Releases: AFLplusplus/LibAFL
Releases · AFLplusplus/LibAFL
0.14.0
Highlights
libafl-fuzz(afl-fuzz clone in LibAFL) almost fully-featured (GSoC of @R9295)libafl-ptNew crate to use IntelPt for coverage tracing (GSoC of @Marcondiro)LibAFL_FRIDA: Added scripting support and update to FRIDA 16.5.6LibAFL_QEMU: RISC-V support, example for kernel fuzzing and update to QEMU 9.1.1- Python grammar support for Nautilus
- Havoc mutation support for custom structured inputs (and subparts thereof)
- Binary-only utils
libafl_jumper,drcov-merge, addDrCovReaderclass - Memfd backend for
ShMem - Restructured
fuzzersexamle directory for easy browsing
What's Changed
- It's frida time for libafl-fuzz by @R9295 in #2469
- Update AsanBacktrace documentation by @maxammann in #2377
- libafl: Implement FeedbackFactory for {Const,Not}Feedback by @dergoegge in #2478
- libafl-fuzz: Introduce Support for QEMU mode by @R9295 in #2481
- Qemu native hooks refactoring by @rmalmain in #2480
- qemu: Add QemuConfig to set qemu args via a struct by @Marcondiro in #2339
- Make pcs_init compatible with multiple DSOs by @addisoncrump in #2488
- Custom QEMU emulator typed builder + ExitHandler / Commands refactoring by @rmalmain in #2486
- Check markdown links validity in CI by @rmalmain in #2495
- bolts: Support dump_registers on Windows/x86 and Windows/aarch64 and fix sig_ign on Windows/x86 by @xdqi in #2494
- Libafl-fuzz: introduce unicorn mode by @R9295 in #2499
- Multi machine follow-up by @rmalmain in #2334
- Better error when non required pass failed to build by @tokatoka in #2509
- Rename
HasCurrentStagetoHasCurrentStageIdfor Consistency by @domenukk in #2514 - Add StdState::nop() for simple state creation, make CI happy again on latest nightly. by @domenukk in #2521
- Update execs/sec display by @20urc3 in #2524
- Small improvements to the devcontainer by @Nereuxofficial in #2522
- Change Qemu hook signature by @tokatoka in #2527
- Add
avoid_crashoption to scheduler by @tokatoka in #2530 - Improving Handling of Custom Inputs by @riesentoaster in #2422
- No Uses* (again) by @tokatoka in #2537
- Reducing type parameters and bounds from Scheduler by @tokatoka in #2544
- Make LibAFL-fuzz build on MacOS by @domenukk in #2549
- No more (direct) mutable references to mutable statics by @domenukk in #2550
- Make map size mismatch return a proper error instead of abort by @domenukk in #2553
- Use
constto Inform CmpLog Replacements by @DanBlackwell in #2528 - Only track stability for runs that did not timeout by @nbars in #2561
- Linux kernel fuzzing example by @rmalmain in #2496
- Clippy more by @domenukk in #2562
- Change action for MD link checks by @rmalmain in #2563
- Move linkspector config file out of workflow dir by @rmalmain in #2565
- No Uses* for Corpus, Mutators by @tokatoka in #2547
- Update README.md by @20urc3 in #2518
- Mark unsafe functions unsafe, as Ferris intended by @domenukk in #2559
- libafl multimachine: disable ratelimiting by @rmalmain in #2558
- Addr filter update helper functions by @rmalmain in #2575
- Do not embed client exec count in testcase and objective by @rmalmain in #2582
- Discard non-new testcase events for multi-machine messages by @rmalmain in #2583
- Rand below should take a NonZero parameter by @domenukk in #2519
- Versioning unification, dependencies update, logging optimization by @rmalmain in #2560
- Change fuzzbench_qemu fuzzer by @tokatoka in #2520
- Update frida to 0.14.0 by @rmalmain in #2596
- Remove useless allocation in colorization stage by @rmalmain in #2598
- Add option for ASAN log dumping by @henryhchchc in #2600
- Don't do generalization on large inputs. by @tokatoka in #2603
- Qemu_Launcher: Move all target-specific code to harness.rs by @domenukk in #2605
- Add DrCov rerun option to QEMU_Launcher by @domenukk in #2607
- Update qemu by @rmalmain in #2609
- Remove prelude from default features by @domenukk in #2608
- Add LibAFL_Jumper util by @domenukk in #2594
- libafl_qemu: unset thumb bit for breakpoints by @rmalmain in #2619
- Support on_crash & on_timeout callbacks for libafl_qemu modules by @rmalmain in #2620
- bolts: Simplify definition of
nonzero!macro by @langston-barrett in #2624 - Add TargetBytesConverter to allow Nautilus for ForkserverExecutor by @domenukk in #2630
- Avoid using feature flags and env variable to set the same parameter pt.1 emulation_mode by @Marcondiro in #2512
- LibAFL_Frida: add scripting support by @WorksButNotTested in #2506
- libafl-fuzz: separate frida build + cmplog debug by @R9295 in #2591
- Add Python Grammar Loader for Nautilus by @R9295 in #2635
- Feature: Make executors and feedbacks easier to use outside of the fuzzing loop (extends #2511) by @domenukk in #2637
- libafl_qemu: Add RISCV support by @saibotk in #2367
- frida: bump version by @s1341 in #2640
- libafl_qemu: fix RISC-V port issues by @rmalmain in #2642
- Remove serde_json dependency from libafl_bolts by @domenukk in #2639
- libafl_qemu: update qemu to v9.1.1 by @rmalmain in #2636
- Add taplo to pre-commit by @Marcondiro in #2646
- Moving ShMem persisting to take an owned value by @riesentoaster in #2649
- Implement From LibAFL Error for Qemu Error by @rmalmain in #2641
- Add RISCV support in
libafl_qemu.hby @nine-point-eight-p in #2380 - Use a proper pre-commit hook for taplo fmt by @Marcondiro in #2650
- Compile-time edge module compilation check, native support for ConstMapObserver by @rmalmain in #2592
- better definition for PROFILE_DIR in all Makefile.toml files by @jejuisland87654 in #2658
- Update hashbrown requirement from 0.14.5 to 0.15.1 by @dependabot in #2660
- Clean up clippy warnings in fuzzers/binary_only/* by @BAGUVIX456 in #2662
- Core::errors::Error is stable now by @domenukk in #2664
- Custom Executor Example by @domenukk in #2570
- Add memfd shmem backend by @bernhl in #2647
- Set rlimit to inifinity for core dumps if AFL_DEBUG=1 by @R9295 in #2643
- Replace addr_of with &raw across the codebase by @domenukk in #2669
- Introducing Launcher::overcommit, improving CI formatting by @riesentoaster in #2670
- Lower capped RAND generators by @CowBoy4mH3LL in #2671
- How about using workspace version in packages? by @Marcondiro in #2682
- LibAFL_QEMU: Don't return a generic Address ...
