diff --git a/.github/workflows/build_and_test.yml b/.github/workflows/build_and_test.yml index a3bdb3c2ed1..f7ca071c780 100644 --- a/.github/workflows/build_and_test.yml +++ b/.github/workflows/build_and_test.yml @@ -456,7 +456,7 @@ jobs: # - full_system/qemu_linux_kernel # - full_system/qemu_linux_process runs-on: ubuntu-24.04 - container: registry.gitlab.com/qemu-project/qemu/qemu/ubuntu2204:latest + # container: registry.gitlab.com/qemu-project/qemu/qemu/ubuntu2204:latest steps: # Get the name of the fuzzer so that we can use it as the key for a cache # of the built artefacts. The key cannot have any special characters. @@ -511,7 +511,7 @@ jobs: # - full_system/qemu_linux_kernel # - full_system/qemu_linux_process runs-on: ubuntu-24.04 - container: registry.gitlab.com/qemu-project/qemu/qemu/ubuntu2204:latest + # container: registry.gitlab.com/qemu-project/qemu/qemu/ubuntu2204:latest steps: # Get the name of the fuzzer so that we can use it as the key for a cache # of the built artefacts. The key cannot have any special characters. @@ -563,7 +563,7 @@ jobs: fuzzer: - full_system/qemu_baremetal runs-on: ubuntu-24.04 - container: registry.gitlab.com/qemu-project/qemu/qemu/ubuntu2204:latest + # container: registry.gitlab.com/qemu-project/qemu/qemu/ubuntu2204:latest steps: # Get the name of the fuzzer so that we can use it as the key for a cache # of the built artefacts. The key cannot have any special characters. @@ -897,7 +897,7 @@ jobs: - name: Increase map sizes run: ./scripts/shmem_limits_macos.sh - name: Clippy - run: cargo clippy --tests --all --exclude libafl_nyx --exclude symcc_runtime --exclude runtime_test + run: cargo clippy --tests --all --exclude libafl_nyx --exclude symcc_runtime --exclude runtime_test --exclude libvharness_sys --exclude libafl_qemu_sys --exclude libafl_qemu --exclude libafl_qemu_build ubuntu-cross-android-arm64: runs-on: ubuntu-24.04 diff --git a/.github/workflows/qemu-fuzzer-tester-prepare/action.yml b/.github/workflows/qemu-fuzzer-tester-prepare/action.yml index 448dc2bb5f0..6fe0a856acd 100644 --- a/.github/workflows/qemu-fuzzer-tester-prepare/action.yml +++ b/.github/workflows/qemu-fuzzer-tester-prepare/action.yml @@ -6,16 +6,13 @@ runs: - name: Install QEMU deps shell: bash run: | - apt-get update - apt-get install -y qemu-utils sudo python3-msgpack python3-jinja2 curl python3-dev gcc-arm-none-eabi \ - gcc-arm-linux-gnueabi g++-arm-linux-gnueabi + sudo apt-get update + sudo apt-get install -y qemu-utils sudo python3-msgpack python3-jinja2 curl python3-dev gcc-arm-none-eabi \ + gcc-arm-linux-gnueabi g++-arm-linux-gnueabi cmake - name: Remove old rust shell: bash run: sudo apt purge -y 'rust*' 'cargo*' - uses: dtolnay/rust-toolchain@stable - env: - RUSTUP_HOME: /usr/local/rustup - CARGO_HOME: /usr/local/cargo - name: enable mult-thread for `make` shell: bash run: export MAKEFLAGS="-j$(expr $(nproc) \+ 1)" diff --git a/Cargo.lock b/Cargo.lock index 0bce111d07f..3f03da0377a 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -21,7 +21,7 @@ dependencies = [ "fallible-iterator", "gimli 0.32.0", "memmap2", - "object 0.37.2", + "object 0.37.3", "rustc-demangle", "smallvec", "typed-arena", @@ -197,9 +197,9 @@ dependencies = [ [[package]] name = "anyhow" -version = "1.0.98" +version = "1.0.99" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e16d2d3311acee920a9eb8d33b8cbc1787ce4a264e85f964c2404b969bdcd487" +checksum = "b0674a1ddeecb70197781e945de4b3b8ffb61fa939a5597bcf48503737663100" [[package]] name = "arbitrary" @@ -898,7 +898,7 @@ dependencies = [ "semver 1.0.26", "serde", "serde_json", - "thiserror 2.0.12", + "thiserror 2.0.14", ] [[package]] @@ -1061,9 +1061,9 @@ dependencies = [ [[package]] name = "clap" -version = "4.5.43" +version = "4.5.44" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "50fd97c9dc2399518aa331917ac6f274280ec5eb34e555dd291899745c48ec6f" +checksum = "1c1f056bae57e3e54c3375c41ff79619ddd13460a17d7438712bd0d83fda4ff8" dependencies = [ "clap_builder", "clap_derive", @@ -1071,9 +1071,9 @@ dependencies = [ [[package]] name = "clap_builder" -version = "4.5.43" +version = "4.5.44" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c35b5830294e1fa0462034af85cc95225a4cb07092c088c55bda3147cfcd8f65" +checksum = "b3e7f4214277f3c7aa526a59dd3fbe306a370daee1f8b7b8c987069cd8e888a8" dependencies = [ "anstream", "anstyle", @@ -1084,9 +1084,9 @@ dependencies = [ [[package]] name = "clap_complete" -version = "4.5.56" +version = "4.5.57" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "67e4efcbb5da11a92e8a609233aa1e8a7d91e38de0be865f016d14700d45a7fd" +checksum = "4d9501bd3f5f09f7bbee01da9a511073ed30a80cd7a509f1214bb74eadea71ad" dependencies = [ "clap", ] @@ -1134,7 +1134,7 @@ version = "0.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0fa961b519f0b462e3a3b4a34b64d119eeaca1d59af726fe450bbba07a9fc0a1" dependencies = [ - "thiserror 2.0.12", + "thiserror 2.0.14", ] [[package]] @@ -1543,9 +1543,9 @@ checksum = "b365fabc795046672053e29c954733ec3b05e4be654ab130fe8f1f94d7051f35" [[package]] name = "cxx" -version = "1.0.165" +version = "1.0.168" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2ec86e4f9370c2854b666e028abc6f13293d1c6d71fed36c30e36ae187820847" +checksum = "7aa144b12f11741f0dab5b4182896afad46faa0598b6a061f7b9d17a21837ba7" dependencies = [ "cc", "cxxbridge-cmd", @@ -1557,9 +1557,9 @@ dependencies = [ [[package]] name = "cxxbridge-cmd" -version = "1.0.165" +version = "1.0.168" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8be9d7d5eb916d5b0abf1c7b227cffef0e78360edd0f1ad51c74c842a10bddc8" +checksum = "3fa36b7b249d43f67a3f54bd65788e35e7afe64bbc671396387a48b3e8aaea94" dependencies = [ "clap", "codespan-reporting", @@ -1571,15 +1571,15 @@ dependencies = [ [[package]] name = "cxxbridge-flags" -version = "1.0.165" +version = "1.0.168" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "257b02e5351fee494f1984c8174a9ee40b0ca54c704b03f171e8a8778a4f9f7e" +checksum = "77707c70f6563edc5429618ca34a07241b75ebab35bd01d46697c75d58f8ddfe" [[package]] name = "cxxbridge-macro" -version = "1.0.165" +version = "1.0.168" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "99eccbd132b9c9b4433682e404ee3157fe5673d569e779ad3610c59bf7feacc2" +checksum = "ede6c0fb7e318f0a11799b86ee29dcf17b9be2960bd379a6c38e1a96a6010fff" dependencies = [ "indexmap", "proc-macro2", @@ -2436,9 +2436,9 @@ dependencies = [ [[package]] name = "glob" -version = "0.3.2" +version = "0.3.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a8d1add55171497b4705a648c6b583acafb01d58050a51727785f0b2c8e0a2b2" +checksum = "0cc23270f6e1808e30a928bdc84dea0b9b4136a8bc82338574f23baf47bbd280" [[package]] name = "gloo-timers" @@ -3177,7 +3177,7 @@ dependencies = [ "rustix 1.0.8", "spin 0.10.0", "syscalls", - "thiserror 2.0.12", + "thiserror 2.0.14", "widestring", ] @@ -3191,7 +3191,7 @@ dependencies = [ "libfuzzer-sys", "log", "mockall", - "thiserror 2.0.12", + "thiserror 2.0.14", ] [[package]] @@ -3227,7 +3227,7 @@ dependencies = [ "libafl_wide", "libc", "log", - "mach2", + "mach2 0.5.0", "miniz_oxide", "nix 0.30.1", "num_enum", @@ -3383,11 +3383,12 @@ dependencies = [ "libafl_qemu_sys", "libafl_targets", "libc", + "libvharness_sys", "log", "meminterval", "num-traits", "num_enum", - "object 0.37.2", + "object 0.37.3", "paste", "pyo3", "pyo3-build-config 0.25.1", @@ -3428,7 +3429,7 @@ dependencies = [ "libafl_qemu", "log", "readonly", - "thiserror 2.0.12", + "thiserror 2.0.14", "vergen", "vergen-git2", ] @@ -3515,9 +3516,9 @@ dependencies = [ [[package]] name = "libc" -version = "0.2.174" +version = "0.2.175" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1171693293099992e19cddea4e8b849964e9846f4acee11b3948bcc337be8776" +checksum = "6a82ae493e598baaea5209805c49bbf2ea7de956d50d7da0da1164f9c6d28543" [[package]] name = "libcasr" @@ -3529,7 +3530,7 @@ dependencies = [ "gdb-command", "kodama", "regex", - "thiserror 2.0.12", + "thiserror 2.0.14", ] [[package]] @@ -3687,6 +3688,14 @@ dependencies = [ "vcpkg", ] +[[package]] +name = "libvharness_sys" +version = "0.15.4" +dependencies = [ + "bindgen 0.72.0", + "cmake", +] + [[package]] name = "libz-sys" version = "1.1.22" @@ -3821,6 +3830,15 @@ dependencies = [ "libc", ] +[[package]] +name = "mach2" +version = "0.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6a1b95cd5421ec55b445b5ae102f5ea0e768de1f82bd3001e11f426c269c3aea" +dependencies = [ + "libc", +] + [[package]] name = "memchr" version = "2.7.5" @@ -3965,7 +3983,7 @@ dependencies = [ "bitflags 1.3.2", "combine", "libc", - "mach2", + "mach2 0.4.3", "nix 0.26.4", "sysctl", "thiserror 1.0.69", @@ -4205,9 +4223,9 @@ dependencies = [ [[package]] name = "object" -version = "0.37.2" +version = "0.37.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b3e3d0a7419f081f4a808147e845310313a39f322d7ae1f996b7f001d6cbed04" +checksum = "ff76201f031d8863c38aa7f905eca4f53abbfa15f609db4277d44cd8938f33fe" dependencies = [ "flate2", "memchr", @@ -4574,9 +4592,9 @@ checksum = "dc375e1527247fe1a97d8b7156678dfe7c1af2fc075c9a4db3690ecd2a148068" [[package]] name = "proc-macro2" -version = "1.0.95" +version = "1.0.97" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "02b3e5e68a3a1a02aad3ec490a98007cbc13c37cbe84a3cd7b8e406d76e7f778" +checksum = "d61789d7719defeb74ea5fe81f2fdfdbd28a803847077cecce2ff14e1472f6f1" dependencies = [ "unicode-ident", ] @@ -4591,7 +4609,7 @@ dependencies = [ "bindgen 0.70.1", "libc", "libproc", - "mach2", + "mach2 0.4.3", "winapi", ] @@ -4713,7 +4731,7 @@ dependencies = [ "rustc-hash 2.1.1", "rustls", "socket2 0.5.10", - "thiserror 2.0.12", + "thiserror 2.0.14", "tokio", "tracing", "web-time", @@ -4734,7 +4752,7 @@ dependencies = [ "rustls", "rustls-pki-types", "slab", - "thiserror 2.0.12", + "thiserror 2.0.14", "tinyvec", "tracing", "web-time", @@ -4959,7 +4977,7 @@ checksum = "a4e608c6638b9c18977b00b475ac1f28d14e84b27d8d42f70e0bf1e3dec127ac" dependencies = [ "getrandom 0.2.16", "libredox", - "thiserror 2.0.12", + "thiserror 2.0.14", ] [[package]] @@ -5188,9 +5206,9 @@ dependencies = [ [[package]] name = "rustversion" -version = "1.0.21" +version = "1.0.22" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8a0d197bd2c9dc6e53b84da9556a69ba4cdfab8619eb41a8bd1cc2027a0f6b1d" +checksum = "b39cdef0fa800fc44525c84ccb54a029961a8215f9619753635a9c0d2538d46d" [[package]] name = "ruzstd" @@ -5993,12 +6011,12 @@ dependencies = [ [[package]] name = "terminal_size" -version = "0.4.2" +version = "0.4.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "45c6481c4829e4cc63825e62c49186a34538b7b2750b73b266581ffb612fb5ed" +checksum = "60b8cb979cb11c32ce1603f8137b22262a9d131aaa5c37b5678025f22b8becd0" dependencies = [ "rustix 1.0.8", - "windows-sys 0.59.0", + "windows-sys 0.60.2", ] [[package]] @@ -6018,11 +6036,11 @@ dependencies = [ [[package]] name = "thiserror" -version = "2.0.12" +version = "2.0.14" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "567b8a2dae586314f7be2a752ec7474332959c6460e02bde30d702a66d488708" +checksum = "0b0949c3a6c842cbde3f1686d6eea5a010516deb7085f79db747562d4102f41e" dependencies = [ - "thiserror-impl 2.0.12", + "thiserror-impl 2.0.14", ] [[package]] @@ -6038,9 +6056,9 @@ dependencies = [ [[package]] name = "thiserror-impl" -version = "2.0.12" +version = "2.0.14" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7f7cf42b4507d8ea322120659672cf1b9dbb93f8f2d4ecfd6e51350ff5b17a1d" +checksum = "cc5b44b4ab9c2fdd0e0512e6bece8388e214c0749f5862b114cc5b7a25daf227" dependencies = [ "proc-macro2", "quote", @@ -6573,9 +6591,9 @@ checksum = "06abde3611657adf66d383f00b093d7faecc7fa57071cce2578660c9f1010821" [[package]] name = "uuid" -version = "1.17.0" +version = "1.18.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3cf4199d1e5d15ddd86a694e4d0dffa9c323ce759fea589f00fef9d81cc1931d" +checksum = "f33196643e165781c20a5ead5582283a7dacbb87855d867fbc2df3f81eddc1be" dependencies = [ "getrandom 0.3.3", "js-sys", diff --git a/Cargo.toml b/Cargo.toml index 1a661635964..4b86de73824 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -21,6 +21,7 @@ members = [ "crates/libafl_qemu/libafl_qemu_build", "crates/libafl_qemu/libafl_qemu_runner", "crates/libafl_qemu/libafl_qemu_sys", + "crates/libafl_qemu/libvharness_sys", "crates/libafl_sugar", "crates/libafl_concolic/test/dump_constraints", "crates/libafl_concolic/test/runtime_test", @@ -79,6 +80,7 @@ libafl_tinyinst = { path = "./crates/libafl_tinyinst", version = "0.15.4", defau libafl_qemu = { path = "./crates/libafl_qemu", version = "0.15.4", default-features = false } libafl_qemu_build = { path = "./crates/libafl_qemu/libafl_qemu_build", version = "0.15.4", default-features = false } libafl_qemu_sys = { path = "./crates/libafl_qemu/libafl_qemu_sys", version = "0.15.4", default-features = false } +libvharness_sys = { path = "./crates/libafl_qemu/libvharness_sys", version = "0.15.4", default-features = false } libafl_sugar = { path = "./crates/libafl_sugar", version = "0.15.4", default-features = false } dump_constraints = { path = "./crates/libafl_concolic/test/dump_constraints", version = "0.15.2", default-features = false } runtime_test = { path = "./crates/libafl_concolic/test/runtime_test", version = "0.15.2", default-features = false } diff --git a/crates/libafl/src/executors/forkserver.rs b/crates/libafl/src/executors/forkserver.rs index b0ecc35386e..38c3f35437b 100644 --- a/crates/libafl/src/executors/forkserver.rs +++ b/crates/libafl/src/executors/forkserver.rs @@ -390,6 +390,7 @@ const fn fs_opt_get_mapsize(x: i32) -> i32 { } #[expect(clippy::fn_params_excessive_bools)] +#[allow(unstable_name_collisions)] impl Forkserver { /// Create a new [`Forkserver`] that will kill child processes /// with the given `kill_signal`. diff --git a/crates/libafl_frida/src/helper.rs b/crates/libafl_frida/src/helper.rs index 042d78748c9..9961bd481e6 100644 --- a/crates/libafl_frida/src/helper.rs +++ b/crates/libafl_frida/src/helper.rs @@ -466,7 +466,7 @@ impl FridaInstrumentationHelperBuilder { SkipRange::ModuleRelative { name, range } => { if name.eq(&module.name()) { log::trace!("Skipping {name:?} {range:?}"); - let module_details = Module::load(gum, &name.to_string()); + let module_details = Module::load(gum, &name.clone()); let lib_start = module_details.range().base_address().0 as u64; ranges.borrow_mut().remove( (lib_start + range.start as u64) diff --git a/crates/libafl_qemu/Cargo.toml b/crates/libafl_qemu/Cargo.toml index 69bb25bbecd..5dd5cfefe45 100644 --- a/crates/libafl_qemu/Cargo.toml +++ b/crates/libafl_qemu/Cargo.toml @@ -92,12 +92,14 @@ slirp = [ intel_pt = ["systemmode", "x86_64", "dep:libafl_intelpt"] intel_pt_export_raw = ["intel_pt", "libafl_intelpt/export_raw"] +nyx = ["systemmode", "x86_64", "libvharness_sys/nyx"] + # Requires the binary's build.rs to call `build_libafl_qemu` shared = ["libafl_qemu_sys/shared"] #! ## Internal features, don't use in normal projects ## clippy workaround -clippy = ["libafl_qemu_sys/clippy"] +clippy = ["libafl_qemu_sys/clippy", "libvharness_sys/clippy"] [dependencies] libafl = { workspace = true, features = ["std", "derive", "regex"] } @@ -117,15 +119,15 @@ num-traits = { workspace = true, default-features = true } num_enum = { workspace = true, default-features = true } goblin = "0.10.0" libc = { workspace = true } -strum = "0.27.0" -strum_macros = "0.27.0" -syscall-numbers = "4.0.0" +strum = "0.27.2" +strum_macros = "0.27.2" +syscall-numbers = "4.0.2" meminterval = { workspace = true } -thread_local = "1.1.8" +thread_local = "1.1.9" capstone = "0.13.0" rangemap = { workspace = true } log = { workspace = true } -object = "0.37.0" +object = "0.37.3" addr2line = "0.25.0" paste = { workspace = true } enum-map = "2.7.3" @@ -134,7 +136,8 @@ toml = { workspace = true, optional = true } # For parsing the injections toml f pyo3 = { workspace = true, optional = true, features = ["multiple-pymethods"] } bytes-utils = "0.1.4" typed-builder = { workspace = true } -getset = "0.1.3" +getset = "0.1.6" +libvharness_sys = { workspace = true } # Document all features of this crate (for `cargo doc`) document-features = { workspace = true, optional = true } diff --git a/crates/libafl_qemu/build_linux.rs b/crates/libafl_qemu/build_linux.rs index b452211fa4d..304dc751646 100644 --- a/crates/libafl_qemu/build_linux.rs +++ b/crates/libafl_qemu/build_linux.rs @@ -4,8 +4,6 @@ use std::{ process::Command, }; -use libafl_qemu_build::maybe_generate_stub_bindings; - static LIBAFL_QEMU_RUNTIME_TEST: &str = r#" #include #include "libafl_qemu.h" @@ -20,20 +18,6 @@ pub fn build() { r#"cargo::rustc-check-cfg=cfg(cpu_target, values("arm", "aarch64", "hexagon", "i386", "mips", "ppc", "riscv32", "riscv64", "x86_64"))"# ); - let emulation_mode = if cfg!(feature = "usermode") { - "usermode" - } else if cfg!(feature = "systemmode") { - "systemmode" - } else { - unreachable!( - "The macros `assert_unique_feature` and `assert_at_least_one_feature` in \ - `libafl_qemu_sys/build_linux.rs` should panic before this code is reached." - ); - }; - - let src_dir = env::var("CARGO_MANIFEST_DIR").unwrap(); - let src_dir = PathBuf::from(src_dir); - let out_dir = env::var("OUT_DIR").unwrap(); let out_dir = PathBuf::from(&out_dir); @@ -41,51 +25,18 @@ pub fn build() { target_dir.pop(); target_dir.pop(); target_dir.pop(); - let include_dir = target_dir.join("include"); + // let include_dir = target_dir.join("include"); let qemu_asan_guest = cfg!(all(feature = "asan_guest", not(feature = "hexagon"))); let qemu_asan_host = cfg!(all(feature = "asan_host", not(feature = "hexagon"))); - let libafl_qemu_hdr_name = "libafl_qemu.h"; - let libafl_qemu_arch_hdr_name = "libafl_qemu_arch.h"; - let libafl_qemu_defs_hdr_name = "libafl_qemu_defs.h"; - let libafl_qemu_impl_hdr_name = "libafl_qemu_impl.h"; - - let nyx_hdr_name = "nyx_api.h"; - - let libafl_runtime_dir = src_dir.join("runtime"); - - let libafl_qemu_hdr = libafl_runtime_dir.join(libafl_qemu_hdr_name); - let libafl_qemu_arch_hdr = libafl_runtime_dir.join(libafl_qemu_arch_hdr_name); - let libafl_qemu_defs_hdr = libafl_runtime_dir.join(libafl_qemu_defs_hdr_name); - let libafl_qemu_impl_hdr = libafl_runtime_dir.join(libafl_qemu_impl_hdr_name); - - let nyx_hdr = libafl_runtime_dir.join(nyx_hdr_name); - let libafl_runtime_testfile = out_dir.join("runtime_test.c"); fs::write(&libafl_runtime_testfile, LIBAFL_QEMU_RUNTIME_TEST) .expect("Could not write runtime test file"); - let mut runtime_test_cc_compiler = cc::Build::new(); - - runtime_test_cc_compiler - .cpp(false) - .include(&libafl_runtime_dir) - .file(&libafl_runtime_testfile); - - runtime_test_cc_compiler - .try_compile("runtime_test") - .unwrap(); - - let runtime_bindings_file = out_dir.join("libafl_qemu_bindings.rs"); - let stub_runtime_bindings_file = src_dir.join("runtime/libafl_qemu_stub_bindings.rs"); - - let nyx_bindings_file = out_dir.join("nyx_bindings.rs"); - let stub_nyx_bindings_file = src_dir.join("runtime/nyx_stub_bindings.rs"); - println!("cargo:rerun-if-changed=build.rs"); println!("cargo:rerun-if-changed=build_linux.rs"); - println!("cargo:rerun-if-changed={}", libafl_runtime_dir.display()); + // println!("cargo:rerun-if-changed={}", libafl_runtime_dir.display()); let cpu_target = if cfg!(feature = "x86_64") { "x86_64".to_string() @@ -108,12 +59,17 @@ pub fn build() { } else { env::var("CPU_TARGET").unwrap_or_else(|_| "x86_64".to_string()) }; + println!("cargo:rerun-if-env-changed=CPU_TARGET"); println!("cargo:rustc-cfg=cpu_target=\"{cpu_target}\""); println!( "cargo::rustc-check-cfg=cfg(cpu_target, values(\"x86_64\", \"arm\", \"aarch64\", \"i386\", \"mips\", \"ppc\", \"hexagon\", \"riscv32\", \"riscv64\"))" ); + if env::var("DOCS_RS").is_ok() || cfg!(feature = "clippy") { + return; // only build when we're not generating docs + } + let cross_cc = if cfg!(feature = "usermode") && (qemu_asan_guest || qemu_asan_host) { // TODO try to autodetect a cross compiler with the arch name (e.g. aarch64-linux-gnu-gcc) let cross_cc = env::var("CROSS_CC").unwrap_or_else(|_| { @@ -128,90 +84,6 @@ pub fn build() { } else { String::new() }; - - if env::var("DOCS_RS").is_ok() || cfg!(feature = "clippy") { - fs::copy(&stub_runtime_bindings_file, &runtime_bindings_file) - .expect("Could not copy stub bindings file"); - fs::copy(&stub_nyx_bindings_file, &nyx_bindings_file) - .expect("Could not copy stub bindings file"); - return; // only build when we're not generating docs - } - - fs::create_dir_all(&include_dir).expect("Could not create include dir"); - - fs::copy( - libafl_qemu_hdr.clone(), - include_dir.join(libafl_qemu_hdr_name), - ) - .expect("Could not copy libafl_qemu.h to out directory."); - - fs::copy( - libafl_qemu_arch_hdr.clone(), - include_dir.join(libafl_qemu_arch_hdr_name), - ) - .expect("Could not copy libafl_qemu_arch.h to out directory."); - - fs::copy( - libafl_qemu_defs_hdr.clone(), - include_dir.join(libafl_qemu_defs_hdr_name), - ) - .expect("Could not copy libafl_qemu_defs.h to out directory."); - - fs::copy( - libafl_qemu_impl_hdr.clone(), - include_dir.join(libafl_qemu_impl_hdr_name), - ) - .expect("Could not copy libafl_qemu_impl.h to out directory."); - - fs::copy(nyx_hdr.clone(), include_dir.join(nyx_hdr_name)) - .expect("Could not copy libafl_qemu_impl.h to out directory."); - - bindgen::Builder::default() - .derive_debug(true) - .derive_default(true) - .impl_debug(true) - .generate_comments(true) - .default_enum_style(bindgen::EnumVariation::NewType { - is_global: true, - is_bitfield: true, - }) - // .rust_edition(bindgen::RustEdition::Edition2024) - .header(libafl_qemu_hdr.display().to_string()) - .generate() - .expect("Exit bindings generation failed.") - .write_to_file(&runtime_bindings_file) - .expect("Could not write bindings."); - - bindgen::Builder::default() - .derive_debug(true) - .derive_default(true) - .impl_debug(true) - .generate_comments(true) - .default_enum_style(bindgen::EnumVariation::NewType { - is_global: true, - is_bitfield: true, - }) - // .rust_edition(bindgen::RustEdition::Edition2024) - .header(nyx_hdr.display().to_string()) - .generate() - .expect("Exit bindings generation failed.") - .write_to_file(&nyx_bindings_file) - .expect("Could not write bindings."); - - maybe_generate_stub_bindings( - &cpu_target, - emulation_mode, - stub_runtime_bindings_file.as_path(), - runtime_bindings_file.as_path(), - ); - - maybe_generate_stub_bindings( - &cpu_target, - emulation_mode, - stub_nyx_bindings_file.as_path(), - nyx_bindings_file.as_path(), - ); - let asan_rust = cfg!(feature = "asan_rust"); if cfg!(feature = "usermode") && !asan_rust && (qemu_asan_guest || qemu_asan_host) { @@ -254,22 +126,40 @@ pub fn build() { let guest_args = [ "just", - "-d", asan_dir_str, - "-f", just_file_str, - "--set", "ARCH", &cpu_target, - "--set", "PROFILE", profile, - "--set", "TARGET_DIR", target_dir_str, - "build_guest"]; + "-d", + asan_dir_str, + "-f", + just_file_str, + "--set", + "ARCH", + &cpu_target, + "--set", + "PROFILE", + profile, + "--set", + "TARGET_DIR", + target_dir_str, + "build_guest", + ]; just::run(guest_args.iter()).expect("Failed to build rust guest address sanitizer library"); let host_args = [ "just", - "-d", asan_dir_str, - "-f", just_file_str, - "--set", "ARCH", &cpu_target, - "--set", "PROFILE", profile, - "--set", "TARGET_DIR", target_dir_str, - "build_host"]; + "-d", + asan_dir_str, + "-f", + just_file_str, + "--set", + "ARCH", + &cpu_target, + "--set", + "PROFILE", + profile, + "--set", + "TARGET_DIR", + target_dir_str, + "build_host", + ]; just::run(host_args.iter()).expect("Failed to build rust address sanitizer library"); } } diff --git a/crates/libafl_qemu/libafl_qemu_build/src/build.rs b/crates/libafl_qemu/libafl_qemu_build/src/build.rs index b7a94d3100b..c51581e933e 100644 --- a/crates/libafl_qemu/libafl_qemu_build/src/build.rs +++ b/crates/libafl_qemu/libafl_qemu_build/src/build.rs @@ -11,7 +11,7 @@ use crate::cargo_add_rpath; pub const LIBAFL_QEMU_GIT_URL: &str = "https://github.com/AFLplusplus/qemu-libafl-bridge"; pub const LIBAFL_QEMU_DIRNAME: &str = "qemu-libafl-bridge"; -pub const LIBAFL_QEMU_GIT_REV: &str = "0bea78a122b249cbffafdb130af04cc7331c9aee"; +pub const LIBAFL_QEMU_GIT_REV: &str = "f4f85db0e69df08b5dce208a8d4c58cfe68f1a80"; pub struct BuildResult { pub qemu_path: PathBuf, diff --git a/crates/libafl_qemu/libafl_qemu_sys/Cargo.toml b/crates/libafl_qemu/libafl_qemu_sys/Cargo.toml index 3d22eed5bcc..fbb80c6d81a 100644 --- a/crates/libafl_qemu/libafl_qemu_sys/Cargo.toml +++ b/crates/libafl_qemu/libafl_qemu_sys/Cargo.toml @@ -52,9 +52,8 @@ slirp = [ ] # build qemu with host libslirp (for user networking) shared = ["libafl_qemu_build/shared"] -clippy = [ - "libafl_qemu_build/clippy", -] # special feature for clippy, don't use in normal projects +# special feature for clippy, don't use in normal projects +clippy = ["libafl_qemu_build/clippy"] qemu_sanitizers = [ "libafl_qemu_build/qemu_sanitizers", diff --git a/crates/libafl_qemu/libafl_qemu_sys/src/bindings/x86_64_stub_bindings.rs b/crates/libafl_qemu/libafl_qemu_sys/src/bindings/x86_64_stub_bindings.rs index 6c4a5a778d4..7dfec665860 100644 --- a/crates/libafl_qemu/libafl_qemu_sys/src/bindings/x86_64_stub_bindings.rs +++ b/crates/libafl_qemu/libafl_qemu_sys/src/bindings/x86_64_stub_bindings.rs @@ -1,11 +1,11 @@ -/* 1.88.0-nightly */ -/* qemu git hash: 93663809156a33475ade972cdd5b1301b9310687 */ -/* automatically generated by rust-bindgen 0.71.1 */ +/* 1.91.0-nightly */ +/* qemu git hash: f4f85db0e69df08b5dce208a8d4c58cfe68f1a80 */ +/* automatically generated by rust-bindgen 0.72.0 */ use libc::siginfo_t; #[repr(C)] -#[derive(Debug, Copy, Clone, Default, Eq, Hash, Ord, PartialEq, PartialOrd)] +#[derive(Copy, Clone, Debug, Default, Eq, Hash, Ord, PartialEq, PartialOrd)] pub struct __BindgenBitfieldUnit { storage: Storage, } @@ -40,7 +40,9 @@ where pub unsafe fn raw_get_bit(this: *const Self, index: usize) -> bool { debug_assert!(index / 8 < core::mem::size_of::()); let byte_index = index / 8; - let byte = *(core::ptr::addr_of!((*this).storage) as *const u8).offset(byte_index as isize); + let byte = unsafe { + *(core::ptr::addr_of!((*this).storage) as *const u8).offset(byte_index as isize) + }; Self::extract_bit(byte, index) } #[inline] @@ -64,9 +66,10 @@ where pub unsafe fn raw_set_bit(this: *mut Self, index: usize, val: bool) { debug_assert!(index / 8 < core::mem::size_of::()); let byte_index = index / 8; - let byte = - (core::ptr::addr_of_mut!((*this).storage) as *mut u8).offset(byte_index as isize); - *byte = Self::change_bit(*byte, index, val); + let byte = unsafe { + (core::ptr::addr_of_mut!((*this).storage) as *mut u8).offset(byte_index as isize) + }; + unsafe { *byte = Self::change_bit(*byte, index, val) }; } #[inline] pub fn get(&self, bit_offset: usize, bit_width: u8) -> u64 { @@ -93,7 +96,7 @@ where debug_assert!((bit_offset + (bit_width as usize)) / 8 <= core::mem::size_of::()); let mut val = 0; for i in 0..(bit_width as usize) { - if Self::raw_get_bit(this, i + bit_offset) { + if unsafe { Self::raw_get_bit(this, i + bit_offset) } { let index = if cfg!(target_endian = "big") { bit_width as usize - 1 - i } else { @@ -133,7 +136,7 @@ where } else { i }; - Self::raw_set_bit(this, index + bit_offset, val_bit_is_set); + unsafe { Self::raw_set_bit(this, index + bit_offset, val_bit_is_set) }; } } } @@ -168,6 +171,7 @@ impl ::std::fmt::Debug for __IncompleteArrayField { } } pub type __uint32_t = ::std::os::raw::c_uint; +pub type __uint64_t = ::std::os::raw::c_ulong; pub type __uid_t = ::std::os::raw::c_uint; pub type __off_t = ::std::os::raw::c_long; pub type __off64_t = ::std::os::raw::c_long; @@ -473,7 +477,9 @@ pub struct _IO_FILE { pub _freeres_buf: *mut ::std::os::raw::c_void, pub _prevchain: *mut *mut _IO_FILE, pub _mode: ::std::os::raw::c_int, - pub _unused2: [::std::os::raw::c_char; 20usize], + pub _unused3: ::std::os::raw::c_int, + pub _total_written: __uint64_t, + pub _unused2: [::std::os::raw::c_char; 8usize], } #[allow(clippy::unnecessary_operation, clippy::identity_op)] const _: () = { @@ -527,7 +533,10 @@ const _: () = { ["Offset of field: _IO_FILE::_prevchain"] [::std::mem::offset_of!(_IO_FILE, _prevchain) - 184usize]; ["Offset of field: _IO_FILE::_mode"][::std::mem::offset_of!(_IO_FILE, _mode) - 192usize]; - ["Offset of field: _IO_FILE::_unused2"][::std::mem::offset_of!(_IO_FILE, _unused2) - 196usize]; + ["Offset of field: _IO_FILE::_unused3"][::std::mem::offset_of!(_IO_FILE, _unused3) - 196usize]; + ["Offset of field: _IO_FILE::_total_written"] + [::std::mem::offset_of!(_IO_FILE, _total_written) - 200usize]; + ["Offset of field: _IO_FILE::_unused2"][::std::mem::offset_of!(_IO_FILE, _unused2) - 208usize]; }; impl Default for _IO_FILE { fn default() -> Self { @@ -1121,6 +1130,14 @@ impl Default for QEnumLookup { } pub type target_long = i64; pub type target_ulong = u64; +unsafe extern "C" { + #[link_name = "qemu_target_page_size__extern"] + pub fn qemu_target_page_size() -> usize; +} +unsafe extern "C" { + #[link_name = "qemu_target_page_mask__extern"] + pub fn qemu_target_page_mask() -> ::std::os::raw::c_int; +} #[repr(C)] #[derive(Debug, Copy, Clone)] pub struct QTailQLink { @@ -3513,7 +3530,7 @@ pub struct AccelCPUClass { pub struct SysemuCPUOps { _unused: [u8; 0], } -#[doc = " CPUClass:\n @class_by_name: Callback to map -cpu command line model name to an\n instantiatable CPU type.\n @parse_features: Callback to parse command line arguments.\n @reset_dump_flags: #CPUDumpFlags to use for reset logging.\n @mmu_index: Callback for choosing softmmu mmu index;\n may be used internally by memory_rw_debug without TCG.\n @memory_rw_debug: Callback for GDB memory access.\n @dump_state: Callback for dumping state.\n @query_cpu_fast:\n Fill in target specific information for the \"query-cpus-fast\"\n QAPI call.\n @get_arch_id: Callback for getting architecture-dependent CPU ID.\n @set_pc: Callback for setting the Program Counter register. This\n should have the semantics used by the target architecture when\n setting the PC from a source such as an ELF file entry point;\n for example on Arm it will also set the Thumb mode bit based\n on the least significant bit of the new PC value.\n If the target behaviour here is anything other than \"set\n the PC register to the value passed in\" then the target must\n also implement the synchronize_from_tb hook.\n @get_pc: Callback for getting the Program Counter register.\n As above, with the semantics of the target architecture.\n @gdb_read_register: Callback for letting GDB read a register.\n No more than @gdb_num_core_regs registers can be read.\n @gdb_write_register: Callback for letting GDB write a register.\n No more than @gdb_num_core_regs registers can be written.\n @gdb_adjust_breakpoint: Callback for adjusting the address of a\n breakpoint. Used by AVR to handle a gdb mis-feature with\n its Harvard architecture split code and data.\n @gdb_num_core_regs: Number of core registers accessible to GDB or 0 to infer\n from @gdb_core_xml_file.\n @gdb_core_xml_file: File name for core registers GDB XML description.\n @gdb_stop_before_watchpoint: Indicates whether GDB expects the CPU to stop\n before the insn which triggers a watchpoint rather than after it.\n @gdb_arch_name: Optional callback that returns the architecture name known\n to GDB. The caller must free the returned string with g_free.\n @disas_set_info: Setup architecture specific components of disassembly info\n @adjust_watchpoint_address: Perform a target-specific adjustment to an\n address before attempting to match it against watchpoints.\n @deprecation_note: If this CPUClass is deprecated, this field provides\n related information.\n\n Represents a CPU family or model."] +#[doc = " CPUClass:\n @class_by_name: Callback to map -cpu command line model name to an\n instantiatable CPU type.\n @parse_features: Callback to parse command line arguments.\n @reset_dump_flags: #CPUDumpFlags to use for reset logging.\n @mmu_index: Callback for choosing softmmu mmu index;\n may be used internally by memory_rw_debug without TCG.\n @memory_rw_debug: Callback for GDB memory access.\n @dump_state: Callback for dumping state.\n @query_cpu_fast:\n Fill in target specific information for the \"query-cpus-fast\"\n QAPI call.\n @get_arch_id: Callback for getting architecture-dependent CPU ID.\n @set_pc: Callback for setting the Program Counter register. This\n should have the semantics used by the target architecture when\n setting the PC from a source such as an ELF file entry point;\n for example on Arm it will also set the Thumb mode bit based\n on the least significant bit of the new PC value.\n If the target behaviour here is anything other than \"set\n the PC register to the value passed in\" then the target must\n also implement the synchronize_from_tb hook.\n @get_pc: Callback for getting the Program Counter register.\n As above, with the semantics of the target architecture.\n @gdb_read_register: Callback for letting GDB read a register.\n No more than @gdb_num_core_regs registers can be read.\n @gdb_write_register: Callback for letting GDB write a register.\n No more than @gdb_num_core_regs registers can be written.\n @gdb_adjust_breakpoint: Callback for adjusting the address of a\n breakpoint. Used by AVR to handle a gdb mis-feature with\n its Harvard architecture split code and data.\n @gdb_num_core_regs: Number of core registers accessible to GDB or 0 to infer\n from @gdb_core_xml_file.\n @gdb_core_xml_file: File name for core registers GDB XML description.\n @gdb_stop_before_watchpoint: Indicates whether GDB expects the CPU to stop\n before the insn which triggers a watchpoint rather than after it.\n @gdb_arch_name: Optional callback that returns the architecture name known\n to GDB. The returned value is expected to be a simple constant string:\n the caller will not g_free() it.\n @disas_set_info: Setup architecture specific components of disassembly info\n @adjust_watchpoint_address: Perform a target-specific adjustment to an\n address before attempting to match it against watchpoints.\n @deprecation_note: If this CPUClass is deprecated, this field provides\n related information.\n\n Represents a CPU family or model."] #[repr(C)] #[derive(Debug, Copy, Clone)] pub struct CPUClass { @@ -6533,9 +6550,9 @@ unsafe extern "C" { #[repr(C)] #[derive(Debug, Copy, Clone)] pub struct libafl_mapinfo { - pub start: target_ulong, - pub end: target_ulong, - pub offset: target_ulong, + pub start: u64, + pub end: u64, + pub offset: u64, pub path: *const ::std::os::raw::c_char, pub flags: ::std::os::raw::c_int, pub is_priv: ::std::os::raw::c_int, diff --git a/crates/libafl_qemu/libafl_qemu_sys/src/usermode.rs b/crates/libafl_qemu/libafl_qemu_sys/src/usermode.rs index 05339a1cb8d..a45c027e9ae 100644 --- a/crates/libafl_qemu/libafl_qemu_sys/src/usermode.rs +++ b/crates/libafl_qemu/libafl_qemu_sys/src/usermode.rs @@ -14,7 +14,7 @@ use strum_macros::EnumIter; use crate::MmapPerms; #[cfg(target_os = "linux")] -use crate::{GuestAddr, libafl_mapinfo}; +use crate::libafl_mapinfo; #[derive(IntoPrimitive, TryFromPrimitive, Debug, Copy, Clone, EnumIter, PartialEq, Eq)] #[repr(i32)] @@ -28,9 +28,9 @@ pub enum VerifyAccess { #[cfg(target_os = "linux")] #[cfg_attr(feature = "python", pyclass(unsendable))] pub struct MapInfo { - start: GuestAddr, - end: GuestAddr, - offset: GuestAddr, + start: u64, + end: u64, + offset: u64, path: Option, flags: i32, is_priv: i32, @@ -80,17 +80,17 @@ impl Display for MapInfo { #[cfg_attr(feature = "python", pymethods)] impl MapInfo { #[must_use] - pub fn start(&self) -> GuestAddr { + pub fn start(&self) -> u64 { self.start } #[must_use] - pub fn end(&self) -> GuestAddr { + pub fn end(&self) -> u64 { self.end } #[must_use] - pub fn offset(&self) -> GuestAddr { + pub fn offset(&self) -> u64 { self.offset } diff --git a/crates/libafl_qemu/libvharness_sys/Cargo.toml b/crates/libafl_qemu/libvharness_sys/Cargo.toml new file mode 100644 index 00000000000..b548349484a --- /dev/null +++ b/crates/libafl_qemu/libvharness_sys/Cargo.toml @@ -0,0 +1,37 @@ +[package] +name = "libvharness_sys" +version.workspace = true +edition = "2024" +authors = ["Romain Malmain "] +description = "libvharness Rust bindings" +documentation = "https://docs.rs/libafl_qemu" +repository = "https://github.com/AFLplusplus/LibAFL/" +readme = "README.md" +license = "MIT" +keywords = ["fuzzing", "qemu", "instrumentation"] +categories = ["external-ffi-bindings", "embedded", "os", "no-std"] + +[features] +static = [] +shared = [] + +# Use Nyx API instead of the LibAFL QEMU API +nyx = [] + +# supported archs +x86_64 = [] +i386 = [] +arm = [] +aarch64 = [] +mips = [] +ppc = [] +hexagon = [] +riscv32 = [] +riscv64 = [] + +# special feature for clippy, don't use in normal projects +clippy = [] + +[build-dependencies] +cmake = "0.1.54" +bindgen = "0.72.0" diff --git a/crates/libafl_qemu/libvharness_sys/LICENSE b/crates/libafl_qemu/libvharness_sys/LICENSE new file mode 100644 index 00000000000..2942df207f8 --- /dev/null +++ b/crates/libafl_qemu/libvharness_sys/LICENSE @@ -0,0 +1,7 @@ +Copyright + +Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the “Software”), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/crates/libafl_qemu/libvharness_sys/README.md b/crates/libafl_qemu/libvharness_sys/README.md new file mode 100644 index 00000000000..fb3694a70a1 --- /dev/null +++ b/crates/libafl_qemu/libvharness_sys/README.md @@ -0,0 +1,3 @@ +# libvharness_sys + +A sys crate for [libvharness](https://github.com/rmalmain/libvharness). \ No newline at end of file diff --git a/crates/libafl_qemu/libvharness_sys/build.rs b/crates/libafl_qemu/libvharness_sys/build.rs new file mode 100644 index 00000000000..d3797f2b3a8 --- /dev/null +++ b/crates/libafl_qemu/libvharness_sys/build.rs @@ -0,0 +1,161 @@ +use std::{env, fs, path::PathBuf, process::Command}; + +const LIBVHARNESS_URL: &str = "https://github.com/rmalmain/libvharness.git"; +const LIBVHARNESS_DIRNAME: &str = "libvharness"; +const LIBVHARNESS_COMMIT: &str = "bd7044653d612abad3151885128a85dc6aa173b0"; + +fn main() { + let src_dir = env::var("CARGO_MANIFEST_DIR").unwrap(); + let src_dir = PathBuf::from(src_dir).join("src"); + + let out_dir = env::var_os("OUT_DIR").unwrap(); + let out_dir = out_dir.to_string_lossy().to_string(); + let out_dir = PathBuf::from(&out_dir); + + let mut target_dir = out_dir.clone(); + target_dir.pop(); + target_dir.pop(); + target_dir.pop(); + + let vharness_dir = target_dir.join(LIBVHARNESS_DIRNAME); + let toolchains_dir = vharness_dir.join("toolchains"); + let vharness_stub = src_dir.join("stub.rs"); + + let gen_binding = out_dir.join("bindings.rs"); + + let api = if cfg!(feature = "nyx") { + "nyx".to_string() + } else { + "lqemu".to_string() + }; + + let cpu_target = if cfg!(feature = "x86_64") { + "x86_64".to_string() + } else if cfg!(feature = "arm") { + "arm".to_string() + } else if cfg!(feature = "aarch64") { + "aarch64".to_string() + } else if cfg!(feature = "i386") { + "i386".to_string() + } else if cfg!(feature = "mips") { + "mips".to_string() + } else if cfg!(feature = "ppc") { + "ppc".to_string() + } else if cfg!(feature = "riscv32") { + "riscv32".to_string() + } else if cfg!(feature = "riscv64") { + "riscv64".to_string() + } else if cfg!(feature = "hexagon") { + "hexagon".to_string() + } else { + env::var("CPU_TARGET").unwrap_or_else(|_| "x86_64".to_string()) + }; + + let toolchain_file = toolchains_dir.join(format!("{cpu_target}-generic.cmake")); + + let vharness_rev = vharness_dir.join("QEMU_REVISION"); + if !vharness_rev.exists() + || fs::read_to_string(&vharness_rev).expect("Failed to read QEMU_REVISION") + != LIBVHARNESS_COMMIT + { + drop(fs::remove_dir_all(&vharness_dir)); + } + + if !vharness_dir.exists() { + fs::create_dir_all(&vharness_dir).unwrap(); + assert!( + Command::new("git") + .current_dir(&vharness_dir) + .arg("init") + .status() + .unwrap() + .success() + ); + assert!( + Command::new("git") + .current_dir(&vharness_dir) + .arg("remote") + .arg("add") + .arg("origin") + .arg(LIBVHARNESS_URL) + .status() + .unwrap() + .success() + ); + assert!( + Command::new("git") + .current_dir(&vharness_dir) + .arg("fetch") + .arg("--depth") + .arg("1") + .arg("origin") + .arg(LIBVHARNESS_COMMIT) + .status() + .unwrap() + .success() + ); + assert!( + Command::new("git") + .current_dir(&vharness_dir) + .arg("checkout") + .arg("FETCH_HEAD") + .status() + .unwrap() + .success() + ); + + fs::write(&vharness_rev, LIBVHARNESS_COMMIT).unwrap(); + } + + let vharness_out_dir = cmake::Config::new(&vharness_dir) + .define("CMAKE_TOOLCHAIN_FILE", &toolchain_file) + .define("VHARNESS_API", &api) + .define("VHARNESS_TESTS", "OFF") + .build(); + + let vharness_include_dir = vharness_out_dir.join("include"); + + if cfg!(feature = "static") && cfg!(feature = "shared") { + panic!("Both static and dynamic features are set."); + } + + let link_kind = if cfg!(feature = "shared") { + "dylib" + } else { + // fall back to static linking. + "static" + }; + + println!("cargo:rerun-if-env-changed=LIBVHARNESS_GEN_STUBS"); + println!( + "cargo:rustc-link-search={}/build", + vharness_out_dir.display() + ); + println!("cargo:rustc-link-lib={link_kind}=vharness"); + + if env::var("DOCS_RS").is_ok() || cfg!(feature = "clippy") { + fs::copy(vharness_stub, gen_binding).unwrap(); + } else { + bindgen::Builder::default() + .header(format!("{}/api.h", vharness_include_dir.display())) + .parse_callbacks(Box::new(bindgen::CargoCallbacks::new())) + .clang_arg(format!("-I{}", vharness_include_dir.display())) + .derive_debug(true) + .derive_default(true) + .impl_debug(true) + .generate_comments(true) + .default_enum_style(bindgen::EnumVariation::NewType { + is_global: true, + is_bitfield: true, + }) + // .rust_edition(bindgen::RustEdition::Edition2024) + .generate() + .expect("Exit bindings generation failed.") + .write_to_file(&gen_binding) + .expect("Could not write libvharness bindings."); + + if env::var("LIBVHARNESS_GEN_STUBS").is_ok() && cpu_target == "x86_64" && api == "lqemu" { + fs::copy(gen_binding, vharness_stub).unwrap(); + } + } +} diff --git a/crates/libafl_qemu/libvharness_sys/src/lib.rs b/crates/libafl_qemu/libvharness_sys/src/lib.rs new file mode 100644 index 00000000000..87a834e522d --- /dev/null +++ b/crates/libafl_qemu/libvharness_sys/src/lib.rs @@ -0,0 +1,10 @@ +#![expect(non_upper_case_globals)] +#![expect(non_camel_case_types)] +#![expect(non_snake_case)] +#![expect(unused)] +#![expect(clippy::all)] +#![expect(clippy::pedantic)] +#![allow(unsafe_op_in_unsafe_fn)] +#![allow(warnings)] + +include!(concat!(env!