* QEMU generic memory iterator + Refactoring
* Generic Memory Iterator (systemmode only for now): It is now possible to iterator over memory ranges, independently of the address kind
* Refactoring or Emulator / Qemu structures: they are now handled separately in different files
* Refactoring of Exit Handlers: Result / Error structs have been clarified
* Simple handler for signals
* add new `check-cfg` calls for libafl qemu
* match by ref fix
* impl Named for Reference
* rename
* magic indexing
* whoops
* docs, clippy
* some additional CI complaints
* other libafl_qemu fixes
* missed an alloc feature
* a smattering of fixes
* use from not direct construction
* tinyinst fix
* horrible double-mutability things
* fixup nyx
* from not new
* forkserver_simple fixes
* dogfood: forkserver
* mmmm yummy dogfood
* round one CI fixes
* clippy appeasement
* deref generic impl to simplify usage
* adaptive serialization (ouch)
* remaining clippy items
* I am tired
* new not with
* fixup: aflpp tracing was not actually constructable
* fix tmin
* reduce complexity of map feedback now that we do not need to constrain
* frida fixes
* fix concolic
* type_ref => reference
* run qemu fuzzers (qemu_systemmode only for now) in self-hosted runners
* Remove qemu-related fuzzers to general fuzzers
* fix
* Install dependencies before anything else
* Do not use sudo
* Install sudo
* Revert "Install dependencies before anything else"
This reverts commit 107addad5d9f68dec5a9af50831112cd72c28f4d.
* added qemu specific prerequisites
* add -y flag
* Format with nightly
* Do not use nightly only.
Install fmt and clippy for stable as well.
* Install qemu-img for qemu
* fix qemu-img install
* apt update
* Changed timeout.
* Fix qemu_systemmode test
* fmt
* clippy + decorrelate build and run for qemu_systemmode.
* fix fuzzer
* clippy
* add sqlite3-dev to package prerequisites.
* add arm-none-eabi-gcc
* fix profile dir
* fix condition.
* Run less QEMU stuff faster
---------
Co-authored-by: Toka <tokazerkje@outlook.com>
* LibAFL QEMU can now be dynamically linked
* LibAFL QEMU reconfiguration happens less frequently (now using a signature check)
* Possibility to have custom rpath in QEMU
* sample implementation of tracking enforcement (incomplete)
* helpful compiler output
* make it look like a real compiler output
* ensure that the macro may be used outside of libafl
* separate index/novelty tracking funcs
* default const generic values so that we don't need to change this everywhere
* fix tests
* rollback unnecessary specification of stdmapobserver
* register metadata in doc tests
* doc fixes
* doc cleanup
* doc cleanup 2
* reduce implementor overhead to zero
* renaming/docs fixes
* asref isn't reflexive??
* generalization stage updates
* add better documentation about require_{indices,novelties}_tracking
* remaining generic updates
* round one CI pass (knowingly introduces breaking changes)
* typo
* round 2 clippy
* rollback: libafl_frida changes
* fmt
* moar porting
* fix remaining fuzzers
* fix windows build, maybe
* fixup libafl_libfuzzer
* fmt nighlty all the things
* attempt to fix some broken additions
* fix fmt
* oops
* fix new invocation
* minimizer scheduler fixes
* fix accounting
* rename
* fix
* Fix build
* Sort generics
* Move more generics into the right place
* Rename A -> C
* Fix test
* Fix test some more
* Fix doc some more
* critical formatting
* More A->C
* CanTrack harder
---------
Co-authored-by: Dominik Maier <dmnk@google.com>
* Added backdoors to portable header file.
* fix arm macros.
* copy `libafl_qemu.h` in target directory.
* Merged all qemu_systemmode examples into one, settable with features.
Automatic building using `Makefile.toml`
* fix typo.
* added test of QEMU systemmode fuzzers.
* replace test by build for now.
* Added paging filtering.
Reworked address range filtering to fit with new generic code.
