alwin.berger/FRET-LibAFL
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1,541 Commits 19 Branches 28 Tags
Commit Graph

464 Commits

Author SHA1 Message Date
Toka
c1b8107060
Rename fuzzbench_selected (#581) 
* rename

* rename
 2022-03-29 14:59:27 +02:00
Dominik Maier
5df130188a
Fixing CI from #559 (#580) 
* updated ref

* update symcc

* updated symcc

* CI for symcc

* updated symcc

* enabling git

* add runtime deps to makefile

* only linux

Co-authored-by: tokatoka <tokazerkje@outlook.com>
 2022-03-29 14:57:38 +02:00
Toka
abf1a66028
Rename FavFactor to TestcaseScore; More TestcaseScores (#574) 
* rework aflfast

* more

* move fuzz_Mu

* weighted

* fix

* borrow checker fix

* compute_weight

* alias_table

* fmt

* fix & rename

* fix & less mut

* no_std

* no_std

* clippy

* 32bit clippy fix

* top_rated for compute_weight

* fix

* clippy & metadata Init

* fix

* fix

* fix

* clippy & fmt

* change fuzzers

* fuzzbench_selected

* fmt

* compute() has state

* use favfactor for powerschedules also

* fix merge

* rename

* fmt & clippy

* no_std

* fmt

* clippy

* rename

* fmt

* rename

* fmt

* fix

* fix

* fmt

* fix

* fix
 2022-03-27 04:04:46 +09:00
Chaofan Shou
e20d345d99
Fix concolic fuzzer and add related CI tests (#559) 
* fix concolic fuzzer & add related CI tests

* More cargo fmt

* More cargo fmt

* order matters
 2022-03-26 13:51:14 +01:00
Dongjia Zhang
acba89b92a
Makefile.toml for frida fuzzer (#566) 
* frida makefile.toml

* makefile.toml
 2022-03-23 11:30:20 +01:00
Dongjia Zhang
c72f773ca0
Weighted corpus entry selection (#570) 
* rework aflfast

* more

* move fuzz_Mu

* weighted

* fix

* borrow checker fix

* compute_weight

* alias_table

* fmt

* fix & rename

* fix & less mut

* no_std

* no_std

* clippy

* 32bit clippy fix

* top_rated for compute_weight

* fix

* clippy & metadata Init

* fix

* fix

* fix

* clippy & fmt

* change fuzzers

* fuzzbench_selected

* fmt
 2022-03-23 02:01:00 +09:00
syheliel
6b95361123
Add doc for example baby_fuzzer_* (#564) 
* Add doc for example `baby_fuzzer_*`

* Fix `mdbook build`

Co-authored-by: syheliel <syheliel>
 2022-03-14 19:14:46 +01:00
Andrea Fioraldi
8eab7d6063
Fix fuzzers (#563) 
* fix libfuzzer_libpng_ctx

* fix

* fix

* Fix stb

* fix

* fix
 2022-03-07 08:59:01 +01:00
Andrea Fioraldi
09cf136c63
Fix CI (#562) 
* fix libfuzzer_libpng_ctx

* fix

* fix
 2022-03-04 15:51:54 +01:00
Andrea Fioraldi
e6bc89555f
Fix GeneralizationStage (#561) 
* fmt

* Fix generalization
 2022-03-03 15:20:37 +01:00
Andrea Fioraldi
a56f4af7da
CorpusScheduler -> Scheduler and move them to the schedulers folder (#560) 
* CorpusScheduler -> Scheduler

* fix book

* update fuzzers

* fix tests

* fix sugar

* fix

* fix tutorial

* fix tutorial

* fmt

* fix

* fmt

* fmt
 2022-03-03 14:27:37 +01:00
s1341
f4c4d9044f
Use the new bolts::cli with the frida_libpng sample (#541) 
* Use the new bolts::cli with the frida_libpng sample

* Fix comment and add must_use

* Fix windows

* Fix windows more

* Fix windows more, more

* Fix windows more, more, more

* Remove comma

* fmt
 2022-03-01 11:25:11 +01:00
Chaofan Shou
df84d39242
Add function call level granularity for coverage accounting (#552) 
* Add func call level granularity for coverage accounting

* code linting
 2022-02-24 10:16:12 +01:00
Tamas K Lengyel
b3d68e8f40
Add signal option to forkserver_simple (#548) 2022-02-21 16:49:04 +01:00
Dongjia Zhang
ba4cca0e15
Delete redundant makefiles (#546) 
We switched to cargo make
 2022-02-20 18:50:29 +01:00
Dongjia Zhang
fc89f2944b
Makefile.toml fix (#545) 2022-02-20 04:21:43 +01:00
Dongjia Zhang
936e2221d1
Cargo-make (#537) 
* timeout utility

