LibAFL Versions Save

Highlights

• a new libafl_qemu API for binary-only fuzzing
• heaps of fixes for libafl_frida and better Windows support
• MiMalloc allocator for speed and stability in examples
• Less (!) generics
• Message-passing fixes for aarch64

What's Changed

• Windows timeout fix with critical sections by @tokatoka in https://github.com/AFLplusplus/LibAFL/pull/391
• Symcc submodule referencing a path by @domenukk in https://github.com/AFLplusplus/LibAFL/pull/411
• Fix timeout type from u32 to i64 in windows TimeoutExecutor by @tokatoka in https://github.com/AFLplusplus/LibAFL/pull/414
• Fix forkserver_simple clap issue by @tokatoka in https://github.com/AFLplusplus/LibAFL/pull/412
• Fix Clap about() issue by @tokatoka in https://github.com/AFLplusplus/LibAFL/pull/417
• Debug output for forkserver by @andreafioraldi in https://github.com/AFLplusplus/LibAFL/pull/413
• Reworking example fuzzers to use Structopt instead of yaml, and introduced Cores API by @domenukk in https://github.com/AFLplusplus/LibAFL/pull/420
• Fix makefile for frida_libpng by @domenukk in https://github.com/AFLplusplus/LibAFL/pull/422
• Various fixes for CI by @domenukk in https://github.com/AFLplusplus/LibAFL/pull/423
• Open the stdout-file once by @s1341 in https://github.com/AFLplusplus/LibAFL/pull/419
• Use AddVectoredExceptionHandler to register exception handlers by @tokatoka in https://github.com/AFLplusplus/LibAFL/pull/403
• Frida Refactor: Separate Frida other helper functions into each Runtime by @tokatoka in https://github.com/AFLplusplus/LibAFL/pull/418
• Implement AflMap by @vanhauser-thc in https://github.com/AFLplusplus/LibAFL/pull/416
• Frida shadow fix by @tokatoka in https://github.com/AFLplusplus/LibAFL/pull/425
• Fix frida-mode for debug builds, ensure it will continue to work on release builds by @s1341 in https://github.com/AFLplusplus/LibAFL/pull/427
• Other/User defined WIndows Exceptions by @tokatoka in https://github.com/AFLplusplus/LibAFL/pull/402
• Refactor libafl_qemu creating the Emulator struct and post syscall hooks by @andreafioraldi in https://github.com/AFLplusplus/LibAFL/pull/430
• Drcov remodelling by @domenukk in https://github.com/AFLplusplus/LibAFL/pull/415
• DrCov Runtime by @tokatoka in https://github.com/AFLplusplus/LibAFL/pull/432
• Implement max total allocation size for frida asan by @s1341 in https://github.com/AFLplusplus/LibAFL/pull/433
• Fix strncmp hook to only check the length of the needle string by @s1341 in https://github.com/AFLplusplus/LibAFL/pull/434
• [libafl_qemu] fix build.rs by @evanrichter in https://github.com/AFLplusplus/LibAFL/pull/435
• Frida various fixes by @s1341 in https://github.com/AFLplusplus/LibAFL/pull/436
• Use MiMalloc for fuzzbench fuzzer by @tokatoka in https://github.com/AFLplusplus/LibAFL/pull/439
• Add errors for missing Docs, add Docs by @domenukk in https://github.com/AFLplusplus/LibAFL/pull/440
• [libafl_qemu] prevent unneeded build.rs runs by @evanrichter in https://github.com/AFLplusplus/LibAFL/pull/441
• Updated dependencies by @domenukk in https://github.com/AFLplusplus/LibAFL/pull/443
• Derive debug for all structs in LibAFL by @domenukk in https://github.com/AFLplusplus/LibAFL/pull/442
• Cpu atomics for LLMP by @domenukk in https://github.com/AFLplusplus/LibAFL/pull/438
• [libafl_qemu] fix i386 Regs values by @evanrichter in https://github.com/AFLplusplus/LibAFL/pull/444
• Various fixes related to frida mode by @s1341 in https://github.com/AFLplusplus/LibAFL/pull/445
• Fix a typo in TODO.md by @yerke in https://github.com/AFLplusplus/LibAFL/pull/450
• Reorder type parameters in the correct order by @tokatoka in https://github.com/AFLplusplus/LibAFL/pull/449
• Disable pita 🥙 compiler in debug mode by @domenukk in https://github.com/AFLplusplus/LibAFL/pull/454
• Move to clap 3.0 by @domenukk in https://github.com/AFLplusplus/LibAFL/pull/447
• Add OwnedSlice::RefRaw to keep track of raw pointers by @domenukk in https://github.com/AFLplusplus/LibAFL/pull/448
• Reduce generics for various Has* traits by @evanrichter in https://github.com/AFLplusplus/LibAFL/pull/456
• Use UserStats for Stability by @tokatoka in https://github.com/AFLplusplus/LibAFL/pull/451
• Optional signal value to kill forked processes on timeout by @v-p-b in https://github.com/AFLplusplus/LibAFL/pull/461
• Fix windows build by @tokatoka in https://github.com/AFLplusplus/LibAFL/pull/462
• Asan fix by @tokatoka in https://github.com/AFLplusplus/LibAFL/pull/460
• Add --libaf-no-link to libafl_cc by @andreafioraldi in https://github.com/AFLplusplus/LibAFL/pull/464
• Shadow bit by @tokatoka in https://github.com/AFLplusplus/LibAFL/pull/455
• Bump to 0.7.1 by @andreafioraldi in https://github.com/AFLplusplus/LibAFL/pull/465
• Add --libafl arg in libafl_cc and enable it for fuzzbench by @andreafioraldi in https://github.com/AFLplusplus/LibAFL/pull/466
• Bump libafl_frida to 0.7.1 by @andreafioraldi in https://github.com/AFLplusplus/LibAFL/pull/467
• Bump libafl_sugar to 0.7.1 by @andreafioraldi in https://github.com/AFLplusplus/LibAFL/pull/468