* Fix: renamed remaining QemuInstrumentationFilter instances.
* Renamed sync breakpoint to sync exit.
* Split emu in systemmode.rs / usermode.rs for specific code.
EmuExitHandler implementation.
* sync_backdoor.rs removal.
Formatting.
* Updated `bindgen` and `which`.
Adapting code to work with update.
* fix: reconfigure cleanly if prior configure was interrupted abruptly.
* Enable sanitizers in QEMU during debug.
* Added target-usable files.
* Added breakpoint structure.
* Adapted other files to work with ExitHandler.
* Adapted existing fuzzer to work with new exit handler.
* fix: use get to avoid crashes.
* Updated README to indicate cargo-make should be installed.
* Added QEMU internal exit handler.
* Adapted qemu_systemmode example with new exit handler.
* Fixed fuzzers to work with new exit handler.
* Trying to fix CI (#1739)
* test
* dummy
* dummy
* Added new examples.
* Forgot to add build scripts.
* format
* format
* clang-format
* python emulator adaptation.
* fixed python bindings.
* clippy fixes.
* python bindings.
* fix qemu_sugar.
* fix fuzzbench.
* fixed import issues.
* misc fixes.
* renamed crate.
* Updated x86_64 stub bindings.
* Fixed static naming.
* binding fmt
* clippy
* clippy
* Removed useless return statement.
* removed advice to install cargo-make in individual repositories.
* symcc_update (#1749)
* Remove unused create_anymap_for_trait macro (fixes#1719) (#1752)
* Fix `as_object` UB discussed in #1748 (#1751)
* Fix as_object UB discussed in #1748
* More cleanup, more less UB
* Fix fixes
* Added uninit_on_shmem api
* clippy
* fmt
* trying to fix fuzzers, libfuzzer wrapper
* Add OwnedRefMit::owned constructor, libfuzzer fix
* Some more fixes
* Add BacktaceObserver::owned fn
* fmt
* more fmt
* Ignore SigPipe by default (#1741)
* Ignore SigPipe by default
* Fix no_std
* fmt
* Fix incorrect imports (#1758)
* Fix incorrect imports
https://doc.rust-lang.org/core/simd/trait.SimdOrd.html
* Fix
* Try fix ci
* Documentation fixes (#1761)
* Documentation fixes
* Fix InProcessExecutor url
* Update all urls to latest
* Miri ignores for M1 regex (#1762)
* Enabling DrCov on Windows (#1765)
* Enabling DrCov for Windows
* Dedup common code in scheduler (#1702)
* dedup common code in scheduler
* del eco
* fixing
* fix
* replace `Emulator::new_empty` by `Emulator::get` calls outside of `emu.rs` for safety. (#1763)
* Add mute_inprocess_target fn, SimpleFdLogger::set_logger, and more (#1754)
* Add mute_inprocess_target fn, SimpleFdLogger::set_logger, set_error_print_panic_hook
* Trying to fix#1753
* typo
* More fix
* Fix test?
* more testcase fixes
* Fix: renamed remaining QemuInstrumentationFilter instances.
* Split emu in systemmode.rs / usermode.rs for specific code.
EmuExitHandler implementation.
* format
* format
* format
* Replace sync_exit with sync_backdoor.
* Rework command system.
* fix bad import.
* format.
* cargo fmt
* disable af-xdp as well to avoid linking errors.
* End of merging.
* format.
* Adaptation for usermode.
* format.
* injection support.
* usermode fixes.
format.
* clippy
* clippy + format
* Do not unwrap emu + format.
* fix: entry_point breakpoint
* inital commit.
* clippy
* tests
* clippy
* adapt example
* systemmode.
* renaming
* fmt
* fix lints.
* more lint fix.
* even more lint fixes.
* always more lint fixes.
* lint fix.
* allow unused qualifications for crate when it could be confusing.
* Still lint fixes.
* Lint fixes on generated code.
* Some lint fixes.
* merge continue.
* renamed modules as well.
