* remove libafl_tests
* fmt
* fix
* fix
* fix
* first
* width
* start working on runtime side
* experimental c code for generate_shadow_check_function
* generate shadow_check_blob
* add
* debuggin
* fix
* passes assert tests
* cargo fmt
* generate_shadow_check_blob, untested
* save flags
* add
* make registers numbers a const
* register frames?
* comment
* debugging memcpy
* fix a bug, more to come
* finally error removed
* finally working function hooking & clean up
* fix for arm & update stub
* fix
* blob
* blob_check_mem works? (at least no errors) & fmt
* add an link to show how the asm code are generated
* put probe code for aarch64 back & clippy
* fmt
* still blob emitting errors
* fmt
* now that blob works?
* stack alignment
* testing speed with hook_function only
* comment some printlns out
* small fix: ignore rep, jmp to current_report_impl iff blob_check_mems are emitted
* make rip accessible by pc()
* Program counter accessors for both arch
* fmt
* fix
* fix offset
* retrieve accessed memory addr, r/w rip
* inspect the fault triggering instruction
* AsanError Classification
* clippy fixes
* pass basereg/indexreg/disp to AsanErros
* update asanerrors for amd64
* clippy
* fmt
* use frida/frida-rust
* just use 44
* fix debug build
* fix
* fix
* crate.io
* change
* fmt
* initial atheris libfuzzer harness
* cmplog, kinda
* added makefile to generic_inmemory
* Makefile for atheris fuzzer
* moved away from clap yaml
* fixed arg parsing
* fuzzing
* ldpreload lib to replace exit with abort
* fixed docker, docs
* fix docker some more
* better documentation
* less commented out important things
* Make makefile less crashy
* add ability to trace location information in concolic tracer
* fix formatting
* introduce location new-type
* fix conolic smoke test
* impl From instead of custom into_inner function
* fmt
* change to use usize instead of NonZeroUsize
in order to no over-constrain the implementation
* store executor_ptr
* QemuHelpers
* working hooks and snapshot helper
* walk only the list of dirty pages on restore()
* mem hooks for snpashot
* brk snapshot
* snapshot method
* macos shit
* sugar and clippy
* clippy
* clippy on windows
* clippy fixes on windows
* clippy, fmt
* fixed testcases for windows
* fixing workspace.yml
* testcase no longer fails without clang
* fix github dependencies to specific revisions
* fix qemu without python
* cleanup HookResult
* llmp docs skeleton
* llmp documentation
* more llmp docu
* llmp
* some core concepts
* start working on tutorial
* adapted rng_core to lain
* fix tutorial build
* warnings, format
* add explanation
* No need to own the types
* metadata
* writing
* fmt
* tutorial folder
* lain needs nightly
* added mdbook test to ci
* fix ci, add linkcheck
* more book
* baby
* tutorial target
* fix mdbook build
* fix mdbook test
* more book
* fixed typo
* fixed build
* spawn instances'
* 'finish' book
* added sugar crate information
Co-authored-by: Dominik Maier <domenukk@gmail.com>
* fix ondisk corpus race condition
* move metadata name to be a dotfile
* note ExitKind for crashes and timeouts in inprocess executor
* potential fix for windows
* added write_file_atomic
* no_std fixes
* no_std testcase fix
* typo fix, windows
* clippy
* more no_std testing
* Add core_id to launcher run_client closure signature
* Format
* Attempt to fix windows build
* windows
* Sleep for index seconds instead of id seconds when launching cores (#292)
* Use external, custom time function for no_std environments
* fixup! Use external, custom time function for no_std environments
* fixup! Use external, custom time function for no_std environments
* starting to fix macos linker bugs
* mdetailed error prints
* start shmem service manually
* not a doc comment
* Some fixes
* only send exit msg to shmemservice when start was successful
* incorporated shmem service into provider
* removed unused imports
* trying to fix fuzzers
* fixed build
* check if join_handle is_some
* more debug prints
* fixed shmem service autolaunch
* fixed macos linker
* ignoring broken libpng testcase on macos for now (see #252)
* fmt
* try to fix missing llvm_config (see #253)
* empty issue template added
* Mmanually look for llvm-config on MacOS
* fixing CI
* fixed docs
* ignoring libmozjpg for CI, see #254
* fix compilation of runtime of concolic example fuzzer
* fix compilation of example fuzzer
* fix incorrect traced target configuration
this would lead to the runtime never tracing any expressions.