("OUT_DIR"), "/bindings.rs")); diff --git a/crates/libafl_qemu/runtime/libafl_qemu_stub_bindings.rs b/crates/libafl_qemu/libvharness_sys/src/stub.rs similarity index 89% rename from crates/libafl_qemu/runtime/libafl_qemu_stub_bindings.rs rename to crates/libafl_qemu/libvharness_sys/src/stub.rs index 853d296b123..912da449e9e 100644 --- a/crates/libafl_qemu/runtime/libafl_qemu_stub_bindings.rs +++ b/crates/libafl_qemu/libvharness_sys/src/stub.rs @@ -1,9 +1,7 @@ -/* 1.88.0-nightly */ -/* qemu git hash: 93663809156a33475ade972cdd5b1301b9310687 */ -/* automatically generated by rust-bindgen 0.71.1 */ +/* automatically generated by rust-bindgen 0.72.0 */ #[repr(C)] -#[derive(Debug, Copy, Clone, Default, Eq, Hash, Ord, PartialEq, PartialOrd)] +#[derive(Copy, Clone, Debug, Default, Eq, Hash, Ord, PartialEq, PartialOrd)] pub struct __BindgenBitfieldUnit { storage: Storage, } @@ -38,7 +36,9 @@ where pub unsafe fn raw_get_bit(this: *const Self, index: usize) -> bool { debug_assert!(index / 8 < core::mem::size_of::()); let byte_index = index / 8; - let byte = *(core::ptr::addr_of!((*this).storage) as *const u8).offset(byte_index as isize); + let byte = unsafe { + *(core::ptr::addr_of!((*this).storage) as *const u8).offset(byte_index as isize) + }; Self::extract_bit(byte, index) } #[inline] @@ -62,9 +62,10 @@ where pub unsafe fn raw_set_bit(this: *mut Self, index: usize, val: bool) { debug_assert!(index / 8 < core::mem::size_of::()); let byte_index = index / 8; - let byte = - (core::ptr::addr_of_mut!((*this).storage) as *mut u8).offset(byte_index as isize); - *byte = Self::change_bit(*byte, index, val); + let byte = unsafe { + (core::ptr::addr_of_mut!((*this).storage) as *mut u8).offset(byte_index as isize) + }; + unsafe { *byte = Self::change_bit(*byte, index, val) }; } #[inline] pub fn get(&self, bit_offset: usize, bit_width: u8) -> u64 { @@ -91,7 +92,7 @@ where debug_assert!((bit_offset + (bit_width as usize)) / 8 <= core::mem::size_of::()); let mut val = 0; for i in 0..(bit_width as usize) { - if Self::raw_get_bit(this, i + bit_offset) { + if unsafe { Self::raw_get_bit(this, i + bit_offset) } { let index = if cfg!(target_endian = "big") { bit_width as usize - 1 - i } else { @@ -131,7 +132,7 @@ where } else { i }; - Self::raw_set_bit(this, index + bit_offset, val_bit_is_set); + unsafe { Self::raw_set_bit(this, index + bit_offset, val_bit_is_set) }; } } } @@ -141,11 +142,11 @@ pub struct __BindgenComplex { pub re: T, pub im: T, } -pub const LIBAFL_SYNC_EXIT_OPCODE: u32 = 1727150607; -pub const LIBAFL_BACKDOOR_OPCODE: u32 = 1156725263; -pub const LIBAFL_QEMU_TEST_VALUE: u32 = 3405691582; -pub const LIBAFL_QEMU_HDR_VERSION_NUMBER: u32 = 73; -pub const _STDIO_H: u32 = 1; +pub const LQEMU_WORD_SIZE: u32 = 64; +pub const __bool_true_false_are_defined: u32 = 1; +pub const true_: u32 = 1; +pub const false_: u32 = 0; +pub const _STDINT_H: u32 = 1; pub const _FEATURES_H: u32 = 1; pub const _DEFAULT_SOURCE: u32 = 1; pub const __GLIBC_USE_ISOC2Y: u32 = 0; @@ -182,7 +183,7 @@ pub const __STDC_IEC_60559_COMPLEX__: u32 = 201404; pub const __STDC_ISO_10646__: u32 = 201706; pub const __GNU_LIBRARY__: u32 = 6; pub const __GLIBC__: u32 = 2; -pub const __GLIBC_MINOR__: u32 = 41; +pub const __GLIBC_MINOR__: u32 = 42; pub const _SYS_CDEFS_H: u32 = 1; pub const __glibc_c99_flexarr_available: u32 = 1; pub const __LDOUBLE_REDIRECTS_TO_FLOAT128_ABI: u32 = 0; @@ -203,48 +204,6 @@ pub const __STATFS_MATCHES_STATFS64: u32 = 1; pub const __KERNEL_OLD_TIMEVAL_MATCHES_TIMEVAL64: u32 = 1; pub const __FD_SETSIZE: u32 = 1024; pub const _BITS_TIME64_H: u32 = 1; -pub const _____fpos_t_defined: u32 = 1; -pub const ____mbstate_t_defined: u32 = 1; -pub const _____fpos64_t_defined: u32 = 1; -pub const ____FILE_defined: u32 = 1; -pub const __FILE_defined: u32 = 1; -pub const __struct_FILE_defined: u32 = 1; -pub const _IO_EOF_SEEN: u32 = 16; -pub const _IO_ERR_SEEN: u32 = 32; -pub const _IO_USER_LOCK: u32 = 32768; -pub const __cookie_io_functions_t_defined: u32 = 1; -pub const _IOFBF: u32 = 0; -pub const _IOLBF: u32 = 1; -pub const _IONBF: u32 = 2; -pub const BUFSIZ: u32 = 8192; -pub const EOF: i32 = -1; -pub const SEEK_SET: u32 = 0; -pub const SEEK_CUR: u32 = 1; -pub const SEEK_END: u32 = 2; -pub const P_tmpdir: &[u8; 5] = b"/tmp\0"; -pub const L_tmpnam: u32 = 20; -pub const TMP_MAX: u32 = 238328; -pub const _BITS_STDIO_LIM_H: u32 = 1; -pub const FILENAME_MAX: u32 = 4096; -pub const L_ctermid: u32 = 9; -pub const FOPEN_MAX: u32 = 16; -pub const __HAVE_FLOAT128: u32 = 1; -pub const __HAVE_DISTINCT_FLOAT128: u32 = 1; -pub const __HAVE_FLOAT64X: u32 = 1; -pub const __HAVE_FLOAT64X_LONG_DOUBLE: u32 = 1; -pub const __HAVE_FLOAT16: u32 = 0; -pub const __HAVE_FLOAT32: u32 = 1; -pub const __HAVE_FLOAT64: u32 = 1; -pub const __HAVE_FLOAT32X: u32 = 1; -pub const __HAVE_FLOAT128X: u32 = 0; -pub const __HAVE_DISTINCT_FLOAT16: u32 = 0; -pub const __HAVE_DISTINCT_FLOAT32: u32 = 0; -pub const __HAVE_DISTINCT_FLOAT64: u32 = 0; -pub const __HAVE_DISTINCT_FLOAT32X: u32 = 0; -pub const __HAVE_DISTINCT_FLOAT64X: u32 = 0; -pub const __HAVE_DISTINCT_FLOAT128X: u32 = 0; -pub const __HAVE_FLOATN_NOT_TYPEDEF: u32 = 0; -pub const _STDINT_H: u32 = 1; pub const _BITS_WCHAR_H: u32 = 1; pub const _BITS_STDINT_INTN_H: u32 = 1; pub const _BITS_STDINT_UINTN_H: u32 = 1; @@ -286,56 +245,55 @@ pub const SIG_ATOMIC_MAX: u32 = 2147483647; pub const SIZE_MAX: i32 = -1; pub const WINT_MIN: u32 = 0; pub const WINT_MAX: u32 = 4294967295; -pub const LIBAFL_QEMU_PRINTF_MAX_SIZE: u32 = 4096; -pub const LibaflQemuCommand_LIBAFL_QEMU_COMMAND_START_VIRT: LibaflQemuCommand = - LibaflQemuCommand(0); -pub const LibaflQemuCommand_LIBAFL_QEMU_COMMAND_START_PHYS: LibaflQemuCommand = - LibaflQemuCommand(1); -pub const LibaflQemuCommand_LIBAFL_QEMU_COMMAND_INPUT_VIRT: LibaflQemuCommand = - LibaflQemuCommand(2); -pub const LibaflQemuCommand_LIBAFL_QEMU_COMMAND_INPUT_PHYS: LibaflQemuCommand = - LibaflQemuCommand(3); -pub const LibaflQemuCommand_LIBAFL_QEMU_COMMAND_END: LibaflQemuCommand = LibaflQemuCommand(4); -pub const LibaflQemuCommand_LIBAFL_QEMU_COMMAND_SAVE: LibaflQemuCommand = LibaflQemuCommand(5); -pub const LibaflQemuCommand_LIBAFL_QEMU_COMMAND_LOAD: LibaflQemuCommand = LibaflQemuCommand(6); -pub const LibaflQemuCommand_LIBAFL_QEMU_COMMAND_VERSION: LibaflQemuCommand = LibaflQemuCommand(7); -pub const LibaflQemuCommand_LIBAFL_QEMU_COMMAND_VADDR_FILTER_ALLOW: LibaflQemuCommand = - LibaflQemuCommand(8); -pub const LibaflQemuCommand_LIBAFL_QEMU_COMMAND_INTERNAL_ERROR: LibaflQemuCommand = - LibaflQemuCommand(9); -pub const LibaflQemuCommand_LIBAFL_QEMU_COMMAND_LQPRINTF: LibaflQemuCommand = LibaflQemuCommand(10); -pub const LibaflQemuCommand_LIBAFL_QEMU_COMMAND_TEST: LibaflQemuCommand = LibaflQemuCommand(11); -impl ::std::ops::BitOr for LibaflQemuCommand { - type Output = Self; - #[inline] - fn bitor(self, other: Self) -> Self { - LibaflQemuCommand(self.0 | other.0) - } -} -impl ::std::ops::BitOrAssign for LibaflQemuCommand { - #[inline] - fn bitor_assign(&mut self, rhs: LibaflQemuCommand) { - self.0 |= rhs.0; - } -} -impl ::std::ops::BitAnd for LibaflQemuCommand { - type Output = Self; - #[inline] - fn bitand(self, other: Self) -> Self { - LibaflQemuCommand(self.0 & other.0) - } -} -impl ::std::ops::BitAndAssign for LibaflQemuCommand { - #[inline] - fn bitand_assign(&mut self, rhs: LibaflQemuCommand) { - self.0 &= rhs.0; - } -} -#[repr(transparent)] -#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] -pub struct LibaflQemuCommand(pub ::std::os::raw::c_uint); -pub use self::LibaflQemuCommand as LibaflExit; +pub const _STDIO_H: u32 = 1; +pub const _____fpos_t_defined: u32 = 1; +pub const ____mbstate_t_defined: u32 = 1; +pub const _____fpos64_t_defined: u32 = 1; +pub const ____FILE_defined: u32 = 1; +pub const __FILE_defined: u32 = 1; +pub const __struct_FILE_defined: u32 = 1; +pub const _IO_EOF_SEEN: u32 = 16; +pub const _IO_ERR_SEEN: u32 = 32; +pub const _IO_USER_LOCK: u32 = 32768; +pub const __cookie_io_functions_t_defined: u32 = 1; +pub const _IOFBF: u32 = 0; +pub const _IOLBF: u32 = 1; +pub const _IONBF: u32 = 2; +pub const BUFSIZ: u32 = 8192; +pub const EOF: i32 = -1; +pub const SEEK_SET: u32 = 0; +pub const SEEK_CUR: u32 = 1; +pub const SEEK_END: u32 = 2; +pub const P_tmpdir: &[u8; 5] = b"/tmp\0"; +pub const L_tmpnam: u32 = 20; +pub const TMP_MAX: u32 = 238328; +pub const _BITS_STDIO_LIM_H: u32 = 1; +pub const FILENAME_MAX: u32 = 4096; +pub const L_ctermid: u32 = 9; +pub const FOPEN_MAX: u32 = 16; +pub const __HAVE_FLOAT128: u32 = 1; +pub const __HAVE_DISTINCT_FLOAT128: u32 = 1; +pub const __HAVE_FLOAT64X: u32 = 1; +pub const __HAVE_FLOAT64X_LONG_DOUBLE: u32 = 1; +pub const __HAVE_FLOAT16: u32 = 0; +pub const __HAVE_FLOAT32: u32 = 1; +pub const __HAVE_FLOAT64: u32 = 1; +pub const __HAVE_FLOAT32X: u32 = 1; +pub const __HAVE_FLOAT128X: u32 = 0; +pub const __HAVE_DISTINCT_FLOAT16: u32 = 0; +pub const __HAVE_DISTINCT_FLOAT32: u32 = 0; +pub const __HAVE_DISTINCT_FLOAT64: u32 = 0; +pub const __HAVE_DISTINCT_FLOAT32X: u32 = 0; +pub const __HAVE_DISTINCT_FLOAT64X: u32 = 0; +pub const __HAVE_DISTINCT_FLOAT128X: u32 = 0; +pub const __HAVE_FLOATN_NOT_TYPEDEF: u32 = 0; +pub const LIBAFL_CUSTOM_INSN_OPCODE: u32 = 1727150607; +pub const LIBAFL_BACKDOOR_OPCODE: u32 = 1156725263; +pub const LIBAFL_QEMU_TEST_VALUE: u32 = 3405691582; +pub const LQEMU_VERSION_MAJOR: u32 = 0; +pub const LQEMU_VERSION_MINOR: u32 = 1; pub type __gnuc_va_list = __builtin_va_list; +pub type va_list = __builtin_va_list; pub type __u_char = ::std::os::raw::c_uchar; pub type __u_short = ::std::os::raw::c_ushort; pub type __u_int = ::std::os::raw::c_uint; @@ -409,6 +367,24 @@ pub type __caddr_t = *mut ::std::os::raw::c_char; pub type __intptr_t = ::std::os::raw::c_long; pub type __socklen_t = ::std::os::raw::c_uint; pub type __sig_atomic_t = ::std::os::raw::c_int; +pub type int_least8_t = __int_least8_t; +pub type int_least16_t = __int_least16_t; +pub type int_least32_t = __int_least32_t; +pub type int_least64_t = __int_least64_t; +pub type uint_least8_t = __uint_least8_t; +pub type uint_least16_t = __uint_least16_t; +pub type uint_least32_t = __uint_least32_t; +pub type uint_least64_t = __uint_least64_t; +pub type int_fast8_t = ::std::os::raw::c_schar; +pub type int_fast16_t = ::std::os::raw::c_long; +pub type int_fast32_t = ::std::os::raw::c_long; +pub type int_fast64_t = ::std::os::raw::c_long; +pub type uint_fast8_t = ::std::os::raw::c_uchar; +pub type uint_fast16_t = ::std::os::raw::c_ulong; +pub type uint_fast32_t = ::std::os::raw::c_ulong; +pub type uint_fast64_t = ::std::os::raw::c_ulong; +pub type intmax_t = __intmax_t; +pub type uintmax_t = __uintmax_t; #[repr(C)] #[derive(Copy, Clone)] pub struct __mbstate_t { @@ -589,7 +565,9 @@ pub struct _IO_FILE { pub _freeres_buf: *mut ::std::os::raw::c_void, pub _prevchain: *mut *mut _IO_FILE, pub _mode: ::std::os::raw::c_int, - pub _unused2: [::std::os::raw::c_char; 20usize], + pub _unused3: ::std::os::raw::c_int, + pub _total_written: __uint64_t, + pub _unused2: [::std::os::raw::c_char; 8usize], } #[allow(clippy::unnecessary_operation, clippy::identity_op)] const _: () = { @@ -643,7 +621,10 @@ const _: () = { ["Offset of field: _IO_FILE::_prevchain"] [::std::mem::offset_of!(_IO_FILE, _prevchain) - 184usize]; ["Offset of field: _IO_FILE::_mode"][::std::mem::offset_of!(_IO_FILE, _mode) - 192usize]; - ["Offset of field: _IO_FILE::_unused2"][::std::mem::offset_of!(_IO_FILE, _unused2) - 196usize]; + ["Offset of field: _IO_FILE::_unused3"][::std::mem::offset_of!(_IO_FILE, _unused3) - 196usize]; + ["Offset of field: _IO_FILE::_total_written"] + [::std::mem::offset_of!(_IO_FILE, _total_written) - 200usize]; + ["Offset of field: _IO_FILE::_unused2"][::std::mem::offset_of!(_IO_FILE, _unused2) - 208usize]; }; impl Default for _IO_FILE { fn default() -> Self { @@ -746,7 +727,6 @@ const _: () = { [::std::mem::offset_of!(_IO_cookie_io_functions_t, close) - 24usize]; }; pub type cookie_io_functions_t = _IO_cookie_io_functions_t; -pub type va_list = __gnuc_va_list; pub type off_t = __off_t; pub type fpos_t = __fpos_t; unsafe extern "C" { @@ -958,7 +938,7 @@ unsafe extern "C" { ... ) -> ::std::os::raw::c_int; } -pub type __cfloat128 = __BindgenComplex; +pub type __cfloat128 = __BindgenComplex; pub type _Float128 = u128; pub type _Float32 = f32; pub type _Float64 = f64; @@ -1224,50 +1204,98 @@ unsafe extern "C" { unsafe extern "C" { pub fn __overflow(arg1: *mut FILE, arg2: ::std::os::raw::c_int) -> ::std::os::raw::c_int; } -pub type int_least8_t = __int_least8_t; -pub type int_least16_t = __int_least16_t; -pub type int_least32_t = __int_least32_t; -pub type int_least64_t = __int_least64_t; -pub type uint_least8_t = __uint_least8_t; -pub type uint_least16_t = __uint_least16_t; -pub type uint_least32_t = __uint_least32_t; -pub type uint_least64_t = __uint_least64_t; -pub type int_fast8_t = ::std::os::raw::c_schar; -pub type int_fast16_t = ::std::os::raw::c_long; -pub type int_fast32_t = ::std::os::raw::c_long; -pub type int_fast64_t = ::std::os::raw::c_long; -pub type uint_fast8_t = ::std::os::raw::c_uchar; -pub type uint_fast16_t = ::std::os::raw::c_ulong; -pub type uint_fast32_t = ::std::os::raw::c_ulong; -pub type uint_fast64_t = ::std::os::raw::c_ulong; -pub type intmax_t = __intmax_t; -pub type uintmax_t = __uintmax_t; -pub type libafl_word = u64; -unsafe extern "C" { - pub fn _libafl_sync_exit_call0(action: libafl_word) -> libafl_word; +pub type lqword = u64; +pub const lqemu_map_kind_LQEMU_MAP_COV: lqemu_map_kind = lqemu_map_kind(0); +pub const lqemu_map_kind_LQEMU_MAP_CMP: lqemu_map_kind = lqemu_map_kind(1); +impl ::std::ops::BitOr for lqemu_map_kind { + type Output = Self; + #[inline] + fn bitor(self, other: Self) -> Self { + lqemu_map_kind(self.0 | other.0) + } } -unsafe extern "C" { - pub fn _libafl_sync_exit_call1(action: libafl_word, arg1: libafl_word) -> libafl_word; +impl ::std::ops::BitOrAssign for lqemu_map_kind { + #[inline] + fn bitor_assign(&mut self, rhs: lqemu_map_kind) { + self.0 |= rhs.0; + } } -unsafe extern "C" { - pub fn _libafl_sync_exit_call2( - action: libafl_word, - arg1: libafl_word, - arg2: libafl_word, - ) -> libafl_word; +impl ::std::ops::BitAnd for lqemu_map_kind { + type Output = Self; + #[inline] + fn bitand(self, other: Self) -> Self { + lqemu_map_kind(self.0 & other.0) + } } -unsafe extern "C" { - pub fn _libafl_backdoor_call0(action: libafl_word) -> libafl_word; +impl ::std::ops::BitAndAssign for lqemu_map_kind { + #[inline] + fn bitand_assign(&mut self, rhs: lqemu_map_kind) { + self.0 &= rhs.0; + } } -unsafe extern "C" { - pub fn _libafl_backdoor_call1(action: libafl_word, arg1: libafl_word) -> libafl_word; +#[repr(transparent)] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub struct lqemu_map_kind(pub ::std::os::raw::c_uint); +pub const lqemu_addr_kind_LQEMU_ADDR_PHYS: lqemu_addr_kind = lqemu_addr_kind(0); +pub const lqemu_addr_kind_LQEMU_ADDR_VIRT: lqemu_addr_kind = lqemu_addr_kind(1); +impl ::std::ops::BitOr for lqemu_addr_kind { + type Output = Self; + #[inline] + fn bitor(self, other: Self) -> Self { + lqemu_addr_kind(self.0 | other.0) + } } -unsafe extern "C" { - pub fn _libafl_backdoor_call2( - action: libafl_word, - arg1: libafl_word, - arg2: libafl_word, - ) -> libafl_word; +impl ::std::ops::BitOrAssign for lqemu_addr_kind { + #[inline] + fn bitor_assign(&mut self, rhs: lqemu_addr_kind) { + self.0 |= rhs.0; + } +} +impl ::std::ops::BitAnd for lqemu_addr_kind { + type Output = Self; + #[inline] + fn bitand(self, other: Self) -> Self { + lqemu_addr_kind(self.0 & other.0) + } +} +impl ::std::ops::BitAndAssign for lqemu_addr_kind { + #[inline] + fn bitand_assign(&mut self, rhs: lqemu_addr_kind) { + self.0 &= rhs.0; + } +} +#[repr(transparent)] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub struct lqemu_addr_kind(pub ::std::os::raw::c_uint); +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct lqemu_map { + pub map_kind: lqemu_map_kind, + pub addr_kind: lqemu_addr_kind, + pub addr: lqword, + pub len: lqword, + pub is_physically_contiguous: bool, +} +#[allow(clippy::unnecessary_operation, clippy::identity_op)] +const _: () = { + ["Size of lqemu_map"][::std::mem::size_of::() - 32usize]; + ["Alignment of lqemu_map"][::std::mem::align_of::() - 8usize]; + ["Offset of field: lqemu_map::map_kind"][::std::mem::offset_of!(lqemu_map, map_kind) - 0usize]; + ["Offset of field: lqemu_map::addr_kind"] + [::std::mem::offset_of!(lqemu_map, addr_kind) - 4usize]; + ["Offset of field: lqemu_map::addr"][::std::mem::offset_of!(lqemu_map, addr) - 8usize]; + ["Offset of field: lqemu_map::len"][::std::mem::offset_of!(lqemu_map, len) - 16usize]; + ["Offset of field: lqemu_map::is_physically_contiguous"] + [::std::mem::offset_of!(lqemu_map, is_physically_contiguous) - 24usize]; +}; +impl Default for lqemu_map { + fn default() -> Self { + let mut s = ::std::mem::MaybeUninit::::uninit(); + unsafe { + ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); + s.assume_init() + } + } } pub const LibaflQemuEndStatus_LIBAFL_QEMU_END_UNKNOWN: LibaflQemuEndStatus = LibaflQemuEndStatus(0); pub const LibaflQemuEndStatus_LIBAFL_QEMU_END_OK: LibaflQemuEndStatus = LibaflQemuEndStatus(1); @@ -1299,32 +1327,94 @@ impl ::std::ops::BitAndAssign for LibaflQemuEndStatus { } } #[repr(transparent)] -#[doc = " LibAFL QEMU header file.\n\n This file is a portable header file used to build target harnesses more\n conveniently. Its main purpose is to generate ready-to-use calls to\n communicate with the fuzzer. The list of commands is available at the bottom\n of this file. The rest mostly consists of macros generating the code used by\n the commands."] #[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] pub struct LibaflQemuEndStatus(pub ::std::os::raw::c_uint); +pub const LibaflQemuCommand_LIBAFL_QEMU_COMMAND_START_VIRT: LibaflQemuCommand = + LibaflQemuCommand(0); +pub const LibaflQemuCommand_LIBAFL_QEMU_COMMAND_START_PHYS: LibaflQemuCommand = + LibaflQemuCommand(1); +pub const LibaflQemuCommand_LIBAFL_QEMU_COMMAND_END: LibaflQemuCommand = LibaflQemuCommand(4); +pub const LibaflQemuCommand_LIBAFL_QEMU_COMMAND_SAVE: LibaflQemuCommand = LibaflQemuCommand(5); +pub const LibaflQemuCommand_LIBAFL_QEMU_COMMAND_LOAD: LibaflQemuCommand = LibaflQemuCommand(6); +pub const LibaflQemuCommand_LIBAFL_QEMU_COMMAND_VERSION: LibaflQemuCommand = LibaflQemuCommand(7); +pub const LibaflQemuCommand_LIBAFL_QEMU_COMMAND_VADDR_FILTER_ALLOW: LibaflQemuCommand = + LibaflQemuCommand(8); +pub const LibaflQemuCommand_LIBAFL_QEMU_COMMAND_INTERNAL_ERROR: LibaflQemuCommand = + LibaflQemuCommand(9); +pub const LibaflQemuCommand_LIBAFL_QEMU_COMMAND_LQPRINTF: LibaflQemuCommand = LibaflQemuCommand(10); +pub const LibaflQemuCommand_LIBAFL_QEMU_COMMAND_TEST: LibaflQemuCommand = LibaflQemuCommand(11); +pub const LibaflQemuCommand_LIBAFL_QEMU_COMMAND_SET_MAP: LibaflQemuCommand = LibaflQemuCommand(12); +impl ::std::ops::BitOr for LibaflQemuCommand { + type Output = Self; + #[inline] + fn bitor(self, other: Self) -> Self { + LibaflQemuCommand(self.0 | other.0) + } +} +impl ::std::ops::BitOrAssign for LibaflQemuCommand { + #[inline] + fn bitor_assign(&mut self, rhs: LibaflQemuCommand) { + self.0 |= rhs.0; + } +} +impl ::std::ops::BitAnd for LibaflQemuCommand { + type Output = Self; + #[inline] + fn bitand(self, other: Self) -> Self { + LibaflQemuCommand(self.0 & other.0) + } +} +impl ::std::ops::BitAndAssign for LibaflQemuCommand { + #[inline] + fn bitand_assign(&mut self, rhs: LibaflQemuCommand) { + self.0 &= rhs.0; + } +} +#[repr(transparent)] +#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)] +pub struct LibaflQemuCommand(pub ::std::os::raw::c_uint); +pub use self::LibaflQemuCommand as LibaflExit; +unsafe extern "C" { + pub fn _lqemu_custom_insn_call0(cmd: lqword) -> lqword; +} +unsafe extern "C" { + pub fn _lqemu_custom_insn_call1(cmd: lqword, arg1: lqword) -> lqword; +} +unsafe extern "C" { + pub fn _lqemu_custom_insn_call2(cmd: lqword, arg1: lqword, arg2: lqword) -> lqword; +} +unsafe extern "C" { + pub fn _lqemu_backdoor_call0(cmd: lqword) -> lqword; +} +unsafe extern "C" { + pub fn _lqemu_backdoor_call1(cmd: lqword, arg1: lqword) -> lqword; +} +unsafe extern "C" { + pub fn _lqemu_backdoor_call2(cmd: lqword, arg1: lqword, arg2: lqword) -> lqword; +} unsafe extern "C" { pub fn libafl_qemu_start_virt( buf_vaddr: *mut ::std::os::raw::c_void, - max_len: libafl_word, - ) -> libafl_word; + max_len: lqword, + ) -> lqword; } unsafe extern "C" { pub fn libafl_qemu_start_phys( buf_paddr: *mut ::std::os::raw::c_void, - max_len: libafl_word, - ) -> libafl_word; + max_len: lqword, + ) -> lqword; } unsafe extern "C" { pub fn libafl_qemu_input_virt( buf_vaddr: *mut ::std::os::raw::c_void, - max_len: libafl_word, - ) -> libafl_word; + max_len: lqword, + ) -> lqword; } unsafe extern "C" { pub fn libafl_qemu_input_phys( buf_paddr: *mut ::std::os::raw::c_void, - max_len: libafl_word, - ) -> libafl_word; + max_len: lqword, + ) -> lqword; } unsafe extern "C" { pub fn libafl_qemu_end(status: LibaflQemuEndStatus); @@ -1336,7 +1426,7 @@ unsafe extern "C" { pub fn libafl_qemu_load(); } unsafe extern "C" { - pub fn libafl_qemu_version() -> libafl_word; + pub fn libafl_qemu_version() -> lqword; } unsafe extern "C" { pub fn libafl_qemu_page_current_allow(); @@ -1345,19 +1435,26 @@ unsafe extern "C" { pub fn libafl_qemu_internal_error(); } unsafe extern "C" { - pub fn lqprintf(fmt: *const ::std::os::raw::c_char, ...); + pub fn libafl_qemu_test(); } unsafe extern "C" { - pub fn libafl_qemu_test(); + pub fn libafl_qemu_trace_vaddr_range(start: lqword, end: lqword); +} +unsafe extern "C" { + pub fn libafl_qemu_trace_vaddr_size(start: lqword, size: lqword); } unsafe extern "C" { - pub fn libafl_qemu_trace_vaddr_range(start: libafl_word, end: libafl_word); + pub fn libafl_qemu_set_covmap_virt( + vaddr: *mut ::std::os::raw::c_char, + len: lqword, + is_physically_contiguous: bool, + ); } unsafe extern "C" { - pub fn libafl_qemu_trace_vaddr_size(start: libafl_word, size: libafl_word); + pub fn libafl_qemu_set_covmap_phys(paddr: *mut ::std::os::raw::c_char, len: lqword); } unsafe extern "C" { - pub static mut _lqprintf_buffer: [::std::os::raw::c_char; 4096usize]; + pub fn lqprintf(fmt: *const ::std::os::raw::c_char, ...); } pub type __builtin_va_list = [__va_list_tag; 1usize]; #[repr(C)] diff --git a/crates/libafl_qemu/runtime/libafl_qemu.h b/crates/libafl_qemu/runtime/libafl_qemu.h deleted file mode 100644 index ace7259f910..00000000000 --- a/crates/libafl_qemu/runtime/libafl_qemu.h +++ /dev/null @@ -1,55 +0,0 @@ -#ifndef LIBAFL_QEMU_H -#define LIBAFL_QEMU_H - -#include "libafl_qemu_defs.h" -#include "libafl_qemu_arch.h" - -#define LIBAFL_QEMU_PRINTF_MAX_SIZE 4096 - -/** - * LibAFL QEMU header file. - * - * This file is a portable header file used to build target harnesses more - * conveniently. Its main purpose is to generate ready-to-use calls to - * communicate with the fuzzer. The list of commands is available at the bottom - * of this file. The rest mostly consists of macros generating the code used by - * the commands. - */ - -enum LibaflQemuEndStatus { - LIBAFL_QEMU_END_UNKNOWN = 0, - LIBAFL_QEMU_END_OK = 1, - LIBAFL_QEMU_END_CRASH = 2, -}; - -libafl_word libafl_qemu_start_virt(void *buf_vaddr, libafl_word max_len); - -libafl_word libafl_qemu_start_phys(void *buf_paddr, libafl_word max_len); - -libafl_word libafl_qemu_input_virt(void *buf_vaddr, libafl_word max_len); - -libafl_word libafl_qemu_input_phys(void *buf_paddr, libafl_word max_len); - -void libafl_qemu_end(enum LibaflQemuEndStatus status); - -void libafl_qemu_save(void); - -void libafl_qemu_load(void); - -libafl_word libafl_qemu_version(void); - -void libafl_qemu_page_current_allow(void); - -void libafl_qemu_internal_error(void); - -void __attribute__((format(printf, 1, 2))) lqprintf(const char *fmt, ...); - -void libafl_qemu_test(void); - -void libafl_qemu_trace_vaddr_range(libafl_word start, libafl_word end); - -void libafl_qemu_trace_vaddr_size(libafl_word start, libafl_word size); - -#include "libafl_qemu_impl.h" - -#endif diff --git a/crates/libafl_qemu/runtime/libafl_qemu_arch.h b/crates/libafl_qemu/runtime/libafl_qemu_arch.h deleted file mode 100644 index 4bfba468bc7..00000000000 --- a/crates/libafl_qemu/runtime/libafl_qemu_arch.h +++ /dev/null @@ -1,306 +0,0 @@ -#ifndef LIBAFL_QEMU_ARCH -#define LIBAFL_QEMU_ARCH - -// TODO: slit this in subfiles? - -#include "libafl_qemu_defs.h" - -/* Arch-specific definitions - * - * Each architecture should define: - * - [type] libafl_word: native word on the target architecture (often the size of a register) - * - [macro] define STDIO_SUPPORT: if defined, more commands will be supported. - * - [macro] LIBAFL_CALLING_CONVENTION: the calling convention to follow for the architecture. it should be the same as the one use in libafl qemu. - * - [function] snprintf: the standard POSIX snprintf definition. - * - [function] va_{start,arg,end}: standard functions to handle variadic functions - */ - -// Target Specific imports / definitions -#if defined(_WIN32) - // Windows - #include - #include - - typedef UINT64 libafl_word; - #define LIBAFL_CALLING_CONVENTION __fastcall - #define STDIO_SUPPORT -#elif defined(__linux__) - // Linux - #ifdef __KERNEL__ - // Linux kernel - #include - - #if defined(__x86_64__) || defined(__aarch64__) || (defined(__riscv) && __riscv_xlen == 64) - typedef __u64 libafl_word; - #define LIBAFL_CALLING_CONVENTION __attribute__(()) - #endif - - #if defined(__arm__) || (defined(__riscv) && __riscv_xlen == 32) - typedef __u32 libafl_word; - #define LIBAFL_CALLING_CONVENTION __attribute__(()) - #endif - #else - // Linux userland - #include - #include - #include - - #define noinline __attribute__((noinline)) - - #if defined(__x86_64__) || defined(__aarch64__) || (defined(__riscv) && __riscv_xlen == 64) - typedef uint64_t libafl_word; - #define LIBAFL_CALLING_CONVENTION __attribute__(()) - #endif - - #if defined(__arm__) || (defined(__riscv) && __riscv_xlen == 32) - typedef uint32_t libafl_word; - #define LIBAFL_CALLING_CONVENTION __attribute__(()) - #endif - #endif - - #define STDIO_SUPPORT -#else - // Other - #include - #include - - #define noinline __attribute__((noinline)) - - #if defined(__x86_64__) || defined(__aarch64__) || (defined(__riscv) && __riscv_xlen == 64) - typedef uint64_t libafl_word; - #define LIBAFL_CALLING_CONVENTION __attribute__(()) - #endif - - #if defined(__arm__) || (defined(__riscv) && __riscv_xlen == 32) - typedef uint32_t libafl_word; - #define LIBAFL_CALLING_CONVENTION __attribute__(()) - #endif -#endif -#endif - -#define LIBAFL_DECLARE(name) \ - libafl_word LIBAFL_CALLING_CONVENTION _libafl_##name##_call0(libafl_word action); \ - libafl_word LIBAFL_CALLING_CONVENTION _libafl_##name##_call1(libafl_word action, \ - libafl_word arg1); \ - libafl_word LIBAFL_CALLING_CONVENTION _libafl_##name##_call2(libafl_word action, \ - libafl_word arg1, \ - libafl_word arg2); - -#ifdef _WIN32 - #define LIBAFL_DEFINE_FUNCTIONS(name, _opcode) \ - #ifdef __cplusplus \ - extern "C" { \ - #endif \ - LIBAFL_DECLARE(name) \ - #ifdef __cplusplus \ - } \ - #endif -#else - #if defined(__x86_64__) - #define LIBAFL_DEFINE_FUNCTIONS(name, opcode) \ - LIBAFL_DECLARE(name) \ - \ - libafl_word LIBAFL_CALLING_CONVENTION _libafl_##name##_call0( \ - libafl_word action) { \ - libafl_word ret; \ - __asm__ volatile ( \ - "mov %1, %%rax\n" \ - ".4byte " XSTRINGIFY(opcode) "\n" \ - "mov %%rax, %0\n" \ - : "=g"(ret) \ - : "g"(action) \ - : "%rax" \ - ); \ - return ret; \ - } \ - \ - libafl_word LIBAFL_CALLING_CONVENTION _libafl_##name##_call1( \ - libafl_word action, libafl_word arg1) { \ - libafl_word ret; \ - __asm__ volatile ( \ - "mov %1, %%rax\n" \ - "mov %2, %%rdi\n" \ - ".4byte " XSTRINGIFY(opcode) "\n" \ - "mov %%rax, %0\n" \ - : "=g"(ret) \ - : "g"(action), "g"(arg1) \ - : "%rax", "%rdi" \ - ); \ - return ret; \ - } \ - \ - libafl_word LIBAFL_CALLING_CONVENTION _libafl_##name##_call2( \ - libafl_word action, libafl_word arg1, libafl_word arg2) { \ - libafl_word ret; \ - __asm__ volatile ( \ - "mov %1, %%rax\n" \ - "mov %2, %%rdi\n" \ - "mov %3, %%rsi\n" \ - ".4byte " XSTRINGIFY(opcode) "\n" \ - "mov %%rax, %0\n" \ - : "=g"(ret) \ - : "g"(action), "g"(arg1), "g"(arg2) \ - : "%rax", "%rdi", "%rsi" \ - ); \ - return ret; \ - } - - #elif defined(__arm__) - #define LIBAFL_DEFINE_FUNCTIONS(name, opcode) \ - LIBAFL_DECLARE(name) \ - \ - libafl_word LIBAFL_CALLING_CONVENTION _libafl_##name##_call0( \ - libafl_word action) { \ - libafl_word ret; \ - __asm__ volatile ( \ - "mov r0, %1\n" \ - ".word " XSTRINGIFY(opcode) "\n" \ - "mov %0, r0\n" \ - : "=r"(ret) \ - : "r"(action) \ - : "r0" \ - ); \ - return ret; \ - } \ - \ - libafl_word LIBAFL_CALLING_CONVENTION _libafl_##name##_call1( \ - libafl_word action, libafl_word arg1) { \ - libafl_word ret; \ - __asm__ volatile ( \ - "mov r0, %1\n" \ - "mov r1, %2\n" \ - ".word " XSTRINGIFY(opcode) "\n" \ - "mov %0, r0\n" \ - : "=r"(ret) \ - : "r"(action), "r"(arg1) \ - : "r0", "r1" \ - ); \ - return ret; \ - } \ - \ - libafl_word LIBAFL_CALLING_CONVENTION _libafl_##name##_call2( \ - libafl_word action, libafl_word arg1, libafl_word arg2) { \ - libafl_word ret; \ - __asm__ volatile ( \ - "mov r0, %1\n" \ - "mov r1, %2\n" \ - "mov r2, %3\n" \ - ".word " XSTRINGIFY(opcode) "\n" \ - "mov %0, r0\n" \ - : "=r"(ret) \ - : "r"(action), "r"(arg1), "r"(arg2) \ - : "r0", "r1", "r2" \ - ); \ - return ret; \ - } - - #elif defined(__aarch64__) - #define LIBAFL_DEFINE_FUNCTIONS(name, opcode) \ - LIBAFL_DECLARE(name) \ - \ - libafl_word LIBAFL_CALLING_CONVENTION _libafl_##name##_call0( \ - libafl_word action) { \ - libafl_word ret; \ - __asm__ volatile ( \ - "mov x0, %1\n" \ - ".word " XSTRINGIFY(opcode) "\n" \ - "mov %0, x0\n" \ - : "=r"(ret) \ - : "r"(action) \ - : "x0" \ - ); \ - return ret; \ - } \ - \ - libafl_word LIBAFL_CALLING_CONVENTION _libafl_##name##_call1( \ - libafl_word action, libafl_word arg1) { \ - libafl_word ret; \ - __asm__ volatile ( \ - "mov x0, %1\n" \ - "mov x1, %2\n" \ - ".word " XSTRINGIFY(opcode) "\n" \ - "mov %0, x0\n" \ - : "=r"(ret) \ - : "r"(action), "r"(arg1) \ - : "x0", "x1" \ - ); \ - return ret; \ - } \ - \ - libafl_word LIBAFL_CALLING_CONVENTION _libafl_##name##_call2( \ - libafl_word action, libafl_word arg1, libafl_word arg2) { \ - libafl_word ret; \ - __asm__ volatile ( \ - "mov x0, %1\n" \ - "mov x1, %2\n" \ - "mov x2, %3\n" \ - ".word " XSTRINGIFY(opcode) "\n" \ - "mov %0, x0\n" \ - : "=r"(ret) \ - : "r"(action), "r"(arg1), "r"(arg2) \ - : "x0", "x1", "x2" \ - ); \ - return ret; \ - } - #elif defined(__riscv) - #define LIBAFL_DEFINE_FUNCTIONS(name, opcode) \ - LIBAFL_DECLARE(name) \ - \ - libafl_word LIBAFL_CALLING_CONVENTION _libafl_##name##_call0( \ - libafl_word action) { \ - libafl_word ret; \ - __asm__ volatile ( \ - "mv a0, %1\n" \ - ".word " XSTRINGIFY(opcode) "\n" \ - "mv a0, a0\n" \ - : "=r"(ret) \ - : "r"(action) \ - : "a0" \ - ); \ - return ret; \ - } \ - \ - libafl_word LIBAFL_CALLING_CONVENTION _libafl_##name##_call1( \ - libafl_word action, libafl_word arg1) { \ - libafl_word ret; \ - __asm__ volatile ( \ - "mv a0, %1\n" \ - "mv a1, %2\n" \ - ".word " XSTRINGIFY(opcode) "\n" \ - "mv %0, a0\n" \ - : "=r"(ret) \ - : "r"(action), "r"(arg1) \ - : "a0", "a1" \ - ); \ - return ret; \ - } \ - \ - libafl_word LIBAFL_CALLING_CONVENTION _libafl_##name##_call2( \ - libafl_word action, libafl_word arg1, libafl_word arg2) { \ - libafl_word ret; \ - __asm__ volatile ( \ - "mv a0, %1\n" \ - "mv a1, %2\n" \ - "mv a2, %3\n" \ - ".word " XSTRINGIFY(opcode) "\n" \ - "mv %0, a0\n" \ - : "=r"(ret) \ - : "r"(action), "r"(arg1), "r"(arg2) \ - : "a0", "a1", "a2" \ - ); \ - return ret; \ - } - - #else - #warning "LibAFL QEMU Runtime does not support your architecture yet, please leave an issue." - #endif - -// Generates sync exit functions -LIBAFL_DEFINE_FUNCTIONS(sync_exit, LIBAFL_SYNC_EXIT_OPCODE) - -// Generates backdoor functions -LIBAFL_DEFINE_FUNCTIONS(backdoor, LIBAFL_BACKDOOR_OPCODE) - -STATIC_CHECKS - -#endif diff --git a/crates/libafl_qemu/runtime/libafl_qemu_defs.h b/crates/libafl_qemu/runtime/libafl_qemu_defs.h deleted file mode 100644 index 2866cadaac2..00000000000 --- a/crates/libafl_qemu/runtime/libafl_qemu_defs.h +++ /dev/null @@ -1,37 +0,0 @@ -#ifndef LIBAFL_QEMU_DEFS -#define LIBAFL_QEMU_DEFS - -#define LIBAFL_STRINGIFY(s) #s -#define XSTRINGIFY(s) LIBAFL_STRINGIFY(s) - -#if __STDC_VERSION__ >= 201112L - #define STATIC_CHECKS \ - _Static_assert(sizeof(void *) <= sizeof(libafl_word), \ - "pointer type should not be larger and libafl_word"); -#else - #define STATIC_CHECKS -#endif - -#define LIBAFL_SYNC_EXIT_OPCODE 0x66f23a0f -#define LIBAFL_BACKDOOR_OPCODE 0x44f23a0f - -#define LIBAFL_QEMU_TEST_VALUE 0xcafebabe - -#define LIBAFL_QEMU_HDR_VERSION_NUMBER 0111 // TODO: find a nice way to set it. - -typedef enum LibaflQemuCommand { - LIBAFL_QEMU_COMMAND_START_VIRT = 0, - LIBAFL_QEMU_COMMAND_START_PHYS = 1, - LIBAFL_QEMU_COMMAND_INPUT_VIRT = 2, - LIBAFL_QEMU_COMMAND_INPUT_PHYS = 3, - LIBAFL_QEMU_COMMAND_END = 4, - LIBAFL_QEMU_COMMAND_SAVE = 5, - LIBAFL_QEMU_COMMAND_LOAD = 6, - LIBAFL_QEMU_COMMAND_VERSION = 7, - LIBAFL_QEMU_COMMAND_VADDR_FILTER_ALLOW = 8, - LIBAFL_QEMU_COMMAND_INTERNAL_ERROR = 9, - LIBAFL_QEMU_COMMAND_LQPRINTF = 10, - LIBAFL_QEMU_COMMAND_TEST = 11, -} LibaflExit; - -#endif diff --git a/crates/libafl_qemu/runtime/libafl_qemu_impl.h b/crates/libafl_qemu/runtime/libafl_qemu_impl.h deleted file mode 100644 index 21773b40c2c..00000000000 --- a/crates/libafl_qemu/runtime/libafl_qemu_impl.h +++ /dev/null @@ -1,84 +0,0 @@ -#ifndef LIBAFL_QEMU_IMPL -#define LIBAFL_QEMU_IMPL - -#include "libafl_qemu.h" - -static char _lqprintf_buffer[LIBAFL_QEMU_PRINTF_MAX_SIZE] = {0}; - -noinline libafl_word libafl_qemu_start_virt(void *buf_vaddr, - libafl_word max_len) { - return _libafl_sync_exit_call2(LIBAFL_QEMU_COMMAND_START_VIRT, - (libafl_word)buf_vaddr, max_len); -} - -noinline libafl_word libafl_qemu_start_phys(void *buf_paddr, - libafl_word max_len) { - return _libafl_sync_exit_call2(LIBAFL_QEMU_COMMAND_START_PHYS, - (libafl_word)buf_paddr, max_len); -} - -noinline libafl_word libafl_qemu_input_virt(void *buf_vaddr, - libafl_word max_len) { - return _libafl_sync_exit_call2(LIBAFL_QEMU_COMMAND_INPUT_VIRT, - (libafl_word)buf_vaddr, max_len); -} - -noinline libafl_word libafl_qemu_input_phys(void *buf_paddr, - libafl_word max_len) { - return _libafl_sync_exit_call2(LIBAFL_QEMU_COMMAND_INPUT_PHYS, - (libafl_word)buf_paddr, max_len); -} - -noinline void libafl_qemu_end(enum LibaflQemuEndStatus status) { - _libafl_sync_exit_call1(LIBAFL_QEMU_COMMAND_END, status); -} - -noinline void libafl_qemu_save(void) { - _libafl_sync_exit_call0(LIBAFL_QEMU_COMMAND_SAVE); -} - -noinline void libafl_qemu_load(void) { - _libafl_sync_exit_call0(LIBAFL_QEMU_COMMAND_LOAD); -} - -noinline libafl_word libafl_qemu_version(void) { - return _libafl_sync_exit_call0(LIBAFL_QEMU_COMMAND_VERSION); -} - -noinline void libafl_qemu_internal_error(void) { - _libafl_sync_exit_call0(LIBAFL_QEMU_COMMAND_INTERNAL_ERROR); -} - -#ifdef STDIO_SUPPORT -noinline void lqprintf(const char *fmt, ...) { - va_list args; - va_start(args, fmt); - int res = vsnprintf(_lqprintf_buffer, LIBAFL_QEMU_PRINTF_MAX_SIZE, fmt, args); - va_end(args); - - if (res >= LIBAFL_QEMU_PRINTF_MAX_SIZE) { - // buffer is not big enough, either recompile the target with more - // space or print less things - libafl_qemu_internal_error(); - } - - _libafl_sync_exit_call2(LIBAFL_QEMU_COMMAND_LQPRINTF, - (libafl_word)_lqprintf_buffer, res); -} -#endif - -noinline void libafl_qemu_test(void) { - _libafl_sync_exit_call1(LIBAFL_QEMU_COMMAND_TEST, LIBAFL_QEMU_TEST_VALUE); -} - -noinline void libafl_qemu_trace_vaddr_range(libafl_word start, - libafl_word end) { - _libafl_sync_exit_call2(LIBAFL_QEMU_COMMAND_VADDR_FILTER_ALLOW, start, end); -} - -noinline void libafl_qemu_trace_vaddr_size(libafl_word start, - libafl_word size) { - libafl_qemu_trace_vaddr_range(start, start + size); -} - -#endif \ No newline at end of file diff --git a/crates/libafl_qemu/runtime/libafl_qemu_windows.asm b/crates/libafl_qemu/runtime/libafl_qemu_windows.asm deleted file mode 100755 index 1b8163e8871..00000000000 --- a/crates/libafl_qemu/runtime/libafl_qemu_windows.asm +++ /dev/null @@ -1,115 +0,0 @@ -; LibAFL QEMU Windows ASM companion file. It should be used together with libafl_qemu.h -; Since Windows does not support extended inline assembly, it is more convenient to use asm files directly. - -PUBLIC _libafl_sync_exit_call0, _libafl_sync_exit_call1, _libafl_sync_exit_call2 -PUBLIC _libafl_backdoor_call0, _libafl_backdoor_call1, _libafl_backdoor_call2 - -LIBAFL_SYNC_EXIT_OPCODE MACRO - dd 66f23a0fh -ENDM - -LIBAFL_BACKDOOR_OPCODE MACRO - dd 44f23a0fh -ENDM - -.code - -; Execute LibAFL sync exit (no argument) -; Parameters: -; [RAX, OUT] Hook return value -; [RCX, IN] LibAFL QEMU Command -_libafl_sync_exit_call0: - mov rax, rcx - - LIBAFL_SYNC_EXIT_OPCODE - - ret - -; Execute LibAFL sync exit (one argument) -; Parameters: -; [RAX, OUT] Hook return value -; [RCX, IN] LibAFL QEMU Command -; [RDX, IN] Arg1 -_libafl_sync_exit_call1: - push rdi - - mov rax, rcx - mov rdi, rdx - - LIBAFL_SYNC_EXIT_OPCODE - - pop rdi - - ret - -; Execute LibAFL sync exit (two arguments) -; Parameters: -; [RAX, OUT] Hook return value -; [RCX, IN] LibAFL QEMU Command -; [RDX, IN] Arg1 -; [R8, IN] Arg2 -_libafl_sync_exit_call2: - push rdi - push rsi - - mov rax, rcx - mov rdi, rdx - mov rsi, r8 - - LIBAFL_SYNC_EXIT_OPCODE - - pop rsi - pop rdi - - ret - -; Execute LibAFL backdoor (no argument) -; Parameters: -; [RAX, OUT] Hook return value -; [RCX, IN] LibAFL QEMU Command -_libafl_backdoor_call0: - mov rax, rcx - - LIBAFL_BACKDOOR_OPCODE - - ret - -; Execute LibAFL backdoor (one argument) -; Parameters: -; [RAX, OUT] Hook return value -; [RCX, IN] LibAFL QEMU Command -; [RDX, IN] Arg1 -_libafl_backdoor_call1: - push rdi - - mov rax, rcx - mov rdi, rdx - - LIBAFL_BACKDOOR_OPCODE - - pop rdi - - ret - -; Execute LibAFL backdoor (two arguments) -; Parameters: -; [RAX, OUT] Hook return value -; [RCX, IN] LibAFL QEMU Command -; [RDX, IN] Arg1 -; [R8, IN] Arg2 -_libafl_backdoor_call2: - push rdi - push rsi - - mov rax, rcx - mov rdi, rdx - mov rsi, r8 - - LIBAFL_BACKDOOR_OPCODE - - pop rsi - pop rdi - - ret - -END diff --git a/crates/libafl_qemu/runtime/nyx_api.h b/crates/libafl_qemu/runtime/nyx_api.h deleted file mode 100644 index 249f826f4c8..00000000000 --- a/crates/libafl_qemu/runtime/nyx_api.h +++ /dev/null @@ -1,196 +0,0 @@ -/* - * kAFl/Nyx low-level interface definitions - * - * Copyright 2022 Sergej Schumilo, Cornelius Aschermann - * Copyright 2022 Intel Corporation - * - * SPDX-License-Identifier: MIT - */ - -#ifndef NYX_API_H -#define NYX_API_H - -#ifndef __KERNEL__ - // userspace - #include - #include - #include - - #ifdef __MINGW64__ - #ifndef uint64_t - #define uint64_t UINT64 - #endif - #ifndef int32_t - #define int32_t INT32 - #endif - #ifndef uint32_t - #define uint32_t UINT32 - #endif - #ifndef u_long - #define u_long UINT64 - #endif - #ifndef uint8_t - #define uint8_t UINT8 - #endif - #else - #include - #endif -#else - // Linux kernel - #include - #include - #include -#endif - -#define HYPERCALL_KAFL_RAX_ID 0x01f -#define HYPERCALL_KAFL_ACQUIRE 0 -#define HYPERCALL_KAFL_GET_PAYLOAD 1 -#define HYPERCALL_KAFL_GET_PROGRAM 2 /* deprecated */ -#define HYPERCALL_KAFL_GET_ARGV 3 /* deprecated */ -#define HYPERCALL_KAFL_RELEASE 4 -#define HYPERCALL_KAFL_SUBMIT_CR3 5 -#define HYPERCALL_KAFL_SUBMIT_PANIC 6 -#define HYPERCALL_KAFL_SUBMIT_KASAN 7 -#define HYPERCALL_KAFL_PANIC 8 -#define HYPERCALL_KAFL_KASAN 9 -#define HYPERCALL_KAFL_LOCK 10 -#define HYPERCALL_KAFL_INFO 11 /* deprecated */ -#define HYPERCALL_KAFL_NEXT_PAYLOAD 12 -#define HYPERCALL_KAFL_PRINTF 13 -#define HYPERCALL_KAFL_PRINTK_ADDR 14 /* deprecated */ -#define HYPERCALL_KAFL_PRINTK 15 /* deprecated */ - -/* user space only hypercalls */ -#define HYPERCALL_KAFL_USER_RANGE_ADVISE 16 -#define HYPERCALL_KAFL_USER_SUBMIT_MODE 17 -#define HYPERCALL_KAFL_USER_FAST_ACQUIRE 18 -/* 19 is already used for exit reason KVM_EXIT_KAFL_TOPA_MAIN_FULL */ -#define HYPERCALL_KAFL_USER_ABORT 20 -#define HYPERCALL_KAFL_TIMEOUT 21 /* deprecated */ -#define HYPERCALL_KAFL_RANGE_SUBMIT 29 -#define HYPERCALL_KAFL_REQ_STREAM_DATA 30 -#define HYPERCALL_KAFL_PANIC_EXTENDED 32 - -#define HYPERCALL_KAFL_CREATE_TMP_SNAPSHOT 33 -#define HYPERCALL_KAFL_DEBUG_TMP_SNAPSHOT \ - 34 /* hypercall for debugging / development purposes */ - -#define HYPERCALL_KAFL_GET_HOST_CONFIG 35 -#define HYPERCALL_KAFL_SET_AGENT_CONFIG 36 - -#define HYPERCALL_KAFL_DUMP_FILE 37 - -#define HYPERCALL_KAFL_REQ_STREAM_DATA_BULK 38 -#define HYPERCALL_KAFL_PERSIST_PAGE_PAST_SNAPSHOT 39 - -/* hypertrash only hypercalls */ -#define HYPERTRASH_HYPERCALL_MASK 0xAA000000 - -#define HYPERCALL_KAFL_NESTED_PREPARE (0 | HYPERTRASH_HYPERCALL_MASK) -#define HYPERCALL_KAFL_NESTED_CONFIG (1 | HYPERTRASH_HYPERCALL_MASK) -#define HYPERCALL_KAFL_NESTED_ACQUIRE (2 | HYPERTRASH_HYPERCALL_MASK) -#define HYPERCALL_KAFL_NESTED_RELEASE (3 | HYPERTRASH_HYPERCALL_MASK) -#define HYPERCALL_KAFL_NESTED_HPRINTF (4 | HYPERTRASH_HYPERCALL_MASK) - -#define HPRINTF_MAX_SIZE 0x1000 /* up to 4KB hprintf strings */ - -#define KAFL_MODE_64 0 -#define KAFL_MODE_32 1 -#define KAFL_MODE_16 2 - -typedef volatile struct { - int32_t size; - uint8_t data[]; -} kAFL_payload; - -typedef volatile struct { - uint64_t ip[4]; - uint64_t size[4]; - uint8_t enabled[4]; -} kAFL_ranges; - -#if defined(__i386__) -static inline uint32_t kAFL_hypercall(uint32_t p1, uint32_t p2) { - uint32_t nr = HYPERCALL_KAFL_RAX_ID; - asm volatile("vmcall" : "=a"(nr) : "a"(nr), "b"(p1), "c"(p2)); - return nr; -} -#elif defined(__x86_64__) -static inline uint64_t kAFL_hypercall(uint64_t p1, uint64_t p2) { - uint64_t nr = HYPERCALL_KAFL_RAX_ID; - asm volatile("vmcall" : "=a"(nr) : "a"(nr), "b"(p1), "c"(p2)); - return nr; -} -#else -static inline uint32_t kAFL_hypercall(uint32_t p1, uint32_t p2) { - #ifdef __KERNEL__ - BUG(); - #else - abort(); - #endif - return 0; -} -#endif - -static void habort(char *msg) __attribute__((unused)); -static void habort(char *msg) { - kAFL_hypercall(HYPERCALL_KAFL_USER_ABORT, (uintptr_t)msg); -} - -static void hprintf(const char *format, ...) __attribute__((unused)); -static void hprintf(const char *format, ...) { - static char hprintf_buffer[HPRINTF_MAX_SIZE] __attribute__((aligned(4096))); - - va_list args; - va_start(args, format); - vsnprintf((char *)hprintf_buffer, HPRINTF_MAX_SIZE, format, args); - // printf("%s", hprintf_buffer); - kAFL_hypercall(HYPERCALL_KAFL_PRINTF, (uintptr_t)hprintf_buffer); - va_end(args); -} - -#define NYX_HOST_MAGIC 0x4878794e -#define NYX_AGENT_MAGIC 0x4178794e - -#define NYX_HOST_VERSION 2 -#define NYX_AGENT_VERSION 1 - -typedef struct { - uint32_t host_magic; - uint32_t host_version; - uint32_t bitmap_size; - uint32_t ijon_bitmap_size; - uint32_t payload_buffer_size; - uint32_t worker_id; - /* more to come */ -} __attribute__((packed)) host_config_t; - -typedef volatile struct { - uint32_t agent_magic; - uint32_t agent_version; - uint8_t agent_timeout_detection; - uint8_t agent_tracing; - uint8_t agent_ijon_tracing; - uint8_t agent_non_reload_mode; - uint64_t trace_buffer_vaddr; - uint64_t ijon_trace_buffer_vaddr; - uint32_t coverage_bitmap_size; - uint32_t input_buffer_size; - uint8_t dump_payloads; /* set by hypervisor */ - /* more to come */ -} __attribute__((packed)) agent_config_t; - -typedef struct { - uint64_t file_name_str_ptr; - uint64_t data_ptr; - uint64_t bytes; - uint8_t append; -} __attribute__((packed)) kafl_dump_file_t; - -typedef struct { - char file_name[256]; - uint64_t num_addresses; - uint64_t addresses[479]; -} __attribute__((packed)) req_data_bulk_t; - -#endif /* NYX_API_H */ diff --git a/crates/libafl_qemu/runtime/nyx_stub_bindings.rs b/crates/libafl_qemu/runtime/nyx_stub_bindings.rs deleted file mode 100644 index daef34c56f8..00000000000 --- a/crates/libafl_qemu/runtime/nyx_stub_bindings.rs +++ /dev/null @@ -1,1447 +0,0 @@ -/* 1.88.0-nightly */ -/* qemu git hash: 93663809156a33475ade972cdd5b1301b9310687 */ -/* automatically generated by rust-bindgen 0.71.1 */ - -#[repr(C)] -#[derive(Debug, Copy, Clone, Default, Eq, Hash, Ord, PartialEq, PartialOrd)] -pub struct __BindgenBitfieldUnit { - storage: Storage, -} -impl __BindgenBitfieldUnit { - #[inline] - pub const fn new(storage: Storage) -> Self { - Self { storage } - } -} -impl __BindgenBitfieldUnit -where - Storage: AsRef<[u8]> + AsMut<[u8]>, -{ - #[inline] - fn extract_bit(byte: u8, index: usize) -> bool { - let bit_index = if cfg!