diff --git a/.github/workflows/build_and_test.yml b/.github/workflows/build_and_test.yml index 57fef89514..2c2f5ea585 100644 --- a/.github/workflows/build_and_test.yml +++ b/.github/workflows/build_and_test.yml @@ -52,11 +52,15 @@ jobs: - name: Run a normal build run: cargo build --verbose # cargo-hack tests/checks each crate in the workspace - - name: Run tests - run: cargo hack test --all-features + #- name: Run tests + # run: cargo hack test --all-features # cargo-hack's --feature-powerset would be nice here but libafl has a too many knobs - name: Check each feature - run: cargo hack check --each-feature + # Skipping python as it has to be built with the `maturin` tool + run: cargo hack check --feature-powerset --depth=2 --exclude-features=python,sancov_pcguard_edges,sancov_pcguard_edges_ptr --no-dev-deps + # pcguard edges and pcguard hitcounts are not compatible and we need to build them seperately + - name: Check pcguard edges + run: cargo check --features=sancov_pcguard_edges,sancov_pcguard_edges_ptr - name: Build examples run: cargo build --examples --verbose - uses: actions/checkout@v2 diff --git a/Dockerfile b/Dockerfile index 56d265319d..064ebc35f7 100644 --- a/Dockerfile +++ b/Dockerfile @@ -39,7 +39,6 @@ COPY libafl_frida/src/gettls.c libafl_frida/src/gettls.c COPY libafl_qemu/Cargo.toml libafl_qemu/build.rs libafl_qemu/ COPY scripts/dummy.rs libafl_qemu/src/lib.rs -COPY libafl_qemu/src/weaks.c libafl_qemu/src/weaks.c COPY libafl_sugar/Cargo.toml libafl_sugar/ COPY scripts/dummy.rs libafl_sugar/src/lib.rs diff --git a/fuzzers/baby_fuzzer/src/main.rs b/fuzzers/baby_fuzzer/src/main.rs index 8a70554920..3b9c8f70ba 100644 --- a/fuzzers/baby_fuzzer/src/main.rs +++ b/fuzzers/baby_fuzzer/src/main.rs @@ -39,15 +39,15 @@ pub fn main() { if buf.len() > 1 && buf[1] == b'b' { signals_set(2); if buf.len() > 2 && buf[2] == b'c' { + #[cfg(unix)] + panic!("=("); + + // panic!() raises a STATUS_STACK_BUFFER_OVERRUN exception which cannot be caught by the exception handler. + // Here we make it raise STATUS_ACCESS_VIOLATION instead. + // Extending the windows exception handler is a TODO. Maybe we can refer to what winafl code does. + // https://github.com/googleprojectzero/winafl/blob/ea5f6b85572980bb2cf636910f622f36906940aa/winafl.c#L728 + #[cfg(windows)] unsafe { - #[cfg(unix)] - panic!("=("); - - // panic!() raises a STATUS_STACK_BUFFER_OVERRUN exception which cannot be caught by the exception handler. - // Here we make it raise STATUS_ACCESS_VIOLATION instead. - // Extending the windows exception handler is a TODO. Maybe we can refer to what winafl code does. - // https://github.com/googleprojectzero/winafl/blob/ea5f6b85572980bb2cf636910f622f36906940aa/winafl.c#L728 - #[cfg(windows)] write_volatile(0 as *mut u32, 0); } } diff --git a/fuzzers/libfuzzer_reachability/src/lib.rs b/fuzzers/libfuzzer_reachability/src/lib.rs index a208bc541c..f0a0fb87b8 100644 --- a/fuzzers/libfuzzer_reachability/src/lib.rs +++ b/fuzzers/libfuzzer_reachability/src/lib.rs @@ -139,9 +139,9 @@ fn fuzz(corpus_dirs: &[PathBuf], objective_dir: PathBuf, broker_port: u16) -> Re &mut fuzzer, &mut executor, &mut restarting_mgr, - &corpus_dirs, + corpus_dirs, ) - .unwrap_or_else(|_| panic!("Failed to load initial corpus at {:?}", &corpus_dirs)); + .unwrap_or_else(|_| panic!("Failed to load initial corpus at {:?}", corpus_dirs)); println!