Merge branch 'main' into add-label-mutationresult

Cargo.toml

@@ -65,11 +65,13 @@ libafl_qemu_build = { path = "./libafl_qemu/libafl_qemu_build", version = "0.14.
 libafl_qemu_sys = { path = "./libafl_qemu/libafl_qemu_sys", version = "0.14.1", default-features = false }
 
 # External deps
-ahash = { version = "0.8.11", default-features = false } # The hash function already used in hashbrown
-arbitrary-int = "1.2.7" # arbitrary sized integers, useful in combination with bitfields (bitbybit crate)
+ahash = { version = "0.8.11", default-features = false }     # The hash function already used in hashbrown
+arbitrary-int = "1.2.7"                                      # arbitrary sized integers, useful in combination with bitfields (bitbybit crate)
 backtrace = { version = "0.3.74", default-features = false } # Used to get the stacktrace in StacktraceObserver
 bindgen = "0.71.1"
-bitbybit = "1.3.3" # bitfields, use this for bit fields and bit enums
+# 2024-12-16: bitbybit 1.3.3 is leading CI to fail due to missing docs.
+# fixme: Change this to 1.3.3 when the issue https://github.com/danlehmann/bitfield/issues/66 is resolved.
+bitbybit = "=1.3.2" # bitfields, use this for bit fields and bit enums
 clap = "4.5.18"
 cc = "1.1.21"
 cmake = "0.1.51"

libafl/src/observers/cmp.rs

@@ -5,6 +5,8 @@ use core::{
     ops::{Deref, DerefMut},
 };
 
+use arbitrary_int::{u1, u4, u5, u6};
+use bitbybit::bitfield;
 use hashbrown::HashMap;
 use libafl_bolts::{ownedref::OwnedRefMut, AsSlice, HasLen, Named};
 use serde::{Deserialize, Serialize};
@@ -403,47 +405,40 @@ impl AFLppCmpValuesMetadata {
     }
 }
 
-#[allow(missing_docs)] // 2024-12-15: bitfield is leading CI to fail due to missing docs.
-mod aflpp_cmplog_header {
-    use arbitrary_int::{u1, u4, u5, u6};
-    use bitbybit::bitfield;
-
-    /// Comparison header, used to describe a set of comparison values efficiently.
+/// Comparison header, used to describe a set of comparison values efficiently.
+///
+/// # Bitfields
+///
+/// - hits:      The number of hits of a particular comparison
+/// - id:        Unused by ``LibAFL``, a unique ID for a particular comparison
+/// - shape:     Whether a comparison is u8/u8, u16/u16, etc.
+/// - type_:     Whether the comparison value represents an instruction (like a `cmp`) or function
+///              call arguments
+/// - attribute: OR-ed bitflags describing whether the comparison is <, >, =, <=, >=, or transform
+/// - overflow:  Whether the comparison overflows
+/// - reserved:  Reserved for future use
+#[bitfield(u16)]
+#[derive(Debug)]
+pub struct AFLppCmpLogHeader {
+    /// The number of hits of a particular comparison
     ///
-    /// # Bitfields
+    /// 6 bits up to 63 entries, we have CMP_MAP_H = 32 (so using half of it)
+    #[bits(0..=5, r)]
+    hits: u6,
+    /// Whether a comparison is u8/u8, u16/u16, etc.
     ///
-    /// - hits:      The number of hits of a particular comparison
-    /// - id:        Unused by ``LibAFL``, a unique ID for a particular comparison
-    /// - shape:     Whether a comparison is u8/u8, u16/u16, etc.
-    /// - type_:     Whether the comparison value represents an instruction (like a `cmp`) or function
-    ///              call arguments
-    /// - attribute: OR-ed bitflags describing whether the comparison is <, >, =, <=, >=, or transform
-    /// - overflow:  Whether the comparison overflows
-    /// - reserved:  Reserved for future use
-    #[bitfield(u16)]
-    #[derive(Debug)]
-    pub struct AFLppCmpLogHeader {
-        /// The number of hits of a particular comparison
-        ///
-        /// 6 bits up to 63 entries, we have CMP_MAP_H = 32 (so using half of it)
-        #[bits(0..=5, r)]
-        hits: u6,
-        /// Whether a comparison is u8/u8, u16/u16, etc.
-        ///
-        /// 31 + 1 bytes max
-        #[bits(6..=10, r)]
-        shape: u5,
-        /// Whether the comparison value represents an instruction (like a `cmp`) or function call
-        /// arguments
-        ///
-        /// 2: cmp, rtn
-        #[bit(11, r)]
-        type_: u1,
-        /// OR-ed bitflags describing whether the comparison is <, >, =, <=, >=, or transform
-        ///
-        /// 16 types for arithmetic comparison types
-        #[bits(12..=15, r)]
-        attribute: u4,
-    }
+    /// 31 + 1 bytes max
+    #[bits(6..=10, r)]
+    shape: u5,
+    /// Whether the comparison value represents an instruction (like a `cmp`) or function call
+    /// arguments
+    ///
+    /// 2: cmp, rtn
+    #[bit(11, r)]
+    type_: u1,
+    /// OR-ed bitflags describing whether the comparison is <, >, =, <=, >=, or transform
+    ///
+    /// 16 types for arithmetic comparison types
+    #[bits(12..=15, r)]
+    attribute: u4,
 }
-pub use aflpp_cmplog_header::AFLppCmpLogHeader;