(target_endian = "big") { - 7 - (index % 8) - } else { - index % 8 - }; - let mask = 1 << bit_index; - byte & mask == mask - } - #[inline] - pub fn get_bit(&self, index: usize) -> bool { - debug_assert!(index / 8 < self.storage.as_ref().len()); - let byte_index = index / 8; - let byte = self.storage.as_ref()[byte_index]; - Self::extract_bit(byte, index) - } - #[inline] - pub unsafe fn raw_get_bit(this: *const Self, index: usize) -> bool { - debug_assert!(index / 8 < core::mem::size_of::()); - let byte_index = index / 8; - let byte = *(core::ptr::addr_of!((*this).storage) as *const u8).offset(byte_index as isize); - Self::extract_bit(byte, index) - } - #[inline] - fn change_bit(byte: u8, index: usize, val: bool) -> u8 { - let bit_index = if cfg!(target_endian = "big") { - 7 - (index % 8) - } else { - index % 8 - }; - let mask = 1 << bit_index; - if val { byte | mask } else { byte & !mask } - } - #[inline] - pub fn set_bit(&mut self, index: usize, val: bool) { - debug_assert!(index / 8 < self.storage.as_ref().len()); - let byte_index = index / 8; - let byte = &mut self.storage.as_mut()[byte_index]; - *byte = Self::change_bit(*byte, index, val); - } - #[inline] - pub unsafe fn raw_set_bit(this: *mut Self, index: usize, val: bool) { - debug_assert!(index / 8 < core::mem::size_of::()); - let byte_index = index / 8; - let byte = - (core::ptr::addr_of_mut!((*this).storage) as *mut u8).offset(byte_index as isize); - *byte = Self::change_bit(*byte, index, val); - } - #[inline] - pub fn get(&self, bit_offset: usize, bit_width: u8) -> u64 { - debug_assert!(bit_width <= 64); - debug_assert!(bit_offset / 8 < self.storage.as_ref().len()); - debug_assert!((bit_offset + (bit_width as usize)) / 8 <= self.storage.as_ref().len()); - let mut val = 0; - for i in 0..(bit_width as usize) { - if self.get_bit(i + bit_offset) { - let index = if cfg!(target_endian = "big") { - bit_width as usize - 1 - i - } else { - i - }; - val |= 1 << index; - } - } - val - } - #[inline] - pub unsafe fn raw_get(this: *const Self, bit_offset: usize, bit_width: u8) -> u64 { - debug_assert!(bit_width <= 64); - debug_assert!(bit_offset / 8 < core::mem::size_of::()); - debug_assert!((bit_offset + (bit_width as usize)) / 8 <= core::mem::size_of::()); - let mut val = 0; - for i in 0..(bit_width as usize) { - if Self::raw_get_bit(this, i + bit_offset) { - let index = if cfg!(target_endian = "big") { - bit_width as usize - 1 - i - } else { - i - }; - val |= 1 << index; - } - } - val - } - #[inline] - pub fn set(&mut self, bit_offset: usize, bit_width: u8, val: u64) { - debug_assert!(bit_width <= 64); - debug_assert!(bit_offset / 8 < self.storage.as_ref().len()); - debug_assert!((bit_offset + (bit_width as usize)) / 8 <= self.storage.as_ref().len()); - for i in 0..(bit_width as usize) { - let mask = 1 << i; - let val_bit_is_set = val & mask == mask; - let index = if cfg!(target_endian = "big") { - bit_width as usize - 1 - i - } else { - i - }; - self.set_bit(index + bit_offset, val_bit_is_set); - } - } - #[inline] - pub unsafe fn raw_set(this: *mut Self, bit_offset: usize, bit_width: u8, val: u64) { - debug_assert!(bit_width <= 64); - debug_assert!(bit_offset / 8 < core::mem::size_of::()); - debug_assert!((bit_offset + (bit_width as usize)) / 8 <= core::mem::size_of::()); - for i in 0..(bit_width as usize) { - let mask = 1 << i; - let val_bit_is_set = val & mask == mask; - let index = if cfg!(target_endian = "big") { - bit_width as usize - 1 - i - } else { - i - }; - Self::raw_set_bit(this, index + bit_offset, val_bit_is_set); - } - } -} -#[derive(PartialEq, Copy, Clone, Hash, Debug, Default)] -#[repr(C)] -pub struct __BindgenComplex { - pub re: T, - pub im: T, -} -#[repr(C)] -#[derive(Default)] -pub struct __IncompleteArrayField(::std::marker::PhantomData, [T; 0]); -impl __IncompleteArrayField { - #[inline] - pub const fn new() -> Self { - __IncompleteArrayField(::std::marker::PhantomData, []) - } - #[inline] - pub fn as_ptr(&self) -> *const T { - self as *const _ as *const T - } - #[inline] - pub fn as_mut_ptr(&mut self) -> *mut T { - self as *mut _ as *mut T - } - #[inline] - pub unsafe fn as_slice(&self, len: usize) -> &[T] { - ::std::slice::from_raw_parts(self.as_ptr(), len) - } - #[inline] - pub unsafe fn as_mut_slice(&mut self, len: usize) -> &mut [T] { - ::std::slice::from_raw_parts_mut(self.as_mut_ptr(), len) - } -} -impl ::std::fmt::Debug for __IncompleteArrayField { - fn fmt(&self, fmt: &mut ::std::fmt::Formatter<'_>) -> ::std::fmt::Result { - fmt.write_str("__IncompleteArrayField") - } -} -pub const _STDIO_H: u32 = 1; -pub const _FEATURES_H: u32 = 1; -pub const _DEFAULT_SOURCE: u32 = 1; -pub const __GLIBC_USE_ISOC2Y: u32 = 0; -pub const __GLIBC_USE_ISOC23: u32 = 0; -pub const __USE_ISOC11: u32 = 1; -pub const __USE_ISOC99: u32 = 1; -pub const __USE_ISOC95: u32 = 1; -pub const __USE_POSIX_IMPLICITLY: u32 = 1; -pub const _POSIX_SOURCE: u32 = 1; -pub const _POSIX_C_SOURCE: u32 = 200809; -pub const __USE_POSIX: u32 = 1; -pub const __USE_POSIX2: u32 = 1; -pub const __USE_POSIX199309: u32 = 1; -pub const __USE_POSIX199506: u32 = 1; -pub const __USE_XOPEN2K: u32 = 1; -pub const __USE_XOPEN2K8: u32 = 1; -pub const _ATFILE_SOURCE: u32 = 1; -pub const __WORDSIZE: u32 = 64; -pub const __WORDSIZE_TIME64_COMPAT32: u32 = 1; -pub const __SYSCALL_WORDSIZE: u32 = 64; -pub const __TIMESIZE: u32 = 64; -pub const __USE_TIME_BITS64: u32 = 1; -pub const __USE_MISC: u32 = 1; -pub const __USE_ATFILE: u32 = 1; -pub const __USE_FORTIFY_LEVEL: u32 = 0; -pub const __GLIBC_USE_DEPRECATED_GETS: u32 = 0; -pub const __GLIBC_USE_DEPRECATED_SCANF: u32 = 0; -pub const __GLIBC_USE_C23_STRTOL: u32 = 0; -pub const _STDC_PREDEF_H: u32 = 1; -pub const __STDC_IEC_559__: u32 = 1; -pub const __STDC_IEC_60559_BFP__: u32 = 201404; -pub const __STDC_IEC_559_COMPLEX__: u32 = 1; -pub const __STDC_IEC_60559_COMPLEX__: u32 = 201404; -pub const __STDC_ISO_10646__: u32 = 201706; -pub const __GNU_LIBRARY__: u32 = 6; -pub const __GLIBC__: u32 = 2; -pub const __GLIBC_MINOR__: u32 = 41; -pub const _SYS_CDEFS_H: u32 = 1; -pub const __glibc_c99_flexarr_available: u32 = 1; -pub const __LDOUBLE_REDIRECTS_TO_FLOAT128_ABI: u32 = 0; -pub const __HAVE_GENERIC_SELECTION: u32 = 1; -pub const __GLIBC_USE_LIB_EXT2: u32 = 0; -pub const __GLIBC_USE_IEC_60559_BFP_EXT: u32 = 0; -pub const __GLIBC_USE_IEC_60559_BFP_EXT_C23: u32 = 0; -pub const __GLIBC_USE_IEC_60559_EXT: u32 = 0; -pub const __GLIBC_USE_IEC_60559_FUNCS_EXT: u32 = 0; -pub const __GLIBC_USE_IEC_60559_FUNCS_EXT_C23: u32 = 0; -pub const __GLIBC_USE_IEC_60559_TYPES_EXT: u32 = 0; -pub const _BITS_TYPES_H: u32 = 1; -pub const _BITS_TYPESIZES_H: u32 = 1; -pub const __OFF_T_MATCHES_OFF64_T: u32 = 1; -pub const __INO_T_MATCHES_INO64_T: u32 = 1; -pub const __RLIM_T_MATCHES_RLIM64_T: u32 = 1; -pub const __STATFS_MATCHES_STATFS64: u32 = 1; -pub const __KERNEL_OLD_TIMEVAL_MATCHES_TIMEVAL64: u32 = 1; -pub const __FD_SETSIZE: u32 = 1024; -pub const _BITS_TIME64_H: u32 = 1; -pub const _____fpos_t_defined: u32 = 1; -pub const ____mbstate_t_defined: u32 = 1; -pub const _____fpos64_t_defined: u32 = 1; -pub const ____FILE_defined: u32 = 1; -pub const __FILE_defined: u32 = 1; -pub const __struct_FILE_defined: u32 = 1; -pub const _IO_EOF_SEEN: u32 = 16; -pub const _IO_ERR_SEEN: u32 = 32; -pub const _IO_USER_LOCK: u32 = 32768; -pub const __cookie_io_functions_t_defined: u32 = 1; -pub const _IOFBF: u32 = 0; -pub const _IOLBF: u32 = 1; -pub const _IONBF: u32 = 2; -pub const BUFSIZ: u32 = 8192; -pub const EOF: i32 = -1; -pub const SEEK_SET: u32 = 0; -pub const SEEK_CUR: u32 = 1; -pub const SEEK_END: u32 = 2; -pub const P_tmpdir: &[u8; 5] = b"/tmp\0"; -pub const L_tmpnam: u32 = 20; -pub const TMP_MAX: u32 = 238328; -pub const _BITS_STDIO_LIM_H: u32 = 1; -pub const FILENAME_MAX: u32 = 4096; -pub const L_ctermid: u32 = 9; -pub const FOPEN_MAX: u32 = 16; -pub const __HAVE_FLOAT128: u32 = 1; -pub const __HAVE_DISTINCT_FLOAT128: u32 = 1; -pub const __HAVE_FLOAT64X: u32 = 1; -pub const __HAVE_FLOAT64X_LONG_DOUBLE: u32 = 1; -pub const __HAVE_FLOAT16: u32 = 0; -pub const __HAVE_FLOAT32: u32 = 1; -pub const __HAVE_FLOAT64: u32 = 1; -pub const __HAVE_FLOAT32X: u32 = 1; -pub const __HAVE_FLOAT128X: u32 = 0; -pub const __HAVE_DISTINCT_FLOAT16: u32 = 0; -pub const __HAVE_DISTINCT_FLOAT32: u32 = 0; -pub const __HAVE_DISTINCT_FLOAT64: u32 = 0; -pub const __HAVE_DISTINCT_FLOAT32X: u32 = 0; -pub const __HAVE_DISTINCT_FLOAT64X: u32 = 0; -pub const __HAVE_DISTINCT_FLOAT128X: u32 = 0; -pub const __HAVE_FLOATN_NOT_TYPEDEF: u32 = 0; -pub const _STDINT_H: u32 = 1; -pub const _BITS_WCHAR_H: u32 = 1; -pub const _BITS_STDINT_INTN_H: u32 = 1; -pub const _BITS_STDINT_UINTN_H: u32 = 1; -pub const _BITS_STDINT_LEAST_H: u32 = 1; -pub const INT8_MIN: i32 = -128; -pub const INT16_MIN: i32 = -32768; -pub const INT32_MIN: i32 = -2147483648; -pub const INT8_MAX: u32 = 127; -pub const INT16_MAX: u32 = 32767; -pub const INT32_MAX: u32 = 2147483647; -pub const UINT8_MAX: u32 = 255; -pub const UINT16_MAX: u32 = 65535; -pub const UINT32_MAX: u32 = 4294967295; -pub const INT_LEAST8_MIN: i32 = -128; -pub const INT_LEAST16_MIN: i32 = -32768; -pub const INT_LEAST32_MIN: i32 = -2147483648; -pub const INT_LEAST8_MAX: u32 = 127; -pub const INT_LEAST16_MAX: u32 = 32767; -pub const INT_LEAST32_MAX: u32 = 2147483647; -pub const UINT_LEAST8_MAX: u32 = 255; -pub const UINT_LEAST16_MAX: u32 = 65535; -pub const UINT_LEAST32_MAX: u32 = 4294967295; -pub const INT_FAST8_MIN: i32 = -128; -pub const INT_FAST16_MIN: i64 = -9223372036854775808; -pub const INT_FAST32_MIN: i64 = -9223372036854775808; -pub const INT_FAST8_MAX: u32 = 127; -pub const INT_FAST16_MAX: u64 = 9223372036854775807; -pub const INT_FAST32_MAX: u64 = 9223372036854775807; -pub const UINT_FAST8_MAX: u32 = 255; -pub const UINT_FAST16_MAX: i32 = -1; -pub const UINT_FAST32_MAX: i32 = -1; -pub const INTPTR_MIN: i64 = -9223372036854775808; -pub const INTPTR_MAX: u64 = 9223372036854775807; -pub const UINTPTR_MAX: i32 = -1; -pub const PTRDIFF_MIN: i64 = -9223372036854775808; -pub const PTRDIFF_MAX: u64 = 9223372036854775807; -pub const SIG_ATOMIC_MIN: i32 = -2147483648; -pub const SIG_ATOMIC_MAX: u32 = 2147483647; -pub const SIZE_MAX: i32 = -1; -pub const WINT_MIN: u32 = 0; -pub const WINT_MAX: u32 = 4294967295; -pub const HYPERCALL_KAFL_RAX_ID: u32 = 31; -pub const HYPERCALL_KAFL_ACQUIRE: u32 = 0; -pub const HYPERCALL_KAFL_GET_PAYLOAD: u32 = 1; -pub const HYPERCALL_KAFL_GET_PROGRAM: u32 = 2; -pub const HYPERCALL_KAFL_GET_ARGV: u32 = 3; -pub const HYPERCALL_KAFL_RELEASE: u32 = 4; -pub const HYPERCALL_KAFL_SUBMIT_CR3: u32 = 5; -pub const HYPERCALL_KAFL_SUBMIT_PANIC: u32 = 6; -pub const HYPERCALL_KAFL_SUBMIT_KASAN: u32 = 7; -pub const HYPERCALL_KAFL_PANIC: u32 = 8; -pub const HYPERCALL_KAFL_KASAN: u32 = 9; -pub const HYPERCALL_KAFL_LOCK: u32 = 10; -pub const HYPERCALL_KAFL_INFO: u32 = 11; -pub const HYPERCALL_KAFL_NEXT_PAYLOAD: u32 = 12; -pub const HYPERCALL_KAFL_PRINTF: u32 = 13; -pub const HYPERCALL_KAFL_PRINTK_ADDR: u32 = 14; -pub const HYPERCALL_KAFL_PRINTK: u32 = 15; -pub const HYPERCALL_KAFL_USER_RANGE_ADVISE: u32 = 16; -pub const HYPERCALL_KAFL_USER_SUBMIT_MODE: u32 = 17; -pub const HYPERCALL_KAFL_USER_FAST_ACQUIRE: u32 = 18; -pub const HYPERCALL_KAFL_USER_ABORT: u32 = 20; -pub const HYPERCALL_KAFL_TIMEOUT: u32 = 21; -pub const HYPERCALL_KAFL_RANGE_SUBMIT: u32 = 29; -pub const HYPERCALL_KAFL_REQ_STREAM_DATA: u32 = 30; -pub const HYPERCALL_KAFL_PANIC_EXTENDED: u32 = 32; -pub const HYPERCALL_KAFL_CREATE_TMP_SNAPSHOT: u32 = 33; -pub const HYPERCALL_KAFL_DEBUG_TMP_SNAPSHOT: u32 = 34; -pub const HYPERCALL_KAFL_GET_HOST_CONFIG: u32 = 35; -pub const HYPERCALL_KAFL_SET_AGENT_CONFIG: u32 = 36; -pub const HYPERCALL_KAFL_DUMP_FILE: u32 = 37; -pub const HYPERCALL_KAFL_REQ_STREAM_DATA_BULK: u32 = 38; -pub const HYPERCALL_KAFL_PERSIST_PAGE_PAST_SNAPSHOT: u32 = 39; -pub const HYPERTRASH_HYPERCALL_MASK: u32 = 2852126720; -pub const HYPERCALL_KAFL_NESTED_PREPARE: u32 = 2852126720; -pub const HYPERCALL_KAFL_NESTED_CONFIG: u32 = 2852126721; -pub const HYPERCALL_KAFL_NESTED_ACQUIRE: u32 = 2852126722; -pub const HYPERCALL_KAFL_NESTED_RELEASE: u32 = 2852126723; -pub const HYPERCALL_KAFL_NESTED_HPRINTF: u32 = 2852126724; -pub const HPRINTF_MAX_SIZE: u32 = 4096; -pub const KAFL_MODE_64: u32 = 0; -pub const KAFL_MODE_32: u32 = 1; -pub const KAFL_MODE_16: u32 = 2; -pub const NYX_HOST_MAGIC: u32 = 1215854926; -pub const NYX_AGENT_MAGIC: u32 = 1098414414; -pub const NYX_HOST_VERSION: u32 = 2; -pub const NYX_AGENT_VERSION: u32 = 1; -pub type __gnuc_va_list = __builtin_va_list; -pub type va_list = __builtin_va_list; -pub type __u_char = ::std::os::raw::c_uchar; -pub type __u_short = ::std::os::raw::c_ushort; -pub type __u_int = ::std::os::raw::c_uint; -pub type __u_long = ::std::os::raw::c_ulong; -pub type __int8_t = ::std::os::raw::c_schar; -pub type __uint8_t = ::std::os::raw::c_uchar; -pub type __int16_t = ::std::os::raw::c_short; -pub type __uint16_t = ::std::os::raw::c_ushort; -pub type __int32_t = ::std::os::raw::c_int; -pub type __uint32_t = ::std::os::raw::c_uint; -pub type __int64_t = ::std::os::raw::c_long; -pub type __uint64_t = ::std::os::raw::c_ulong; -pub type __int_least8_t = __int8_t; -pub type __uint_least8_t = __uint8_t; -pub type __int_least16_t = __int16_t; -pub type __uint_least16_t = __uint16_t; -pub type __int_least32_t = __int32_t; -pub type __uint_least32_t = __uint32_t; -pub type __int_least64_t = __int64_t; -pub type __uint_least64_t = __uint64_t; -pub type __quad_t = ::std::os::raw::c_long; -pub type __u_quad_t = ::std::os::raw::c_ulong; -pub type __intmax_t = ::std::os::raw::c_long; -pub type __uintmax_t = ::std::os::raw::c_ulong; -pub type __dev_t = ::std::os::raw::c_ulong; -pub type __uid_t = ::std::os::raw::c_uint; -pub type __gid_t = ::std::os::raw::c_uint; -pub type __ino_t = ::std::os::raw::c_ulong; -pub type __ino64_t = ::std::os::raw::c_ulong; -pub type __mode_t = ::std::os::raw::c_uint; -pub type __nlink_t = ::std::os::raw::c_ulong; -pub type __off_t = ::std::os::raw::c_long; -pub type __off64_t = ::std::os::raw::c_long; -pub type __pid_t = ::std::os::raw::c_int; -#[repr(C)] -#[derive(Debug, Default, Copy, Clone)] -pub struct __fsid_t { - pub __val: [::std::os::raw::c_int; 2usize], -} -#[allow(clippy::unnecessary_operation, clippy::identity_op)] -const _: () = { - ["Size of __fsid_t"][::std::mem::size_of::<__fsid_t>() - 8usize]; - ["Alignment of __fsid_t"][::std::mem::align_of::<__fsid_t>() - 4usize]; - ["Offset of field: __fsid_t::__val"][::std::mem::offset_of!(__fsid_t, __val) - 0usize]; -}; -pub type __clock_t = ::std::os::raw::c_long; -pub type __rlim_t = ::std::os::raw::c_ulong; -pub type __rlim64_t = ::std::os::raw::c_ulong; -pub type __id_t = ::std::os::raw::c_uint; -pub type __time_t = ::std::os::raw::c_long; -pub type __useconds_t = ::std::os::raw::c_uint; -pub type __suseconds_t = ::std::os::raw::c_long; -pub type __suseconds64_t = ::std::os::raw::c_long; -pub type __daddr_t = ::std::os::raw::c_int; -pub type __key_t = ::std::os::raw::c_int; -pub type __clockid_t = ::std::os::raw::c_int; -pub type __timer_t = *mut ::std::os::raw::c_void; -pub type __blksize_t = ::std::os::raw::c_long; -pub type __blkcnt_t = ::std::os::raw::c_long; -pub type __blkcnt64_t = ::std::os::raw::c_long; -pub type __fsblkcnt_t = ::std::os::raw::c_ulong; -pub type __fsblkcnt64_t = ::std::os::raw::c_ulong; -pub type __fsfilcnt_t = ::std::os::raw::c_ulong; -pub type __fsfilcnt64_t = ::std::os::raw::c_ulong; -pub type __fsword_t = ::std::os::raw::c_long; -pub type __ssize_t = ::std::os::raw::c_long; -pub type __syscall_slong_t = ::std::os::raw::c_long; -pub type __syscall_ulong_t = ::std::os::raw::c_ulong; -pub type __loff_t = __off64_t; -pub type __caddr_t = *mut ::std::os::raw::c_char; -pub type __intptr_t = ::std::os::raw::c_long; -pub type __socklen_t = ::std::os::raw::c_uint; -pub type __sig_atomic_t = ::std::os::raw::c_int; -#[repr(C)] -#[derive(Copy, Clone)] -pub struct __mbstate_t { - pub __count: ::std::os::raw::c_int, - pub __value: __mbstate_t__bindgen_ty_1, -} -#[repr(C)] -#[derive(Copy, Clone)] -pub union __mbstate_t__bindgen_ty_1 { - pub __wch: ::std::os::raw::c_uint, - pub __wchb: [::std::os::raw::c_char; 4usize], -} -#[allow(clippy::unnecessary_operation, clippy::identity_op)] -const _: () = { - ["Size of __mbstate_t__bindgen_ty_1"] - [::std::mem::size_of::<__mbstate_t__bindgen_ty_1>() - 4usize]; - ["Alignment of __mbstate_t__bindgen_ty_1"] - [::std::mem::align_of::<__mbstate_t__bindgen_ty_1>() - 4usize]; - ["Offset of field: __mbstate_t__bindgen_ty_1::__wch"] - [::std::mem::offset_of!(__mbstate_t__bindgen_ty_1, __wch) - 0usize]; - ["Offset of field: __mbstate_t__bindgen_ty_1::__wchb"] - [::std::mem::offset_of!(__mbstate_t__bindgen_ty_1, __wchb) - 0usize]; -}; -impl Default for __mbstate_t__bindgen_ty_1 { - fn default() -> Self { - let mut s = ::std::mem::MaybeUninit::::uninit(); - unsafe { - ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); - s.assume_init() - } - } -} -impl ::std::fmt::Debug for __mbstate_t__bindgen_ty_1 { - fn fmt(&self, f: &mut ::std::fmt::Formatter<'_>) -> ::std::fmt::Result { - write!(f, "__mbstate_t__bindgen_ty_1 {{ union }}") - } -} -#[allow(clippy::unnecessary_operation, clippy::identity_op)] -const _: () = { - ["Size of __mbstate_t"][::std::mem::size_of::<__mbstate_t>() - 8usize]; - ["Alignment of __mbstate_t"][::std::mem::align_of::<__mbstate_t>() - 4usize]; - ["Offset of field: __mbstate_t::__count"] - [::std::mem::offset_of!(__mbstate_t, __count) - 0usize]; - ["Offset of field: __mbstate_t::__value"] - [::std::mem::offset_of!(__mbstate_t, __value) - 4usize]; -}; -impl Default for __mbstate_t { - fn default() -> Self { - let mut s = ::std::mem::MaybeUninit::::uninit(); - unsafe { - ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); - s.assume_init() - } - } -} -impl ::std::fmt::Debug for __mbstate_t { - fn fmt(&self, f: &mut ::std::fmt::Formatter<'_>) -> ::std::fmt::Result { - write!( - f, - "__mbstate_t {{ __count: {:?}, __value: {:?} }}", - self.__count, self.__value - ) - } -} -#[repr(C)] -#[derive(Copy, Clone)] -pub struct _G_fpos_t { - pub __pos: __off_t, - pub __state: __mbstate_t, -} -#[allow(clippy::unnecessary_operation, clippy::identity_op)] -const _: () = { - ["Size of _G_fpos_t"][::std::mem::size_of::<_G_fpos_t>() - 16usize]; - ["Alignment of _G_fpos_t"][::std::mem::align_of::<_G_fpos_t>() - 8usize]; - ["Offset of field: _G_fpos_t::__pos"][::std::mem::offset_of!(_G_fpos_t, __pos) - 0usize]; - ["Offset of field: _G_fpos_t::__state"][::std::mem::offset_of!(_G_fpos_t, __state) - 8usize]; -}; -impl Default for _G_fpos_t { - fn default() -> Self { - let mut s = ::std::mem::MaybeUninit::::uninit(); - unsafe { - ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); - s.assume_init() - } - } -} -impl ::std::fmt::Debug for _G_fpos_t { - fn fmt(&self, f: &mut ::std::fmt::Formatter<'_>) -> ::std::fmt::Result { - write!( - f, - "_G_fpos_t {{ __pos: {:?}, __state: {:?} }}", - self.__pos, self.__state - ) - } -} -pub type __fpos_t = _G_fpos_t; -#[repr(C)] -#[derive(Copy, Clone)] -pub struct _G_fpos64_t { - pub __pos: __off64_t, - pub __state: __mbstate_t, -} -#[allow(clippy::unnecessary_operation, clippy::identity_op)] -const _: () = { - ["Size of _G_fpos64_t"][::std::mem::size_of::<_G_fpos64_t>() - 16usize]; - ["Alignment of _G_fpos64_t"][::std::mem::align_of::<_G_fpos64_t>() - 8usize]; - ["Offset of field: _G_fpos64_t::__pos"][::std::mem::offset_of!(_G_fpos64_t, __pos) - 0usize]; - ["Offset of field: _G_fpos64_t::__state"] - [::std::mem::offset_of!(_G_fpos64_t, __state) - 8usize]; -}; -impl Default for _G_fpos64_t { - fn default() -> Self { - let mut s = ::std::mem::MaybeUninit::::uninit(); - unsafe { - ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); - s.assume_init() - } - } -} -impl ::std::fmt::Debug for _G_fpos64_t { - fn fmt(&self, f: &mut ::std::fmt::Formatter<'_>) -> ::std::fmt::Result { - write!( - f, - "_G_fpos64_t {{ __pos: {:?}, __state: {:?} }}", - self.__pos, self.__state - ) - } -} -pub type __fpos64_t = _G_fpos64_t; -pub type __FILE = _IO_FILE; -pub type FILE = _IO_FILE; -#[repr(C)] -#[derive(Debug, Copy, Clone)] -pub struct _IO_marker { - _unused: [u8; 0], -} -#[repr(C)] -#[derive(Debug, Copy, Clone)] -pub struct _IO_codecvt { - _unused: [u8; 0], -} -#[repr(C)] -#[derive(Debug, Copy, Clone)] -pub struct _IO_wide_data { - _unused: [u8; 0], -} -pub type _IO_lock_t = ::std::os::raw::c_void; -#[repr(C)] -#[derive(Debug, Copy, Clone)] -pub struct _IO_FILE { - pub _flags: ::std::os::raw::c_int, - pub _IO_read_ptr: *mut ::std::os::raw::c_char, - pub _IO_read_end: *mut ::std::os::raw::c_char, - pub _IO_read_base: *mut ::std::os::raw::c_char, - pub _IO_write_base: *mut ::std::os::raw::c_char, - pub _IO_write_ptr: *mut ::std::os::raw::c_char, - pub _IO_write_end: *mut ::std::os::raw::c_char, - pub _IO_buf_base: *mut ::std::os::raw::c_char, - pub _IO_buf_end: *mut ::std::os::raw::c_char, - pub _IO_save_base: *mut ::std::os::raw::c_char, - pub _IO_backup_base: *mut ::std::os::raw::c_char, - pub _IO_save_end: *mut ::std::os::raw::c_char, - pub _markers: *mut _IO_marker, - pub _chain: *mut _IO_FILE, - pub _fileno: ::std::os::raw::c_int, - pub _bitfield_align_1: [u32; 0], - pub _bitfield_1: __BindgenBitfieldUnit<[u8; 3usize]>, - pub _short_backupbuf: [::std::os::raw::c_char; 1usize], - pub _old_offset: __off_t, - pub _cur_column: ::std::os::raw::c_ushort, - pub _vtable_offset: ::std::os::raw::c_schar, - pub _shortbuf: [::std::os::raw::c_char; 1usize], - pub _lock: *mut _IO_lock_t, - pub _offset: __off64_t, - pub _codecvt: *mut _IO_codecvt, - pub _wide_data: *mut _IO_wide_data, - pub _freeres_list: *mut _IO_FILE, - pub _freeres_buf: *mut ::std::os::raw::c_void, - pub _prevchain: *mut *mut _IO_FILE, - pub _mode: ::std::os::raw::c_int, - pub _unused2: [::std::os::raw::c_char; 20usize], -} -#[allow(clippy::unnecessary_operation, clippy::identity_op)] -const _: () = { - ["Size of _IO_FILE"][::std::mem::size_of::<_IO_FILE>() - 216usize]; - ["Alignment of _IO_FILE"][::std::mem::align_of::<_IO_FILE>() - 8usize]; - ["Offset of field: _IO_FILE::_flags"][::std::mem::offset_of!(_IO_FILE, _flags) - 0usize]; - ["Offset of field: _IO_FILE::_IO_read_ptr"] - [::std::mem::offset_of!(_IO_FILE, _IO_read_ptr) - 8usize]; - ["Offset of field: _IO_FILE::_IO_read_end"] - [::std::mem::offset_of!(_IO_FILE, _IO_read_end) - 16usize]; - ["Offset of field: _IO_FILE::_IO_read_base"] - [::std::mem::offset_of!(_IO_FILE, _IO_read_base) - 24usize]; - ["Offset of field: _IO_FILE::_IO_write_base"] - [::std::mem::offset_of!(_IO_FILE, _IO_write_base) - 32usize]; - ["Offset of field: _IO_FILE::_IO_write_ptr"] - [::std::mem::offset_of!(_IO_FILE, _IO_write_ptr) - 40usize]; - ["Offset of field: _IO_FILE::_IO_write_end"] - [::std::mem::offset_of!(_IO_FILE, _IO_write_end) - 48usize]; - ["Offset of field: _IO_FILE::_IO_buf_base"] - [::std::mem::offset_of!(_IO_FILE, _IO_buf_base) - 56usize]; - ["Offset of field: _IO_FILE::_IO_buf_end"] - [::std::mem::offset_of!(_IO_FILE, _IO_buf_end) - 64usize]; - ["Offset of field: _IO_FILE::_IO_save_base"] - [::std::mem::offset_of!(_IO_FILE, _IO_save_base) - 72usize]; - ["Offset of field: _IO_FILE::_IO_backup_base"] - [::std::mem::offset_of!(_IO_FILE, _IO_backup_base) - 80usize]; - ["Offset of field: _IO_FILE::_IO_save_end"] - [::std::mem::offset_of!(_IO_FILE, _IO_save_end) - 88usize]; - ["Offset of field: _IO_FILE::_markers"][::std::mem::offset_of!(_IO_FILE, _markers) - 96usize]; - ["Offset of field: _IO_FILE::_chain"][::std::mem::offset_of!(_IO_FILE, _chain) - 104usize]; - ["Offset of field: _IO_FILE::_fileno"][::std::mem::offset_of!(_IO_FILE, _fileno) - 112usize]; - ["Offset of field: _IO_FILE::_short_backupbuf"] - [::std::mem::offset_of!(_IO_FILE, _short_backupbuf) - 119usize]; - ["Offset of field: _IO_FILE::_old_offset"] - [::std::mem::offset_of!(_IO_FILE, _old_offset) - 120usize]; - ["Offset of field: _IO_FILE::_cur_column"] - [::std::mem::offset_of!(_IO_FILE, _cur_column) - 128usize]; - ["Offset of field: _IO_FILE::_vtable_offset"] - [::std::mem::offset_of!(_IO_FILE, _vtable_offset) - 130usize]; - ["Offset of field: _IO_FILE::_shortbuf"] - [::std::mem::offset_of!(_IO_FILE, _shortbuf) - 131usize]; - ["Offset of field: _IO_FILE::_lock"][::std::mem::offset_of!(_IO_FILE, _lock) - 136usize]; - ["Offset of field: _IO_FILE::_offset"][::std::mem::offset_of!(_IO_FILE, _offset) - 144usize]; - ["Offset of field: _IO_FILE::_codecvt"][::std::mem::offset_of!(_IO_FILE, _codecvt) - 152usize]; - ["Offset of field: _IO_FILE::_wide_data"] - [::std::mem::offset_of!(_IO_FILE, _wide_data) - 160usize]; - ["Offset of field: _IO_FILE::_freeres_list"] - [::std::mem::offset_of!(_IO_FILE, _freeres_list) - 168usize]; - ["Offset of field: _IO_FILE::_freeres_buf"] - [::std::mem::offset_of!(_IO_FILE, _freeres_buf) - 176usize]; - ["Offset of field: _IO_FILE::_prevchain"] - [::std::mem::offset_of!(_IO_FILE, _prevchain) - 184usize]; - ["Offset of field: _IO_FILE::_mode"][::std::mem::offset_of!(_IO_FILE, _mode) - 192usize]; - ["Offset of field: _IO_FILE::_unused2"][::std::mem::offset_of!(_IO_FILE, _unused2) - 196usize]; -}; -impl Default for _IO_FILE { - fn default() -> Self { - let mut s = ::std::mem::MaybeUninit::::uninit(); - unsafe { - ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); - s.assume_init() - } - } -} -impl _IO_FILE { - #[inline] - pub fn _flags2(&self) -> ::std::os::raw::c_int { - unsafe { ::std::mem::transmute(self._bitfield_1.get(0usize, 24u8) as u32) } - } - #[inline] - pub fn set__flags2(&mut self, val: ::std::os::raw::c_int) { - unsafe { - let val: u32 = ::std::mem::transmute(val); - self._bitfield_1.set(0usize, 24u8, val as u64) - } - } - #[inline] - pub unsafe fn _flags2_raw(this: *const Self) -> ::std::os::raw::c_int { - unsafe { - ::std::mem::transmute(<__BindgenBitfieldUnit<[u8; 3usize]>>::raw_get( - ::std::ptr::addr_of!((*this)._bitfield_1), - 0usize, - 24u8, - ) as u32) - } - } - #[inline] - pub unsafe fn set__flags2_raw(this: *mut Self, val: ::std::os::raw::c_int) { - unsafe { - let val: u32 = ::std::mem::transmute(val); - <__BindgenBitfieldUnit<[u8; 3usize]>>::raw_set( - ::std::ptr::addr_of_mut!((*this)._bitfield_1), - 0usize, - 24u8, - val as u64, - ) - } - } - #[inline] - pub fn new_bitfield_1(_flags2: ::std::os::raw::c_int) -> __BindgenBitfieldUnit<[u8; 3usize]> { - let mut __bindgen_bitfield_unit: __BindgenBitfieldUnit<[u8; 3usize]> = Default::default(); - __bindgen_bitfield_unit.set(0usize, 24u8, { - let _flags2: u32 = unsafe { ::std::mem::transmute(_flags2) }; - _flags2 as u64 - }); - __bindgen_bitfield_unit - } -} -pub type cookie_read_function_t = ::std::option::Option< - unsafe extern "C" fn( - __cookie: *mut ::std::os::raw::c_void, - __buf: *mut ::std::os::raw::c_char, - __nbytes: usize, - ) -> __ssize_t, ->; -pub type cookie_write_function_t = ::std::option::Option< - unsafe extern "C" fn( - __cookie: *mut ::std::os::raw::c_void, - __buf: *const ::std::os::raw::c_char, - __nbytes: usize, - ) -> __ssize_t, ->; -pub type cookie_seek_function_t = ::std::option::Option< - unsafe extern "C" fn( - __cookie: *mut ::std::os::raw::c_void, - __pos: *mut __off64_t, - __w: ::std::os::raw::c_int, - ) -> ::std::os::raw::c_int, ->; -pub type cookie_close_function_t = ::std::option::Option< - unsafe extern "C" fn(__cookie: *mut ::std::os::raw::c_void) -> ::std::os::raw::c_int, ->; -#[repr(C)] -#[derive(Debug, Default, Copy, Clone)] -pub struct _IO_cookie_io_functions_t { - pub read: cookie_read_function_t, - pub write: cookie_write_function_t, - pub seek: cookie_seek_function_t, - pub close: cookie_close_function_t, -} -#[allow(clippy::unnecessary_operation, clippy::identity_op)] -const _: () = { - ["Size of _IO_cookie_io_functions_t"] - [::std::mem::size_of::<_IO_cookie_io_functions_t>() - 32usize]; - ["Alignment of _IO_cookie_io_functions_t"] - [::std::mem::align_of::<_IO_cookie_io_functions_t>() - 8usize]; - ["Offset of field: _IO_cookie_io_functions_t::read"] - [::std::mem::offset_of!(_IO_cookie_io_functions_t, read) - 0usize]; - ["Offset of field: _IO_cookie_io_functions_t::write"] - [::std::mem::offset_of!(_IO_cookie_io_functions_t, write) - 8usize]; - ["Offset of field: _IO_cookie_io_functions_t::seek"] - [::std::mem::offset_of!(_IO_cookie_io_functions_t, seek) - 16usize]; - ["Offset of field: _IO_cookie_io_functions_t::close"] - [::std::mem::offset_of!(_IO_cookie_io_functions_t, close) - 24usize]; -}; -pub type cookie_io_functions_t = _IO_cookie_io_functions_t; -pub type off_t = __off_t; -pub type fpos_t = __fpos_t; -unsafe extern "C" { - pub static mut stdin: *mut FILE; -} -unsafe extern "C" { - pub static mut stdout: *mut FILE; -} -unsafe extern "C" { - pub static mut stderr: *mut FILE; -} -unsafe extern "C" { - pub fn remove(__filename: *const ::std::os::raw::c_char) -> ::std::os::raw::c_int; -} -unsafe extern "C" { - pub fn rename( - __old: *const ::std::os::raw::c_char, - __new: *const ::std::os::raw::c_char, - ) -> ::std::os::raw::c_int; -} -unsafe extern "C" { - pub fn renameat( - __oldfd: ::std::os::raw::c_int, - __old: *const ::std::os::raw::c_char, - __newfd: ::std::os::raw::c_int, - __new: *const ::std::os::raw::c_char, - ) -> ::std::os::raw::c_int; -} -unsafe extern "C" { - pub fn fclose(__stream: *mut FILE) -> ::std::os::raw::c_int; -} -unsafe extern "C" { - pub fn tmpfile() -> *mut FILE; -} -unsafe extern "C" { - pub fn tmpnam(arg1: *mut ::std::os::raw::c_char) -> *mut ::std::os::raw::c_char; -} -unsafe extern "C" { - pub fn tmpnam_r(__s: *mut ::std::os::raw::c_char) -> *mut ::std::os::raw::c_char; -} -unsafe extern "C" { - pub fn tempnam( - __dir: *const ::std::os::raw::c_char, - __pfx: *const ::std::os::raw::c_char, - ) -> *mut ::std::os::raw::c_char; -} -unsafe extern "C" { - pub fn fflush(__stream: *mut FILE) -> ::std::os::raw::c_int; -} -unsafe extern "C" { - pub fn fflush_unlocked(__stream: *mut FILE) -> ::std::os::raw::c_int; -} -unsafe extern "C" { - pub fn fopen( - __filename: *const ::std::os::raw::c_char, - __modes: *const ::std::os::raw::c_char, - ) -> *mut FILE; -} -unsafe extern "C" { - pub fn freopen( - __filename: *const ::std::os::raw::c_char, - __modes: *const ::std::os::raw::c_char, - __stream: *mut FILE, - ) -> *mut FILE; -} -unsafe extern "C" { - pub fn fdopen(__fd: ::std::os::raw::c_int, __modes: *const ::std::os::raw::c_char) - -> *mut FILE; -} -unsafe extern "C" { - pub fn fopencookie( - __magic_cookie: *mut ::std::os::raw::c_void, - __modes: *const ::std::os::raw::c_char, - __io_funcs: cookie_io_functions_t, - ) -> *mut FILE; -} -unsafe extern "C" { - pub fn fmemopen( - __s: *mut ::std::os::raw::c_void, - __len: usize, - __modes: *const ::std::os::raw::c_char, - ) -> *mut FILE; -} -unsafe extern "C" { - pub fn open_memstream( - __bufloc: *mut *mut ::std::os::raw::c_char, - __sizeloc: *mut usize, - ) -> *mut FILE; -} -unsafe extern "C" { - pub fn setbuf(__stream: *mut FILE, __buf: *mut ::std::os::raw::c_char); -} -unsafe extern "C" { - pub fn setvbuf( - __stream: *mut FILE, - __buf: *mut ::std::os::raw::c_char, - __modes: ::std::os::raw::c_int, - __n: usize, - ) -> ::std::os::raw::c_int; -} -unsafe extern "C" { - pub fn setbuffer(__stream: *mut FILE, __buf: *mut ::std::os::raw::c_char, __size: usize); -} -unsafe extern "C" { - pub fn setlinebuf(__stream: *mut FILE); -} -unsafe extern "C" { - pub fn fprintf( - __stream: *mut FILE, - __format: *const ::std::os::raw::c_char, - ... - ) -> ::std::os::raw::c_int; -} -unsafe extern "C" { - pub fn printf(__format: *const ::std::os::raw::c_char, ...) -> ::std::os::raw::c_int; -} -unsafe extern "C" { - pub fn sprintf( - __s: *mut ::std::os::raw::c_char, - __format: *const ::std::os::raw::c_char, - ... - ) -> ::std::os::raw::c_int; -} -unsafe extern "C" { - pub fn vfprintf( - __s: *mut FILE, - __format: *const ::std::os::raw::c_char, - __arg: *mut __va_list_tag, - ) -> ::std::os::raw::c_int; -} -unsafe extern "C" { - pub fn vprintf( - __format: *const ::std::os::raw::c_char, - __arg: *mut __va_list_tag, - ) -> ::std::os::raw::c_int; -} -unsafe extern "C" { - pub fn vsprintf( - __s: *mut ::std::os::raw::c_char, - __format: *const ::std::os::raw::c_char, - __arg: *mut __va_list_tag, - ) -> ::std::os::raw::c_int; -} -unsafe extern "C" { - pub fn snprintf( - __s: *mut ::std::os::raw::c_char, - __maxlen: ::std::os::raw::c_ulong, - __format: *const ::std::os::raw::c_char, - ... - ) -> ::std::os::raw::c_int; -} -unsafe extern "C" { - pub fn vsnprintf( - __s: *mut ::std::os::raw::c_char, - __maxlen: ::std::os::raw::c_ulong, - __format: *const ::std::os::raw::c_char, - __arg: *mut __va_list_tag, - ) -> ::std::os::raw::c_int; -} -unsafe extern "C" { - pub fn vasprintf( - __ptr: *mut *mut ::std::os::raw::c_char, - __f: *const ::std::os::raw::c_char, - __arg: *mut __va_list_tag, - ) -> ::std::os::raw::c_int; -} -unsafe extern "C" { - pub fn __asprintf( - __ptr: *mut *mut ::std::os::raw::c_char, - __fmt: *const ::std::os::raw::c_char, - ... - ) -> ::std::os::raw::c_int; -} -unsafe extern "C" { - pub fn asprintf( - __ptr: *mut *mut ::std::os::raw::c_char, - __fmt: *const ::std::os::raw::c_char, - ... - ) -> ::std::os::raw::c_int; -} -unsafe extern "C" { - pub fn vdprintf( - __fd: ::std::os::raw::c_int, - __fmt: *const ::std::os::raw::c_char, - __arg: *mut __va_list_tag, - ) -> ::std::os::raw::c_int; -} -unsafe extern "C" { - pub fn dprintf( - __fd: ::std::os::raw::c_int, - __fmt: *const ::std::os::raw::c_char, - ... - ) -> ::std::os::raw::c_int; -} -unsafe extern "C" { - pub fn fscanf( - __stream: *mut FILE, - __format: *const ::std::os::raw::c_char, - ... - ) -> ::std::os::raw::c_int; -} -unsafe extern "C" { - pub fn scanf(__format: *const ::std::os::raw::c_char, ...) -> ::std::os::raw::c_int; -} -unsafe extern "C" { - pub fn sscanf( - __s: *const ::std::os::raw::c_char, - __format: *const ::std::os::raw::c_char, - ... - ) -> ::std::os::raw::c_int; -} -pub type __cfloat128 = __BindgenComplex; -pub type _Float128 = u128; -pub type _Float32 = f32; -pub type _Float64 = f64; -pub type _Float32x = f64; -pub type _Float64x = u128; -unsafe extern "C" { - #[link_name = "\u{1}__isoc99_fscanf"] - pub fn fscanf1( - __stream: *mut FILE, - __format: *const ::std::os::raw::c_char, - ... - ) -> ::std::os::raw::c_int; -} -unsafe extern "C" { - #[link_name = "\u{1}__isoc99_scanf"] - pub fn scanf1(__format: *const ::std::os::raw::c_char, ...) -> ::std::os::raw::c_int; -} -unsafe extern "C" { - #[link_name = "\u{1}__isoc99_sscanf"] - pub fn sscanf1( - __s: *const ::std::os::raw::c_char, - __format: *const ::std::os::raw::c_char, - ... - ) -> ::std::os::raw::c_int; -} -unsafe extern "C" { - pub fn vfscanf( - __s: *mut FILE, - __format: *const ::std::os::raw::c_char, - __arg: *mut __va_list_tag, - ) -> ::std::os::raw::c_int; -} -unsafe extern "C" { - pub fn vscanf( - __format: *const ::std::os::raw::c_char, - __arg: *mut __va_list_tag, - ) -> ::std::os::raw::c_int; -} -unsafe extern "C" { - pub fn vsscanf( - __s: *const ::std::os::raw::c_char, - __format: *const ::std::os::raw::c_char, - __arg: *mut __va_list_tag, - ) -> ::std::os::raw::c_int; -} -unsafe extern "C" { - #[link_name = "\u{1}__isoc99_vfscanf"] - pub fn vfscanf1( - __s: *mut FILE, - __format: *const ::std::os::raw::c_char, - __arg: *mut __va_list_tag, - ) -> ::std::os::raw::c_int; -} -unsafe extern "C" { - #[link_name = "\u{1}__isoc99_vscanf"] - pub fn vscanf1( - __format: *const ::std::os::raw::c_char, - __arg: *mut __va_list_tag, - ) -> ::std::os::raw::c_int; -} -unsafe extern "C" { - #[link_name = "\u{1}__isoc99_vsscanf"] - pub fn vsscanf1( - __s: *const ::std::os::raw::c_char, - __format: *const ::std::os::raw::c_char, - __arg: *mut __va_list_tag, - ) -> ::std::os::raw::c_int; -} -unsafe extern "C" { - pub fn fgetc(__stream: *mut FILE) -> ::std::os::raw::c_int; -} -unsafe extern "C" { - pub fn getc(__stream: *mut FILE) -> ::std::os::raw::c_int; -} -unsafe extern "C" { - pub fn getchar() -> ::std::os::raw::c_int; -} -unsafe extern "C" { - pub fn getc_unlocked(__stream: *mut FILE) -> ::std::os::raw::c_int; -} -unsafe extern "C" { - pub fn getchar_unlocked() -> ::std::os::raw::c_int; -} -unsafe extern "C" { - pub fn fgetc_unlocked(__stream: *mut FILE) -> ::std::os::raw::c_int; -} -unsafe extern "C" { - pub fn fputc(__c: ::std::os::raw::c_int, __stream: *mut FILE) -> ::std::os::raw::c_int; -} -unsafe extern "C" { - pub fn putc(__c: ::std::os::raw::c_int, __stream: *mut FILE) -> ::std::os::raw::c_int; -} -unsafe extern "C" { - pub fn putchar(__c: ::std::os::raw::c_int) -> ::std::os::raw::c_int; -} -unsafe extern "C" { - pub fn fputc_unlocked(__c: ::std::os::raw::c_int, __stream: *mut FILE) - -> ::std::os::raw::c_int; -} -unsafe extern "C" { - pub fn putc_unlocked(__c: ::std::os::raw::c_int, __stream: *mut FILE) -> ::std::os::raw::c_int; -} -unsafe extern "C" { - pub fn putchar_unlocked(__c: ::std::os::raw::c_int) -> ::std::os::raw::c_int; -} -unsafe extern "C" { - pub fn getw(__stream: *mut FILE) -> ::std::os::raw::c_int; -} -unsafe extern "C" { - pub fn putw(__w: ::std::os::raw::c_int, __stream: *mut FILE) -> ::std::os::raw::c_int; -} -unsafe extern "C" { - pub fn fgets( - __s: *mut ::std::os::raw::c_char, - __n: ::std::os::raw::c_int, - __stream: *mut FILE, - ) -> *mut ::std::os::raw::c_char; -} -unsafe extern "C" { - pub fn __getdelim( - __lineptr: *mut *mut ::std::os::raw::c_char, - __n: *mut usize, - __delimiter: ::std::os::raw::c_int, - __stream: *mut FILE, - ) -> __ssize_t; -} -unsafe extern "C" { - pub fn getdelim( - __lineptr: *mut *mut ::std::os::raw::c_char, - __n: *mut usize, - __delimiter: ::std::os::raw::c_int, - __stream: *mut FILE, - ) -> __ssize_t; -} -unsafe extern "C" { - pub fn getline( - __lineptr: *mut *mut ::std::os::raw::c_char, - __n: *mut usize, - __stream: *mut FILE, - ) -> __ssize_t; -} -unsafe extern "C" { - pub fn fputs(__s: *const ::std::os::raw::c_char, __stream: *mut FILE) -> ::std::os::raw::c_int; -} -unsafe extern "C" { - pub fn puts(__s: *const ::std::os::raw::c_char) -> ::std::os::raw::c_int; -} -unsafe extern "C" { - pub fn ungetc(__c: ::std::os::raw::c_int, __stream: *mut FILE) -> ::std::os::raw::c_int; -} -unsafe extern "C" { - pub fn fread( - __ptr: *mut ::std::os::raw::c_void, - __size: ::std::os::raw::c_ulong, - __n: ::std::os::raw::c_ulong, - __stream: *mut FILE, - ) -> ::std::os::raw::c_ulong; -} -unsafe extern "C" { - pub fn fwrite( - __ptr: *const ::std::os::raw::c_void, - __size: ::std::os::raw::c_ulong, - __n: ::std::os::raw::c_ulong, - __s: *mut FILE, - ) -> ::std::os::raw::c_ulong; -} -unsafe extern "C" { - pub fn fread_unlocked( - __ptr: *mut ::std::os::raw::c_void, - __size: usize, - __n: usize, - __stream: *mut FILE, - ) -> usize; -} -unsafe extern "C" { - pub fn fwrite_unlocked( - __ptr: *const ::std::os::raw::c_void, - __size: usize, - __n: usize, - __stream: *mut FILE, - ) -> usize; -} -unsafe extern "C" { - pub fn fseek( - __stream: *mut FILE, - __off: ::std::os::raw::c_long, - __whence: ::std::os::raw::c_int, - ) -> ::std::os::raw::c_int; -} -unsafe extern "C" { - pub fn ftell(__stream: *mut FILE) -> ::std::os::raw::c_long; -} -unsafe extern "C" { - pub fn rewind(__stream: *mut FILE); -} -unsafe extern "C" { - pub fn fseeko( - __stream: *mut FILE, - __off: __off_t, - __whence: ::std::os::raw::c_int, - ) -> ::std::os::raw::c_int; -} -unsafe extern "C" { - pub fn ftello(__stream: *mut FILE) -> __off_t; -} -unsafe extern "C" { - pub fn fgetpos(__stream: *mut FILE, __pos: *mut fpos_t) -> ::std::os::raw::c_int; -} -unsafe extern "C" { - pub fn fsetpos(__stream: *mut FILE, __pos: *const fpos_t) -> ::std::os::raw::c_int; -} -unsafe extern "C" { - pub fn clearerr(__stream: *mut FILE); -} -unsafe extern "C" { - pub fn feof(__stream: *mut FILE) -> ::std::os::raw::c_int; -} -unsafe extern "C" { - pub fn ferror(__stream: *mut FILE) -> ::std::os::raw::c_int; -} -unsafe extern "C" { - pub fn clearerr_unlocked(__stream: *mut FILE); -} -unsafe extern "C" { - pub fn feof_unlocked(__stream: *mut FILE) -> ::std::os::raw::c_int; -} -unsafe extern "C" { - pub fn ferror_unlocked(__stream: *mut FILE) -> ::std::os::raw::c_int; -} -unsafe extern "C" { - pub fn perror(__s: *const ::std::os::raw::c_char); -} -unsafe extern "C" { - pub fn fileno(__stream: *mut FILE) -> ::std::os::raw::c_int; -} -unsafe extern "C" { - pub fn fileno_unlocked(__stream: *mut FILE) -> ::std::os::raw::c_int; -} -unsafe extern "C" { - pub fn pclose(__stream: *mut FILE) -> ::std::os::raw::c_int; -} -unsafe extern "C" { - pub fn popen( - __command: *const ::std::os::raw::c_char, - __modes: *const ::std::os::raw::c_char, - ) -> *mut FILE; -} -unsafe extern "C" { - pub fn ctermid(__s: *mut ::std::os::raw::c_char) -> *mut ::std::os::raw::c_char; -} -unsafe extern "C" { - pub fn flockfile(__stream: *mut FILE); -} -unsafe extern "C" { - pub fn ftrylockfile(__stream: *mut FILE) -> ::std::os::raw::c_int; -} -unsafe extern "C" { - pub fn funlockfile(__stream: *mut FILE); -} -unsafe extern "C" { - pub fn __uflow(arg1: *mut FILE) -> ::std::os::raw::c_int; -} -unsafe extern "C" { - pub fn __overflow(arg1: *mut FILE, arg2: ::std::os::raw::c_int) -> ::std::os::raw::c_int; -} -pub type int_least8_t = __int_least8_t; -pub type int_least16_t = __int_least16_t; -pub type int_least32_t = __int_least32_t; -pub type int_least64_t = __int_least64_t; -pub type uint_least8_t = __uint_least8_t; -pub type uint_least16_t = __uint_least16_t; -pub type uint_least32_t = __uint_least32_t; -pub type uint_least64_t = __uint_least64_t; -pub type int_fast8_t = ::std::os::raw::c_schar; -pub type int_fast16_t = ::std::os::raw::c_long; -pub type int_fast32_t = ::std::os::raw::c_long; -pub type int_fast64_t = ::std::os::raw::c_long; -pub type uint_fast8_t = ::std::os::raw::c_uchar; -pub type uint_fast16_t = ::std::os::raw::c_ulong; -pub type uint_fast32_t = ::std::os::raw::c_ulong; -pub type uint_fast64_t = ::std::os::raw::c_ulong; -pub type intmax_t = __intmax_t; -pub type uintmax_t = __uintmax_t; -#[repr(C)] -#[derive(Debug, Default)] -pub struct _bindgen_ty_1 { - pub size: i32, - pub data: __IncompleteArrayField, -} -#[allow(clippy::unnecessary_operation, clippy::identity_op)] -const _: () = { - ["Size of _bindgen_ty_1"][::std::mem::size_of::<_bindgen_ty_1>() - 4usize]; - ["Alignment of _bindgen_ty_1"][::std::mem::align_of::<_bindgen_ty_1>() - 4usize]; - ["Offset of field: _bindgen_ty_1::size"][::std::mem::offset_of!