New Contributors

• @yerke made their first contribution in https://github.com/AFLplusplus/LibAFL/pull/450
• @v-p-b made their first contribution in https://github.com/AFLplusplus/LibAFL/pull/461

Full Changelog: https://github.com/AFLplusplus/LibAFL/compare/0.7.0...0.7.1

What's Changed

• process crash handler, dump registers on macos arm64 by @devnexen in https://github.com/AFLplusplus/LibAFL/pull/271
• initial book entry for concolic by @julihoh in https://github.com/AFLplusplus/LibAFL/pull/257
• renamed target_os macos to target_vendor apple by @domenukk in https://github.com/AFLplusplus/LibAFL/pull/273
• Fix shmem on android by @s1341 in https://github.com/AFLplusplus/LibAFL/pull/272
• Symcc runtime docsrs fix by @julihoh in https://github.com/AFLplusplus/LibAFL/pull/270
• Build LibAFL Android in CI by @domenukk in https://github.com/AFLplusplus/LibAFL/pull/275
• Refactor configurations with EventConfig by @andreafioraldi in https://github.com/AFLplusplus/LibAFL/pull/277
• Token level fuzzing by @andreafioraldi in https://github.com/AFLplusplus/LibAFL/pull/274
• openbsd port. by @devnexen in https://github.com/AFLplusplus/LibAFL/pull/279
• Fix _LLMP_BIND_ADDR for Windows by @tokatoka in https://github.com/AFLplusplus/LibAFL/pull/285
• Build id configuration in std by @andreafioraldi in https://github.com/AFLplusplus/LibAFL/pull/286
• Use external, custom time function for no_std environments by @bitwave in https://github.com/AFLplusplus/LibAFL/pull/281
• ShMem server race-condition fix for #276 by @domenukk in https://github.com/AFLplusplus/LibAFL/pull/278
• Add core_id to launcher run_client closure signature by @s1341 in https://github.com/AFLplusplus/LibAFL/pull/290
• PowerSchedule::COE fix by @tokatoka in https://github.com/AFLplusplus/LibAFL/pull/295
• added write_file_atomic against ondisk corpus races by @domenukk in https://github.com/AFLplusplus/LibAFL/pull/294
• armv7 support: add ucontext struct definition by @pr0me in https://github.com/AFLplusplus/LibAFL/pull/297
• cbz, tbz, tbnz support for aarch64 cmplog by @domenukk in https://github.com/AFLplusplus/LibAFL/pull/298
• Qemu as lib by @andreafioraldi in https://github.com/AFLplusplus/LibAFL/pull/301
• WIP: added unfinished no_std docs by @bitwave in https://github.com/AFLplusplus/LibAFL/pull/282
• Example how to build baby-fuzzer as push instead of pull, using Klo-routines by @domenukk in https://github.com/AFLplusplus/LibAFL/pull/227
• Python basic bindings for sugar and qemu by @andreafioraldi in https://github.com/AFLplusplus/LibAFL/pull/302
• Book refactoring and update by @andreafioraldi in https://github.com/AFLplusplus/LibAFL/pull/280
• Fixed CI by ignoring python, resolved multiple warnings by @domenukk in https://github.com/AFLplusplus/LibAFL/pull/303
• Fix default UBSan options and avoid timeouts in crash handler by @andreafioraldi in https://github.com/AFLplusplus/LibAFL/pull/304
• Qemu new syscall hook and more python API by @andreafioraldi in https://github.com/AFLplusplus/LibAFL/pull/306
• Still fixing CI by @domenukk in https://github.com/AFLplusplus/LibAFL/pull/305
• Frida windows by @tokatoka in https://github.com/AFLplusplus/LibAFL/pull/287
• Qemu Helpers and basic snapshotting by @andreafioraldi in https://github.com/AFLplusplus/LibAFL/pull/310
• Allowlist and denylist for QEMU edges and cmps by @andreafioraldi in https://github.com/AFLplusplus/LibAFL/pull/311
• Qemu partial instr fix by @andreafioraldi in https://github.com/AFLplusplus/LibAFL/pull/312
• Qemu generic hooks by @andreafioraldi in https://github.com/AFLplusplus/LibAFL/pull/313
