Merge branch 'main' into nyx_continue_filters

AFLplusplus · Jan 13, 2025 · 90da86e · 90da86e
2 parents c9d0f86 + aa0391e
commit 90da86e
Show file tree

Hide file tree

Showing 65 changed files with 905 additions and 1,206 deletions.
diff --git a/.github/workflows/build_and_test.yml b/.github/workflows/build_and_test.yml
@@ -209,21 +209,15 @@ jobs:
         run: ./scripts/fmt_all.sh check
 
   check-md-links:
-    runs-on: ubuntu-latest
+    # fixme: use ubuntu-latest once this gets fixed https://github.com/UmbrellaDocs/action-linkspector/issues/32
+    runs-on: ubuntu-22.04
     steps:
       - uses: actions/checkout@v4
-      - name: Install linkspector
-        shell: bash
-        run: sudo apt-get update && sudo apt-get install -y npm && npm install -g @umbrelladocs/linkspector
       - name: Run linkspector
-        shell: bash
-        run: ./scripts/check_md_links.sh
-      # TODO: Use github action once it's fixed (https://github.com/UmbrellaDocs/action-linkspector/issues/20)
-      # - name: Run linkspector
-      #   uses: umbrelladocs/action-linkspector@v1
-      #   with:
-      #     fail_on_error: 'true'
-      #     config_file: '.github/.linkspector.yml'
+        uses: umbrelladocs/action-linkspector@v1
+        with:
+          fail_on_error: 'true'
+          config_file: '.github/.linkspector.yml'
 
   msrv:
     runs-on: ubuntu-latest

diff --git a/Cargo.toml b/Cargo.toml
@@ -121,7 +121,7 @@ toml = "0.8.19" # For parsing the injections toml file
 typed-builder = "0.20.0" # Implement the builder pattern at compiletime
 uuid = { version = "1.10.0", features = ["serde", "v4"] }
 which = "6.0.3"
-windows = "0.58.0"
+windows = "0.59.0"
 z3 = "0.12.1"
 
 

diff --git a/fuzzers/baby/baby_fuzzer_custom_executor/src/main.rs b/fuzzers/baby/baby_fuzzer_custom_executor/src/main.rs
@@ -7,19 +7,19 @@ use libafl::monitors::tui::TuiMonitor;
 #[cfg(not(feature = "tui"))]
 use libafl::monitors::SimpleMonitor;
 use libafl::{
-    corpus::{InMemoryCorpus, OnDiskCorpus},
+    corpus::{Corpus, InMemoryCorpus, OnDiskCorpus},
     events::SimpleEventManager,
     executors::{Executor, ExitKind, WithObservers},
     feedback_and_fast,
     feedbacks::{CrashFeedback, MaxMapFeedback},
     fuzzer::{Fuzzer, StdFuzzer},
     generators::RandPrintablesGenerator,
-    inputs::HasTargetBytes,
+    inputs::{HasTargetBytes, UsesInput},
     mutators::{havoc_mutations::havoc_mutations, scheduled::StdScheduledMutator},
     observers::StdMapObserver,
     schedulers::QueueScheduler,
     stages::mutational::StdMutationalStage,
-    state::{HasExecutions, State, StdState, UsesState},
+    state::{HasCorpus, HasExecutions, StdState, UsesState},
 };
 use libafl_bolts::{current_nanos, nonzero, rands::StdRand, tuples::tuple_list, AsSlice};
 
@@ -35,34 +35,30 @@ fn signals_set(idx: usize) {
     unsafe { write(SIGNALS_PTR.add(idx), 1) };
 }
 
-struct CustomExecutor<S: State> {
+struct CustomExecutor<S> {
     phantom: PhantomData<S>,
 }
 
-impl<S: State> CustomExecutor<S> {
+impl<S> CustomExecutor<S> {
     pub fn new(_state: &S) -> Self {
         Self {
             phantom: PhantomData,
         }
     }
 }
 
