0.12.0

Highlights

• API for multithreaded initial seed corpus loading
• Initial seed corpus entries are kept for splicing
• Stages and Mutators can now be provided as a dynamic Vec
• Stages resume after crashes and timeout
• Multipart Input support
• LibAFL_Bolts: performant get_or_insert_with API for AnyMap/Metadata
• LibAFL_Targets: Exposing pcguard's PC-Table
• LibAFL_Libfuzzer: MacOS support
• libAFL_QEMU: Injection fuzzing and massive rework overall
• LibAFL_Frida: Binary-only Cmplog support for x64
• LibAFL_Tinyinst: Linux instrumentation support

API changes

• Replaced TimeoutExecutor with a timeout in each executor
• Removed python bindings for most parts of the lib (LibAFL_sugar and LibAFL_QEMU remain)
• LLMP Client timeout removed, clients manually unregister on exit now
• Turning on and off tracking of novelties and indexes is now enforced with the CanTrack trait to be less error-prone
• Instead of providing the current testcase and current stage id everywhere, this information is now available in the State

What's Changed

• bolts/minibsod adding openbsd arm64 part by @devnexen in #1724
• QEMU filtering rework + paging filtering by @rmalmain in #1705
• Use latest AFLplusplus/symcc by @tokatoka in #1749
• Ignore SigPipe by default by @domenukk in #1741
• Enabling DrCov on Windows by @mkravchik in #1765
• Dedup common code in scheduler by @tokatoka in #1702
• Safe access to QEMU's Emulator struct by @rmalmain in #1763
• Add mute_inprocess_target fn, SimpleFdLogger::set_logger, and more by @domenukk in #1754
• Check canonicalized_module_path before used by @bet4it in #1767
• Multipart Input support by @addisoncrump in #1617
• Resumable stages redux by @addisoncrump in #1780
• libafl_qemu injections by @vanhauser-thc in #1743
• libafl_frida: Add tests for ASan for Unix platforms by @mkravchik in #1781
• Don't use assert fail when building on libafl_libfuzzer on windows by @tokatoka in #1792
• libafl_frida: Make cmplog work on x64 by @expend20 in #1713
• Remove unnecessary PartialEq trait constraint on DiffFeedback observers by @djoooooe in #1811
• Refactor InProcessExecutor, merge timeout executors by @tokatoka in #1789
• QEMU: safe linking of extern "C" declarations by @rmalmain in #1810
• Add SimpleMgr feature to qemu_launcher by @domenukk in #1790
• Allow corpus removal during main fuzz loop by @hgarrereyn in #1717
• Expose PCs table. by @mvanotti in #1812
• QEMU: add injections mode default by @domenukk in #1818
• Remove create_serde_registry_for_trait macro by @skoriop in #1815
• Default ignore_* flags to true when tui=1 by @skoriop in #1820
• Delete TimeoutForkserverExecutor by @tokatoka in #1819
• libafl_libfuzzer: macOS build support by @sameer in #1711
• HookId trait and types in libafl_qemu by @rbran in #1796
• Configurable LLMP client timeout by @rmalmain in #1838
• Remove unused shmem structs, update Nix by @domenukk in #1845
• Getter for mutable reference to forkserver by @tbethe in #1849
• Make cmp_extend_encoding panic-less by @tokatoka in #1857
• Disable af-xdp from QEMU default config by @rmalmain in #1846
• feature(libqasan): add asprintf and vasprintf by @rbran in #1844
• feature(libqasan): add strndup by @rbran in #1860
• Companion patch to qemu-libafl-bridge #46 by @cube0x8 in #1830
• Finalize macOS support for libafl_libfuzzer by @sameer in #1843
• Support raw byte grammar in NautilusContext by @sadeli413 in #1868
• Less useless allocs for monitor display by @domenukk in #1874
• Add several warnings when starting forkserver by @tokatoka in #1877
• Make NopState public so that it can be used as reproducer by @addisoncrump in #1888
• Implement RetryProgress for limiting retry attempts in stages by @addisoncrump in #1890
• Sancov based ngram & ctx implementation by @tokatoka in #1864
• update libfuzzer docs about macos by @addisoncrump in #1903
• TransferFeedback for determining if a testcase was from another node by @addisoncrump in #1906
• Implement MutatorTuple for Vecs to allow Dynamic Mutator Choices by @domenukk in #1893
