Replace addr_of with &raw across the codebase (AFLplusplus#2669)

* Replace addr_of with &raw across the codebase

* fix fixes

* more fix

* undo clang fmt?

* oops

* fix?

* allocator fix

* more fix

* more more

* more docs

* more fix

* mas mas mas

* hm

* more

* fix Frida

* needed

* more error

* qemu

Cargo.toml

@@ -92,11 +92,3 @@ lto = true
 codegen-units = 1
 opt-level = 3
 debug = true
-
-[profile.release-abort]
-inherits = "release"
-lto = true
-codegen-units = 1
-opt-level = 3
-debug = true
-abort = true

fuzzers/baby/baby_fuzzer_custom_executor/src/main.rs

@@ -1,10 +1,6 @@
 #[cfg(windows)]
 use std::ptr::write_volatile;
-use std::{
-    marker::PhantomData,
-    path::PathBuf,
-    ptr::{addr_of, addr_of_mut, write},
-};
+use std::{marker::PhantomData, path::PathBuf, ptr::write};
 
 #[cfg(feature = "tui")]
 use libafl::monitors::tui::TuiMonitor;
@@ -29,8 +25,8 @@ use libafl_bolts::{current_nanos, nonzero, rands::StdRand, tuples::tuple_list, A
 
 /// Coverage map with explicit assignments due to the lack of instrumentation
 static mut SIGNALS: [u8; 16] = [0; 16];
-static mut SIGNALS_PTR: *mut u8 = addr_of_mut!(SIGNALS) as _;
-static SIGNALS_LEN: usize = unsafe { (*addr_of!(SIGNALS)).len() };
+static mut SIGNALS_PTR: *mut u8 = &raw mut SIGNALS as _;
+static SIGNALS_LEN: usize = unsafe { (*&raw const (SIGNALS)).len() };
 
 /// Assign a signal to the signals map
 fn signals_set(idx: usize) {

fuzzers/baby/baby_fuzzer_unicode/src/main.rs

@@ -1,9 +1,6 @@
 #[cfg(windows)]
 use std::ptr::write_volatile;
-use std::{
-    path::PathBuf,
-    ptr::{addr_of, addr_of_mut, write},
-};
+use std::{path::PathBuf, ptr::write};
 
 #[cfg(feature = "tui")]
 use libafl::monitors::tui::TuiMonitor;
@@ -27,8 +24,8 @@ use libafl_bolts::{rands::StdRand, tuples::tuple_list, AsSlice};
 
 /// Coverage map with explicit assignments due to the lack of instrumentation
 static mut SIGNALS: [u8; 64] = [0; 64];
-static mut SIGNALS_PTR: *mut u8 = addr_of_mut!(SIGNALS).cast();
-static mut SIGNALS_LEN: usize = unsafe { (*addr_of!(SIGNALS)).len() };
+static mut SIGNALS_PTR: *mut u8 = (&raw mut SIGNALS).cast();
+static mut SIGNALS_LEN: usize = unsafe { (*&raw const SIGNALS).len() };
 
 /// Assign a signal to the signals map
 fn signals_set(idx: usize) {

fuzzers/binary_only/fuzzbench_qemu/src/fuzzer.rs

@@ -1,6 +1,6 @@
 //! A singlethreaded QEMU fuzzer that can auto-restart.
 
-use core::{cell::RefCell, ptr::addr_of_mut, time::Duration};
+use core::{cell::RefCell, time::Duration};
 #[cfg(unix)]
 use std::os::unix::io::{AsRawFd, FromRawFd};
 use std::{
@@ -260,7 +260,7 @@ fn fuzz(
         HitcountsMapObserver::new(VariableMapObserver::from_mut_slice(
             "edges",
             OwnedMutSlice::from_raw_parts_mut(edges_map_mut_ptr(), EDGES_MAP_ALLOCATED_SIZE),
-            addr_of_mut!(MAX_EDGES_FOUND),
+            &raw mut MAX_EDGES_FOUND,
         ))
         .track_indices()
     };

fuzzers/binary_only/qemu_launcher/src/instance.rs

@@ -1,4 +1,4 @@
-use core::{fmt::Debug, ptr::addr_of_mut};
+use core::fmt::Debug;
 use std::{fs, marker::PhantomData, ops::Range, process, time::Duration};
 
