Observers refactor (#84)

* new observer structure with HasExecHooks

* adapt libafl_frida to new observers

* docstrings

Author: andreafioraldi

fuzzers/baby_fuzzer/src/main.rs

@@ -77,7 +77,6 @@ pub fn main() {
 
     // Create the executor for an in-process function with just one observer
     let mut executor = InProcessExecutor::new(
-        "in-process(signals)",
         &mut harness,
         tuple_list!(observer),
         &mut state,

fuzzers/frida_libpng/src/fuzzer.rs

@@ -2,14 +2,15 @@
 //! The example harness is built for libpng.
 
 use libafl::{
-    bolts::tuples::{tuple_list, Named},
+    bolts::tuples::tuple_list,
     corpus::{
         ondisk::OnDiskMetadataFormat, Corpus, InMemoryCorpus,
         IndexesLenTimeMinimizerCorpusScheduler, OnDiskCorpus, QueueCorpusScheduler,
     },
-    events::{setup_restarting_mgr_std, EventManager},
+    events::setup_restarting_mgr_std,
     executors::{
-        inprocess::InProcessExecutor, timeout::TimeoutExecutor, Executor, ExitKind, HasObservers,
+        inprocess::InProcessExecutor, timeout::TimeoutExecutor, Executor, ExitKind, HasExecHooks,
+        HasExecHooksTuple, HasObservers, HasObserversHooks,
     },
     feedbacks::{CrashFeedback, MaxMapFeedback, TimeoutFeedback},
     fuzzer::{Fuzzer, StdFuzzer},
@@ -37,14 +38,14 @@ use libafl_frida::{
     FridaOptions,
 };
 
-struct FridaInProcessExecutor<'a, 'b, 'c, FH, H, I, OT>
+struct FridaInProcessExecutor<'a, 'b, 'c, EM, FH, H, I, OT, S>
 where
     FH: FridaHelper<'b>,
     H: FnMut(&[u8]) -> ExitKind,
     I: Input + HasTargetBytes,
     OT: ObserversTuple,
 {
-    base: TimeoutExecutor<InProcessExecutor<'a, H, I, OT>, I, OT>,
+    base: TimeoutExecutor<InProcessExecutor<'a, EM, H, I, OT, S>, I>,
     /// Frida's dynamic rewriting engine
     stalker: Stalker<'a>,
     /// User provided callback for instrumentation
@@ -53,19 +54,17 @@ where
     _phantom: PhantomData<&'b u8>,
 }
 
-impl<'a, 'b, 'c, FH, H, I, OT> Executor<I> for FridaInProcessExecutor<'a, 'b, 'c, FH, H, I, OT>
+impl<'a, 'b, 'c, EM, FH, H, I, OT, S> Executor<I>
+    for FridaInProcessExecutor<'a, 'b, 'c, EM, FH, H, I, OT, S>
 where
     FH: FridaHelper<'b>,
     H: FnMut(&[u8]) -> ExitKind,
     I: Input + HasTargetBytes,
     OT: ObserversTuple,
 {
-    /// Called right before exexution starts
+    /// Instruct the target about the input and run
     #[inline]
-    fn pre_exec<EM, S>(&mut self, state: &mut S, event_mgr: &mut EM, input: &I) -> Result<(), Error>
-    where
-        EM: EventManager<I, S>,
-    {
+    fn run_target(&mut self, input: &I) -> Result<ExitKind, Error> {
         if self.helper.stalker_enabled() {
             if !self.followed {
                 self.followed = true;
@@ -77,45 +76,45 @@ where
                 ))
             }
         }
-
-        self.helper.pre_exec(input);
-
-        self.base.pre_exec(state, event_mgr, input)
-    }
-
-    /// Instruct the target about the input and run
-    #[inline]
-    fn run_target(&mut self, input: &I) -> Result<ExitKind, Error> {
         let res = self.base.run_target(input);
         if unsafe { ASAN_ERRORS.is_some() && !ASAN_ERRORS.as_ref().unwrap().is_empty() } {
             println!("Crashing target as it had ASAN errors");
             unsafe {
                 libc::raise(libc::SIGABRT);
             }
         }
+        if self.helper.stalker_enabled() {
+            self.stalker.deactivate();
+        }
         res
     }
+}
+
+impl<'a, 'b, 'c, EM, FH, H, I, OT, S> HasExecHooks<EM, I, S>
+    for FridaInProcessExecutor<'a, 'b, 'c, EM, FH, H, I, OT, S>
+where
+    FH: FridaHelper<'b>,
+    H: FnMut(&[u8]) -> ExitKind,
+    I: Input + HasTargetBytes,
+    OT: ObserversTuple,
+{
+    /// Called right before exexution starts
+    #[inline]
+    fn pre_exec(&mut self, state: &mut S, event_mgr: &mut EM, input: &I) -> Result<(), Error> {
+        self.helper.pre_exec(input);
+        self.base.pre_exec(state, event_mgr, input)
+    }
 