Contributors
domenukk, maxammann, and 30 other contributors
Assets 2
0.13.2
Highlights
- GsoC: Added libafl-fuzz, afl-fuzz in LibAFL
- Forkserver: New AFL++ CmpLog map support with much better results (needs latest afl-cc 4.22a or later)
- Crashes can now be stored in the normal corpus for
InProcessExecutors - libafl_bolts: Added
find_new_files_recto find new files after a given timestamp andSliceReader - libafl_qemu: Renamed QemuHelpers to QemuModules, hooks refactoring
- Restructured the ./fuzzers folder
What's Changed
- Improved documentation for fuzzers/cargo_fuzz and dynamic_analysis by @Nereuxofficial in #2350
- LibAFL QEMU readme by @andreafioraldi in #2351
- Rename some functions in fuzzer.rs by @tokatoka in #2355
- Make llvm pass build feature dependent by @tokatoka in #2357
- Add Stoppable trait to State which exposes an API to stop the fuzzer by @R9295 in #2325
- Fix missing -use_value_profile flag in libafl_libfuzzer by @andreafioraldi in #2363
- Wrap metadata elements in Cow by @Nereuxofficial in #2364
- Add documentation for InProcessForkExecutor by @maxammann in #2378
- doc: Listing mutators in the module documentation by @Nereuxofficial in #2369
- Introduce TuiMonitor builder by @domenukk in #2385
- Replace uses std HashMap with hashbrown for consistency by @domenukk in #2387
- Adding Function to Make MmapShMem Persist by @riesentoaster in #2390
- Add interesting crashing input on crash by @tokatoka in #2391
- Remove release_max_level_info from log by @domenukk in #2396
- Template out libafl_libfuzzer by @addisoncrump in #2398
- Introduce libafl-fuzz by @R9295 in #2362
- Expose find_new_files_rec in libafl_bolts::fs by @domenukk in #2404
- fix incorrect interval check in sync from disk stage by @R9295 in #2408
- impl HasEventManagerId for LlmpRestartingEventManager by @m-gsch in #2406
- Corpus pruning stage by @tokatoka in #2399
- Better errors for empty registry in AnyMap by @domenukk in #2405
- Introduce Persistent Record for libafl-fuzz by @R9295 in #2411
- Renamed QemuHelpers to QemuModules by @rmalmain in #2267
- Change Corpus Pruning algorithm by @tokatoka in #2418
- Restructure the fuzzers folder by @rmalmain in #2409
- update function from _libafl_exit_call2 to _libafl_sync_exit_call2 by @scottmpowell in #2392
- frida: make hooks thread local by @s1341 in #2429
- Added a tolower implementation in libqasan by @Zofyan in #2421
- Format all
.tomls withtaplo fmtby @Mrmaxmeier in #2436 - Add Taplo check to CI by @domenukk in #2451
- Cmplog bytes without alloc by @domenukk in #2442
- Cheap reader for bytes slice by @rmalmain in #2261
- libafl_qemu: Continue build with outdated LLVM, ignore TUI race conditions by @domenukk in #2461
- misc libafl-fuzz improvements by @R9295 in #2463
- Remove libfuzzer-best recommendation by @addisoncrump in #2466
Fixes
- Make sure inmemory_ondisk corpus catches filesystem errors correctly by @domenukk in #2361
- Documentation fix in 'Design' > 'Architecture' by @0vercl0k in #2412
- Fix autotokens by @tokatoka in #2407
- fix qemu_launcher by moving stop request handling to fuzz_one by @R9295 in #2394
- LibAFL QEMU fix failing Doc-tests by @Marcondiro in #2354
- tui: make client bottom layouts visible again by @saibotk in #2368
- Don't panic even if bitmap is zero in calibrate.rs by @tokatoka in #2419
- Fix cmin by @tokatoka in #2420
- Fix baby fuzzer tui by @tokatoka in #2425
- Fix cmplog implementation by @R9295 in #2439
- doc: fixed instruction in CONTRIBUTING.md by @Nereuxofficial in #2359
- fix: Added corpus for dynamic_analysis fuzzer by @Nereuxofficial in #2360
- libqasan: Add missing return to qasan_swap by @dergoegge in #2416
- Always update testcase.file_path in InMemoryOnDiskCorpus by @tokatoka in #2432
- Fix markdown issue in fuzzers/libpng/libfuzzer_libpng_cmin/README.md by @SpiritSeal in #2437
- Fix dead link in docs by @kevin-valerio in #2452
- bolts fix build warning with missing doc comment for haiku by @devnexen in #2455
- libafl-fuzz: fix invalid short param for input_ext by @R9295 in #2456
New Contributors
- @saibotk made their first contribution in #2368
- @m-gsch made their first contribution in #2406
- @0vercl0k made their first contribution in #2412
- @scottmpowell made their first contribution in #2392
- @Zofyan made their first contribution in #2421
- @SpiritSeal made their first contribution in #2437
- @kevin-valerio made their first contribution in #2452
Full Changelog: 0.13.1...0.13.2
Contributors
domenukk, maxammann, and 19 other contributors
Assets 2
0.13.1
Highlights
- Introduced
stable_anymap, a stable (between recompilations) serialization format for the fuzzer state - Important stage restart fix where the fuzzer may have gotten stuck after a crash
- Added @rmalmain as official contributor focussing on libafl_qemu
What's Changed
- Fix publish errors by @andreafioraldi in #2313
- Format desyscall by @tokatoka in #2316
- Fix typos by @czxvan in #2320
- Update meminterval requirement from 0.3 to 0.4 by @dependabot in #2317
- Don't build desyscall on win by @tokatoka in #2321
- Tree-shaped multi-machine fuzzing by @rmalmain in #2302
- Fix sync stage by @tokatoka in #2326
- Fix typos by @czxvan in #2327
- Address comments from #2302 by @domenukk in #2322
- Delete wrong exec count increment by @tokatoka in #2330
- Call all Ids
id, notidxby @domenukk in #2319 - Don't restart in deterministic stages. Don't restart where there's no restart safety. Make stage names unique by @tokatoka in #2331
- Fix LlmpEventManager not calling hooks pre_exec by @R9295 in #2333
- bolts: haiku build fix. by @devnexen in #2335
- baby_fuzzer_wasm fix by @tokatoka in #2336
- bolts: fix warning about
error_in_corenow stable by @Marcondiro in #2337 - Fix unsafe_stable_anymap, rename to stable_anymap (it's safe) by @domenukk in #2338
- Re-Rename Retrying Restart Helper by @domenukk in #2340
- Make ddg map compilation optional by @domenukk in #2341
- Fixing receiver_left()/memory leak in llmp.rs by @tokatoka in #2344
- Fix LLVMFuzzerCustomMutator with different sizes by @domenukk in #2347
- Delete introspection feature from libafl_libfuzzer by @tokatoka in #2349