 #[cfg(feature = "simplemgr")]
@@ -117,7 +117,7 @@ impl<M: Monitor> Instance<'_, M> {
             HitcountsMapObserver::new(VariableMapObserver::from_mut_slice(
                 "edges",
                 OwnedMutSlice::from_raw_parts_mut(edges_map_mut_ptr(), EDGES_MAP_DEFAULT_SIZE),
-                addr_of_mut!(MAX_EDGES_FOUND),
+                &raw mut MAX_EDGES_FOUND,
             ))
             .track_indices()
         };

fuzzers/binary_only/tinyinst_simple/src/main.rs

@@ -1,4 +1,4 @@
-use std::{path::PathBuf, ptr::addr_of_mut, time::Duration};
+use std::{path::PathBuf, time::Duration};
 
 use libafl::{
     corpus::{CachedOnDiskCorpus, Corpus, OnDiskCorpus, Testcase},
@@ -37,7 +37,7 @@ fn main() {
     // use file to pass testcases
     // let args = vec!["test.exe".to_string(), "-f".to_string(), "@@".to_string()];
 
-    let coverage = OwnedMutPtr::Ptr(addr_of_mut!(COVERAGE));
+    let coverage = OwnedMutPtr::Ptr(&raw mut COVERAGE);
     let observer = ListObserver::new("cov", coverage);
     let mut feedback = ListFeedback::new(&observer);
     #[cfg(windows)]
@@ -69,7 +69,7 @@ fn main() {
         .persistent("test.exe".to_string(), "fuzz".to_string(), 1, 10000)
         .timeout(Duration::new(5, 0))
         .shmem_provider(&mut shmem_provider)
-        .coverage_ptr(addr_of_mut!(COVERAGE))
+        .coverage_ptr(&raw mut COVERAGE)
         .build(tuple_list!(observer))
         .unwrap();
 

fuzzers/full_system/qemu_baremetal/src/fuzzer_breakpoint.rs

@@ -1,6 +1,6 @@
 //! A fuzzer using qemu in systemmode for binary-only coverage of kernels
 //!
-use core::{ptr::addr_of_mut, time::Duration};
+use core::time::Duration;
 use std::{env, path::PathBuf, process};
 
 use libafl::{
@@ -97,7 +97,7 @@ pub fn fuzz() {
             HitcountsMapObserver::new(VariableMapObserver::from_mut_slice(
                 "edges",
                 OwnedMutSlice::from_raw_parts_mut(edges_map_mut_ptr(), EDGES_MAP_DEFAULT_SIZE),
-                addr_of_mut!(MAX_EDGES_FOUND),
+                &raw mut MAX_EDGES_FOUND,
             ))
             .track_indices()
         };

fuzzers/full_system/qemu_baremetal/src/fuzzer_low_level.rs

@@ -1,6 +1,6 @@
 //! A fuzzer using qemu in systemmode for binary-only coverage of kernels
 //!
-use core::{ptr::addr_of_mut, time::Duration};
+use core::time::Duration;
 use std::{env, path::PathBuf, process};
 
 use libafl::{
@@ -88,7 +88,7 @@ pub fn fuzz() {
             HitcountsMapObserver::new(VariableMapObserver::from_mut_slice(
                 "edges",
                 OwnedMutSlice::from_raw_parts_mut(edges_map_mut_ptr(), EDGES_MAP_DEFAULT_SIZE),
-                addr_of_mut!(MAX_EDGES_FOUND),
+                &raw mut MAX_EDGES_FOUND,
             ))
             .track_indices()
         };

