Full libfuzzer shimming (for cargo-fuzz libfuzzer alternative and other use cases)

.gitignore

@@ -33,6 +33,8 @@ perf.data.old
 .vscode
 test.dict
 
+.idea/
+
 # Ignore all built fuzzers
 fuzzer_*
 AFLplusplus

Cargo.toml

@@ -9,6 +9,7 @@ members = [
     "libafl_tinyinst",
     "libafl_sugar",
     "libafl_nyx",
+    "libafl_libfuzzer",
     "libafl_concolic/symcc_runtime",
     "libafl_concolic/symcc_libafl",
     "libafl_concolic/test/dump_constraints",

fuzzers/baby_fuzzer_wasm/src/lib.rs

@@ -1,11 +1,13 @@
 mod utils;
 
 use libafl::{
-    bolts::{current_nanos, rands::StdRand, tuples::tuple_list, AsSlice},
+    bolts::{
+        current_nanos, rands::StdRand, serdeany::RegistryBuilder, tuples::tuple_list, AsSlice,
+    },
     corpus::{Corpus, InMemoryCorpus},
     events::SimpleEventManager,
     executors::{ExitKind, InProcessExecutor},
-    feedbacks::{CrashFeedback, MaxMapFeedback},
+    feedbacks::{CrashFeedback, MapFeedbackMetadata, MaxMapFeedback},
     generators::RandPrintablesGenerator,
     inputs::{BytesInput, HasTargetBytes},
     monitors::SimpleMonitor,
@@ -36,6 +38,7 @@ pub extern "C" fn external_current_millis() -> u64 {
 #[wasm_bindgen]
 pub fn fuzz() {
     set_panic_hook();
+    RegistryBuilder::register::<MapFeedbackMetadata<u8>>();
 
     let mut signals = [0u8; 64];
     let signals_ptr = signals.as_mut_ptr();

libafl/src/bolts/serdeany.rs

@@ -246,8 +246,7 @@ macro_rules! create_serde_registry_for_trait {
                 where
                     T: $trait_name,
                 {
-                    self.map
-                        .insert(unpack_type_id(TypeId::of::<T>()), Box::new(t));
+                    self.insert_boxed(Box::new(t));
                 }
 
                 /// Insert a boxed element into the map.
@@ -256,7 +255,20 @@ macro_rules! create_serde_registry_for_trait {
                 where
                     T: $trait_name,
                 {
-                    self.map.insert(unpack_type_id(TypeId::of::<T>()), t);
+                    let id = unpack_type_id(TypeId::of::<T>());
+                    assert!(
+                        unsafe {
+                            REGISTRY
+                                .deserializers
+                                .as_ref()
+                                .expect("Empty types registry")
+                                .get(&id)
+                                .is_some()
+                        },
+                        "type {} was inserted without registration!",
+                        core::any::type_name::<T>()
+                    );
+                    self.map.insert(id, t);
                 }
 
                 /// Returns the count of elements in this map.
@@ -512,6 +524,18 @@ macro_rules! create_serde_registry_for_trait {
                     T: $trait_name,
                 {
                     let id = unpack_type_id(TypeId::of::<T>());
+                    assert!(
+                        unsafe {
+                            REGISTRY
+                                .deserializers
+                                .as_ref()
+                                .expect("Empty types registry")
+                                .get(&id)
+                                .is_some()
+                        },
+                        "type {} was inserted without registration!",
+                        core::any::type_name::<T>()
+                    );
                     if !self.map.contains_key(&id) {
                         self.map.insert(id, HashMap::default());
                     }

libafl/src/corpus/cached.rs

@@ -1,6 +1,6 @@
 //! The [`CachedOnDiskCorpus`] stores [`Testcase`]s to disk, keeping a subset of them in memory/cache, evicting in a FIFO manner.
 
-use alloc::collections::vec_deque::VecDeque;
+use alloc::{collections::vec_deque::VecDeque, string::String};
 use core::cell::RefCell;
 use std::path::Path;
 
@@ -193,7 +193,7 @@ where
     pub fn with_meta_format<P>(
         dir_path: P,
         cache_max_len: usize,
-        meta_format: OnDiskMetadataFormat,
+        meta_format: Option<OnDiskMetadataFormat>,
     ) -> Result<Self, Error>
     where
         P: AsRef<Path>,
@@ -204,6 +204,31 @@ where
         )
     }
 
+    /// Creates the [`CachedOnDiskCorpus`] specifying the metadata format and the prefix to prepend
+    /// to each testcase.
+    ///
+    /// Will error, if [`std::fs::create_dir_all()`] failed for `dir_path`.
+    pub fn with_meta_format_and_prefix<P>(
+        dir_path: P,
+        cache_max_len: usize,
+        meta_format: Option<OnDiskMetadataFormat>,
+        prefix: Option<String>,
+        locking: bool,
+    ) -> Result<Self, Error>
+    where
+        P: AsRef<Path>,
+    {
+        Self::_new(
+            InMemoryOnDiskCorpus::with_meta_format_and_prefix(
+                dir_path,
+                meta_format,
+                prefix,
+                locking,
+            )?,
+            cache_max_len,
+        )
+    }
+
     /// Internal constructor `fn`
     fn _new(on_disk_corpus: InMemoryOnDiskCorpus<I>, cache_max_len: usize) -> Result<Self, Error> {
         if cache_max_len == 0 {

libafl/src/corpus/inmemory_ondisk.rs

@@ -50,6 +50,8 @@ where
     inner: InMemoryCorpus<I>,
     dir_path: PathBuf,
     meta_format: Option<OnDiskMetadataFormat>,
+    prefix: Option<String>,
+    locking: bool,
 }
 
 impl<I> UsesInput for InMemoryOnDiskCorpus<I>
@@ -209,20 +211,41 @@ where
     where
         P: AsRef<Path>,
     {
-        Self::_new(dir_path.as_ref(), Some(OnDiskMetadataFormat::JsonPretty))
+        Self::_new(
+            dir_path.as_ref(),
+            Some(OnDiskMetadataFormat::JsonPretty),
+            None,
+            true,
+        )
     }
 