- 0.13.1 by @tokatoka in #2343
New Contributors
Full Changelog: 0.13.0...0.13.1
Contributors
domenukk, rmalmain, and 7 other contributors
Assets 2
0.13.0
Highlights
- DDFuzz integration in libafl_cc
- libafl_nyx update to latest NYX
- GenStage, a stage for generational fuzzing
- Stable
type_eq - Non-AGPL version of Nautilus grammar fuzzer
What's Changed
- Readme update by @tokatoka in #2046
- bolts: core affinity simplification for freebsd. by @devnexen in #2049
- Debugging tips by @tokatoka in #2048
- Rework of libafl_qemu configuration by @rmalmain in #2054
- DDFuzz by @tokatoka in #2056
- Fix some missing tracking hints by @addisoncrump in #2058
- Debugging upd by @tokatoka in #2062
- Missing tracking hints (oops) by @addisoncrump in #2063
- Split edges_map_size and edges_map_size_alloc by @tokatoka in #2012
- Pr/fixing forkserver libafl cc by @mkravchik in #2066
- Fix main not passing CI tests by @rmalmain in #2075
- Fixing the inconsistency btw #2012 and #2066 by @mkravchik in #2074
- Fix main not passing CI tests V2 by @rmalmain in #2076
- Use tee, not redirect by @addisoncrump in #2078
- Update libafl_nyx to newest qemu-nyx and nyx-packer by @GanbaruTobi in #2070
- Revert splitting libafl_edges_map_max and libafl_edges_map_in_use by @tokatoka in #2079
- Fix libfuzzer by simply adding the needed feature by @addisoncrump in #2080
- Implement
Hashfor MapObserver by @edwin1729 in #1989 - Revert "Revert splitting libafl_edges_map_max and libafl_edges_map_in_use" by @tokatoka in #2082
- Add a warning to say never use EDGES_MAP.len() by @tokatoka in #2083
- cargo-fuzz testing by @addisoncrump in #2081
- Faster cargo check by @tokatoka in #2084
- Fix typo in setup_libxml2.sh by @GanbaruTobi in #2088
- Run qemu_systemmode tests with self-hosted runners by @rmalmain in #2018
- Only run QEMU tests if there is a QEMU-related change. by @rmalmain in #2090
- Fix #1932 by @tokatoka in #2089
- Fix cached corpus in frida_libpng by @tokatoka in #2091
- Fix failing filter action in CI by @rmalmain in #2092
- Symcc Update by @tokatoka in #2047
- libafl_bolts: some improvements to the
randsmodule by @flyingmutant in #2086 - Add FeedbackFactory implementations for CrashFeedback, CombinedFeedback and DiffFeedback. by @djoooooe in #2060
- Introduce AFL_EXIT_ON_SEED_ISSUES by @R9295 in #2085
- Add TypeRefCreator trait by @tokatoka in #2065
- refactor(snapshot.rs): use const generics by @vringar in #2069
- libafl_bolts: more
randsimprovements by @flyingmutant in #2096 - Rename from ReReference to Reference by @tokatoka in #2099
- Small refactoring of libafl_qemu structure by @rmalmain in #2098
- Split android and ios tests by @addisoncrump in #2106
- Remove jobs dependency in CI by @tokatoka in #2108
- Add recv_blocking_with_flags by @addisoncrump in #2102
- add crash_exitcode to Forkserver to accomodate AFL_CRASH_EXITCODE by @R9295 in #2107
- Batch timeout fix? by @tokatoka in #2109
- Match by Ref fix by @addisoncrump in #2105
- Allow for AsIter(Mut)/AsSlice(Mut) to be implemented in safe Rust by @langston-barrett in #2120
- Restrict more on edges map API by @tokatoka in #2117
- libafl_bolts:
randssuper mega ultra giga house cleaning of doom by @flyingmutant in #2123 - Improve
OnDiskTOMLMonitorby @clesmian in #2125 - Fix Ctrl-C Handler by @tokatoka in #2124
- Change centralized launcher signature by @tokatoka in #2094
- Qemu update to latest version + various fixes by @rmalmain in #2119
- add mmap hooks to libqasan by @cube0x8 in #2122
- ctrl c handler fix for non-fork mode by @tokatoka in #2132
- Fix QEMU doc not building (again) by @rmalmain in #2130
- Allow setting stdout_file in non-fork launcher by @vringar in #2127
- Fix QEMU systemmode fuzzers exit code by @rmalmain in #2133
- Fix DDFuzz instrumentation by @tokatoka in #2134
- Making CommandExecutor generic on the specific Input by @riesentoaster in #2129
- Penalize testcase that has found objectives by @tokatoka in #2093
GenStage: A stage for generational (e.g., black-box) fuzzers by @langston-barrett in #2137- Fix incrementing
found_objectiveby @tokatoka in #2139 - Rename Reference to Handle by @tokatoka in #2142
- Separate map observers by @tokatoka in #2143
- Add windows test & ci & fix by @tokatoka in #2144
- Answer "How to leave TUI screen" by @tokatoka in #2146
- Qemu ctrl c exit by @tokatoka in #2147
- Add null ptr to devices vector by @cube0x8 in #2141
- QEMU generic memory iterator by @rmalmain in #2148
- Change special exitcode from 137 to 9 in simple.rs too by @tokatoka in #2153
- Stable type_eq by @addisoncrump in #2150
- Rename Handler -> Handled, various other cleanups after #2142 by @domenukk in #2152
- bolts: Fix minibsod build on apple by @devnexen in #2155
- Fix libafl_libfuzzer's compatibility with LLVM 14 by @maxammann in #2136
- cfg fixup by @addisoncrump in #2154
- Adding ExitCodeObserver and ExitSignalObserver by @riesentoaster in #2138
- Revert "Adding ExitCodeObserver and ExitSignalObserver" by @tokatoka in #2157
- bolts: Fix feature name in assert (
serde{,any}_autoreg) by @langston-barrett in #2160 - Add qemu runtime defs for aarch64 by @twizmwazin in #2151
- minibsod apple using mach's crate instead. by @devnexen in #2162
- Generate QEMU stub bindings less aggressively by @rmalmain in #2164
- Clippy for Apple after #2162 by @domenukk in #2166
- Remove observer_stdout/observer_stderr from Observer trait by @tokatoka in #2167
- Dependabot by @tokatoka in #2168
- Update zip requirement from 0.6 to 1.2 by @dependabot in #2169
- Fix regex fixing generated bindings for QEMU by @rmalmain in #2163
- Revert "Update zip requirement from 0.6 to 1.2" by @domenukk in #2174
- Fix MacOS CI race condition by @domenukk in #2176
- Update which requirement from 4.4 to 6.0 by @dependabot in #2172
- Update serial_test requirement from 2 to 3 by @dependabot in #2171
- Update capstone requirement from 0.11.0 to 0.12.0 by @dependabot in #2170
- Windows frida support by @s1341 in #1607
- Regenerate QEMU binding stubs only for newer versions of the nightly compiler by @rmalmain in #2177
- Add client_stats to OnDiskJSONMoni...