("We imported {} inputs from disk.", state.corpus().count()); } diff --git a/fuzzers/libfuzzer_stb_image/src/main.rs b/fuzzers/libfuzzer_stb_image/src/main.rs index 05453fd7b5..6281478856 100644 --- a/fuzzers/libfuzzer_stb_image/src/main.rs +++ b/fuzzers/libfuzzer_stb_image/src/main.rs @@ -149,9 +149,9 @@ fn fuzz(corpus_dirs: &[PathBuf], objective_dir: PathBuf, broker_port: u16) -> Re &mut fuzzer, &mut executor, &mut restarting_mgr, - &corpus_dirs, + corpus_dirs, ) - .unwrap_or_else(|_| panic!("Failed to load initial corpus at {:?}", &corpus_dirs)); + .unwrap_or_else(|_| panic!("Failed to load initial corpus at {:?}", corpus_dirs)); println!("We imported {} inputs from disk.", state.corpus().count()); } diff --git a/libafl/src/bolts/llmp.rs b/libafl/src/bolts/llmp.rs index c91ca8b915..f52a049cef 100644 --- a/libafl/src/bolts/llmp.rs +++ b/libafl/src/bolts/llmp.rs @@ -1675,11 +1675,6 @@ where /// This allows us to intercept messages right in the broker /// This keeps the out map clean. pub llmp_clients: Vec>, - /// This is the socket name, when unix domain sockets are used. - socket_name: Option, - /// This flag is used to indicate that shutdown has been requested by the SIGINT and SIGTERM - /// handlers - shutting_down: bool, /// The ShMemProvider to use shmem_provider: SP, } @@ -1726,8 +1721,6 @@ where shmem_provider: shmem_provider.clone(), }, llmp_clients: vec![], - socket_name: None, - shutting_down: false, shmem_provider, }) } @@ -2350,7 +2343,6 @@ pub struct LlmpClient where SP: ShMemProvider, { - shmem_provider: SP, /// Outgoing channel to the broker pub sender: LlmpSender, /// Incoming (broker) broadcast map @@ -2381,11 +2373,10 @@ where last_msg_recvd_offset, )?, sender: LlmpSender::on_existing_map( - shmem_provider.clone(), + shmem_provider, current_broker_map, last_msg_recvd_offset, )?, - shmem_provider, }) } @@ -2398,10 +2389,9 @@ where &format!("{}_SENDER", env_name), )?, receiver: LlmpReceiver::on_existing_from_env( - shmem_provider.clone(), + shmem_provider, &format!("{}_RECEIVER", env_name), )?, - shmem_provider, }) } @@ -2432,10 +2422,9 @@ where &description.sender, )?, receiver: LlmpReceiver::on_existing_from_description( - shmem_provider.clone(), + shmem_provider, &description.receiver, )?, - shmem_provider, }) } @@ -2484,7 +2473,6 @@ where last_msg_recvd: ptr::null_mut(), shmem_provider: shmem_provider.clone(), }, - shmem_provider, }) } diff --git a/libafl/src/stages/concolic.rs b/libafl/src/stages/concolic.rs index 71f7b9df2f..677acbf9b9 100644 --- a/libafl/src/stages/concolic.rs +++ b/libafl/src/stages/concolic.rs @@ -88,7 +88,7 @@ use crate::{ start_timer, Evaluator, }; -#[cfg(feature = "concolic_mutation")] +#[cfg(all(feature = "concolic_mutation", feature = "introspection"))] use crate::stats::PerfFeature; #[cfg(feature = "concolic_mutation")] diff --git a/libafl/src/stats/mod.rs b/libafl/src/stats/mod.rs index 8970375c72..67be8b7b99 100644 --- a/libafl/src/stats/mod.rs +++ b/libafl/src/stats/mod.rs @@ -247,7 +247,6 @@ where { print_fn: F, start_time: Duration, - corpus_size: usize, client_stats: Vec, } @@ -308,7 +307,6 @@ where Self { print_fn, start_time: current_time(), - corpus_size: 0, client_stats: vec![], } } @@ -318,7 +316,6 @@ where Self { print_fn, start_time, - corpus_size: 0, client_stats: vec![], } } diff --git a/libafl/src/stats/multi.rs b/libafl/src/stats/multi.rs index 41ba0639c0..615b5d47f2 100644 --- a/libafl/src/stats/multi.rs +++ b/libafl/src/stats/multi.rs @@ -19,7 +19,6 @@ where { print_fn: F, start_time: Duration, - corpus_size: usize, client_stats: