Composing feedback (#85)

* composing feedbacks as logic operations and bump to 0.2

* adapt fuzzers and libafl_frida

* fix windows build

Author: andreafioraldi

fuzzers/baby_fuzzer/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "baby_fuzzer"
-version = "0.1.0"
+version = "0.2.0"
 authors = ["Andrea Fioraldi <[email protected]>", "Dominik Maier <[email protected]>"]
 edition = "2018"
 

fuzzers/baby_fuzzer/src/main.rs

@@ -56,13 +56,13 @@ pub fn main() {
         StdRand::with_seed(current_nanos()),
         // Corpus that will be evolved, we keep it in memory for performance
         InMemoryCorpus::new(),
-        // Feedbacks to rate the interestingness of an input
-        tuple_list!(MaxMapFeedback::new_with_observer(&observer)),
+        // Feedback to rate the interestingness of an input
+        MaxMapFeedback::new_with_observer(&observer),
         // Corpus in which we store solutions (crashes in this example),
         // on disk so the user can get them after stopping the fuzzer
         OnDiskCorpus::new(PathBuf::from("./crashes")).unwrap(),
         // Feedbacks to recognize an input as solution
-        tuple_list!(CrashFeedback::new()),
+        CrashFeedback::new(),
     );
 
     // Setup a basic mutator with a mutational stage

fuzzers/frida_libpng/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "frida_libpng"
-version = "0.1.0"
+version = "0.2.0"
 authors = ["Andrea Fioraldi <[email protected]>", "Dominik Maier <[email protected]>"]
 edition = "2018"
 build = "build.rs"
@@ -25,7 +25,7 @@ libafl = { path = "../../libafl/", features = [ "std", "llmp_compression" ] } #,
 capstone = "0.8.0"
 frida-gum = { version = "0.4", git = "https://github.com/s1341/frida-rust", features = [ "auto-download", "event-sink", "invocation-listener"] }
 #frida-gum = { version = "0.4", path = "../../../frida-rust/frida-gum", features = [ "auto-download", "event-sink", "invocation-listener"] }
-libafl_frida = { path = "../../libafl_frida", version = "0.1.0" }
+libafl_frida = { path = "../../libafl_frida", version = "0.2.0" }
 lazy_static = "1.4.0"
 libc = "0.2"
 libloading = "0.7.0"

fuzzers/frida_libpng/src/fuzzer.rs

@@ -12,6 +12,7 @@ use libafl::{
         inprocess::InProcessExecutor, timeout::TimeoutExecutor, Executor, ExitKind, HasExecHooks,
         HasExecHooksTuple, HasObservers, HasObserversHooks,
     },
+    feedback_or,
     feedbacks::{CrashFeedback, MaxMapFeedback, TimeoutFeedback},
     fuzzer::{Fuzzer, StdFuzzer},
     inputs::{HasTargetBytes, Input},
@@ -276,17 +277,13 @@ unsafe fn fuzz(
             // Corpus that will be evolved, we keep it in memory for performance
             InMemoryCorpus::new(),
             // Feedbacks to rate the interestingness of an input
-            tuple_list!(MaxMapFeedback::new_with_observer_track(
-                &edges_observer,
-                true,
-                false
-            )),
+            MaxMapFeedback::new_with_observer_track(&edges_observer, true, false),
             // Corpus in which we store solutions (crashes in this example),
             // on disk so the user can get them after stopping the fuzzer
             OnDiskCorpus::new_save_meta(objective_dir, Some(OnDiskMetadataFormat::JsonPretty))
                 .unwrap(),
             // Feedbacks to recognize an input as solution
-            tuple_list!(
+            feedback_or!(
                 CrashFeedback::new(),
                 TimeoutFeedback::new(),
                 AsanErrorsFeedback::new()

fuzzers/libfuzzer_libmozjpeg/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "libfuzzer_libmozjpeg"
-version = "0.1.0"
+version = "0.2.0"
 authors = ["Andrea Fioraldi <[email protected]>", "Dominik Maier <[email protected]>"]
 edition = "2018"
 

