0.9.0
Highlights
- Userspace snapshot-fuzzing using libafl_qemu
- QEMU system mode fuzzing with fast snapshots
- Tuneable Stage, Scheduler, ScheduledMutator to change behavior on the fly
- Differential observers
- SyncFromBrokerStage to sync from a broker with a different Input type
- Introduce stable CorpusId to remove/update entries in Corpus
- Forkserver support to AFL++ adaptive map size and CmpLog
- Tinyinst binary-only instrumentation support
- New logo
What's Changed
- Calling original UnhandledExceptionFilter in the hook by @expend20 in #832
- token mutations: set MutationResult for CmpValues::Bytes by @Mrmaxmeier in #838
- Bump Nyx-QEMU to resolve GTK configuration by @rchildre3 in #837
- Install no_std nightly toolchain by @domenukk in #847
- Refactor QEMU snapshot helper and add mmap memory limit by @andreafioraldi in #844
- CI: Build fuzzers with shared cargo target dir by @Mrmaxmeier in #845
- Expose OUT_DIR for compiler passes to other components by @domenukk in #840
- DiffExecutor has two observers by @elManto in #843
- Set persistent mode env variables. by @tokatoka in #852
- Refactor Output Observers by @domenukk in #856
- Associated types for Corpus, State by @domenukk in #767
- Implement thread-safe AsanGiovese in Rust with snapshots support by @andreafioraldi in #851
- Disabling qemu dependecies for qemu fullsystem by @TeumessianFox in #737
- dump_registers update on netbsd x86_64 arch. by @devnexen in #863
- Remove fuzzbench_weighted and update fuzzbench by @andreafioraldi in #865
- Delete blob and add CI check by @andreafioraldi in #867
- dump_register/write_crash for freebsd arm64 by @devnexen in #870
- Monitor to export fuzzer metrics to Prometheus server by @peterwhitingyb in #875
- More Associated Types by @domenukk in #881
- Remove unused stage stub by @domenukk in #882
- stdio observers should use bytes, not strings by @langston-barrett in #885
- Reworked Docs, add missing files by @domenukk in #888
- Forkserver: support File input, update clap by @pr0me in #880
- Add standalone toolchain link to frida_libpng by @domenukk in #890
- FuzzbenchDumpStage in fuzzbench_text to dump the grimoire inputs as bytes for the fuzzbench measurers by @andreafioraldi in #869
- Tuneable Stage, Scheduler, ScheduledMutator by @domenukk in #874
- Pthread introspection hook (extends #263) by @fabianfreyer in #891
- More precise handling of libafl_cc dll_extensions by @domenukk in #892
- forkserver support attempt on freebsd by @devnexen in #898
- mopt: seed from state rand instead of current_nanos by @Mrmaxmeier in #902
- autotokens pass set elf section on other unixes too by @devnexen in #900
- Update observer.md by @Jorgecmartins in #904
- Adding DrCov for qemu by @TeumessianFox in #878
- Differential observers by @VTCAKAVSMoACE in #868
- Forksrv adaptive map size and AFL++ CmpLog support by @andreafioraldi in #896
- Save and restore CPU state in libafl_qemu by @andreafioraldi in #907
- libafl_frida: Point to in-repo docs from API docs by @langston-barrett in #886
- emu::current_cpu() is now the CPU that hitted the breakpoint in fullsystem by @andreafioraldi in #910
- libafl_qemu_sys and libafl_qemu_build to have bindgen with QEMU by @andreafioraldi in #915
- Add ValueObserver, an observer for a single value by @langston-barrett in #923
- Handle broker-to-broker connection interruptions more gracefully by @omergreen in #921
- SIGINT handlers, and Release StateRestorer shmem by @tokatoka in #894
- [Windows] Setup ASAN death callback by @tokatoka in #908
- TinyInst by @tokatoka in #854
#931 - libafl: Remove
set_initial,initial_mutfromMapObservertrait by @langston-barrett in #932 - [Windows] Handle crashes without exception by @maxammann in #912
- Fast device+mem QEMU snapshots by @andreafioraldi in #930
- CI: Only test fuzzers with diffing deps by @andreafioraldi in #940
- disable libafl's default features in libafl-frida by @omergreen in #939
- Add mips support for QemuTracerHelper by @Sparrrgh in #941
- Deduplicate crash handlers by @tokatoka in #951
- [Windows] Add libfuzzer example for windows with ASAN by @maxammann in #934
- Make stalker.exclude() configurable from command line arguments by @tokatoka in #956
- Remodelling Observers/Examples that rely on UB by @domenukk in #950