Contributors
flyingmutant, domenukk, and 24 other contributors
Assets 2
0.12.0
Highlights
- API for multithreaded initial seed corpus loading
- Initial seed corpus entries are kept for splicing
- Stages and Mutators can now be provided as a dynamic
Vec - Stages resume after crashes and timeout
- Multipart Input support
- LibAFL_Bolts: performant
get_or_insert_withAPI for AnyMap/Metadata - LibAFL_Targets: Exposing pcguard's PC-Table
- LibAFL_Libfuzzer: MacOS support
- libAFL_QEMU: Injection fuzzing and massive rework overall
- LibAFL_Frida: Binary-only Cmplog support for x64
- LibAFL_Tinyinst: Linux instrumentation support
API changes
- Replaced TimeoutExecutor with a timeout in each executor
- Removed python bindings for most parts of the lib (LibAFL_sugar and LibAFL_QEMU remain)
- LLMP Client timeout removed, clients manually unregister on exit now
- Turning on and off tracking of novelties and indexes is now enforced with the
CanTracktrait to be less error-prone - Instead of providing the current testcase and current stage id everywhere, this information is now available in the
State
What's Changed
- bolts/minibsod adding openbsd arm64 part by @devnexen in #1724
- QEMU filtering rework + paging filtering by @rmalmain in #1705
- Use latest AFLplusplus/symcc by @tokatoka in #1749
- Ignore SigPipe by default by @domenukk in #1741
- Enabling DrCov on Windows by @mkravchik in #1765
- Dedup common code in scheduler by @tokatoka in #1702
- Safe access to QEMU's
Emulatorstruct by @rmalmain in #1763 - Add mute_inprocess_target fn, SimpleFdLogger::set_logger, and more by @domenukk in #1754
- Check canonicalized_module_path before used by @bet4it in #1767
- Multipart Input support by @addisoncrump in #1617
- Resumable stages redux by @addisoncrump in #1780
- libafl_qemu injections by @vanhauser-thc in #1743
- libafl_frida: Add tests for ASan for Unix platforms by @mkravchik in #1781
- Don't use assert fail when building on libafl_libfuzzer on windows by @tokatoka in #1792
- libafl_frida: Make cmplog work on x64 by @expend20 in #1713
- Remove unnecessary PartialEq trait constraint on DiffFeedback observers by @djoooooe in #1811
- Refactor InProcessExecutor, merge timeout executors by @tokatoka in #1789
- QEMU: safe linking of extern "C" declarations by @rmalmain in #1810
- Add SimpleMgr feature to qemu_launcher by @domenukk in #1790
- Allow corpus removal during main fuzz loop by @hgarrereyn in #1717
- Expose PCs table. by @mvanotti in #1812
- QEMU: add injections mode default by @domenukk in #1818
- Remove
create_serde_registry_for_traitmacro by @skoriop in #1815 - Default
ignore_*flags to true whentui=1by @skoriop in #1820 - Delete TimeoutForkserverExecutor by @tokatoka in #1819
- libafl_libfuzzer: macOS build support by @sameer in #1711
- HookId trait and types in libafl_qemu by @rbran in #1796
- Configurable LLMP client timeout by @rmalmain in #1838
- Remove unused shmem structs, update Nix by @domenukk in #1845
- Getter for mutable reference to forkserver by @tbethe in #1849
- Make cmp_extend_encoding panic-less by @tokatoka in #1857
- Disable
af-xdpfrom QEMU default config by @rmalmain in #1846 - feature(libqasan): add asprintf and vasprintf by @rbran in #1844
- feature(libqasan): add strndup by @rbran in #1860
- Companion patch to qemu-libafl-bridge #46 by @cube0x8 in #1830
- Finalize macOS support for libafl_libfuzzer by @sameer in #1843
- Support raw byte grammar in NautilusContext by @sadeli413 in #1868
- Less useless allocs for monitor display by @domenukk in #1874
- Add several warnings when starting forkserver by @tokatoka in #1877
- Make NopState public so that it can be used as reproducer by @addisoncrump in #1888
- Implement
RetryProgressfor limiting retry attempts in stages by @addisoncrump in #1890 - Sancov based ngram & ctx implementation by @tokatoka in #1864
- update libfuzzer docs about macos by @addisoncrump in #1903
- TransferFeedback for determining if a testcase was from another node by @addisoncrump in #1906
- Implement MutatorTuple for Vecs to allow Dynamic Mutator Choices by @domenukk in #1893
- Print PID when you create a new Llmp Sender. by @tokatoka in #1898
- Make executor state available to the harness V2 by @rmalmain in #1900
- Improve readability of InProcessExecutor-related code by @rmalmain in #1912
- fuzzbench_ctx: fix duplicate package warning by @Mrmaxmeier in #1918
- token mutations: avoid a few infallible unwraps by @Mrmaxmeier in #1919
- introduce multicore load initial corpus by @R9295 in #1905
- Allow dyn in StagesTuple, add Current Testcase API, Untraitify Progress by @domenukk in #1915
- Event Manager handle_in_client hooks by @tokatoka in #1916
- Tiny optimization for into_vec by @domenukk in #1931
- Remove some arguments from pre_exec/post_exec in ExecutorHook by @tokatoka in #1933
- Remove (almost) unused stage_idx by @domenukk in #1929
- Update exec counts in objective by @tokatoka in #1945
- Better error message instead of "No entries in corpus" by @tokatoka in #1948
- Rename OSError -> OsError and merge with redundant Error::File by @domenukk in #1944
- Remove useless feedback by @tokatoka in #1953
- Upgrade automaton files by @michael-yxchen in #1956
- Update tinyinst_simple to support Linux (#1316) by @am009 in #1955
- SerdeAnyMap: add
unsafe_stable_anymapfeature that usestype_nameinstead ofTypeId::ofby @domenukk in #1952 - Remove hash for AnyMap (since it's a HashMap already) by @domenukk in #1951
- Change AnyMap API, add unsafe_ assert by @domenukk in #1958
- More usable ListFeedback by @tokatoka in #1959
- Use OwnedPtr in ListObserver by @tokatoka in #1961
- libafl_nyx: Allow custom input buffer size to be passed to
NyxHelperby @l4yton in #1960 - WIP: QEMU exit handler by @rmalmain in #1745
- libafl_nyx: Add documentation to
NyxSettingsfields by @l4yton in #1962 - libafl_nyx: Add bounds check for Nyx input buffer by @l4yton in #1963
- Increase llmp timeout & Print PID in logger by @tokatoka in #1970
- Inline cmplog internal functions code by @tokatoka in #1972
- Make fuzzer examples's argument parser tell that --input is mandatory by @tokatoka in #1973
- Add
MutatedTransformto the input type inTMinMutationalStage(#1251) by @am009 in #1971 - Clean up warnings in baby_fuzzers by @Marcondiro in #1981
- Add backdoors to portable header file of LibAFL QEMU. by @rmalmain in #1978
- Add unsafe to AsanErrorsObserver, fix UBs, fix Frida Version missmatch by @domenukk in #1987
- Update setup_libxml2.sh of nyx_libxml2_standalone fuzzer by @GanbaruTobi in #1990
- Use n...
