No Use* from stages (#2745)

* no from stage

* fixer

* doc fix

* how was this working????

* more fixes

* delete more

* rq

* cargo-fuzz

* m

* aa

fuzzers/baby/tutorial/src/lib.rs

@@ -132,7 +132,7 @@ fn fuzz(corpus_dirs: &[PathBuf], objective_dir: PathBuf, broker_port: u16) -> Re
     // Setup a lain mutator with a mutational stage
     let mutator = LainMutator::new();
 
-    let power: StdPowerMutationalStage<_, _, PacketData, _, _> =
+    let power: StdPowerMutationalStage<_, _, PacketData, _, _, _> =
         StdPowerMutationalStage::new(mutator);
 
     let mut stages = tuple_list!(calibration, power);

fuzzers/binary_only/fuzzbench_fork_qemu/src/fuzzer.rs

@@ -314,7 +314,7 @@ fn fuzz(
         5,
     )?;
 
-    let power: StdPowerMutationalStage<_, _, BytesInput, _, _> =
+    let power: StdPowerMutationalStage<_, _, BytesInput, _, _, _> =
         StdPowerMutationalStage::new(mutator);
 
     // A minimization+queue policy to get testcasess from the corpus

fuzzers/binary_only/fuzzbench_qemu/src/fuzzer.rs

@@ -317,7 +317,7 @@ fn fuzz(
         5,
     )?;
 
-    let power: StdPowerMutationalStage<_, _, BytesInput, _, _> =
+    let power: StdPowerMutationalStage<_, _, BytesInput, _, _, _> =
         StdPowerMutationalStage::new(mutator);
 
     // A minimization+queue policy to get testcasess from the corpus

fuzzers/binary_only/qemu_launcher/src/instance.rs

@@ -1,5 +1,5 @@
 use core::fmt::Debug;
-use std::{fs, marker::PhantomData, ops::Range, process, time::Duration};
+use std::{fs, marker::PhantomData, ops::Range, path::PathBuf, process};
 
 #[cfg(feature = "simplemgr")]
 use libafl::events::SimpleEventManager;
@@ -23,8 +23,8 @@ use libafl::{
         powersched::PowerSchedule, IndexesLenTimeMinimizerScheduler, PowerQueueScheduler,
     },
     stages::{
-        calibrate::CalibrationStage, power::StdPowerMutationalStage, IfStage, ShadowTracingStage,
-        StagesTuple, StatsStage, StdMutationalStage,
+        calibrate::CalibrationStage, power::StdPowerMutationalStage, AflStatsStage, IfStage,
+        ShadowTracingStage, StagesTuple, StdMutationalStage,
     },
     state::{HasCorpus, StdState, UsesState},
     Error, HasMetadata, NopFuzzer,
@@ -137,7 +137,10 @@ impl<M: Monitor> Instance<'_, M> {
 
         let stats_stage = IfStage::new(
             |_, _, _, _| Ok(self.options.tui),
-            tuple_list!(StatsStage::new(Duration::from_secs(5))),
+            tuple_list!(AflStatsStage::builder()
+                .map_observer(&edges_observer)
+                .stats_file(PathBuf::from("stats.txt"))
+                .build()?),
         );
 
         // Feedback to rate the interestingness of an input
@@ -274,7 +277,7 @@ impl<M: Monitor> Instance<'_, M> {
                 5,
             )?;
 
-            let power: StdPowerMutationalStage<_, _, BytesInput, _, _> =
+            let power: StdPowerMutationalStage<_, _, BytesInput, _, _, _> =
                 StdPowerMutationalStage::new(mutator);
 
             // The order of the stages matter!

fuzzers/forkserver/fuzzbench_forkserver/src/main.rs

@@ -298,7 +298,7 @@ fn fuzz(
         5,
     )?;
 
-    let power: StdPowerMutationalStage<_, _, BytesInput, _, _> =
+    let power: StdPowerMutationalStage<_, _, BytesInput, _, _, _> =
         StdPowerMutationalStage::new(mutator);
 
