge
* make it compile (#836)
* doc-test fixes, prelude-b-gone for cargo-hack compat
* fixes for windows, concolic
* really fix windows, maybe
* imagine using windows
* ...
* elide I generic when used with S: State
* Elide many, many generics, but at what cost?
* progress on push
* Constraint HasCorpus, HasSolutions at trait definition
* remove unused feature
* remove unstable usage since we constrained HasCorpus at definition
* compiled, but still no type inference for MaxMapFeedback
* cleanup inprocess
* resolve some std conflicts
* simplify map
* undo unnecessary cfg specification
* fix breaking test case for CI on no-std
* fix concolic build failures
* fix macos build
* fixes for windows build
* timeout fixes for windows build
* fix pybindings issues
* fixup qemu
* fix outstanding local build issues
* maybe fix windows inprocess
* doc fixes
* unbridled fury
* de-associate State from Feedback, replace with generic as AT inference is not sufficient to derive specialisation for MapFeedback
* merge update
* refactor + speed up fuzzer builds by sharing build work
* cleanup lingering compiler errors
* lol missed one
* revert QEMU-Nyx change, not sure how I did that
* move HasInput to inputs
* HasInput => KnowsInput
* update bounds to enforce via associated types
* disentangle observers with fuzzer
* revert --target; update some fuzzers to match new API
* resolve outstanding fuzzer build blockers (that I can run on my system)
* fixes for non-linux unixes
* fix for windows
* Knows => Uses, final fixes for windows
* <guttural screaming>
* fixes for concolic
* loosen bound for frida executor so windows builds correctly
* cleanup generics for eventmanager/eventprocessor to drop observers requirement
* improve inference over fuzz_one and friends
* update migration notes
* fixes for python bindings
* fixes for generic counts in event managers
* finish migration notes
* post-merge fix
Co-authored-by: Addison Crump <addison.crump@cispa.de>
* DifferentialExecutor for CommandExecutor along with StdIO observer
* format
* fix CI issues
* fix format and unit test
* fix documentation
* allow three structs and doc only for linux
* resolve documentation test failure
* minor
* running fmt_all.sh
* into_executor() takes 4 params, not just 1
Co-authored-by: Dominik Maier <domenukk@gmail.com>
