AFLplusplus · domenukk · Nov 4, 2024 · Oct 8, 2024 · Oct 8, 2024 · Oct 9, 2024
diff --git a/.github/workflows/qemu-fuzzer-tester-prepare/action.yml b/.github/workflows/qemu-fuzzer-tester-prepare/action.yml
@@ -5,7 +5,7 @@ runs:
   steps:
     - name: Install QEMU deps
       shell: bash
-      run: apt-get update && apt-get install -y qemu-utils sudo python3-msgpack python3-jinja2 curl
+      run: apt-get update && apt-get install -y qemu-utils sudo python3-msgpack python3-jinja2 curl python3-dev
     - uses: dtolnay/rust-toolchain@stable
     - name: enable mult-thread for `make`
       shell: bash

diff --git a/fuzzers/baby/backtrace_baby_fuzzers/c_code_with_inprocess_executor/src/main.rs b/fuzzers/baby/backtrace_baby_fuzzers/c_code_with_inprocess_executor/src/main.rs
@@ -1,4 +1,4 @@
-use std::path::PathBuf;
+use std::{path::PathBuf, ptr};
 
 use libafl::{
     corpus::{InMemoryCorpus, OnDiskCorpus},
@@ -35,7 +35,8 @@ pub fn main() {
         libafl::executors::ExitKind::Ok
     };
     // Create an observation channel using the signals map
-    let observer = unsafe { ConstMapObserver::<u8, 3>::from_mut_ptr("signals", array_ptr) };
+    let observer =
+        unsafe { ConstMapObserver::<u8, 3>::from_mut_ptr("signals", ptr::NonNull::new(array_ptr)) };
     // Create a stacktrace observer
     let bt_observer = BacktraceObserver::owned(
         "BacktraceObserver",

diff --git a/fuzzers/binary_only/qemu_cmin/src/fuzzer.rs b/fuzzers/binary_only/qemu_cmin/src/fuzzer.rs
@@ -2,7 +2,7 @@
 //!
 #[cfg(feature = "i386")]
 use core::mem::size_of;
-use std::{env, io, path::PathBuf, process};
+use std::{env, io, path::PathBuf, process, ptr::NonNull};
 
 use clap::{builder::Str, Parser};
 use libafl::{
@@ -162,7 +162,7 @@ pub fn fuzz() -> Result<(), Error> {
     let mut edges_observer = unsafe {
         HitcountsMapObserver::new(ConstMapObserver::<_, EDGES_MAP_DEFAULT_SIZE>::from_mut_ptr(
             "edges",
-            edges.as_mut_ptr(),
+            NonNull::new(edges.as_mut_ptr()).expect("The edge map pointer is null."),
         ))
     };
 
@@ -196,7 +196,7 @@ pub fn fuzz() -> Result<(), Error> {
         let len = len as GuestReg;
 
         unsafe {
-            qemu.write_mem(input_addr, buf);
+            qemu.write_mem(input_addr, buf).expect("qemu write failed.");
             qemu.write_reg(Regs::Pc, test_one_input_ptr).unwrap();
             qemu.write_reg(Regs::Sp, stack_ptr).unwrap();
             qemu.write_return_address(ret_addr).unwrap();
@@ -219,7 +219,7 @@ pub fn fuzz() -> Result<(), Error> {
     };
 
     let modules = tuple_list!(StdEdgeCoverageChildModule::builder()
-        .map_observer(edges_observer.as_mut())
+        .const_map_observer(edges_observer.as_mut())
         .build()?);
 
     let emulator = Emulator::empty().qemu(qemu).modules(modules).build()?;

diff --git a/libafl/src/executors/forkserver.rs b/libafl/src/executors/forkserver.rs
@@ -1635,7 +1635,7 @@ mod tests {
 
         let mut shmem = shmem_provider.new_shmem(MAP_SIZE).unwrap();
         shmem.write_to_env("__AFL_SHM_ID").unwrap();
-        let shmem_buf = shmem.as_slice_mut();
+        let shmem_buf: &mut [u8; MAP_SIZE] = shmem.as_slice_mut().try_into().unwrap();
 
         let edges_observer = HitcountsMapObserver::new(ConstMapObserver::<_, MAP_SIZE>::new(
             "shared_mem",

diff --git a/libafl/src/observers/map/const_map.rs b/libafl/src/observers/map/const_map.rs
@@ -5,28 +5,26 @@ use core::{
     fmt::Debug,
     hash::{Hash, Hasher},
     ops::{Deref, DerefMut},
+    ptr,
 };
 
 use ahash::RandomState;
-use libafl_bolts::{ownedref::OwnedMutSlice, AsSlice, AsSliceMut, HasLen, Named};
+use libafl_bolts::{ownedref::OwnedMutSizedSlice, HasLen, Named};
 use serde::{de::DeserializeOwned, Deserialize, Serialize};
 
 use crate::{
-    observers::{map::MapObserver, Observer, VariableLengthMapObserver},
+    observers::{map::MapObserver, ConstantLengthMapObserver, Observer},
     Error,
 };
 