     // A minimization+queue policy to get testcasess from the corpus

fuzzers/forkserver/fuzzbench_forkserver_cmplog/src/main.rs

@@ -300,7 +300,7 @@ fn fuzz(
         5,
     )?;
 
-    let power: StdPowerMutationalStage<_, _, BytesInput, _, _> =
+    let power: StdPowerMutationalStage<_, _, BytesInput, _, _, _> =
         StdPowerMutationalStage::new(mutator);
 
     // A minimization+queue policy to get testcasess from the corpus
@@ -371,7 +371,8 @@ fn fuzz(
         let tracing = AFLppCmplogTracingStage::new(cmplog_executor, cmplog_ref);
 
         // Setup a randomic Input2State stage
-        let rq = MultiMutationalStage::new(AFLppRedQueen::with_cmplog_options(true, true));
+        let rq: MultiMutationalStage<_, _, BytesInput, _, _, _> =
+            MultiMutationalStage::new(AFLppRedQueen::with_cmplog_options(true, true));
 
         let cb = |_fuzzer: &mut _,
                   _executor: &mut _,

fuzzers/forkserver/libafl-fuzz/src/fuzzer.rs

@@ -266,7 +266,7 @@ define_run_client!(state, mgr, fuzzer_dir, core_id, opt, is_main_node, {
         SupportedMutationalStages::StdMutational(StdMutationalStage::new(mutation), PhantomData)
     } else {
         SupportedMutationalStages::PowerMutational(
-            StdPowerMutationalStage::new(mutation),
+            StdPowerMutationalStage::<_, _, BytesInput, _, _, _>::new(mutation),
             PhantomData,
         )
     };
@@ -487,7 +487,9 @@ define_run_client!(state, mgr, fuzzer_dir, core_id, opt, is_main_node, {
         let tracing = AFLppCmplogTracingStage::new(cmplog_executor, cmplog_ref);
 
         // Create a randomic Input2State stage
-        let rq = MultiMutationalStage::new(AFLppRedQueen::with_cmplog_options(true, true));
+        let rq = MultiMutationalStage::<_, _, BytesInput, _, _, _>::new(
+            AFLppRedQueen::with_cmplog_options(true, true),
+        );
 
         // Create an IfStage and wrap the CmpLog stages in it.
         // We run cmplog on the second fuzz run of the testcase.

fuzzers/forkserver/libafl-fuzz/src/stages/mutational_stage.rs

@@ -1,37 +1,25 @@
 use std::{borrow::Cow, marker::PhantomData};
 
 use libafl::{
-    corpus::Corpus,
-    inputs::Input,
-    mutators::Mutator,
-    stages::{mutational::MutatedTransform, MutationalStage, Stage},
-    state::{HasCorpus, HasRand, State, UsesState},
-    Error, Evaluator, HasNamedMetadata,
+    stages::{MutationalStage, Stage},
+    Error,
 };
 use libafl_bolts::Named;
 
 #[derive(Debug)]
-pub enum SupportedMutationalStages<S, SM, P, E, EM, M, I, Z> {
-    StdMutational(SM, PhantomData<(S, I, M, EM, Z, E)>),
-    PowerMutational(P, PhantomData<(S, I, M, EM, Z, E)>),
+pub enum SupportedMutationalStages<SM, P> {
+    StdMutational(SM, PhantomData<P>),
+    PowerMutational(P, PhantomData<SM>),
 }
 
-impl<S, SM, P, E, EM, M, I, Z> MutationalStage<E, EM, I, M, Z>
-    for SupportedMutationalStages<S, SM, P, E, EM, M, I, Z>
+impl<S, SM, P> MutationalStage<S> for SupportedMutationalStages<SM, P>
 where
-    E: UsesState<State = S>,
-    EM: UsesState<State = S>,
-    M: Mutator<I, S>,
-    Z: Evaluator<E, EM, State = S>,
-    I: MutatedTransform<S::Input, S> + Clone + Input,
-    SM: MutationalStage<E, EM, I, M, Z, State = S>,
-    P: MutationalStage<E, EM, I, M, Z, State = S>,
-    S: State<Input = I> + HasRand + HasCorpus + HasNamedMetadata,
-    <<Self as UsesState>::State as HasCorpus>::Corpus: Corpus<Input = Self::Input>, //delete me
+    SM: MutationalStage<S>,
+    P: MutationalStage<S, Mutator = SM::Mutator>,
 {
+    type Mutator = SM::Mutator;
     /// The mutator, added to this stage
-    #[inline]
-    fn mutator(&self) -> &M {
+    fn mutator(&self) -> &Self::Mutator {
         match self {
             Self::StdMutational(m, _) => m.mutator(),
             Self::PowerMutational(p, _) => p.mutator(),
@@ -40,7 +28,7 @@ where
 
