Small refactoring of libafl_qemu structure (#2098)

* Architecture-specific stuff is now in the `arch` directory

* Helpers are now in the `helpers` directory

* `emu.rs` has been moved as `emu/mod.rs` for consistency with the rest of the repository

fuzzers/qemu_launcher/src/instance.rs

@@ -40,7 +40,7 @@ use libafl_bolts::{
 use libafl_qemu::{
     cmplog::CmpLogObserver,
     edges::{edges_map_mut_slice, MAX_EDGES_NUM},
-    helper::QemuHelperTuple,
+    helpers::QemuHelperTuple,
     Qemu, QemuExecutor, QemuHooks,
 };
 use typed_builder::TypedBuilder;

libafl/src/executors/inprocess/mod.rs

@@ -134,7 +134,7 @@ where
         }
         self.inner.hooks.pre_exec_all(state, input);
 
-        let ret = (self.harness_fn.borrow_mut())(input);
+        let ret = self.harness_fn.borrow_mut()(input);
 
         self.inner.hooks.post_exec_all(state, input);
         self.inner.leave_target(fuzzer, state, mgr, input);

libafl_qemu/libafl_qemu_sys/src/lib.rs

@@ -17,6 +17,8 @@ __Warning__: The documentation is built by default for `x86_64` in `usermode`. T
 mod bindings {
     include!(concat!(env!("OUT_DIR"), "/bindings.rs"));
 }
+#[cfg(all(not(feature = "clippy"), target_os = "linux"))]
+pub use bindings::*;
 
 #[cfg(any(feature = "clippy", not(target_os = "linux")))]
 mod x86_64_stub_bindings;
@@ -100,8 +102,6 @@ macro_rules! extern_c_checked {
 use core::ops::BitAnd;
 use std::ffi::c_void;
 
-#[cfg(all(not(feature = "clippy"), target_os = "linux"))]
-pub use bindings::*;
 #[cfg(feature = "python")]
 use pyo3::{pyclass, pymethods, IntoPy, PyObject, Python};
 #[cfg(any(feature = "clippy", not(target_os = "linux")))]

libafl_qemu/src/aarch64.rs → libafl_qemu/src/arch/aarch64.rs

@@ -8,7 +8,7 @@ use pyo3::prelude::*;
 pub use strum_macros::EnumIter;
 pub use syscall_numbers::aarch64::*;
 
-use crate::{sync_backdoor::BackdoorArgs, CallingConvention};
+use crate::{sync_exit::BackdoorArgs, CallingConvention};
 
 #[derive(IntoPrimitive, TryFromPrimitive, Debug, Clone, Copy, EnumIter)]
 #[repr(i32)]

libafl_qemu/src/arm.rs → libafl_qemu/src/arch/arm.rs

@@ -8,7 +8,7 @@ use pyo3::prelude::*;
 pub use strum_macros::EnumIter;
 pub use syscall_numbers::arm::*;
 
-use crate::{sync_backdoor::BackdoorArgs, CallingConvention};
+use crate::{sync_exit::BackdoorArgs, CallingConvention};
 
 /// Registers for the ARM instruction set.
 #[derive(IntoPrimitive, TryFromPrimitive, Debug, Clone, Copy, EnumIter)]

libafl_qemu/src/hexagon.rs → libafl_qemu/src/arch/hexagon.rs

@@ -6,7 +6,7 @@ use num_enum::{IntoPrimitive, TryFromPrimitive};
 use pyo3::prelude::*;
 pub use strum_macros::EnumIter;
 
-use crate::{sync_backdoor::BackdoorArgs, CallingConvention};
+use crate::{sync_exit::BackdoorArgs, CallingConvention};
 
 #[derive(IntoPrimitive, TryFromPrimitive, Debug, Clone, Copy, EnumIter)]
 #[repr(i32)]

libafl_qemu/src/i386.rs → libafl_qemu/src/arch/i386.rs

@@ -8,7 +8,7 @@ use pyo3::prelude::*;
 pub use strum_macros::EnumIter;
 pub use syscall_numbers::x86::*;
 
-use crate::{sync_backdoor::BackdoorArgs, CallingConvention, GuestAddr};
+use crate::{sync_exit::BackdoorArgs, CallingConvention, GuestAddr};
 