Vec, } @@ -99,7 +98,6 @@ where Self { print_fn, start_time: current_time(), - corpus_size: 0, client_stats: vec![], } } @@ -109,7 +107,6 @@ where Self { print_fn, start_time, - corpus_size: 0, client_stats: vec![], } } diff --git a/libafl_qemu/src/emu.rs b/libafl_qemu/src/emu.rs index 39b4d360b4..46557cfdc0 100644 --- a/libafl_qemu/src/emu.rs +++ b/libafl_qemu/src/emu.rs @@ -144,7 +144,10 @@ pub fn init(args: &[String], env: &[(String, String)]) -> i32 { let args: Vec = args.iter().map(|x| x.clone() + "\0").collect(); let argv: Vec<*const u8> = args.iter().map(|x| x.as_bytes().as_ptr()).collect(); assert!(argv.len() < i32::MAX as usize); - let env_strs: Vec = env.iter().map(|(k, v)| format!("{}={}\0", &k, &v)).collect(); + let env_strs: Vec = env + .iter() + .map(|(k, v)| format!("{}={}\0", &k, &v)) + .collect(); let mut envp: Vec<*const u8> = env_strs.iter().map(|x| x.as_bytes().as_ptr()).collect(); envp.push(null()); #[allow(clippy::cast_possible_wrap)] diff --git a/libafl_qemu/src/lib.rs b/libafl_qemu/src/lib.rs index 9fbeb8e554..a877ed56fa 100644 --- a/libafl_qemu/src/lib.rs +++ b/libafl_qemu/src/lib.rs @@ -45,13 +45,15 @@ pub fn python_module(_py: Python, m: &PyModule) -> PyResult<()> { use pyo3::exceptions::PyValueError; #[pyfn(m)] + #[allow(clippy::needless_pass_by_value)] fn init(args: Vec, env: Vec<(String, String)>) -> i32 { emu::init(&args, &env) } #[pyfn(m)] + #[allow(clippy::needless_pass_by_value)] fn write_mem(addr: u64, buf: &[u8]) { - emu::write_mem(addr, buf) + emu::write_mem(addr, buf); } #[pyfn(m)] fn read_mem(addr: u64, size: usize) -> Vec { @@ -65,27 +67,27 @@ pub fn python_module(_py: Python, m: &PyModule) -> PyResult<()> { } #[pyfn(m)] fn write_reg(reg: i32, val: u64) -> PyResult<()> { - emu::write_reg(reg, val).map_err(|e| PyValueError::new_err(e)) + emu::write_reg(reg, val).map_err(PyValueError::new_err) } #[pyfn(m)] fn read_reg(reg: i32) -> PyResult { - emu::read_reg(reg).map_err(|e| PyValueError::new_err(e)) + emu::read_reg(reg).map_err(PyValueError::new_err) } #[pyfn(m)] fn set_breakpoint(addr: u64) { - emu::set_breakpoint(addr) + emu::set_breakpoint(addr); } #[pyfn(m)] fn remove_breakpoint(addr: u64) { - emu::remove_breakpoint(addr) + emu::remove_breakpoint(addr); } #[pyfn(m)] fn run() { - emu::run() + emu::run(); } #[pyfn(m)] fn g2h(addr: u64) -> u64 { - unsafe { transmute(emu::g2h::<*const u8>(addr)) } + unsafe { emu::g2h::<*const u8>(addr) as u64 } } #[pyfn(m)] fn h2g(addr: u64) -> u64 { diff --git a/libafl_targets/src/sancov_pcguard.rs b/libafl_targets/src/sancov_pcguard.rs index 1a81f27176..39ad1e6313 100644 --- a/libafl_targets/src/sancov_pcguard.rs +++ b/libafl_targets/src/sancov_pcguard.rs @@ -13,13 +13,13 @@ use crate::coverage::{EDGES_MAP, MAX_EDGES_NUM}; ))] #[cfg(not(any(doc, feature = "clippy")))] compile_error!( - "the libafl_targets `pcguard_edges_ptr` and `pcguard_hitcounts_ptr` features are mutually exclusive." + "the libafl_targets `sancov_pcguard_edges_ptr` and `sancov_pcguard_hitcounts_ptr` features are mutually exclusive." ); #[cfg(all(feature = "sancov_pcguard_edges", feature = "sancov_pcguard_hitcounts"))] #[cfg(not(any(doc, feature = "clippy")))] compile_error!( - "the libafl_targets `pcguard_edges` and `pcguard_hitcounts` features are mutually exclusive." + "the libafl_targets `sancov_pcguard_edges` and `sancov_pcguard_hitcounts` features are mutually exclusive." ); /// Callback for sancov `pc_guard` - usually called by `llvm` on each block or edge.