-impl<S: State> UsesState for CustomExecutor<S> {
-    type State = S;
-}
-
-impl<EM, S, Z> Executor<EM, Z> for CustomExecutor<S>
+impl<EM, S, Z> Executor<EM, <S::Corpus as Corpus>::Input, S, Z> for CustomExecutor<S>
 where
     EM: UsesState<State = S>,
-    S: State + HasExecutions,
-    Self::Input: HasTargetBytes,
+    S: HasCorpus + HasExecutions + UsesInput<Input = <S::Corpus as Corpus>::Input>,
+    <S::Corpus as Corpus>::Input: HasTargetBytes,
 {
     fn run_target(
         &mut self,
         _fuzzer: &mut Z,
         state: &mut S,
         _mgr: &mut EM,
-        input: &Self::Input,
+        input: &<S::Corpus as Corpus>::Input,
     ) -> Result<ExitKind, libafl::Error> {
         // We need to keep track of the exec count.
         *state.executions_mut() += 1;

diff --git a/fuzzers/baby/baby_fuzzer_swap_differential/Cargo.toml b/fuzzers/baby/baby_fuzzer_swap_differential/Cargo.toml
@@ -22,7 +22,7 @@ debug = true
 [build-dependencies]
 anyhow = "1.0.89"
 bindgen = "0.70.1"
-cc = "1.1.21"
+cc = "=1.2.7"      # fix me later
 
 [dependencies]
 libafl = { path = "../../../libafl", features = ["tui_monitor"] }

diff --git a/fuzzers/binary_only/intel_pt_command_executor/src/main.rs b/fuzzers/binary_only/intel_pt_command_executor/src/main.rs
@@ -12,6 +12,7 @@ use libafl::{
     feedbacks::{CrashFeedback, MaxMapFeedback},
     fuzzer::{Fuzzer, StdFuzzer},
     generators::RandPrintablesGenerator,
+    inputs::BytesInput,
     monitors::SimpleMonitor,
     mutators::{havoc_mutations::havoc_mutations, scheduled::StdScheduledMutator},
     observers::StdMapObserver,
@@ -131,7 +132,11 @@ pub fn main() {
         .timeout(Duration::from_secs(2))
         .build();
     let mut executor =
-        command_configurator.into_executor_with_hooks(tuple_list!(observer), tuple_list!(hook));
+        <PTraceCommandConfigurator as CommandConfigurator<BytesInput, _>>::into_executor_with_hooks(
+            command_configurator,
+            tuple_list!(observer),
+            tuple_list!(hook),
+        );
 
     // Generator of printable bytearrays of max size 32
     let mut generator = RandPrintablesGenerator::new(NonZero::new(32).unwrap());

diff --git a/fuzzers/binary_only/qemu_launcher/src/instance.rs b/fuzzers/binary_only/qemu_launcher/src/instance.rs
@@ -323,7 +323,6 @@ impl<M: Monitor> Instance<'_, M> {
     where
         Z: Fuzzer<E, ClientMgr<M>, ClientState, ST>
             + Evaluator<E, ClientMgr<M>, BytesInput, ClientState>,
-        E: UsesState<State = ClientState>,
         ST: StagesTuple<E, ClientMgr<M>, ClientState, Z>,
     {
         let corpus_dirs = [self.options.input_dir()];

diff --git a/fuzzers/forkserver/libafl-fuzz/src/executor.rs b/fuzzers/forkserver/libafl-fuzz/src/executor.rs
@@ -6,9 +6,10 @@ use std::{
 };
 
 use libafl::{
+    corpus::Corpus,
     executors::{Executor, ExitKind, HasObservers, HasTimeout},
-    observers::ObserversTuple,
-    state::{State, UsesState},
+    inputs::UsesInput,
+    state::{HasCorpus, UsesState},
     Error,
 };
 use libafl_bolts::tuples::RefIndexable;
@@ -259,28 +260,20 @@ pub enum SupportedExecutors<S, OT, FSV, NYX> {
 }
 