     /// The list of mutators, added to this stage (as mutable ref)
     #[inline]
-    fn mutator_mut(&mut self) -> &mut M {
+    fn mutator_mut(&mut self) -> &mut Self::Mutator {
         match self {
             Self::StdMutational(m, _) => m.mutator_mut(),
             Self::PowerMutational(p, _) => p.mutator_mut(),
@@ -56,14 +44,7 @@ where
     }
 }
 
-impl<S, SM, P, E, EM, M, I, Z> UsesState for SupportedMutationalStages<S, SM, P, E, EM, M, I, Z>
-where
-    S: State + HasRand,
-{
-    type State = S;
-}
-
-impl<S, SM, P, E, EM, M, I, Z> Named for SupportedMutationalStages<S, SM, P, E, EM, M, I, Z>
+impl<SM, P> Named for SupportedMutationalStages<SM, P>
 where
     SM: Named,
     P: Named,
@@ -76,18 +57,10 @@ where
     }
 }
 
-impl<S, SM, P, E, EM, M, I, Z> Stage<E, EM, Z>
-    for SupportedMutationalStages<S, SM, P, E, EM, M, I, Z>
+impl<E, EM, S, SM, P, Z> Stage<E, EM, S, Z> for SupportedMutationalStages<SM, P>
 where
-    E: UsesState<State = S>,
-    EM: UsesState<State = S>,
-    M: Mutator<I, S>,
-    Z: Evaluator<E, EM, State = S>,
-    I: MutatedTransform<S::Input, S> + Clone + Input,
-    SM: MutationalStage<E, EM, I, M, Z, State = S>,
-    P: MutationalStage<E, EM, I, M, Z, State = S>,
-    S: State<Input = I> + HasRand + HasCorpus + HasNamedMetadata,
-    <<Self as UsesState>::State as HasCorpus>::Corpus: Corpus<Input = Self::Input>, //delete me
+    SM: Stage<E, EM, S, Z>,
+    P: Stage<E, EM, S, Z>,
 {
     #[inline]
     #[allow(clippy::let_and_return)]

fuzzers/inprocess/dynamic_analysis/src/lib.rs

@@ -314,7 +314,7 @@ fn fuzz(
         5,
     )?;
 
-    let power: StdPowerMutationalStage<_, _, BytesInput, _, _> =
+    let power: StdPowerMutationalStage<_, _, BytesInput, _, _, _> =
         StdPowerMutationalStage::new(mutator);
 
     // A minimization+queue policy to get testcasess from the corpus

fuzzers/inprocess/fuzzbench/src/lib.rs

@@ -307,7 +307,7 @@ fn fuzz(
         5,
     )?;
 
-    let power: StdPowerMutationalStage<_, _, BytesInput, _, _> =
+    let power: StdPowerMutationalStage<_, _, BytesInput, _, _, _> =
         StdPowerMutationalStage::new(mutator);
 
     // A minimization+queue policy to get testcasess from the corpus

fuzzers/inprocess/fuzzbench_ctx/src/lib.rs

@@ -317,7 +317,7 @@ fn fuzz(
         5,
     )?;
 
-    let power: StdPowerMutationalStage<_, _, BytesInput, _, _> =
+    let power: StdPowerMutationalStage<_, _, BytesInput, _, _, _> =
         StdPowerMutationalStage::new(mutator);
 