(_bindgen_ty_1, size) - 0usize]; - ["Offset of field: _bindgen_ty_1::data"][::std::mem::offset_of!(_bindgen_ty_1, data) - 4usize]; -}; -pub type kAFL_payload = _bindgen_ty_1; -#[repr(C)] -#[derive(Debug, Default, Copy, Clone)] -pub struct _bindgen_ty_2 { - pub ip: [u64; 4usize], - pub size: [u64; 4usize], - pub enabled: [u8; 4usize], -} -#[allow(clippy::unnecessary_operation, clippy::identity_op)] -const _: () = { - ["Size of _bindgen_ty_2"][::std::mem::size_of::<_bindgen_ty_2>() - 72usize]; - ["Alignment of _bindgen_ty_2"][::std::mem::align_of::<_bindgen_ty_2>() - 8usize]; - ["Offset of field: _bindgen_ty_2::ip"][::std::mem::offset_of!(_bindgen_ty_2, ip) - 0usize]; - ["Offset of field: _bindgen_ty_2::size"][::std::mem::offset_of!(_bindgen_ty_2, size) - 32usize]; - ["Offset of field: _bindgen_ty_2::enabled"] - [::std::mem::offset_of!(_bindgen_ty_2, enabled) - 64usize]; -}; -pub type kAFL_ranges = _bindgen_ty_2; -#[repr(C, packed)] -#[derive(Debug, Default, Copy, Clone)] -pub struct host_config_t { - pub host_magic: u32, - pub host_version: u32, - pub bitmap_size: u32, - pub ijon_bitmap_size: u32, - pub payload_buffer_size: u32, - pub worker_id: u32, -} -#[allow(clippy::unnecessary_operation, clippy::identity_op)] -const _: () = { - ["Size of host_config_t"][::std::mem::size_of::() - 24usize]; - ["Alignment of host_config_t"][::std::mem::align_of::() - 1usize]; - ["Offset of field: host_config_t::host_magic"] - [::std::mem::offset_of!(host_config_t, host_magic) - 0usize]; - ["Offset of field: host_config_t::host_version"] - [::std::mem::offset_of!(host_config_t, host_version) - 4usize]; - ["Offset of field: host_config_t::bitmap_size"] - [::std::mem::offset_of!(host_config_t, bitmap_size) - 8usize]; - ["Offset of field: host_config_t::ijon_bitmap_size"] - [::std::mem::offset_of!(host_config_t, ijon_bitmap_size) - 12usize]; - ["Offset of field: host_config_t::payload_buffer_size"] - [::std::mem::offset_of!(host_config_t, payload_buffer_size) - 16usize]; - ["Offset of field: host_config_t::worker_id"] - [::std::mem::offset_of!(host_config_t, worker_id) - 20usize]; -}; -#[repr(C, packed)] -#[derive(Debug, Default, Copy, Clone)] -pub struct _bindgen_ty_3 { - pub agent_magic: u32, - pub agent_version: u32, - pub agent_timeout_detection: u8, - pub agent_tracing: u8, - pub agent_ijon_tracing: u8, - pub agent_non_reload_mode: u8, - pub trace_buffer_vaddr: u64, - pub ijon_trace_buffer_vaddr: u64, - pub coverage_bitmap_size: u32, - pub input_buffer_size: u32, - pub dump_payloads: u8, -} -#[allow(clippy::unnecessary_operation, clippy::identity_op)] -const _: () = { - ["Size of _bindgen_ty_3"][::std::mem::size_of::<_bindgen_ty_3>() - 37usize]; - ["Alignment of _bindgen_ty_3"][::std::mem::align_of::<_bindgen_ty_3>() - 1usize]; - ["Offset of field: _bindgen_ty_3::agent_magic"] - [::std::mem::offset_of!(_bindgen_ty_3, agent_magic) - 0usize]; - ["Offset of field: _bindgen_ty_3::agent_version"] - [::std::mem::offset_of!(_bindgen_ty_3, agent_version) - 4usize]; - ["Offset of field: _bindgen_ty_3::agent_timeout_detection"] - [::std::mem::offset_of!(_bindgen_ty_3, agent_timeout_detection) - 8usize]; - ["Offset of field: _bindgen_ty_3::agent_tracing"] - [::std::mem::offset_of!(_bindgen_ty_3, agent_tracing) - 9usize]; - ["Offset of field: _bindgen_ty_3::agent_ijon_tracing"] - [::std::mem::offset_of!(_bindgen_ty_3, agent_ijon_tracing) - 10usize]; - ["Offset of field: _bindgen_ty_3::agent_non_reload_mode"] - [::std::mem::offset_of!(_bindgen_ty_3, agent_non_reload_mode) - 11usize]; - ["Offset of field: _bindgen_ty_3::trace_buffer_vaddr"] - [::std::mem::offset_of!(_bindgen_ty_3, trace_buffer_vaddr) - 12usize]; - ["Offset of field: _bindgen_ty_3::ijon_trace_buffer_vaddr"] - [::std::mem::offset_of!(_bindgen_ty_3, ijon_trace_buffer_vaddr) - 20usize]; - ["Offset of field: _bindgen_ty_3::coverage_bitmap_size"] - [::std::mem::offset_of!(_bindgen_ty_3, coverage_bitmap_size) - 28usize]; - ["Offset of field: _bindgen_ty_3::input_buffer_size"] - [::std::mem::offset_of!(_bindgen_ty_3, input_buffer_size) - 32usize]; - ["Offset of field: _bindgen_ty_3::dump_payloads"] - [::std::mem::offset_of!(_bindgen_ty_3, dump_payloads) - 36usize]; -}; -pub type agent_config_t = _bindgen_ty_3; -#[repr(C, packed)] -#[derive(Debug, Default, Copy, Clone)] -pub struct kafl_dump_file_t { - pub file_name_str_ptr: u64, - pub data_ptr: u64, - pub bytes: u64, - pub append: u8, -} -#[allow(clippy::unnecessary_operation, clippy::identity_op)] -const _: () = { - ["Size of kafl_dump_file_t"][::std::mem::size_of::() - 25usize]; - ["Alignment of kafl_dump_file_t"][::std::mem::align_of::() - 1usize]; - ["Offset of field: kafl_dump_file_t::file_name_str_ptr"] - [::std::mem::offset_of!(kafl_dump_file_t, file_name_str_ptr) - 0usize]; - ["Offset of field: kafl_dump_file_t::data_ptr"] - [::std::mem::offset_of!(kafl_dump_file_t, data_ptr) - 8usize]; - ["Offset of field: kafl_dump_file_t::bytes"] - [::std::mem::offset_of!(kafl_dump_file_t, bytes) - 16usize]; - ["Offset of field: kafl_dump_file_t::append"] - [::std::mem::offset_of!(kafl_dump_file_t, append) - 24usize]; -}; -#[repr(C, packed)] -#[derive(Debug, Copy, Clone)] -pub struct req_data_bulk_t { - pub file_name: [::std::os::raw::c_char; 256usize], - pub num_addresses: u64, - pub addresses: [u64; 479usize], -} -#[allow(clippy::unnecessary_operation, clippy::identity_op)] -const _: () = { - ["Size of req_data_bulk_t"][::std::mem::size_of::() - 4096usize]; - ["Alignment of req_data_bulk_t"][::std::mem::align_of::() - 1usize]; - ["Offset of field: req_data_bulk_t::file_name"] - [::std::mem::offset_of!(req_data_bulk_t, file_name) - 0usize]; - ["Offset of field: req_data_bulk_t::num_addresses"] - [::std::mem::offset_of!(req_data_bulk_t, num_addresses) - 256usize]; - ["Offset of field: req_data_bulk_t::addresses"] - [::std::mem::offset_of!(req_data_bulk_t, addresses) - 264usize]; -}; -impl Default for req_data_bulk_t { - fn default() -> Self { - let mut s = ::std::mem::MaybeUninit::::uninit(); - unsafe { - ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); - s.assume_init() - } - } -} -pub type __builtin_va_list = [__va_list_tag; 1usize]; -#[repr(C)] -#[derive(Debug, Copy, Clone)] -pub struct __va_list_tag { - pub gp_offset: ::std::os::raw::c_uint, - pub fp_offset: ::std::os::raw::c_uint, - pub overflow_arg_area: *mut ::std::os::raw::c_void, - pub reg_save_area: *mut ::std::os::raw::c_void, -} -#[allow(clippy::unnecessary_operation, clippy::identity_op)] -const _: () = { - ["Size of __va_list_tag"][::std::mem::size_of::<__va_list_tag>() - 24usize]; - ["Alignment of __va_list_tag"][::std::mem::align_of::<__va_list_tag>() - 8usize]; - ["Offset of field: __va_list_tag::gp_offset"] - [::std::mem::offset_of!(__va_list_tag, gp_offset) - 0usize]; - ["Offset of field: __va_list_tag::fp_offset"] - [::std::mem::offset_of!(__va_list_tag, fp_offset) - 4usize]; - ["Offset of field: __va_list_tag::overflow_arg_area"] - [::std::mem::offset_of!(__va_list_tag, overflow_arg_area) - 8usize]; - ["Offset of field: __va_list_tag::reg_save_area"] - [::std::mem::offset_of!(__va_list_tag, reg_save_area) - 16usize]; -}; -impl Default for __va_list_tag { - fn default() -> Self { - let mut s = ::std::mem::MaybeUninit::::uninit(); - unsafe { - ::std::ptr::write_bytes(s.as_mut_ptr(), 0, 1); - s.assume_init() - } - } -} diff --git a/crates/libafl_qemu/src/command/lqemu/mod.rs b/crates/libafl_qemu/src/command/lqemu/mod.rs new file mode 100644 index 00000000000..777281dabfc --- /dev/null +++ b/crates/libafl_qemu/src/command/lqemu/mod.rs @@ -0,0 +1,538 @@ +use std::{ + fmt, + fmt::{Debug, Display, Formatter}, + ops::Range, +}; + +use enum_map::Enum; +use libafl::{executors::ExitKind, inputs::HasTargetBytes}; +use libafl_qemu_sys::GuestAddr; +#[cfg(feature = "systemmode")] +use libafl_qemu_sys::GuestPhysAddr; +use num_enum::TryFromPrimitive; +use paste::paste; + +pub mod parser; +use parser::{ + EndCommandParser, LoadCommandParser, LqprintfCommandParser, SaveCommandParser, + StartVirtCommandParser, TestCommandParser, VaddrFilterAllowRangeCommandParser, + VersionCommandParser, +}; +#[cfg(feature = "systemmode")] +use parser::{SetMapCommandParser, StartPhysCommandParser}; + +use super::{CommandError, IsCommand, IsStdCommandManager}; +use crate::{ + Emulator, EmulatorDriverError, EmulatorDriverResult, EmulatorExitResult, GuestReg, + InputLocation, InputSetter, IsSnapshotManager, Regs, StdEmulatorDriver, + define_std_command_manager_bound, define_std_command_manager_inner, + modules::{EmulatorModuleTuple, utils::filters::HasStdFiltersTuple}, +}; +#[cfg(feature = "systemmode")] +use crate::{MapKind, QemuMemoryChunk}; + +pub const VERSION_MAJOR: u64 = libvharness_sys::LQEMU_VERSION_MAJOR as u64; +pub const VERSION_MINOR: u64 = libvharness_sys::LQEMU_VERSION_MINOR as u64; + +#[cfg(feature = "usermode")] +define_std_command_manager_bound!( + StdCommandManager, + HasTargetBytes, + [ + StartCommand, + SaveCommand, + LoadCommand, + EndCommand, + VersionCommand, + AddressAllowCommand, + LqprintfCommand, + TestCommand + ], + [ + StartVirtCommandParser, + SaveCommandParser, + LoadCommandParser, + EndCommandParser, + VersionCommandParser, + VaddrFilterAllowRangeCommandParser, + LqprintfCommandParser, + TestCommandParser + ] +); + +#[cfg(feature = "systemmode")] +define_std_command_manager_bound!( + StdCommandManager, + HasTargetBytes, + [ + StartCommand, + SaveCommand, + LoadCommand, + EndCommand, + VersionCommand, + AddressAllowCommand, + LqprintfCommand, + TestCommand, + SetMapCommand + ], + [ + StartPhysCommandParser, + StartVirtCommandParser, + SaveCommandParser, + LoadCommandParser, + EndCommandParser, + VersionCommandParser, + VaddrFilterAllowRangeCommandParser, + LqprintfCommandParser, + TestCommandParser, + SetMapCommandParser + ] +); + +#[derive(Debug, Clone, Enum, TryFromPrimitive)] +#[repr(u64)] +pub enum NativeExitKind { + Unknown = libvharness_sys::LibaflQemuEndStatus_LIBAFL_QEMU_END_UNKNOWN.0 as u64, // Should not be used + Ok = libvharness_sys::LibaflQemuEndStatus_LIBAFL_QEMU_END_OK.0 as u64, // Normal exit + Crash = libvharness_sys::LibaflQemuEndStatus_LIBAFL_QEMU_END_CRASH.0 as u64, // Crash reported in the VM +} + +#[derive(Debug, Clone)] +pub struct SaveCommand; +impl IsCommand, ET, I, S, SM> for SaveCommand +where + ET: EmulatorModuleTuple, + I: Unpin, + S: Unpin, + SM: IsSnapshotManager, +{ + fn usable_at_runtime(&self) -> bool { + false + } + + fn run( + &self, + emu: &mut Emulator, ET, I, S, SM>, + _ret_reg: Option, + ) -> Result>, EmulatorDriverError> { + let qemu = emu.qemu(); + let snapshot_id = emu.snapshot_manager_mut().save(qemu); + + emu.driver_mut() + .set_snapshot_id(snapshot_id) + .map_err(|_| EmulatorDriverError::MultipleSnapshotDefinition)?; + + Ok(None) + } +} + +#[derive(Debug, Clone)] +pub struct LoadCommand; + +impl IsCommand, ET, I, S, SM> for LoadCommand +where + SM: IsSnapshotManager, +{ + fn usable_at_runtime(&self) -> bool { + false + } + + fn run( + &self, + emu: &mut Emulator, ET, I, S, SM>, + _ret_reg: Option, + ) -> Result>, EmulatorDriverError> { + let qemu = emu.qemu(); + + let snapshot_id = emu + .driver_mut() + .snapshot_id() + .ok_or(EmulatorDriverError::SnapshotNotFound)?; + + emu.snapshot_manager_mut().restore(qemu, &snapshot_id)?; + + #[cfg(feature = "paranoid_debug")] + emu.snapshot_manager_mut().check(qemu, &snapshot_id)?; + + Ok(None) + } +} + +#[derive(Debug, Clone)] +pub struct StartCommand { + input_location: InputLocation, +} + +impl IsCommand, ET, I, S, SM> for StartCommand +where + CM: IsStdCommandManager, + ET: EmulatorModuleTuple + HasStdFiltersTuple, + I: HasTargetBytes + Unpin, + IS: InputSetter, + S: Unpin, + SM: IsSnapshotManager, +{ + fn usable_at_runtime(&self) -> bool { + false + } + + fn run( + &self, + emu: &mut Emulator, ET, I, S, SM>, + _ret_reg: Option, + ) -> Result>, EmulatorDriverError> { + let qemu = emu.qemu(); + + if !emu.command_manager_mut().start() { + // Snapshot VM + let snapshot_id = emu.snapshot_manager_mut().save(qemu); + + // Set snapshot ID to restore to after fuzzing ends + emu.driver_mut() + .set_snapshot_id(snapshot_id) + .map_err(|_| EmulatorDriverError::MultipleSnapshotDefinition)?; + + // Save input location for next runs + emu.driver_mut() + .input_setter_mut() + .set_input_location(self.input_location.clone())?; + + // Auto page filtering if option is enabled + #[cfg(feature = "systemmode")] + if emu.driver_mut().allow_page_on_start() { + if let Some(paging_id) = qemu.current_cpu().unwrap().current_paging_id() { + log::info!("Filter: allow page ID {paging_id}."); + emu.modules_mut().modules_mut().allow_page_id_all(paging_id); + } + } + + // Make sure JIT cache is empty just before starting + qemu.flush_jit(); + + log::info!("Fuzzing starts"); + + return Ok(Some(EmulatorDriverResult::ReturnToClient( + EmulatorExitResult::FuzzingStarts, + ))); + } + + Ok(None) + } +} + +#[derive(Debug, Clone)] +pub struct EndCommand { + exit_kind: Option, +} + +impl IsCommand, StdEmulatorDriver, ET, I, S, SM> + for EndCommand +where + ET: EmulatorModuleTuple, + I: HasTargetBytes + Unpin, + S: Unpin, + SM: IsSnapshotManager, +{ + fn usable_at_runtime(&self) -> bool { + false + } + + fn run( + &self, + emu: &mut Emulator, StdEmulatorDriver, ET, I, S, SM>, + _ret_reg: Option, + ) -> Result>, EmulatorDriverError> { + let qemu = emu.qemu(); + + if !emu.command_manager_mut().has_started() { + return Err(EmulatorDriverError::CommandError( + CommandError::EndBeforeStart, + )); + } + + let snapshot_id = emu + .driver_mut() + .snapshot_id() + .ok_or(EmulatorDriverError::SnapshotNotFound)?; + + emu.snapshot_manager_mut().restore(qemu, &snapshot_id)?; + + #[cfg(feature = "paranoid_debug")] + emu.snapshot_manager_mut().check(qemu, &snapshot_id)?; + + Ok(Some(EmulatorDriverResult::EndOfRun( + self.exit_kind.unwrap(), + ))) + } +} + +#[derive(Debug, Clone)] +pub struct VersionCommand(u64, u64); + +impl IsCommand for VersionCommand { + fn usable_at_runtime(&self) -> bool { + true + } + + fn run( + &self, + _emu: &mut Emulator, + _ret_reg: Option, + ) -> Result>, EmulatorDriverError> { + let major = self.0; + let minor = self.1; + + if VERSION_MAJOR == major && VERSION_MINOR == minor { + Ok(None) + } else { + Err(EmulatorDriverError::CommandError( + CommandError::VersionDifference(major, minor), + )) + } + } +} + +#[cfg(feature = "systemmode")] +#[derive(Debug, Clone)] +pub struct PageAllowCommand { + page_id: GuestPhysAddr, +} + +#[cfg(feature = "systemmode")] +impl IsCommand for PageAllowCommand +where + ET: EmulatorModuleTuple + HasStdFiltersTuple, + I: Unpin, + S: Unpin, +{ + fn usable_at_runtime(&self) -> bool { + true + } + + fn run( + &self, + emu: &mut Emulator, + _ret_reg: Option, + ) -> Result>, EmulatorDriverError> { + emu.modules_mut() + .modules_mut() + .allow_page_id_all(self.page_id); + Ok(None) + } +} + +#[derive(Debug, Clone)] +pub struct AddressAllowCommand { + address_range: Range, +} +impl IsCommand for AddressAllowCommand +where + ET: EmulatorModuleTuple + HasStdFiltersTuple, + I: Unpin, + S: Unpin, +{ + fn usable_at_runtime(&self) -> bool { + true + } + + fn run( + &self, + emu: &mut Emulator, + _ret_reg: Option, + ) -> Result>, EmulatorDriverError> { + emu.modules_mut() + .modules_mut() + .allow_address_range_all(&self.address_range); + Ok(None) + } +} + +#[derive(Debug, Clone)] +pub struct LqprintfCommand { + content: String, +} +impl IsCommand for LqprintfCommand +where + ET: EmulatorModuleTuple, + I: Unpin, + S: Unpin, +{ + fn usable_at_runtime(&self) -> bool { + true + } + + fn run( + &self, + _emu: &mut Emulator, + _ret_reg: Option, + ) -> Result>, EmulatorDriverError> { + print!("LQPRINTF: {}", self.content); + Ok(None) + } +} + +#[derive(Debug, Clone)] +pub struct TestCommand { + expected_value: GuestReg, + received_value: GuestReg, +} +impl IsCommand for TestCommand +where + ET: EmulatorModuleTuple, + I: Unpin, + S: Unpin, +{ + fn usable_at_runtime(&self) -> bool { + true + } + + fn run( + &self, + _emu: &mut Emulator, + _ret_reg: Option, + ) -> Result>, EmulatorDriverError> { + if self.expected_value == self.received_value { + Ok(None) + } else { + Err(EmulatorDriverError::CommandError( + CommandError::TestDifference(self.received_value, self.expected_value), + )) + } + } +} + +#[cfg(feature = "systemmode")] +#[derive(Debug, Clone)] +pub struct SetMapCommand { + kind: MapKind, + map: QemuMemoryChunk, +} + +#[cfg(feature = "systemmode")] +impl IsCommand, ET, I, S, SM> + for SetMapCommand +where + ET: EmulatorModuleTuple, + I: Unpin, + S: Unpin, +{ + fn usable_at_runtime(&self) -> bool { + true + } + + fn run( + &self, + emu: &mut Emulator, ET, I, S, SM>, + _ret_reg: Option, + ) -> Result>, EmulatorDriverError> { + let phys_mem_chunk = self + .map + .to_phys_mem_chunk(emu.qemu()) + .expect("Declared map is not contiguous in memory"); + + assert!( + emu.driver_mut() + .maps_mut() + .insert(self.kind.clone(), phys_mem_chunk) + .is_none(), + "a map is being declared two times" + ); + + Ok(None) + } +} + +#[cfg(feature = "systemmode")] +impl SetMapCommand { + pub fn new(kind: MapKind, map: QemuMemoryChunk) -> Self { + Self { kind, map } + } +} + +impl TestCommand { + #[must_use] + pub fn new(received_value: GuestReg, expected_value: GuestReg) -> Self { + Self { + expected_value, + received_value, + } + } +} + +impl LqprintfCommand { + #[must_use] + pub fn new(content: String) -> Self { + Self { content } + } +} + +impl VersionCommand { + #[must_use] + pub fn new(major: u64, minor: u64) -> Self { + Self(major, minor) + } +} + +impl AddressAllowCommand { + #[must_use] + pub fn new(address_range: Range) -> Self { + Self { address_range } + } +} + +impl Display for SaveCommand { + fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result { + write!(f, "Save VM") + } +} + +impl Display for LoadCommand { + fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result { + write!(f, "Reload VM") + } +} + +impl Display for StartCommand { + fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result { + write!(f, "Start fuzzing with input @{:?}", self.input_location) + } +} + +impl Display for EndCommand { + fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result { + write!(f, "Exit of kind {:?}", self.exit_kind) + } +} + +impl Display for VersionCommand { + fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result { + write!(f, "Client version: {}", self.0) + } +} + +impl Display for AddressAllowCommand { + fn fmt(&self, f: &mut Formatter<'_>) -> fmt::Result { + write!(f, "Addr range allow: {:?}", self.address_range) + } +} + +#[cfg(feature = "systemmode")] +impl Display for PageAllowCommand { + fn fmt(&self, f: &mut Formatter<'_>) -> fmt::Result { + write!(f, "Allowed page: {:?}", self.page_id) + } +} + +impl StartCommand { + #[must_use] + pub fn new(input_location: InputLocation) -> Self { + Self { input_location } + } +} + +impl EndCommand { + #[must_use] + pub fn new(exit_kind: Option) -> Self { + Self { exit_kind } + } +} diff --git a/crates/libafl_qemu/src/command/parser/mod.rs b/crates/libafl_qemu/src/command/lqemu/parser.rs similarity index 55% rename from crates/libafl_qemu/src/command/parser/mod.rs rename to crates/libafl_qemu/src/command/lqemu/parser.rs index 13657491acb..16201667dd0 100644 --- a/crates/libafl_qemu/src/command/parser/mod.rs +++ b/crates/libafl_qemu/src/command/lqemu/parser.rs @@ -1,103 +1,47 @@ +#[cfg(feature = "usermode")] +use std::slice; use std::{ffi::CStr, sync::OnceLock}; use enum_map::{EnumMap, enum_map}; use libafl::{executors::ExitKind, inputs::HasTargetBytes}; -use libafl_qemu_sys::{GuestAddr, GuestPhysAddr, GuestVirtAddr}; +#[cfg(feature = "systemmode")] +use libafl_qemu_sys::GuestPhysAddr; +use libafl_qemu_sys::{GuestAddr, GuestVirtAddr}; use libc::c_uint; +use super::{ + AddressAllowCommand, EndCommand, LoadCommand, LqprintfCommand, NativeExitKind, SaveCommand, + StartCommand, TestCommand, VersionCommand, +}; use crate::{ - GuestReg, IsSnapshotManager, Qemu, QemuMemoryChunk, Regs, StdEmulatorDriver, - command::{ - AddressAllowCommand, CommandError, CommandManager, EndCommand, InputCommand, IsCommand, - LoadCommand, LqprintfCommand, NativeExitKind, SaveCommand, StartCommand, StdCommandManager, - TestCommand, VersionCommand, bindings, - }, + GuestReg, InputLocation, InputSetter, IsSnapshotManager, Qemu, QemuMemoryChunk, Regs, + StdEmulatorDriver, + command::{CommandError, CommandManager, NativeCommandParser, StdCommandManager}, modules::{EmulatorModuleTuple, utils::filters::HasStdFiltersTuple}, sync_exit::ExitArgs, }; - -#[cfg(all(cpu_target = "x86_64", feature = "systemmode"))] -pub mod nyx; +#[cfg(feature = "systemmode")] +use crate::{MapKind, command::lqemu::SetMapCommand}; pub static EMU_EXIT_KIND_MAP: OnceLock>> = OnceLock::new(); -pub trait NativeCommandParser { - type OutputCommand: IsCommand; - - const COMMAND_ID: c_uint; - - fn parse( - qemu: Qemu, - arch_regs_map: &'static EnumMap, - ) -> Result; -} - -pub struct InputPhysCommandParser; -impl NativeCommandParser - for InputPhysCommandParser -where - I: HasTargetBytes, -{ - type OutputCommand = InputCommand; - - const COMMAND_ID: c_uint = bindings::LibaflQemuCommand_LIBAFL_QEMU_COMMAND_INPUT_PHYS.0; - - fn parse( - qemu: Qemu, - arch_regs_map: &'static EnumMap, - ) -> Result { - let input_phys_addr: GuestPhysAddr = qemu.read_reg(arch_regs_map[ExitArgs::Arg1])?.into(); - let max_input_size: GuestReg = qemu.read_reg(arch_regs_map[ExitArgs::Arg2])?; - - Ok(InputCommand::new( - QemuMemoryChunk::phys( - input_phys_addr, - max_input_size, - Some(qemu.current_cpu().unwrap()), - ), - qemu.current_cpu().unwrap(), - )) - } -} - -pub struct InputVirtCommandParser; -impl NativeCommandParser - for InputVirtCommandParser -where - I: HasTargetBytes, -{ - type OutputCommand = InputCommand; - - const COMMAND_ID: c_uint = bindings::LibaflQemuCommand_LIBAFL_QEMU_COMMAND_INPUT_VIRT.0; - - fn parse( - qemu: Qemu, - arch_regs_map: &'static EnumMap, - ) -> Result { - let input_virt_addr: GuestVirtAddr = - qemu.read_reg(arch_regs_map[ExitArgs::Arg1])? as GuestVirtAddr; - let max_input_size: GuestReg = qemu.read_reg(arch_regs_map[ExitArgs::Arg2])?; - - Ok(InputCommand::new( - QemuMemoryChunk::virt(input_virt_addr, max_input_size, qemu.current_cpu().unwrap()), - qemu.current_cpu().unwrap(), - )) - } -} - +#[cfg(feature = "systemmode")] pub struct StartPhysCommandParser; -impl NativeCommandParser, StdEmulatorDriver, ET, I, S, SM> +#[cfg(feature = "systemmode")] +impl + NativeCommandParser, StdEmulatorDriver, ET, I, S, SM> for StartPhysCommandParser where ET: EmulatorModuleTuple + HasStdFiltersTuple, I: HasTargetBytes + Unpin, + IS: InputSetter, S: Unpin, SM: IsSnapshotManager, { type OutputCommand = StartCommand; - const COMMAND_ID: c_uint = bindings::LibaflQemuCommand_LIBAFL_QEMU_COMMAND_START_PHYS.0; + const COMMAND_ID: c_uint = libvharness_sys::LibaflQemuCommand_LIBAFL_QEMU_COMMAND_START_PHYS.0; fn parse( qemu: Qemu, @@ -106,27 +50,32 @@ where let input_phys_addr: GuestPhysAddr = qemu.read_reg(arch_regs_map[ExitArgs::Arg1])?.into(); let max_input_size: GuestReg = qemu.read_reg(arch_regs_map[ExitArgs::Arg2])?; - Ok(StartCommand::new(QemuMemoryChunk::phys( - input_phys_addr, - max_input_size, - Some(qemu.current_cpu().unwrap()), + let memory_chunk = + QemuMemoryChunk::phys(input_phys_addr, max_input_size, qemu.current_cpu()); + + Ok(StartCommand::new(InputLocation::new( + qemu, + &memory_chunk, + Some(arch_regs_map[ExitArgs::Ret]), ))) } } pub struct StartVirtCommandParser; -impl NativeCommandParser, StdEmulatorDriver, ET, I, S, SM> +impl + NativeCommandParser, StdEmulatorDriver, ET, I, S, SM> for StartVirtCommandParser where ET: EmulatorModuleTuple + HasStdFiltersTuple, I: HasTargetBytes + Unpin, + IS: InputSetter, S: Unpin, SM: IsSnapshotManager, { type OutputCommand = StartCommand; - const COMMAND_ID: c_uint = bindings::LibaflQemuCommand_LIBAFL_QEMU_COMMAND_START_VIRT.0; + const COMMAND_ID: c_uint = libvharness_sys::LibaflQemuCommand_LIBAFL_QEMU_COMMAND_START_VIRT.0; fn parse( qemu: Qemu, @@ -136,16 +85,34 @@ where qemu.read_reg(arch_regs_map[ExitArgs::Arg1])? as GuestVirtAddr; let max_input_size: GuestReg = qemu.read_reg(arch_regs_map[ExitArgs::Arg2])?; - Ok(StartCommand::new(QemuMemoryChunk::virt( - input_virt_addr, - max_input_size, - qemu.current_cpu().unwrap(), - ))) + #[cfg(feature = "usermode")] + { + let memory_chunk = unsafe { + slice::from_raw_parts(input_virt_addr as *const u8, max_input_size as usize) + }; + + Ok(StartCommand::new(InputLocation::new( + Box::from(memory_chunk), + Some(arch_regs_map[ExitArgs::Ret]), + ))) + } + + #[cfg(feature = "systemmode")] + { + let memory_chunk = + QemuMemoryChunk::virt(input_virt_addr, max_input_size, qemu.current_cpu().unwrap()); + + Ok(StartCommand::new(InputLocation::new( + qemu, + &memory_chunk, + Some(arch_regs_map[ExitArgs::Ret]), + ))) + } } } pub struct SaveCommandParser; -impl NativeCommandParser +impl NativeCommandParser, ET, I, S, SM> for SaveCommandParser where ET: EmulatorModuleTuple, @@ -155,7 +122,7 @@ where { type OutputCommand = SaveCommand; - const COMMAND_ID: c_uint = bindings::LibaflQemuCommand_LIBAFL_QEMU_COMMAND_SAVE.0; + const COMMAND_ID: c_uint = libvharness_sys::LibaflQemuCommand_LIBAFL_QEMU_COMMAND_SAVE.0; fn parse( _qemu: Qemu, @@ -166,15 +133,15 @@ where } pub struct LoadCommandParser; -impl NativeCommandParser +impl NativeCommandParser, ET, I, S, SM> for LoadCommandParser where - CM: CommandManager, + CM: CommandManager, ET, I, S, SM>, SM: IsSnapshotManager, { type OutputCommand = LoadCommand; - const COMMAND_ID: c_uint = bindings::LibaflQemuCommand_LIBAFL_QEMU_COMMAND_LOAD.0; + const COMMAND_ID: c_uint = libvharness_sys::LibaflQemuCommand_LIBAFL_QEMU_COMMAND_LOAD.0; fn parse( _qemu: Qemu, @@ -186,7 +153,8 @@ where pub struct EndCommandParser; -impl NativeCommandParser, StdEmulatorDriver, ET, I, S, SM> +impl + NativeCommandParser, StdEmulatorDriver, ET, I, S, SM> for EndCommandParser where ET: EmulatorModuleTuple, @@ -196,7 +164,7 @@ where { type OutputCommand = EndCommand; - const COMMAND_ID: c_uint = bindings::LibaflQemuCommand_LIBAFL_QEMU_COMMAND_END.0; + const COMMAND_ID: c_uint = libvharness_sys::LibaflQemuCommand_LIBAFL_QEMU_COMMAND_END.0; fn parse( qemu: Qemu, @@ -225,15 +193,16 @@ impl NativeCommandParser { type OutputCommand = VersionCommand; - const COMMAND_ID: c_uint = bindings::LibaflQemuCommand_LIBAFL_QEMU_COMMAND_VERSION.0; + const COMMAND_ID: c_uint = libvharness_sys::LibaflQemuCommand_LIBAFL_QEMU_COMMAND_VERSION.0; fn parse( qemu: Qemu, arch_regs_map: &'static EnumMap, ) -> Result { - let client_version = qemu.read_reg(arch_regs_map[ExitArgs::Arg1])?.into(); + let major = qemu.read_reg(arch_regs_map[ExitArgs::Arg1])?.into(); + let minor = qemu.read_reg(arch_regs_map[ExitArgs::Arg2])?.into(); - Ok(VersionCommand::new(client_version)) + Ok(VersionCommand::new(major, minor)) } } @@ -247,7 +216,8 @@ where { type OutputCommand = AddressAllowCommand; - const COMMAND_ID: c_uint = bindings::LibaflQemuCommand_LIBAFL_QEMU_COMMAND_VADDR_FILTER_ALLOW.0; + const COMMAND_ID: c_uint = + libvharness_sys::LibaflQemuCommand_LIBAFL_QEMU_COMMAND_VADDR_FILTER_ALLOW.0; fn parse( qemu: Qemu, @@ -268,7 +238,7 @@ where S: Unpin, { type OutputCommand = LqprintfCommand; - const COMMAND_ID: c_uint = bindings::LibaflQemuCommand_LIBAFL_QEMU_COMMAND_LQPRINTF.0; + const COMMAND_ID: c_uint = libvharness_sys::LibaflQemuCommand_LIBAFL_QEMU_COMMAND_LQPRINTF.0; fn parse( qemu: Qemu, @@ -302,7 +272,7 @@ where S: Unpin, { type OutputCommand = TestCommand; - const COMMAND_ID: c_uint = bindings::LibaflQemuCommand_LIBAFL_QEMU_COMMAND_TEST.0; + const COMMAND_ID: c_uint = libvharness_sys::LibaflQemuCommand_LIBAFL_QEMU_COMMAND_TEST.0; fn parse( qemu: Qemu, @@ -312,7 +282,53 @@ where Ok(TestCommand::new( received_value, - GuestReg::from(bindings::LIBAFL_QEMU_TEST_VALUE), + GuestReg::from(libvharness_sys::LIBAFL_QEMU_TEST_VALUE), )) } } + +#[cfg(feature = "systemmode")] +pub struct SetMapCommandParser; +#[cfg(feature = "systemmode")] +impl NativeCommandParser, ET, I, S, SM> + for SetMapCommandParser +where + ET: EmulatorModuleTuple, + I: Unpin, + S: Unpin, +{ + type OutputCommand = SetMapCommand; + const COMMAND_ID: c_uint = libvharness_sys::LibaflQemuCommand_LIBAFL_QEMU_COMMAND_SET_MAP.0; + + fn parse( + qemu: Qemu, + arch_regs_map: &'static EnumMap, + ) -> Result { + let map_addr: GuestReg = qemu.read_reg(arch_regs_map[ExitArgs::Arg1])?; + let map: libvharness_sys::lqemu_map = unsafe { qemu.read_mem_val(map_addr)? }; + + let kind = match map.map_kind { + libvharness_sys::lqemu_map_kind_LQEMU_MAP_COV => MapKind::Cov, + + libvharness_sys::lqemu_map_kind_LQEMU_MAP_CMP => MapKind::Cmp, + + _ => return Err(CommandError::InvalidParameters), + }; + + let map = match map.addr_kind { + libvharness_sys::lqemu_addr_kind_LQEMU_ADDR_PHYS => { + QemuMemoryChunk::phys(map.addr, map.len as GuestAddr, qemu.current_cpu()) + } + + libvharness_sys::lqemu_addr_kind_LQEMU_ADDR_VIRT => QemuMemoryChunk::virt( + map.addr as GuestVirtAddr, + map.len as GuestAddr, + qemu.current_cpu().unwrap(), + ), + + _ => return Err(CommandError::InvalidParameters), + }; + + Ok(SetMapCommand::new(kind, map)) + } +} diff --git a/crates/libafl_qemu/src/command/mod.rs b/crates/libafl_qemu/src/command/mod.rs index 66d00f8f540..b95303e8167 100644 --- a/crates/libafl_qemu/src/command/mod.rs +++ b/crates/libafl_qemu/src/command/mod.rs @@ -1,212 +1,190 @@ use std::{ - fmt, - fmt::{Debug, Display, Formatter}, - marker::PhantomData, - ops::Range, + ffi::c_uint, + fmt::{self, Debug, Display, Formatter}, }; -use enum_map::{Enum, EnumMap}; -use libafl::{executors::ExitKind, inputs::HasTargetBytes}; -use libafl_bolts::AsSlice; -use libafl_qemu_sys::GuestAddr; -#[cfg(feature = "systemmode")] -use libafl_qemu_sys::GuestPhysAddr; -use libc::c_uint; -use num_enum::TryFromPrimitive; -use paste::paste; +use enum_map::EnumMap; use crate::{ - CPU, Emulator, EmulatorDriverError, EmulatorDriverResult, GuestReg, InputLocation, - IsSnapshotManager, Qemu, QemuMemoryChunk, QemuRWError, Regs, StdEmulatorDriver, - command::parser::{ - EndCommandParser, InputPhysCommandParser, InputVirtCommandParser, LoadCommandParser, - LqprintfCommandParser, NativeCommandParser, SaveCommandParser, StartPhysCommandParser, - StartVirtCommandParser, TestCommandParser, VaddrFilterAllowRangeCommandParser, - VersionCommandParser, - }, - get_exit_arch_regs, - modules::{EmulatorModuleTuple, utils::filters::HasStdFiltersTuple}, + Emulator, EmulatorDriverError, EmulatorDriverResult, GuestReg, Qemu, QemuRWError, Regs, sync_exit::ExitArgs, }; -#[cfg(all(cpu_target = "x86_64", feature = "systemmode"))] +pub mod lqemu; +pub use lqemu::{ + AddressAllowCommand, EndCommand, LoadCommand, LqprintfCommand, SaveCommand, SetMapCommand, + StartCommand, StdCommandManager, TestCommand, VersionCommand, +}; + +#[cfg(feature = "nyx")] pub mod nyx; -pub mod parser; - -mod bindings { - #![expect(non_upper_case_globals)] - #![expect(non_camel_case_types)] - #![expect(non_snake_case)] - #![expect(unused)] - #![expect(clippy::all)] - #![expect(clippy::pedantic)] - #![allow(unsafe_op_in_unsafe_fn)] - #![allow(warnings)] - - include!(concat!(env!("OUT_DIR"), "/libafl_qemu_bindings.rs")); + +#[macro_export] +macro_rules! define_std_command_manager_bound { + ($name:ident, $input_bound:ty, [$($command:ty),+], [$($native_command_parser:ty),+]) => { + define_std_command_manager_inner!($name, ($input_bound,), [$($command),+], [$($native_command_parser),+]); + }; } -pub const VERSION: u64 = bindings::LIBAFL_QEMU_HDR_VERSION_NUMBER as u64; +#[macro_export] +macro_rules! define_std_command_manager_type { + ($name:ident, $input_type:ty, [$($command:ty),+], [$($native_command_parser:ty),+]) => { + define_std_command_manager_inner!($name, (), [$($command),+], [$($native_command_parser),+], $input_type); + }; +} -macro_rules! define_std_command_manager { - ($name:ident, [$($command:ty),+], [$($native_command_parser:ty),+]) => { +#[macro_export] +macro_rules! define_std_command_manager_inner { + ($name:ident, ($($input_bound:ty,)?), [$($command:ty),+], [$($native_command_parser:ty),+]$(, $input_type:ty)?) => { paste! { - pub struct $name { - has_started: bool, - phantom: PhantomData, - } + pub use [< $name:snake >]::$name; + + mod [< $name:snake >] { + use super::*; + + use std::{ + fmt, + fmt::{Debug, Formatter}, + marker::PhantomData, + }; + use enum_map::EnumMap; + use $crate::{ + command::{IsStdCommandManager, CommandManager, CommandError, NativeCommandParser, IsCommand}, get_exit_arch_regs, modules::{utils::filters::HasStdFiltersTuple, EmulatorModuleTuple}, sync_exit::ExitArgs, Emulator, EmulatorDriverError, EmulatorDriverResult, IsSnapshotManager, Qemu, Regs, StdEmulatorDriver, InputSetter, + }; + use std::ffi::c_uint; + + pub struct $name { + has_started: bool, + phantom: PhantomData, + } - impl Clone for $name { - fn clone(&self) -> Self { - Self { - has_started: self.has_started, - phantom: PhantomData, + impl IsStdCommandManager for $name { + fn start(&mut self) -> bool { + let tmp = self.has_started; + self.has_started = true; + tmp } - } - } - impl Debug for $name { - fn fmt(&self, f: &mut Formatter<'_>) -> fmt::Result { - write!(f, "{} (has started? {:?})", stringify!($name), self.has_started) + fn has_started(&self) -> bool { + self.has_started + } } - } - impl Default for $name { - fn default() -> Self { - Self { - has_started: false, - phantom: PhantomData, + impl Clone for $name { + fn clone(&self) -> Self { + Self { + has_started: self.has_started, + phantom: PhantomData, + } } } - } - impl $name { - fn start(&mut self) -> bool { - let tmp = self.has_started; - self.has_started = true; - tmp + impl Debug for $name { + fn fmt(&self, f: &mut Formatter<'_>) -> fmt::Result { + write!(f, "{} (has started? {:?})", stringify!($name), self.has_started) + } } - fn has_started(&self) -> bool { - self.has_started + impl Default for $name { + fn default() -> Self { + Self { + has_started: false, + phantom: PhantomData, + } + } } - } - impl CommandManager for $name - where - ET: EmulatorModuleTuple + HasStdFiltersTuple, - I: HasTargetBytes + Unpin, - S: Unpin, - SM: IsSnapshotManager, - { - type Commands = [<$name Commands>]; - - #[deny(unreachable_patterns)] - fn parse(&self, qemu: Qemu) -> Result { - let arch_regs_map: &'static EnumMap = get_exit_arch_regs(); - let cmd_id = qemu.read_reg(arch_regs_map[ExitArgs::Cmd])? as c_uint; - - match cmd_id { - // >::COMMAND_ID => Ok(StdCommandManagerCommands::StartPhysCommandParserCmd(>::parse(qemu, arch_regs_map)?)), - $(<$native_command_parser as NativeCommandParser>::COMMAND_ID => Ok(<$native_command_parser as NativeCommandParser>::parse(qemu, arch_regs_map)?.into())),+, - _ => Err(CommandError::UnknownCommand(cmd_id.into())), + impl CommandManager, ET, I, S, SM> for $name + where + ET: EmulatorModuleTuple + HasStdFiltersTuple, + I: $($input_bound)? + Unpin, + IS: InputSetter, + S: Unpin, + SM: IsSnapshotManager, + { + type Commands = [<$name Commands>]; + + #[deny(unreachable_patterns)] + fn parse(&self, qemu: Qemu) -> Result { + let arch_regs_map: &'static EnumMap = get_exit_arch_regs(); + let cmd_id = qemu.read_reg(arch_regs_map[ExitArgs::Cmd])? as c_uint; + + match cmd_id { + // >::COMMAND_ID => Ok(StdCommandManagerCommands::StartPhysCommandParserCmd(>::parse(qemu, arch_regs_map)?)), + $(<$native_command_parser as NativeCommandParser, ET, I, S, SM>>::COMMAND_ID => Ok(<$native_command_parser as NativeCommandParser, ET, I, S, SM>>::parse(qemu, arch_regs_map)?.into())),+, + _ => Err(CommandError::UnknownCommand(cmd_id.into())), + } } } - } - #[derive(Debug, Clone)] - pub enum [<$name Commands>] - { - // StartPhysCommand(StartPhysCommand) - $($command($command)),+, - } + #[derive(Clone, Debug)] + #[expect(clippy::enum_variant_names)] + pub enum [<$name Commands>] + { + // StartPhysCommand(StartPhysCommand) + $($command($command)),+, + } - impl IsCommand, StdEmulatorDriver, ET, I, S, SM> for [<$name Commands>] - where - ET: EmulatorModuleTuple + HasStdFiltersTuple, - I: HasTargetBytes + Unpin, - S: Unpin, - SM: IsSnapshotManager, - { - fn usable_at_runtime(&self) -> bool { - match self { - $([<$name Commands>]::$command(cmd) => <$command as IsCommand, StdEmulatorDriver, ET, I, S, SM>>::usable_at_runtime(cmd)),+ + impl IsCommand, StdEmulatorDriver, ET, I, S, SM> for [<$name Commands>] + where + ET: EmulatorModuleTuple + HasStdFiltersTuple, + I: $($input_bound)? + Unpin, + IS: InputSetter, + S: Unpin, + SM: IsSnapshotManager, + { + fn usable_at_runtime(&self) -> bool { + match self { + $([<$name Commands>]::$command(cmd) => <$command as IsCommand, StdEmulatorDriver, ET, I, S, SM>>::usable_at_runtime(cmd)),+ + } } - } - fn run(&self, - emu: &mut Emulator, StdEmulatorDriver, ET, I, S, SM>, - state: &mut S, - input: &I, - ret_reg: Option - ) -> Result>, EmulatorDriverError> { - match self { - $([<$name Commands>]::$command(cmd) => cmd.run(emu, state, input, ret_reg)),+ + fn run(&self, + emu: &mut Emulator, StdEmulatorDriver, ET, I, S, SM>, + ret_reg: Option + ) -> Result>, EmulatorDriverError> { + match self { + $([<$name Commands>]::$command(cmd) => cmd.run(emu, ret_reg)),+ + } } } - } - $( - impl From<$command> for [<$name Commands>] { - fn from(cmd: $command) -> [<$name Commands>] { - [<$name Commands>]::$command(cmd) + $( + impl From<$command> for [<$name Commands>] { + fn from(cmd: $command) -> [<$name Commands>] { + [<$name Commands>]::$command(cmd) + } } - } - )+ + )+ + } } }; } -pub trait CommandManager: Sized + Debug { - type Commands: IsCommand; +pub trait NativeCommandParser { + type OutputCommand: IsCommand; - fn parse(&self, qemu: Qemu) -> Result; + const COMMAND_ID: c_uint; + + fn parse( + qemu: Qemu, + arch_regs_map: &'static EnumMap, + ) -> Result; } -#[derive(Debug, Copy, Clone)] -pub struct NopCommandManager; -impl CommandManager for NopCommandManager { - type Commands = NopCommand; +pub trait IsStdCommandManager { + /// Returns whether the command manager has been started already. + fn has_started(&self) -> bool; - fn parse(&self, _qemu: Qemu) -> Result { - Ok(NopCommand) - } + /// Mark the command manager as started. + /// it should return if it has been started before or not. + fn start(&mut self) -> bool; } -define_std_command_manager!