libafl_cc/Cargo.toml

@@ -9,7 +9,7 @@ readme = "README.md"
 license = "MIT OR Apache-2.0"
 keywords = ["fuzzing", "testing", "compiler"]
 edition = "2021"
-rust-version = "1.78"
+rust-version = "1.82"
 categories = [
   "development-tools::testing",
   "emulators",

libafl_cc/src/cfg.rs

@@ -317,7 +317,7 @@ where
                     let new_distance = distance + successor_info.get_weight();
                     let is_shorter = distances
                         .get(successor)
-                        .map_or(true, |&current| new_distance < current);
+                        .is_none_or(|&current| new_distance < current);
 
                     if is_shorter {
                         distances.insert(*successor, new_distance);

libafl_derive/Cargo.toml

@@ -9,7 +9,7 @@ readme = "../README.md"
 license = "MIT OR Apache-2.0"
 keywords = ["fuzzing", "testing"]
 edition = "2021"
-rust-version = "1.78"
+rust-version = "1.82"
 categories = [
   "development-tools::testing",
   "emulators",

libafl_intelpt/src/lib.rs

@@ -695,7 +695,6 @@ impl IntelPTBuilder {
 /// Perf event config for `IntelPT`
 ///
 /// (This is almost mapped to `IA32_RTIT_CTL MSR` by perf)
-#[allow(missing_docs)] // 2024-12-15: bitfield is leading CI to fail due to missing docs.
 #[cfg(target_os = "linux")]
 #[bitfield(u64, default = 0)]
 struct PtConfig {

utils/gdb_qemu/Cargo.toml

@@ -1,3 +1,3 @@
 [workspace]
 resolver = "2"
-members = ["gdb_qemu", "demo"]
+members = ["gdb_qemu", "gdb_demo"]

utils/gdb_qemu/Makefile.toml

@@ -28,7 +28,7 @@ command = "cargo"
 args = [
   "build",
   "-p",
-  "demo",
+  "gdb_demo",
   "--profile",
   "${PROFILE}",
   "--target",
@@ -38,7 +38,7 @@ args = [
 [tasks.run_demo]
 dependencies = ["demo"]
 command = "cargo"
-args = ["run", "-p", "demo", "--target", "powerpc-unknown-linux-gnu"]
+args = ["run", "-p", "gdb_demo", "--target", "powerpc-unknown-linux-gnu"]
 
 [tasks.build]
 dependencies = ["format", "clippy"]
@@ -65,7 +65,7 @@ args = [
   "/usr/powerpc-linux-gnu",
   "-g",
   "1234",
-  "${DEMO_DIR}/demo",
+  "${DEMO_DIR}/gdb_demo",
 ]
 