failed to specifiy the input file name for the runtime to know what to symbolize
* add ability to specify whether a node should do concolic or traditional
* slightly more realistic concolic solving by using solver timeout
* enable expression pruning
* create a separate crate for symcc url and commit hash
also contains functions to checkout and build symcc from a build script
* fix dockerfile
* clippy
* document symcc_runtime
* rename serialization format expressions to be more concise
* authorship notes
* document dump_constraints
* document smoke test
* tests for serialization format and refactoring
* remove unused bswap message
* remove obselete SymExpr::End
* document and refactor serialization format
* fmt
* more missing docs
* typos
* clippy
* add stub runtime that links with symcc common runtime code
* implement tracing runtime to generate message file
* move ShMemCursor to libafl proper
* qualify enum imports to make clippy happy
* fix warnings
* formatting
* update symcc submodule to point to AFL++ org repo
* fix naming of ShMemCursor and remove std requirement
* ensure runtime is named correctly after compilation
* add devcontainer files for easier development
(will be removed later)
* move rust nightly install into devcontainer.json
this makes it run after the container has been built
* dev container: install recommended packages
* switch to building rust runtime from SymCC cmake
* install corrosion in dev container for cmake-cargo integration
* add smoke test for symcc-runtime integration
* update symcc submodule
* add rustfmt to devcontainer
* properly mark the end of a constraint trace
Using a special "End" message
* small tool to dump constraints from a traced process
* extend smoke test to include parsing & printing of constraints
* update symcc submodule
* first draft of expression filters for concolic
* fix type in runtime method name
* update symcc submodule
* implement extensions to serdeany map:
* remove -> Option<T>
* insert_boxed(Box<T>) (avoids allocation if value is already boxed)
* implement std::io::Seek for ShMemCursor
* implement framing for in-memory traces
this allows to efficiently get the length of trace.
this is important for efficiently copying the trace out of the shared
memory region.
* fix for serdeany map
* fuzzer that associates concolic traces with test
case
* ensure runtime can handle 0-expressions
* move metadata, observer and feedback into separate files
* convert executor to command executor and move to separate file
* refactoring and streamlining
* move panic mode configuration to cmake script
* compile cmake from source, because debians version is too old.........
* use separate stage for tracing
* fix dockerfile
* move runtime into the workspace
using prior work on compilation flags from cmake
* actually make use of selective symbolication filter
* update to support latest symcc changes
* implement hitmap for concolic runtime
* clippy
* implement selective symbolization and coverage map for dump_constraints tool
* use concolic runtime coverage for concolic fuzzer feedback
* actually kill process on timeout
* be extra careful after killing process
* increase command executor busy wait to 5ms
* implement concolic tracing stage
* address naming issue
* implement floating point expression filter for runtime
* rename expression filters to be less verbose
* implement expression pruning
* implement ConcolicMutationalStage
* refactor command executor and remove busy loop
* implement generic command executor
* remove debug prints
* refactor + documentation
* refactor
* add stub runtime that links with symcc common runtime code
* implement tracing runtime to generate message file
* move ShMemCursor to libafl proper
* qualify enum imports to make clippy happy
* fix warnings
* formatting
* update symcc submodule to point to AFL++ org repo
* fix naming of ShMemCursor and remove std requirement
* ensure runtime is named correctly after compilation
* add devcontainer files for easier development
(will be removed later)
* move rust nightly install into devcontainer.json
this makes it run after the container has been built
* dev container: install recommended packages
* switch to building rust runtime from SymCC cmake
* install corrosion in dev container for cmake-cargo integration
* add smoke test for symcc-runtime integration
* update symcc submodule
* add rustfmt to devcontainer
* properly mark the end of a constraint trace
Using a special "End" message
* small tool to dump constraints from a traced process
* extend smoke test to include parsing & printing of constraints
* update symcc submodule
* first draft of expression filters for concolic
* fix type in runtime method name
* update symcc submodule
* implement extensions to serdeany map:
* remove -> Option<T>
* insert_boxed(Box<T>) (avoids allocation if value is already boxed)
* implement std::io::Seek for ShMemCursor
* implement framing for in-memory traces
this allows to efficiently get the length of trace.
