862de53cf6
* squash libfuzzer edits * fixup: compat with custom mutators * use tui flag * add introspection support * use libfuzzer dep now that we've merged * force input loading * some fixes * begin docs, impl shrink * make whole-archive conditional and not default * make more copies of counters maps * lol, remember to add the observer * make size edge map observer an observer * fixup: make def of run driver conditional * add sanity checks for insertion * revert silencing of forks * add experimental tmin support; add default asan flags * use default options instead of specifying our own * implement lockless mode * fix merge * fixup lockless corpus * fixup for generalisation * remove erroneous drop_in_place * improve error logging in the case of corpus loading failure * ok, use lock files 😔 * fix tmin * implement merge (again); fix rare cases with maps being too small * implement a scheduler for removing excess * implement a walking strategy for corpus loading for large corpora * revert filename parameter; rename and remove duplicates * various cleanup and clippy satisfaction * fix no_std tests * clang-format * expand and satisfy the clippy gods * fix sanitizer_ifaces bindgen for no_std * fix wasm fuzzer * fixup clippy script * rename and provide a small amount of explanation for sanitizer_interfaces * fixup: HasLastReportTime * fix clippy oddities * restrict clippy checks to linux-only for libafl_libfuzzer_runtime * name the mutators * format * fix clippy warning * hope docker is fixed * fix cmin lint * clippy pass * more docs * more clippy * fix remaining clippy complaints * fix import * miri fixes (no constructors executed) * exclude libafl_libfuzzer from cargo-hack * fix clippy check for sanitizer_interfaces * fmt * fix CI (?) * deduplicate sancov 8bit for improved perf on ASAN * merge 8bit coverage regions + comment out insane deduplication * no erroring out on free hooks * fixup for non-forking merge * skip the corpus dir if we use it * fixup: recent libafl changes and feature flags * libafl_libfuzzer: use rust-lld for whole-archive feature * clarify cause of failure * mark unsafe * clippy :cursed_cowboy: * attempt to fix wasm * spooky unknowable bug 👻 * more clippy lints * clippy fix for merge * use the version pin * add unsafe to ::register * Serdeany autoreg fix * make type assert actionable * miri fixes --------- Co-authored-by: Dominik Maier <domenukk@gmail.com> Co-authored-by: Dominik Maier <dmnk@google.com> Co-authored-by: Mrmaxmeier <Mrmaxmeier@gmail.com>
libafl-wasm
A brief demo demonstrating libafl's compatibility with WASM, and how to do it.
In this example, the entire LibAFL harness and target are present in a WASM binary, which is then loaded by the example
webpage. To run this example, do cargo make build, then open the example webpage in
your browser (via something like python3 -m http.server). The fuzzer will execute until finding a solution and will
write the fuzzer log to your console.
In a real fuzzing campaign, you would likely need to also create a LibAFL Corpus implementation which was backed by JavaScript, and restart the fuzzing campaign by re-invoking the fuzzer and providing the associated corpora. This is not demonstrated in this barebones example.