0.10.0

Highlights

• AFL++'s Redqueen implementation
• New Scheduler method to run on evaluation
• EcoFuzz implementation
• Integration with CASR for deduplication
• Input loading from disk API moved to Corpus (this allows Corpora to be backed by network or databases)
• Batch mode timeout algorithm with lower syscall overhead (Linux only)
• Logic stages to enable and disable stages conditionally
• Full AFL++ forkserver support
• New WASM fuzzing example

What's Changed

• Change to combine restoration prologue with coverage register spill by @WorksButNotTested in #1029
• Remove unused imports by @tokatoka in #1035
• Add information about system mode QEMU by @domenukk in #1038
• Restart loading initial inputs even after a crash/timeout by @andreafioraldi in #1040
• Allow to load a list of files by @domenukk in #1044
• libafl: with_capacity method for NewHashFeedback by @langston-barrett in #1034
• Update deps for libafl by @rchildre3 in #1042
• libafl: Increase default capacity of NewHashFeedback by @langston-barrett in #1049
• Rename LLMP Timeout message by @tokatoka in #1048
• Send stability in calibration stage & FridaInstrumentationHelper retunrs Result<Self, Error> by @tokatoka in #1056
• Revert FridaInstrumentationHelper changes by @tokatoka in #1062
• Colorization stage by @tokatoka in #1039
• Remove unused deps by @tokatoka in #1069
• Use the log facade instead of println by @fabianfreyer in #1060
• QEMU: do not crash in helpers pre and post execs by @andreafioraldi in #1065
• Add stub lib for fuzzbench by @andreafioraldi in #1074
• minibsod solarish on amd64 implementations by @devnexen in #1068
• Use Instant::now instead of duration by @SpaceWhite in #1064
• Forkserver: 1. Add mem barrier 2. Don't send the initial 4 bytes message when it uses dynamic map option only by @tokatoka in #1073
• Add a missing condition for FS_OPT_MAPSIZE by @tokatoka in #1076
• CorpusMinimizer opt: don't add to map if it's the initial value (uninteresting) by @addisoncrump in #1078
• Make sure input was loaded to avoid panic on unwrap in MutatedTransform by @f0rki in #1077
• Weak link token section by @tokatoka in #1080* Use GuestAddr in QemuInstrumentationFilter by @andreafioraldi in #1085
• Move bytecount to dev-dependencies by @rchildre3 in #1090
• Exit broker when last client exits by @domenukk in #1057
• libafl: Generator instance for Iterator by @langston-barrett in #1101
• Cleanup forkserver exec builder by @clesmian in #1094
• UsesObserver by @tokatoka in #1104
• Add example for WASM by @addisoncrump in #1093
• on_evaluation Scheduler method by @andreafioraldi in #1106
• Real OnDiskCorpus by @domenukk in #1096
• Remove unnecessary check in calibration stage by @tokatoka in #1111
• Track parent testcase, tuneable stage probabilistic settings by @domenukk in #1081
• Implement EcoFuzz by @andreafioraldi in #1115
• Use a different crash history in forkserver examples by @arpankapoor in #1118
• SimpleLogger by @tokatoka in #1109
• Cargo feature to avoid regex dependency by @langston-barrett in #1102
• Forward on_evaluation callback in MinimizerScheduler by @EliaGeretto in #1122
• Use InMemoryCorpus in libfuzzer_libpng by @tokatoka in #1125
• Check CI result on cargo make test for available fuzzers by @SpaceWhite in #1107
• Improve find_llvm for MacOS by @Marcondiro in #1124
• Increase LLMP clients timeout to 5 min by @andreafioraldi in #1126
• Define custom collectors for QemuCallTracerHelper by @andreafioraldi in #1099
• Use regex feature in libafl_qemu by @andreafioraldi in #1127
• Safer EoP handling by @domenukk in #1128
• Allows libafl tests to run in miri by @domenukk in #1130
• Allow take the ownership of the BytesInput by @wtdcode in #1135
• Resolve zero-sized allocation in swap diff fuzzer by @addisoncrump in #1139
• AFL++ RedQueen by @tokatoka in #1087
• Added Truncate trait by @domenukk in #1141
• Make it explicit that clang/clang++ is needed by @tokatoka in #1142
• Created functions to get the metadata from State and Testcase by @matheusbaptistella in #1123
• Rename MetaData to Metadata by @tokatoka in #1144
• Create SchedulerTestcaseMetadata if it doesn't exist by @domenukk in #1151
• Implement From for usize by @domenukk in #1152
• Logic stages by @tokatoka in #1148
• IfStage by @tokatoka in #1157
• checks the presence of clang frontends. by @devnexen in #1158
• new metadata() and testcase() function added to the code by @matheusbaptistella in #1155
• Removed new_ from constructors that don't need it (API consistency) by @domenukk in #1159
• Don't build z3 from source by default (and add static_z3 feature) by @domenukk in #1160
• Remove duplicate lines in attributes by @bkrl in #1165
• libafl_frida run executable by @SpaceWhite in #1117
• fix UB in baby_fuzzer_grimoire by @Vincebye in #1166
• Install libz3-dev in CI by @domenukk in #1163
• Solves issue #1137 by @arimallick in #1168
• core_affinity freebsd constants are included in libc now. by @devnexen in #1170
• Remove libfuzzer_stb_image_sugar for now by @tokatoka in #1177
• Implement restarting without serializing the corpus by @andreafioraldi in #1182
• add readme documentation description about the tui feature by @Vincebye in #1198
• CASR deduplication for StacktraceObservers by @anfedotoff in #1184
• Use observers to handle crashes in run_target for TimeoutForkserverExecutor by @anfedotoff in #1189
• Bump to 0.10.0 by @andreafioraldi in #1156
• Removed more new_ (follow-up on #1159) by @domenukk in #1200
• qemu: Return errors from Emulator::new instead of asserting by @langston-barrett in #1197
• libafl: Copy-editing LLMP manager docstrings by @langston-barrett in #1208
• libafl: Mark buffer_{self_,}copy as unsafe, don't export them by @langston-barrett in #1207
• Tuneable stage with per-seed timeout by @domenukk in #1209
• Example fuzzers with even less UB by @domenukk in #1212
• serial_test as normal optional dep enabled with std by @andreafioraldi in #1215
• Batch mode timeouts (Linux only ATM) by @andreafioraldi in #1193
• Move Input loading and dumping APIs from Testcase to Corpus by @domenukk in #1201

