Most of the time, fuzzing campaigns are reasonably long. Accordingly, when
using `NewHashFeedback`, you might have good reason to believe that you'll
find thousands (or more) different observations with different hashes. When
the `HashSet` outgrows its capacity, it can cause reallocation, which is slow.
See the following link for more details:
https://doc.rust-lang.org/std/vec/struct.Vec.html#capacity-and-reallocation
* libafl: Remove `{update,clear}_hash` from `ObserverWithHashField`
These methods aren't used by `NewHashFeedback`, so there's no compelling reason
to keep them in the interface. They preclude implementations of
`ObserverWithHashField` that calculcate a hash on-the-fly from a value. For
example, my use-case is to store the stdout of a process, and use
`NewHashFeedback` to only collect inputs that result in new messages on stdout.
Both of these methods are pretty suspicious to begin with - why should other
code be able to update the internal state of the observer? What are the
semantics of `update_hash`? If there are compelling reasons to keep these
methods, let's clarify their intent in the documentation.
* libafl: Return hash by value from `ObserverWithHashField`
This allows implementors of this trait to not store the hash, but rather to
compute it on-the-fly. Since `Option<u64>` is `Copy` (and quite small), and
this method is called once per execution of the target program, this is likely
to have negligible performance impact.
* libafl: Implement `ObserverWithHashField` for `ValueObserver`
This demonstrates the utility of the previous two commits. Now, `ValueObserver`
can be used with `NewHashFeedback`.
* Clippy, move to ahasher
* Oops :)
---------
Co-authored-by: Langston Barrett <langston.barrett@gmail.com>
* tmp
* more
* save
* TODO
* fix
* update to tinyinst on crates
* dep
* fmt
* shmem done
* cpp fmt
* clp
* fmt
* why??
* ver
* more makefile.toml
* windows test
* Update build_and_test.yml
* fix
* a
* install
* fmt
* fix
* only macos and win
* more
* The order matters
* remove
* fmt
* chg
* typo
Co-authored-by: Andrea Fioraldi <andreafioraldi@gmail.com>
* fix multiple subtle bugs with grimoire, mutators, and state
* obey the clippy overlord
* grimoire: skip over token after splice
* remove extraneous length check
* fixup grimoire/generalisation, remove GeneralizedInput in favour of metadata
* additional cleanup
* transformable inputs to solve the grimoire problem
* explicit use of 'transforming' to keep typing compatible with normal usage
* clippy fix
* fixes for nautilus, python
* explicit inlining for reflexive impl
* fix for tutorial
Co-authored-by: Andrea Fioraldi <andreafioraldi@gmail.com>
* fixing linking issue
* insteading of linking lib we dont use. just disable them
* fixing the keyutils problem
Co-authored-by: Andrea Fioraldi <andreafioraldi@gmail.com>
* Make the kind of solving more clear (follow up on #980)
* Update docs/src/advanced_features/concolic.md
Co-authored-by: julihoh <julihoh@users.noreply.github.com>
Co-authored-by: julihoh <julihoh@users.noreply.github.com>
* forkserver: Add an API to setup the shared memory region for edge coverage
This is inspired from and meant to be similar to afl-cc's instrumentation.
Remove ! return type from __afl_start_forkserver as it returns in several cases.
* Add example fuzzer using LibAFL's forkserver
The fuzzer is instrumented with libafl_cc as well.
Co-authored-by: ergrelet <ergrelet@users.noreply.github.com>