( - StdCommandManager, - [ - StartCommand, - InputCommand, - SaveCommand, - LoadCommand, - EndCommand, - VersionCommand, - AddressAllowCommand, - LqprintfCommand, - TestCommand - ], - [ - StartPhysCommandParser, - StartVirtCommandParser, - InputPhysCommandParser, - InputVirtCommandParser, - SaveCommandParser, - LoadCommandParser, - EndCommandParser, - VersionCommandParser, - VaddrFilterAllowRangeCommandParser, - LqprintfCommandParser, - TestCommandParser - ] -); - -#[derive(Debug, Clone, Enum, TryFromPrimitive)] -#[repr(u64)] -pub enum NativeExitKind { - Unknown = bindings::LibaflQemuEndStatus_LIBAFL_QEMU_END_UNKNOWN.0 as u64, // Should not be used - Ok = bindings::LibaflQemuEndStatus_LIBAFL_QEMU_END_OK.0 as u64, // Normal exit - Crash = bindings::LibaflQemuEndStatus_LIBAFL_QEMU_END_CRASH.0 as u64, // Crash reported in the VM +pub trait CommandManager: Sized + Debug { + type Commands: IsCommand; + + fn parse(&self, qemu: Qemu) -> Result; } pub trait IsCommand: Clone + Debug { @@ -223,8 +201,6 @@ pub trait IsCommand: Clone + Debug { fn run( &self, emu: &mut Emulator, - state: &mut S, - input: &I, ret_reg: Option, ) -> Result>, EmulatorDriverError>; } @@ -233,13 +209,24 @@ pub trait IsCommand: Clone + Debug { pub enum CommandError { UnknownCommand(GuestReg), RWError(QemuRWError), - VersionDifference(u64), + VersionDifference(u64, u64), TestDifference(GuestReg, GuestReg), // received, expected + InvalidParameters, StartedTwice, EndBeforeStart, WrongUsage, } +#[derive(Debug, Copy, Clone)] +pub struct NopCommandManager; +impl CommandManager for NopCommandManager { + type Commands = NopCommand; + + fn parse(&self, _qemu: Qemu) -> Result { + Ok(NopCommand) + } +} + impl From for CommandError { fn from(error: QemuRWError) -> Self { CommandError::RWError(error) @@ -263,494 +250,8 @@ impl IsCommand for NopCommand fn run( &self, _emu: &mut Emulator, - _state: &mut S, - _input: &I, _ret_reg: Option, ) -> Result>, EmulatorDriverError> { Ok(None) } } - -#[derive(Debug, Clone)] -pub struct SaveCommand; -impl IsCommand for SaveCommand -where - ET: EmulatorModuleTuple, - I: Unpin, - S: Unpin, - SM: IsSnapshotManager, -{ - fn usable_at_runtime(&self) -> bool { - false - } - - fn run( - &self, - emu: &mut Emulator, - _state: &mut S, - _input: &I, - _ret_reg: Option, - ) -> Result>, EmulatorDriverError> { - let qemu = emu.qemu(); - let snapshot_id = emu.snapshot_manager_mut().save(qemu); - - emu.driver_mut() - .set_snapshot_id(snapshot_id) - .map_err(|_| EmulatorDriverError::MultipleSnapshotDefinition)?; - - Ok(None) - } -} - -#[derive(Debug, Clone)] -pub struct LoadCommand; - -impl IsCommand for LoadCommand -where - // CM: CommandManager, - // ET: EmulatorModuleTuple, - SM: IsSnapshotManager, -{ - fn usable_at_runtime(&self) -> bool { - false - } - - fn run( - &self, - emu: &mut Emulator, - _state: &mut S, - _input: &I, - _ret_reg: Option, - ) -> Result>, EmulatorDriverError> { - let qemu = emu.qemu(); - - let snapshot_id = emu - .driver_mut() - .snapshot_id() - .ok_or(EmulatorDriverError::SnapshotNotFound)?; - - emu.snapshot_manager_mut().restore(qemu, &snapshot_id)?; - - #[cfg(feature = "paranoid_debug")] - emu.snapshot_manager_mut().check(qemu, &snapshot_id)?; - - Ok(None) - } -} - -#[derive(Debug, Clone)] -pub struct InputCommand { - location: QemuMemoryChunk, - cpu: CPU, -} - -impl IsCommand for InputCommand -where - I: HasTargetBytes, -{ - fn usable_at_runtime(&self) -> bool { - true - } - - fn run( - &self, - emu: &mut Emulator, - _state: &mut S, - input: &I, - ret_reg: Option, - ) -> Result>, EmulatorDriverError> { - let qemu = emu.qemu(); - - let ret_value = self - .location - .write(qemu, input.target_bytes().as_slice()) - .unwrap(); - - if let Some(reg) = ret_reg { - self.cpu.write_reg(reg, ret_value).unwrap(); - } - - Ok(None) - } -} - -#[derive(Debug, Clone)] -pub struct StartCommand { - input_location: QemuMemoryChunk, -} -impl IsCommand, StdEmulatorDriver, ET, I, S, SM> - for StartCommand -where - ET: EmulatorModuleTuple + HasStdFiltersTuple, - I: HasTargetBytes + Unpin, - S: Unpin, - SM: IsSnapshotManager, -{ - fn usable_at_runtime(&self) -> bool { - false - } - - fn run( - &self, - emu: &mut Emulator, StdEmulatorDriver, ET, I, S, SM>, - state: &mut S, - input: &I, - ret_reg: Option, - ) -> Result>, EmulatorDriverError> { - if emu.command_manager_mut().start() { - return Err(EmulatorDriverError::CommandError( - CommandError::StartedTwice, - )); - } - - let qemu = emu.qemu(); - - // Snapshot VM - let snapshot_id = emu.snapshot_manager_mut().save(qemu); - - // Set snapshot ID to restore to after fuzzing ends - emu.driver_mut() - .set_snapshot_id(snapshot_id) - .map_err(|_| EmulatorDriverError::MultipleSnapshotDefinition)?; - - // Save input location for next runs - emu.driver_mut() - .set_input_location(InputLocation::new( - self.input_location.clone(), - qemu.current_cpu().unwrap(), - ret_reg, - )) - .unwrap(); - - // Write input to input location - let ret_value = self - .input_location - .write(qemu, input.target_bytes().as_slice()) - .unwrap(); - - // Unleash hooks if locked - if emu.driver_mut().unlock_hooks() { - // Prepare hooks - emu.modules_mut().first_exec_all(qemu, state); - emu.modules_mut().pre_exec_all(qemu, state, input); - } - - // Auto page filtering if option is enabled - #[cfg(feature = "systemmode")] - if emu.driver_mut().allow_page_on_start() { - if let Some(paging_id) = qemu.current_cpu().unwrap().current_paging_id() { - log::info!("Filter: allow page ID {paging_id}."); - emu.modules_mut().modules_mut().allow_page_id_all(paging_id); - } - } - - // Make sure JIT cache is empty just before starting - qemu.flush_jit(); - - // Set input size in return register if there is any - if let Some(reg) = ret_reg { - qemu.write_reg(reg, ret_value).unwrap(); - } - - log::info!("Fuzzing starts"); - - Ok(None) - } -} - -#[derive(Debug, Clone)] -pub struct EndCommand { - exit_kind: Option, -} - -impl IsCommand, StdEmulatorDriver, ET, I, S, SM> - for EndCommand -where - ET: EmulatorModuleTuple, - I: HasTargetBytes + Unpin, - S: Unpin, - SM: IsSnapshotManager, -{ - fn usable_at_runtime(&self) -> bool { - false - } - - fn run( - &self, - emu: &mut Emulator, StdEmulatorDriver, ET, I, S, SM>, - _state: &mut S, - _input: &I, - _ret_reg: Option, - ) -> Result>, EmulatorDriverError> { - let qemu = emu.qemu(); - - if !emu.command_manager_mut().has_started() { - return Err(EmulatorDriverError::CommandError( - CommandError::EndBeforeStart, - )); - } - - let snapshot_id = emu - .driver_mut() - .snapshot_id() - .ok_or(EmulatorDriverError::SnapshotNotFound)?; - - emu.snapshot_manager_mut().restore(qemu, &snapshot_id)?; - - #[cfg(feature = "paranoid_debug")] - emu.snapshot_manager_mut().check(qemu, &snapshot_id)?; - - Ok(Some(EmulatorDriverResult::EndOfRun( - self.exit_kind.unwrap(), - ))) - } -} - -#[derive(Debug, Clone)] -pub struct VersionCommand(u64); - -impl IsCommand for VersionCommand { - fn usable_at_runtime(&self) -> bool { - true - } - - fn run( - &self, - _emu: &mut Emulator, - _state: &mut S, - _input: &I, - _ret_reg: Option, - ) -> Result>, EmulatorDriverError> { - let guest_version = self.0; - - if VERSION == guest_version { - Ok(None) - } else { - Err(EmulatorDriverError::CommandError( - CommandError::VersionDifference(guest_version), - )) - } - } -} - -#[cfg(feature = "systemmode")] -#[derive(Debug, Clone)] -pub struct PageAllowCommand { - page_id: GuestPhysAddr, -} - -#[cfg(feature = "systemmode")] -impl IsCommand for PageAllowCommand -where - ET: EmulatorModuleTuple + HasStdFiltersTuple, - I: Unpin, - S: Unpin, -{ - fn usable_at_runtime(&self) -> bool { - true - } - - fn run( - &self, - emu: &mut Emulator, - _state: &mut S, - _input: &I, - _ret_reg: Option, - ) -> Result>, EmulatorDriverError> { - emu.modules_mut() - .modules_mut() - .allow_page_id_all(self.page_id); - Ok(None) - } -} - -#[derive(Debug, Clone)] -pub struct AddressAllowCommand { - address_range: Range, -} -impl IsCommand for AddressAllowCommand -where - ET: EmulatorModuleTuple + HasStdFiltersTuple, - I: Unpin, - S: Unpin, -{ - fn usable_at_runtime(&self) -> bool { - true - } - - fn run( - &self, - emu: &mut Emulator, - _state: &mut S, - _input: &I, - _ret_reg: Option, - ) -> Result>, EmulatorDriverError> { - emu.modules_mut() - .modules_mut() - .allow_address_range_all(&self.address_range); - Ok(None) - } -} - -#[derive(Debug, Clone)] -pub struct LqprintfCommand { - content: String, -} -impl IsCommand for LqprintfCommand -where - ET: EmulatorModuleTuple, - I: Unpin, - S: Unpin, -{ - fn usable_at_runtime(&self) -> bool { - true - } - - fn run( - &self, - _emu: &mut Emulator, - _state: &mut S, - _input: &I, - _ret_reg: Option, - ) -> Result>, EmulatorDriverError> { - print!("LQPRINTF: {}", self.content); - Ok(None) - } -} - -#[derive(Debug, Clone)] -pub struct TestCommand { - expected_value: GuestReg, - received_value: GuestReg, -} -impl IsCommand for TestCommand -where - ET: EmulatorModuleTuple, - I: Unpin, - S: Unpin, -{ - fn usable_at_runtime(&self) -> bool { - true - } - - fn run( - &self, - _emu: &mut Emulator, - _state: &mut S, - _input: &I, - _ret_reg: Option, - ) -> Result>, EmulatorDriverError> { - if self.expected_value == self.received_value { - Ok(None) - } else { - Err(EmulatorDriverError::CommandError( - CommandError::TestDifference(self.received_value, self.expected_value), - )) - } - } -} - -impl TestCommand { - #[must_use] - pub fn new(received_value: GuestReg, expected_value: GuestReg) -> Self { - Self { - expected_value, - received_value, - } - } -} - -impl LqprintfCommand { - #[must_use] - pub fn new(content: String) -> Self { - Self { content } - } -} - -impl VersionCommand { - #[must_use] - pub fn new(version: u64) -> Self { - Self(version) - } -} - -impl AddressAllowCommand { - #[must_use] - pub fn new(address_range: Range) -> Self { - Self { address_range } - } -} - -impl Display for SaveCommand { - fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result { - write!(f, "Save VM") - } -} - -impl Display for LoadCommand { - fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result { - write!(f, "Reload VM") - } -} - -impl Display for InputCommand { - fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result { - write!(f, "Set fuzzing input @{}", self.location.addr()) - } -} - -impl Display for StartCommand { - fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result { - write!( - f, - "Start fuzzing with input @{}", - self.input_location.addr() - ) - } -} - -impl Display for EndCommand { - fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result { - write!(f, "Exit of kind {:?}", self.exit_kind) - } -} - -impl Display for VersionCommand { - fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result { - write!(f, "Client version: {}", self.0) - } -} - -impl Display for AddressAllowCommand { - fn fmt(&self, f: &mut Formatter<'_>) -> fmt::Result { - write!(f, "Addr range allow: {:?}", self.address_range) - } -} - -#[cfg(feature = "systemmode")] -impl Display for PageAllowCommand { - fn fmt(&self, f: &mut Formatter<'_>) -> fmt::Result { - write!(f, "Allowed page: {:?}", self.page_id) - } -} - -impl StartCommand { - #[must_use] - pub fn new(input_location: QemuMemoryChunk) -> Self { - Self { input_location } - } -} - -impl EndCommand { - #[must_use] - pub fn new(exit_kind: Option) -> Self { - Self { exit_kind } - } -} - -impl InputCommand { - #[must_use] - pub fn new(location: QemuMemoryChunk, cpu: CPU) -> Self { - Self { location, cpu } - } -} diff --git a/crates/libafl_qemu/src/command/nyx.rs b/crates/libafl_qemu/src/command/nyx/mod.rs similarity index 100% rename from crates/libafl_qemu/src/command/nyx.rs rename to crates/libafl_qemu/src/command/nyx/mod.rs diff --git a/crates/libafl_qemu/src/command/parser/nyx.rs b/crates/libafl_qemu/src/command/nyx/parser.rs similarity index 100% rename from crates/libafl_qemu/src/command/parser/nyx.rs rename to crates/libafl_qemu/src/command/nyx/parser.rs diff --git a/crates/libafl_qemu/src/emu/builder.rs b/crates/libafl_qemu/src/emu/builder.rs index e85ce9126ba..4b82bab70c2 100644 --- a/crates/libafl_qemu/src/emu/builder.rs +++ b/crates/libafl_qemu/src/emu/builder.rs @@ -9,7 +9,7 @@ use crate::FastSnapshotManager; use crate::config::QemuConfig; use crate::{ Emulator, NopEmulatorDriver, NopSnapshotManager, Qemu, QemuInitError, QemuParams, - StdEmulatorDriver, StdSnapshotManager, + StdEmulatorDriver, StdInputSetter, StdSnapshotManager, command::{NopCommandManager, StdCommandManager}, config::QemuConfigBuilder, modules::{EmulatorModule, EmulatorModuleTuple}, @@ -63,7 +63,7 @@ impl EmulatorBuilder< C, StdCommandManager, - StdEmulatorDriver, + StdEmulatorDriver, (), QemuConfigBuilder, I, @@ -93,7 +93,7 @@ impl EmulatorBuilder< C, StdCommandManager, - StdEmulatorDriver, + StdEmulatorDriver, (), QemuConfigBuilder, I, diff --git a/crates/libafl_qemu/src/emu/drivers/mod.rs b/crates/libafl_qemu/src/emu/drivers/mod.rs index d2eb5de4fb5..9eb83f13793 100644 --- a/crates/libafl_qemu/src/emu/drivers/mod.rs +++ b/crates/libafl_qemu/src/emu/drivers/mod.rs @@ -1,16 +1,23 @@ //! Emulator Drivers, as the name suggests, drive QEMU execution //! They are used to perform specific actions on the emulator before and / or after QEMU runs. +#[cfg(feature = "systemmode")] +use std::collections::HashMap; use std::{cell::OnceCell, fmt::Debug}; use libafl::{executors::ExitKind, inputs::HasTargetBytes, observers::ObserversTuple}; -use libafl_bolts::os::{CTRL_C_EXIT, unix_signals::Signal}; -use typed_builder::TypedBuilder; +use libafl_bolts::{ + AsSlice, + os::{CTRL_C_EXIT, unix_signals::Signal}, +}; +#[cfg(feature = "systemmode")] +use crate::PhysMemoryChunk; use crate::{ - Emulator, EmulatorExitError, EmulatorExitResult, InputLocation, IsSnapshotManager, QemuError, - QemuShutdownCause, Regs, SnapshotId, SnapshotManagerCheckError, SnapshotManagerError, - command::{CommandError, CommandManager, InputCommand, IsCommand}, + Emulator, EmulatorExitError, EmulatorExitResult, GuestReg, InputLocation, IsSnapshotManager, + Qemu, QemuError, QemuShutdownCause, Regs, SnapshotId, SnapshotManagerCheckError, + SnapshotManagerError, + command::{CommandError, CommandManager, IsCommand}, modules::EmulatorModuleTuple, }; @@ -22,7 +29,7 @@ pub use nyx::{NyxEmulatorDriver, NyxEmulatorDriverBuilder}; #[derive(Debug, Clone)] pub enum EmulatorDriverResult { /// Return to the harness immediately. Can happen at any point of the run when the handler is not supposed to handle a request. - ReturnToHarness(EmulatorExitResult), + ReturnToClient(EmulatorExitResult), /// The run is over and the emulator is ready for the next iteration. EndOfRun(ExitKind), @@ -40,8 +47,10 @@ pub enum EmulatorDriverError { CommandError(CommandError), UnhandledSignal(Signal), MultipleSnapshotDefinition, - MultipleInputDefinition, + MultipleInputLocationDefinition, SnapshotNotFound, + NotStartedYet, + EndBeforeStart, } impl From for EmulatorDriverError { @@ -50,6 +59,107 @@ impl From for EmulatorDriverError { } } +pub trait InputSetter { + /// Set input in the Emulator. + fn write_input( + &mut self, + qemu: Qemu, + state: &mut S, + input: &I, + ) -> Result<(), EmulatorDriverError>; + + /// Set location at which input should be set. + fn set_input_location(&mut self, location: InputLocation) -> Result<(), EmulatorDriverError>; + + /// Get the input location, if it is set. + fn input_location(&self) -> Option<&InputLocation>; +} + +#[derive(Debug, Default)] +pub struct NopInputSetter; + +impl InputSetter for NopInputSetter { + fn write_input( + &mut self, + _qemu: Qemu, + _state: &mut S, + _input: &I, + ) -> Result<(), EmulatorDriverError> { + Ok(()) + } + + fn set_input_location(&mut self, _location: InputLocation) -> Result<(), EmulatorDriverError> { + Ok(()) + } + + fn input_location(&self) -> Option<&InputLocation> { + None + } +} + +#[derive(Debug, Default, Clone)] +pub struct StdInputSetter { + input_location: OnceCell, +} + +impl InputSetter for StdInputSetter +where + I: HasTargetBytes, +{ + fn write_input( + &mut self, + qemu: Qemu, + _state: &mut S, + input: &I, + ) -> Result<(), EmulatorDriverError> { + if let Some(input_location) = self.input_location.get_mut() { + let ret_value = input_location.write(input.target_bytes().as_slice()); + + if let Some(reg) = input_location.ret_register() { + qemu.current_cpu() + .unwrap() // if we end up there, qemu must be running the cpu asking for the input + .write_reg(*reg, ret_value as GuestReg) + .unwrap(); + } + } + + Ok(()) + } + + fn set_input_location(&mut self, location: InputLocation) -> Result<(), EmulatorDriverError> { + self.input_location + .set(location) + .or(Err(EmulatorDriverError::MultipleInputLocationDefinition)) + } + + fn input_location(&self) -> Option<&InputLocation> { + self.input_location.get() + } +} + +#[cfg(feature = "nyx")] +impl NyxInputSetter for SyxInputSetter +where + I: HasTargetBytes + HasConcolicInput + Debug, + IS: NyxInputSetter, + S: HasCurrentTestcase + HasMetadata, +{ + fn set_input_struct_location( + &mut self, + location: InputLocation, + ) -> Result<(), EmulatorDriverError> { + self.inner.set_input_struct_location(location) + } + + fn input_struct_location(&self) -> Option<&InputLocation> { + self.inner.input_struct_location() + } + + fn max_input_size(&self) -> usize { + self.inner.max_input_size() + } +} + /// An Emulator Driver. // TODO remove 'static when specialization will be stable pub trait EmulatorDriver: 'static + Sized @@ -95,12 +205,10 @@ where /// Just after QEMU exits fn post_qemu_exec( _emulator: &mut Emulator, - _state: &mut S, exit_reason: &mut Result, EmulatorExitError>, - _input: &I, ) -> Result>, EmulatorDriverError> { match exit_reason { - Ok(reason) => Ok(Some(EmulatorDriverResult::ReturnToHarness(reason.clone()))), + Ok(reason) => Ok(Some(EmulatorDriverResult::ReturnToClient(reason.clone()))), Err(error) => Err(error.clone().into()), } } @@ -118,28 +226,178 @@ where { } -#[derive(Debug, Clone, Default, TypedBuilder)] +#[derive(Debug, Clone, PartialEq, Eq, Hash)] +pub enum MapKind { + Cov, + Cmp, +} + +pub struct StdEmulatorDriverBuilder { + input_setter: IS, + hooks_locked: bool, + #[cfg(feature = "systemmode")] + allow_page_on_start: bool, + #[cfg(feature = "x86_64")] + process_only: bool, + print_commands: bool, +} + +impl Default for StdEmulatorDriverBuilder +where + IS: Default, +{ + fn default() -> Self { + Self { + input_setter: IS::default(), + hooks_locked: true, + #[cfg(feature = "systemmode")] + allow_page_on_start: false, + #[cfg(feature = "x86_64")] + process_only: false, + print_commands: false, + } + } +} + +impl StdEmulatorDriverBuilder { + pub fn new( + input_setter: IS, + hooks_locked: bool, + #[cfg(feature = "systemmode")] allow_page_on_start: bool, + #[cfg(feature = "x86_64")] process_only: bool, + print_commands: bool, + ) -> Self { + Self { + input_setter, + hooks_locked, + #[cfg(feature = "systemmode")] + allow_page_on_start, + #[cfg(feature = "x86_64")] + process_only, + print_commands, + } + } + + pub fn input_setter(self, input_setter: IS2) -> StdEmulatorDriverBuilder { + StdEmulatorDriverBuilder::new( + input_setter, + self.hooks_locked, + #[cfg(feature = "systemmode")] + self.allow_page_on_start, + #[cfg(feature = "x86_64")] + self.process_only, + self.print_commands, + ) + } + + #[must_use] + pub fn hooks_locked(self, hooks_locked: bool) -> Self { + Self::new( + self.input_setter, + hooks_locked, + #[cfg(feature = "systemmode")] + self.allow_page_on_start, + #[cfg(feature = "x86_64")] + self.process_only, + self.print_commands, + ) + } + + #[cfg(feature = "systemmode")] + pub fn allow_page_on_start(self, allow_page_on_start: bool) -> Self { + Self::new( + self.input_setter, + self.hooks_locked, + allow_page_on_start, + #[cfg(feature = "x86_64")] + self.process_only, + self.print_commands, + ) + } + + #[cfg(feature = "x86_64")] + pub fn process_only(self, process_only: bool) -> Self { + Self::new( + self.input_setter, + self.hooks_locked, + #[cfg(feature = "systemmode")] + self.allow_page_on_start, + process_only, + self.print_commands, + ) + } + + #[must_use] + pub fn print_commands(self, print_commands: bool) -> Self { + Self::new( + self.input_setter, + self.hooks_locked, + #[cfg(feature = "systemmode")] + self.allow_page_on_start, + #[cfg(feature = "x86_64")] + self.process_only, + print_commands, + ) + } + + pub fn build(self) -> StdEmulatorDriver { + StdEmulatorDriver { + input_setter: self.input_setter, + snapshot_id: OnceCell::new(), + hooks_locked: self.hooks_locked, + #[cfg(feature = "systemmode")] + allow_page_on_start: self.allow_page_on_start, + #[cfg(feature = "x86_64")] + process_only: self.process_only, + print_commands: self.print_commands, + #[cfg(feature = "systemmode")] + maps: HashMap::new(), + } + } +} + +#[derive(Debug, Clone, Default)] #[allow(clippy::struct_excessive_bools)] // cfg dependent -pub struct StdEmulatorDriver { - #[builder(default = OnceCell::new())] +pub struct StdEmulatorDriver { + input_setter: IS, snapshot_id: OnceCell, - #[builder(default = OnceCell::new())] - input_location: OnceCell, - #[builder(default = true)] hooks_locked: bool, #[cfg(feature = "systemmode")] - #[builder(default = false)] allow_page_on_start: bool, #[cfg(feature = "x86_64")] - #[builder(default = false)] process_only: bool, - #[builder(default = false)] print_commands: bool, + // maps declared by the VM + #[cfg(feature = "systemmode")] + maps: HashMap, } -impl StdEmulatorDriver { - pub fn set_input_location(&self, input_location: InputLocation) -> Result<(), InputLocation> { - self.input_location.set(input_location) +impl StdEmulatorDriver { + #[must_use] + pub fn builder() -> StdEmulatorDriverBuilder { + StdEmulatorDriverBuilder::::default() + } +} + +impl StdEmulatorDriver { + pub fn write_input( + &mut self, + qemu: Qemu, + state: &mut S, + input: &I, + ) -> Result<(), EmulatorDriverError> + where + IS: InputSetter, + { + self.input_setter.write_input(qemu, state, input) + } + + pub fn input_setter(&self) -> &IS { + &self.input_setter + } + + pub fn input_setter_mut(&mut self) -> &mut IS { + &mut self.input_setter } pub fn set_snapshot_id(&self, snapshot_id: SnapshotId) -> Result<(), SnapshotId> { @@ -166,22 +424,31 @@ impl StdEmulatorDriver { pub fn is_process_only(&self) -> bool { self.process_only } + + #[cfg(feature = "systemmode")] + pub fn maps(&self) -> &HashMap { + &self.maps + } + + #[cfg(feature = "systemmode")] + pub fn maps_mut(&mut self) -> &mut HashMap { + &mut self.maps + } } // TODO: replace handlers with generics to permit compile-time customization of handlers -impl EmulatorDriver for StdEmulatorDriver +impl EmulatorDriver for StdEmulatorDriver where C: IsCommand, CM: CommandManager, ET: EmulatorModuleTuple, I: HasTargetBytes + Unpin, + IS: InputSetter + 'static, S: Unpin, SM: IsSnapshotManager, { fn first_harness_exec(emulator: &mut Emulator, state: &mut S) { - if !emulator.driver.hooks_locked { - emulator.modules.first_exec_all(emulator.qemu, state); - } + emulator.modules.first_exec_all(emulator.qemu, state); } fn pre_harness_exec( @@ -189,20 +456,15 @@ where state: &mut S, input: &I, ) { - if !emulator.driver.hooks_locked { - emulator.modules.pre_exec_all(emulator.qemu, state, input); - } - - let input_location = { emulator.driver.input_location.get().cloned() }; - - if let Some(input_location) = input_location { - let input_command = - InputCommand::new(input_location.mem_chunk.clone(), input_location.cpu); + emulator.modules.pre_exec_all(emulator.qemu, state, input); - input_command - .run(emulator, state, input, input_location.ret_register) - .unwrap(); - } + // set the input in the target, according the input setter + // this should be run iif the emulator is "started". + emulator + .driver + .input_setter + .write_input(emulator.qemu, state, input) + .unwrap(); } fn post_harness_exec( @@ -214,20 +476,16 @@ where ) where OT: ObserversTuple, { - if !emulator.driver.hooks_locked { - emulator - .modules - .post_exec_all(emulator.qemu, state, input, observers, exit_kind); - } + emulator + .modules + .post_exec_all(emulator.qemu, state, input, observers, exit_kind); } fn pre_qemu_exec(_emulator: &mut Emulator, _input: &I) {} fn post_qemu_exec( emulator: &mut Emulator, - state: &mut S, exit_reason: &mut Result, EmulatorExitError>, - input: &I, ) -> Result>, EmulatorDriverError> { let qemu = emulator.qemu(); @@ -236,10 +494,15 @@ where Ok(exit_reason) => exit_reason, Err(exit_error) => match exit_error { EmulatorExitError::UnexpectedExit => { - if let Some(snapshot_id) = emulator.driver.snapshot_id.get() { - emulator.snapshot_manager.restore(qemu, snapshot_id)?; + if emulator.started { + if let Some(snapshot_id) = emulator.driver.snapshot_id.get() { + emulator.snapshot_manager.restore(qemu, snapshot_id)?; + } + + return Ok(Some(EmulatorDriverResult::EndOfRun(ExitKind::Crash))); } - return Ok(Some(EmulatorDriverResult::EndOfRun(ExitKind::Crash))); + + Err(exit_error.clone())? } _ => Err(exit_error.clone())?, }, @@ -267,6 +530,11 @@ where EmulatorExitResult::Timeout => { return Ok(Some(EmulatorDriverResult::EndOfRun(ExitKind::Timeout))); } + EmulatorExitResult::FuzzingStarts => { + return Ok(Some(EmulatorDriverResult::ReturnToClient( + EmulatorExitResult::FuzzingStarts, + ))); + } EmulatorExitResult::Breakpoint(bp) => (bp.trigger(qemu), None), EmulatorExitResult::CustomInsn(custom_insn) => { let command = custom_insn.command().clone(); @@ -279,9 +547,9 @@ where if emulator.driver.print_commands { println!("Received command: {cmd:?}"); } - cmd.run(emulator, state, input, ret_reg) + cmd.run(emulator, ret_reg) } else { - Ok(Some(EmulatorDriverResult::ReturnToHarness( + Ok(Some(EmulatorDriverResult::ReturnToClient( exit_reason.clone(), ))) } @@ -296,7 +564,7 @@ where fn try_from(value: EmulatorDriverResult) -> Result { match value { - EmulatorDriverResult::ReturnToHarness(unhandled_qemu_exit) => { + EmulatorDriverResult::ReturnToClient(unhandled_qemu_exit) => { Err(format!("Unhandled QEMU exit: {:?}", &unhandled_qemu_exit)) } EmulatorDriverResult::EndOfRun(exit_kind) => Ok(exit_kind), diff --git a/crates/libafl_qemu/src/emu/drivers/nyx.rs b/crates/libafl_qemu/src/emu/drivers/nyx.rs index 5bf27ea5f82..f271468eac4 100644 --- a/crates/libafl_qemu/src/emu/drivers/nyx.rs +++ b/crates/libafl_qemu/src/emu/drivers/nyx.rs @@ -1,46 +1,53 @@ use std::{cell::OnceCell, cmp::min, ptr, slice::from_raw_parts}; -use libafl::{executors::ExitKind, inputs::HasTargetBytes, observers::ObserversTuple}; -use libafl_bolts::os::CTRL_C_EXIT; -use typed_builder::TypedBuilder; - -use crate::{ - Emulator, EmulatorDriver, EmulatorDriverError, EmulatorDriverResult, EmulatorExitError, - EmulatorExitResult, InputLocation, IsSnapshotManager, Qemu, QemuError, QemuShutdownCause, Regs, - SnapshotId, - command::{CommandManager, IsCommand, nyx::bindings}, - modules::EmulatorModuleTuple, -}; - -#[derive(Debug, Clone, TypedBuilder)] -#[allow(clippy::struct_excessive_bools)] // cfg dependent -pub struct NyxEmulatorDriver { - #[builder(default = OnceCell::new())] - snapshot_id: OnceCell, - #[builder(default = OnceCell::new())] - input_struct_location: OnceCell, - #[builder(default = OnceCell::new())] +use libafl::inputs::HasTargetBytes; + +use crate::{EmulatorDriverError, InputLocation, InputSetter, Qemu, command::nyx::bindings}; + +#[derive(Clone, Debug)] +pub struct StdNyxInputSetter { input_location: OnceCell, - #[builder(default = true)] - hooks_locked: bool, - #[cfg(feature = "systemmode")] - #[builder(default = false)] - allow_page_on_start: bool, // when fuzzing starts, all modules will only accept the current page table - #[builder(default = false)] - print_commands: bool, - #[builder(default = (1024 * 1024))] + input_struct_location: OnceCell, max_input_size: usize, } -impl NyxEmulatorDriver { +impl Default for StdNyxInputSetter { + fn default() -> Self { + Self { + input_location: OnceCell::new(), + input_struct_location: OnceCell::new(), + max_input_size: 1024 * 1024, + } + } +} + +pub trait NyxInputSetter: InputSetter { + fn set_input_struct_location( + &mut self, + location: InputLocation, + ) -> Result<(), EmulatorDriverError>; + + fn input_struct_location(&self) -> Option<&InputLocation>; + + fn max_input_size(&self) -> usize; +} + +impl StdNyxInputSetter { pub fn max_input_size(&self) -> usize { self.max_input_size } +} - pub fn write_input(&self, qemu: Qemu, input: &I) -> Result<(), QemuError> - where - I: HasTargetBytes, - { +impl InputSetter for StdNyxInputSetter +where + I: HasTargetBytes, +{ + fn write_input( + &mut self, + qemu: Qemu, + _state: &mut S, + input: &I, + ) -> Result<(), EmulatorDriverError> { let input_len = i32::try_from(min(self.max_input_size, input.target_bytes().len())).unwrap(); @@ -71,145 +78,35 @@ impl NyxEmulatorDriver { Ok(()) } - pub fn set_input_location(&self, input_location: InputLocation) -> Result<(), InputLocation> { - self.input_location.set(input_location) - } - - pub fn set_input_struct_location( - &self, - input_struct_location: InputLocation, - ) -> Result<(), InputLocation> { - self.input_struct_location.set(input_struct_location) - } - - pub fn set_snapshot_id(&self, snapshot_id: SnapshotId) -> Result<(), SnapshotId> { - self.snapshot_id.set(snapshot_id) - } - - pub fn snapshot_id(&self) -> Option { - Some(*self.snapshot_id.get()?) - } - - // return if was locked or not - pub fn unlock_hooks(&mut self) -> bool { - let was_locked = self.hooks_locked; - self.hooks_locked = false; - was_locked + fn set_input_location(&mut self, location: InputLocation) -> Result<(), EmulatorDriverError> { + self.input_location + .set(location) + .or(Err(EmulatorDriverError::MultipleInputLocationDefinition)) } - #[cfg(feature = "systemmode")] - pub fn allow_page_on_start(&self) -> bool { - self.allow_page_on_start + fn input_location(&self) -> Option<&InputLocation> { + self.input_location.get() } } -impl EmulatorDriver for NyxEmulatorDriver +impl NyxInputSetter for StdNyxInputSetter where - C: IsCommand, - CM: CommandManager, - ET: EmulatorModuleTuple, - I: HasTargetBytes + Unpin, - S: Unpin, - SM: IsSnapshotManager, + I: HasTargetBytes, { - fn first_harness_exec(emulator: &mut Emulator, state: &mut S) { - if !emulator.driver.hooks_locked { - emulator.modules.first_exec_all(emulator.qemu, state); - } + fn set_input_struct_location( + &mut self, + location: InputLocation, + ) -> Result<(), EmulatorDriverError> { + self.input_struct_location + .set(location) + .or(Err(EmulatorDriverError::MultipleInputLocationDefinition)) } - fn pre_harness_exec( - emulator: &mut Emulator, - state: &mut S, - input: &I, - ) { - if !emulator.driver.hooks_locked { - emulator.modules.pre_exec_all(emulator.qemu, state, input); - } - - if emulator.driver.input_location.get().is_some() { - let qemu = emulator.qemu(); - - emulator.driver.write_input(qemu, input).unwrap(); - } + fn input_struct_location(&self) -> Option<&InputLocation> { + self.input_struct_location.get() } - fn post_harness_exec( - emulator: &mut Emulator, - input: &I, - observers: &mut OT, - state: &mut S, - exit_kind: &mut ExitKind, - ) where - OT: ObserversTuple, - { - if !emulator.driver.hooks_locked { - emulator - .modules - .post_exec_all(emulator.qemu, state, input, observers, exit_kind); - } - } - - fn pre_qemu_exec(_emulator: &mut Emulator, _input: &I) {} - - fn post_qemu_exec( - emulator: &mut Emulator, - state: &mut S, - exit_reason: &mut Result, EmulatorExitError>, - input: &I, - ) -> Result>, EmulatorDriverError> { - let qemu = emulator.qemu(); - - let mut exit_reason = match exit_reason { - Ok(exit_reason) => exit_reason, - Err(exit_error) => match exit_error { - EmulatorExitError::UnexpectedExit => { - if let Some(snapshot_id) = emulator.driver.snapshot_id.get() { - emulator.snapshot_manager.restore(qemu, snapshot_id)?; - } - return Ok(Some(EmulatorDriverResult::EndOfRun(ExitKind::Crash))); - } - _ => Err(exit_error.clone())?, - }, - }; - - let (command, ret_reg): (Option, Option) = match &mut exit_reason { - EmulatorExitResult::QemuExit(shutdown_cause) => match shutdown_cause { - QemuShutdownCause::HostSignal(signal) => { - signal.handle(); - return Err(EmulatorDriverError::UnhandledSignal(*signal)); - } - QemuShutdownCause::GuestPanic => { - return Ok(Some(EmulatorDriverResult::EndOfRun(ExitKind::Crash))); - } - QemuShutdownCause::GuestShutdown | QemuShutdownCause::HostQmpQuit => { - log::warn!("Guest shutdown. Stopping fuzzing..."); - std::process::exit(CTRL_C_EXIT); - } - _ => panic!("Unhandled QEMU shutdown cause: {shutdown_cause:?}."), - }, - EmulatorExitResult::Crash => { - return Ok(Some(EmulatorDriverResult::EndOfRun(ExitKind::Crash))); - } - EmulatorExitResult::Timeout => { - return Ok(Some(EmulatorDriverResult::EndOfRun(ExitKind::Timeout))); - } - EmulatorExitResult::Breakpoint(bp) => (bp.trigger(qemu), None), - EmulatorExitResult::CustomInsn(sync_backdoor) => { - let command = sync_backdoor.command().clone(); - (Some(command), Some(sync_backdoor.ret_reg())) - } - }; - - if let Some(cmd) = command { - if emulator.driver.print_commands { - println!("Received command: {cmd:?}"); - } - cmd.run(emulator, state, input, ret_reg) - } else { - Ok(Some(EmulatorDriverResult::ReturnToHarness( - exit_reason.clone(), - ))) - } + fn max_input_size(&self) -> usize { + self.max_input_size } } diff --git a/crates/libafl_qemu/src/emu/mod.rs b/crates/libafl_qemu/src/emu/mod.rs index 71074125f5f..841672a91c0 100644 --- a/crates/libafl_qemu/src/emu/mod.rs +++ b/crates/libafl_qemu/src/emu/mod.rs @@ -14,8 +14,7 @@ use libafl_qemu_sys::{GuestAddr, GuestPhysAddr, GuestUsize, GuestVirtAddr}; #[cfg(doc)] use crate::modules::EmulatorModule; use crate::{ - CPU, Qemu, QemuExitError, QemuExitReason, QemuHooks, QemuInitError, QemuMemoryChunk, - QemuParams, QemuShutdownCause, Regs, + Qemu, QemuExitError, QemuExitReason, QemuHooks, QemuInitError, QemuParams, QemuShutdownCause, breakpoint::{Breakpoint, BreakpointId}, command::{CommandError, CommandManager, NopCommandManager, StdCommandManager}, modules::EmulatorModuleTuple, @@ -59,6 +58,7 @@ pub enum EmulatorExitResult { CustomInsn(CustomInsn), // Synchronous backdoor: The guest triggered a backdoor and should return to LibAFL. Crash, // Crash Timeout, // Timeout + FuzzingStarts, // The emulator is ready to enter the fuzzing loop. } impl Debug for EmulatorExitResult @@ -82,9 +82,13 @@ where EmulatorExitResult::Timeout => { write!(f, "Timeout") } + EmulatorExitResult::FuzzingStarts => { + write!(f, "Fuzzing starts") + } } } } + #[derive(Debug, Clone)] pub enum EmulatorExitError { UnknownKind, @@ -93,13 +97,6 @@ pub enum EmulatorExitError { BreakpointNotFound(GuestAddr), } -#[derive(Debug, Clone)] -pub struct InputLocation { - mem_chunk: QemuMemoryChunk, - cpu: CPU, - ret_register: Option, -} - /// The high-level interface to [`Qemu`]. /// /// It embeds multiple structures aiming at making QEMU usage easier: @@ -126,6 +123,7 @@ pub struct Emulator { breakpoints_by_addr: RefCell>>, // TODO: change to RC here breakpoints_by_id: RefCell>>, qemu: Qemu, + started: bool, } impl EmulatorDriverResult { @@ -179,27 +177,6 @@ impl From for EmulatorDriverError { } } -impl InputLocation { - #[must_use] - pub fn new(mem_chunk: QemuMemoryChunk, cpu: CPU, ret_register: Option) -> Self { - Self { - mem_chunk, - cpu, - ret_register, - } - } - - #[must_use] - pub fn mem_chunk(&self) -> &QemuMemoryChunk { - &self.mem_chunk - } - - #[must_use] - pub fn ret_register(&self) -> &Option { - &self.ret_register - } -} - impl From for EmulatorDriverError { fn from(error: EmulatorExitError) -> Self { EmulatorDriverError::QemuExitReasonError(error) @@ -229,6 +206,9 @@ where EmulatorExitResult::Timeout => { write!(f, "Timeout") } + EmulatorExitResult::FuzzingStarts => { + write!(f, "Fuzzing starts") + } } } } @@ -255,7 +235,16 @@ impl Emulator Emulator, StdEmulatorDriver, (), I, S, StdSnapshotManager> +impl + Emulator< + C, + StdCommandManager, + StdEmulatorDriver, + (), + I, + S, + StdSnapshotManager, + > where S: HasExecutions + Unpin, I: HasTargetBytes, @@ -264,7 +253,7 @@ where pub fn builder() -> EmulatorBuilder< C, StdCommandManager, - StdEmulatorDriver, + StdEmulatorDriver, (), QemuConfigBuilder, I, @@ -402,6 +391,7 @@ where breakpoints_by_addr: RefCell::new(HashMap::new()), breakpoints_by_id: RefCell::new(HashMap::new()), qemu, + started: false, }; emulator.modules.post_qemu_init_all(qemu); @@ -429,9 +419,12 @@ where /// Of course, the emulated target is not contained securely and can corrupt state or interact with the operating system. pub unsafe fn run( &mut self, - state: &mut S, input: &I, ) -> Result, EmulatorDriverError> { + if !self.started { + return Err(EmulatorDriverError::NotStartedYet); + } + loop { // Insert input if the location is already known ED::pre_qemu_exec(self, input); @@ -442,14 +435,53 @@ where log::debug!("QEMU stopped."); // Handle QEMU exit - if let Some(exit_handler_result) = - ED::post_qemu_exec(self, state, &mut exit_reason, input)? - { + if let Some(exit_handler_result) = ED::post_qemu_exec(self, &mut exit_reason)? { return Ok(exit_handler_result); } } } + /// Start the emulator until a start even occurs + /// + /// # Safety + /// + /// This will make QEMU start. The calling thread will be running QEMU until an event stops it. + /// This is (at least) as unsafe as running QEMU. + pub unsafe fn start(&mut self) -> Result<(), EmulatorDriverError> { + loop { + let mut exit_result = unsafe { self.run_qemu() }; + + // Handle QEMU exit + if let Some(exit_handler_result) = ED::post_qemu_exec(self, &mut exit_result)? { + match exit_handler_result { + EmulatorDriverResult::ReturnToClient(emulator_exit_result) => { + match emulator_exit_result { + EmulatorExitResult::QemuExit(qemu_shutdown_cause) => { + panic!("QEMU shut down unexpectedly: {qemu_shutdown_cause:?}"); + } + EmulatorExitResult::Breakpoint(_breakpoint) => {} + EmulatorExitResult::CustomInsn(_custom_insn) => {} + EmulatorExitResult::Crash => { + panic!("Unexpected crash") + } + EmulatorExitResult::Timeout => { + panic!("No timeout should happen in start phase") + } + EmulatorExitResult::FuzzingStarts => { + self.started = true; + return Ok(()); + } + } + } + EmulatorDriverResult::ShutdownRequest => {} + EmulatorDriverResult::EndOfRun(_exit_kind) => { + return Err(EmulatorDriverError::EndBeforeStart); + } + } + } + } + } + /// This function will run the emulator until the next breakpoint, or until finish. /// /// # Safety diff --git a/crates/libafl_qemu/src/emu/systemmode.rs b/crates/libafl_qemu/src/emu/systemmode.rs index 53ba53a4a7c..ba711571290 100644 --- a/crates/libafl_qemu/src/emu/systemmode.rs +++ b/crates/libafl_qemu/src/emu/systemmode.rs @@ -4,7 +4,8 @@ use hashbrown::HashMap; use libafl_qemu_sys::GuestPhysAddr; use crate::{ - DeviceSnapshotFilter, Emulator, Qemu, SnapshotId, SnapshotManagerError, + DeviceSnapshotFilter, Emulator, HostMemorySegments, Qemu, QemuMemoryChunk, Regs, SnapshotId, + SnapshotManagerError, emu::{IsSnapshotManager, QemuSnapshotCheckResult}, }; @@ -16,6 +17,42 @@ pub enum SnapshotManager { pub type StdSnapshotManager = FastSnapshotManager; +/// The fuzzing input location. +/// +/// We store the memory location to which the input should be written, +/// and the return register containing the number bytes effectively written. +#[derive(Debug, Clone)] +pub struct InputLocation { + location: HostMemorySegments, + ret_register: Option, +} + +impl InputLocation { + #[must_use] + pub fn new(qemu: Qemu, mem_chunk: &QemuMemoryChunk, ret_register: Option) -> Self { + let location = mem_chunk.to_host_segments(qemu); + + Self { + location, + ret_register, + } + } + + #[must_use] + pub fn location(&self) -> &HostMemorySegments { + &self.location + } + + #[must_use] + pub fn ret_register(&self) -> &Option { + &self.ret_register + } + + pub fn write(&mut self, input: &[u8]) -> usize { + unsafe { self.location.write(input) } + } +} + impl IsSnapshotManager for SnapshotManager { fn save(&mut self, qemu: Qemu) -> SnapshotId { match self { diff --git a/crates/libafl_qemu/src/emu/usermode.rs b/crates/libafl_qemu/src/emu/usermode.rs index 745b89551d8..6ce379678a5 100644 --- a/crates/libafl_qemu/src/emu/usermode.rs +++ b/crates/libafl_qemu/src/emu/usermode.rs @@ -1,10 +1,48 @@ use libafl_bolts::Error; use libafl_qemu_sys::{GuestAddr, MmapPerms, VerifyAccess}; -use crate::{Emulator, GuestMaps, NopSnapshotManager, TargetSignalHandling}; +use crate::{Emulator, GuestMaps, NopSnapshotManager, Regs, TargetSignalHandling}; pub type StdSnapshotManager = NopSnapshotManager; +/// The fuzzing input location. +/// +/// We store the memory location to which the input should be written, +/// and the return register containing the number bytes effectively written. +#[derive(Debug, Clone)] +pub struct InputLocation { + location: Box<[u8]>, + ret_register: Option, +} + +impl InputLocation { + #[must_use] + pub fn new(location: Box<[u8]>, ret_register: Option) -> Self { + Self { + location, + ret_register, + } + } + + pub fn write(&mut self, input: &[u8]) -> usize { + if input.len() < self.location.len() { + self.location[..input.len()].copy_from_slice(input); + input.len() + } else if input.len() > self.location.len() { + self.location.copy_from_slice(&input[..self.location.len()]); + self.location.len() + } else { + self.location.copy_from_slice(input); + input.len() + } + } + + #[must_use] + pub fn ret_register(&self) -> &Option { + &self.ret_register + } +} + impl Emulator { /// This function gets the memory mappings from the emulator. #[must_use] diff --git a/crates/libafl_qemu/src/modules/drcov.rs b/crates/libafl_qemu/src/modules/drcov.rs index 9b48428f83d..f9a52fad0cd 100644 --- a/crates/libafl_qemu/src/modules/drcov.rs +++ b/crates/libafl_qemu/src/modules/drcov.rs @@ -251,7 +251,7 @@ where u64::try_from(m.start()).unwrap(), u64::try_from(m.end()).unwrap(), ), - p.to_string(), + p.clone(), ) }) }) { diff --git a/crates/libafl_qemu/src/modules/usermode/asan_guest.rs b/crates/libafl_qemu/src/modules/usermode/asan_guest.rs index 2fa7e9c2e0f..60759638eb6 100644 --- a/crates/libafl_qemu/src/modules/usermode/asan_guest.rs +++ b/crates/libafl_qemu/src/modules/usermode/asan_guest.rs @@ -1,4 +1,5 @@ #![allow(clippy::cast_possible_wrap)] +#![allow(clippy::unnecessary_cast)] use std::{env, fmt::Debug, fs, ops::Range, path::PathBuf}; @@ -64,12 +65,12 @@ impl AsanGuestModule { pub fn snapshot_filters() -> IntervalSnapshotFilters { IntervalSnapshotFilters::from(vec![IntervalSnapshotFilter::ZeroList(vec![ Range { - start: Self::LOW_SHADOW_START, - end: Self::LOW_SHADOW_END + 1, + start: Self::LOW_SHADOW_START as u64, + end: Self::LOW_SHADOW_END as u64 + 1, }, Range { - start: Self::HIGH_SHADOW_START, - end: Self::HIGH_SHADOW_END + 1, + start: Self::HIGH_SHADOW_START as u64, + end: Self::HIGH_SHADOW_END as u64 + 1, }, ])]) } @@ -119,7 +120,7 @@ where if let Some(asan_mappings) = &h.asan_mappings && asan_mappings .iter() - .any(|m| m.start() <= pc && pc < m.end()) + .any(|m| m.start() <= (pc as u64) && (pc as u64) < m.end()) { return None; } @@ -285,13 +286,19 @@ where let high_shadow = mappings .iter() - .find(|m| m.start() <= Self::HIGH_SHADOW_START && m.end() > Self::HIGH_SHADOW_END) + .find(|m| { + m.start() <= (Self::HIGH_SHADOW_START as u64) + && m.end() > (Self::HIGH_SHADOW_END as u64) + }) .expect("HighShadow not found, confirm ASAN DSO is loaded in the guest"); log::info!("high_shadow: {high_shadow:}"); let low_shadow = mappings .iter() - .find(|m| m.start() <= Self::LOW_SHADOW_START && m.end() > Self::LOW_SHADOW_END) + .find(|m| { + m.start() <= (Self::LOW_SHADOW_START as u64) + && m.end() > (Self::LOW_SHADOW_END as u64) + }) .expect("LowShadow not found, confirm ASAN DSO is loaded in the guest"); log::info!