• Python generic qemu hook by @andreafioraldi in https://github.com/AFLplusplus/LibAFL/pull/314
• dumping process address maps on netbsd too by @devnexen in https://github.com/AFLplusplus/LibAFL/pull/316
• fix tutorial fuzzer by @julihoh in https://github.com/AFLplusplus/LibAFL/pull/323
• remove libafl_tests by @tokatoka in https://github.com/AFLplusplus/LibAFL/pull/324
• concolic optional runtime by @julihoh in https://github.com/AFLplusplus/LibAFL/pull/319
• init git submodule for symcc for symcc_runtime crate when publishing by @julihoh in https://github.com/AFLplusplus/LibAFL/pull/321
• don't include all of libafl for symcc_runtime by default by @julihoh in https://github.com/AFLplusplus/LibAFL/pull/320
• delayed checkout in ci by @domenukk in https://github.com/AFLplusplus/LibAFL/pull/326
• add ability to trace location information in concolic tracer by @julihoh in https://github.com/AFLplusplus/LibAFL/pull/322
• update packages related to concolic by @julihoh in https://github.com/AFLplusplus/LibAFL/pull/325
• 32 bit arm regs by @domenukk in https://github.com/AFLplusplus/LibAFL/pull/315
• update deps by @julihoh in https://github.com/AFLplusplus/LibAFL/pull/327
• Fix Typo. by @intrigus-lgtm in https://github.com/AFLplusplus/LibAFL/pull/330
• Error message in most likely case of using NONASAN and ASAN fuzzers using the same Fuzzer config by @marcinguy in https://github.com/AFLplusplus/LibAFL/pull/329
• Gramatron by @andreafioraldi in https://github.com/AFLplusplus/LibAFL/pull/332
• fixes for frida mode for win and checks in rust 1.56 by @domenukk in https://github.com/AFLplusplus/LibAFL/pull/334
• fix concolic nofloat filter by @julihoh in https://github.com/AFLplusplus/LibAFL/pull/333
• add support for aarch64 in libafl_qemu by @abgeana in https://github.com/AFLplusplus/LibAFL/pull/335
• Minor doc fixes by @faroukfaiz10 in https://github.com/AFLplusplus/LibAFL/pull/339
• Port gramatron preprocessing to Rust by @andreafioraldi in https://github.com/AFLplusplus/LibAFL/pull/341
• Atheris example to fuzz Python Code by @domenukk in https://github.com/AFLplusplus/LibAFL/pull/300
• Fix warnings for windows by @tokatoka in https://github.com/AFLplusplus/LibAFL/pull/344
• Fix #344 by @tokatoka in https://github.com/AFLplusplus/LibAFL/pull/345
• Upgrade to Rust 2021 Edition by @jamcleod in https://github.com/AFLplusplus/LibAFL/pull/340
• MultiMapObserver and sancov 8bit-counters instrumentation by @andreafioraldi in https://github.com/AFLplusplus/LibAFL/pull/343
• Fix double borrow mut in CachedOnDiskCorpus by @andreafioraldi in https://github.com/AFLplusplus/LibAFL/pull/347
• Frida Address Sanitizer for x86_64 by @tokatoka in https://github.com/AFLplusplus/LibAFL/pull/331
• Refcnt for MapIndexesMetadata by @andreafioraldi in https://github.com/AFLplusplus/LibAFL/pull/348
• Fix the number of clients spawned by @tokatoka in https://github.com/AFLplusplus/LibAFL/pull/349
• Minor readme improvement in frida_libpng fuzzer. by @expend20 in https://github.com/AFLplusplus/LibAFL/pull/350
• Fix Numbering in Docs by @expend20 in https://github.com/AFLplusplus/LibAFL/pull/354
• Fix cfgs for frida asan by @tokatoka in https://github.com/AFLplusplus/LibAFL/pull/353
• Fork feature flag to disable fork in Launcher by @domenukk in https://github.com/AFLplusplus/LibAFL/pull/351
• Bridge grammartec from Nautilus to libafl by @andreafioraldi in https://github.com/AFLplusplus/LibAFL/pull/342
• Fix MaxReducer docstring by @eknoes in https://github.com/AFLplusplus/LibAFL/pull/357
• remove unused const hashing mode by @domenukk in https://github.com/AFLplusplus/LibAFL/pull/358