 [tasks.gdb]
@@ -79,9 +79,9 @@ args = [
   "-ex",
   "set confirm off",
   "-ex",
-  "file ${DEMO_DIR}/demo",
+  "file ${DEMO_DIR}/gdb_demo",
   "-ex",
-  "target remote | ${TARGET_DIR}/gdb_qemu -p 1234 -L trace qemu-ppc -- -L /usr/powerpc-linux-gnu -g 1234 ${DEMO_DIR}/demo",
+  "target remote | ${TARGET_DIR}/gdb_qemu -p 1234 -L trace qemu-ppc -- -L /usr/powerpc-linux-gnu -g 1234 ${DEMO_DIR}/gdb_demo",
 ]
 
 [tasks.all]

utils/gdb_qemu/demo/build.rs → utils/gdb_qemu/gdb_demo/build.rs

@@ -1,4 +1,6 @@
-use {std::error::Error, vergen::EmitBuilder};
+use std::error::Error;
+
+use vergen::EmitBuilder;
 
 fn main() -> Result<(), Box<dyn Error>> {
     EmitBuilder::builder()

utils/gdb_qemu/demo/src/args.rs → utils/gdb_qemu/gdb_demo/src/args.rs

@@ -1,3 +1,5 @@
+use std::fmt::Write;
+
 use clap::{builder::Str, Parser};
 
 #[derive(Default)]
@@ -18,8 +20,10 @@ impl From<Version> for Str {
             ("Cargo Target Triple", env!("VERGEN_CARGO_TARGET_TRIPLE")),
         ]
         .iter()
-        .map(|(k, v)| format!("{k:25}: {v}\n"))
-        .collect::<String>();
+        .fold(String::new(), |mut output, (k, v)| {
+            writeln!(output, "{k:25}: {v}").unwrap();
+            output
+        });
 
         format!("\n{version:}").into()
     }

utils/gdb_qemu/demo/src/main.rs → utils/gdb_qemu/gdb_demo/src/main.rs

@@ -1,10 +1,10 @@
 mod args;
 
-use {
-    crate::args::Args,
-    clap::Parser,
-    std::{thread::sleep, time::Duration},
-};
+use std::{thread::sleep, time::Duration};
+
+use clap::Parser;
+
+use crate::args::Args;
 
 #[no_mangle]
 extern "C" fn run_test(num: usize) {

utils/gdb_qemu/gdb_qemu/build.rs

@@ -1,4 +1,6 @@
-use {std::error::Error, vergen::EmitBuilder};
+use std::error::Error;
+
+use vergen::EmitBuilder;
 
 fn main() -> Result<(), Box<dyn Error>> {
     EmitBuilder::builder()

utils/gdb_qemu/gdb_qemu/src/args/level.rs

@@ -1,4 +1,5 @@
-use {clap::ValueEnum, simplelog::LevelFilter};
+use clap::ValueEnum;
+use simplelog::LevelFilter;
 
 #[derive(ValueEnum, Debug, Clone, Copy)]
 pub enum Level {

utils/gdb_qemu/gdb_qemu/src/args/mod.rs

@@ -1,11 +1,11 @@
 pub mod level;
 mod version;
 
-use {
-    crate::args::{level::Level, version::Version},
-    clap::Parser,
-    std::iter,
-};
+use std::iter;
+
+use clap::Parser;
+
+use crate::args::{level::Level, version::Version};
 
 pub trait ParentArgs {
     fn port(&self) -> u16;

utils/gdb_qemu/gdb_qemu/src/args/version.rs

@@ -1,3 +1,5 @@
+use std::fmt::Write;
+
 use clap::builder::Str;
 