* example build.toml

* upd

* ci

* Update build_and_test.yml

* Update build_and_test.yml

* rename, qemu_launcher

* libpngs

* fix

* upd

* del

* do_nothing -> unsupported

* rename

* use command

* non qemu fuzzbench

* script.sh

* mroe

* qemu

* fix

* generic

* fix

* fix

* allow 124

* quotes

* fix

* fix

* fix

* stderr to devnull

* chg
 2022-02-20 03:32:43 +01:00
Andrea Fioraldi
a03d733cf9
libafl_qemu decouple hooks from the executor and QemuForkExecutor (#528) 
* QemuHooks

* option state hooks

* QemuForkExecutor

* enforce no side effects in QemuForkExecutor

* child hooks fixes

* fixes

* qemu_launcher

* examples and fixes

* fix sugar

* clippy

* fmt

* no timeout for fuzzbench_fork_qemu

* Update libafl_qemu/src/hooks.rs

Co-authored-by: Alwin Berger <50980804+alwinber@users.noreply.github.com>

* clippy

Co-authored-by: Alwin Berger <50980804+alwinber@users.noreply.github.com>
 2022-02-15 22:11:24 +01:00
Farouk Faiz
2dcdaaa89f
Intial support to Python bindings for the libafl crate (#429) 
* Add libafl py module

* Hardcoded baby_fuzzer

* Trait abstraction: MapObserver
Send type name as a param as it's needed for extracting the rust struct from the PyObject

* Fix merge

* Impl traits for python wrappers

* Add PythonExecutor
Not buildable version

* Executor trait bindings

* Monitor trait bindings

* EventManager trait bindings

* Fix warnings

* Add corpus trait bindings

* Use corpus trait bindings

* Rand trait bindings

* Remove python feature from default

* Add cfg attribute

* Fix fmt

* No std box

* Fix clippy

* turn OwnedInProcessExecutor in a simple type alias

* remove crate-type from libafl's Cargo.toml

* Add python baby_fuzzer

* Fix doc

* Maturin doc

* multiple map observer

* fmt

* build pylibafl with nightly

* macro for map element type

* Update py baby_fuzzer & fmt

* Mutator bindings

* fmt

* merge conflicts

* StdMutationalStage bindings
Not working: Cannot pass mutator to new method because not clonable

* Stage bindings

* StagesOwnedList bindings
Not working: Stage not clonable

* Unsafe transmute copy fix

* Use Stage bindings in baby_fuzzer

* fmt

* fmt

* Fix doc

* fix merge

* Remove x86_64 feature from pylibafl

Co-authored-by: Andrea Fioraldi <andreafioraldi@gmail.com>
 2022-02-14 11:41:39 +01:00
Dominik Maier
7dad2153e2
Clippy for Cargo (#532) 
* Clippy for Cargo

* clippy fixes

* clippy fixes

* edition

* fix

* wrong self hidden

* fix

* more clippy
 2022-02-11 14:34:01 +01:00
Dongjia Zhang
d676363c64
Fix Forkserver Example (#533) 
* fix

* fix

* fix

* update

* change
 2022-02-11 10:41:07 +01:00
Dongjia Zhang
53bc6e2318
test_all_fuzzers.sh fix (#531) 
* fix

* fix

* fix
 2022-02-11 10:04:04 +01:00
Dongjia Zhang
42cab49f3e
Forkserver builder fix (#529) 
* fix

* fix

* fmt

* no @@

* fuzzer change

* parse_afl_cmdline

* comma
 2022-02-11 09:38:26 +01:00
Andrea Fioraldi
eb668384bb
Fix hardcoded BacktraceObserver (#530) 
* refactor BacktraceObserver and InProcessForkExecutor

* cleanup

* fix improcess

* fix

* mormanti

* win fix

* clippy

* fix backtrace_baby_fuzzers/command_executor

* win fix

* clippy
 2022-02-10 21:45:20 +01:00
Dongjia Zhang
9d38fff662
Autodict forkserver (#525) 
* Builder for ForkserverExecutor

* add

* clippy warnings

* comment

* stash

* tmp

* change

* revert

* use_shmem_feature field

* change the harness back

* wip

* wip

* revert

* works

* clippy

* Makefile fix

* doc

* clippy

* rename to program

* rename, fix, envs

* lifetime

* arg_input_file

* stash

* read autodict from forkserver

* works

* clippy & fmt

* fmt

* fix

* fix

* fmt

* better harness

* arg_input_file_std

* rename

* fix
 2022-02-10 10:27:51 +01:00
Dongjia Zhang
9482433e54
Forkserver builder (#523) 
* Builder for ForkserverExecutor