* fixing merge.
* systemmode compiling.
* fmt
* fix early emulator drop.
* fmt
* fix cast to c_void of the wrong object.
* Added global enum for snapshot managers.
Some renaming.
* move things around.
* WIP: generic inclusion of QEMU Executor in exit handler.
* * Moved extern calls to `libafl_qemu_sys`
* Replaced old `Emulator` by `Qemu` and only kept C functions wrappers
* Now `Emulator` is for higher-level interactions with QEMU. Kept old functions for compatibility calling to `Qemu` functions
* A direct side effect of this slit is the removal of the `IsEmuExitHandler` trait dependency added in many parts of the code.
* Removed old dirty casting for `QemuExecutor` helpers and used the brand-new access to `QemuExecutorState` instead.
* Minor changes to `Qemu` and `Emulator` `get` methods for cleaner getters.
* Add missing `Qemu` function.
* Updated `qemu_systemmode` example.
* Adapted QEMU fuzzers + renaming.
* Fixed python.
* fix libafl_sugar with new implementation.
* fix dangling RefCell.
adapt new examples.
TODO: merge `libafl_systemmode.*` examples.
* clippy.
* fix more fuzzers.
* clippy.
* Implement `HasInstrumentationFilter` generically.
Updated `StdInstrumentationFilter` accordingly.
* Renamed breakpoint functions for QEMU.
`qemu.run()` handling.
* Removed OnceCell / RefCell in signature.
more explicit `MmapPerms` method names.
* minor code refactoring
* Emulator::run_handle refactoring
* deprecated Emulator functions calling directly to QEMU functions.
* IsSnapshotManager -> SnapshotManager
* IsEmuExitHandler -> EmuExitHandler + fmt
* Generic register when it makes sense.
* reverted IsSnapshotManager -> SnapshotManager because of a collision.
* fix syntax + clippy
* fmt
---------
Co-authored-by: Dongjia "toka" Zhang <tokazerkje@outlook.com>
Co-authored-by: Dominik Maier <domenukk@gmail.com>
Co-authored-by: lazymio <mio@lazym.io>
Co-authored-by: Bet4 <0xbet4@gmail.com>
Co-authored-by: mkravchik <mkravchik@hotmail.com>
* move windows, inprocess fork to a different file, try new hook mechanism for the executor
* fix
* even more
* more
* more
* fix
* fix
* macosgit add -ugit add -u
* windows!
* windows!
* aa
* aa
* macos
* std
* wtf unresolved?
* Copy, Clone
* why you just don't have the same API!
* inproc
* next; inprocess
* windows?
* ci
* ci
* ci
* unused
* ci
* unused
* no_std
* windows no std
* fix
* inprocess
* fix
* windows
* fuzzers
* macos , book
* fix
* aa
* allow
* fix
* stop suggesting wrong lint AAAAAAAAAAAAAAAAA!!!
* stop suggesting wrong lint AAAAAAAAAAAAAAAAA!!!
* win
* fix
* wip
* wip2
* windows done?