     /// Creates the [`InMemoryOnDiskCorpus`] specifying the format in which `Metadata` will be saved to disk.
     ///
     /// Will error, if [`std::fs::create_dir_all()`] failed for `dir_path`.
     pub fn with_meta_format<P>(
         dir_path: P,
-        meta_format: OnDiskMetadataFormat,
+        meta_format: Option<OnDiskMetadataFormat>,
     ) -> Result<Self, Error>
     where
         P: AsRef<Path>,
     {
-        Self::_new(dir_path.as_ref(), Some(meta_format))
+        Self::_new(dir_path.as_ref(), meta_format, None, true)
+    }
+
+    /// Creates the [`InMemoryOnDiskCorpus`] specifying the format in which `Metadata` will be saved to disk
+    /// and the prefix for the filenames.
+    ///
+    /// Will error, if [`std::fs::create_dir_all()`] failed for `dir_path`.
+    pub fn with_meta_format_and_prefix<P>(
+        dir_path: P,
+        meta_format: Option<OnDiskMetadataFormat>,
+        prefix: Option<String>,
+        locking: bool,
+    ) -> Result<Self, Error>
+    where
+        P: AsRef<Path>,
+    {
+        Self::_new(dir_path.as_ref(), meta_format, prefix, locking)
     }
 
     /// Creates an [`InMemoryOnDiskCorpus`] that will not store .metadata files
@@ -232,16 +255,27 @@ where
     where
         P: AsRef<Path>,
     {
-        Self::_new(dir_path.as_ref(), None)
+        Self::_new(dir_path.as_ref(), None, None, true)
     }
 
     /// Private fn to crate a new corpus at the given (non-generic) path with the given optional `meta_format`
-    fn _new(dir_path: &Path, meta_format: Option<OnDiskMetadataFormat>) -> Result<Self, Error> {
-        fs::create_dir_all(dir_path)?;
+    fn _new(
+        dir_path: &Path,
+        meta_format: Option<OnDiskMetadataFormat>,
+        prefix: Option<String>,
+        locking: bool,
+    ) -> Result<Self, Error> {
+        match fs::create_dir_all(dir_path) {
+            Ok(_) => {}
+            Err(e) if e.kind() == std::io::ErrorKind::AlreadyExists => {}
+            Err(e) => return Err(e.into()),
+        }
         Ok(InMemoryOnDiskCorpus {
             inner: InMemoryCorpus::new(),
             dir_path: dir_path.into(),
             meta_format,
+            prefix,
+            locking,
         })
     }
 
@@ -265,19 +299,21 @@ where
                 return Ok(());
             }
 
-            let new_lock_filename = format!(".{new_filename}.lafl_lock");
+            if self.locking {
+                let new_lock_filename = format!(".{new_filename}.lafl_lock");
 
-            // Try to create lock file for new testcases
-            if OpenOptions::new()
-                .create(true)
-                .write(true)
-                .open(self.dir_path.join(new_lock_filename))
-                .is_err()
-            {
-                *testcase.filename_mut() = Some(old_filename);
-                return Err(Error::illegal_state(
-                    "unable to create lock file for new testcase",
-                ));
+                // Try to create lock file for new testcases
+                if OpenOptions::new()
+                    .create(true)
+                    .write(true)
+                    .open(self.dir_path.join(new_lock_filename))
+                    .is_err()
+                {
+                    *testcase.filename_mut() = Some(old_filename);
+                    return Err(Error::illegal_state(
+                        "unable to create lock file for new testcase",
+                    ));
+                }
             }
 
             let new_file_path = self.dir_path.join(&new_filename);
@@ -311,18 +347,15 @@ where
     fn save_testcase(&self, testcase: &mut Testcase<I>, idx: CorpusId) -> Result<(), Error> {
         let file_name_orig = testcase.filename_mut().take().unwrap_or_else(|| {
             // TODO walk entry metadata to ask for pieces of filename (e.g. :havoc in AFL)
-
             testcase.input().as_ref().unwrap().generate_name(idx.0)
         });
-        if testcase.file_path().is_some() {
-            // We already have a valid path, no need to do calculate anything
-            *testcase.filename_mut() = Some(file_name_orig);
-        } else {
-            // New testcase, we need to save it.
-            let mut file_name = file_name_orig.clone();
 
-            let mut ctr = 2;
-            let file_name = loop {
+        // New testcase, we need to save it.
+        let mut file_name = file_name_orig.clone();
+
+        let mut ctr = 2;
+        let file_name = if self.locking {
+            loop {
                 let lockfile_name = format!(".{file_name}.lafl_lock");
                 let lockfile_path = self.dir_path.join(lockfile_name);
 
@@ -337,11 +370,19 @@ where
 
                 file_name = format!("{file_name_orig}-{ctr}");
                 ctr += 1;
-            };
+            }
+        } else {
+            file_name
+        };
 
+        if testcase
+            .file_path()
+            .as_ref()
+            .map_or(true, |path| !path.starts_with(&self.dir_path))
+        {
             *testcase.file_path_mut() = Some(self.dir_path.join(&file_name));
-            *testcase.filename_mut() = Some(file_name);
         }
+        *testcase.filename_mut() = Some(file_name);
 
         if self.meta_format.is_some() {
             let metafile_name = format!(".{}.metadata", testcase.filename().as_ref().unwrap());