     /// Called right after execution finished.
     #[inline]
-    fn post_exec<EM, S>(
-        &mut self,
-        state: &mut S,
-        event_mgr: &mut EM,
-        input: &I,
-    ) -> Result<(), Error>
-    where
-        EM: EventManager<I, S>,
-    {
-        if self.helper.stalker_enabled() {
-            self.stalker.deactivate();
-        }
+    fn post_exec(&mut self, state: &mut S, event_mgr: &mut EM, input: &I) -> Result<(), Error> {
         self.helper.post_exec(input);
         self.base.post_exec(state, event_mgr, input)
     }
 }
 
-impl<'a, 'b, 'c, FH, H, I, OT> HasObservers<OT> for FridaInProcessExecutor<'a, 'b, 'c, FH, H, I, OT>
+impl<'a, 'b, 'c, EM, FH, H, I, OT, S> HasObservers<OT>
+    for FridaInProcessExecutor<'a, 'b, 'c, EM, FH, H, I, OT, S>
 where
     FH: FridaHelper<'b>,
     H: FnMut(&[u8]) -> ExitKind,
@@ -133,19 +132,17 @@ where
     }
 }
 
-impl<'a, 'b, 'c, FH, H, I, OT> Named for FridaInProcessExecutor<'a, 'b, 'c, FH, H, I, OT>
+impl<'a, 'b, 'c, EM, FH, H, I, OT, S> HasObserversHooks<EM, I, OT, S>
+    for FridaInProcessExecutor<'a, 'b, 'c, EM, FH, H, I, OT, S>
 where
     FH: FridaHelper<'b>,
     H: FnMut(&[u8]) -> ExitKind,
     I: Input + HasTargetBytes,
-    OT: ObserversTuple,
+    OT: ObserversTuple + HasExecHooksTuple<EM, I, S>,
 {
-    fn name(&self) -> &str {
-        self.base.name()
-    }
 }
 
-impl<'a, 'b, 'c, FH, H, I, OT> FridaInProcessExecutor<'a, 'b, 'c, FH, H, I, OT>
+impl<'a, 'b, 'c, EM, FH, H, I, OT, S> FridaInProcessExecutor<'a, 'b, 'c, EM, FH, H, I, OT, S>
 where
     FH: FridaHelper<'b>,
     H: FnMut(&[u8]) -> ExitKind,
@@ -154,7 +151,7 @@ where
 {
     pub fn new(
         gum: &'a Gum,
-        base: InProcessExecutor<'a, H, I, OT>,
+        base: InProcessExecutor<'a, EM, H, I, OT, S>,
         helper: &'c mut FH,
         timeout: Duration,
     ) -> Self {
@@ -324,7 +321,6 @@ unsafe fn fuzz(
     let mut executor = FridaInProcessExecutor::new(
         &gum,
         InProcessExecutor::new(
-            "in-process(edges)",
             &mut frida_harness,
             tuple_list!(edges_observer, AsanErrorsObserver::new(&ASAN_ERRORS)),
             &mut state,

fuzzers/libfuzzer_libmozjpeg/src/lib.rs

@@ -113,7 +113,6 @@ fn fuzz(corpus_dirs: Vec<PathBuf>, objective_dir: PathBuf, broker_port: u16) ->
 