Contributors
domenukk, mvanotti, and 39 other contributors
Assets 2
0.11.2
Highlights
- Unicode-preserving mutators
- Reworked Tui (GSoC project by @ToSeven)
- Scalability introspector
- Larger
libafl_fridarework, replaced capstone with yaxpeax in many places - Extended
libafl_qemufeatures, added CmpLog and more
What's Changed
- bolts write_minibsod solaris version. by @devnexen in #1494
- Add embed-runtime feature by @novafacing in #1489
- implement the AFL-Style Tui by @ToSeven in #1432
- reduce memory usage of the
construct_automatascript by @lenawanel in #1481 - add the metrics(pending,pend_fav, own_finds,imported) by @ToSeven in #1351
- remove
libafl/src/feedbacks/owned.rsby @lenawanel in #1508 - Add an example fuzzer with AFL-Style UI by @ToSeven in #1501
- Apparently
cargo:errordoes nothing by @elnardu in #1517 - Rework Frida instrumentation to decouple it from FuzzerOptions and add FridaInstrumentationHelperBuilder by @fabianfreyer in #1523
- Remove check and error when both fuzz_time and iters passed by @beyretb in #1531
- feat(frida): Allow setting path for DrCovRuntime by @fabianfreyer in #1536
- Change profiles for the fuzzbench fuzzers. by @tokatoka in #1546
- Some AFL UI example fuzzer cleanup by @domenukk in #1529
- Don't send unstable entries if there's nothing by @tokatoka in #1552
- libafl_ar: add extensions by @s1341 in #1568
- windows: Support
LIBAFL_DEBUG_OUTPUTby @s1341 in #1569 - Qemu features3 by @WorksButNotTested in #1538
- frida-asan: move to mmap-rs by @s1341 in #1570
- Write coverage for QEMU into separate files by @WorksButNotTested in #1571
- Added qemu_cmin by @WorksButNotTested in #1572
- Make fuzzbench debugging easier by @tokatoka in #1574
- Use /dev/urandom for probing the valid memory by @tokatoka in #1586
- libafl_libfuzzer: documentation and build script by @addisoncrump in #1596
- Make Signals compatible with nix, implement TryFrom<&str> by @domenukk in #1599
- Add OptionalStage by @domenukk in #1600
- chore(drcov_rt): remove unused a field and methods by @saruman9 in #1601
- added ninja-build and python3-venv as dependencies by @cube0x8 in #1604
- Call the original QEMU user crash handler in libafl_qemu by @andreafioraldi in #1575
- Add executions count at proper places by @tokatoka in #1608
- Fuzz_loop should not return CorpusId by @domenukk in #1606
- Refactor cmplog observers by @tokatoka in #1603
- Document how to use cpp() and optimize() by @tokatoka in #1615
- New logo in the book by @andreafioraldi in #1618
- Autodetect llvm-config for QEMU bindings generation by @andreafioraldi in #1610
- Break on timeout in QEMU system mode by @andreafioraldi in #1619
- Add iter() to owned slice by @andreafioraldi in #1620
- Rename option name by @tokatoka in #1623
- Add SplitBorrow trait to split borrow tuple_list elements by @andreafioraldi in #1624
- Rename more options by @tokatoka in #1626
- Update llvm ver in Dockerfile by @tokatoka in #1629
- CmpLog {Instruction, Switches} pass by @tokatoka in #1612
- updated rust container image + default nightly by @cube0x8 in #1631
- Update LibAFL concolic by @tokatoka in #1634
- QEMU Asan backtrace and report by @andreafioraldi in #1628
- [WithObservers] Call the wrapped observer's post run function by @anneborcherding in #1640
- Add post_run for shadow executor by @tokatoka in #1641
- bolts: beginning of haiku support. by @devnexen in #1643
- Improve the libafl_libfuzzer corpus by @addisoncrump in #1539
- bolts haiku, addressing clippy warnings by @devnexen in #1647
- Add Android Ashmem stub header to libafl_targets forkserver.c by @domenukk in #1648
- Allow MinimizerScheduler to not cleanup the metadata after use by @beyretb in #1658
- Remove debug log by @beyretb in #1659
- Allow compiling 32bit by @s1341 in #1666
- Support precompiled headers in clang/ar wrappers by @s1341 in #1668
- refactor: Remove unnecessary Debug trait bounds by @mlgiraud in #1667
- Avoid lagged receiver in TCP manager by @andreafioraldi in #1672
- Add CmpLog routines to LibAFL QEMU and various fixes by @andreafioraldi in #1664
- Update libfuzer libpng launcher to use compound configurations by @s1341 in #1676
- bolts for haiku update. by @devnexen in #1673
- Add whole-archive feature to libafl_targets by @addisoncrump in #1544
- libafl_libfuzzer: rename all symbols by @addisoncrump in #1565
- Unicode-preserving mutators by @addisoncrump in #1542
- Add arg for profile in libafl_libfuzzer build.sh by @addisoncrump in #1680
- Scalability introspector + State refactor by @tokatoka in #1674
- scalability monitor 2nd by @tokatoka in #1685
- Monitor refactor + add aggregator by @tokatoka in #1671
- QEMU Synchronous Exit + Syx Snapshot update by @rmalmain in #1681
- Refactor QEMU hooks by @andreafioraldi in #1690
- Update qemu-libafl-bridge by @rmalmain in #1697
- bolts: support dump_registers for x86 linux by @Mrmaxmeier in #1694
- JIT fast path for edge cov hooks in libafl_qemu by @andreafioraldi in #1696
- Add Features for C Targets by @novafacing in #1663
- libafl_cc custom llvm_config lookup for solaris/illumos by @devnexen in #1708
- libafl: forkserver in persistent mode bug by @tbethe in #1715
- Adding support for shutdown upon Ctrl+C on Windows for LLMP by @mkravchik in #1704
- Add Resource by Jordan Whitehead by @tokatoka in #1718
- Make inner value of llmp Flags pub by @G33KatWork in #1725
- Remove capstone from frida [x86_64] by @tokatoka in #1720
- Remove capstone from frida [aarch64] by @mineo333 in #1723
- Last cleanup after decapstone by @tokatoka in #1727
- use yaxpeax-x86 version from crates.io instead of direct git dep by @iximeow in #1733
- Add file descriptor logger by @domenukk in #1742
FIxes
- ForkserverExecutor: stop forked children on exit by @domenukk in #1493
- bolts linux arm64 clippy fix build. by @devnexen in #1496
- bolts core affinity illumos clippy fixes. by @devnexen in #1497
- Fixed libafl_atheris Makefile and reading of input flag by @eceo902 in #1499
- Fix memopidx bug in libafl_qemu r/w hooks and update QEMU by @andreafioraldi in #1500
- openbsd (snapshot) bolts clippy fix by @devnexen in #1502
- Fix missing usage of saved_tree in AsanGiovese by @andreafioraldi in #1506
- Fix linkage on arm macs when buildi...