     // A minimization+queue policy to get testcasess from the corpus

fuzzers/inprocess/fuzzbench_text/src/lib.rs

@@ -374,7 +374,7 @@ fn fuzz_binary(
         5,
     )?;
 
-    let power: StdPowerMutationalStage<_, _, BytesInput, _, _> =
+    let power: StdPowerMutationalStage<_, _, BytesInput, _, _, _> =
         StdPowerMutationalStage::new(mutator);
 
     // A minimization+queue policy to get testcasess from the corpus
@@ -589,7 +589,7 @@ fn fuzz_text(
         5,
     )?;
 
-    let power: StdPowerMutationalStage<_, _, BytesInput, _, _> =
+    let power: StdPowerMutationalStage<_, _, BytesInput, _, _, _> =
         StdPowerMutationalStage::new(mutator);
 
     let grimoire_mutator = StdScheduledMutator::with_max_stack_pow(

fuzzers/inprocess/libfuzzer_libpng/src/lib.rs

@@ -143,7 +143,7 @@ fn fuzz(corpus_dirs: &[PathBuf], objective_dir: PathBuf, broker_port: u16) -> Re
 
     let mutator = StdScheduledMutator::new(havoc_mutations().merge(tokens_mutations()));
 
-    let power: StdPowerMutationalStage<_, _, BytesInput, _, _> =
+    let power: StdPowerMutationalStage<_, _, BytesInput, _, _, _> =
         StdPowerMutationalStage::new(mutator);
 
     let mut stages = tuple_list!(calibration, power);

fuzzers/inprocess/libfuzzer_libpng_cmin/src/lib.rs

@@ -140,7 +140,7 @@ fn fuzz(corpus_dirs: &[PathBuf], objective_dir: PathBuf, broker_port: u16) -> Re
 
     let mutator = StdScheduledMutator::new(havoc_mutations().merge(tokens_mutations()));
 
-    let power: StdPowerMutationalStage<_, _, BytesInput, _, _> =
+    let power: StdPowerMutationalStage<_, _, BytesInput, _, _, _> =
         StdPowerMutationalStage::new(mutator);
 
     let mut stages = tuple_list!(calibration, power);

fuzzers/inprocess/libfuzzer_libpng_tcp_manager/src/lib.rs

@@ -141,7 +141,7 @@ fn fuzz(corpus_dirs: &[PathBuf], objective_dir: PathBuf, broker_port: u16) -> Re
 
     let mutator = StdScheduledMutator::new(havoc_mutations().merge(tokens_mutations()));
 
-    let power: StdPowerMutationalStage<_, _, BytesInput, _, _> =
+    let power: StdPowerMutationalStage<_, _, BytesInput, _, _, _> =
         StdPowerMutationalStage::new(mutator);
 
     let mut stages = tuple_list!(calibration, power);

fuzzers/inprocess/libfuzzer_windows_asan/src/lib.rs

@@ -110,7 +110,7 @@ fn fuzz(corpus_dirs: &[PathBuf], objective_dir: PathBuf, broker_port: u16) -> Re
 
     let mutator = StdScheduledMutator::new(havoc_mutations().merge(tokens_mutations()));
 
-    let power: StdPowerMutationalStage<_, _, BytesInput, _, _> =
+    let power: StdPowerMutationalStage<_, _, BytesInput, _, _, _> =
         StdPowerMutationalStage::new(mutator);
 
     let mut stages = tuple_list!(calibration, power);

libafl/Cargo.toml

@@ -28,6 +28,7 @@ rustc-args = ["--cfg", "docsrs"]
 
 [features]
 default = [
+  "introspection",
   "std",
   "derive",
   "llmp_compression",

libafl/src/fuzzer/mod.rs

@@ -27,7 +27,7 @@ use crate::{
 };
 
 /// Send a monitor update all 15 (or more) seconds
-const STATS_TIMEOUT_DEFAULT: Duration = Duration::from_secs(15);
+pub(crate) const STATS_TIMEOUT_DEFAULT: Duration = Duration::from_secs(15);
 
 /// Holds a scheduler
 pub trait HasScheduler: UsesState