 #[derive(IntoPrimitive, TryFromPrimitive, Debug, Clone, Copy, EnumIter)]
 #[repr(i32)]

libafl_qemu/src/mips.rs → libafl_qemu/src/arch/mips.rs

@@ -7,7 +7,7 @@ use pyo3::prelude::*;
 pub use strum_macros::EnumIter;
 pub use syscall_numbers::mips::*;
 
-use crate::{sync_backdoor::BackdoorArgs, CallingConvention};
+use crate::{sync_exit::BackdoorArgs, CallingConvention};
 
 /// Registers for the MIPS instruction set.
 #[derive(IntoPrimitive, TryFromPrimitive, Debug, Clone, Copy, EnumIter)]

libafl_qemu/src/arch/mod.rs

@@ -0,0 +1,34 @@
+#[cfg(cpu_target = "aarch64")]
+pub mod aarch64;
+#[cfg(all(cpu_target = "aarch64", not(feature = "clippy")))]
+pub use aarch64::*;
+
+#[cfg(cpu_target = "arm")]
+pub mod arm;
+#[cfg(all(cpu_target = "arm", not(feature = "clippy")))]
+pub use arm::*;
+
+#[cfg(cpu_target = "i386")]
+pub mod i386;
+#[cfg(all(cpu_target = "i386", not(feature = "clippy")))]
+pub use i386::*;
+
+#[cfg(cpu_target = "x86_64")]
+pub mod x86_64;
+#[cfg(cpu_target = "x86_64")]
+pub use x86_64::*;
+
+#[cfg(cpu_target = "mips")]
+pub mod mips;
+#[cfg(cpu_target = "mips")]
+pub use mips::*;
+
+#[cfg(cpu_target = "ppc")]
+pub mod ppc;
+#[cfg(cpu_target = "ppc")]
+pub use ppc::*;
+
+#[cfg(cpu_target = "hexagon")]
+pub mod hexagon;
+#[cfg(cpu_target = "hexagon")]
+pub use hexagon::*;

libafl_qemu/src/ppc.rs → libafl_qemu/src/arch/ppc.rs

@@ -7,7 +7,7 @@ use pyo3::prelude::*;
 pub use strum_macros::EnumIter;
 pub use syscall_numbers::powerpc::*;
 
-use crate::{sync_backdoor::BackdoorArgs, CallingConvention};
+use crate::{sync_exit::BackdoorArgs, CallingConvention};
 
 /// Registers for the MIPS instruction set.
 #[derive(IntoPrimitive, TryFromPrimitive, Debug, Clone, Copy, EnumIter)]

libafl_qemu/src/x86_64.rs → libafl_qemu/src/arch/x86_64.rs

@@ -8,7 +8,7 @@ use pyo3::prelude::*;
 pub use strum_macros::EnumIter;
 pub use syscall_numbers::x86_64::*;
 
-use crate::{sync_backdoor::BackdoorArgs, CallingConvention};
+use crate::{sync_exit::BackdoorArgs, CallingConvention};
 
 #[derive(IntoPrimitive, TryFromPrimitive, Debug, Clone, Copy, EnumIter)]
 #[repr(i32)]

libafl_qemu/src/command.rs

@@ -15,7 +15,7 @@ use num_enum::TryFromPrimitive;
 #[cfg(emulation_mode = "systemmode")]
 use crate::QemuInstrumentationPagingFilter;
 use crate::{
-    executor::QemuExecutorState, sync_backdoor::SyncBackdoorError, EmuExitHandler, Emulator,
+    executor::QemuExecutorState, sync_exit::SyncBackdoorError, EmuExitHandler, Emulator,
     GuestAddrKind, GuestReg, HandlerError, HasInstrumentationFilter, InnerHandlerResult, IsFilter,
     IsSnapshotManager, Qemu, QemuHelperTuple, QemuInstrumentationAddressRangeFilter, Regs,
     StdEmuExitHandler, StdInstrumentationFilter, CPU,

libafl_qemu/src/emu.rs → libafl_qemu/src/emu/mod.rs

@@ -360,7 +360,7 @@ pub const SKIP_EXEC_HOOK: u64 = u64::MAX;
 
 pub use libafl_qemu_sys::{CPUArchState, CPUState};
 
-use crate::sync_backdoor::{SyncBackdoor, SyncBackdoorError};
+use crate::sync_exit::{SyncBackdoor, SyncBackdoorError};
 