- SimpleMonitor optionally with user_monitor stats by @TeumessianFox in #970
- Forkserver example with forkserver.c (#726) by @ergrelet in #973
- Remove declare -A by @tokatoka in #976
- Better MIPS register naming by @Sparrrgh in #977
- book review part2 by @hexcoder- in #980
- Book: Explain SymCC constraint solving (follow up on #980) by @domenukk in #986
- Changes to improve FRIDA x64 performance by @WorksButNotTested in #985
- Corpus maps by @andreafioraldi in #947
- OnDiskCorpus: Write metadata by default, metadata gzip compression by @domenukk in #995
- stacktrace: Use unresolved backtrace call by @arafel in #1002
- Optimization of FRIDA instrumentation for AARCH64 by @WorksButNotTested in #989
- SyncFromBrokerStage to sync from a broker with a different Input type by @andreafioraldi in #997
- TinyInst Update by @tokatoka in #968
- LLMP Message Timeout by @domenukk in #1005
- Introduce MutatorId, Tuneable fixes by @domenukk in #1022
- libafl_frida: Allow compilation for iOS by @fabianfreyer in #1023
- New Logo by @domenukk in #1025
- Python CI by @domenukk in #1024
- Remove {update,clear}_hash from ObserverWithHashField, add hasher (extending #1019) by @domenukk in #1028
##Fixes
- check_for_blobs.sh: respect gitignore by @Mrmaxmeier in #876
- Fix windows timeout by @tokatoka in #842
- Fix memory leaks and module instrumentation in frida_gdiplus by @khang06 in #841
- Fix aarch64 read_time_counter() by @tokatoka in #849
- CI: small fixes by @Mrmaxmeier in #855
- Fix launcher to work with returning run_client functions by @eknoes in #860
- sort of fix core affinity on mac arm64 by @devnexen in #873
- fixing freebsd unused import warning in core affinity. by @devnexen in #897
- Fix QEMU systemmode fuzzing by @alwinber in #883
- Update and fix concolic support by @julihoh in #901
- Fix scores when using on_replace by @VTCAKAVSMoACE in #920
- Fix libafl_qemu i386 build by @tokatoka in #924
- Fix mac m1 incompatibility for cmplog in frida mode by @omergreen in #914
- Fix frida ASAN incompatibility with mac m1 by @omergreen in #917
- libafl: Fix documentation typo in Push stage by @langston-barrett in #933
- Fix FridaInstrumentationHelper bugs caused by moving it after creation by @omergreen in
- Fix typos by @radl97 in #935
- Fix run/exec rounding by using floats + prettify result by @radl97 in #936
- Fix a typo in gnf_converter.py by @aoli-al in #942
- Fix CI diffing by @andreafioraldi in #944
- Fix SymCC build by @domenukk in #952
- using wrong commit due to wrong directory by @humpty99 in #965
- Update CorpusWeightTestcaseScore by @tokatoka in #975
- Fix previous_pc constant by @WorksButNotTested in #988
- Fix Launcher for M1, fix frida_libpng harness compilation by @domenukk in #987
- Fix early drop for frida transformer by @domenukk in #992
- fixing linking issue on qemu build by @elbiazo in #990
- Grimoire fixes by @VTCAKAVSMoACE in #993
- Update QEMU and fix snapshot restore mem leak by @andreafioraldi in #998
- Avoid no-op in ByteRandMutator by @vanhauser-thc in #999
- Fix stability UI by @tokatoka in #1000
- Fix qemu user by @andreafioraldi in #1003
- Fixes for multiple subtle bugs with grimoire, mutators, and state by @VTCAKAVSMoACE in #1001
- libafl_cc fixes clang 16 build. by @devnexen in #1010
- Fix for MapIndexesMetadata by @VTCAKAVSMoACE in #1008
- Fix second Forkserver Broken Pipe by @andreafioraldi in #1013
- Fix MmapShMemProvider's name by @tokatoka in #1014
- Fixing python example by @domenukk in #1016
New Contributors
- @rchildre3 made their first contribution in #837
- @khang06 made their first contribution in #841
- @elManto made their first contribution in #843
- @peterwhitingyb made their first contribution in #875
- @langston-barrett made their first contribution in #885
- @Jorgecmartins made their first contribution in #904
- @alwinber made their first contribution in #883
- @omergreen made their first contribution in #914
- @Sparrrgh made their first contribution in #941
- @hexcoder- made their first contribution in #961
- @humpty99 made their first contribution in #965
- @ergrelet made their first contribution in #973
- @arafel made their first contribution in #1002
Minimum supported Rust version: 1.65.0
Full Changelog: 0.8.2...0.9.0
Contributors
arafel, domenukk, and 29 other contributors