     // Create the executor for an in-process function with observers for edge coverage, value-profile and allocations sizes
     let mut executor = InProcessExecutor::new(
-        "in-process(edges,cmp,alloc)",
         &mut harness,
         tuple_list!(edges_observer, cmps_observer, allocs_observer),
         &mut state,

fuzzers/libfuzzer_libpng/src/lib.rs

@@ -120,7 +120,6 @@ fn fuzz(corpus_dirs: Vec<PathBuf>, objective_dir: PathBuf, broker_port: u16) ->
     // Create the executor for an in-process function with one observer for edge coverage and one for the execution time
     let mut executor = TimeoutExecutor::new(
         InProcessExecutor::new(
-            "in-process(edges,time)",
             &mut harness,
             tuple_list!(edges_observer, TimeObserver::new("time")),
             &mut state,

fuzzers/libfuzzer_stb_image/src/main.rs

@@ -116,7 +116,6 @@ fn fuzz(corpus_dirs: Vec<PathBuf>, objective_dir: PathBuf, broker_port: u16) ->
 
     // Create the executor for an in-process function with just one observer for edge coverage
     let mut executor = InProcessExecutor::new(
-        "in-process(edges,time)",
         &mut harness,
         tuple_list!(edges_observer, TimeObserver::new("time")),
         &mut state,

libafl/src/executors/inprocess.rs

@@ -14,10 +14,11 @@ use crate::bolts::os::unix_signals::setup_signal_handler;
 use crate::bolts::os::windows_exceptions::setup_exception_handler;
 
 use crate::{
-    bolts::tuples::Named,
     corpus::Corpus,
     events::EventManager,
-    executors::{Executor, ExitKind, HasObservers},
+    executors::{
+        Executor, ExitKind, HasExecHooks, HasExecHooksTuple, HasObservers, HasObserversHooks,
+    },
     feedbacks::FeedbacksTuple,
     inputs::{HasTargetBytes, Input},
     observers::ObserversTuple,
@@ -26,34 +27,41 @@ use crate::{
 };
 
 /// The inmem executor simply calls a target function, then returns afterwards.
-pub struct InProcessExecutor<'a, H, I, OT>
+pub struct InProcessExecutor<'a, EM, H, I, OT, S>
 where
     H: FnMut(&[u8]) -> ExitKind,
     I: Input + HasTargetBytes,
     OT: ObserversTuple,
 {
-    /// The name of this executor instance, to address it from other components
-    name: &'static str,
     /// The harness function, being executed for each fuzzing loop execution
     harness_fn: &'a mut H,
     /// The observers, observing each run
     observers: OT,
-    phantom: PhantomData<I>,
+    phantom: PhantomData<(EM, I, S)>,
 }
 
-impl<'a, H, I, OT> Executor<I> for InProcessExecutor<'a, H, I, OT>
+impl<'a, EM, H, I, OT, S> Executor<I> for InProcessExecutor<'a, EM, H, I, OT, S>
 where
     H: FnMut(&[u8]) -> ExitKind,
     I: Input + HasTargetBytes,
     OT: ObserversTuple,
 {
     #[inline]
-    fn pre_exec<EM, S>(
-        &mut self,
-        _state: &mut S,
-        _event_mgr: &mut EM,
-        _input: &I,
-    ) -> Result<(), Error> {
+    fn run_target(&mut self, input: &I) -> Result<ExitKind, Error> {
+        let bytes = input.target_bytes();
+        let ret = (self.harness_fn)(bytes.as_slice());
+        Ok(ret)
+    }
+}
+
+impl<'a, EM, H, I, OT, S> HasExecHooks<EM, I, S> for InProcessExecutor<'a, EM, H, I, OT, S>
+where
+    H: FnMut(&[u8]) -> ExitKind,
+    I: Input + HasTargetBytes,
+    OT: ObserversTuple,
+{
+    #[inline]
+    fn pre_exec(&mut self, _state: &mut S, _event_mgr: &mut EM, _input: &I) -> Result<(), Error> {
         #[cfg(unix)]
         unsafe {
             let data = &mut unix_signal_handler::GLOBAL_STATE;
@@ -92,19 +100,7 @@ where
     }
 