Contributors
G33KatWork, domenukk, and 26 other contributors
Assets 2
0.11.1
What's Changed
- Fix doc for publish by @andreafioraldi in #1472
- Fix libafl_libfuzzer publish by @andreafioraldi in #1475
- Introduce document-features feature by @domenukk in #1477
- remove unneeded loop in
SpliceMutator::mutateby @lenawanel in #1471 - Add readmes by @andreafioraldi in #1476
- Fix document_features for libafl_libfuzzer by @domenukk in #1480
- bolts: Make xxh3 hashing optional with
xxh3feature flag (else useahashfor everything) by @domenukk in #1478 - Update LibAFL_CC README.md by @kiwids0220 in #1483
- bolts: Fix shmem leak when Drop-ing CommonUnixShMem by @xdqi in #1484
- Document LIBAFL_DEBUG_OUTPUT in Launcher by @domenukk in #1485
- Fixes for serdeany_autoreg by @addisoncrump in #1479
- Fix TuneableMutationalStage _std function generics by @domenukk in #1486
- fix frida build for linux arm64 by @devnexen in #1487
- Update from unmaintained tui-rs to ratatui by @novafacing in #1488
- Fix clippy lint in libafl_libfuzzer by @andreafioraldi in #1490
- Bump to 0.11.1 by @andreafioraldi in #1491
New Contributors
- @kiwids0220 made their first contribution in #1483
- @xdqi made their first contribution in #1484
Full Changelog: 0.11.0...0.11.1
Contributors
domenukk, xdqi, and 6 other contributors
Assets 2
0.11.0
Highlights
- libafl_qemu update to QEMU 8
- Hexagon support in libafl_qemu
libafl::boltsmoved to its own crate, libafl_bolts: use bolts for other projects- libafl_libfuzzer runtime with full libfuzzer compatibility: replace any libfuzzer with LibAFL
- noaslr and gdb_qemu utilities
- Updated FRIDA
What's Changed
- Post gen by @WorksButNotTested in #1282
- Allow multiple source file in libafl_cc by @tokatoka in #1296
- Update to QEMU 8 by @andreafioraldi in #1299
- Add sample fuzzer which collects DrCov coverage for various architectures by @WorksButNotTested in #1300
- Make it possible to escape from simple event restarter by @addisoncrump in #1303
- Give baby fuzzer listings unique package names by @kokkonisd in #1307
- libafl_cc: add override env vars by @s1341 in #1310
- Add TcpEventManager by @domenukk in #1302
- Trigger feedback side effects during force-loading by @Andrew-Fryer in #1317
- Add feature to build variants/configurations automatically, with libtool/cc/cxx shims by @s1341 in #1322
- Insert into corpus if feedback is_interesting on crash/timeout by @s1341 in #1327
- Extend **qemu_launcher ** to support multiple architectures by @WorksButNotTested in #1328
- Added gdb_qemu utility by @WorksButNotTested in #1331
- Added noaslr by @WorksButNotTested in #1333
- util/noaslr porting to FreeBSD (the non-lib part). by @devnexen in #1337
- AFL++ redqueen update by @tokatoka in #1291
- Hexagon support by @ifratric in #1323
- Make harness function take mut ref by @novafacing in #1338
- Algorithm to choose to serialize the observers or not by @andreafioraldi in #1227
- Arch independent helpers in libafl_qemu by @WorksButNotTested in #1355
- update ForkserverBytesCoverageSugar to use parse_afl_cmdline by @epi052 in #1343
- libnoaslr freebsd implementation proposal. by @devnexen in #1361
- noaslr disable aslr for dragonflybsd. by @devnexen in #1364
- Add RefCellValueObserver by @addisoncrump in #1363
- Launcher: Allow setting a distinct stderr redirect by @s1341 in #1329
- libnoaslr netbsd implementation proposal by @devnexen in #1366
- Make all no_mangle fns extern "C" by @domenukk in #1369
- noaslr netbsd implementation proposal by @devnexen in #1371
- read_time_counter port for the RISCV family. by @devnexen in #1378
- Extract linker args when building QEMU by @andreafioraldi in #1377
- libafl_qemu snapshot device filter by @andreafioraldi in #1386
- Named Mutators and MultiMutator API change by @domenukk in #1387
- Less unsafe
type_eqin stable by @domenukk in #1392 - Move Bolts to
libafl_boltsby @domenukk in #1335 - Book: Info about how to migrate to 0.11 by @domenukk in #1395
- libafl_cc sanitizer using hwasan on Linux/Android arm64 which is usua… by @devnexen in #1399
- Add
serdeany_autoregfeature flag to allow disablingctoruse by @domenukk in #1398 - Make bolts work without alloc by @domenukk in #1401
- Removed unused intrinsics features by @domenukk in #1404
- Remove unused owned (for now) by @domenukk in #1405
- update documentation of
PowerQueueScheduler::on_addby @lenawanel in #1409 - Remove dead code for better semantic compliance by @mark0-cn in #1411
- Add
serdeany_autoregtolibafl_qemuby @d0ntrash in #1416 - Add serdeany_autoreg to libafl_frida by @domenukk in #1417
- minibsod::generate_minibsod openbsd's implementation proposal by @devnexen in #1420
- Add more libafl_qemu archs to libafl_sugar by @domenukk in #1419
- update documentation of
feedbacks::map::OneOrFilledIsNovelby @lenawanel in #1423 - write_minibsod apple implementation proposal. by @devnexen in #1425
- Update frida by @domenukk in #1408
- Allow the FridaInProcessExecutor to attach Stalker on specific thread by @r4ve1 in #1256
- bolts write_minibsod netbsd implementation. by @devnexen in #1428
- Make CmpValues Clone by @novafacing in #1439
- Reset headers with a memcpy, not an assign from zeroed by @novafacing in #1443
- qemu snapshot little update proposal. by @devnexen in #1431
- Use postcard with default-features = false by @Manishearth in #1446
- qemu handy cpu page size call proposal. by @devnexen in #1433
- Add bolts::math, make functions const, cleanup by @domenukk in #1444
- Allow multiple tuneable mutational stages by @wtdcode in #1437
- Allow setting the max iterations by @wtdcode in #1436
- Document features by @domenukk in #1453