• Print PID when you create a new Llmp Sender. by @tokatoka in #1898
• Make executor state available to the harness V2 by @rmalmain in #1900
• Improve readability of InProcessExecutor-related code by @rmalmain in #1912
• fuzzbench_ctx: fix duplicate package warning by @Mrmaxmeier in #1918
• token mutations: avoid a few infallible unwraps by @Mrmaxmeier in #1919
• introduce multicore load initial corpus by @R9295 in #1905
• Allow dyn in StagesTuple, add Current Testcase API, Untraitify Progress by @domenukk in #1915
• Event Manager handle_in_client hooks by @tokatoka in #1916
• Tiny optimization for into_vec by @domenukk in #1931
• Remove some arguments from pre_exec/post_exec in ExecutorHook by @tokatoka in #1933
• Remove (almost) unused stage_idx by @domenukk in #1929
• Update exec counts in objective by @tokatoka in #1945
• Better error message instead of "No entries in corpus" by @tokatoka in #1948
• Rename OSError -> OsError and merge with redundant Error::File by @domenukk in #1944
• Remove useless feedback by @tokatoka in #1953
• Upgrade automaton files by @michael-yxchen in #1956
• Update tinyinst_simple to support Linux (#1316) by @am009 in #1955
• SerdeAnyMap: add unsafe_stable_anymap feature that uses type_name instead of TypeId::of by @domenukk in #1952
• Remove hash for AnyMap (since it's a HashMap already) by @domenukk in #1951
• Change AnyMap API, add unsafe_ assert by @domenukk in #1958
• More usable ListFeedback by @tokatoka in #1959
• Use OwnedPtr in ListObserver by @tokatoka in #1961
• libafl_nyx: Allow custom input buffer size to be passed to NyxHelper by @l4yton in #1960
• WIP: QEMU exit handler by @rmalmain in #1745
• libafl_nyx: Add documentation to NyxSettings fields by @l4yton in #1962
• libafl_nyx: Add bounds check for Nyx input buffer by @l4yton in #1963
• Increase llmp timeout & Print PID in logger by @tokatoka in #1970
• Inline cmplog internal functions code by @tokatoka in #1972
• Make fuzzer examples's argument parser tell that --input is mandatory by @tokatoka in #1973
• Add MutatedTransform to the input type in TMinMutationalStage (#1251) by @am009 in #1971
• Clean up warnings in baby_fuzzers by @Marcondiro in #1981
• Add backdoors to portable header file of LibAFL QEMU. by @rmalmain in #1978
• Add unsafe to AsanErrorsObserver, fix UBs, fix Frida Version missmatch by @domenukk in #1987
• Update setup_libxml2.sh of nyx_libxml2_standalone fuzzer by @GanbaruTobi in #1990
• Use new Rust CStr constant by @domenukk in #1993
• Don't resume in std mutational stage by @tokatoka in #1946
• Frida: Move ASAN_ERRORS values into a Mutex for shared access by @domenukk in #1995
• Replace LLMP client timeout with client deregistration by @tokatoka in #1982
• Add option to enabled/disable client stats and fix #1771 by @domenukk in #2001
• Move some C functions to Rust from sancov_cmp.c by @tokatoka in #2003
• Remove python bindings by @tokatoka in #2005
• Change when weighted scheduler make new table & don't update global metadata in on_remove/on_replace by @tokatoka in #2011
• Move HasMetadata/HasNamedMetadata trait to libafl_bolts by @tokatoka in #2016
• Bring back python bindings for sugar,qemu (partially revert #2005) by @domenukk in #2020
• bolts: time ticks for arm implementation. by @devnexen in #2032
• Introduces disabled testcases for splicing by @R9295 in #1932
• Implement user-space QEMU ASAN by @WorksButNotTested in #1806
• Dedup CentralizedEventManager's serialize_observers() by @tokatoka in #2034
• Add HasAdaptiveSerializer trait. by @tokatoka in #2040
• Add CPUArchStatePtr to backdoor signature by @rmalmain in #2038
• libafl_nyx: Add support for StdOutObserver by @l4yton in #2033
• Order differential generics alphabetically by @domenukk in #2044
• Rename HasAFLSchedulerMetadata to simply AflScheduler by @domenukk in #2043
• Introduce StdOutToMetadataFeedback and StdErrToMetadataFeddback by @l4yton in #2042
• Implement CanTrack - tracking enforcement through rust types by @addisoncrump in #1886