fuzzers/libfuzzer_libmozjpeg/src/lib.rs

@@ -8,6 +8,7 @@ use libafl::{
     corpus::{Corpus, InMemoryCorpus, OnDiskCorpus, RandCorpusScheduler},
     events::setup_restarting_mgr_std,
     executors::{inprocess::InProcessExecutor, ExitKind},
+    feedback_or,
     feedbacks::{CrashFeedback, MaxMapFeedback},
     fuzzer::{Fuzzer, StdFuzzer},
     mutators::scheduled::{havoc_mutations, StdScheduledMutator},
@@ -76,7 +77,7 @@ fn fuzz(corpus_dirs: Vec<PathBuf>, objective_dir: PathBuf, broker_port: u16) ->
             // Corpus that will be evolved, we keep it in memory for performance
             InMemoryCorpus::new(),
             // Feedbacks to rate the interestingness of an input
-            tuple_list!(
+            feedback_or!(
                 MaxMapFeedback::new_with_observer(&edges_observer),
                 MaxMapFeedback::new_with_observer(&cmps_observer),
                 MaxMapFeedback::new_with_observer(&allocs_observer)
@@ -85,7 +86,7 @@ fn fuzz(corpus_dirs: Vec<PathBuf>, objective_dir: PathBuf, broker_port: u16) ->
             // on disk so the user can get them after stopping the fuzzer
             OnDiskCorpus::new(objective_dir).unwrap(),
             // Feedbacks to recognize an input as solution
-            tuple_list!(CrashFeedback::new()),
+            CrashFeedback::new(),
         )
     });
 

fuzzers/libfuzzer_libpng/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "libfuzzer_libpng"
-version = "0.1.0"
+version = "0.2.0"
 authors = ["Andrea Fioraldi <[email protected]>", "Dominik Maier <[email protected]>"]
 edition = "2018"
 

fuzzers/libfuzzer_libpng/src/lib.rs

@@ -12,6 +12,7 @@ use libafl::{
     },
     events::{setup_restarting_mgr_std, EventManager},
     executors::{inprocess::InProcessExecutor, ExitKind, TimeoutExecutor},
+    feedback_or,
     feedbacks::{CrashFeedback, MaxMapFeedback, TimeFeedback, TimeoutFeedback},
     fuzzer::{Fuzzer, StdFuzzer},
     mutators::scheduled::{havoc_mutations, StdScheduledMutator},
@@ -76,15 +77,15 @@ fn fuzz(corpus_dirs: Vec<PathBuf>, objective_dir: PathBuf, broker_port: u16) ->
             // Corpus that will be evolved, we keep it in memory for performance
             InMemoryCorpus::new(),
             // Feedbacks to rate the interestingness of an input
-            tuple_list!(
+            feedback_or!(
                 MaxMapFeedback::new_with_observer_track(&edges_observer, true, false),
                 TimeFeedback::new()
             ),
             // Corpus in which we store solutions (crashes in this example),
             // on disk so the user can get them after stopping the fuzzer
             OnDiskCorpus::new(objective_dir).unwrap(),
             // Feedbacks to recognize an input as solution
-            tuple_list!(CrashFeedback::new(), TimeoutFeedback::new()),
+            feedback_or!(CrashFeedback::new(), TimeoutFeedback::new()),
         )
     });
 

fuzzers/libfuzzer_stb_image/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "libfuzzer_stb_image"
-version = "0.1.0"
+version = "0.2.0"
 authors = ["Andrea Fioraldi <[email protected]>", "Dominik Maier <[email protected]>"]
 edition = "2018"
 build = "build.rs"

fuzzers/libfuzzer_stb_image/src/main.rs

@@ -11,6 +11,7 @@ use libafl::{
     },
     events::setup_restarting_mgr_std,
     executors::{inprocess::InProcessExecutor, ExitKind},
+    feedback_or,
     feedbacks::{CrashFeedback, MaxMapFeedback, TimeFeedback},
     fuzzer::{Fuzzer, StdFuzzer},
     mutators::scheduled::{havoc_mutations, StdScheduledMutator},
@@ -73,15 +74,15 @@ fn fuzz(corpus_dirs: Vec<PathBuf>, objective_dir: PathBuf, broker_port: u16) ->
             // Corpus that will be evolved, we keep it in memory for performance
             InMemoryCorpus::new(),
             // Feedbacks to rate the interestingness of an input
-            tuple_list!(
+            feedback_or!(
                 MaxMapFeedback::new_with_observer_track(&edges_observer, true, false),
                 TimeFeedback::new()
             ),
             // Corpus in which we store solutions (crashes in this example),
             // on disk so the user can get them after stopping the fuzzer
             OnDiskCorpus::new(objective_dir).unwrap(),
-            // Feedbacks to recognize an input as solution
-            tuple_list!(CrashFeedback::new()),
+            // Feedback to recognize an input as solution
+            CrashFeedback::new(),
         )
     });