("low_shadow: {low_shadow:}"); diff --git a/crates/libafl_qemu/src/modules/usermode/asan_host.rs b/crates/libafl_qemu/src/modules/usermode/asan_host.rs index d4a92f2155a..f2917d92c94 100644 --- a/crates/libafl_qemu/src/modules/usermode/asan_host.rs +++ b/crates/libafl_qemu/src/modules/usermode/asan_host.rs @@ -1,5 +1,6 @@ #![allow(clippy::cast_possible_wrap)] #![allow(clippy::needless_pass_by_value)] // default compiler complains about Option<&mut T> otherwise, and this is used extensively. +#![allow(clippy::unnecessary_cast)] use core::{fmt, slice}; use std::{ @@ -1202,7 +1203,7 @@ where if let Some(asan_mappings) = &h.asan_mappings && asan_mappings .iter() - .any(|m| m.start() <= pc && pc < m.end()) + .any(|m| m.start() <= (pc as u64) && (pc as u64) < m.end()) { return None; } @@ -1298,7 +1299,7 @@ where if let Some(asan_mappings) = &h.asan_mappings && asan_mappings .iter() - .any(|m| m.start() <= pc && pc < m.end()) + .any(|m| m.start() <= (pc as u64) && (pc as u64) < m.end()) { return Some(0); } diff --git a/crates/libafl_qemu/src/modules/usermode/injections.rs b/crates/libafl_qemu/src/modules/usermode/injections.rs index dc052932e0a..2a2f7e61cb8 100644 --- a/crates/libafl_qemu/src/modules/usermode/injections.rs +++ b/crates/libafl_qemu/src/modules/usermode/injections.rs @@ -30,7 +30,6 @@ use crate::{ }, qemu::{ArchExtras, Hook, SyscallHookResult}, }; - #[cfg(cpu_target = "hexagon")] /// Hexagon syscalls are not currently supported by the `syscalls` crate, so we just paste this here for now. /// @@ -294,7 +293,7 @@ where &mut libs, LibInfo { name: path.clone(), - off: region.start(), + off: region.start() as GuestAddr, }, ); } diff --git a/crates/libafl_qemu/src/modules/usermode/snapshot.rs b/crates/libafl_qemu/src/modules/usermode/snapshot.rs index fd52b1455d3..d96c5b2d163 100644 --- a/crates/libafl_qemu/src/modules/usermode/snapshot.rs +++ b/crates/libafl_qemu/src/modules/usermode/snapshot.rs @@ -1,4 +1,5 @@ #![allow(clippy::needless_pass_by_value)] // default compiler complains about Option<&mut T> otherwise, and this is used extensively. +#![allow(clippy::unnecessary_cast)] use std::{cell::UnsafeCell, mem::MaybeUninit, ops::Range, sync::Mutex}; use hashbrown::{HashMap, HashSet}; @@ -71,7 +72,7 @@ pub struct MemoryRegionInfo { #[derive(Clone, Default, Debug)] pub struct MappingInfo { - pub tree: IntervalTree, + pub tree: IntervalTree, pub size: usize, } @@ -83,9 +84,9 @@ pub struct MappingInfo { #[derive(Debug, Clone)] pub enum IntervalSnapshotFilter { All, - AllowList(Vec>), - DenyList(Vec>), - ZeroList(Vec>), + AllowList(Vec>), + DenyList(Vec>), + ZeroList(Vec>), } #[derive(Clone, Default, Debug)] @@ -108,7 +109,7 @@ impl IntervalSnapshotFilters { } #[must_use] - pub fn to_skip(&self, addr: GuestAddr) -> Option<&Range> { + pub fn to_skip(&self, addr: u64) -> Option<&Range> { for filter in &self.filters { match filter { IntervalSnapshotFilter::All => return None, @@ -130,7 +131,7 @@ impl IntervalSnapshotFilters { } #[must_use] - pub fn to_zero(&self, addr: GuestAddr) -> Option<&Range> { + pub fn to_zero(&self, addr: u64) -> Option<&Range> { for filter in &self.filters { if let IntervalSnapshotFilter::ZeroList(zero_list) = filter { let zero = zero_list.iter().find(|range| range.contains(&addr)); @@ -238,6 +239,8 @@ impl SnapshotModule { self.mmap_start = qemu.get_mmap_start(); self.pages.clear(); for map in qemu.mappings() { + println!("mapping: {map:?}"); + let mut addr = map.start(); while addr < map.end() { let zero = self.interval_filter.to_zero(addr); @@ -247,7 +250,7 @@ impl SnapshotModule { continue; } let mut info = SnapshotPageInfo { - addr, + addr: addr as GuestAddr, perms: map.flags(), private: map.is_priv(), data: None, @@ -256,11 +259,12 @@ impl SnapshotModule { // TODO not just for R pages unsafe { info.data = Some(Box::new(core::mem::zeroed())); - qemu.read_mem_unchecked(addr, &mut info.data.as_mut().unwrap()[..]); + qemu.read_mem(addr as GuestAddr, &mut info.data.as_mut().unwrap()[..]) + .unwrap(); } } - self.pages.insert(addr, info); - addr += SNAPSHOT_PAGE_SIZE as GuestAddr; + self.pages.insert(addr as GuestAddr, info); + addr += SNAPSHOT_PAGE_SIZE as u64; } self.maps.tree.insert( @@ -329,13 +333,13 @@ impl SnapshotModule { addr = range.end; continue; } - if let Some(saved_page) = saved_pages_list.remove(&addr) { + if let Some(saved_page) = saved_pages_list.remove(&(addr as GuestAddr)) { if saved_page.perms.readable() { let mut current_page_content: MaybeUninit<[u8; SNAPSHOT_PAGE_SIZE]> = MaybeUninit::uninit(); if saved_page.perms != map.flags() { - perm_errors.push((addr, saved_page.perms, map.flags())); + perm_errors.push((addr as GuestAddr, saved_page.perms, map.flags())); log::warn!( "\t0x{:x}: Flags do not match: saved is {:?} and current is {:?}", addr, @@ -346,7 +350,7 @@ impl SnapshotModule { unsafe { qemu.read_mem( - addr, + addr as GuestAddr, current_page_content.as_mut_ptr().as_mut().unwrap(), ) .unwrap(); @@ -375,7 +379,7 @@ impl SnapshotModule { offsets.iter().fold(String::new(), |acc, offset| format!( "{}, 0x{:x}", acc, - addr + *offset as GuestAddr + addr + *offset as u64 )) ); content_mismatch = true; @@ -385,7 +389,7 @@ impl SnapshotModule { log::warn!("\tpage not found @addr 0x{addr:x}"); } - addr += SNAPSHOT_PAGE_SIZE as GuestAddr; + addr += SNAPSHOT_PAGE_SIZE as u64; } } @@ -474,7 +478,7 @@ impl SnapshotModule { for acc in &mut self.accesses { unsafe { &mut (*acc.get()) }.dirty.retain(|page| { if let Some(info) = self.pages.get_mut(page) { - if self.interval_filter.to_skip(*page).is_some() { + if self.interval_filter.to_skip(*page as u64).is_some() { if !Self::modify_mapping(qemu, new_maps, *page) { return true; // Restore later } @@ -504,13 +508,13 @@ impl SnapshotModule { for entry in self .maps .tree - .query_mut(*page..(page + SNAPSHOT_PAGE_SIZE as GuestAddr)) + .query_mut((*page as u64)..((*page as u64) + SNAPSHOT_PAGE_SIZE as u64)) { if !entry.value.perms.unwrap_or(MmapPerms::None).writable() && !entry.value.changed { qemu.mprotect( - entry.interval.start, + entry.interval.start as GuestAddr, (entry.interval.end - entry.interval.start) as usize, MmapPerms::ReadWrite, ) @@ -519,7 +523,7 @@ impl SnapshotModule { } } - if self.interval_filter.to_skip(*page).is_some() { + if self.interval_filter.to_skip(*page as u64).is_some() { unsafe { qemu.write_mem_unchecked(*page, &SNAPSHOT_PAGE_ZEROES) }; } else if let Some(info) = self.pages.get_mut(page) { // TODO avoid duplicated memcpy @@ -533,10 +537,10 @@ impl SnapshotModule { unsafe { (*acc.get()).clear() }; } - for entry in self.maps.tree.query_mut(0..GuestAddr::MAX) { + for entry in self.maps.tree.query_mut(0..(GuestAddr::MAX as u64)) { if entry.value.changed { qemu.mprotect( - entry.interval.start, + entry.interval.start as GuestAddr, (entry.interval.end - entry.interval.start) as usize, entry.value.perms.unwrap(), ) @@ -558,11 +562,11 @@ impl SnapshotModule { let mut found = false; for entry in maps .tree - .query_mut(page..(page + SNAPSHOT_PAGE_SIZE as GuestAddr)) + .query_mut((page as u64)..((page as u64) + SNAPSHOT_PAGE_SIZE as u64)) { if !entry.value.perms.unwrap_or(MmapPerms::None).writable() { drop(qemu.mprotect( - entry.interval.start, + entry.interval.start as GuestAddr, (entry.interval.end - entry.interval.start) as usize, MmapPerms::ReadWrite, )); @@ -583,7 +587,7 @@ impl SnapshotModule { self.maps .tree - .query(start..(start + (size as GuestAddr))) + .query((start as u64)..((start as u64) + (size as u64))) .next() .is_none() } @@ -599,7 +603,7 @@ impl SnapshotModule { } let mut mapping = self.new_maps.lock().unwrap(); mapping.tree.insert( - start..(start + (size as GuestAddr)), + (start as u64)..(start as u64 + (size as u64)), MemoryRegionInfo { perms, changed: true, @@ -628,7 +632,7 @@ impl SnapshotModule { } let mut mapping = self.new_maps.lock().unwrap(); - let interval = Interval::new(start, start + (size as GuestAddr)); + let interval = Interval::new(start as u64, start as u64 + (size as u64)); let mut found = vec![]; // TODO optimize for entry in mapping.tree.query(interval) { found.push((*entry.interval, entry.value.perms)); @@ -675,7 +679,7 @@ impl SnapshotModule { let mut mapping = self.new_maps.lock().unwrap(); - let interval = Interval::new(start, start + (size as GuestAddr)); + let interval = Interval::new(start as u64, (start as u64) + (size as u64)); let mut found = vec![]; // TODO optimize for entry in mapping.tree.query(interval) { found.push((*entry.interval, entry.value.perms)); @@ -686,7 +690,7 @@ impl SnapshotModule { mapping.tree.delete(i); for page in (i.start..i.end).step_by(SNAPSHOT_PAGE_SIZE) { - self.page_access_no_cache(page); + self.page_access_no_cache(page as GuestAddr); } if i.start < overlap.start { @@ -713,7 +717,7 @@ impl SnapshotModule { pub fn reset_maps(&mut self, qemu: Qemu) { let new_maps = self.new_maps.get_mut().unwrap(); - for entry in self.maps.tree.query(0..GuestAddr::MAX) { + for entry in self.maps.tree.query(0..(GuestAddr::MAX as u64)) { let mut found = vec![]; // TODO optimize for overlap in new_maps.tree.query(*entry.interval) { found.push(( @@ -726,7 +730,7 @@ impl SnapshotModule { if found.is_empty() { //panic!("A pre-snapshot memory region was unmapped"); qemu.map_fixed( - entry.interval.start, + entry.interval.start as GuestAddr, (entry.interval.end - entry.interval.start) as usize, entry.value.perms.unwrap(), ) @@ -734,7 +738,7 @@ impl SnapshotModule { } else if found.len() == 1 && found[0].0 == *entry.interval { if found[0].1 && found[0].2 != entry.value.perms { qemu.mprotect( - entry.interval.start, + entry.interval.start as GuestAddr, (entry.interval.end - entry.interval.start) as usize, entry.value.perms.unwrap(), ) @@ -743,7 +747,7 @@ impl SnapshotModule { } else { // TODO check for holes qemu.mprotect( - entry.interval.start, + entry.interval.start as GuestAddr, (entry.interval.end - entry.interval.start) as usize, entry.value.perms.unwrap(), ) @@ -756,11 +760,12 @@ impl SnapshotModule { } let mut to_unmap = vec![]; - for entry in new_maps.tree.query(0..GuestAddr::MAX) { + for entry in new_maps.tree.query(0..(GuestAddr::MAX as u64)) { to_unmap.push((*entry.interval, entry.value.changed, entry.value.perms)); } for (i, ..) in to_unmap { - qemu.unmap(i.start, (i.end - i.start) as usize).unwrap(); + qemu.unmap(i.start as GuestAddr, (i.end - i.start) as usize) + .unwrap(); new_maps.tree.delete(i); } diff --git a/crates/libafl_qemu/src/modules/utils/addr2line.rs b/crates/libafl_qemu/src/modules/utils/addr2line.rs index a28bc86b1e1..8d422154af2 100644 --- a/crates/libafl_qemu/src/modules/utils/addr2line.rs +++ b/crates/libafl_qemu/src/modules/utils/addr2line.rs @@ -1,3 +1,4 @@ +#![allow(clippy::unnecessary_cast)] //! Utils for addr2line use std::{borrow::Cow, fmt::Write, fs}; @@ -43,7 +44,7 @@ pub fn is_pie(file: object::File<'_>) -> bool { } pub struct AddressResolver { - ranges: RangeMap, + ranges: RangeMap, images: Vec<(String, Vec)>, resolvers: Vec>, } @@ -68,7 +69,7 @@ impl AddressResolver { let mut resolvers = vec![]; let mut images = vec![]; - let mut ranges: RangeMap = RangeMap::new(); + let mut ranges: RangeMap = RangeMap::new(); for (path, rng) in regions { let data = fs::read(&path); @@ -102,9 +103,13 @@ impl AddressResolver { pub fn resolve(&self, pc: GuestAddr) -> String { let resolve_addr = |addr: GuestAddr| -> String { let mut info = String::new(); - if let Some((range, idx)) = self.ranges.get_key_value(&addr) { + if let Some((range, idx)) = self.ranges.get_key_value(&(addr as u64)) { if let Some((ctx, is_pie)) = self.resolvers[*idx].as_ref() { - let raddr = if *is_pie { addr - range.start } else { addr }; + let raddr = if *is_pie { + addr - (range.start as GuestAddr) + } else { + addr + }; let mut frames = ctx.find_frames(raddr.into()).unwrap().peekable(); let mut fname = None; while let Some(frame) = frames.next().unwrap() { diff --git a/crates/libafl_qemu/src/qemu/mod.rs b/crates/libafl_qemu/src/qemu/mod.rs index 8112f65267d..063bec3b610 100644 --- a/crates/libafl_qemu/src/qemu/mod.rs +++ b/crates/libafl_qemu/src/qemu/mod.rs @@ -1210,6 +1210,45 @@ impl QemuMemoryChunk { Ok(output_sliced.len().try_into().unwrap()) } + /// Interpret the VM memory chunk as a host slice. + /// + /// If the underlying memory cannot be represented as a slice + /// (for example, if the memory is fragmented in the host address space), + /// [`None`] is returned. + #[cfg(feature = "systemmode")] + pub fn to_phys_mem_chunk(&self, qemu: Qemu) -> Option { + match self.addr { + GuestAddrKind::Physical(paddr) => Some(PhysMemoryChunk::new( + paddr, + self.size as usize, + qemu, + self.cpu.or_else(|| qemu.current_cpu())?, + )), + + GuestAddrKind::Virtual(start_vaddr) => { + let start_paddr = self.cpu.unwrap().get_phys_addr(start_vaddr)?; + let page_size = qemu.target_page_size() as GuestVirtAddr; + + for offset in (0..self.size as GuestVirtAddr).step_by(page_size) { + let vaddr = start_vaddr + offset as GuestVirtAddr; + let paddr = self.cpu.unwrap().get_phys_addr(vaddr)?; + + if paddr != start_paddr + offset as GuestPhysAddr { + // non contiguous memory + return None; + } + } + + Some(PhysMemoryChunk::new( + start_paddr, + self.size as usize, + qemu, + self.cpu.unwrap(), + )) + } + } + } + pub fn read_vec(&self, qemu: Qemu) -> Result, QemuRWError> { // # Safety // This is safe because we read exactly `self.size` bytes from QEMU. diff --git a/crates/libafl_qemu/src/qemu/systemmode.rs b/crates/libafl_qemu/src/qemu/systemmode.rs index b5b6fc38c7c..547558f1f20 100644 --- a/crates/libafl_qemu/src/qemu/systemmode.rs +++ b/crates/libafl_qemu/src/qemu/systemmode.rs @@ -1,16 +1,15 @@ use std::{ + cmp::min, ffi::{CStr, CString, c_void}, - marker::PhantomData, mem::MaybeUninit, - ptr::null_mut, + ptr::{NonNull, copy_nonoverlapping, null_mut}, slice, }; -use bytes_utils::SegmentedBuf; use libafl_qemu_sys::{ GuestAddr, GuestPhysAddr, GuestUsize, GuestVirtAddr, libafl_load_qemu_snapshot, - libafl_page_from_addr, libafl_qemu_current_paging_id, libafl_save_qemu_snapshot, qemu_cleanup, - qemu_main_loop, vm_start, + libafl_page_from_addr, libafl_qemu_current_paging_id, libafl_qemu_run, + libafl_save_qemu_snapshot, qemu_cleanup, }; use libc::EXIT_SUCCESS; use num_traits::Zero; @@ -41,20 +40,40 @@ pub struct PhysMemoryChunk { cpu: CPU, } +/// A contiguous chunk of host memory. +/// We need a different type than normal slices because all the rules for slices are not enforced. +/// The memory region is shared with QEMU (and so, the underlying VM), so we must make sure the +/// write is correctly handled (it must be totally issued before returning to QEMU). +#[derive(Debug, Clone)] +pub struct HostMemoryChunk { + addr: *mut u8, + size: usize, +} + +/// A segmented chunk of host memory. +/// It contains all the host memory chunks representing the whole memory location. +/// +/// This structure is only valid for the lifetime of the underlying memory. +/// Since we cannot know when the VM memory will be invalidated, the user is +/// responsible for making sure the segments are still valid. +#[derive(Debug, Clone)] +pub struct HostMemorySegments { + segments: Vec, +} + pub struct PhysMemoryIter { addr: GuestAddrKind, // This address is correct when the iterator enters next, except if the remaining len is 0 remaining_len: usize, qemu: Qemu, cpu: CPU, } - +// #[expect(dead_code)] -pub struct HostMemoryIter<'a> { +pub struct HostMemoryIter { addr: GuestPhysAddr, // This address is correct when the iterator enters next, except if the remaining len is 0 remaining_len: usize, qemu: Qemu, cpu: CPU, - phantom: PhantomData<&'a ()>, } impl DeviceSnapshotFilter { @@ -96,10 +115,10 @@ impl CPU { page as GuestVirtAddr, attrs.as_mut_ptr(), ); - let mask = Qemu::get_unchecked().target_page_mask(); + let mask = Qemu::get_unchecked().target_page_offset_mask(); let offset = (vaddr & (mask as GuestVirtAddr)) as GuestPhysAddr; - #[expect(clippy::cast_sign_loss)] - if paddr == (-1i64 as GuestPhysAddr) { + + if paddr == u64::MAX { None } else { Some(paddr + offset) @@ -178,6 +197,10 @@ impl CPU { ); } } + + pub fn host_addr(&self, addr: GuestPhysAddr) -> *const u8 { + unsafe { libafl_qemu_sys::libafl_paddr2host(self.cpu_ptr, addr, false) } + } } #[expect(clippy::unused_self)] @@ -221,8 +244,7 @@ impl Qemu { #[expect(clippy::trivially_copy_pass_by_ref)] pub(super) unsafe fn run_inner(&self) { unsafe { - vm_start(); - qemu_main_loop(); + libafl_qemu_run(); } } @@ -306,20 +328,31 @@ impl Qemu { } } + /// Get the size in bytes of a guest page. #[must_use] pub fn target_page_size(&self) -> usize { - unsafe { libafl_qemu_sys::qemu_target_page_size() } + unsafe { libafl_qemu_sys::libafl_target_page_size() } } + /// Get the mask of a guest page. + /// This will return the mask for the page part of the address, + /// not the offset. #[must_use] pub fn target_page_mask(&self) -> usize { - unsafe { libafl_qemu_sys::qemu_target_page_mask() as usize } + unsafe { libafl_qemu_sys::libafl_target_page_mask() as usize } + } + + /// Get the mask of a guest page's offset. + /// This will return the mask for the offset part of the address. + #[must_use] + pub fn target_page_offset_mask(&self) -> usize { + unsafe { libafl_qemu_sys::libafl_target_page_offset_mask() as usize } } } impl QemuMemoryChunk { #[must_use] - pub fn phys_iter(&self, qemu: Qemu) -> PhysMemoryIter { + pub fn phys_iter(&self, qemu: Qemu) -> impl Iterator { PhysMemoryIter { addr: self.addr, remaining_len: self.size as usize, @@ -334,7 +367,7 @@ impl QemuMemoryChunk { #[expect(clippy::map_flatten)] #[must_use] - pub fn host_iter(&self, qemu: Qemu) -> Box> { + pub fn host_iter(&self, qemu: Qemu) -> impl Iterator { Box::new( self.phys_iter(qemu) .map(move |phys_mem_chunk| HostMemoryIter { @@ -342,16 +375,61 @@ impl QemuMemoryChunk { remaining_len: phys_mem_chunk.size, qemu, cpu: phys_mem_chunk.cpu, - phantom: PhantomData, }) .flatten() .into_iter(), ) } - #[must_use] - pub fn to_host_segmented_buf(&self, qemu: Qemu) -> SegmentedBuf<&[u8]> { - self.host_iter(qemu).collect() + /// Interpret the VM memory chunk as multiple host memory segments. + /// + /// This will take into account possible physical memory fragmentation. + pub fn to_host_segments(&self, qemu: Qemu) -> HostMemorySegments { + let segments: Vec = self.host_iter(qemu).collect(); + + HostMemorySegments::new(segments) + } +} + +impl HostMemoryChunk { + pub fn write(&self, buf: &[u8]) -> usize { + let write_len = min(buf.len(), self.size); + + unsafe { + // TODO: replace with volatile_copy_nonoverlapping when stabilized. + // check if write_volatile can generate something as efficient as that. + copy_nonoverlapping(buf.as_ptr(), self.addr, write_len); + } + + write_len + } +} + +impl HostMemorySegments { + pub fn new(segments: Vec) -> Self { + Self { segments } + } + + /// Write a buffer into the VM memory segments. + /// + /// # Safety + /// + /// The memory location must be valid when calling this function. + /// In particular, the VM must not have invalidated the memory location. + /// Also, the VM must not assume the memory location is "private" (meaning + /// is can only be touched by the program itself). In most cases it means + /// the memory must be considered as *volatile*, as if it was a DMA region. + pub unsafe fn write(&self, buf: &[u8]) -> usize { + let mut total_written = 0; + + for segment in &self.segments { + total_written += segment.write(&buf[total_written..]); + if total_written == buf.len() { + return total_written; + } + } + + total_written } } @@ -365,17 +443,56 @@ impl PhysMemoryChunk { cpu, } } + + /// Convert a physical memory chunk into a host memory chunk. + // TODO: allow multiple host chunks + pub fn to_host_chunk(&self) -> Option { + let addr = self.addr_host_ptr_mut()?; + + Some(HostMemoryChunk { + addr: addr.as_ptr(), + size: self.size, + }) + } + + pub fn addr_host_ptr(&self) -> Option<*const u8> { + let host_addr: *const u8 = + unsafe { libafl_qemu_sys::libafl_paddr2host(self.cpu.cpu_ptr, self.addr, false) }; + + Some(host_addr) + } + + pub fn addr_host_ptr_mut(&self) -> Option> { + let host_addr: *mut u8 = + unsafe { libafl_qemu_sys::libafl_paddr2host(self.cpu.cpu_ptr, self.addr, true) }; + + NonNull::new(host_addr) + } + + pub fn as_host_slice(&self) -> Option<&[u8]> { + let host_ptr = self.addr_host_ptr()?; + Some(unsafe { slice::from_raw_parts(host_ptr, self.size) }) + } + + pub fn as_host_slice_mut(&self) -> Option<&mut [u8]> { + let mut host_ptr = self.addr_host_ptr_mut()?; + Some(unsafe { slice::from_raw_parts_mut(host_ptr.as_mut(), self.size) }) + } + + pub fn size(&self) -> usize { + self.size + } } -impl<'a> Iterator for HostMemoryIter<'a> { - type Item = &'a [u8]; +impl Iterator for HostMemoryIter { + type Item = HostMemoryChunk; fn next(&mut self) -> Option { if self.remaining_len.is_zero() { None } else { // Host memory allocation is always host-page aligned, so we can freely go from host page to host page. - let start_host_addr: *const u8 = + let start_host_addr: *mut u8 = unsafe { libafl_qemu_sys::libafl_paddr2host(self.cpu.cpu_ptr, self.addr, false) }; let host_page_size = Qemu::get().unwrap().host_page_size(); let mut size_taken: usize = std::cmp::min( @@ -394,7 +511,10 @@ impl<'a> Iterator for HostMemoryIter<'a> { // Non-contiguous, we stop here for the slice if next_page_host_addr != start_host_addr { - unsafe { return Some(slice::from_raw_parts(start_host_addr, size_taken)) } + return Some(HostMemoryChunk { + addr: start_host_addr, + size: size_taken, + }); } // The host memory is contiguous, we can widen the slice up to the next host page @@ -407,7 +527,10 @@ impl<'a> Iterator for HostMemoryIter<'a> { // We finished to explore the memory, return the last slice. assert_eq!(self.remaining_len, 0); - unsafe { return Some(slice::from_raw_parts(start_host_addr, size_taken)) } + Some(HostMemoryChunk { + addr: start_host_addr, + size: size_taken, + }) } } } @@ -428,7 +551,9 @@ impl Iterator for PhysMemoryIter { return Some(PhysMemoryChunk::new(*paddr, sz, self.qemu, self.cpu)); } }; - let start_phys_addr: GuestPhysAddr = self.cpu.get_phys_addr(*vaddr)?; + let start_phys_addr: GuestPhysAddr = self.cpu.get_phys_addr(*vaddr).expect(format!( + "Could not translate the virtual address {vaddr:#x} into a valid physical address." + ).as_str()); let phys_page_size = self.qemu.target_page_size(); // TODO: Turn this into a generic function @@ -442,7 +567,9 @@ impl Iterator for PhysMemoryIter { // Now self.addr is host-page aligned while self.remaining_len > 0 { - let next_page_phys_addr: GuestPhysAddr = self.cpu.get_phys_addr(*vaddr)?; + let next_page_phys_addr: GuestPhysAddr = self.cpu.get_phys_addr(*vaddr).expect(format!( + "Could not translate the virtual address {vaddr:#x} into a valid physical address." + ).as_str()); // Non-contiguous, we stop here for the slice if next_page_phys_addr != start_phys_addr { diff --git a/fuzzers/baby/baby_fuzzer_unicode/Cargo.lock b/fuzzers/baby/baby_fuzzer_unicode/Cargo.lock index ebc737deab5..695ca56074f 100644 --- a/fuzzers/baby/baby_fuzzer_unicode/Cargo.lock +++ b/fuzzers/baby/baby_fuzzer_unicode/Cargo.lock @@ -58,7 +58,7 @@ checksum = "ace50bade8e6234aa140d9a2f552bbee1db4d353f69b8217bc503490fc1a9f26" [[package]] name = "baby_fuzzer_unicode" -version = "0.15.2" +version = "0.15.4" dependencies = [ "libafl", "libafl_bolts", @@ -82,11 +82,22 @@ dependencies = [ [[package]] name = "bincode" -version = "1.3.3" +version = "2.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b1f45e9417d87227c7a56d22e471c6206462cba514c7590c09aff4cf6d1ddcad" +checksum = "36eaf5d7b090263e8150820482d5d93cd964a81e4019913c972f4edcc6edb740" dependencies = [ + "bincode_derive", "serde", + "unty", +] + +[[package]] +name = "bincode_derive" +version = "2.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bf95709a440f45e986983918d0e8a1f30a9b1df04918fc828670606804ac3c09" +dependencies = [ + "virtue", ] [[package]] @@ -399,13 +410,13 @@ dependencies = [ [[package]] name = "fastbloom" -version = "0.9.0" +version = "0.14.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "27cea6e7f512d43b098939ff4d5a5d6fe3db07971e1d05176fe26c642d33f5b8" +checksum = "18c1ddb9231d8554c2d6bdf4cfaabf0c59251658c68b6c95cd52dd0c513a912a" dependencies = [ "getrandom", + "libm", "siphasher", - "wide 0.7.32 (registry+https://github.com/rust-lang/crates.io-index)", ] [[package]] @@ -544,7 +555,7 @@ dependencies = [ [[package]] name = "libafl" -version = "0.15.2" +version = "0.15.4" dependencies = [ "ahash", "arbitrary-int", @@ -583,7 +594,7 @@ dependencies = [ [[package]] name = "libafl_bolts" -version = "0.15.2" +version = "0.15.4" dependencies = [ "ahash", "backtrace", @@ -592,6 +603,7 @@ dependencies = [ "hashbrown 0.14.5", "hostname", "libafl_derive", + "libafl_wide", "libc", "log", "mach2", @@ -609,7 +621,6 @@ dependencies = [ "typeid", "uds", "uuid", - "wide 0.7.32 (git+https://github.com/Lokathor/wide?rev=71b5df0b2620da753836fafce5f99076181a49fe)", "winapi", "windows", "windows-result", @@ -618,13 +629,23 @@ dependencies = [ [[package]] name = "libafl_derive" -version = "0.15.2" +version = "0.15.4" dependencies = [ "proc-macro2", "quote", "syn", ] +[[package]] +name = "libafl_wide" +version = "0.7.33" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b2f28d525f6e361b6cd55c0da5347027860a902d638d15194c16dc2f39a5ba9f" +dependencies = [ + "bytemuck", + "safe_arch", +] + [[package]] name = "libc" version = "0.2.172" @@ -682,9 +703,9 @@ dependencies = [ [[package]] name = "mach2" -version = "0.4.2" +version = "0.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "19b955cdeb2a02b9117f121ce63aa52d08ade45de53e48fe6a38b39c10f6f709" +checksum = "6a1b95cd5421ec55b445b5ae102f5ea0e768de1f82bd3001e11f426c269c3aea" dependencies = [ "libc", ] @@ -697,9 +718,9 @@ checksum = "78ca9ab1a0babb1e7d5695e3530886289c18cf2f87ec19a575a0abdce112e3a3" [[package]] name = "meminterval" -version = "0.4.1" +version = "0.4.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c6f8614cf855d251be1c2138d330c04f134923fddec0dcfc8b6f58ac499bf248" +checksum = "8e0f9a537564310a87dc77d5c88a407e27dd0aa740e070f0549439cfcc68fcfd" dependencies = [ "num-traits", "serde", @@ -737,9 +758,9 @@ dependencies = [ [[package]] name = "nix" -version = "0.29.0" +version = "0.30.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "71e2746dc3a24dd78b3cfcb7be93368c6de9963d30f43a6a73998a9cf4b17b46" +checksum = "74523f3a35e05aba87a1d978330aef40f67b0304ac79c1c00b294c9830543db6" dependencies = [ "bitflags", "cfg-if", @@ -1233,6 +1254,12 @@ version = "0.2.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ebc1c04c71510c7f702b52b7c350734c9ff1295c464a03335b00bb84fc54f853" +[[package]] +name = "unty" +version = "0.0.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6d49784317cd0d1ee7ec5c716dd598ec5b4483ea832a2dced265471cc0f690ae" + [[package]] name = "uuid" version = "1.17.0" @@ -1251,6 +1278,12 @@ version = "0.9.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0b928f33d975fc6ad9f86c8f283853ad26bdd5b10b7f1542aa2fa15e2289105a" +[[package]] +name = "virtue" +version = "0.0.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "051eb1abcf10076295e815102942cc58f9d5e3b4560e46e53c21e8ff6f3af7b1" + [[package]] name = "wait-timeout" version = "0.2.1" @@ -1333,25 +1366,6 @@ dependencies = [ "unicode-ident", ] -[[package]] -name = "wide" -version = "0.7.32" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "41b5576b9a81633f3e8df296ce0063042a73507636cbe956c61133dd7034ab22" -dependencies = [ - "bytemuck", - "safe_arch", -] - -[[package]] -name = "wide" -version = "0.7.32" -source = "git+https://github.com/Lokathor/wide?rev=71b5df0b2620da753836fafce5f99076181a49fe#71b5df0b2620da753836fafce5f99076181a49fe" -dependencies = [ - "bytemuck", - "safe_arch", -] - [[package]] name = "winapi" version = "0.3.9" diff --git a/fuzzers/binary_only/qemu_cmin/Justfile b/fuzzers/binary_only/qemu_cmin/Justfile index 96744f68e4b..ee5782fe716 100644 --- a/fuzzers/binary_only/qemu_cmin/Justfile +++ b/fuzzers/binary_only/qemu_cmin/Justfile @@ -21,6 +21,7 @@ harness: libpng $CROSS_CFLAGS \ "{{TARGET_DIR}}/build-png/.libs/libpng16.a" \ "{{TARGET_DIR}}/build-zlib/libz.a" \ + -I"{{DEPS_DIR}}/libpng-1.6.37" \ -I"{{TARGET_DIR}}/build-png" \ -I"{{TARGET_DIR}}/build-zlib/zlib/lib" \ -L"{{TARGET_DIR}}/build-zlib/zlib/lib" \ diff --git a/fuzzers/binary_only/qemu_coverage/Cargo.lock b/fuzzers/binary_only/qemu_coverage/Cargo.lock index e3f49a8abd3..27bce04b7a7 100644 --- a/fuzzers/binary_only/qemu_coverage/Cargo.lock +++ b/fuzzers/binary_only/qemu_coverage/Cargo.lock @@ -7,12 +7,21 @@ name = "addr2line" version = "0.24.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "dfbe277e56a376000877090da837660b4427aad530e3028d44e0bffe4f89a1c1" +dependencies = [ + "gimli 0.31.1", +] + +[[package]] +name = "addr2line" +version = "0.25.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9acbfca36652500c911ddb767ed433e3ed99b032b5d935be73c6923662db1d43" dependencies = [ "cpp_demangle", "fallible-iterator", - "gimli", + "gimli 0.32.0", "memmap2", - "object", + "object 0.37.3", "rustc-demangle", "smallvec", "typed-arena", @@ -161,29 +170,40 @@ version = "0.3.75" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6806a6321ec58106fea15becdad98371e28d92ccbc7c8f1b3b6dd724fe8f1002" dependencies = [ - "addr2line", + "addr2line 0.24.2", "cfg-if", "libc", "miniz_oxide", - "object", + "object 0.36.7", "rustc-demangle", "windows-targets 0.52.6", ] [[package]] name = "bincode" -version = "1.3.3" +version = "2.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b1f45e9417d87227c7a56d22e471c6206462cba514c7590c09aff4cf6d1ddcad" +checksum = "36eaf5d7b090263e8150820482d5d93cd964a81e4019913c972f4edcc6edb740" dependencies = [ + "bincode_derive", "serde", + "unty", +] + +[[package]] +name = "bincode_derive" +version = "2.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bf95709a440f45e986983918d0e8a1f30a9b1df04918fc828670606804ac3c09" +dependencies = [ + "virtue", ] [[package]] name = "bindgen" -version = "0.71.1" +version = "0.72.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5f58bf3d7db68cfbac37cfc485a8d711e87e064c3d0fe0435b92f7a407f9d6b3" +checksum = "4f72209734318d0b619a5e0f5129918b848c416e122a3c4ce054e03cb87b726f" dependencies = [ "bitflags", "cexpr", @@ -449,6 +469,15 @@ dependencies = [ "roff", ] +[[package]] +name = "cmake" +version = "0.1.54" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e7caa3f9de89ddbe2c607f4101924c5abec803763ae9534e4f4d7d8f84aa81f0" +dependencies = [ + "cc", +] + [[package]] name = "cobs" version = "0.2.3" @@ -583,7 +612,7 @@ version = "3.4.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "46f93780a459b7d656ef7f071fe699c4d3d2cb201c4b24d085b6ddc505276e73" dependencies = [ - "nix 0.30.1", + "nix", "windows-sys", ] @@ -843,13 +872,13 @@ checksum = "2acce4a10f12dc2fb14a218589d4f1f62ef011b2d0cc4b3cb1bba8e94da14649" [[package]] name = "fastbloom" -version = "0.9.0" +version = "0.14.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "27cea6e7f512d43b098939ff4d5a5d6fe3db07971e1d05176fe26c642d33f5b8" +checksum = "18c1ddb9231d8554c2d6bdf4cfaabf0c59251658c68b6c95cd52dd0c513a912a" dependencies = [ "getrandom 0.3.3", + "libm", "siphasher", - "wide 0.7.32 (registry+https://github.com/rust-lang/crates.io-index)", ] [[package]] @@ -928,9 +957,9 @@ dependencies = [ [[package]] name = "getset" -version = "0.1.5" +version = "0.1.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f3586f256131df87204eb733da72e3d3eb4f343c639f4b7be279ac7c48baeafe" +checksum = "9cf0fc11e47561d47397154977bc219f4cf809b2974facc3ccb3b89e2436f912" dependencies = [ "proc-macro-error2", "proc-macro2", @@ -943,6 +972,12 @@ name = "gimli" version = "0.31.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "07e28edb80900c19c28f1072f2e8aeca7fa06b23cd4169cefe1af5aa3260783f" + +[[package]] +name = "gimli" +version = "0.32.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "93563d740bc9ef04104f9ed6f86f1e3275c2cdafb95664e26584b9ca807a8ffe" dependencies = [ "fallible-iterator", "stable_deref_trait", @@ -969,9 +1004,9 @@ checksum = "a8d1add55171497b4705a648c6b583acafb01d58050a51727785f0b2c8e0a2b2" [[package]] name = "goblin" -version = "0.9.3" +version = "0.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "daa0a64d21a7eb230583b4c5f4e23b7e4e57974f96620f42a7e75e08ae66d745" +checksum = "0e961b33649994dcf69303af6b3a332c1228549e604d455d61ec5d2ab5e68d3a" dependencies = [ "log", "plain", @@ -1296,7 +1331,7 @@ checksum = "441225017b106b9f902e97947a6d31e44ebcf274b91bdbfb51e5c477fcd468e5" [[package]] name = "libafl" -version = "0.15.2" +version = "0.15.4" dependencies = [ "ahash", "arbitrary-int", @@ -1314,7 +1349,7 @@ dependencies = [ "libm", "log", "meminterval", - "nix 0.29.0", + "nix", "num-traits", "postcard", "regex", @@ -1332,7 +1367,7 @@ dependencies = [ [[package]] name = "libafl_bolts" -version = "0.15.2" +version = "0.15.4" dependencies = [ "ahash", "backtrace", @@ -1341,11 +1376,12 @@ dependencies = [ "hashbrown 0.14.5", "hostname", "libafl_derive", + "libafl_wide", "libc", "log", "mach2", "miniz_oxide", - "nix 0.29.0", + "nix", "num_enum", "once_cell", "postcard", @@ -1358,7 +1394,6 @@ dependencies = [ "typeid", "uds", "uuid", - "wide 0.7.32 (git+https://github.com/Lokathor/wide?rev=71b5df0b2620da753836fafce5f99076181a49fe)", "winapi", "windows 0.59.0", "windows-result 0.3.4", @@ -1367,7 +1402,7 @@ dependencies = [ [[package]] name = "libafl_derive" -version = "0.15.2" +version = "0.15.4" dependencies = [ "proc-macro2", "quote", @@ -1376,9 +1411,9 @@ dependencies = [ [[package]] name = "libafl_qemu" -version = "0.15.2" +version = "0.15.4" dependencies = [ - "addr2line", + "addr2line 0.25.0", "bindgen", "bytes-utils", "capstone", @@ -1395,13 +1430,12 @@ dependencies = [ "libafl_qemu_sys", "libafl_targets", "libc", + "libvharness_sys", "log", "meminterval", - "memmap2", - "num-derive", "num-traits", "num_enum", - "object", + "object 0.37.3", "paste", "rangemap", "rustversion", @@ -1412,13 +1446,12 @@ dependencies = [ "syscall-numbers", "thread_local", "toml", - "typed-arena", "typed-builder", ] [[package]] name = "libafl_qemu_build" -version = "0.15.2" +version = "0.15.4" dependencies = [ "bindgen", "cc", @@ -1433,7 +1466,7 @@ dependencies = [ [[package]] name = "libafl_qemu_sys" -version = "0.15.2" +version = "0.15.4" dependencies = [ "libafl_qemu_build", "libc", @@ -1446,7 +1479,7 @@ dependencies = [ [[package]] name = "libafl_targets" -version = "0.15.2" +version = "0.15.4" dependencies = [ "bindgen", "cc", @@ -1455,13 +1488,23 @@ dependencies = [ "libafl_bolts", "libc", "log", - "nix 0.29.0", + "nix", "once_cell", "rangemap", "rustversion", "serde", ] +[[package]] +name = "libafl_wide" +version = "0.7.33" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b2f28d525f6e361b6cd55c0da5347027860a902d638d15194c16dc2f39a5ba9f" +dependencies = [ + "bytemuck", + "safe_arch", +] + [[package]] name = "libc" version = "0.2.172" @@ -1506,6 +1549,14 @@ dependencies = [ "libc", ] +[[package]] +name = "libvharness_sys" +version = "0.15.4" +dependencies = [ + "bindgen", + "cmake", +] + [[package]] name = "libz-sys" version = "1.1.22" @@ -1548,9 +1599,9 @@ checksum = "13dc2df351e3202783a1fe0d44375f7295ffb4049267b0f3018346dc122a1d94" [[package]] name = "mach2" -version = "0.4.2" +version = "0.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "19b955cdeb2a02b9117f121ce63aa52d08ade45de53e48fe6a38b39c10f6f709" +checksum = "6a1b95cd5421ec55b445b5ae102f5ea0e768de1f82bd3001e11f426c269c3aea" dependencies = [ "libc", ] @@ -1563,9 +1614,9 @@ checksum = "78ca9ab1a0babb1e7d5695e3530886289c18cf2f87ec19a575a0abdce112e3a3" [[package]] name = "meminterval" -version = "0.4.1" +version = "0.4.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c6f8614cf855d251be1c2138d330c04f134923fddec0dcfc8b6f58ac499bf248" +checksum = "8e0f9a537564310a87dc77d5c88a407e27dd0aa740e070f0549439cfcc68fcfd" dependencies = [ "num-traits", "serde", @@ -1604,19 +1655,6 @@ dependencies = [ "adler2", ] -[[package]] -name = "nix" -version = "0.29.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "71e2746dc3a24dd78b3cfcb7be93368c6de9963d30f43a6a73998a9cf4b17b46" -dependencies = [ - "bitflags", - "cfg-if", - "cfg_aliases", - "libc", - "memoffset", -] - [[package]] name = "nix" version = "0.30.1" @@ -1627,6 +1665,7 @@ dependencies = [ "cfg-if", "cfg_aliases", "libc", + "memoffset", ] [[package]] @@ -1654,17 +1693,6 @@ version = "0.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "51d515d32fb182ee37cda2ccdcb92950d6a3c2893aa280e540671c2cd0f3b1d9" -[[package]] -name = "num-derive" -version = "0.4.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ed3955f1a9c7c0c15e092f9c887db08b1fc683305fdf6eb6684f22555355e202" -dependencies = [ - "proc-macro2", - "quote", - "syn", -] - [[package]] name = "num-traits" version = "0.2.19" @@ -1728,6 +1756,15 @@ name = "object" version = "0.36.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "62948e14d923ea95ea2c7c86c71013138b66525b86bdc08d2dcc262bdb497b87" +dependencies = [ + "memchr", +] + +[[package]] +name = "object" +version = "0.37.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ff76201f031d8863c38aa7f905eca4f53abbfa15f609db4277d44cd8938f33fe" dependencies = [ "flate2", "memchr", @@ -1902,7 +1939,7 @@ dependencies = [ [[package]] name = "qemu_coverage" -version = "0.15.2" +version = "0.15.4" dependencies = [ "clap", "env_logger", @@ -2072,9 +2109,9 @@ checksum = "8a0d197bd2c9dc6e53b84da9556a69ba4cdfab8619eb41a8bd1cc2027a0f6b1d" [[package]] name = "ruzstd" -version = "0.7.3" +version = "0.8.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fad02996bfc73da3e301efe90b1837be9ed8f4a462b6ed410aa35d00381de89f" +checksum = "3640bec8aad418d7d03c72ea2de10d5c646a598f9883c7babc160d91e3c1b26c" dependencies = [ "twox-hash", ] @@ -2111,18 +2148,18 @@ checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49" [[package]] name = "scroll" -version = "0.12.0" +version = "0.13.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6ab8598aa408498679922eff7fa985c25d58a90771bd6be794434c5277eab1a6" +checksum = "c1257cd4248b4132760d6524d6dda4e053bc648c9070b960929bf50cfb1e7add" dependencies = [ "scroll_derive", ] [[package]] name = "scroll_derive" -version = "0.12.1" +version = "0.13.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1783eabc414609e28a5ba76aee5ddd52199f7107a0b24c2e9746a1ecc34a683d" +checksum = "22fc4f90c27b57691bbaf11d8ecc7cfbfe98a4da6dbe60226115d322aa80c06e" dependencies = [ "proc-macro2", "quote", @@ -2178,9 +2215,9 @@ dependencies = [ [[package]] name = "serde_spanned" -version = "0.6.8" +version = "1.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "87607cb1398ed59d48732e575a4c28a7a8ebf2454b964fe3f224f2afc07909e1" +checksum = "40734c41988f7306bb04f0ecf60ec0f3f1caa34290e4e8ea471dcd3346483b83" dependencies = [ "serde", ] @@ -2317,23 +2354,22 @@ checksum = "7da8b5736845d9f2fcb837ea5d9e2628564b3b043a70948a3f0b778838c5fb4f" [[package]] name = "strum" -version = "0.27.1" +version = "0.27.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f64def088c51c9510a8579e3c5d67c65349dcf755e5479ad3d010aa6454e2c32" +checksum = "af23d6f6c1a224baef9d3f61e287d2761385a5b88fdab4eb4c6f11aeb54c4bcf" dependencies = [ "strum_macros", ] [[package]] name = "strum_macros" -version = "0.27.1" +version = "0.27.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c77a8c5abcaf0f9ce05d62342b7d298c346515365c36b673df4ebe3ced01fde8" +checksum = "7695ce3845ea4b33927c055a39dc438a45b059f7c1b3d91d38d10355fb8cbca7" dependencies = [ "heck", "proc-macro2", "quote", - "rustversion", "syn", ] @@ -2429,12 +2465,11 @@ dependencies = [ [[package]] name = "thread_local" -version = "1.1.8" +version = "1.1.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8b9ef9bad013ada3808854ceac7b46812a6465ba368859a37e2100283d2d719c" +checksum = "f60246a4944f24f6e018aa17cdeffb7818b76356965d03b07d6a9886e8962185" dependencies = [ "cfg-if", - "once_cell", ] [[package]] @@ -2482,14 +2517,17 @@ dependencies = [ [[package]] name = "toml" -version = "0.8.22" +version = "0.9.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "05ae329d1f08c4d17a59bed7ff5b5a769d062e64a62d34a3261b219e62cd5aae" +checksum = "75129e1dc5000bfbaa9fee9d1b21f974f9fbad9daec557a521ee6e080825f6e8" dependencies = [ + "indexmap", "serde", "serde_spanned", - "toml_datetime", - "toml_edit", + "toml_datetime 0.7.0", + "toml_parser", + "toml_writer", + "winnow", ] [[package]] @@ -2497,6 +2535,12 @@ name = "toml_datetime" version = "0.6.9" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3da5db5a963e24bc68be8b17b6fa82814bb22ee8660f192bb182771d498f09a3" + +[[package]] +name = "toml_datetime" +version = "0.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bade1c3e902f58d73d3f294cd7f20391c1cb2fbcb643b73566bc773971df91e3" dependencies = [ "serde", ] @@ -2508,18 +2552,24 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "310068873db2c5b3e7659d2cc35d21855dbafa50d1ce336397c666e3cb08137e" dependencies = [ "indexmap", - "serde", - "serde_spanned", - "toml_datetime", - "toml_write", + "toml_datetime 0.6.9", "winnow", ] [[package]] -name = "toml_write" -version = "0.1.1" +name = "toml_parser" +version = "1.0.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bfb942dfe1d8e29a7ee7fcbde5bd2b9a25fb89aa70caea2eba3bee836ff41076" +checksum = "b551886f449aa90d4fe2bdaa9f4a2577ad2dde302c61ecf262d80b116db95c10" +dependencies = [ + "winnow", +] + +[[package]] +name = "toml_writer" +version = "1.0.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fcc842091f2def52017664b53082ecbbeb5c7731092bad69d2c63050401dfd64" [[package]] name = "tuple_list" @@ -2529,13 +2579,9 @@ checksum = "141fb9f71ee586d956d7d6e4d5a9ef8e946061188520140f7591b668841d502e" [[package]] name = "twox-hash" -version = "1.6.3" +version = "2.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "97fee6b57c6a41524a810daee9286c02d7752c4253064d0b05472833a438f675" -dependencies = [ - "cfg-if", - "static_assertions", -] +checksum = "8b907da542cbced5261bd3256de1b3a1bf340a3d37f93425a07362a1d687de56" [[package]] name = "typed-arena" @@ -2614,6 +2660,12 @@ version = "0.2.11" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "673aac59facbab8a9007c7f6108d11f63b603f7cabff99fabf650fea5c32b861" +[[package]] +name = "unty" +version = "0.0.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6d49784317cd0d1ee7ec5c716dd598ec5b4483ea832a2dced265471cc0f690ae" + [[package]] name = "url" version = "2.5.4" @@ -2704,6 +2756,12 @@ version = "0.9.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0b928f33d975fc6ad9f86c8f283853ad26bdd5b10b7f1542aa2fa15e2289105a" +[[package]] +name = "virtue" +version = "0.0.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "051eb1abcf10076295e815102942cc58f9d5e3b4560e46e53c21e8ff6f3af7b1" + [[package]] name = "wait-timeout" version = "0.2.1" @@ -2788,35 +2846,15 @@ dependencies = [ [[package]] name = "which" -version = "7.0.3" +version = "8.