-// TODO: remove the size field and implement ConstantLengthMapObserver
-
 /// Use a const size to speedup `Feedback::is_interesting` when the user can
 /// know the size of the map at compile time.
 #[derive(Serialize, Deserialize, Debug)]
 #[allow(clippy::unsafe_derive_deserialize)]
 pub struct ConstMapObserver<'a, T, const N: usize> {
-    map: OwnedMutSlice<'a, T>,
+    map: OwnedMutSizedSlice<'a, T, N>,
     initial: T,
     name: Cow<'static, str>,
-    size: usize,
 }
 
 impl<I, S, T, const N: usize> Observer<I, S> for ConstMapObserver<'_, T, N>
@@ -87,19 +85,19 @@ where
 
     #[inline]
     fn get(&self, idx: usize) -> T {
-        self.as_slice()[idx]
+        self[idx]
     }
 
     #[inline]
     fn set(&mut self, idx: usize, val: T) {
-        self.map.as_slice_mut()[idx] = val;
+        (*self)[idx] = val;
     }
 
     /// Count the set bytes in the map
     fn count_bytes(&self) -> u64 {
         let initial = self.initial();
         let cnt = self.usable_count();
-        let map = self.as_slice();
+        let map = self.map.as_slice();
         let mut res = 0;
         for x in &map[0..cnt] {
             if *x != initial {
@@ -110,7 +108,7 @@ where
     }
 
     fn usable_count(&self) -> usize {
-        self.as_slice().len()
+        self.len()
     }
 
     #[inline]
@@ -124,22 +122,22 @@ where
         // Normal memset, see https://rust.godbolt.org/z/Trs5hv
         let initial = self.initial();
         let cnt = self.usable_count();
-        let map = self.as_slice_mut();
+        let map = &mut (*self);
         for x in &mut map[0..cnt] {
             *x = initial;
         }
         Ok(())
     }
 
     fn to_vec(&self) -> Vec<T> {
-        self.as_slice().to_vec()
+        self.map.to_vec()
     }
 
     /// Get the number of set entries with the specified indexes
     fn how_many_set(&self, indexes: &[usize]) -> usize {
         let initial = self.initial();
         let cnt = self.usable_count();
-        let map = self.as_slice();
+        let map = self.map.as_slice();
         let mut res = 0;
         for i in indexes {
             if *i < cnt && map[*i] != initial {
@@ -150,37 +148,30 @@ where
     }
 }
 
-impl<T, const N: usize> VariableLengthMapObserver for ConstMapObserver<'_, T, N>
+impl<T, const N: usize> ConstantLengthMapObserver<N> for ConstMapObserver<'_, T, N>
 where
     T: PartialEq + Copy + Hash + Serialize + DeserializeOwned + Debug + 'static,
 {
-    fn map_slice(&mut self) -> &[Self::Entry] {
-        self.map.as_slice()
-    }
-
-    fn map_slice_mut(&mut self) -> &mut [Self::Entry] {
-        self.map.as_slice_mut()
-    }
-
-    fn size(&mut self) -> &usize {
-        &N
+    fn map_slice(&self) -> &[Self::Entry; N] {
+        &self.map
     }
 
-    fn size_mut(&mut self) -> &mut usize {
-        &mut self.size
+    fn map_slice_mut(&mut self) -> &mut [Self::Entry; N] {
+        &mut self.map
     }
 }
 
 impl<T, const N: usize> Deref for ConstMapObserver<'_, T, N> {
     type Target = [T];
+
     fn deref(&self) -> &[T] {
-        &self.map
+        self.map.as_slice()
     }
 }
 
 impl<T, const N: usize> DerefMut for ConstMapObserver<'_, T, N> {
     fn deref_mut(&mut self) -> &mut [T] {
-        &mut self.map
+        self.map.as_mut_slice()
     }
 }
 
@@ -194,48 +185,25 @@ where
     /// Will get a pointer to the map and dereference it at any point in time.
     /// The map must not move in memory!
     #[must_use]
-    pub fn new(name: &'static str, map: &'a mut [T]) -> Self {
+    pub fn new(name: &'static str, map: &'a mut [T; N]) -> Self {
         assert!(map.len() >= N);
         Self {
-            map: OwnedMutSlice::from(map),
+            map: OwnedMutSizedSlice::from(map),
             name: Cow::from(name),
             initial: T::default(),
-            size: N,
         }
     }
 