- Full libfuzzer shimming (for cargo-fuzz libfuzzer alternative and other use cases) by @addisoncrump in #981
- Create _std public methods on TunableMutationalStage by @domenukk in #1458
- Prep for publishing libafl_libfuzzer by @addisoncrump in #1457
- bolts: disable build for rust < 1.70 proposal. by @devnexen in #1460
- Add generic cmp observer metadata, rename cmp observers, fix cmplogmap reset by @novafacing in #1461
- llmp update proposal. by @devnexen in #1465
- Update FreeBSD on CI by @devnexen in #1463
- Replace binary search with stdlib by @domenukk in #1466
- Add Broker.peek_next_client_id by @domenukk in #1468
- Less pub in LLMP by @domenukk in #1470
- Bump to 0.11.0 by @andreafioraldi in #1469
Fixes
- Ignore UTF-8 errors by @WorksButNotTested in #1403
- Fix for CommandExecutor when using InputLocation::StdIn (issue #1306) by @DanBlackwell in #1308
- Fix AnyMap for TypeIds with 128 bit by @domenukk in #1311
- Fixes offset math in Frida Offset Checks by @WilliamParks in #1314
- Fixed Forkserver shmem input length, made it configurable by @domenukk in #1342
- Fix build/clippy errors and update CASR by @addisoncrump in #1375
- fix(libafl): update Z3 dependency by @saruman9 in #1372
- fix riscv(32) tick reading albeit it passes with gcc it does not with… by @devnexen in #1381
- Fix generic hooks bug in libafl_qemu by @andreafioraldi in #1382
- Fix UB in frida fuzzers by @Mrmaxmeier in #1385
- ControlFlowGraph::calculate_difference_all_edges build warning fix. by @devnexen in #1390
- fix bolts build, intrinsics is an internal feature. by @devnexen in #1402
- bolts fix musl build. by @devnexen in #1421
- minibsod, fix clippy warning on generate_minibsod function's complexity by @devnexen in #1424
- Fix LLMP p2p + restart bug with CentralizedE...
Contributors
domenukk, mvanotti, and 21 other contributors
Assets 2
0.10.1
Highlights
- libafl_cc pass to dump the whole program CFG
- Centralized event manager with main-secondary architecture
- MiniBSoD support for more BSDs
- General fuzzing improvements
What's Changed
- Centralized Testcase evaluation EventManager by @andreafioraldi in #1216
- Dump whole program's CFG pass by @tokatoka in #1226
- add the version information of LibAFL in the UI by @ToSeven in #1224
- Dump Call Graph by @tokatoka in #1230
- switch fuzzbench to FAST schedule by @vanhauser-thc in #1233
- switch sancov_8bit.rs to use OwnedMutSlice by @f0rki in #1235
- Use InMemoryOnDiskCorpus in fuzzbench fuzzer by @tokatoka in #1240
- Change DumpToDiskStage's callback by @tokatoka in #1242
- Update llvm for FreeBSD CI by @domenukk in #1243
- More security sensitive functions for coverage accounting by @tokatoka in #1246
- Ignore 'Broken Pipe' if child process does not read all of stdin by @arpankapoor in #1244
- Add a CI task that checks performance regression by @ToSeven in #1248
- Add file extension for clang in libafl_cc/build.rs by @NeXX451 in #1237
- Alternative scheduled count strategy by @addisoncrump in #1252
- Add pyproject.toml to python bindings by @twizmwazin in #1239
- Add suggestion for
arg&argsby @July541 in #1257 - Update pyo3 crate to 0.18.3 by @twizmwazin in #1255
- LibAFL_qemu: Disable Capstone to fix build issues on some distributions by @intrigus-lgtm in #1263
- Don't add llvm pass args when there're no passes & Don't pass
-mllvmarguments when compiling asm files by @tokatoka in #1266 - Add check for if mutations were skipped to MutationalStages by @addisoncrump in #1265
- Allow configuring timeout for CommandExecutor by @arpankapoor in #1269
- Automatically add the comment about executions when a new PR triggers by @ToSeven in #1270
- Linking arguments for LLVM passes by @tokatoka in #1273
- Don't pass LLVM pass & its args during linking by @tokatoka in #1274
- Filter out unwanted arguments in libafl_cc by @tokatoka in #1276
- Disable capstone when building qemu-afl-bridge for user-mode fuzzing by @WorksButNotTested in #1281
- afl_cc fix build for LLVM 17 by @devnexen in #1286
- minibsod: generate_minibsod further memory maps data for freebsd. by @devnexen in #1285
- minibsod dragonflybsd's portage by @devnexen in #1287
- Add an observer for
COUNTERS_MAPSfor 8-bit SanCov by @novafacing in #1283 - Improve
baby_fuzzerchapter of the documentation by @kokkonisd in #1289
Fixes
- Fix CommandExecutor type params by @tokatoka in #1222
- Fix #1228 by @tokatoka in #1229
- Fix double crash for solutions with the same filename (#1232) by @tokatoka in #1236
- Eco fuzz fix by @tokatoka in #1253
- Ecofuzz Fix 2 by @tokatoka in #1262
- Fix performance regression detection in CI #1248 by @ToSeven in #1259
- Fix #1276 by @tokatoka in #1277
- Fix CI by @tokatoka in #1292
New Contributors
- @NeXX451 made their first contribution in #1237
- @twizmwazin made their first contribution in #1239
- @July541 made their first contribution in #1257
- @novafacing made their first contribution in #1283
- @kokkonisd made their first contribution in #1289
Full Changelog: 0.10.0...0.10.1
Contributors
domenukk, f0rki, and 14 other contributors
Assets 2
0.10.0
Highlights
- AFL++'s Redqueen implementation
- New Scheduler method to run on evaluation
- EcoFuzz implementation
- Integration with CASR for deduplication
- Input loading from disk API moved to Corpus (this allows Corpora to be backed by network or databases)
- Batch mode timeout algorithm with lower syscall overhead (Linux only)
- Logic stages to enable and disable stages conditionally
- Full AFL++ forkserver support
- New WASM fuzzing example
What's Changed
- Change to combine restoration prologue with coverage register spill by @WorksButNotTested in #1029