* add

* clippy warnings

* comment

* stash

* tmp

* change

* revert

* use_shmem_feature field

* change the harness back

* wip

* wip

* revert

* works

* clippy

* Makefile fix

* doc

* clippy

* rename to program

* rename, fix, envs

* lifetime

* arg_input_file

* bug fix

* arg_input_file

* builder()

* doc

* clippy & fmt

* clippy & fmt
 2022-02-09 22:07:15 +01:00
Andrea Fioraldi
1fca710813
llvm-config --libs only for apple (#522) 
* Fuck apple

* fix fuzzbench_text
 2022-02-04 11:49:02 +01:00
Dongjia Zhang
3c4ec38d83
Win Fix (#513) 
* win_fix

* fmt

* another fmt
 2022-02-02 00:26:10 +01:00
Dongjia Zhang
fb21c4ff82
Frida Runtime Tuples (#457) 
* an attempt to make runtimes into tuples

* wip

* wip

* wipp

* getter

* refactor

* fmt

* fix

* compiles

* fuzzer change

* coverage working

* asan & less unwrap() & fixes

* inst size, fmt

* build & coverage works on asan

* amd64 fix
 2022-02-01 14:34:53 +01:00
Andrea Fioraldi
dd002a081b
Implement coverage accounting (BB metric atm) (#507) 
* bb accounting llvm pass

* bb metric

* accoutning corpus scheduler

* fix warnings

* alloc

* clippy

* fix dockerfile

* clippy

* coverage accounting example

* finish CoverageAccountingCorpusScheduler

* fmt

* --libs in llvm-config

* merge
 2022-02-01 14:08:38 +01:00
Dominik Maier
6810e6085b
Builder for CommandExecutor & Tokens Refactoring (#508) 
* builder for CommandExecutor

* tokens api cleanup, clippy

* fix doctest

* cleanup

* added testcase, remodelled

* command executor builder fix

* fix fuzzer(?)

* implemented From for configurator

* nits

* clippy

* unused

* autotokens

* cleanup

* nits

* Err instead of empty tokens

* fix tokens fn

* fix err

* more error fixing

* tokens remodelling

* typo

* recoverable fail on missing autotokens

* clippy, nostd

* asslice, into_iter, etc. for tokens

* adapt fuzzers

* iter

* fixes, clippy

* fix

* more clippy

* no_std

* more fix

* fixed typo

* cmd_executor builds again

* bring back ASAN stuff to Command Executor

* forkserver speedup

* no need to static

* back to earlier
 2022-02-01 10:10:47 +01:00
Youssef
e307dfb16f
Implement backtrace observers for crash dedupe (#379) 
* create stacktrace observer