     /// Creates a new [`MapObserver`] from a raw pointer
     ///
     /// # Safety
     /// Will dereference the `map_ptr` with up to len elements.
-    pub unsafe fn from_mut_ptr(name: &'static str, map_ptr: *mut T) -> Self {
+    #[must_use]
+    pub unsafe fn from_mut_ptr(name: &'static str, map_ptr: ptr::NonNull<T>) -> Self {
         ConstMapObserver {
-            map: OwnedMutSlice::from_raw_parts_mut(map_ptr, N),
+            map: OwnedMutSizedSlice::from_raw_parts_mut(map_ptr),
             name: Cow::from(name),
             initial: T::default(),
-            size: N,
-        }
-    }
-}
-
-impl<T, const N: usize> ConstMapObserver<'_, T, N>
-where
-    T: Default + Clone,
-{
-    /// Creates a new [`MapObserver`] with an owned map
-    #[must_use]
-    pub fn owned(name: &'static str, map: Vec<T>) -> Self {
-        assert!(map.len() >= N);
-        let initial = if map.is_empty() {
-            T::default()
-        } else {
-            map[0].clone()
-        };
-        Self {
-            map: OwnedMutSlice::from(map),
-            name: Cow::from(name),
-            initial,
-            size: N,
         }
     }
 }
diff --git a/libafl/src/observers/map/hitcount_map.rs b/libafl/src/observers/map/hitcount_map.rs
@@ -14,7 +14,10 @@ use serde::{Deserialize, Serialize};
 
 use crate::{
     executors::ExitKind,
-    observers::{map::MapObserver, DifferentialObserver, Observer, VariableLengthMapObserver},
+    observers::{
+        map::MapObserver, ConstantLengthMapObserver, DifferentialObserver, Observer,
+        VariableLengthMapObserver,
+    },
     Error,
 };
 
@@ -230,19 +233,32 @@ where
     }
 }
 
+impl<M, const N: usize> ConstantLengthMapObserver<N> for HitcountsMapObserver<M>
+where
+    M: ConstantLengthMapObserver<N> + MapObserver<Entry = u8>,
+{
+    fn map_slice(&self) -> &[Self::Entry; N] {
+        self.base.map_slice()
+    }
+
+    fn map_slice_mut(&mut self) -> &mut [Self::Entry; N] {
+        self.base.map_slice_mut()
+    }
+}
+
 impl<M> VariableLengthMapObserver for HitcountsMapObserver<M>
 where
     M: VariableLengthMapObserver + MapObserver<Entry = u8>,
 {
-    fn map_slice(&mut self) -> &[Self::Entry] {
+    fn map_slice(&self) -> &[Self::Entry] {
         self.base.map_slice()
     }
 
     fn map_slice_mut(&mut self) -> &mut [Self::Entry] {
         self.base.map_slice_mut()
     }
 
-    fn size(&mut self) -> &usize {
+    fn size(&self) -> &usize {
         self.base.size()
     }
 

diff --git a/libafl/src/observers/map/mod.rs b/libafl/src/observers/map/mod.rs
@@ -390,14 +390,14 @@ pub trait MapObserver:
 pub trait VariableLengthMapObserver: MapObserver {
     /// A mutable slice reference to the map.
     /// The length of the map gives the maximum allocatable size.
-    fn map_slice(&mut self) -> &[Self::Entry];
+    fn map_slice(&self) -> &[Self::Entry];
 
     /// A slice reference to the map.
     /// The length of the map gives the maximum allocatable size.
     fn map_slice_mut(&mut self) -> &mut [Self::Entry];
 
     /// A reference to the size of the map.
-    fn size(&mut self) -> &usize;
+    fn size(&self) -> &usize;
 
     /// A mutable reference to the size of the map.
     fn size_mut(&mut self) -> &mut usize;
@@ -408,6 +408,9 @@ pub trait ConstantLengthMapObserver<const N: usize>: MapObserver {
     /// The size of the map
     const LENGTH: usize = N;
 
+    /// A mutable slice reference to the map
+    fn map_slice(&self) -> &[Self::Entry; N];
+
     /// A mutable slice reference to the map
     fn map_slice_mut(&mut self) -> &mut [Self::Entry; N];
 }

diff --git a/libafl/src/observers/map/variable_map.rs b/libafl/src/observers/map/variable_map.rs
@@ -153,15 +153,15 @@ impl<T> VariableLengthMapObserver for VariableMapObserver<'_, T>
 where
     T: PartialEq + Copy + Hash + Serialize + DeserializeOwned + Debug,
 {
-    fn map_slice(&mut self) -> &[Self::Entry] {
+    fn map_slice(&self) -> &[Self::Entry] {
         self.map.as_ref()
     }
 
     fn map_slice_mut(&mut self) -> &mut [Self::Entry] {
         self.map.as_mut()
     }
 
-    fn size(&mut self) -> &usize {
+    fn size(&self) -> &usize {
         self.size.as_ref()
     }