 #[cfg(feature = "nyx")]
-impl<S, OT, FSV, NYX> UsesState for SupportedExecutors<S, OT, FSV, NYX>
+impl<S, OT, FSV, NYX, EM, Z> Executor<EM, <S::Corpus as Corpus>::Input, S, Z>
+    for SupportedExecutors<S, OT, FSV, NYX>
 where
-    S: State,
-{
-    type State = S;
-}
-
-#[cfg(feature = "nyx")]
-impl<S, OT, FSV, NYX, EM, Z> Executor<EM, Z> for SupportedExecutors<S, OT, FSV, NYX>
-where
-    S: State,
-    Z: UsesState<State = S>,
+    S: HasCorpus + UsesInput<Input = <S::Corpus as Corpus>::Input>,
     EM: UsesState<State = S>,
-    FSV: Executor<EM, Z, State = S>,
-    NYX: Executor<EM, Z, State = S>,
+    NYX: Executor<EM, <S::Corpus as Corpus>::Input, S, Z>,
+    FSV: Executor<EM, <S::Corpus as Corpus>::Input, S, Z>,
 {
     fn run_target(
         &mut self,
         fuzzer: &mut Z,
         state: &mut S,
         mgr: &mut EM,
-        input: &S::Input,
+        input: &<S::Corpus as Corpus>::Input,
     ) -> Result<ExitKind, Error> {
         match self {
             Self::Forkserver(fsrv, _) => fsrv.run_target(fuzzer, state, mgr, input),
@@ -293,10 +286,8 @@ where
 #[cfg(feature = "nyx")]
 impl<S, OT, FSV, NYX> HasObservers for SupportedExecutors<S, OT, FSV, NYX>
 where
-    OT: ObserversTuple<S::Input, S>,
-    S: State,
-    FSV: HasObservers<Observers = OT>,
     NYX: HasObservers<Observers = OT>,
+    FSV: HasObservers<Observers = OT>,
 {
     type Observers = OT;
     #[inline]
@@ -340,25 +331,18 @@ where
     }
 }
 
-#[cfg(not(feature = "nyx"))]
-impl<S, OT, FSV> UsesState for SupportedExecutors<S, OT, FSV>
-where
-    S: State,
-{
-    type State = S;
-}
-
 #[cfg(not(feature = "nyx"))]
 pub enum SupportedExecutors<S, OT, FSV> {
     Forkserver(FSV, PhantomData<(S, OT)>),
 }
 
 #[cfg(not(feature = "nyx"))]
-impl<S, OT, FSV, EM, Z> Executor<EM, Z> for SupportedExecutors<S, OT, FSV>
+impl<S, OT, FSV, EM, Z> Executor<EM, <S::Corpus as Corpus>::Input, S, Z>
+    for SupportedExecutors<S, OT, FSV>
 where
-    S: State,
+    S: HasCorpus + UsesInput<Input = <S::Corpus as Corpus>::Input>,
     EM: UsesState<State = S>,
-    FSV: Executor<EM, Z, State = S>,
+    FSV: Executor<EM, <S::Corpus as Corpus>::Input, S, Z>,
 {
     fn run_target(
         &mut self,
@@ -376,8 +360,6 @@ where
 #[cfg(not(feature = "nyx"))]
 impl<S, OT, FSV> HasObservers for SupportedExecutors<S, OT, FSV>
 where
-    OT: ObserversTuple<S::Input, S>,
-    S: State,
     FSV: HasObservers<Observers = OT>,
 {
     type Observers = OT;

diff --git a/libafl/Cargo.toml b/libafl/Cargo.toml
@@ -250,7 +250,7 @@ ratatui = { version = "0.29.0", default-features = false, features = [
 ], optional = true } # Commandline rendering, for TUI Monitor
 crossterm = { version = "0.28.1", optional = true }
 
-prometheus-client = { version = "0.22.3", optional = true } # For the prometheus monitor
+prometheus-client = { version = "0.23.0", optional = true } # For the prometheus monitor
 tide = { version = "0.16.0", optional = true }
 async-std = { version = "1.13.0", features = ["attributes"], optional = true }
 futures = { version = "0.3.30", optional = true }

diff --git a/libafl/src/corpus/minimizer.rs b/libafl/src/corpus/minimizer.rs
@@ -17,30 +17,29 @@ use crate::{
     corpus::Corpus,
     events::{Event, EventFirer, LogSeverity},
     executors::{Executor, HasObservers},
+    inputs::{Input, UsesInput},
     monitors::{AggregatorOps, UserStats, UserStatsValue},
     observers::{MapObserver, ObserversTuple},
     schedulers::{LenTimeMulTestcaseScore, RemovableScheduler, Scheduler, TestcaseScore},
-    state::{HasCorpus, HasExecutions, UsesState},
+    state::{HasCorpus, HasExecutions},
     Error, HasMetadata, HasScheduler,
 };
 