- Remove unused imports by @tokatoka in #1035
- Add information about system mode QEMU by @domenukk in #1038
- Restart loading initial inputs even after a crash/timeout by @andreafioraldi in #1040
- Allow to load a list of files by @domenukk in #1044
- libafl:
with_capacitymethod forNewHashFeedbackby @langston-barrett in #1034 - Update deps for libafl by @rchildre3 in #1042
- libafl: Increase default capacity of NewHashFeedback by @langston-barrett in #1049
- Rename LLMP Timeout message by @tokatoka in #1048
- Send stability in calibration stage & FridaInstrumentationHelper retunrs Result<Self, Error> by @tokatoka in #1056
- Revert FridaInstrumentationHelper changes by @tokatoka in #1062
- Colorization stage by @tokatoka in #1039
- Remove unused deps by @tokatoka in #1069
- Use the log facade instead of println by @fabianfreyer in #1060
- QEMU: do not crash in helpers pre and post execs by @andreafioraldi in #1065
- Add stub lib for fuzzbench by @andreafioraldi in #1074
- minibsod solarish on amd64 implementations by @devnexen in #1068
- Use Instant::now instead of duration by @SpaceWhite in #1064
- Forkserver: 1. Add mem barrier 2. Don't send the initial 4 bytes message when it uses dynamic map option only by @tokatoka in #1073
- Add a missing condition for FS_OPT_MAPSIZE by @tokatoka in #1076
- CorpusMinimizer opt: don't add to map if it's the initial value (uninteresting) by @addisoncrump in #1078
- Make sure input was loaded to avoid panic on unwrap in MutatedTransform by @f0rki in #1077
- Weak link token section by @tokatoka in #1080* Use GuestAddr in QemuInstrumentationFilter by @andreafioraldi in #1085
- Move bytecount to dev-dependencies by @rchildre3 in #1090
- Exit broker when last client exits by @domenukk in #1057
- libafl: Generator instance for Iterator by @langston-barrett in #1101
- Cleanup forkserver exec builder by @clesmian in #1094
- UsesObserver by @tokatoka in #1104
- Add example for WASM by @addisoncrump in #1093
- on_evaluation Scheduler method by @andreafioraldi in #1106
- Real OnDiskCorpus by @domenukk in #1096
- Remove unnecessary check in calibration stage by @tokatoka in #1111
- Track parent testcase, tuneable stage probabilistic settings by @domenukk in #1081
- Implement EcoFuzz by @andreafioraldi in #1115
- Use a different crash history in forkserver examples by @arpankapoor in #1118
- SimpleLogger by @tokatoka in #1109
- Cargo feature to avoid regex dependency by @langston-barrett in #1102
- Forward on_evaluation callback in MinimizerScheduler by @EliaGeretto in #1122
- Use InMemoryCorpus in libfuzzer_libpng by @tokatoka in #1125
- Check CI result on cargo make test for available fuzzers by @SpaceWhite in #1107
- Improve find_llvm for MacOS by @Marcondiro in #1124
- Increase LLMP clients timeout to 5 min by @andreafioraldi in #1126
- Define custom collectors for QemuCallTracerHelper by @andreafioraldi in #1099
- Use regex feature in libafl_qemu by @andreafioraldi in #1127
- Safer EoP handling by @domenukk in #1128
- Allows libafl tests to run in miri by @domenukk in #1130
- Allow take the ownership of the BytesInput by @wtdcode in #1135
- Resolve zero-sized allocation in swap diff fuzzer by @addisoncrump in #1139
- AFL++ RedQueen by @tokatoka in #1087
- Added Truncate trait by @domenukk in #1141
- Make it explicit that clang/clang++ is needed by @tokatoka in #1142
- Created functions to get the metadata from State and Testcase by @matheusbaptistella in #1123
- Rename MetaData to Metadata by @tokatoka in #1144
- Create SchedulerTestcaseMetadata if it doesn't exist by @domenukk in #1151
- Implement From for usize by @domenukk in #1152
- Logic stages by @tokatoka in #1148
- IfStage by @tokatoka in #1157
- checks the presence of clang frontends. by @devnexen in #1158
- new metadata() and testcase() function added to the code by @matheusbaptistella in #1155
- Removed
new_from constructors that don't need it (API consistency) by @domenukk in #1159 - Don't build z3 from source by default (and add static_z3 feature) by @domenukk in #1160
- Remove duplicate lines in attributes by @bkrl in #1165
- libafl_frida run executable by @SpaceWhite in #1117
- fix UB in baby_fuzzer_grimoire by @Vincebye in #1166
- Install libz3-dev in CI by @domenukk in #1163
- Solves issue #1137 by @arimallick in #1168
- core_affinity freebsd constants are included in libc now. by @devnexen in #1170
- Remove libfuzzer_stb_image_sugar for now by @tokatoka in #1177
- Implement restarting without serializing the corpus by @andreafioraldi in #1182
- add readme documentation description about the tui feature by @Vincebye in #1198
- CASR deduplication for StacktraceObservers by @anfedotoff in #1184
- Use observers to handle crashes in run_target for TimeoutForkserverExecutor by @anfedotoff in #1189
- Bump to 0.10.0 by @andreafioraldi in #1156
- Removed more
new_(follow-up on #1159) by @domenukk in #1200 - qemu: Return errors from
Emulator::newinstead of asserting by @langston-barrett in #1197 - libafl: Copy-editing LLMP manager docstrings by @langston-barrett in #1208
- libafl: Mark
buffer_{self_,}copyas unsafe, don't export them by @langston-barrett in #1207 - Tuneable stage with per-seed timeout by @domenukk in #1209
- Example fuzzers with even less UB by @domenukk in #1212
- serial_test as normal optional dep enabled with std by @andreafioraldi in #1215
- Batch mode timeouts (Linux only ATM) by @andreafioraldi in #1193
- Move
Inputloading and dumping APIs fromTestcasetoCorpusby @domenukk in #1201
Fixes
- Fix readme position in qemu sys by...
Contributors
domenukk, f0rki, and 25 other contributors