forkserver_example_nautilus: enable Python grammars; small fixes (#3368)

msanft · web-flow · commit 448da631425a · 2025-07-29T14:19:42.000+02:00
* forkserver_example_nautilus: make tree depth configurable

* forkserver_example_nautilus: enable Python grammars; fix example
diff --git a/Cargo.toml b/Cargo.toml
@@ -117,7 +117,7 @@ paste = "1.0.15"
 postcard = { version = "1.0.10", features = [
   "alloc",
 ], default-features = false } # no_std compatible serde serialization format
-pyo3 = "0.24.1"
+pyo3 = { version = "0.24.1", features = ["auto-initialize"] }
 pyo3-build-config = "0.25.0"
 rangemap = "1.5.1"
 regex = "1.10.6"
diff --git a/fuzzers/structure_aware/forkserver_simple_nautilus/Cargo.lock b/fuzzers/structure_aware/forkserver_simple_nautilus/Cargo.lock
diff --git a/fuzzers/structure_aware/forkserver_simple_nautilus/Cargo.toml b/fuzzers/structure_aware/forkserver_simple_nautilus/Cargo.toml
@@ -22,6 +22,7 @@ libafl = { path = "../../../crates/libafl", features = [
   "std",
   "derive",
   "nautilus",
+  "nautilus_py",
 ] }
 libafl_bolts = { path = "../../../crates/libafl_bolts" }
 log = { version = "0.4.22", features = ["release_max_level_info"] }
diff --git a/fuzzers/structure_aware/forkserver_simple_nautilus/README.md b/fuzzers/structure_aware/forkserver_simple_nautilus/README.md
@@ -9,5 +9,5 @@ This downloads AFLplusplus/AFLplusplus and compiles the example harness program
 After you build it you can run  
 `cp ./target/release/forkserver_simple .` to copy the fuzzer into this directory,  
 and you can run  
-`taskset -c 1 ./forkserver_simple ./target/release/program ./corpus/ -t 1000` to run the fuzzer.
+`taskset -c 1 ./target/release/forkserver_simple -g src/grammar.py -t 1000 -- ./target/release/program` to run the fuzzer.
 `taskset` binds this process to a specific core to improve the throughput.  
diff --git a/fuzzers/structure_aware/forkserver_simple_nautilus/corpus/testfile b/fuzzers/structure_aware/forkserver_simple_nautilus/corpus/testfile
diff --git a/fuzzers/structure_aware/forkserver_simple_nautilus/src/grammar.py b/fuzzers/structure_aware/forkserver_simple_nautilus/src/grammar.py
@@ -0,0 +1,3 @@
+ctx.rule("START", "{INPUT}")
+ctx.rule("INPUT", "bad")
+ctx.rule("INPUT", "vuln")
diff --git a/fuzzers/structure_aware/forkserver_simple_nautilus/src/main.rs b/fuzzers/structure_aware/forkserver_simple_nautilus/src/main.rs
@@ -42,7 +42,7 @@ use nix::sys::signal::Signal;
 )]
 struct Opt {
     #[arg(
-        help = "The instrumented binary we want to fuzz",
+        help = "Instrumented binary we want to fuzz",
         name = "EXEC",
         required = true
     )]
@@ -81,8 +81,16 @@ struct Opt {
     )]
     signal: Signal,
 
-    #[arg(help = "The nautilus grammar file", short)]
+    #[arg(help = "Nautilus grammar file (Python or JSON)", short)]
     grammar: PathBuf,
+
+    #[arg(
+        help = "Nautilus tree depth",
+        short = 'T',
+        long = "tree-depth",
+        default_value = "15"
+    )]
+    tree_depth: usize,
 }
 
 pub fn main() {
@@ -111,7 +119,7 @@ pub fn main() {
     // Create an observation channel to keep track of the execution time
     let time_observer = TimeObserver::new("time");
 
-    let context = NautilusContext::from_file(15, opt.grammar).unwrap();
+    let context = NautilusContext::from_file(opt.tree_depth, opt.grammar).unwrap();
 
     // Feedback to rate the interestingness of an input
     // This one is composed by two Feedbacks in OR

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+ctx.rule("START", "{INPUT}")`
	`2`	`+ctx.rule("INPUT", "bad")`
	`3`	`+ctx.rule("INPUT", "vuln")`