Fixes

• Remove unused create_anymap_for_trait macro (fixes #1719) by @domenukk in #1752
• Documentation fixes by @bet4it in #1761
• afl_cc llvm 18 build fixes by @devnexen in #1759
• More concolic fix by @tokatoka in #1776
• libafl_targets: fix typo in windows_asan feature by @gheorghitamutu in #1779
• Pr/fix qemu launcher build - fixes 1785 by @mkravchik in #1786
• Remove Aggregated label in stats by @andreafioraldi in #1788
• bolts: fix static mutable usage proposal. by @devnexen in #1793
• Disable QemuInjectionHelper if not configured by @WorksButNotTested in #1804
• Fix build issues in frida cmplog for aarch64 by @mineo333 in #1813
• Fix typo on qemu_launcher options help message by @rbran in #1816
• QEMU: Fix injections build for hexagon, disable on system mode by @domenukk in #1821
• Fixed Link in baby_fuzzer_nautilus by @Nereuxofficial in #1824
• OptionalStage is a nested stage by @addisoncrump in #1836
• Fix broken closure hooks in libafl_qemu by @andreafioraldi in #1839
• Fix libafl_qemu libqasan Makefile by @rbran in #1835
• fuzzers: Fix qemu_launcher zlib include path by @dergoegge in #1841
• Fix x86_32 build: Don't build functions using uint128_t data type on x86_32 by @RobertBuhren in #1854
• Fixing CI by @tokatoka in #1851
• Fix token mutation crash by @tokatoka in #1855
• Pr/xxh3 rrmxmx mixer fix by @mkravchik in #1828
• fix: TuiUI will cause deadlock problems under multi-threading. by @w1tcher in #1871
• Fix a corner case where bitmap_size = 0 leads to panic by @tokatoka in #1875
• Windows fix by @tokatoka in #1876
• Fix self.iterations underflow by @tokatoka in #1942
• Fix as_object UB discussed in #1748 by @domenukk in #1751
• Fix incorrect imports by @wtdcode in #1758
• Fix atheris fmt, clippy by @domenukk in #1769
• Fix sigint handlers by @tokatoka in #1772
• Fix export of afl-clang-fast if already in PATH by @d0ntrash in #1773
• Fix lint errors by @rmalmain in #1909
• Fix the centralize disconnection bug. by @tokatoka in #1896
• Fix inconsistent settings of client_timeout by @tokatoka in #1897
• Fix for #1881, ProbabilitySamplingScheduler seems to be inverted by @DanBlackwell in #1884
• Fix warning for deprecated syscall() in macOS by @Skryptonyte in #1911
• Fix redundant xor in Ngram calculation by @tokatoka in #1901
• fix(Dockerfile): allow running commands with docker run by @vringar in #1894
• fix(Dockerfile): setup for building libafl_qemu in Docker by @vringar in #1899
• Fix cast to c_void of a non-executor object. by @rmalmain in #1921
• Fix batched timeout by @tokatoka in #1920
• Fix UB in anymap.rs and other minor warnings. by @tokatoka in #1926
• Fix reproducibility of the docker image by @momvart in #1924
• fix AFL-Style UI errors when allowing the introspection feature by @ToSeven in #1986
• Fix os error printing in unix_shmem (#1406) by @am009 in #1935
• Fix libafl_qemu_sys unnecessarily rebuilding. by @rmalmain in #1938
• Fire events in append_metadata not in is_interesting by @tokatoka in #1936
• Fix self.restart_helper.execs_since_progress_start in calibration stage by @tokatoka in #1943
• Fix unwrap in qemu_systemmode example. by @rmalmain in #1954
• Fix libafl_qemu fuzzers not building in Docker by @rmalmain in #1966
• Fix EventManagerHook by @tokatoka in #1968
• Fix UpdateExecStats not sent to the main broker in centralized by @tokatoka in #1969
• batch_timeout: fix overflowing subtraction by @s1341 in #1976
• Fix OOM restarts with LlmpShouldSaveState by @andreafioraldi in #1974
• Fix non-generic inputs in libafl_qemu by @rmalmain in #1991
• Fix of libafl qemu runtime files by @rmalmain in #1996
• LLMP: Fix map size where allocated message is larger than the current map by @domenukk in #1997
• Update Dockerfile to work by @GanbaruTobi in #2008
• Fix GuestMaps in userspace LibAFL QEMU by @andreafioraldi in #2013
• Fix docs for frida (see #2025) by @domenukk in #2027
• Fix python bindings & example of LibAFL QEMU by @rmalmain in #2030
• Use child_status == 9 instead of 137 by @tokatoka in #2029
• Fix error handling in libafl_qemu_build by @vringar in #2036
• Fix GuestMaps iterator in LibAFL QEMU. by @rmalmain in #2041

New Contributors

• @bet4it made their first contribution in #1761
• @gheorghitamutu made their first contribution in #1779
• @djoooooe made their first contribution in #1811
• @hgarrereyn made their first contribution in #1717
• @rbran made their first contribution in #1816
• @skoriop made their first contribution in #1815
• @sameer made their first contribution in #1711
• @dergoegge made their first contribution in #1841
• @RobertBuhren made their first contribution in #1854
• @sadeli413 made their first contribution in #1868
• @w1tcher made their first contribution in #1871
• @Skryptonyte made their first contribution in #1911
• @vringar made their first contribution in #1894
• @R9295 made their first contribution in #1905
• @momvart made their first contribution in #1924
• @am009 made their first contribution in #1935
• @michael-yxchen made their first contribution in #1956
• @l4yton made their first contribution in #1960
• @GanbaruTobi made their first contribution in #1990

Full Changelog: 0.11.2...0.12.0