* remove TimeoutExecutor
* ci
* ci
* miri
* fixfi
* compile on windows
* a
* clp
* no_std stuff
* windows no_std
* mac stuff
* m
* a
* ci
* ci
* deleting timeoutexecutor, gradually
* fucking macos
* ci
* test
* ci
* ci
* batch mode constructor
* fix
* ci
* aa
* miri
* aaa
* tmate again
* fix windows stuff
* final fix
* another win fix
* add
* let's add the new fix later
* more
* fi
* parse
* win clippy
* win no std
* safety
* fix
* DEFAULT
* final fix
* libafl_libfuzzer
* comments
* fix
* fix fuzzres
* fixxxxx
* fixxxxx
* last fix
* change name
* Change executor trait to allow \&mut Input
* Add mut inprocess executor
* Add mut inprocess executor
* Format and fix clippy errors
* Fix more clippy errors
* Revert accidental refactoring of InMemoryCorpus
* Add mut versions of all executors that can support it
* Do not persist possible testcase mutation in stages, shadow/differential executors, or corpus minimization
* Fix missing imports
* Fix executor type for missed qemu items
* Add re-exports for mut executors
* Use InProcessForkExecutorMut in QemuForkExecutorMut
* Update BytesInput harnesses to take mutable references
* Update other-input-type-taking harnesses to take mut references
* Clippy fixes
* Feature gate TryFromIntError import
* Fix missed harness input type in baby_fuzzer
* Fix additional clippy issues
* Fix unnecessary hashes on string literal
* Even MORE clippy fixes
* Fix one more clippy issue
---------
Co-authored-by: Dongjia "toka" Zhang <tokazerkje@outlook.com>
* qemu: Return errors from Emulator::new instead of asserting
Libraries should not `assert!` except in cases of unrecoverable (library)
programmer error. These errors are all potentially recoverable, and aren't
internal errors in `libafl_qemu` itself.
* Respond to review comments
* libafl_qemu: fix systemmode with slirp dependency
libslirp will be dropped from future QEMU releases (see https://wiki.qemu.org/ChangeLog/7.0).
This change adds the "slirp" feature,
which links with the host-systems libslirp.
* libafl_qemu: enable systemmode snapshots, vm_start
Re-enable snapshot functions.
Start the VM before qemu_main_loop.
* libafl_qemu: allow synchronous snapshotting
Add a flag to take snapshots synchronosly.
This should be used to take or load snapshots while the emulator is not
running.
* libafl_qemu: fallback cpu for read-/write_mem
In systemmode, current_cpu may not be set.
In such cases use the first cpus memory access methods.
* fuzzers: add example for libafl_qemu in systemmode
* libafl_qemu: update libafl-qemu-bridge revision
* libafl_qemu: add memory access by physcial address
* fix liabfl_qemu example
Use GuestAddr and physical memory access
* ci: install libslirp-dev for libafl_qemu
* fuzzers/qemu_systemmode: clean up example
* libafl_qemu: remove obsolete functions
emu::libafl_cpu_thread_fn
emu::libafl_start_vcpu
emu::start
* fuzzers/qemu_systemmode: simplify example
* improve build_linux.rs
* Update qemu_systemmode fuzzer
* upd
* clippy
* Save and restore CPU state in libafl_qemu
* clippy
* Clone
* upd
* upd
Co-authored-by: Alwin Berger <alwin.berger@tu-dortmund.de>
* libafl_qemu: fix systemmode with slirp dependency
libslirp will be dropped from future QEMU releases (see https://wiki.qemu.org/ChangeLog/7.0).
This change adds the "slirp" feature,
which links with the host-systems libslirp.
* libafl_qemu: enable systemmode snapshots, vm_start
Re-enable snapshot functions.
Start the VM before qemu_main_loop.
* libafl_qemu: allow synchronous snapshotting
Add a flag to take snapshots synchronosly.
This should be used to take or load snapshots while the emulator is not
running.
* libafl_qemu: fallback cpu for read-/write_mem
In systemmode, current_cpu may not be set.
In such cases use the first cpus memory access methods.
* fuzzers: add example for libafl_qemu in systemmode
* libafl_qemu: update libafl-qemu-bridge revision
* libafl_qemu: add memory access by physcial address
* fix liabfl_qemu example
Use GuestAddr and physical memory access
* ci: install libslirp-dev for libafl_qemu
* fuzzers/qemu_systemmode: clean up example
* libafl_qemu: remove obsolete functions
emu::libafl_cpu_thread_fn
emu::libafl_start_vcpu
emu::start
* fuzzers/qemu_systemmode: simplify example
* improve build_linux.rs
* Update qemu_systemmode fuzzer
* upd
* clippy
Co-authored-by: Alwin Berger <alwin.berger@tu-dortmund.de>
Co-authored-by: Andrea Fioraldi <andreafioraldi@gmail.com>