 // syshook_ret
 #[repr(C)]

libafl_qemu/src/emu/usermode.rs

@@ -13,7 +13,7 @@ use pyo3::prelude::*;
 
 use crate::{
     emu::{HasExecutions, State},
-    sync_backdoor::SyncBackdoorError,
+    sync_exit::SyncBackdoorError,
     EmuExitHandler, Emulator, HookData, NewThreadHookId, PostSyscallHookId, PreSyscallHookId, Qemu,
     QemuExitReason, QemuExitReasonError, QemuHelperTuple, SyscallHookResult, CPU,
 };

libafl_qemu/src/executor/mod.rs

@@ -26,7 +26,7 @@ use libafl_bolts::os::unix_signals::{siginfo_t, ucontext_t, Signal};
 #[cfg(feature = "fork")]
 use libafl_bolts::shmem::ShMemProvider;
 
-use crate::{helper::QemuHelperTuple, hooks::QemuHooks, Qemu};
+use crate::{helpers::QemuHelperTuple, hooks::QemuHooks, Qemu};
 
 /// A version of `QemuExecutor` with a state accessible from the harness.
 pub mod stateful;

libafl_qemu/src/executor/stateful.rs

@@ -22,7 +22,7 @@ use libafl::{
 use crate::executor::inproc_qemu_crash_handler;
 #[cfg(emulation_mode = "systemmode")]
 use crate::executor::{inproc_qemu_timeout_handler, BREAK_ON_TMOUT};
-use crate::{executor::QemuExecutorState, helper::QemuHelperTuple, hooks::QemuHooks, Qemu};
+use crate::{executor::QemuExecutorState, helpers::QemuHelperTuple, hooks::QemuHooks, Qemu};
 
 pub struct StatefulQemuExecutor<'a, H, OT, QT, S>
 where

libafl_qemu/src/asan.rs → libafl_qemu/src/helpers/asan.rs

@@ -17,11 +17,10 @@ use num_enum::{IntoPrimitive, TryFromPrimitive};
 use rangemap::RangeMap;
 
 use crate::{
-    calls::FullBacktraceCollector,
     emu::{EmuError, MemAccessInfo, SyscallHookResult},
-    helper::{
-        HasInstrumentationFilter, IsFilter, QemuHelper, QemuHelperTuple,
-        QemuInstrumentationAddressRangeFilter,
+    helpers::{
+        calls::FullBacktraceCollector, HasInstrumentationFilter, IsFilter, QemuHelper,
+        QemuHelperTuple, QemuInstrumentationAddressRangeFilter,
     },
     hooks::{Hook, QemuHooks},
     snapshot::QemuSnapshotHelper,

libafl_qemu/src/asan_guest.rs → libafl_qemu/src/helpers/asan_guest.rs

@@ -13,7 +13,7 @@ use libafl::{inputs::UsesInput, HasMetadata};
 use crate::sys::libafl_tcg_gen_asan;
 use crate::{
     emu::{EmuError, MemAccessInfo, Qemu},
-    helper::{
+    helpers::{
         HasInstrumentationFilter, IsFilter, QemuHelper, QemuHelperTuple,
         QemuInstrumentationAddressRangeFilter,
     },

libafl_qemu/src/calls.rs → libafl_qemu/src/helpers/calls.rs

@@ -13,7 +13,7 @@ use thread_local::ThreadLocal;
 use crate::{
     capstone,
     emu::ArchExtras,
-    helper::{
+    helpers::{
         HasInstrumentationFilter, IsFilter, QemuHelper, QemuHelperTuple,
         QemuInstrumentationAddressRangeFilter,
     },

libafl_qemu/src/cmplog.rs → libafl_qemu/src/helpers/cmplog.rs

@@ -14,7 +14,7 @@ use serde::{Deserialize, Serialize};
 #[cfg(emulation_mode = "usermode")]
 use crate::{capstone, emu::ArchExtras, CallingConvention, Qemu};
 use crate::{
-    helper::{
+    helpers::{
         hash_me, HasInstrumentationFilter, IsFilter, QemuHelper, QemuHelperTuple,
         QemuInstrumentationAddressRangeFilter,
     },

libafl_qemu/src/drcov.rs → libafl_qemu/src/helpers/drcov.rs

@@ -8,7 +8,7 @@ use rangemap::RangeMap;
 use serde::{Deserialize, Serialize};
 
 use crate::{
-    helper::{
+    helpers::{
         HasInstrumentationFilter, IsFilter, QemuHelper, QemuHelperTuple,
         QemuInstrumentationAddressRangeFilter,
     },

libafl_qemu/src/edges.rs → libafl_qemu/src/helpers/edges.rs

@@ -12,9 +12,9 @@ pub use libafl_targets::{
 use serde::{Deserialize, Serialize};
 