     #[inline]
-    fn run_target(&mut self, input: &I) -> Result<ExitKind, Error> {
-        let bytes = input.target_bytes();
-        let ret = (self.harness_fn)(bytes.as_slice());
-        Ok(ret)
-    }
-
-    #[inline]
-    fn post_exec<EM, S>(
-        &mut self,
-        _state: &mut S,
-        _event_mgr: &mut EM,
-        _input: &I,
-    ) -> Result<(), Error> {
+    fn post_exec(&mut self, _state: &mut S, _event_mgr: &mut EM, _input: &I) -> Result<(), Error> {
         #[cfg(unix)]
         unsafe {
             write_volatile(
@@ -125,18 +121,7 @@ where
     }
 }
 
-impl<'a, H, I, OT> Named for InProcessExecutor<'a, H, I, OT>
-where
-    H: FnMut(&[u8]) -> ExitKind,
-    I: Input + HasTargetBytes,
-    OT: ObserversTuple,
-{
-    fn name(&self) -> &str {
-        self.name
-    }
-}
-
-impl<'a, H, I, OT> HasObservers<OT> for InProcessExecutor<'a, H, I, OT>
+impl<'a, EM, H, I, OT, S> HasObservers<OT> for InProcessExecutor<'a, EM, H, I, OT, S>
 where
     H: FnMut(&[u8]) -> ExitKind,
     I: Input + HasTargetBytes,
@@ -153,7 +138,15 @@ where
     }
 }
 
-impl<'a, H, I, OT> InProcessExecutor<'a, H, I, OT>
+impl<'a, EM, H, I, OT, S> HasObserversHooks<EM, I, OT, S> for InProcessExecutor<'a, EM, H, I, OT, S>
+where
+    H: FnMut(&[u8]) -> ExitKind,
+    I: Input + HasTargetBytes,
+    OT: ObserversTuple + HasExecHooksTuple<EM, I, S>,
+{
+}
+
+impl<'a, EM, H, I, OT, S> InProcessExecutor<'a, EM, H, I, OT, S>
 where
     H: FnMut(&[u8]) -> ExitKind,
     I: Input + HasTargetBytes,
@@ -162,12 +155,10 @@ where
     /// Create a new in mem executor.
     /// Caution: crash and restart in one of them will lead to odd behavior if multiple are used,
     /// depending on different corpus or state.
-    /// * `name` - the name of this executor (to address it along the way)
     /// * `harness_fn` - the harness, executiong the function
     /// * `observers` - the observers observing the target during execution
     /// This may return an error on unix, if signal handler setup fails
-    pub fn new<EM, OC, OFT, S>(
-        name: &'static str,
+    pub fn new<OC, OFT>(
         harness_fn: &'a mut H,
         observers: OT,
         _state: &mut S,
@@ -213,7 +204,6 @@ where
         Ok(Self {
             harness_fn,
             observers,
-            name,
             phantom: PhantomData,
         })
     }
@@ -696,10 +686,9 @@ mod tests {
     fn test_inmem_exec() {
         let mut harness = |_buf: &[u8]| ExitKind::Ok;
 
-        let mut in_process_executor = InProcessExecutor::<_, NopInput, ()> {
+        let mut in_process_executor = InProcessExecutor::<(), _, NopInput, (), ()> {
             harness_fn: &mut harness,
             observers: tuple_list!(),
-            name: "main",
             phantom: PhantomData,
         };
         let mut input = NopInput {};