this is important for efficiently copying the trace out of the shared
memory region.
* fix for serdeany map
* fuzzer that associates concolic traces with test
case
* ensure runtime can handle 0-expressions
* move metadata, observer and feedback into separate files
* convert executor to command executor and move to separate file
* refactoring and streamlining
* move panic mode configuration to cmake script
* compile cmake from source, because debians version is too old.........
* use separate stage for tracing
* fix dockerfile
* move runtime into the workspace
using prior work on compilation flags from cmake
* actually make use of selective symbolication filter
* update to support latest symcc changes
* implement hitmap for concolic runtime
* clippy
* implement selective symbolization and coverage map for dump_constraints tool
* use concolic runtime coverage for concolic fuzzer feedback
* actually kill process on timeout
* be extra careful after killing process
* increase command executor busy wait to 5ms
* implement concolic tracing stage
* address naming issue
* implement floating point expression filter for runtime
* rename expression filters to be less verbose
* implement expression pruning
* implement ConcolicMutationalStage
* refactor command executor and remove busy loop
* implement generic command executor
* remove debug prints
* refactor + documentation
* refactor
* fixed build, clippy
* no_std
* implement WithObservers executor as discussed
* add symqemu as a submodule
* fix symqemu submodule URL to be relative
* update the concolic runtime to match the new interface
* update the trace file header regularly to save constraints in case the program crashes
* add build dependencies for symqemu
* handle full mesage buffer properly
* better policy for updating trace header
* less aggregiously inefficient GC information serialization
* move concolic runtime hitmap count to filter
this is in preparation for the new runtime interface
* very WIP new runtime interface
* use more convenient types in rust runtime
* EmptyRuntime -> NopRuntime
* hide cpp_runtime and formatting
* implement tracing runtime using new runtime interface
* implement filters with new runtime interface
* use a local checkout for symcc_runtime
* make test runtime tracing
* use test_runtime in smoke test
* fix formatting
* make the clippy overlord happy?
* disable symcc build on everything but linux
* make more of symcc_runtime linux only
* fix linking symcc_runtime with C++ stdlib
* will clippy ever be happy?
* formatting
* don't export symcc runtime when compiling tests
* clippy...
* "don't export symcc runtime when compiling tests" for runtime crate as well
* clippy
* move command executor to LibAFL
* move concolic crate into LibAFL
* move concolic{metada,observer} into LibAFL
* move ConcolicFeedback into LibAFL
* move ConolicStage into LibAFL
* fix bug in symcc part of concolic runtime
* stb_image fuzzer with concolic as example fuzzer
* clean up basic_concolic_fuzzer
* clean up and document concolic example fuzzer
* formatting
* clippy
* remove basic_concolic_fuzzer (it is now part of the examples)
* remove the runtime crate in favor of symcc_runtime
* re-architect concolic smoke test and remove git submodules
* remove old submodule directories
* make coverage filter public
* focker docker build
* clippy
* clippy fixes
* fix ubuntu as well
* remove .gitmodules
* move concolic mutational stage into libafl behind feature flag
* script to install dependencies for concolic smoke test
* fix bug
* clippy
* add github action to run smoke test
* fix action
* ensure smoke test is run in correct directory
* remove devcontainer files
* address feedback
* clippy
* more clippy
* address more feedback
Co-authored-by: Dominik Maier <domenukk@gmail.com>