 /// Minimizes a corpus according to coverage maps, weighting by the specified `TestcaseScore`.
 ///
 /// Algorithm based on WMOPT: <https://hexhive.epfl.ch/publications/files/21ISSTA2.pdf>
 #[derive(Debug)]
-pub struct MapCorpusMinimizer<C, E, O, T, TS> {
+pub struct MapCorpusMinimizer<C, E, O, S, T, TS> {
     observer_handle: Handle<C>,
-    phantom: PhantomData<(E, O, T, TS)>,
+    phantom: PhantomData<(E, O, S, T, TS)>,
 }
 
 /// Standard corpus minimizer, which weights inputs by length and time.
-pub type StdCorpusMinimizer<C, E, O, T> = MapCorpusMinimizer<C, E, O, T, LenTimeMulTestcaseScore>;
+pub type StdCorpusMinimizer<C, E, O, S, T> =
+    MapCorpusMinimizer<C, E, O, S, T, LenTimeMulTestcaseScore>;
 
-impl<C, E, O, T, TS> MapCorpusMinimizer<C, E, O, T, TS>
+impl<C, E, O, S, T, TS> MapCorpusMinimizer<C, E, O, S, T, TS>
 where
-    E: UsesState,
-    E::State: HasCorpus + HasMetadata,
-    TS: TestcaseScore<E::State>,
     C: Named,
 {
     /// Constructs a new `MapCorpusMinimizer` from a provided observer. This observer will be used
@@ -53,15 +52,14 @@ where
     }
 }
 
-impl<C, E, O, T, TS> MapCorpusMinimizer<C, E, O, T, TS>
+impl<C, E, O, S, T, TS> MapCorpusMinimizer<C, E, O, S, T, TS>
 where
-    E: UsesState,
     for<'a> O: MapObserver<Entry = T> + AsIter<'a, Item = T>,
     C: AsRef<O>,
-    E::State: HasMetadata + HasCorpus + HasExecutions,
-    <<E as UsesState>::State as HasCorpus>::Corpus: Corpus<Input = E::Input>,
+    S: HasMetadata + HasCorpus + HasExecutions + UsesInput<Input = <S::Corpus as Corpus>::Input>,
+    <S::Corpus as Corpus>::Input: Input,
     T: Copy + Hash + Eq,
-    TS: TestcaseScore<E::State>,
+    TS: TestcaseScore<S>,
 {
     /// Do the minimization
     #[expect(clippy::too_many_lines)]
@@ -70,14 +68,15 @@ where
         fuzzer: &mut Z,
         executor: &mut E,
         manager: &mut EM,
-        state: &mut E::State,
+        state: &mut S,
     ) -> Result<(), Error>
     where
-        E: Executor<EM, Z> + HasObservers,
-        E::Observers: ObserversTuple<E::Input, E::State>,
-        CS: Scheduler<E::Input, E::State> + RemovableScheduler<E::Input, E::State>,
-        EM: EventFirer<State = E::State>,
-        Z: HasScheduler<E::Input, E::State, Scheduler = CS>,
+        E: Executor<EM, <S::Corpus as Corpus>::Input, S, Z> + HasObservers,
+        E::Observers: ObserversTuple<<S::Corpus as Corpus>::Input, S>,
+        CS: Scheduler<<S::Corpus as Corpus>::Input, S>
+            + RemovableScheduler<<S::Corpus as Corpus>::Input, S>,
+        EM: EventFirer<State = S>,
+        Z: HasScheduler<<S::Corpus as Corpus>::Input, S, Scheduler = CS>,
     {
         // don't delete this else it won't work after restart
         let current = *state.corpus().current();