* create stacktrace feedback

* post-merge fixes

* address comments

* update Cargo.toml

* fix CI issue + dynamic naming

* duplicate baby_fizzer

* update stacktrace baby_fuzzer

* force unwinding tables

* ignore test dumps

* fix stacktrace baby_fuzzer logic

* upgrade Backtrace version

* trigger observers.post_exec in crash_handler

* implement NewHashFeedbackState and update logic

* digest symbols pointers

* cleanup

* minimal output

* fix backdated EventFirer generic param

* add baby_fuzzer example with a fork executor

* duplicate baby_fuzzer_stacktrace with forkexecutor

* backtrace collection implemented

* add c app fuzzer example with a fork executor

* group backtrace baby fuzzers

* added c code baby fuzzer with inprocess executor

* remove need for static COLLECT_BACKTRACE

* moved code to stacktrace.rs + fixed bug

* add comment

* add command executor fuzzer example

* post merge cleanup

* add missing doc

* address comment

* fix nit

* clean duplicate variable in timeout handler

* fix command executor bt collection

* clean code and use StdShMem

* cleanup

* add ObserverWithHashField + rename StacktraceObserver

* rename + refactor some code

* add CommandBacktraceObserver

* update command executor

* update baby fuzzers

* simplify BacktraceSharedMemoryWrapper

* use better names + static methods

* use std feature macro on BacktraceObserver + fix bug

* use Box in HashValueWrapper to minimize variants size diff

* use copy_from_slice

* std conditional backtrace collection

* fix std import

* fix comment

* add exit_kind to observer.post_exec

* added hash trait to Input

* collect backtrace in post_exec

* add crash handlers to InProcessForkExecutor

* fix panic message

* duplicate forkserver fuzzer example

minimal example

update

* proto bt collection working

* rename CommandBacktraceExecutor to ASANBacktraceExecutor

* refactor ASANBacktraceObserver

* support for forkserver working

* update fuzzer example

* less verbosity

* Post merge fixes

* implement hash for GeneralizedInput

* update forkserver example after merge

* clippy fixes

* fix inproc test

* fixes for cargo hack --feature-powerset

* fix baby_no_std

* implement Hash for NautilusInput

* update fork executor baby fuzzer

* fix doc

* implement Hash for PacketData

* fix windows build

* fix windows no_std

* fix backtrace baby fuzzers README

* add comments

* move setup_bt_panic to constructor

* pre/post child exec hooks in Observer

* setup_child_panic_hook

* fix ObserversOwnedMap on nightly

* add backtrace fuzzers to CI checks

* fix typo

* fix relative paths in test_all_fuzzers.sh

Co-authored-by: Andrea Fioraldi <andreafioraldi@gmail.com>
 2022-01-31 15:58:15 +01:00
Dongjia Zhang
93f28b41be
Update frida README.md (#503) 2022-01-28 10:11:06 +01:00
Evan Richter
4a6616bdfe
[libafl_qemu] simplify emu::{read,write}_mem (#496) 
Methods read_mem and write_mem now operate on &[u8], not &[T]

The generic T slice interface was prone to various footguns:
* i32 is the default Rust integer type, but buffers are often expected
  to hold u8. This means the following code writes 16 bytes to the
  guest, not 4:

      let buf = [0; 4];
      emu.write_mem(addr, &buf);

* If a buffer of 16-bit or larger integers (&[u64] for example) is
  needed to read/write, the user will need to consider host/guest
  endianness. The byte array methods in std are a good, explicit
  alternative.

  Perhaps libafl_qemu could expose/define "to/from guest endianness"
  helper functions or extension traits using the established cfg flags,
  so that guest endianness is always right by default.

* emu::read_mem causes insta-UB if a user did something like:

      let mut my_bool = false;
      emu.read_mem(addr, &mut my_bool);

  It's less surprising for users to just operate on plain-ol' bytes,
  which they can explicitly transmute if they wish.
 2022-01-27 09:05:33 +01:00
Dongjia Zhang
62614ce101
LLVM AutoTokens (#470) 
* posix dict2file llvm pass

* new PM

* working

* clean up

* fmt

* fix

* silence clippy

* bring the println back

* early return

* rename

* weak symbols

* linux onky

* fuzzbench change

* only linux

* linux only

* cfg

* cfg

* fix

* fix

* fix

* why

* fix

* bug fix

* rename

* rename

* macros & rename

* add_from_autotokens

* fix fuzzbench

* std -> core

* builder pattern?

* clippy

* wrong cfg

* cfgstd

* fuzzbench fmt

* no unsafe

* update fuzzbench_text

* use TokenSectiopn

Co-authored-by: Andrea Fioraldi <andreafioraldi@gmail.com>
 2022-01-26 19:23:04 +01:00
Andrea Fioraldi
0223d8a0c6
Implement Grimoire (#487) 
* GeneralizedInput

* GeneralizationStage

* generalization finished

* GrimoireExtensionMutator

* grimoire_mutated flag and propore HasTargetBytes

* use alloc

* working baby fuzzer for grimoire

* fmt

* GrimoireRecursiveReplacementMutator

* extend_with_random_generalized

* extend_with_random_generalized

* GrimoireStringReplacementMutator

* GrimoireRandomDeleteMutator

* clippy

* fuzzbench_text

* fix fuzzbench_text
 2022-01-25 21:34:10 +01:00
Sagittarius-a
14959c7f9c
Fix debug_child arg in forkserver_simple example (#489) 
The `debug_child` command line argument presence was not properly checked,
so it couldn't be set to true. Hence it was not possible to print out
the content of the buffer sent to the harness while fuzzing.
 2022-01-22 09:42:05 +01:00
Dongjia Zhang
03c020f4bd
Asan fix (#485) 2022-01-21 09:08:21 +01:00
Andrea Fioraldi
cc0880e784
Monitor with UI based on tui-rs (#480) 
* first working version

* full gui

* remove warnings

* remove errors in release

* allow missing_docs in tui

* tui_monitor flag

* working graphs

* disable tui on windows

* clippy

* clippy

* tui module only under std

* use tui from git

* fmt

* tui from crates
 2022-01-20 23:55:48 +01:00
Dominik Maier
77e5965e97
Add AsSlice, AsMutSlice traits, refactor MapObservers to be iterable, and have associated types (#477) 
* from warning