fuzzers/full_system/qemu_baremetal/src/fuzzer_sync_exit.rs

@@ -1,6 +1,6 @@
 //! A fuzzer using qemu in systemmode for binary-only coverage of kernels
 //!
-use core::{ptr::addr_of_mut, time::Duration};
+use core::time::Duration;
 use std::{env, path::PathBuf, process};
 
 use libafl::{
@@ -52,7 +52,7 @@ pub fn fuzz() {
             HitcountsMapObserver::new(VariableMapObserver::from_mut_slice(
                 "edges",
                 OwnedMutSlice::from_raw_parts_mut(edges_map_mut_ptr(), EDGES_MAP_DEFAULT_SIZE),
-                addr_of_mut!(MAX_EDGES_FOUND),
+                &raw mut MAX_EDGES_FOUND,
             ))
             .track_indices()
         };

fuzzers/full_system/qemu_linux_kernel/src/fuzzer.rs

@@ -1,6 +1,6 @@
 //! A fuzzer using qemu in systemmode for binary-only coverage of linux
 
-use core::{ptr::addr_of_mut, time::Duration};
+use core::time::Duration;
 use std::{env, path::PathBuf, process};
 
 use libafl::{
@@ -91,7 +91,7 @@ pub fn fuzz() {
             HitcountsMapObserver::new(VariableMapObserver::from_mut_slice(
                 "edges",
                 OwnedMutSlice::from_raw_parts_mut(edges_map_mut_ptr(), EDGES_MAP_ALLOCATED_SIZE),
-                addr_of_mut!(MAX_EDGES_FOUND),
+                &raw mut MAX_EDGES_FOUND,
             ))
             .track_indices()
         };

fuzzers/full_system/qemu_linux_process/src/fuzzer.rs

@@ -1,6 +1,6 @@
 //! A fuzzer using qemu in systemmode for binary-only coverage of linux
 
-use core::{ptr::addr_of_mut, time::Duration};
+use core::time::Duration;
 use std::{env, path::PathBuf, process};
 
 use libafl::{
@@ -56,7 +56,7 @@ pub fn fuzz() {
             HitcountsMapObserver::new(VariableMapObserver::from_mut_slice(
                 "edges",
                 OwnedMutSlice::from_raw_parts_mut(edges_map_mut_ptr(), EDGES_MAP_DEFAULT_SIZE),
-                addr_of_mut!(MAX_EDGES_FOUND),
+                &raw mut MAX_EDGES_FOUND,
             ))
             .track_indices()
         };

fuzzers/fuzz_anything/push_harness/src/main.rs

@@ -1,6 +1,6 @@
 //! [`Klo-routines`](https://github.com/andreafioraldi/klo-routines/) based fuzzer.
 //! The target loops and the harness pulls inputs out of `LibAFL`, instead of being called by `LibAFL`.
-use std::{path::PathBuf, ptr::addr_of_mut};
+use std::path::PathBuf;
 
 use klo_routines::{yield_, KloRoutine};
 use libafl::{
@@ -39,12 +39,12 @@ fn input_generator() {
         ExitKind::Ok
     };
 
-    let signals_ptr = unsafe { addr_of_mut!(SIGNALS) };
+    let signals_ptr = unsafe { &raw mut SIGNALS };
     let signals_len = unsafe { *signals_ptr }.len();
 
     // Create an observation channel using the signals map
     let observer =
-        unsafe { StdMapObserver::from_mut_ptr("signals", addr_of_mut!(SIGNALS) as _, signals_len) };
+        unsafe { StdMapObserver::from_mut_ptr("signals", &raw mut SIGNALS as _, signals_len) };
 