• Fixed potential unsoundness due to Rc threading for ShMemProvider by @domenukk in https://github.com/AFLplusplus/LibAFL/pull/355
• Add minibsod by @s1341 in https://github.com/AFLplusplus/LibAFL/pull/362
• Cmplog instrumentation by @OmreeBenari in https://github.com/AFLplusplus/LibAFL/pull/363
• Launch every 100ms by @s1341 in https://github.com/AFLplusplus/LibAFL/pull/364
• Fix cfg directives for frida-asan by @s1341 in https://github.com/AFLplusplus/LibAFL/pull/365
• make dump_registers method public by @domenukk in https://github.com/AFLplusplus/LibAFL/pull/367
• frida-asan: Support different names for the libc++ shared object when hooking by @s1341 in https://github.com/AFLplusplus/LibAFL/pull/370
• Support suppression of hooked functions by @s1341 in https://github.com/AFLplusplus/LibAFL/pull/369
• Mutational Push Stage by @domenukk in https://github.com/AFLplusplus/LibAFL/pull/356
• implemented MapMaxPow2Feedback by @domenukk in https://github.com/AFLplusplus/LibAFL/pull/371
• Renamed Stats to Monitors by @domenukk in https://github.com/AFLplusplus/LibAFL/pull/373
• Fix staterestore by @tokatoka in https://github.com/AFLplusplus/LibAFL/pull/375
• Disk sync by @andreafioraldi in https://github.com/AFLplusplus/LibAFL/pull/377
• Reachability fuzzer fix by @tokatoka in https://github.com/AFLplusplus/LibAFL/pull/346
• Fix api by @tokatoka in https://github.com/AFLplusplus/LibAFL/pull/376
• Frida Refactor: Split FridaHelper into each Runtime by @tokatoka in https://github.com/AFLplusplus/LibAFL/pull/368
• AddressSanitizer for libafl_qemu by @andreafioraldi in https://github.com/AFLplusplus/LibAFL/pull/378
• Clippy fixes for main by @domenukk in https://github.com/AFLplusplus/LibAFL/pull/385
• libafl_qemu cpu_target cfg by @andreafioraldi in https://github.com/AFLplusplus/LibAFL/pull/383
• Delete "We're a client, let's fuzz :)" from lib by @tokatoka in https://github.com/AFLplusplus/LibAFL/pull/384
• Push stage trait by @domenukk in https://github.com/AFLplusplus/LibAFL/pull/380
• Frida Refactor: Frida executor by @tokatoka in https://github.com/AFLplusplus/LibAFL/pull/374
• Cmplog instrumentation by @OmreeBenari in https://github.com/AFLplusplus/LibAFL/pull/382
• InProcessHandlers by @andreafioraldi in https://github.com/AFLplusplus/LibAFL/pull/387
• Qemu fixes and syscalls for every supported arch by @andreafioraldi in https://github.com/AFLplusplus/LibAFL/pull/386
• Fix by @tokatoka in https://github.com/AFLplusplus/LibAFL/pull/388
• More LLVM passes from AFL++ by @andreafioraldi in https://github.com/AFLplusplus/LibAFL/pull/394
• dump_registers and write_crash for armv7 by @pr0me in https://github.com/AFLplusplus/LibAFL/pull/393
• make map debuggable by @domenukk in https://github.com/AFLplusplus/LibAFL/pull/396
• Ignored qemu fuzzer for non-linux by @domenukk in https://github.com/AFLplusplus/LibAFL/pull/397
• better forkserver example by @tokatoka in https://github.com/AFLplusplus/LibAFL/pull/399
• Frida_libpng document change by @tokatoka in https://github.com/AFLplusplus/LibAFL/pull/401
• forkserver docus by @tokatoka in https://github.com/AFLplusplus/LibAFL/pull/400
• Forkserver Example Fix by @tokatoka in https://github.com/AFLplusplus/LibAFL/pull/404
• add set_timeout fn to TimeoutExecutor by @pr0me in https://github.com/AFLplusplus/LibAFL/pull/408
• QEMU target arch selector via feature flag by @domenukk in https://github.com/AFLplusplus/LibAFL/pull/405
• Implement unstable edge detection+ignore in calibration stage by @vanhauser-thc in https://github.com/AFLplusplus/LibAFL/pull/398