* fix latest clippy

* clippy fixes++

* renamed shmem parameters

* renamed map to shmem

* make forkserver executor work for any (non-system) shmem

* Mem -> ShMem

* rework windows

* fix nit

* fix symbolic

* refacctor map observers

* iterator for map observers

* removed unused ownedptr, added asslice trait to most functions

* make map entry type an associated type

* fix fuzzers

* fix docs

* typo fix

* fix windows, add try_from_slice to shmid

* missing import

* fix fuzzbench

* cleanup

* fmt

* more asslice

* fmt

* added doc link about token-level fuzzing

* cods
 2022-01-19 00:02:33 +01:00
Andrea Fioraldi
929f687676
Repro arguments libfuzzer-like for fuzzbench (#475) 2022-01-18 16:31:44 +01:00
Dominik Maier
4f6f76e857
Streamline ShMem API (#472) 
* from warning

* fix latest clippy

* clippy fixes++

* renamed shmem parameters

* renamed map to shmem

* make forkserver executor work for any (non-system) shmem

* Mem -> ShMem

* rework windows

* fix nit

* fix symbolic
 2022-01-17 18:28:26 +01:00
Dominik Maier
2dd88998bd
Clippy fixes for latest toolchain (#471) 
* from warning

* fix latest clippy

* clippy fixes++

* more nits
 2022-01-17 11:02:42 +01:00
Andrea Fioraldi
9b3a435778
Add --libafl arg in libafl_cc and enable it for fuzzbench (#466) 2022-01-13 15:40:39 +01:00
Andrea Fioraldi
bca1f392a7
Bump to 0.7.1 (#465) 
* bump to 0.7.1

* bump libafl_qemu
 2022-01-13 11:32:57 +01:00
Dongjia Zhang
327ff98ea1
Asan fix (#460) 
* fix

* fix

* bump

* fmt
 2022-01-09 21:00:04 +01:00
Evan Richter
250ec8d1e0
Reduce generics for various Has* traits (#456) 
Specifically for Has{Rand,Corpus,Solutions,FeedbackStates}

The Has* family of traits offer getters and get-mut-ers. The previous
implementation had a fully generic return type:

    trait HasX<X: TraitX> {
        get_x(&self) -> &Self::X;
        get_mut_x(&mut self) -> &mut Self::X;
    }

meaning a single type could implement both `HasRand<Romu>` and
`HasRand<XorShift>`. The advantage of having multiple implementations is
not clear at this time, so it vastly simplifies the trait (and its
impls) to bring the return type in the body as an associated type:

    trait HasX {
        type X: TraitX;
        get_x(&self) -> &Self::X;
        get_mut_x(&mut self) -> &mut Self::X;
    }

This comes with the limitation that any type that impls these traits can
only do so once, choosing only one associated type.

* HasRand's only generic parameter (Rand) is now an associated type
* HasCorpus and HasSolutions are now only generic over the Input type
  they store
* HasFeedbackStates generic parameter now associated type
 2022-01-06 10:41:02 +01:00
Dominik Maier
30eb1508de
Add OwnedSlice::RefRaw to keep track of raw pointers (#448) 
* add OwnedSlice::RefRaw to keep track of raw pointers

* clippy

* fmt

* new from ownedref

* clippy

* OwnedSliceInner

* fix,From

* as_slice()

* fmt

* fix doc

* OwnedSliceMut

* fixes

* clippy

* fix

* ownedmut -> owned

* to owned

* to_owned -> clone

* removed comment

Co-authored-by: tokatoka <tokazerkje@outlook.com>
 2022-01-05 01:15:23 +01:00
Dominik Maier
6d9763c51f
Move to clap 3.0 (#447) 
* move to clap 3.0

* fix cargo.toml

* update symcc to use clap3
 2022-01-04 23:53:12 +01:00
Dominik Maier
af3d321213
Derive debug for all structs in LibAFL (#442) 
* documentation, warnings

* fixed docs

* docs

* no_std

* test

* windows

* nautilus docs

* more fixes

* more docs

* nits

* windows clippy

* docs, windows

* nits

* debug all the things

* derive debug for all core library components

* Docu for libafl_targets

* nits

* reordered generics

* add docs to frida, debug

* nits

* fixes

* more docu for frida, nits

* more docu

* more docu

* Sugar docs

* debug for qemu

* more debug

* import debug

* fmt

* debug

* anyap_debug feature no longer needed

* tidy up unused fn

* indicate if we left out values for struct debug

* implement Debug for sugar

* debug allthethings

* ci
 2022-01-03 00:47:17 +01:00