     // Feedback to rate the interestingness of an input
     let mut feedback = MaxMapFeedback::new(&observer);

fuzzers/inprocess/dynamic_analysis/src/lib.rs

@@ -11,7 +11,6 @@ use std::{
     io::{self, Read, Write},
     path::PathBuf,
     process,
-    ptr::addr_of_mut,
 };
 
 use clap::{Arg, Command};
@@ -254,7 +253,7 @@ fn fuzz(
     let time_observer = TimeObserver::new("time");
 
     let func_list =
-        unsafe { OwnedMutPtr::from_raw_mut(Lazy::force_mut(&mut *addr_of_mut!(FUNCTION_LIST))) };
+        unsafe { OwnedMutPtr::from_raw_mut(Lazy::force_mut(&mut *&raw mut FUNCTION_LIST)) };
     let profiling_observer = ProfilingObserver::new("concatenated.json", func_list)?;
     let callhook = CallHook::new();
 

fuzzers/structure_aware/baby_fuzzer_custom_input/src/main.rs

@@ -2,10 +2,7 @@ mod input;
 
 #[cfg(windows)]
 use std::ptr::write_volatile;
-use std::{
-    path::PathBuf,
-    ptr::{addr_of_mut, write},
-};
+use std::{path::PathBuf, ptr::write};
 
 use input::{
     CustomInput, CustomInputGenerator, ToggleBooleanMutator, ToggleOptionalByteArrayMutator,
@@ -43,7 +40,7 @@ use {
 /// Coverage map with explicit assignments due to the lack of instrumentation
 const SIGNALS_LEN: usize = 16;
 static mut SIGNALS: [u8; SIGNALS_LEN] = [0; 16];
-static mut SIGNALS_PTR: *mut u8 = addr_of_mut!(SIGNALS) as _;
+static mut SIGNALS_PTR: *mut u8 = &raw mut SIGNALS as _;
 
 /// Assign a signal to the signals map
 fn signals_set(idx: usize) {

fuzzers/structure_aware/baby_fuzzer_gramatron/src/main.rs

@@ -4,7 +4,6 @@ use std::{
     fs,
     io::{BufReader, Read},
     path::{Path, PathBuf},
-    ptr::addr_of_mut,
 };
 
 use libafl::{
@@ -30,7 +29,7 @@ use libafl_bolts::{rands::StdRand, tuples::tuple_list};
 /// Coverage map with explicit assignments due to the lack of instrumentation
 const SIGNALS_LEN: usize = 16;
 static mut SIGNALS: [u8; SIGNALS_LEN] = [0; SIGNALS_LEN];
-static mut SIGNALS_PTR: *mut u8 = unsafe { addr_of_mut!(SIGNALS) as _ };
+static mut SIGNALS_PTR: *mut u8 = unsafe { &raw mut SIGNALS as _ };
 /*
 /// Assign a signal to the signals map
 fn signals_set(idx: usize) {

libafl/src/common/nautilus/regex_mutator/mod.rs

@@ -53,6 +53,7 @@ fn append_unicode_range<R: Rand>(
     cls: ClassUnicodeRange,
 ) {
     let mut chr_a_buf = [0; 4];
+    #[allow(clippy::similar_names)]
     let mut chr_b_buf = [0; 4];
     cls.start().encode_utf8(&mut chr_a_buf);
     cls.end().encode_utf8(&mut chr_b_buf);
@@ -129,10 +130,10 @@ pub fn generate<R: Rand>(rand: &mut R, hir: &Hir) -> Vec<u8> {
             HirKind::Empty => {}
             HirKind::Literal(lit) => append_lit(&mut res, lit),
             HirKind::Class(cls) => append_class(rand, &mut res, &mut scr, cls),
-            HirKind::Repetition(rep) => {
-                let num = get_repetitions(rand, rep.min, rep.max, &mut scr);
+            HirKind::Repetition(repetition) => {
+                let num = get_repetitions(rand, repetition.min, repetition.max, &mut scr);
                 for _ in 0..num {
-                    stack.push(&rep.sub);
+                    stack.push(&repetition.sub);
                 }
             }
             HirKind::Capture(grp) => stack.push(&grp.sub),

libafl/src/events/llmp/restarting.rs

@@ -4,8 +4,6 @@
 //! restart/refork it.
 
