Skip to content

Migrate to newest libafl #36

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
May 8, 2025
Merged

Migrate to newest libafl #36

merged 2 commits into from
May 8, 2025

Conversation

Evian-Zhang
Copy link
Contributor

@Evian-Zhang Evian-Zhang commented May 6, 2025
edited
Loading

There are following changes in this PR:

  • Forkserver logics are refactored to fit in Refactor to new forkserver LibAFL#3183 (changes in src/forkserver.rs and src/target.rs), thus the dependency in Cargo.toml has been modified to the upstream LibAFL. (And after that PR got rolled in LibAFL's released versions, we can change the git dependency into crates.io dependency)

  • Legacy stage is removed.

    In my understanding, the persistent loop is not a "stage". It is just part of a target harness.

  • Callbacks are unioned into a UnicornAflExecutorHook.

    This removes a lot of ugly trait constraints across the crate implementation, and is more like LibAFL's style. Moreover, the C-side user API perfected remained consistent.

  • Forkserver-level TB cache is added.

    The logic is one-to-one translation from the previous UnicornAFL's C++ code.

  • Several documentation are added.

  • Other LibAFL-compatible changes

    In my understanding, there are three ways to use UnicornAFL now:

    • Use AFL++'s afl-fuzz

      This will use the persistent loop in src/harness.rs

    • Use LibAFL's ForkserverExecutor

      In fact, this is essentially the same as AFL++'s afl-fuzz. As a result, this will also use the persistent loop.

    • Directly use UnicornAflExecutor with other LibAFL primitives

      The previous two approaches are designed to be compatible with AFL++, and this approach is more pure-LibAFL.

      This is only related to the last few lines in src/executors.rs, which is the implementation of Executor trait for UnicornAflExecutor.

    After these thoughts, some minor modifications are conducted to make it more clear and consistent:

    • The execution for one round is refactored into the execute_internal method for UnicornAflExecutor, which can be invoked by Executor::run_target or persistent loop in src/harness.c
    • The input in persistent loop does not use UnsafeSliceInput anymore, since we can directly use a slice to feed.
    • The observers in UnicornAflExecutor are modified to be correctly composable with LibAFL's other Observers.

@vanhauser-thc vanhauser-thc requested a review from wtdcode May 6, 2025 12:45
wtdcode
wtdcode reviewed May 6, 2025
View reviewed changes
@Evian-Zhang
Copy link
Contributor Author

I have implemented Cmplog feature based on this PR, it's relatively-easy since now LibAFL already have enough functionalities. I would spare this to next PR after this PR is reviewed and merged, in case this PR grows too large.

Not to push anyone, I know it has been a busy time for everyone and reviewing is very time-consuming. Just thanks in advance :)

@wtdcode
Copy link
Member

wtdcode commented May 8, 2025

Looks good to me overall. Nice work on ForkserverParent abstraction, making everything easier and lots of code clean. =)

@wtdcode wtdcode merged commit 3b2a80a into AFLplusplus:v3 May 8, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wtdcode wtdcode wtdcode approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Evian-Zhang @wtdcode