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "24d643ce3fd3e5b54854602a080f34fb10ab75e0b813ee32d00ca2b44fa74762" +checksum = "d3fabb953106c3c8eea8306e4393700d7657561cb43122571b172bbfb7c7ba1d" dependencies = [ - "either", "env_home", "rustix", "winsafe", ] -[[package]] -name = "wide" -version = "0.7.32" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "41b5576b9a81633f3e8df296ce0063042a73507636cbe956c61133dd7034ab22" -dependencies = [ - "bytemuck", - "safe_arch", -] - -[[package]] -name = "wide" -version = "0.7.32" -source = "git+https://github.com/Lokathor/wide?rev=71b5df0b2620da753836fafce5f99076181a49fe#71b5df0b2620da753836fafce5f99076181a49fe" -dependencies = [ - "bytemuck", - "safe_arch", -] - [[package]] name = "winapi" version = "0.3.9" diff --git a/fuzzers/binary_only/qemu_coverage/Justfile b/fuzzers/binary_only/qemu_coverage/Justfile index 4dce82217de..ebf15803fbd 100644 --- a/fuzzers/binary_only/qemu_coverage/Justfile +++ b/fuzzers/binary_only/qemu_coverage/Justfile @@ -21,6 +21,7 @@ harness: libpng $CROSS_CFLAGS \ "{{TARGET_DIR}}/build-png/.libs/libpng16.a" \ "{{TARGET_DIR}}/build-zlib/libz.a" \ + -I"{{DEPS_DIR}}/libpng-1.6.37" \ -I"{{TARGET_DIR}}/build-png" \ -I"{{TARGET_DIR}}/build-zlib/zlib/lib" \ -L"{{TARGET_DIR}}/build-zlib/zlib/lib" \ diff --git a/fuzzers/binary_only/qemu_launcher/Cargo.lock b/fuzzers/binary_only/qemu_launcher/Cargo.lock index bbec4a62337..c785f1a7134 100644 --- a/fuzzers/binary_only/qemu_launcher/Cargo.lock +++ b/fuzzers/binary_only/qemu_launcher/Cargo.lock @@ -21,7 +21,7 @@ dependencies = [ "fallible-iterator", "gimli 0.32.0", "memmap2", - "object 0.37.1", + "object 0.37.3", "rustc-demangle", "smallvec", "typed-arena", @@ -484,6 +484,15 @@ dependencies = [ "roff", ] +[[package]] +name = "cmake" +version = "0.1.54" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e7caa3f9de89ddbe2c607f4101924c5abec803763ae9534e4f4d7d8f84aa81f0" +dependencies = [ + "cc", +] + [[package]] name = "cobs" version = "0.2.3" @@ -974,11 +983,12 @@ checksum = "2acce4a10f12dc2fb14a218589d4f1f62ef011b2d0cc4b3cb1bba8e94da14649" [[package]] name = "fastbloom" -version = "0.12.0" +version = "0.14.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "33f26ab05af2bdfeeb680ec3002f1bfb8065f3d486b9b3db354103c80bd71866" +checksum = "18c1ddb9231d8554c2d6bdf4cfaabf0c59251658c68b6c95cd52dd0c513a912a" dependencies = [ "getrandom 0.3.3", + "libm", "siphasher", ] @@ -1064,9 +1074,9 @@ dependencies = [ [[package]] name = "getset" -version = "0.1.5" +version = "0.1.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f3586f256131df87204eb733da72e3d3eb4f343c639f4b7be279ac7c48baeafe" +checksum = "9cf0fc11e47561d47397154977bc219f4cf809b2974facc3ccb3b89e2436f912" dependencies = [ "proc-macro-error2", "proc-macro2", @@ -1446,7 +1456,7 @@ dependencies = [ "shellexpand", "similar", "snafu", - "strum 0.27.1", + "strum 0.27.2", "target", "tempfile", "typed-arena", @@ -1462,7 +1472,7 @@ checksum = "441225017b106b9f902e97947a6d31e44ebcf274b91bdbfb51e5c477fcd468e5" [[package]] name = "libafl" -version = "0.15.3" +version = "0.15.4" dependencies = [ "ahash", "arbitrary-int", @@ -1500,7 +1510,7 @@ dependencies = [ [[package]] name = "libafl_bolts" -version = "0.15.3" +version = "0.15.4" dependencies = [ "ahash", "backtrace", @@ -1535,7 +1545,7 @@ dependencies = [ [[package]] name = "libafl_derive" -version = "0.15.3" +version = "0.15.4" dependencies = [ "proc-macro2", "quote", @@ -1544,7 +1554,7 @@ dependencies = [ [[package]] name = "libafl_qemu" -version = "0.15.3" +version = "0.15.4" dependencies = [ "addr2line 0.25.0", "bindgen", @@ -1563,18 +1573,19 @@ dependencies = [ "libafl_qemu_sys", "libafl_targets", "libc", + "libvharness_sys", "log", "meminterval", "num-traits", "num_enum", - "object 0.37.1", + "object 0.37.3", "paste", "rangemap", "rustversion", "serde", "serde_yaml", - "strum 0.27.1", - "strum_macros 0.27.1", + "strum 0.27.2", + "strum_macros 0.27.2", "syscall-numbers", "thread_local", "toml", @@ -1583,7 +1594,7 @@ dependencies = [ [[package]] name = "libafl_qemu_build" -version = "0.15.3" +version = "0.15.4" dependencies = [ "bindgen", "cc", @@ -1598,20 +1609,20 @@ dependencies = [ [[package]] name = "libafl_qemu_sys" -version = "0.15.3" +version = "0.15.4" dependencies = [ "libafl_qemu_build", "libc", "num_enum", "paste", "rustversion", - "strum 0.27.1", - "strum_macros 0.27.1", + "strum 0.27.2", + "strum_macros 0.27.2", ] [[package]] name = "libafl_targets" -version = "0.15.3" +version = "0.15.4" dependencies = [ "bindgen", "cc", @@ -1681,6 +1692,14 @@ dependencies = [ "libc", ] +[[package]] +name = "libvharness_sys" +version = "0.15.4" +dependencies = [ + "bindgen", + "cmake", +] + [[package]] name = "libz-sys" version = "1.1.22" @@ -1744,9 +1763,9 @@ dependencies = [ [[package]] name = "mach2" -version = "0.4.2" +version = "0.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "19b955cdeb2a02b9117f121ce63aa52d08ade45de53e48fe6a38b39c10f6f709" +checksum = "6a1b95cd5421ec55b445b5ae102f5ea0e768de1f82bd3001e11f426c269c3aea" dependencies = [ "libc", ] @@ -1759,9 +1778,9 @@ checksum = "78ca9ab1a0babb1e7d5695e3530886289c18cf2f87ec19a575a0abdce112e3a3" [[package]] name = "meminterval" -version = "0.4.1" +version = "0.4.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c6f8614cf855d251be1c2138d330c04f134923fddec0dcfc8b6f58ac499bf248" +checksum = "8e0f9a537564310a87dc77d5c88a407e27dd0aa740e070f0549439cfcc68fcfd" dependencies = [ "num-traits", "serde", @@ -1919,9 +1938,9 @@ dependencies = [ [[package]] name = "object" -version = "0.37.1" +version = "0.37.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "03fd943161069e1768b4b3d050890ba48730e590f57e56d4aa04e7e090e61b4a" +checksum = "ff76201f031d8863c38aa7f905eca4f53abbfa15f609db4277d44cd8938f33fe" dependencies = [ "flate2", "memchr", @@ -2096,7 +2115,7 @@ dependencies = [ [[package]] name = "qemu_launcher" -version = "0.15.3" +version = "0.15.4" dependencies = [ "clap", "env_logger", @@ -2420,9 +2439,9 @@ dependencies = [ [[package]] name = "serde_spanned" -version = "0.6.8" +version = "1.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "87607cb1398ed59d48732e575a4c28a7a8ebf2454b964fe3f224f2afc07909e1" +checksum = "40734c41988f7306bb04f0ecf60ec0f3f1caa34290e4e8ea471dcd3346483b83" dependencies = [ "serde", ] @@ -2598,11 +2617,11 @@ dependencies = [ [[package]] name = "strum" -version = "0.27.1" +version = "0.27.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f64def088c51c9510a8579e3c5d67c65349dcf755e5479ad3d010aa6454e2c32" +checksum = "af23d6f6c1a224baef9d3f61e287d2761385a5b88fdab4eb4c6f11aeb54c4bcf" dependencies = [ - "strum_macros 0.27.1", + "strum_macros 0.27.2", ] [[package]] @@ -2620,14 +2639,13 @@ dependencies = [ [[package]] name = "strum_macros" -version = "0.27.1" +version = "0.27.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c77a8c5abcaf0f9ce05d62342b7d298c346515365c36b673df4ebe3ced01fde8" +checksum = "7695ce3845ea4b33927c055a39dc438a45b059f7c1b3d91d38d10355fb8cbca7" dependencies = [ "heck", "proc-macro2", "quote", - "rustversion", "syn", ] @@ -2723,12 +2741,11 @@ dependencies = [ [[package]] name = "thread_local" -version = "1.1.8" +version = "1.1.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8b9ef9bad013ada3808854ceac7b46812a6465ba368859a37e2100283d2d719c" +checksum = "f60246a4944f24f6e018aa17cdeffb7818b76356965d03b07d6a9886e8962185" dependencies = [ "cfg-if", - "once_cell", ] [[package]] @@ -2776,14 +2793,17 @@ dependencies = [ [[package]] name = "toml" -version = "0.8.22" +version = "0.9.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "05ae329d1f08c4d17a59bed7ff5b5a769d062e64a62d34a3261b219e62cd5aae" +checksum = "75129e1dc5000bfbaa9fee9d1b21f974f9fbad9daec557a521ee6e080825f6e8" dependencies = [ + "indexmap", "serde", "serde_spanned", - "toml_datetime", - "toml_edit", + "toml_datetime 0.7.0", + "toml_parser", + "toml_writer", + "winnow", ] [[package]] @@ -2791,6 +2811,12 @@ name = "toml_datetime" version = "0.6.9" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3da5db5a963e24bc68be8b17b6fa82814bb22ee8660f192bb182771d498f09a3" + +[[package]] +name = "toml_datetime" +version = "0.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bade1c3e902f58d73d3f294cd7f20391c1cb2fbcb643b73566bc773971df91e3" dependencies = [ "serde", ] @@ -2802,18 +2828,24 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "310068873db2c5b3e7659d2cc35d21855dbafa50d1ce336397c666e3cb08137e" dependencies = [ "indexmap", - "serde", - "serde_spanned", - "toml_datetime", - "toml_write", + "toml_datetime 0.6.9", "winnow", ] [[package]] -name = "toml_write" -version = "0.1.1" +name = "toml_parser" +version = "1.0.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b551886f449aa90d4fe2bdaa9f4a2577ad2dde302c61ecf262d80b116db95c10" +dependencies = [ + "winnow", +] + +[[package]] +name = "toml_writer" +version = "1.0.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bfb942dfe1d8e29a7ee7fcbde5bd2b9a25fb89aa70caea2eba3bee836ff41076" +checksum = "fcc842091f2def52017664b53082ecbbeb5c7731092bad69d2c63050401dfd64" [[package]] name = "tuple_list" diff --git a/fuzzers/binary_only/qemu_tmin/Cargo.lock b/fuzzers/binary_only/qemu_tmin/Cargo.lock index 96df17eea81..5d0f05271d8 100644 --- a/fuzzers/binary_only/qemu_tmin/Cargo.lock +++ b/fuzzers/binary_only/qemu_tmin/Cargo.lock @@ -7,12 +7,21 @@ name = "addr2line" version = "0.24.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "dfbe277e56a376000877090da837660b4427aad530e3028d44e0bffe4f89a1c1" +dependencies = [ + "gimli 0.31.1", +] + +[[package]] +name = "addr2line" +version = "0.25.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9acbfca36652500c911ddb767ed433e3ed99b032b5d935be73c6923662db1d43" dependencies = [ "cpp_demangle", "fallible-iterator", - "gimli", + "gimli 0.32.0", "memmap2", - "object", + "object 0.37.3", "rustc-demangle", "smallvec", "typed-arena", @@ -26,14 +35,14 @@ checksum = "512761e0bb2578dd7380c6baaa0f4ce03e84f95e960231d1dec8bf4d7d6e2627" [[package]] name = "ahash" -version = "0.8.11" +version = "0.8.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e89da841a80418a9b391ebaea17f5c112ffaaa96f621d2c285b5174da76b9011" +checksum = "5a15f179cd60c4584b8a8c596927aadc462e27f2ca70c04e0071964a73ba7a75" dependencies = [ "cfg-if", "once_cell", "version_check", - "zerocopy 0.7.35", + "zerocopy", ] [[package]] @@ -161,29 +170,40 @@ version = "0.3.74" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8d82cb332cdfaed17ae235a638438ac4d4839913cc2af585c3c6746e8f8bee1a" dependencies = [ - "addr2line", + "addr2line 0.24.2", "cfg-if", "libc", "miniz_oxide", - "object", + "object 0.36.7", "rustc-demangle", "windows-targets 0.52.6", ] [[package]] name = "bincode" -version = "1.3.3" +version = "2.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b1f45e9417d87227c7a56d22e471c6206462cba514c7590c09aff4cf6d1ddcad" +checksum = "36eaf5d7b090263e8150820482d5d93cd964a81e4019913c972f4edcc6edb740" dependencies = [ + "bincode_derive", "serde", + "unty", +] + +[[package]] +name = "bincode_derive" +version = "2.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bf95709a440f45e986983918d0e8a1f30a9b1df04918fc828670606804ac3c09" +dependencies = [ + "virtue", ] [[package]] name = "bindgen" -version = "0.71.1" +version = "0.72.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5f58bf3d7db68cfbac37cfc485a8d711e87e064c3d0fe0435b92f7a407f9d6b3" +checksum = "4f72209734318d0b619a5e0f5129918b848c416e122a3c4ce054e03cb87b726f" dependencies = [ "bitflags", "cexpr", @@ -332,21 +352,6 @@ dependencies = [ "thiserror 2.0.12", ] -[[package]] -name = "cassowary" -version = "0.3.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "df8670b8c7b9dae1793364eafadf7239c40d669904660c5960d74cfd80b46a53" - -[[package]] -name = "castaway" -version = "0.2.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0abae9be0aaf9ea96a3b1b8b1b55c602ca751eba1b1500220cea4ecbafe7c0d5" -dependencies = [ - "rustversion", -] - [[package]] name = "cc" version = "1.2.16" @@ -464,6 +469,15 @@ dependencies = [ "roff", ] +[[package]] +name = "cmake" +version = "0.1.54" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e7caa3f9de89ddbe2c607f4101924c5abec803763ae9534e4f4d7d8f84aa81f0" +dependencies = [ + "cc", +] + [[package]] name = "cobs" version = "0.2.3" @@ -476,20 +490,6 @@ version = "1.0.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5b63caa9aa9397e2d9480a9b13673856c78d8ac123288526c37d7839f2a86990" -[[package]] -name = "compact_str" -version = "0.8.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3b79c4069c6cad78e2e0cdfcbd26275770669fb39fd308a752dc110e83b9af32" -dependencies = [ - "castaway", - "cfg-if", - "itoa", - "rustversion", - "ryu", - "static_assertions", -] - [[package]] name = "const_format" version = "0.2.34" @@ -580,31 +580,6 @@ version = "0.8.21" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d0a5c400df2834b80a4c3327b3aad3a4c4cd4de0629063962b03235697506a28" -[[package]] -name = "crossterm" -version = "0.28.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "829d955a0bb380ef178a640b91779e3987da38c9aea133b20614cfed8cdea9c6" -dependencies = [ - "bitflags", - "crossterm_winapi", - "mio", - "parking_lot", - "rustix 0.38.44", - "signal-hook", - "signal-hook-mio", - "winapi", -] - -[[package]] -name = "crossterm_winapi" -version = "0.9.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "acdd7c62a3665c7f6830a51635d9ac9b23ed385797f70a83bb8bafe9c572ab2b" -dependencies = [ - "winapi", -] - [[package]] name = "crypto-common" version = "0.1.6" @@ -637,7 +612,7 @@ version = "3.4.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "90eeab0aa92f3f9b4e87f258c72b139c207d251f9cbc1080a0086b86a8870dd3" dependencies = [ - "nix", + "nix 0.29.0", "windows-sys 0.59.0", ] @@ -918,13 +893,13 @@ checksum = "2acce4a10f12dc2fb14a218589d4f1f62ef011b2d0cc4b3cb1bba8e94da14649" [[package]] name = "fastbloom" -version = "0.9.0" +version = "0.14.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "27cea6e7f512d43b098939ff4d5a5d6fe3db07971e1d05176fe26c642d33f5b8" +checksum = "18c1ddb9231d8554c2d6bdf4cfaabf0c59251658c68b6c95cd52dd0c513a912a" dependencies = [ "getrandom 0.3.1", + "libm", "siphasher", - "wide", ] [[package]] @@ -949,12 +924,6 @@ version = "1.0.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1" -[[package]] -name = "foldhash" -version = "0.1.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a0d2fde1f7b3d48b8395d5f2de76c18a528bd6a9cdde438df747bfcba3e05d6f" - [[package]] name = "form_urlencoded" version = "1.2.1" @@ -1009,9 +978,9 @@ dependencies = [ [[package]] name = "getset" -version = "0.1.5" +version = "0.1.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f3586f256131df87204eb733da72e3d3eb4f343c639f4b7be279ac7c48baeafe" +checksum = "9cf0fc11e47561d47397154977bc219f4cf809b2974facc3ccb3b89e2436f912" dependencies = [ "proc-macro-error2", "proc-macro2", @@ -1024,6 +993,12 @@ name = "gimli" version = "0.31.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "07e28edb80900c19c28f1072f2e8aeca7fa06b23cd4169cefe1af5aa3260783f" + +[[package]] +name = "gimli" +version = "0.32.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "93563d740bc9ef04104f9ed6f86f1e3275c2cdafb95664e26584b9ca807a8ffe" dependencies = [ "fallible-iterator", "stable_deref_trait", @@ -1050,9 +1025,9 @@ checksum = "a8d1add55171497b4705a648c6b583acafb01d58050a51727785f0b2c8e0a2b2" [[package]] name = "goblin" -version = "0.9.3" +version = "0.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "daa0a64d21a7eb230583b4c5f4e23b7e4e57974f96620f42a7e75e08ae66d745" +checksum = "0e961b33649994dcf69303af6b3a332c1228549e604d455d61ec5d2ab5e68d3a" dependencies = [ "log", "plain", @@ -1075,11 +1050,6 @@ name = "hashbrown" version = "0.15.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "bf151400ff0baff5465007dd2f3e717f3fe502074ca563069ce3a6629d07b289" -dependencies = [ - "allocator-api2", - "equivalent", - "foldhash", -] [[package]] name = "heck" @@ -1282,25 +1252,6 @@ dependencies = [ "hashbrown 0.15.2", ] -[[package]] -name = "indoc" -version = "2.0.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f4c7245a08504955605670dbf141fceab975f15ca21570696aebe9d2e71576bd" - -[[package]] -name = "instability" -version = "0.3.7" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0bf9fed6d91cfb734e7476a06bde8300a1b94e217e1b523b6f0cd1a01998c71d" -dependencies = [ - "darling", - "indoc", - "proc-macro2", - "quote", - "syn", -] - [[package]] name = "is_executable" version = "1.0.4" @@ -1415,11 +1366,11 @@ dependencies = [ "shellexpand", "similar", "snafu", - "strum 0.27.1", + "strum", "target", "tempfile", "typed-arena", - "unicode-width 0.2.0", + "unicode-width", "uuid", ] @@ -1431,7 +1382,7 @@ checksum = "441225017b106b9f902e97947a6d31e44ebcf274b91bdbfb51e5c477fcd468e5" [[package]] name = "libafl" -version = "0.15.1" +version = "0.15.4" dependencies = [ "ahash", "arbitrary-int", @@ -1440,7 +1391,6 @@ dependencies = [ "bitbybit", "const_format", "const_panic", - "crossterm", "fastbloom", "fs2", "hashbrown 0.14.5", @@ -1450,10 +1400,9 @@ dependencies = [ "libm", "log", "meminterval", - "nix", + "nix 0.30.1", "num-traits", "postcard", - "ratatui", "regex", "rustversion", "serde", @@ -1469,7 +1418,7 @@ dependencies = [ [[package]] name = "libafl_bolts" -version = "0.15.1" +version = "0.15.4" dependencies = [ "ahash", "backtrace", @@ -1478,11 +1427,12 @@ dependencies = [ "hashbrown 0.14.5", "hostname", "libafl_derive", + "libafl_wide", "libc", "log", - "mach", + "mach2", "miniz_oxide", - "nix", + "nix 0.30.1", "num_enum", "once_cell", "postcard", @@ -1503,7 +1453,7 @@ dependencies = [ [[package]] name = "libafl_derive" -version = "0.15.1" +version = "0.15.4" dependencies = [ "proc-macro2", "quote", @@ -1512,9 +1462,9 @@ dependencies = [ [[package]] name = "libafl_qemu" -version = "0.15.1" +version = "0.15.4" dependencies = [ - "addr2line", + "addr2line 0.25.0", "bindgen", "bytes-utils", "capstone", @@ -1531,30 +1481,28 @@ dependencies = [ "libafl_qemu_sys", "libafl_targets", "libc", + "libvharness_sys", "log", "meminterval", - "memmap2", - "num-derive", "num-traits", "num_enum", - "object", + "object 0.37.3", "paste", "rangemap", "rustversion", "serde", "serde_yaml", - "strum 0.27.1", - "strum_macros 0.27.1", + "strum", + "strum_macros", "syscall-numbers", "thread_local", "toml", - "typed-arena", "typed-builder", ] [[package]] name = "libafl_qemu_build" -version = "0.15.1" +version = "0.15.4" dependencies = [ "bindgen", "cc", @@ -1569,20 +1517,20 @@ dependencies = [ [[package]] name = "libafl_qemu_sys" -version = "0.15.1" +version = "0.15.4" dependencies = [ "libafl_qemu_build", "libc", "num_enum", "paste", "rustversion", - "strum 0.27.1", - "strum_macros 0.27.1", + "strum", + "strum_macros", ] [[package]] name = "libafl_targets" -version = "0.15.1" +version = "0.15.4" dependencies = [ "bindgen", "cc", @@ -1591,12 +1539,23 @@ dependencies = [ "libafl_bolts", "libc", "log", + "nix 0.30.1", "once_cell", "rangemap", "rustversion", "serde", ] +[[package]] +name = "libafl_wide" +version = "0.7.33" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b2f28d525f6e361b6cd55c0da5347027860a902d638d15194c16dc2f39a5ba9f" +dependencies = [ + "bytemuck", + "safe_arch", +] + [[package]] name = "libc" version = "0.2.171" @@ -1641,6 +1600,14 @@ dependencies = [ "libc", ] +[[package]] +name = "libvharness_sys" +version = "0.15.4" +dependencies = [ + "bindgen", + "cmake", +] + [[package]] name = "libz-sys" version = "1.1.21" @@ -1653,12 +1620,6 @@ dependencies = [ "vcpkg", ] -[[package]] -name = "linux-raw-sys" -version = "0.4.15" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d26c52dbd32dccf2d10cac7725f8eae5296885fb5703b261f7d0a0739ec807ab" - [[package]] name = "linux-raw-sys" version = "0.9.2" @@ -1688,19 +1649,10 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "30bde2b3dc3671ae49d8e2e9f044c7c005836e7a023ee57cffa25ab82764bb9e" [[package]] -name = "lru" -version = "0.12.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "234cf4f4a04dc1f57e24b96cc0cd600cf2af460d4161ac5ecdd0af8e1f3b2a38" -dependencies = [ - "hashbrown 0.15.2", -] - -[[package]] -name = "mach" -version = "0.3.2" +name = "mach2" +version = "0.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b823e83b2affd8f40a9ee8c29dbc56404c1e34cd2710921f2801e2cf29527afa" +checksum = "6a1b95cd5421ec55b445b5ae102f5ea0e768de1f82bd3001e11f426c269c3aea" dependencies = [ "libc", ] @@ -1713,9 +1665,9 @@ checksum = "78ca9ab1a0babb1e7d5695e3530886289c18cf2f87ec19a575a0abdce112e3a3" [[package]] name = "meminterval" -version = "0.4.1" +version = "0.4.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c6f8614cf855d251be1c2138d330c04f134923fddec0dcfc8b6f58ac499bf248" +checksum = "8e0f9a537564310a87dc77d5c88a407e27dd0aa740e070f0549439cfcc68fcfd" dependencies = [ "num-traits", "serde", @@ -1755,22 +1707,22 @@ dependencies = [ ] [[package]] -name = "mio" -version = "1.0.3" +name = "nix" +version = "0.29.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2886843bf800fba2e3377cff24abf6379b4c4d5c6681eaf9ea5b0d15090450bd" +checksum = "71e2746dc3a24dd78b3cfcb7be93368c6de9963d30f43a6a73998a9cf4b17b46" dependencies = [ + "bitflags", + "cfg-if", + "cfg_aliases", "libc", - "log", - "wasi 0.11.0+wasi-snapshot-preview1", - "windows-sys 0.52.0", ] [[package]] name = "nix" -version = "0.29.0" +version = "0.30.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "71e2746dc3a24dd78b3cfcb7be93368c6de9963d30f43a6a73998a9cf4b17b46" +checksum = "74523f3a35e05aba87a1d978330aef40f67b0304ac79c1c00b294c9830543db6" dependencies = [ "bitflags", "cfg-if", @@ -1804,17 +1756,6 @@ version = "0.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "51d515d32fb182ee37cda2ccdcb92950d6a3c2893aa280e540671c2cd0f3b1d9" -[[package]] -name = "num-derive" -version = "0.4.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ed3955f1a9c7c0c15e092f9c887db08b1fc683305fdf6eb6684f22555355e202" -dependencies = [ - "proc-macro2", - "quote", - "syn", -] - [[package]] name = "num-traits" version = "0.2.19" @@ -1869,6 +1810,15 @@ name = "object" version = "0.36.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "62948e14d923ea95ea2c7c86c71013138b66525b86bdc08d2dcc262bdb497b87" +dependencies = [ + "memchr", +] + +[[package]] +name = "object" +version = "0.37.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ff76201f031d8863c38aa7f905eca4f53abbfa15f609db4277d44cd8938f33fe" dependencies = [ "flate2", "memchr", @@ -1973,7 +1923,7 @@ version = "0.2.21" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "85eae3c4ed2f50dcfe72643da4befc30deadb458a9b590d720cde2f2b1e97da9" dependencies = [ - "zerocopy 0.8.23", + "zerocopy", ] [[package]] @@ -2059,7 +2009,7 @@ checksum = "3779b94aeb87e8bd4e834cee3650289ee9e0d5677f976ecdb6d219e5f4f6cd94" dependencies = [ "rand_chacha", "rand_core", - "zerocopy 0.8.23", + "zerocopy", ] [[package]] @@ -2087,27 +2037,6 @@ version = "1.5.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f60fcc7d6849342eff22c4350c8b9a989ee8ceabc4b481253e8946b9fe83d684" -[[package]] -name = "ratatui" -version = "0.29.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "eabd94c2f37801c20583fc49dd5cd6b0ba68c716787c2dd6ed18571e1e63117b" -dependencies = [ - "bitflags", - "cassowary", - "compact_str", - "crossterm", - "indoc", - "instability", - "itertools", - "lru", - "paste", - "strum 0.26.3", - "unicode-segmentation", - "unicode-truncate", - "unicode-width 0.2.0", -] - [[package]] name = "rayon" version = "1.10.0" @@ -2217,27 +2146,14 @@ dependencies = [ [[package]] name = "rustix" -version = "0.38.44" +version = "1.0.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fdb5bc1ae2baa591800df16c9ca78619bf65c0488b41b96ccec5d11220d8c154" +checksum = "11181fbabf243db407ef8df94a6ce0b2f9a733bd8be4ad02b4eda9602296cac8" dependencies = [ "bitflags", "errno", "libc", - "linux-raw-sys 0.4.15", - "windows-sys 0.59.0", -] - -[[package]] -name = "rustix" -version = "1.0.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f7178faa4b75a30e269c71e61c353ce2748cf3d76f0c44c393f4e60abf49b825" -dependencies = [ - "bitflags", - "errno", - "libc", - "linux-raw-sys 0.9.2", + "linux-raw-sys", "windows-sys 0.59.0", ] @@ -2249,9 +2165,9 @@ checksum = "eded382c5f5f786b989652c49544c4877d9f015cc22e145a5ea8ea66c2921cd2" [[package]] name = "ruzstd" -version = "0.7.3" +version = "0.8.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fad02996bfc73da3e301efe90b1837be9ed8f4a462b6ed410aa35d00381de89f" +checksum = "3640bec8aad418d7d03c72ea2de10d5c646a598f9883c7babc160d91e3c1b26c" dependencies = [ "twox-hash", ] @@ -2288,18 +2204,18 @@ checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49" [[package]] name = "scroll" -version = "0.12.0" +version = "0.13.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6ab8598aa408498679922eff7fa985c25d58a90771bd6be794434c5277eab1a6" +checksum = "c1257cd4248b4132760d6524d6dda4e053bc648c9070b960929bf50cfb1e7add" dependencies = [ "scroll_derive", ] [[package]] name = "scroll_derive" -version = "0.12.0" +version = "0.13.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7f81c2fde025af7e69b1d1420531c8a8811ca898919db177141a85313b1cb932" +checksum = "22fc4f90c27b57691bbaf11d8ecc7cfbfe98a4da6dbe60226115d322aa80c06e" dependencies = [ "proc-macro2", "quote", @@ -2355,9 +2271,9 @@ dependencies = [ [[package]] name = "serde_spanned" -version = "0.6.8" +version = "1.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "87607cb1398ed59d48732e575a4c28a7a8ebf2454b964fe3f224f2afc07909e1" +checksum = "40734c41988f7306bb04f0ecf60ec0f3f1caa34290e4e8ea471dcd3346483b83" dependencies = [ "serde", ] @@ -2431,36 +2347,6 @@ version = "1.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64" -[[package]] -name = "signal-hook" -version = "0.3.17" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8621587d4798caf8eb44879d42e56b9a93ea5dcd315a6487c357130095b62801" -dependencies = [ - "libc", - "signal-hook-registry", -] - -[[package]] -name = "signal-hook-mio" -version = "0.2.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "34db1a06d485c9142248b7a054f034b349b212551f3dfd19c94d45a754a217cd" -dependencies = [ - "libc", - "mio", - "signal-hook", -] - -[[package]] -name = "signal-hook-registry" -version = "1.4.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a9e9e0b4211b72e7b8b6e85c807d36c212bdb33ea8587f7569562a84df5465b1" -dependencies = [ - "libc", -] - [[package]] name = "similar" version = "2.7.0" @@ -2524,45 +2410,22 @@ checksum = "7da8b5736845d9f2fcb837ea5d9e2628564b3b043a70948a3f0b778838c5fb4f" [[package]] name = "strum" -version = "0.26.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8fec0f0aef304996cf250b31b5a10dee7980c85da9d759361292b8bca5a18f06" -dependencies = [ - "strum_macros 0.26.4", -] - -[[package]] -name = "strum" -version = "0.27.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f64def088c51c9510a8579e3c5d67c65349dcf755e5479ad3d010aa6454e2c32" -dependencies = [ - "strum_macros 0.27.1", -] - -[[package]] -name = "strum_macros" -version = "0.26.4" +version = "0.27.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4c6bee85a5a24955dc440386795aa378cd9cf82acd5f764469152d2270e581be" +checksum = "af23d6f6c1a224baef9d3f61e287d2761385a5b88fdab4eb4c6f11aeb54c4bcf" dependencies = [ - "heck", - "proc-macro2", - "quote", - "rustversion", - "syn", + "strum_macros", ] [[package]] name = "strum_macros" -version = "0.27.1" +version = "0.27.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c77a8c5abcaf0f9ce05d62342b7d298c346515365c36b673df4ebe3ced01fde8" +checksum = "7695ce3845ea4b33927c055a39dc438a45b059f7c1b3d91d38d10355fb8cbca7" dependencies = [ "heck", "proc-macro2", "quote", - "rustversion", "syn", ] @@ -2624,7 +2487,7 @@ dependencies = [ "fastrand", "getrandom 0.3.1", "once_cell", - "rustix 1.0.2", + "rustix", "windows-sys 0.59.0", ] @@ -2634,7 +2497,7 @@ version = "0.4.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "45c6481c4829e4cc63825e62c49186a34538b7b2750b73b266581ffb612fb5ed" dependencies = [ - "rustix 1.0.2", + "rustix", "windows-sys 0.59.0", ] @@ -2680,12 +2543,11 @@ dependencies = [ [[package]] name = "thread_local" -version = "1.1.8" +version = "1.1.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8b9ef9bad013ada3808854ceac7b46812a6465ba368859a37e2100283d2d719c" +checksum = "f60246a4944f24f6e018aa17cdeffb7818b76356965d03b07d6a9886e8962185" dependencies = [ "cfg-if", - "once_cell", ] [[package]] @@ -2733,14 +2595,17 @@ dependencies = [ [[package]] name = "toml" -version = "0.8.20" +version = "0.9.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cd87a5cdd6ffab733b2f74bc4fd7ee5fff6634124999ac278c35fc78c6120148" +checksum = "75129e1dc5000bfbaa9fee9d1b21f974f9fbad9daec557a521ee6e080825f6e8" dependencies = [ + "indexmap", "serde", "serde_spanned", - "toml_datetime", - "toml_edit", + "toml_datetime 0.7.0", + "toml_parser", + "toml_writer", + "winnow", ] [[package]] @@ -2748,6 +2613,12 @@ name = "toml_datetime" version = "0.6.8" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0dd7358ecb8fc2f8d014bf86f6f638ce72ba252a2c3a2572f2a795f1d23efb41" + +[[package]] +name = "toml_datetime" +version = "0.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bade1c3e902f58d73d3f294cd7f20391c1cb2fbcb643b73566bc773971df91e3" dependencies = [ "serde", ] @@ -2759,12 +2630,25 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "17b4795ff5edd201c7cd6dca065ae59972ce77d1b80fa0a84d94950ece7d1474" dependencies = [ "indexmap", - "serde", - "serde_spanned", - "toml_datetime", + "toml_datetime 0.6.8", "winnow", ] +[[package]] +name = "toml_parser" +version = "1.0.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b551886f449aa90d4fe2bdaa9f4a2577ad2dde302c61ecf262d80b116db95c10" +dependencies = [ + "winnow", +] + +[[package]] +name = "toml_writer" +version = "1.0.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fcc842091f2def52017664b53082ecbbeb5c7731092bad69d2c63050401dfd64" + [[package]] name = "tuple_list" version = "0.1.3" @@ -2773,13 +2657,9 @@ checksum = "141fb9f71ee586d956d7d6e4d5a9ef8e946061188520140f7591b668841d502e" [[package]] name = "twox-hash" -version = "1.6.3" +version = "2.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "97fee6b57c6a41524a810daee9286c02d7752c4253064d0b05472833a438f675" -dependencies = [ - "cfg-if", - "static_assertions", -] +checksum = "8b907da542cbced5261bd3256de1b3a1bf340a3d37f93425a07362a1d687de56" [[package]] name = "typed-arena" @@ -2789,18 +2669,18 @@ checksum = "6af6ae20167a9ece4bcb41af5b80f8a1f1df981f6391189ce00fd257af04126a" [[package]] name = "typed-builder" -version = "0.20.0" +version = "0.21.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7e14ed59dc8b7b26cacb2a92bad2e8b1f098806063898ab42a3bd121d7d45e75" +checksum = "478cb2887fa0a15be611e4dc0e900f693c31f1add497ac8794a24cd512a22df9" dependencies = [ "typed-builder-macro", ] [[package]] name = "typed-builder-macro" -version = "0.20.0" +version = "0.21.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "560b82d656506509d43abe30e0ba64c56b1953ab3d4fe7ba5902747a7a3cedd5" +checksum = "6a840d281b4e2b22f6ca51168a373c06e7044e06420f0f12fe0e7b62c28df2f8" dependencies = [ "proc-macro2", "quote", @@ -2840,23 +2720,6 @@ version = "1.12.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f6ccf251212114b54433ec949fd6a7841275f9ada20dddd2f29e9ceea4501493" -[[package]] -name = "unicode-truncate" -version = "1.1.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b3644627a5af5fa321c95b9b235a72fd24cd29c648c2c379431e6628655627bf" -dependencies = [ - "itertools", - "unicode-segmentation", - "unicode-width 0.1.14", -] - -[[package]] -name = "unicode-width" -version = "0.1.14" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7dd6e30e90baa6f72411720665d41d89b9a3d039dc45b8faea1ddd07f617f6af" - [[package]] name = "unicode-width" version = "0.2.0" @@ -2875,6 +2738,12 @@ version = "0.2.11" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "673aac59facbab8a9007c7f6108d11f63b603f7cabff99fabf650fea5c32b861" +[[package]] +name = "unty" +version = "0.0.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6d49784317cd0d1ee7ec5c716dd598ec5b4483ea832a2dced265471cc0f690ae" + [[package]] name = "url" version = "2.5.4" @@ -2969,6 +2838,12 @@ version = "0.9.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0b928f33d975fc6ad9f86c8f283853ad26bdd5b10b7f1542aa2fa15e2289105a" +[[package]] +name = "virtue" +version = "0.0.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "051eb1abcf10076295e815102942cc58f9d5e3b4560e46e53c21e8ff6f3af7b1" + [[package]] name = "wait-timeout" version = "0.2.1" @@ -3053,26 +2928,15 @@ dependencies = [ [[package]] name = "which" -version = "7.0.2" +version = "8.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2774c861e1f072b3aadc02f8ba886c26ad6321567ecc294c935434cad06f1283" +checksum = "d3fabb953106c3c8eea8306e4393700d7657561cb43122571b172bbfb7c7ba1d" dependencies = [ - "either", "env_home", - "rustix 0.38.44", + "rustix", "winsafe", ] -[[package]] -name = "wide" -version = "0.7.32" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "41b5576b9a81633f3e8df296ce0063042a73507636cbe956c61133dd7034ab22" -dependencies = [ - "bytemuck", - "safe_arch", -] - [[package]] name = "winapi" version = "0.3.9" @@ -3245,15 +3109,6 @@ dependencies = [ "windows-targets 0.48.5", ] -[[package]] -name = "windows-sys" -version = "0.52.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "282be5f36a8ce781fad8c8ae18fa3f9beff57ec1b52cb3de0789201425d9a33d" -dependencies = [ - "windows-targets 0.52.6", -] - [[package]] name = "windows-sys" version = "0.59.0" @@ -3450,9 +3305,9 @@ checksum = "271414315aff87387382ec3d271b52d7ae78726f5d44ac98b4f4030c91880486" [[package]] name = "winnow" -version = "0.7.4" +version = "0.7.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0e97b544156e9bebe1a0ffbc03484fc1ffe3100cbce3ffb17eac35f7cdd7ab36" +checksum = "f3edebf492c8125044983378ecb5766203ad3b4c2f7a922bd7dd207f6d443e95" dependencies = [ "memchr", ] @@ -3516,38 +3371,18 @@ dependencies = [ [[package]] name = "zerocopy" -version = "0.7.35" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1b9b4fd18abc82b8136838da5d50bae7bdea537c574d8dc1a34ed098d6c166f0" -dependencies = [ - "zerocopy-derive 0.7.35", -] - -[[package]] -name = "zerocopy" -version = "0.8.23" +version = "0.8.26" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fd97444d05a4328b90e75e503a34bad781f14e28a823ad3557f0750df1ebcbc6" +checksum = "1039dd0d3c310cf05de012d8a39ff557cb0d23087fd44cad61df08fc31907a2f" dependencies = [ - "zerocopy-derive 0.8.23", -] - -[[package]] -name = "zerocopy-derive" -version = "0.7.35" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fa4f8080344d4671fb4e831a13ad1e68092748387dfc4f55e356242fae12ce3e" -dependencies = [ - "proc-macro2", - "quote", - "syn", + "zerocopy-derive", ] [[package]] name = "zerocopy-derive" -version = "0.8.23" +version = "0.8.26" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6352c01d0edd5db859a63e2605f4ea3183ddbd15e2c4a9e7d32184df75e4f154" +checksum = "9ecf5b4cc5364572d7f4c329661bcc82724222973f2cab6f050a4e5c22f75181" dependencies = [ "proc-macro2", "quote", diff --git a/fuzzers/binary_only/qemu_tmin/Justfile b/fuzzers/binary_only/qemu_tmin/Justfile index d6403f758c6..197187b3ad9 100644 --- a/fuzzers/binary_only/qemu_tmin/Justfile +++ b/fuzzers/binary_only/qemu_tmin/Justfile @@ -23,6 +23,7 @@ harness: libpng $CROSS_CFLAGS \ "{{TARGET_DIR}}/build-png/.libs/libpng16.a" \ "{{TARGET_DIR}}/build-zlib/libz.a" \ + -I"{{DEPS_DIR}}/libpng-1.6.37" \ -I"{{TARGET_DIR}}/build-png" \ -I"{{TARGET_DIR}}/build-zlib/zlib/lib" \ -L"{{TARGET_DIR}}/build-zlib/zlib/lib" \ diff --git a/fuzzers/forkserver/libafl-fuzz/Cargo.lock b/fuzzers/forkserver/libafl-fuzz/Cargo.lock index 8e1e8e0e017..9792f0a76f5 100644 --- a/fuzzers/forkserver/libafl-fuzz/Cargo.lock +++ b/fuzzers/forkserver/libafl-fuzz/Cargo.lock @@ -495,11 +495,12 @@ dependencies = [ [[package]] name = "fastbloom" -version = "0.12.0" +version = "0.14.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "33f26ab05af2bdfeeb680ec3002f1bfb8065f3d486b9b3db354103c80bd71866" +checksum = "18c1ddb9231d8554c2d6bdf4cfaabf0c59251658c68b6c95cd52dd0c513a912a" dependencies = [ "getrandom 0.3.3", + "libm", "siphasher", ] @@ -687,7 +688,7 @@ checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe" [[package]] name = "libafl" -version = "0.15.3" +version = "0.15.4" dependencies = [ "ahash", "arbitrary-int", @@ -724,7 +725,7 @@ dependencies = [ [[package]] name = "libafl-fuzz" -version = "0.15.3" +version = "0.15.4" dependencies = [ "clap", "env_logger", @@ -741,7 +742,7 @@ dependencies = [ [[package]] name = "libafl_bolts" -version = "0.15.3" +version = "0.15.4" dependencies = [ "ahash", "backtrace", @@ -777,7 +778,7 @@ dependencies = [ [[package]] name = "libafl_derive" -version = "0.15.3" +version = "0.15.4" dependencies = [ "proc-macro2", "quote", @@ -786,7 +787,7 @@ dependencies = [ [[package]] name = "libafl_nyx" -version = "0.15.3" +version = "0.15.4" dependencies = [ "libafl", "libafl_bolts", @@ -800,7 +801,7 @@ dependencies = [ [[package]] name = "libafl_targets" -version = "0.15.3" +version = "0.15.4" dependencies = [ "bindgen", "cc", @@ -920,9 +921,9 @@ checksum = "13dc2df351e3202783a1fe0d44375f7295ffb4049267b0f3018346dc122a1d94" [[package]] name = "mach2" -version = "0.4.2" +version = "0.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "19b955cdeb2a02b9117f121ce63aa52d08ade45de53e48fe6a38b39c10f6f709" +checksum = "6a1b95cd5421ec55b445b5ae102f5ea0e768de1f82bd3001e11f426c269c3aea" dependencies = [ "libc", ] @@ -935,9 +936,9 @@ checksum = "78ca9ab1a0babb1e7d5695e3530886289c18cf2f87ec19a575a0abdce112e3a3" [[package]] name = "meminterval" -version = "0.4.1" +version = "0.4.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c6f8614cf855d251be1c2138d330c04f134923fddec0dcfc8b6f58ac499bf248" +checksum = "8e0f9a537564310a87dc77d5c88a407e27dd0aa740e070f0549439cfcc68fcfd" dependencies = [ "num-traits", "serde", diff --git a/fuzzers/full_system/qemu_baremetal/Cargo.lock b/fuzzers/full_system/qemu_baremetal/Cargo.lock index 6d29ba1139e..298a7b3010f 100644 --- a/fuzzers/full_system/qemu_baremetal/Cargo.lock +++ b/fuzzers/full_system/qemu_baremetal/Cargo.lock @@ -7,12 +7,21 @@ name = "addr2line" version = "0.24.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "dfbe277e56a376000877090da837660b4427aad530e3028d44e0bffe4f89a1c1" +dependencies = [ + "gimli 0.31.1", +] + +[[package]] +name = "addr2line" +version = "0.25.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9acbfca36652500c911ddb767ed433e3ed99b032b5d935be73c6923662db1d43" dependencies = [ "cpp_demangle", "fallible-iterator", - "gimli", + "gimli 0.32.0", "memmap2", - "object", + "object 0.37.3", "rustc-demangle", "smallvec", "typed-arena", @@ -155,29 +164,40 @@ version = "0.3.75" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6806a6321ec58106fea15becdad98371e28d92ccbc7c8f1b3b6dd724fe8f1002" dependencies = [ - "addr2line", + "addr2line 0.24.2", "cfg-if", "libc", "miniz_oxide", - "object", + "object 0.36.7", "rustc-demangle", "windows-targets 0.52.6", ] [[package]] name = "bincode" -version = "1.3.3" +version = "2.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b1f45e9417d87227c7a56d22e471c6206462cba514c7590c09aff4cf6d1ddcad" +checksum = "36eaf5d7b090263e8150820482d5d93cd964a81e4019913c972f4edcc6edb740" dependencies = [ + "bincode_derive", "serde", + "unty", +] + +[[package]] +name = "bincode_derive" +version = "2.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bf95709a440f45e986983918d0e8a1f30a9b1df04918fc828670606804ac3c09" +dependencies = [ + "virtue", ] [[package]] name = "bindgen" -version = "0.71.1" +version = "0.72.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5f58bf3d7db68cfbac37cfc485a8d711e87e064c3d0fe0435b92f7a407f9d6b3" +checksum = "4f72209734318d0b619a5e0f5129918b848c416e122a3c4ce054e03cb87b726f" dependencies = [ "bitflags", "cexpr", @@ -417,6 +437,15 @@ dependencies = [ "roff", ] +[[package]] +name = "cmake" +version = "0.1.54" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e7caa3f9de89ddbe2c607f4101924c5abec803763ae9534e4f4d7d8f84aa81f0" +dependencies = [ + "cc", +] + [[package]] name = "cobs" version = "0.2.3" @@ -551,7 +580,7 @@ version = "3.4.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "46f93780a459b7d656ef7f071fe699c4d3d2cb201c4b24d085b6ddc505276e73" dependencies = [ - "nix 0.30.1", + "nix", "windows-sys", ] @@ -725,13 +754,13 @@ checksum = "2acce4a10f12dc2fb14a218589d4f1f62ef011b2d0cc4b3cb1bba8e94da14649" [[package]] name = "fastbloom" -version = "0.9.0" +version = "0.14.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "27cea6e7f512d43b098939ff4d5a5d6fe3db07971e1d05176fe26c642d33f5b8" +checksum = "18c1ddb9231d8554c2d6bdf4cfaabf0c59251658c68b6c95cd52dd0c513a912a" dependencies = [ "getrandom 0.3.3", + "libm", "siphasher", - "wide 0.7.32 (registry+https://github.com/rust-lang/crates.io-index)", ] [[package]] @@ -795,9 +824,9 @@ dependencies = [ [[package]] name = "getset" -version = "0.1.5" +version = "0.1.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f3586f256131df87204eb733da72e3d3eb4f343c639f4b7be279ac7c48baeafe" +checksum = "9cf0fc11e47561d47397154977bc219f4cf809b2974facc3ccb3b89e2436f912" dependencies = [ "proc-macro-error2", "proc-macro2", @@ -810,6 +839,12 @@ name = "gimli" version = "0.31.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "07e28edb80900c19c28f1072f2e8aeca7fa06b23cd4169cefe1af5aa3260783f" + +[[package]] +name = "gimli" +version = "0.32.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "93563d740bc9ef04104f9ed6f86f1e3275c2cdafb95664e26584b9ca807a8ffe" dependencies = [ "fallible-iterator", "stable_deref_trait", @@ -823,9 +858,9 @@ checksum = "a8d1add55171497b4705a648c6b583acafb01d58050a51727785f0b2c8e0a2b2" [[package]] name = "goblin" -version = "0.9.3" +version = "0.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "daa0a64d21a7eb230583b4c5f4e23b7e4e57974f96620f42a7e75e08ae66d745" +checksum = "0e961b33649994dcf69303af6b3a332c1228549e604d455d61ec5d2ab5e68d3a" dependencies = [ "log", "plain", @@ -1037,7 +1072,7 @@ checksum = "441225017b106b9f902e97947a6d31e44ebcf274b91bdbfb51e5c477fcd468e5" [[package]] name = "libafl" -version = "0.15.2" +version = "0.15.4" dependencies = [ "ahash", "arbitrary-int", @@ -1055,7 +1090,7 @@ dependencies = [ "libm", "log", "meminterval", - "nix 0.29.0", + "nix", "num-traits", "postcard", "regex", @@ -1073,7 +1108,7 @@ dependencies = [ [[package]] name = "libafl_bolts" -version = "0.15.2" +version = "0.15.4" dependencies = [ "ahash", "backtrace", @@ -1082,11 +1117,12 @@ dependencies = [ "hashbrown 0.14.5", "hostname", "libafl_derive", + "libafl_wide", "libc", "log", "mach2", "miniz_oxide", - "nix 0.29.0", + "nix", "num_enum", "once_cell", "postcard", @@ -1099,7 +1135,6 @@ dependencies = [ "typeid", "uds", "uuid", - "wide 0.7.32 (git+https://github.com/Lokathor/wide?rev=71b5df0b2620da753836fafce5f99076181a49fe)", "winapi", "windows", "windows-result", @@ -1108,7 +1143,7 @@ dependencies = [ [[package]] name = "libafl_derive" -version = "0.15.2" +version = "0.15.4" dependencies = [ "proc-macro2", "quote", @@ -1117,9 +1152,9 @@ dependencies = [ [[package]] name = "libafl_qemu" -version = "0.15.2" +version = "0.15.4" dependencies = [ - "addr2line", + "addr2line 0.25.0", "bindgen", "bytes-utils", "capstone", @@ -1136,13 +1171,12 @@ dependencies = [ "libafl_qemu_sys", "libafl_targets", "libc", + "libvharness_sys", "log", "meminterval", - "memmap2", - "num-derive", "num-traits", "num_enum", - "object", + "object 0.37.3", "paste", "rangemap", "rustversion", @@ -1151,13 +1185,12 @@ dependencies = [ "strum_macros", "syscall-numbers", "thread_local", - "typed-arena", "typed-builder", ] [[package]] name = "libafl_qemu_build" -version = "0.15.2" +version = "0.15.4" dependencies = [ "bindgen", "cc", @@ -1172,7 +1205,7 @@ dependencies = [ [[package]] name = "libafl_qemu_sys" -version = "0.15.2" +version = "0.15.4" dependencies = [ "libafl_qemu_build", "libc", @@ -1185,7 +1218,7 @@ dependencies = [ [[package]] name = "libafl_targets" -version = "0.15.2" +version = "0.15.4" dependencies = [ "bindgen", "cc", @@ -1194,13 +1227,23 @@ dependencies = [ "libafl_bolts", "libc", "log", - "nix 0.29.0", + "nix", "once_cell", "rangemap", "rustversion", "serde", ] +[[package]] +name = "libafl_wide" +version = "0.7.33" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b2f28d525f6e361b6cd55c0da5347027860a902d638d15194c16dc2f39a5ba9f" +dependencies = [ + "bytemuck", + "safe_arch", +] + [[package]] name = "libc" version = "0.2.172" @@ -1233,6 +1276,14 @@ dependencies = [ "libc", ] +[[package]] +name = "libvharness_sys" +version = "0.15.4" +dependencies = [ + "bindgen", + "cmake", +] + [[package]] name = "linux-raw-sys" version = "0.9.4" @@ -1257,9 +1308,9 @@ checksum = "13dc2df351e3202783a1fe0d44375f7295ffb4049267b0f3018346dc122a1d94" [[package]] name = "mach2" -version = "0.4.2" +version = "0.