New Contributors

• @bitwave made their first contribution in https://github.com/AFLplusplus/LibAFL/pull/281
• @pr0me made their first contribution in https://github.com/AFLplusplus/LibAFL/pull/297
• @intrigus-lgtm made their first contribution in https://github.com/AFLplusplus/LibAFL/pull/330
• @abgeana made their first contribution in https://github.com/AFLplusplus/LibAFL/pull/335
• @faroukfaiz10 made their first contribution in https://github.com/AFLplusplus/LibAFL/pull/339
• @jamcleod made their first contribution in https://github.com/AFLplusplus/LibAFL/pull/340
• @expend20 made their first contribution in https://github.com/AFLplusplus/LibAFL/pull/350
• @eknoes made their first contribution in https://github.com/AFLplusplus/LibAFL/pull/357

Full Changelog: https://github.com/AFLplusplus/LibAFL/compare/0.6.0...0.7.0

• libafl_qemu with CmpLog, syscalls hooks and more
• Refactor MOpt
• CachedOnDiskCorpus to have an in-memory cache while saving testcases on disk
• libafl_sugar with builder patterns to create common fuzzers
• Concolic Tracing (libafl_concolic @julihoh GSOC 2021)
• InProcessForkExecutor
• ForkserverExecutor shared mem testcase
• TimeoutExecutor for win32
• AFLFast power schedules (@tokatoka GSOC 2021)
• Fix shared memory on macOS

• LLVM passes support in libafl_cc
• Support to routines arguments in CmpLog
• We don't enforce serde on Observer anymore
• MOpt stage and mutator (@tokatoka GSOC 2021)
• Fix link issue when using the Libfuzzer layer and libafl_cc
• Fix some macOS build issues

• CmpLog instructions instrumentation for SanCov and Frida
• Naive Input-to-state mutator using the CmpLog metadata
• Generalize InProcessExecutor to a generic Input trait
• MultiStats stats display
• TimeoutForkserverExecutor
• Shadow Executor and Stage
• Single threaded restartable EventManager
• Configurations in EventManager
• Remove HasExecHooks
• Decouple broker from LlmpEventManager
• New fuzzers: Generic libfuzzer, Fuzzbench

• Refactor and introduce FeedbackState
• Launcher
• Introspection feature for performance measuring

• baby_fuzzer book chapter
• LLMP TCP multi-machine
• Conditional composition of Feedbacks
• Allow lifetime in Observers
• Reachability example and Feedback

First public release of LibAFL.