diff --git a/libafl/src/events/centralized.rs b/libafl/src/events/centralized.rs
@@ -367,7 +367,7 @@ impl<E, EM, EMH, S, SP, Z> EventProcessor<E, Z> for CentralizedEventManager<EM,
 where
     EM: AdaptiveSerializer + EventProcessor<E, Z> + EventFirer<State = S> + HasEventManagerId,
     EMH: EventManagerHooksTuple<S>,
-    E: HasObservers + Executor<Self, Z, State = Self::State>,
+    E: HasObservers + Executor<Self, <S::Corpus as Corpus>::Input, S, Z>,
     E::Observers:
         ObserversTuple<<Self as UsesInput>::Input, <Self as UsesState>::State> + Serialize,
     for<'a> E::Observers: Deserialize<'a>,
@@ -402,7 +402,7 @@ where
 
 impl<E, EM, EMH, S, SP, Z> EventManager<E, Z> for CentralizedEventManager<EM, EMH, S, SP>
 where
-    E: HasObservers + Executor<Self, Z, State = Self::State>,
+    E: HasObservers + Executor<Self, <S::Corpus as Corpus>::Input, S, Z>,
     E::Observers:
         ObserversTuple<<Self as UsesInput>::Input, <Self as UsesState>::State> + Serialize,
     for<'a> E::Observers: Deserialize<'a>,
@@ -532,7 +532,7 @@ where
         executor: &mut E,
     ) -> Result<usize, Error>
     where
-        E: Executor<Self, Z, State = <Self as UsesState>::State> + HasObservers,
+        E: Executor<Self, <S::Corpus as Corpus>::Input, S, Z> + HasObservers,
         E::Observers:
             ObserversTuple<<Self as UsesInput>::Input, <Self as UsesState>::State> + Serialize,
         <Self as UsesState>::State: UsesInput + HasExecutions + HasMetadata,
@@ -582,7 +582,7 @@ where
         event: Event<<<Self as UsesState>::State as UsesInput>::Input>,
     ) -> Result<(), Error>
     where
-        E: Executor<Self, Z, State = <Self as UsesState>::State> + HasObservers,
+        E: Executor<Self, <S::Corpus as Corpus>::Input, S, Z> + HasObservers,
         E::Observers:
             ObserversTuple<<Self as UsesInput>::Input, <Self as UsesState>::State> + Serialize,
         <Self as UsesState>::State: UsesInput + HasExecutions + HasMetadata,

diff --git a/libafl/src/events/llmp/mgr.rs b/libafl/src/events/llmp/mgr.rs
@@ -410,7 +410,7 @@ where
         event: Event<S::Input>,
     ) -> Result<(), Error>
     where
-        E: Executor<Self, Z, State = S> + HasObservers,
+        E: Executor<Self, <S::Corpus as Corpus>::Input, S, Z> + HasObservers,
         E::Observers: ObserversTuple<S::Input, S> + Serialize,
         for<'a> E::Observers: Deserialize<'a>,
         Z: ExecutionProcessor<Self, <S::Corpus as Corpus>::Input, E::Observers, S>
@@ -608,7 +608,7 @@ where
     S: State + HasExecutions + HasMetadata + HasImported + HasCorpus,
     S::Corpus: Corpus<Input = S::Input>,
     SP: ShMemProvider,
-    E: HasObservers + Executor<Self, Z, State = S>,
+    E: HasObservers + Executor<Self, <S::Corpus as Corpus>::Input, S, Z>,
     E::Observers: ObserversTuple<S::Input, S> + Serialize,
     for<'a> E::Observers: Deserialize<'a>,
     Z: ExecutionProcessor<Self, <S::Corpus as Corpus>::Input, E::Observers, S>
@@ -666,7 +666,7 @@ where
 
 impl<E, EMH, S, SP, Z> EventManager<E, Z> for LlmpEventManager<EMH, S, SP>
 where
-    E: HasObservers + Executor<Self, Z, State = S>,
+    E: HasObservers + Executor<Self, <S::Corpus as Corpus>::Input, S, Z>,
     E::Observers: ObserversTuple<S::Input, S> + Serialize,
     for<'a> E::Observers: Deserialize<'a>,
     EMH: EventManagerHooksTuple<S>,