document and update libafl_libfuzzer

AFLplusplus · Sep 27, 2023 · 01245c5 · 01245c5
1 parent a89b4bc
commit 01245c5
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 17 deletions.
diff --git a/libafl/src/mutators/string.rs b/libafl/src/mutators/string.rs
@@ -13,9 +13,10 @@ use crate::{
         mutational::{MutatedTransform, MutatedTransformPost},
         StringIdentificationMetadata,
     },
-    state::{HasCorpus, HasMaxSize, HasMetadata, HasRand, UsesState},
+    state::{HasCorpus, HasMaxSize, HasMetadata, HasRand},
 };
 
+/// Input which contains the context necessary to perform unicode mutations
 pub type UnicodeInput = (BytesInput, StringIdentificationMetadata);
 
 impl<S> MutatedTransform<BytesInput, S> for UnicodeInput

diff --git a/libafl/src/stages/string.rs b/libafl/src/stages/string.rs
@@ -1,3 +1,5 @@
+//! Stages which analysis common to Unicode-style mutations
+
 use alloc::{rc::Rc, vec::Vec};
 use core::marker::PhantomData;
 use std::collections::VecDeque;
@@ -13,6 +15,7 @@ use crate::{
     state::{HasCorpus, HasMetadata, UsesState},
 };
 
+/// Metadata which stores the list of pre-computed string-like ranges in the input
 #[derive(Debug, Default, Serialize, Deserialize, Clone)]
 pub struct StringIdentificationMetadata {
     ranges: Rc<Vec<(usize, BitVec)>>,
@@ -21,6 +24,7 @@ pub struct StringIdentificationMetadata {
 impl_serdeany!(StringIdentificationMetadata);
 
 impl StringIdentificationMetadata {
+    /// The list of pre-computed string-like ranges in the input
     pub fn ranges(&self) -> &Vec<(usize, BitVec)> {
         self.ranges.as_ref()
     }
@@ -64,12 +68,14 @@ pub(crate) fn extract_metadata(bytes: &[u8]) -> StringIdentificationMetadata {
     }
 }
 
+/// Stage which identifies potential strings in the provided input
 #[derive(Debug)]
 pub struct StringIdentificationStage<S> {
     phantom: PhantomData<S>,
 }
 
 impl<S> StringIdentificationStage<S> {
+    /// Create a new instance of the string identification stage
     pub fn new() -> Self {
         Self {
             phantom: PhantomData,

diff --git a/libafl_libfuzzer/libafl_libfuzzer_runtime/src/lib.rs b/libafl_libfuzzer/libafl_libfuzzer_runtime/src/lib.rs
@@ -161,16 +161,16 @@ macro_rules! fuzz_with {
             mutators::{
                 GrimoireExtensionMutator, GrimoireRecursiveReplacementMutator, GrimoireRandomDeleteMutator,
                 GrimoireStringReplacementMutator, havoc_crossover, havoc_mutations, havoc_mutations_no_crossover,
-                I2SRandReplace, StdScheduledMutator, StringCategoryPreservingMutator, StringSubcategoryPreservingMutator,
-                StringCategoryReplaceMutator, StringSubcategoryReplaceMutator, Tokens, tokens_mutations
+                I2SRandReplace, StdScheduledMutator, StringCategoryRandMutator, StringSubcategoryRandMutator,
+                StringCategoryTokenReplaceMutator, StringSubcategoryTokenReplaceMutator, Tokens, tokens_mutations
             },
             observers::{stacktrace::BacktraceObserver, TimeObserver},
             schedulers::{
                 IndexesLenTimeMinimizerScheduler, powersched::PowerSchedule, PowerQueueScheduler,
             },
             stages::{
                 CalibrationStage, GeneralizationStage, IfStage, StdMutationalStage,
-                StdPowerMutationalStage, TracingStage,
+                StdPowerMutationalStage, StringIdentificationStage, TracingStage,
             },
             state::{HasCorpus, StdState},
             StdFuzzer,
@@ -301,25 +301,27 @@ macro_rules! fuzz_with {
             let unicode_used = $options.unicode();
             let string_mutator = StdScheduledMutator::new(
                 tuple_list!(
-                    StringCategoryPreservingMutator,
-                    StringSubcategoryPreservingMutator,
-                    StringSubcategoryPreservingMutator,
-                    StringSubcategoryPreservingMutator,
-                    StringSubcategoryPreservingMutator,
+                    StringCategoryRandMutator,
+                    StringSubcategoryRandMutator,
+                    StringSubcategoryRandMutator,
+                    StringSubcategoryRandMutator,
+                    StringSubcategoryRandMutator,
                 )
             );
             let string_replace_mutator = StdScheduledMutator::new(
                 tuple_list!(
-                    StringCategoryReplaceMutator,
-                    StringSubcategoryReplaceMutator,
-                    StringSubcategoryReplaceMutator,
-                    StringSubcategoryReplaceMutator,
-                    StringSubcategoryReplaceMutator,
+                    StringCategoryTokenReplaceMutator,
+                    StringSubcategoryTokenReplaceMutator,
+                    StringSubcategoryTokenReplaceMutator,
+                    StringSubcategoryTokenReplaceMutator,
+                    StringSubcategoryTokenReplaceMutator,
                 )
             );
-            let string_power = StdMutationalStage::new(string_mutator);
-            let string_replace_power = StdMutationalStage::new(string_replace_mutator);
-            let string_analysis = IfStage::new(|_, _, _, _, _| Ok((unicode_used && mutator_status.std_mutational).into()), tuple_list!(string_power, string_replace_power));
+            let string_power = StdMutationalStage::transforming(string_mutator);
+            let string_replace_power = StdMutationalStage::transforming(string_replace_mutator);
+
+            let string_analysis = StringIdentificationStage::new();
+            let string_analysis = IfStage::new(|_, _, _, _, _| Ok((unicode_used && mutator_status.std_mutational).into()), tuple_list!(string_analysis, string_power, string_replace_power));
 
             // Attempt to use tokens from libfuzzer dicts
             if !state.has_metadata::<Tokens>() {