Bump LibAFL to 0.15.2 with Rust 2024

Author: poemonsense

Cargo.toml

@@ -1,7 +1,7 @@
 [package]
 name = "xfuzz"
 version = "0.1.0"
-edition = "2021"
+edition = "2024"
 description = "Fuzzing General-Purpose Hardware Designs with Software Fuzzers"
 
 [features]

LibAFL

@@ -1,3 +1,5 @@
+use std::sync::{Mutex, OnceLock};
+
 /**
  * Copyright (c) 2023 Institute of Computing Technology, Chinese Academy of Sciences
  * xfuzz is licensed under Mulan PSL v2.
@@ -59,24 +61,38 @@ impl Coverage {
     }
 }
 
-static mut ICOVERAGE: Option<Coverage> = None;
+static ICOVERAGE: OnceLock<Mutex<Coverage>> = OnceLock::new();
 
+/// Call this once, right after your C test‑bench has told you how many
+/// counters are present.
 pub(crate) fn cover_init() {
-    unsafe { ICOVERAGE = Some(Coverage::new(get_cover_number() as usize)) };
+    let cover = Coverage::new(unsafe { get_cover_number() as usize });
+    // `set` returns Err if it was already initialised; handle that however
+    // you prefer (here we just ignore the second call).
+    let _ = ICOVERAGE.set(Mutex::new(cover));
+}
+
+fn cov() -> std::sync::MutexGuard<'static, Coverage> {
+    ICOVERAGE
+        .get()
+        .expect("cover_init() not called")
+        .lock()
+        .expect("poisoned mutex")
 }
 
 pub(crate) fn cover_len() -> usize {
-    unsafe { ICOVERAGE.as_ref().unwrap().len() }
+    cov().len()
 }
 
 pub(crate) fn cover_as_mut_ptr() -> *mut i8 {
-    unsafe { ICOVERAGE.as_ref().unwrap().as_mut_ptr() }
+    let guard = cov();
+    guard.as_mut_ptr().cast::<i8>()
 }
 
 pub(crate) fn cover_accumulate() {
-    unsafe { ICOVERAGE.as_mut().unwrap().accumulate() }
+    cov().accumulate()
 }
 
 pub(crate) fn cover_display() {
-    unsafe { ICOVERAGE.as_ref().unwrap().display() }
+    cov().display()
 }

src/coverage.rs

@@ -17,11 +17,11 @@ use crate::coverage::*;
 use crate::harness;
 use crate::monitor;
 
+use libafl::StdFuzzer;
 use libafl::prelude::*;
 use libafl::schedulers::QueueScheduler;
 use libafl::stages::StdMutationalStage;
 use libafl::state::StdState;
-use libafl::StdFuzzer;
 use libafl_bolts::{current_nanos, rands::StdRand, tuples::tuple_list};
 
 pub(crate) fn run_fuzzer(

src/fuzzer.rs

@@ -1,3 +1,5 @@
+use std::sync::{Mutex, OnceLock};
+
 /**
  * Copyright (c) 2023 Institute of Computing Technology, Chinese Academy of Sciences
  * xfuzz is licensed under Mulan PSL v2.
@@ -21,7 +23,7 @@ use crate::monitor::store_testcase;
 use libafl::prelude::*;
 use libc::*;
 
-extern "C" {
+unsafe extern "C" {
     pub fn sim_main(argc: c_int, argv: *const *const c_char) -> c_int;
 
     pub fn get_cover_number() -> c_uint;
@@ -37,15 +39,20 @@ extern "C" {
     pub fn disable_sim_verbose();
 }
 
-static mut SIM_ARGS: Vec<String> = vec![];
+static SIM_ARGS: OnceLock<Mutex<Vec<String>>> = OnceLock::new();
 
 fn sim_run(workload: &String) -> i32 {
     // prepare the simulation arguments in Vec<String> format
     let mut sim_args: Vec<String> = vec!["emu".to_string(), "-i".to_string(), workload.to_string()]
         .iter()
         .map(|s| s.to_string())
         .collect();
-    unsafe { sim_args.extend(SIM_ARGS.iter().cloned()) };
+    let guard = SIM_ARGS
+        .get()
+        .expect("SIM_ARGS not initialized")
+        .lock()
+        .unwrap();
+    sim_args.extend(guard.iter().cloned());
 
     // convert the simulation arguments into c_char**
     let sim_args: Vec<_> = sim_args
@@ -150,9 +157,7 @@ pub(crate) fn set_sim_env(
         unsafe { MAX_RUNS = max_runs.unwrap() };
     }
 
-    unsafe {
-        SIM_ARGS = emu_args;
-    }
+    let _ = SIM_ARGS.set(Mutex::new(emu_args));
 
     cover_init();
 }

src/harness.rs

@@ -49,7 +49,7 @@ struct Arguments {
     extra_args: Vec<String>,
 }
 
-#[no_mangle]
+#[unsafe(no_mangle)]
 fn main() -> i32 {
     let args = Arguments::parse();
 

src/lib.rs

@@ -43,7 +43,9 @@ pub fn store_testcases(
         } else {
             -1
         };
-        println!("Corpus {id}: exec_time {exec_time}, scheduled_count {scheduled_count}, parent_id {parent_id}");
+        println!(
+            "Corpus {id}: exec_time {exec_time}, scheduled_count {scheduled_count}, parent_id {parent_id}"
+        );
         let x = testcase.input().as_ref().unwrap();
         store_testcase(x, &output_dir, Some(id.to_string()));
     }