 #[cfg(emulation_mode = "systemmode")]
-use crate::helper::QemuInstrumentationPagingFilter;
+use crate::helpers::QemuInstrumentationPagingFilter;
 use crate::{
-    helper::{
+    helpers::{
         hash_me, HasInstrumentationFilter, QemuHelper, QemuHelperTuple,
         QemuInstrumentationAddressRangeFilter,
     },

libafl_qemu/src/helper.rs → libafl_qemu/src/helpers/mod.rs

@@ -7,6 +7,44 @@ use libafl_qemu_sys::{GuestAddr, GuestPhysAddr};
 
 use crate::{hooks::QemuHooks, Qemu};
 
+pub mod edges;
+pub use edges::QemuEdgeCoverageHelper;
+
+#[cfg(not(cpu_target = "hexagon"))]
+pub mod calls;
+#[cfg(not(cpu_target = "hexagon"))]
+pub use calls::QemuCallTracerHelper;
+
+#[cfg(not(cpu_target = "hexagon"))]
+pub mod drcov;
+#[cfg(not(cpu_target = "hexagon"))]
+pub use drcov::QemuDrCovHelper;
+
+#[cfg(not(any(cpu_target = "mips", cpu_target = "hexagon")))]
+pub mod cmplog;
+#[cfg(not(any(cpu_target = "mips", cpu_target = "hexagon")))]
+pub use cmplog::QemuCmpLogHelper;
+
+#[cfg(all(emulation_mode = "usermode", feature = "injections"))]
+pub mod injections;
+#[cfg(all(emulation_mode = "usermode", feature = "injections"))]
+pub use injections::QemuInjectionHelper;
+
+#[cfg(all(emulation_mode = "usermode", not(cpu_target = "hexagon")))]
+pub mod snapshot;
+#[cfg(all(emulation_mode = "usermode", not(cpu_target = "hexagon")))]
+pub use snapshot::QemuSnapshotHelper;
+
+#[cfg(all(emulation_mode = "usermode", not(cpu_target = "hexagon")))]
+pub mod asan;
+#[cfg(all(emulation_mode = "usermode", not(cpu_target = "hexagon")))]
+pub use asan::{init_qemu_with_asan, QemuAsanHelper};
+
+#[cfg(all(emulation_mode = "usermode", not(cpu_target = "hexagon")))]
+pub mod asan_guest;
+#[cfg(all(emulation_mode = "usermode", not(cpu_target = "hexagon")))]
+pub use asan_guest::{init_qemu_with_asan_guest, QemuAsanGuestHelper};
+
 /// A helper for `libafl_qemu`.
 // TODO remove 'static when specialization will be stable
 pub trait QemuHelper<S>: 'static + Debug

libafl_qemu/src/snapshot.rs → libafl_qemu/src/helpers/snapshot.rs

@@ -25,7 +25,7 @@ use crate::SYS_newfstatat;
 use crate::{
     asan::QemuAsanHelper,
     emu::SyscallHookResult,
-    helper::{QemuHelper, QemuHelperTuple},
+    helpers::{QemuHelper, QemuHelperTuple},
     hooks::{Hook, QemuHooks},
     Qemu, SYS_fstat, SYS_fstatfs, SYS_futex, SYS_getrandom, SYS_mprotect, SYS_mremap, SYS_munmap,
     SYS_pread64, SYS_read, SYS_readlinkat, SYS_statfs,

libafl_qemu/src/hooks.rs

@@ -22,7 +22,7 @@ use libafl_qemu_sys::{CPUArchStatePtr, FatPtr, GuestAddr, GuestUsize};
 pub use crate::emu::SyscallHookResult;
 use crate::{
     emu::{MemAccessInfo, Qemu, SKIP_EXEC_HOOK},
-    helper::QemuHelperTuple,
+    helpers::QemuHelperTuple,
     sys::TCGTemp,
     BackdoorHookId, BlockHookId, CmpHookId, EdgeHookId, HookId, InstructionHookId, ReadHookId,
     WriteHookId,