 use alloc::{boxed::Box, vec::Vec};
-#[cfg(all(unix, not(miri), feature = "std"))]
-use core::ptr::addr_of_mut;
 #[cfg(feature = "std")]
 use core::sync::atomic::{compiler_fence, Ordering};
 #[cfg(feature = "std")]
@@ -653,7 +651,7 @@ where
         // At this point we are the fuzzer *NOT* the restarter.
         // We setup signal handlers to clean up shmem segments used by state restorer
         #[cfg(all(unix, not(miri)))]
-        if let Err(_e) = unsafe { setup_signal_handler(addr_of_mut!(EVENTMGR_SIGHANDLER_STATE)) } {
+        if let Err(_e) = unsafe { setup_signal_handler(&raw mut EVENTMGR_SIGHANDLER_STATE) } {
             // We can live without a proper ctrl+c signal handler. Print and ignore.
             log::error!("Failed to setup signal handlers: {_e}");
         }

libafl/src/events/mod.rs

@@ -942,8 +942,6 @@ pub trait AdaptiveSerializer {
 #[cfg(test)]
 mod tests {
 
-    use core::ptr::{addr_of, addr_of_mut};
-
     use libafl_bolts::{current_time, tuples::tuple_list, Named};
     use tuple_list::tuple_list_type;
 
@@ -958,9 +956,10 @@ mod tests {
 
     #[test]
     fn test_event_serde() {
+        let map_ptr = &raw const MAP;
         let obv = unsafe {
-            let len = (*addr_of!(MAP)).len();
-            StdMapObserver::from_mut_ptr("test", addr_of_mut!(MAP) as *mut u32, len)
+            let len = (*map_ptr).len();
+            StdMapObserver::from_mut_ptr("test", &raw mut MAP as *mut u32, len)
         };
         let map = tuple_list!(obv);
         let observers_buf = postcard::to_allocvec(&map).unwrap();

libafl/src/events/simple.rs

@@ -1,8 +1,6 @@
 //! A very simple event manager, that just supports log outputs, but no multiprocessing
 
 use alloc::{boxed::Box, vec::Vec};
-#[cfg(all(unix, not(miri), feature = "std"))]
-use core::ptr::addr_of_mut;
 use core::{fmt::Debug, marker::PhantomData};
 #[cfg(feature = "std")]
 use core::{
@@ -543,7 +541,7 @@ where
         // At this point we are the fuzzer *NOT* the restarter.
         // We setup signal handlers to clean up shmem segments used by state restorer
         #[cfg(all(unix, not(miri)))]
-        if let Err(_e) = unsafe { setup_signal_handler(addr_of_mut!(EVENTMGR_SIGHANDLER_STATE)) } {
+        if let Err(_e) = unsafe { setup_signal_handler(&raw mut EVENTMGR_SIGHANDLER_STATE) } {
             // We can live without a proper ctrl+c signal handler. Print and ignore.
             log::error!("Failed to setup signal handlers: {_e}");
         }

libafl/src/events/tcp.rs

@@ -1,8 +1,6 @@
 //! TCP-backed event manager for scalable multi-processed fuzzing
 
 use alloc::{boxed::Box, vec::Vec};
-#[cfg(all(unix, feature = "std", not(miri)))]
-use core::ptr::addr_of_mut;
 use core::{
     marker::PhantomData,
     num::NonZeroUsize,
@@ -1326,7 +1324,7 @@ where
         // At this point we are the fuzzer *NOT* the restarter.
         // We setup signal handlers to clean up shmem segments used by state restorer
         #[cfg(all(unix, not(miri)))]
-        if let Err(_e) = unsafe { setup_signal_handler(addr_of_mut!(EVENTMGR_SIGHANDLER_STATE)) } {
+        if let Err(_e) = unsafe { setup_signal_handler(&raw mut EVENTMGR_SIGHANDLER_STATE) } {
             // We can live without a proper ctrl+c signal handler. Print and ignore.
             log::error!("Failed to setup signal handlers: {_e}");
         }