 #[derive(Default)]
@@ -18,8 +20,10 @@ impl From<Version> for Str {
             ("Cargo Target Triple", env!("VERGEN_CARGO_TARGET_TRIPLE")),
         ]
         .iter()
-        .map(|(k, v)| format!("{k:25}: {v}\n"))
-        .collect::<String>();
+        .fold(String::new(), |mut output, (k, v)| {
+            writeln!(output, "{k:25}: {v}").unwrap();
+            output
+        });
 
         format!("\n{version:}").into()
     }

utils/gdb_qemu/gdb_qemu/src/child.rs

@@ -1,11 +1,13 @@
-use {
-    crate::{args::ChildArgs, exit::Exit},
-    anyhow::{anyhow, Result},
-    nix::unistd::{dup2, execvp},
-    std::ffi::CString,
-    std::os::fd::{AsRawFd, RawFd},
+use std::{
+    ffi::CString,
+    os::fd::{AsRawFd, RawFd},
 };
 
+use anyhow::{anyhow, Result};
+use nix::unistd::{dup2, execvp};
+
+use crate::{args::ChildArgs, exit::Exit};
+
 pub struct Child {
     argv: Vec<String>,
     fd1: RawFd,

utils/gdb_qemu/gdb_qemu/src/exit.rs

@@ -1,17 +1,15 @@
-use {
-    crate::errno::errno,
-    anyhow::{anyhow, Result},
-    libc::{_exit, prctl, PR_SET_PDEATHSIG},
-    nix::sys::signal::SIGKILL,
-    nix::{
-        sys::{
-            signal::{sigaction, SaFlags, SigAction, SigHandler, SigSet, SIGCHLD},
-            wait::{waitpid, WaitStatus::Exited},
-        },
-        unistd::Pid,
+use anyhow::{anyhow, Result};
+use libc::{_exit, prctl, PR_SET_PDEATHSIG};
+use nix::{
+    sys::{
+        signal::{sigaction, SaFlags, SigAction, SigHandler, SigSet, SIGCHLD, SIGKILL},
+        wait::{waitpid, WaitStatus::Exited},
     },
+    unistd::Pid,
 };
 
+use crate::errno::errno;
+
 pub struct Exit;
 
 impl Exit {

utils/gdb_qemu/gdb_qemu/src/logger.rs

@@ -1,9 +1,9 @@
-use {
-    crate::args::LogArgs,
-    anyhow::{anyhow, Result},
-    simplelog::{Config, LevelFilter, WriteLogger},
-    std::fs::File,
-};
+use std::fs::File;
+
+use anyhow::{anyhow, Result};
+use simplelog::{Config, LevelFilter, WriteLogger};
+
+use crate::args::LogArgs;
 
 pub struct Logger;
 

utils/gdb_qemu/gdb_qemu/src/main.rs

@@ -9,12 +9,13 @@ mod parent;
 extern crate log;
 extern crate simplelog;
 
-use {
-    crate::{args::Args, child::Child, exit::Exit, logger::Logger, parent::Parent},
-    anyhow::{anyhow, Result},
-    clap::Parser,
-    nix::unistd::{fork, pipe, ForkResult},
-};
+use std::os::fd::AsRawFd;
+
+use anyhow::{anyhow, Result};
+use clap::Parser;
+use nix::unistd::{fork, pipe, ForkResult};
+
+use crate::{args::Args, child::Child, exit::Exit, logger::Logger, parent::Parent};
 
 fn main() -> Result<()> {
     let args = Args::parse();
@@ -30,8 +31,10 @@ fn main() -> Result<()> {
     let (a2, b2) = pipe().map_err(|e| anyhow!("Failed to create pipe #2: {e:}"))?;
 
     match unsafe { fork() } {
-        Ok(ForkResult::Parent { child: _, .. }) => Parent::new(&args, a1, a2).run()?,
-        Ok(ForkResult::Child) => Child::new(&args, b1, b2).run()?,
+        Ok(ForkResult::Parent { child: _, .. }) => {
+            Parent::new(&args, a1.as_raw_fd(), a2.as_raw_fd()).run()?
+        }
+        Ok(ForkResult::Child) => Child::new(&args, b1.as_raw_fd(), b2.as_raw_fd()).run()?,
         Err(e) => Err(anyhow!("main: fork failed: {e:}"))?,
     };
     Ok(())