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "19b955cdeb2a02b9117f121ce63aa52d08ade45de53e48fe6a38b39c10f6f709" +checksum = "6a1b95cd5421ec55b445b5ae102f5ea0e768de1f82bd3001e11f426c269c3aea" dependencies = [ "libc", ] @@ -1272,9 +1323,9 @@ checksum = "78ca9ab1a0babb1e7d5695e3530886289c18cf2f87ec19a575a0abdce112e3a3" [[package]] name = "meminterval" -version = "0.4.1" +version = "0.4.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c6f8614cf855d251be1c2138d330c04f134923fddec0dcfc8b6f58ac499bf248" +checksum = "8e0f9a537564310a87dc77d5c88a407e27dd0aa740e070f0549439cfcc68fcfd" dependencies = [ "num-traits", "serde", @@ -1313,19 +1364,6 @@ dependencies = [ "adler2", ] -[[package]] -name = "nix" -version = "0.29.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "71e2746dc3a24dd78b3cfcb7be93368c6de9963d30f43a6a73998a9cf4b17b46" -dependencies = [ - "bitflags", - "cfg-if", - "cfg_aliases", - "libc", - "memoffset", -] - [[package]] name = "nix" version = "0.30.1" @@ -1336,6 +1374,7 @@ dependencies = [ "cfg-if", "cfg_aliases", "libc", + "memoffset", ] [[package]] @@ -1348,17 +1387,6 @@ dependencies = [ "minimal-lexical", ] -[[package]] -name = "num-derive" -version = "0.4.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ed3955f1a9c7c0c15e092f9c887db08b1fc683305fdf6eb6684f22555355e202" -dependencies = [ - "proc-macro2", - "quote", - "syn", -] - [[package]] name = "num-traits" version = "0.2.19" @@ -1404,6 +1432,15 @@ name = "object" version = "0.36.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "62948e14d923ea95ea2c7c86c71013138b66525b86bdc08d2dcc262bdb497b87" +dependencies = [ + "memchr", +] + +[[package]] +name = "object" +version = "0.37.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ff76201f031d8863c38aa7f905eca4f53abbfa15f609db4277d44cd8938f33fe" dependencies = [ "flate2", "memchr", @@ -1563,7 +1600,7 @@ dependencies = [ [[package]] name = "qemu_baremetal" -version = "0.15.2" +version = "0.15.4" dependencies = [ "env_logger", "libafl", @@ -1731,9 +1768,9 @@ checksum = "8a0d197bd2c9dc6e53b84da9556a69ba4cdfab8619eb41a8bd1cc2027a0f6b1d" [[package]] name = "ruzstd" -version = "0.7.3" +version = "0.8.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fad02996bfc73da3e301efe90b1837be9ed8f4a462b6ed410aa35d00381de89f" +checksum = "3640bec8aad418d7d03c72ea2de10d5c646a598f9883c7babc160d91e3c1b26c" dependencies = [ "twox-hash", ] @@ -1770,18 +1807,18 @@ checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49" [[package]] name = "scroll" -version = "0.12.0" +version = "0.13.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6ab8598aa408498679922eff7fa985c25d58a90771bd6be794434c5277eab1a6" +checksum = "c1257cd4248b4132760d6524d6dda4e053bc648c9070b960929bf50cfb1e7add" dependencies = [ "scroll_derive", ] [[package]] name = "scroll_derive" -version = "0.12.1" +version = "0.13.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1783eabc414609e28a5ba76aee5ddd52199f7107a0b24c2e9746a1ecc34a683d" +checksum = "22fc4f90c27b57691bbaf11d8ecc7cfbfe98a4da6dbe60226115d322aa80c06e" dependencies = [ "proc-macro2", "quote", @@ -1951,23 +1988,22 @@ checksum = "7da8b5736845d9f2fcb837ea5d9e2628564b3b043a70948a3f0b778838c5fb4f" [[package]] name = "strum" -version = "0.27.1" +version = "0.27.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f64def088c51c9510a8579e3c5d67c65349dcf755e5479ad3d010aa6454e2c32" +checksum = "af23d6f6c1a224baef9d3f61e287d2761385a5b88fdab4eb4c6f11aeb54c4bcf" dependencies = [ "strum_macros", ] [[package]] name = "strum_macros" -version = "0.27.1" +version = "0.27.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c77a8c5abcaf0f9ce05d62342b7d298c346515365c36b673df4ebe3ced01fde8" +checksum = "7695ce3845ea4b33927c055a39dc438a45b059f7c1b3d91d38d10355fb8cbca7" dependencies = [ "heck", "proc-macro2", "quote", - "rustversion", "syn", ] @@ -2039,12 +2075,11 @@ dependencies = [ [[package]] name = "thread_local" -version = "1.1.8" +version = "1.1.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8b9ef9bad013ada3808854ceac7b46812a6465ba368859a37e2100283d2d719c" +checksum = "f60246a4944f24f6e018aa17cdeffb7818b76356965d03b07d6a9886e8962185" dependencies = [ "cfg-if", - "once_cell", ] [[package]] @@ -2072,13 +2107,9 @@ checksum = "141fb9f71ee586d956d7d6e4d5a9ef8e946061188520140f7591b668841d502e" [[package]] name = "twox-hash" -version = "1.6.3" +version = "2.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "97fee6b57c6a41524a810daee9286c02d7752c4253064d0b05472833a438f675" -dependencies = [ - "cfg-if", - "static_assertions", -] +checksum = "8b907da542cbced5261bd3256de1b3a1bf340a3d37f93425a07362a1d687de56" [[package]] name = "typed-arena" @@ -2151,6 +2182,12 @@ version = "0.2.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ebc1c04c71510c7f702b52b7c350734c9ff1295c464a03335b00bb84fc54f853" +[[package]] +name = "unty" +version = "0.0.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6d49784317cd0d1ee7ec5c716dd598ec5b4483ea832a2dced265471cc0f690ae" + [[package]] name = "utf8parse" version = "0.2.2" @@ -2175,6 +2212,12 @@ version = "0.9.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0b928f33d975fc6ad9f86c8f283853ad26bdd5b10b7f1542aa2fa15e2289105a" +[[package]] +name = "virtue" +version = "0.0.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "051eb1abcf10076295e815102942cc58f9d5e3b4560e46e53c21e8ff6f3af7b1" + [[package]] name = "wait-timeout" version = "0.2.1" @@ -2259,35 +2302,15 @@ dependencies = [ [[package]] name = "which" -version = "7.0.3" +version = "8.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "24d643ce3fd3e5b54854602a080f34fb10ab75e0b813ee32d00ca2b44fa74762" +checksum = "d3fabb953106c3c8eea8306e4393700d7657561cb43122571b172bbfb7c7ba1d" dependencies = [ - "either", "env_home", "rustix", "winsafe", ] -[[package]] -name = "wide" -version = "0.7.32" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "41b5576b9a81633f3e8df296ce0063042a73507636cbe956c61133dd7034ab22" -dependencies = [ - "bytemuck", - "safe_arch", -] - -[[package]] -name = "wide" -version = "0.7.32" -source = "git+https://github.com/Lokathor/wide?rev=71b5df0b2620da753836fafce5f99076181a49fe#71b5df0b2620da753836fafce5f99076181a49fe" -dependencies = [ - "bytemuck", - "safe_arch", -] - [[package]] name = "winapi" version = "0.3.9" diff --git a/fuzzers/full_system/qemu_baremetal/src/fuzzer_breakpoint.rs b/fuzzers/full_system/qemu_baremetal/src/fuzzer_breakpoint.rs index 61b186918aa..7b73a91a467 100644 --- a/fuzzers/full_system/qemu_baremetal/src/fuzzer_breakpoint.rs +++ b/fuzzers/full_system/qemu_baremetal/src/fuzzer_breakpoint.rs @@ -87,9 +87,9 @@ pub fn fuzz() { // The wrapped harness function, calling out to the LLVM-style harness let mut harness = |emulator: &mut Emulator<_, _, _, _, _, _, _>, - state: &mut _, + _state: &mut _, input: &BytesInput| unsafe { - emulator.run(state, input).unwrap().try_into().unwrap() + emulator.run(input).unwrap().try_into().unwrap() }; // Create an observation channel using the coverage map diff --git a/fuzzers/full_system/qemu_baremetal/src/fuzzer_sync_exit.rs b/fuzzers/full_system/qemu_baremetal/src/fuzzer_sync_exit.rs index 5d985f54d1d..cb89fac66e2 100644 --- a/fuzzers/full_system/qemu_baremetal/src/fuzzer_sync_exit.rs +++ b/fuzzers/full_system/qemu_baremetal/src/fuzzer_sync_exit.rs @@ -71,9 +71,9 @@ pub fn fuzz() { // The wrapped harness function, calling out to the LLVM-style harness let mut harness = |emulator: &mut Emulator<_, _, _, _, _, _, _>, - state: &mut _, + _state: &mut _, input: &BytesInput| unsafe { - emulator.run(state, input).unwrap().try_into().unwrap() + emulator.run(input).unwrap().try_into().unwrap() }; // Create an observation channel to keep track of the execution time diff --git a/fuzzers/full_system/qemu_linux_kernel/Cargo.lock b/fuzzers/full_system/qemu_linux_kernel/Cargo.lock index e66fc1b38e1..7f0b9d2446f 100644 --- a/fuzzers/full_system/qemu_linux_kernel/Cargo.lock +++ b/fuzzers/full_system/qemu_linux_kernel/Cargo.lock @@ -7,12 +7,21 @@ name = "addr2line" version = "0.24.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "dfbe277e56a376000877090da837660b4427aad530e3028d44e0bffe4f89a1c1" +dependencies = [ + "gimli 0.31.1", +] + +[[package]] +name = "addr2line" +version = "0.25.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9acbfca36652500c911ddb767ed433e3ed99b032b5d935be73c6923662db1d43" dependencies = [ "cpp_demangle", "fallible-iterator", - "gimli", + "gimli 0.32.0", "memmap2", - "object", + "object 0.37.3", "rustc-demangle", "smallvec", "typed-arena", @@ -155,29 +164,40 @@ version = "0.3.75" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6806a6321ec58106fea15becdad98371e28d92ccbc7c8f1b3b6dd724fe8f1002" dependencies = [ - "addr2line", + "addr2line 0.24.2", "cfg-if", "libc", "miniz_oxide", - "object", + "object 0.36.7", "rustc-demangle", "windows-targets 0.52.6", ] [[package]] name = "bincode" -version = "1.3.3" +version = "2.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b1f45e9417d87227c7a56d22e471c6206462cba514c7590c09aff4cf6d1ddcad" +checksum = "36eaf5d7b090263e8150820482d5d93cd964a81e4019913c972f4edcc6edb740" dependencies = [ + "bincode_derive", "serde", + "unty", +] + +[[package]] +name = "bincode_derive" +version = "2.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bf95709a440f45e986983918d0e8a1f30a9b1df04918fc828670606804ac3c09" +dependencies = [ + "virtue", ] [[package]] name = "bindgen" -version = "0.71.1" +version = "0.72.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5f58bf3d7db68cfbac37cfc485a8d711e87e064c3d0fe0435b92f7a407f9d6b3" +checksum = "4f72209734318d0b619a5e0f5129918b848c416e122a3c4ce054e03cb87b726f" dependencies = [ "bitflags", "cexpr", @@ -417,6 +437,15 @@ dependencies = [ "roff", ] +[[package]] +name = "cmake" +version = "0.1.54" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e7caa3f9de89ddbe2c607f4101924c5abec803763ae9534e4f4d7d8f84aa81f0" +dependencies = [ + "cc", +] + [[package]] name = "cobs" version = "0.2.3" @@ -551,7 +580,7 @@ version = "3.4.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "46f93780a459b7d656ef7f071fe699c4d3d2cb201c4b24d085b6ddc505276e73" dependencies = [ - "nix 0.30.1", + "nix", "windows-sys", ] @@ -725,13 +754,13 @@ checksum = "2acce4a10f12dc2fb14a218589d4f1f62ef011b2d0cc4b3cb1bba8e94da14649" [[package]] name = "fastbloom" -version = "0.9.0" +version = "0.14.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "27cea6e7f512d43b098939ff4d5a5d6fe3db07971e1d05176fe26c642d33f5b8" +checksum = "18c1ddb9231d8554c2d6bdf4cfaabf0c59251658c68b6c95cd52dd0c513a912a" dependencies = [ "getrandom 0.3.3", + "libm", "siphasher", - "wide 0.7.32 (registry+https://github.com/rust-lang/crates.io-index)", ] [[package]] @@ -795,9 +824,9 @@ dependencies = [ [[package]] name = "getset" -version = "0.1.5" +version = "0.1.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f3586f256131df87204eb733da72e3d3eb4f343c639f4b7be279ac7c48baeafe" +checksum = "9cf0fc11e47561d47397154977bc219f4cf809b2974facc3ccb3b89e2436f912" dependencies = [ "proc-macro-error2", "proc-macro2", @@ -810,6 +839,12 @@ name = "gimli" version = "0.31.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "07e28edb80900c19c28f1072f2e8aeca7fa06b23cd4169cefe1af5aa3260783f" + +[[package]] +name = "gimli" +version = "0.32.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "93563d740bc9ef04104f9ed6f86f1e3275c2cdafb95664e26584b9ca807a8ffe" dependencies = [ "fallible-iterator", "stable_deref_trait", @@ -823,9 +858,9 @@ checksum = "a8d1add55171497b4705a648c6b583acafb01d58050a51727785f0b2c8e0a2b2" [[package]] name = "goblin" -version = "0.9.3" +version = "0.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "daa0a64d21a7eb230583b4c5f4e23b7e4e57974f96620f42a7e75e08ae66d745" +checksum = "0e961b33649994dcf69303af6b3a332c1228549e604d455d61ec5d2ab5e68d3a" dependencies = [ "log", "plain", @@ -1037,7 +1072,7 @@ checksum = "441225017b106b9f902e97947a6d31e44ebcf274b91bdbfb51e5c477fcd468e5" [[package]] name = "libafl" -version = "0.15.2" +version = "0.15.4" dependencies = [ "ahash", "arbitrary-int", @@ -1055,7 +1090,7 @@ dependencies = [ "libm", "log", "meminterval", - "nix 0.29.0", + "nix", "num-traits", "postcard", "regex", @@ -1073,7 +1108,7 @@ dependencies = [ [[package]] name = "libafl_bolts" -version = "0.15.2" +version = "0.15.4" dependencies = [ "ahash", "backtrace", @@ -1082,11 +1117,12 @@ dependencies = [ "hashbrown 0.14.5", "hostname", "libafl_derive", + "libafl_wide", "libc", "log", "mach2", "miniz_oxide", - "nix 0.29.0", + "nix", "num_enum", "once_cell", "postcard", @@ -1099,7 +1135,6 @@ dependencies = [ "typeid", "uds", "uuid", - "wide 0.7.32 (git+https://github.com/Lokathor/wide?rev=71b5df0b2620da753836fafce5f99076181a49fe)", "winapi", "windows", "windows-result", @@ -1108,7 +1143,7 @@ dependencies = [ [[package]] name = "libafl_derive" -version = "0.15.2" +version = "0.15.4" dependencies = [ "proc-macro2", "quote", @@ -1117,9 +1152,9 @@ dependencies = [ [[package]] name = "libafl_qemu" -version = "0.15.2" +version = "0.15.4" dependencies = [ - "addr2line", + "addr2line 0.25.0", "bindgen", "bytes-utils", "capstone", @@ -1136,13 +1171,12 @@ dependencies = [ "libafl_qemu_sys", "libafl_targets", "libc", + "libvharness_sys", "log", "meminterval", - "memmap2", - "num-derive", "num-traits", "num_enum", - "object", + "object 0.37.3", "paste", "rangemap", "rustversion", @@ -1151,13 +1185,12 @@ dependencies = [ "strum_macros", "syscall-numbers", "thread_local", - "typed-arena", "typed-builder", ] [[package]] name = "libafl_qemu_build" -version = "0.15.2" +version = "0.15.4" dependencies = [ "bindgen", "cc", @@ -1172,7 +1205,7 @@ dependencies = [ [[package]] name = "libafl_qemu_sys" -version = "0.15.2" +version = "0.15.4" dependencies = [ "libafl_qemu_build", "libc", @@ -1185,7 +1218,7 @@ dependencies = [ [[package]] name = "libafl_targets" -version = "0.15.2" +version = "0.15.4" dependencies = [ "bindgen", "cc", @@ -1194,13 +1227,23 @@ dependencies = [ "libafl_bolts", "libc", "log", - "nix 0.29.0", + "nix", "once_cell", "rangemap", "rustversion", "serde", ] +[[package]] +name = "libafl_wide" +version = "0.7.33" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b2f28d525f6e361b6cd55c0da5347027860a902d638d15194c16dc2f39a5ba9f" +dependencies = [ + "bytemuck", + "safe_arch", +] + [[package]] name = "libc" version = "0.2.172" @@ -1233,6 +1276,14 @@ dependencies = [ "libc", ] +[[package]] +name = "libvharness_sys" +version = "0.15.4" +dependencies = [ + "bindgen", + "cmake", +] + [[package]] name = "linux-raw-sys" version = "0.9.4" @@ -1257,9 +1308,9 @@ checksum = "13dc2df351e3202783a1fe0d44375f7295ffb4049267b0f3018346dc122a1d94" [[package]] name = "mach2" -version = "0.4.2" +version = "0.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "19b955cdeb2a02b9117f121ce63aa52d08ade45de53e48fe6a38b39c10f6f709" +checksum = "6a1b95cd5421ec55b445b5ae102f5ea0e768de1f82bd3001e11f426c269c3aea" dependencies = [ "libc", ] @@ -1272,9 +1323,9 @@ checksum = "78ca9ab1a0babb1e7d5695e3530886289c18cf2f87ec19a575a0abdce112e3a3" [[package]] name = "meminterval" -version = "0.4.1" +version = "0.4.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c6f8614cf855d251be1c2138d330c04f134923fddec0dcfc8b6f58ac499bf248" +checksum = "8e0f9a537564310a87dc77d5c88a407e27dd0aa740e070f0549439cfcc68fcfd" dependencies = [ "num-traits", "serde", @@ -1313,19 +1364,6 @@ dependencies = [ "adler2", ] -[[package]] -name = "nix" -version = "0.29.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "71e2746dc3a24dd78b3cfcb7be93368c6de9963d30f43a6a73998a9cf4b17b46" -dependencies = [ - "bitflags", - "cfg-if", - "cfg_aliases", - "libc", - "memoffset", -] - [[package]] name = "nix" version = "0.30.1" @@ -1336,6 +1374,7 @@ dependencies = [ "cfg-if", "cfg_aliases", "libc", + "memoffset", ] [[package]] @@ -1348,17 +1387,6 @@ dependencies = [ "minimal-lexical", ] -[[package]] -name = "num-derive" -version = "0.4.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ed3955f1a9c7c0c15e092f9c887db08b1fc683305fdf6eb6684f22555355e202" -dependencies = [ - "proc-macro2", - "quote", - "syn", -] - [[package]] name = "num-traits" version = "0.2.19" @@ -1404,6 +1432,15 @@ name = "object" version = "0.36.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "62948e14d923ea95ea2c7c86c71013138b66525b86bdc08d2dcc262bdb497b87" +dependencies = [ + "memchr", +] + +[[package]] +name = "object" +version = "0.37.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ff76201f031d8863c38aa7f905eca4f53abbfa15f609db4277d44cd8938f33fe" dependencies = [ "flate2", "memchr", @@ -1563,7 +1600,7 @@ dependencies = [ [[package]] name = "qemu_linux_kernel" -version = "0.15.2" +version = "0.15.4" dependencies = [ "env_logger", "libafl", @@ -1731,9 +1768,9 @@ checksum = "8a0d197bd2c9dc6e53b84da9556a69ba4cdfab8619eb41a8bd1cc2027a0f6b1d" [[package]] name = "ruzstd" -version = "0.7.3" +version = "0.8.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fad02996bfc73da3e301efe90b1837be9ed8f4a462b6ed410aa35d00381de89f" +checksum = "3640bec8aad418d7d03c72ea2de10d5c646a598f9883c7babc160d91e3c1b26c" dependencies = [ "twox-hash", ] @@ -1770,18 +1807,18 @@ checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49" [[package]] name = "scroll" -version = "0.12.0" +version = "0.13.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6ab8598aa408498679922eff7fa985c25d58a90771bd6be794434c5277eab1a6" +checksum = "c1257cd4248b4132760d6524d6dda4e053bc648c9070b960929bf50cfb1e7add" dependencies = [ "scroll_derive", ] [[package]] name = "scroll_derive" -version = "0.12.1" +version = "0.13.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1783eabc414609e28a5ba76aee5ddd52199f7107a0b24c2e9746a1ecc34a683d" +checksum = "22fc4f90c27b57691bbaf11d8ecc7cfbfe98a4da6dbe60226115d322aa80c06e" dependencies = [ "proc-macro2", "quote", @@ -1951,23 +1988,22 @@ checksum = "7da8b5736845d9f2fcb837ea5d9e2628564b3b043a70948a3f0b778838c5fb4f" [[package]] name = "strum" -version = "0.27.1" +version = "0.27.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f64def088c51c9510a8579e3c5d67c65349dcf755e5479ad3d010aa6454e2c32" +checksum = "af23d6f6c1a224baef9d3f61e287d2761385a5b88fdab4eb4c6f11aeb54c4bcf" dependencies = [ "strum_macros", ] [[package]] name = "strum_macros" -version = "0.27.1" +version = "0.27.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c77a8c5abcaf0f9ce05d62342b7d298c346515365c36b673df4ebe3ced01fde8" +checksum = "7695ce3845ea4b33927c055a39dc438a45b059f7c1b3d91d38d10355fb8cbca7" dependencies = [ "heck", "proc-macro2", "quote", - "rustversion", "syn", ] @@ -2039,12 +2075,11 @@ dependencies = [ [[package]] name = "thread_local" -version = "1.1.8" +version = "1.1.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8b9ef9bad013ada3808854ceac7b46812a6465ba368859a37e2100283d2d719c" +checksum = "f60246a4944f24f6e018aa17cdeffb7818b76356965d03b07d6a9886e8962185" dependencies = [ "cfg-if", - "once_cell", ] [[package]] @@ -2072,13 +2107,9 @@ checksum = "141fb9f71ee586d956d7d6e4d5a9ef8e946061188520140f7591b668841d502e" [[package]] name = "twox-hash" -version = "1.6.3" +version = "2.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "97fee6b57c6a41524a810daee9286c02d7752c4253064d0b05472833a438f675" -dependencies = [ - "cfg-if", - "static_assertions", -] +checksum = "8b907da542cbced5261bd3256de1b3a1bf340a3d37f93425a07362a1d687de56" [[package]] name = "typed-arena" @@ -2151,6 +2182,12 @@ version = "0.2.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ebc1c04c71510c7f702b52b7c350734c9ff1295c464a03335b00bb84fc54f853" +[[package]] +name = "unty" +version = "0.0.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6d49784317cd0d1ee7ec5c716dd598ec5b4483ea832a2dced265471cc0f690ae" + [[package]] name = "utf8parse" version = "0.2.2" @@ -2175,6 +2212,12 @@ version = "0.9.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0b928f33d975fc6ad9f86c8f283853ad26bdd5b10b7f1542aa2fa15e2289105a" +[[package]] +name = "virtue" +version = "0.0.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "051eb1abcf10076295e815102942cc58f9d5e3b4560e46e53c21e8ff6f3af7b1" + [[package]] name = "wait-timeout" version = "0.2.1" @@ -2259,35 +2302,15 @@ dependencies = [ [[package]] name = "which" -version = "7.0.3" +version = "8.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "24d643ce3fd3e5b54854602a080f34fb10ab75e0b813ee32d00ca2b44fa74762" +checksum = "d3fabb953106c3c8eea8306e4393700d7657561cb43122571b172bbfb7c7ba1d" dependencies = [ - "either", "env_home", "rustix", "winsafe", ] -[[package]] -name = "wide" -version = "0.7.32" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "41b5576b9a81633f3e8df296ce0063042a73507636cbe956c61133dd7034ab22" -dependencies = [ - "bytemuck", - "safe_arch", -] - -[[package]] -name = "wide" -version = "0.7.32" -source = "git+https://github.com/Lokathor/wide?rev=71b5df0b2620da753836fafce5f99076181a49fe#71b5df0b2620da753836fafce5f99076181a49fe" -dependencies = [ - "bytemuck", - "safe_arch", -] - [[package]] name = "winapi" version = "0.3.9" diff --git a/fuzzers/full_system/qemu_linux_process/Cargo.lock b/fuzzers/full_system/qemu_linux_process/Cargo.lock index 45c1e21b2a1..c714093008b 100644 --- a/fuzzers/full_system/qemu_linux_process/Cargo.lock +++ b/fuzzers/full_system/qemu_linux_process/Cargo.lock @@ -7,12 +7,21 @@ name = "addr2line" version = "0.24.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "dfbe277e56a376000877090da837660b4427aad530e3028d44e0bffe4f89a1c1" +dependencies = [ + "gimli 0.31.1", +] + +[[package]] +name = "addr2line" +version = "0.25.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9acbfca36652500c911ddb767ed433e3ed99b032b5d935be73c6923662db1d43" dependencies = [ "cpp_demangle", "fallible-iterator", - "gimli", + "gimli 0.32.0", "memmap2", - "object", + "object 0.37.3", "rustc-demangle", "smallvec", "typed-arena", @@ -155,29 +164,40 @@ version = "0.3.75" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6806a6321ec58106fea15becdad98371e28d92ccbc7c8f1b3b6dd724fe8f1002" dependencies = [ - "addr2line", + "addr2line 0.24.2", "cfg-if", "libc", "miniz_oxide", - "object", + "object 0.36.7", "rustc-demangle", "windows-targets 0.52.6", ] [[package]] name = "bincode" -version = "1.3.3" +version = "2.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b1f45e9417d87227c7a56d22e471c6206462cba514c7590c09aff4cf6d1ddcad" +checksum = "36eaf5d7b090263e8150820482d5d93cd964a81e4019913c972f4edcc6edb740" dependencies = [ + "bincode_derive", "serde", + "unty", +] + +[[package]] +name = "bincode_derive" +version = "2.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bf95709a440f45e986983918d0e8a1f30a9b1df04918fc828670606804ac3c09" +dependencies = [ + "virtue", ] [[package]] name = "bindgen" -version = "0.71.1" +version = "0.72.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5f58bf3d7db68cfbac37cfc485a8d711e87e064c3d0fe0435b92f7a407f9d6b3" +checksum = "4f72209734318d0b619a5e0f5129918b848c416e122a3c4ce054e03cb87b726f" dependencies = [ "bitflags", "cexpr", @@ -417,6 +437,15 @@ dependencies = [ "roff", ] +[[package]] +name = "cmake" +version = "0.1.54" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e7caa3f9de89ddbe2c607f4101924c5abec803763ae9534e4f4d7d8f84aa81f0" +dependencies = [ + "cc", +] + [[package]] name = "cobs" version = "0.2.3" @@ -551,7 +580,7 @@ version = "3.4.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "46f93780a459b7d656ef7f071fe699c4d3d2cb201c4b24d085b6ddc505276e73" dependencies = [ - "nix 0.30.1", + "nix", "windows-sys", ] @@ -725,13 +754,13 @@ checksum = "2acce4a10f12dc2fb14a218589d4f1f62ef011b2d0cc4b3cb1bba8e94da14649" [[package]] name = "fastbloom" -version = "0.9.0" +version = "0.14.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "27cea6e7f512d43b098939ff4d5a5d6fe3db07971e1d05176fe26c642d33f5b8" +checksum = "18c1ddb9231d8554c2d6bdf4cfaabf0c59251658c68b6c95cd52dd0c513a912a" dependencies = [ "getrandom 0.3.3", + "libm", "siphasher", - "wide 0.7.32 (registry+https://github.com/rust-lang/crates.io-index)", ] [[package]] @@ -795,9 +824,9 @@ dependencies = [ [[package]] name = "getset" -version = "0.1.5" +version = "0.1.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f3586f256131df87204eb733da72e3d3eb4f343c639f4b7be279ac7c48baeafe" +checksum = "9cf0fc11e47561d47397154977bc219f4cf809b2974facc3ccb3b89e2436f912" dependencies = [ "proc-macro-error2", "proc-macro2", @@ -810,6 +839,12 @@ name = "gimli" version = "0.31.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "07e28edb80900c19c28f1072f2e8aeca7fa06b23cd4169cefe1af5aa3260783f" + +[[package]] +name = "gimli" +version = "0.32.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "93563d740bc9ef04104f9ed6f86f1e3275c2cdafb95664e26584b9ca807a8ffe" dependencies = [ "fallible-iterator", "stable_deref_trait", @@ -823,9 +858,9 @@ checksum = "a8d1add55171497b4705a648c6b583acafb01d58050a51727785f0b2c8e0a2b2" [[package]] name = "goblin" -version = "0.9.3" +version = "0.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "daa0a64d21a7eb230583b4c5f4e23b7e4e57974f96620f42a7e75e08ae66d745" +checksum = "0e961b33649994dcf69303af6b3a332c1228549e604d455d61ec5d2ab5e68d3a" dependencies = [ "log", "plain", @@ -1037,7 +1072,7 @@ checksum = "441225017b106b9f902e97947a6d31e44ebcf274b91bdbfb51e5c477fcd468e5" [[package]] name = "libafl" -version = "0.15.2" +version = "0.15.4" dependencies = [ "ahash", "arbitrary-int", @@ -1055,7 +1090,7 @@ dependencies = [ "libm", "log", "meminterval", - "nix 0.29.0", + "nix", "num-traits", "postcard", "regex", @@ -1073,7 +1108,7 @@ dependencies = [ [[package]] name = "libafl_bolts" -version = "0.15.2" +version = "0.15.4" dependencies = [ "ahash", "backtrace", @@ -1082,11 +1117,12 @@ dependencies = [ "hashbrown 0.14.5", "hostname", "libafl_derive", + "libafl_wide", "libc", "log", "mach2", "miniz_oxide", - "nix 0.29.0", + "nix", "num_enum", "once_cell", "postcard", @@ -1099,7 +1135,6 @@ dependencies = [ "typeid", "uds", "uuid", - "wide 0.7.32 (git+https://github.com/Lokathor/wide?rev=71b5df0b2620da753836fafce5f99076181a49fe)", "winapi", "windows", "windows-result", @@ -1108,7 +1143,7 @@ dependencies = [ [[package]] name = "libafl_derive" -version = "0.15.2" +version = "0.15.4" dependencies = [ "proc-macro2", "quote", @@ -1117,9 +1152,9 @@ dependencies = [ [[package]] name = "libafl_qemu" -version = "0.15.2" +version = "0.15.4" dependencies = [ - "addr2line", + "addr2line 0.25.0", "bindgen", "bytes-utils", "capstone", @@ -1136,13 +1171,12 @@ dependencies = [ "libafl_qemu_sys", "libafl_targets", "libc", + "libvharness_sys", "log", "meminterval", - "memmap2", - "num-derive", "num-traits", "num_enum", - "object", + "object 0.37.3", "paste", "rangemap", "rustversion", @@ -1151,13 +1185,12 @@ dependencies = [ "strum_macros", "syscall-numbers", "thread_local", - "typed-arena", "typed-builder", ] [[package]] name = "libafl_qemu_build" -version = "0.15.2" +version = "0.15.4" dependencies = [ "bindgen", "cc", @@ -1172,7 +1205,7 @@ dependencies = [ [[package]] name = "libafl_qemu_sys" -version = "0.15.2" +version = "0.15.4" dependencies = [ "libafl_qemu_build", "libc", @@ -1185,7 +1218,7 @@ dependencies = [ [[package]] name = "libafl_targets" -version = "0.15.2" +version = "0.15.4" dependencies = [ "bindgen", "cc", @@ -1194,13 +1227,23 @@ dependencies = [ "libafl_bolts", "libc", "log", - "nix 0.29.0", + "nix", "once_cell", "rangemap", "rustversion", "serde", ] +[[package]] +name = "libafl_wide" +version = "0.7.33" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b2f28d525f6e361b6cd55c0da5347027860a902d638d15194c16dc2f39a5ba9f" +dependencies = [ + "bytemuck", + "safe_arch", +] + [[package]] name = "libc" version = "0.2.172" @@ -1233,6 +1276,14 @@ dependencies = [ "libc", ] +[[package]] +name = "libvharness_sys" +version = "0.15.4" +dependencies = [ + "bindgen", + "cmake", +] + [[package]] name = "linux-raw-sys" version = "0.9.4" @@ -1257,9 +1308,9 @@ checksum = "13dc2df351e3202783a1fe0d44375f7295ffb4049267b0f3018346dc122a1d94" [[package]] name = "mach2" -version = "0.4.2" +version = "0.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "19b955cdeb2a02b9117f121ce63aa52d08ade45de53e48fe6a38b39c10f6f709" +checksum = "6a1b95cd5421ec55b445b5ae102f5ea0e768de1f82bd3001e11f426c269c3aea" dependencies = [ "libc", ] @@ -1272,9 +1323,9 @@ checksum = "78ca9ab1a0babb1e7d5695e3530886289c18cf2f87ec19a575a0abdce112e3a3" [[package]] name = "meminterval" -version = "0.4.1" +version = "0.4.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c6f8614cf855d251be1c2138d330c04f134923fddec0dcfc8b6f58ac499bf248" +checksum = "8e0f9a537564310a87dc77d5c88a407e27dd0aa740e070f0549439cfcc68fcfd" dependencies = [ "num-traits", "serde", @@ -1313,19 +1364,6 @@ dependencies = [ "adler2", ] -[[package]] -name = "nix" -version = "0.29.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "71e2746dc3a24dd78b3cfcb7be93368c6de9963d30f43a6a73998a9cf4b17b46" -dependencies = [ - "bitflags", - "cfg-if", - "cfg_aliases", - "libc", - "memoffset", -] - [[package]] name = "nix" version = "0.30.1" @@ -1336,6 +1374,7 @@ dependencies = [ "cfg-if", "cfg_aliases", "libc", + "memoffset", ] [[package]] @@ -1348,17 +1387,6 @@ dependencies = [ "minimal-lexical", ] -[[package]] -name = "num-derive" -version = "0.4.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ed3955f1a9c7c0c15e092f9c887db08b1fc683305fdf6eb6684f22555355e202" -dependencies = [ - "proc-macro2", - "quote", - "syn", -] - [[package]] name = "num-traits" version = "0.2.19" @@ -1404,6 +1432,15 @@ name = "object" version = "0.36.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "62948e14d923ea95ea2c7c86c71013138b66525b86bdc08d2dcc262bdb497b87" +dependencies = [ + "memchr", +] + +[[package]] +name = "object" +version = "0.37.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ff76201f031d8863c38aa7f905eca4f53abbfa15f609db4277d44cd8938f33fe" dependencies = [ "flate2", "memchr", @@ -1563,7 +1600,7 @@ dependencies = [ [[package]] name = "qemu_linux_process" -version = "0.15.2" +version = "0.15.4" dependencies = [ "env_logger", "libafl", @@ -1731,9 +1768,9 @@ checksum = "8a0d197bd2c9dc6e53b84da9556a69ba4cdfab8619eb41a8bd1cc2027a0f6b1d" [[package]] name = "ruzstd" -version = "0.7.3" +version = "0.8.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fad02996bfc73da3e301efe90b1837be9ed8f4a462b6ed410aa35d00381de89f" +checksum = "3640bec8aad418d7d03c72ea2de10d5c646a598f9883c7babc160d91e3c1b26c" dependencies = [ "twox-hash", ] @@ -1770,18 +1807,18 @@ checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49" [[package]] name = "scroll" -version = "0.12.0" +version = "0.13.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6ab8598aa408498679922eff7fa985c25d58a90771bd6be794434c5277eab1a6" +checksum = "c1257cd4248b4132760d6524d6dda4e053bc648c9070b960929bf50cfb1e7add" dependencies = [ "scroll_derive", ] [[package]] name = "scroll_derive" -version = "0.12.1" +version = "0.13.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1783eabc414609e28a5ba76aee5ddd52199f7107a0b24c2e9746a1ecc34a683d" +checksum = "22fc4f90c27b57691bbaf11d8ecc7cfbfe98a4da6dbe60226115d322aa80c06e" dependencies = [ "proc-macro2", "quote", @@ -1951,23 +1988,22 @@ checksum = "7da8b5736845d9f2fcb837ea5d9e2628564b3b043a70948a3f0b778838c5fb4f" [[package]] name = "strum" -version = "0.27.1" +version = "0.27.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f64def088c51c9510a8579e3c5d67c65349dcf755e5479ad3d010aa6454e2c32" +checksum = "af23d6f6c1a224baef9d3f61e287d2761385a5b88fdab4eb4c6f11aeb54c4bcf" dependencies = [ "strum_macros", ] [[package]] name = "strum_macros" -version = "0.27.1" +version = "0.27.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c77a8c5abcaf0f9ce05d62342b7d298c346515365c36b673df4ebe3ced01fde8" +checksum = "7695ce3845ea4b33927c055a39dc438a45b059f7c1b3d91d38d10355fb8cbca7" dependencies = [ "heck", "proc-macro2", "quote", - "rustversion", "syn", ] @@ -2039,12 +2075,11 @@ dependencies = [ [[package]] name = "thread_local" -version = "1.1.8" +version = "1.1.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8b9ef9bad013ada3808854ceac7b46812a6465ba368859a37e2100283d2d719c" +checksum = "f60246a4944f24f6e018aa17cdeffb7818b76356965d03b07d6a9886e8962185" dependencies = [ "cfg-if", - "once_cell", ] [[package]] @@ -2072,13 +2107,9 @@ checksum = "141fb9f71ee586d956d7d6e4d5a9ef8e946061188520140f7591b668841d502e" [[package]] name = "twox-hash" -version = "1.6.3" +version = "2.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "97fee6b57c6a41524a810daee9286c02d7752c4253064d0b05472833a438f675" -dependencies = [ - "cfg-if", - "static_assertions", -] +checksum = "8b907da542cbced5261bd3256de1b3a1bf340a3d37f93425a07362a1d687de56" [[package]] name = "typed-arena" @@ -2151,6 +2182,12 @@ version = "0.2.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ebc1c04c71510c7f702b52b7c350734c9ff1295c464a03335b00bb84fc54f853" +[[package]] +name = "unty" +version = "0.0.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6d49784317cd0d1ee7ec5c716dd598ec5b4483ea832a2dced265471cc0f690ae" + [[package]] name = "utf8parse" version = "0.2.2" @@ -2175,6 +2212,12 @@ version = "0.9.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0b928f33d975fc6ad9f86c8f283853ad26bdd5b10b7f1542aa2fa15e2289105a" +[[package]] +name = "virtue" +version = "0.0.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "051eb1abcf10076295e815102942cc58f9d5e3b4560e46e53c21e8ff6f3af7b1" + [[package]] name = "wait-timeout" version = "0.2.1" @@ -2259,35 +2302,15 @@ dependencies = [ [[package]] name = "which" -version = "7.0.3" +version = "8.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "24d643ce3fd3e5b54854602a080f34fb10ab75e0b813ee32d00ca2b44fa74762" +checksum = "d3fabb953106c3c8eea8306e4393700d7657561cb43122571b172bbfb7c7ba1d" dependencies = [ - "either", "env_home", "rustix", "winsafe", ] -[[package]] -name = "wide" -version = "0.7.32" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "41b5576b9a81633f3e8df296ce0063042a73507636cbe956c61133dd7034ab22" -dependencies = [ - "bytemuck", - "safe_arch", -] - -[[package]] -name = "wide" -version = "0.7.32" -source = "git+https://github.com/Lokathor/wide?rev=71b5df0b2620da753836fafce5f99076181a49fe#71b5df0b2620da753836fafce5f99076181a49fe" -dependencies = [ - "bytemuck", - "safe_arch", -] - [[package]] name = "winapi" version = "0.3.9" diff --git a/fuzzers/structure_aware/baby_fuzzer_custom_input/Cargo.lock b/fuzzers/structure_aware/baby_fuzzer_custom_input/Cargo.lock index df86e94728c..7966440d8fe 100644 --- a/fuzzers/structure_aware/baby_fuzzer_custom_input/Cargo.lock +++ b/fuzzers/structure_aware/baby_fuzzer_custom_input/Cargo.lock @@ -77,11 +77,22 @@ dependencies = [ [[package]] name = "bincode" -version = "1.3.3" +version = "2.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b1f45e9417d87227c7a56d22e471c6206462cba514c7590c09aff4cf6d1ddcad" +checksum = "36eaf5d7b090263e8150820482d5d93cd964a81e4019913c972f4edcc6edb740" dependencies = [ + "bincode_derive", "serde", + "unty", +] + +[[package]] +name = "bincode_derive" +version = "2.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bf95709a440f45e986983918d0e8a1f30a9b1df04918fc828670606804ac3c09" +dependencies = [ + "virtue", ] [[package]] @@ -213,13 +224,13 @@ dependencies = [ [[package]] name = "fastbloom" -version = "0.9.0" +version = "0.14.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "27cea6e7f512d43b098939ff4d5a5d6fe3db07971e1d05176fe26c642d33f5b8" +checksum = "18c1ddb9231d8554c2d6bdf4cfaabf0c59251658c68b6c95cd52dd0c513a912a" dependencies = [ "getrandom", + "libm", "siphasher", - "wide 0.7.32 (registry+https://github.com/rust-lang/crates.io-index)", ] [[package]] @@ -289,7 +300,7 @@ dependencies = [ [[package]] name = "libafl" -version = "0.15.2" +version = "0.15.4" dependencies = [ "ahash", "arbitrary-int", @@ -325,7 +336,7 @@ dependencies = [ [[package]] name = "libafl_bolts" -version = "0.15.2" +version = "0.15.4" dependencies = [ "ahash", "backtrace", @@ -334,6 +345,7 @@ dependencies = [ "hashbrown", "hostname", "libafl_derive", + "libafl_wide", "libc", "log", "mach2", @@ -351,7 +363,6 @@ dependencies = [ "typeid", "uds", "uuid", - "wide 0.7.32 (git+https://github.com/Lokathor/wide?rev=71b5df0b2620da753836fafce5f99076181a49fe)", "winapi", "windows", "windows-result", @@ -360,13 +371,23 @@ dependencies = [ [[package]] name = "libafl_derive" -version = "0.15.2" +version = "0.15.4" dependencies = [ "proc-macro2", "quote", "syn", ] +[[package]] +name = "libafl_wide" +version = "0.7.33" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b2f28d525f6e361b6cd55c0da5347027860a902d638d15194c16dc2f39a5ba9f" +dependencies = [ + "bytemuck", + "safe_arch", +] + [[package]] name = "libc" version = "0.2.172" @@ -397,9 +418,9 @@ checksum = "13dc2df351e3202783a1fe0d44375f7295ffb4049267b0f3018346dc122a1d94" [[package]] name = "mach2" -version = "0.4.2" +version = "0.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "19b955cdeb2a02b9117f121ce63aa52d08ade45de53e48fe6a38b39c10f6f709" +checksum = "6a1b95cd5421ec55b445b5ae102f5ea0e768de1f82bd3001e11f426c269c3aea" dependencies = [ "libc", ] @@ -412,9 +433,9 @@ checksum = "78ca9ab1a0babb1e7d5695e3530886289c18cf2f87ec19a575a0abdce112e3a3" [[package]] name = "meminterval" -version = "0.4.1" +version = "0.4.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c6f8614cf855d251be1c2138d330c04f134923fddec0dcfc8b6f58ac499bf248" +checksum = "8e0f9a537564310a87dc77d5c88a407e27dd0aa740e070f0549439cfcc68fcfd" dependencies = [ "num-traits", "serde", @@ -440,9 +461,9 @@ dependencies = [ [[package]] name = "nix" -version = "0.29.0" +version = "0.30.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "71e2746dc3a24dd78b3cfcb7be93368c6de9963d30f43a6a73998a9cf4b17b46" +checksum = "74523f3a35e05aba87a1d978330aef40f67b0304ac79c1c00b294c9830543db6" dependencies = [ "bitflags", "cfg-if", @@ -784,6 +805,12 @@ version = "0.2.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ebc1c04c71510c7f702b52b7c350734c9ff1295c464a03335b00bb84fc54f853" +[[package]] +name = "unty" +version = "0.0.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6d49784317cd0d1ee7ec5c716dd598ec5b4483ea832a2dced265471cc0f690ae" + [[package]] name = "uuid" version = "1.17.0" @@ -802,6 +829,12 @@ version = "0.9.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0b928f33d975fc6ad9f86c8f283853ad26bdd5b10b7f1542aa2fa15e2289105a" +[[package]] +name = "virtue" +version = "0.0.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "051eb1abcf10076295e815102942cc58f9d5e3b4560e46e53c21e8ff6f3af7b1" + [[package]] name = "wait-timeout" version = "0.2.1" @@ -878,25 +911,6 @@ dependencies = [ "unicode-ident", ] -[[package]] -name = "wide" -version = "0.7.32" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "41b5576b9a81633f3e8df296ce0063042a73507636cbe956c61133dd7034ab22" -dependencies = [ - "bytemuck", - "safe_arch", -] - -[[package]] -name = "wide" -version = "0.7.32" -source = "git+https://github.com/Lokathor/wide?rev=71b5df0b2620da753836fafce5f99076181a49fe#71b5df0b2620da753836fafce5f99076181a49fe" -dependencies = [ - "bytemuck", - "safe_arch", -] - [[package]] name = "winapi" version = "0.3.9" diff --git a/scripts/publish.sh b/scripts/publish.sh index 0caabed59c3..ab1a78f5f2f 100755 --- a/scripts/publish.sh +++ b/scripts/publish.sh @@ -119,6 +119,12 @@ popd || exit 1 sleep 20 +pushd crates/libafl_qemu/libvharness +cargo publish "$@" +popd || exit 1 + +sleep 20 + pushd crates/libafl_qemu/libafl_qemu_runner cargo publish "$@" popd || exit 1 \ No newline at end of file diff --git a/scripts/update_bindings.sh b/scripts/update_bindings.sh index 911467e827d..47c5eeda5c2 100755 --- a/scripts/update_bindings.sh +++ b/scripts/update_bindings.sh @@ -6,6 +6,6 @@ SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" &>/dev/null && pwd)" cd "$SCRIPT_DIR/.." || exit 1 # Update LibAFL QEMU bindings -pushd libafl_qemu - LIBAFL_QEMU_GEN_STUBS=1 cargo +nightly build || exit 1 +pushd crates/libafl_qemu + LIBVHARNESS_GEN_STUBS=1 LIBAFL_QEMU_GEN_STUBS=1 cargo +nightly build || exit 1 popd \ No newline at end of file diff --git a/utils/ci_splitter/src/main.rs b/utils/ci_splitter/src/main.rs index fe71a4f81d7..9cafb45f5ec 100644 --- a/utils/ci_splitter/src/main.rs +++ b/utils/ci_splitter/src/main.rs @@ -41,7 +41,7 @@ fn main() -> Result<(), Box> { --exclude-features=prelude,python,sancov_pcguard_edges,arm,aarch64,i386,be,systemmode,whole_archive \ --no-dev-deps --exclude libafl_libfuzzer --exclude libafl_qemu --exclude libafl_qemu_sys --exclude libafl_asan_libc --print-command-list; ", "DOCS_RS=1 cargo hack check -p libafl_qemu -p libafl_qemu_sys --each-feature --clean-per-run \ - --exclude-features=prelude,python,sancov_pcguard_edges,arm,aarch64,i386,be,systemmode,whole_archive,slirp,intel_pt,intel_pt_export_raw \ + --exclude-features=prelude,python,sancov_pcguard_edges,arm,aarch64,i386,be,systemmode,whole_archive,slirp,intel_pt,intel_pt_export_raw,nyx \ --no-dev-deps --features usermode --print-command-list" ); diff --git a/utils/libafl_repo_tools/Cargo.lock b/utils/libafl_repo_tools/Cargo.lock index d9716abf7d4..615745c5298 100644 --- a/utils/libafl_repo_tools/Cargo.lock +++ b/utils/libafl_repo_tools/Cargo.lock @@ -212,7 +212,7 @@ checksum = "7943c866cc5cd64cbc25b2e01621d07fa8eb2a1a23160ee81ce38704e97b8ecf" [[package]] name = "libafl_repo_tools" -version = "0.15.3" +version = "0.15.4" dependencies = [ "clap", "colored",