Fixes

• Fix readme position in qemu sys by...

0.9.0

Highlights

• Userspace snapshot-fuzzing using libafl_qemu
• QEMU system mode fuzzing with fast snapshots
• Tuneable Stage, Scheduler, ScheduledMutator to change behavior on the fly
• Differential observers
• SyncFromBrokerStage to sync from a broker with a different Input type
• Introduce stable CorpusId to remove/update entries in Corpus
• Forkserver support to AFL++ adaptive map size and CmpLog
• Tinyinst binary-only instrumentation support
• New logo

What's Changed

• Calling original UnhandledExceptionFilter in the hook by @expend20 in #832
• token mutations: set MutationResult for CmpValues::Bytes by @Mrmaxmeier in #838
• Bump Nyx-QEMU to resolve GTK configuration by @rchildre3 in #837
• Install no_std nightly toolchain by @domenukk in #847
• Refactor QEMU snapshot helper and add mmap memory limit by @andreafioraldi in #844
• CI: Build fuzzers with shared cargo target dir by @Mrmaxmeier in #845
• Expose OUT_DIR for compiler passes to other components by @domenukk in #840
• DiffExecutor has two observers by @elManto in #843
• Set persistent mode env variables. by @tokatoka in #852
• Refactor Output Observers by @domenukk in #856
• Associated types for Corpus, State by @domenukk in #767
• Implement thread-safe AsanGiovese in Rust with snapshots support by @andreafioraldi in #851
• Disabling qemu dependecies for qemu fullsystem by @TeumessianFox in #737
• dump_registers update on netbsd x86_64 arch. by @devnexen in #863
• Remove fuzzbench_weighted and update fuzzbench by @andreafioraldi in #865
• Delete blob and add CI check by @andreafioraldi in #867
• dump_register/write_crash for freebsd arm64 by @devnexen in #870
• Monitor to export fuzzer metrics to Prometheus server by @peterwhitingyb in #875
• More Associated Types by @domenukk in #881
• Remove unused stage stub by @domenukk in #882
• stdio observers should use bytes, not strings by @langston-barrett in #885
• Reworked Docs, add missing files by @domenukk in #888
• Forkserver: support File input, update clap by @pr0me in #880
• Add standalone toolchain link to frida_libpng by @domenukk in #890
• FuzzbenchDumpStage in fuzzbench_text to dump the grimoire inputs as bytes for the fuzzbench measurers by @andreafioraldi in #869
• Tuneable Stage, Scheduler, ScheduledMutator by @domenukk in #874
• Pthread introspection hook (extends #263) by @fabianfreyer in #891
• More precise handling of libafl_cc dll_extensions by @domenukk in #892
• forkserver support attempt on freebsd by @devnexen in #898
• mopt: seed from state rand instead of current_nanos by @Mrmaxmeier in #902
• autotokens pass set elf section on other unixes too by @devnexen in #900
• Update observer.md by @Jorgecmartins in #904
• Adding DrCov for qemu by @TeumessianFox in #878
• Differential observers by @VTCAKAVSMoACE in #868
• Forksrv adaptive map size and AFL++ CmpLog support by @andreafioraldi in #896
• Save and restore CPU state in libafl_qemu by @andreafioraldi in #907
• libafl_frida: Point to in-repo docs from API docs by @langston-barrett in #886
• emu::current_cpu() is now the CPU that hitted the breakpoint in fullsystem by @andreafioraldi in #910
• libafl_qemu_sys and libafl_qemu_build to have bindgen with QEMU by @andreafioraldi in #915
• Add ValueObserver, an observer for a single value by @langston-barrett in #923
• Handle broker-to-broker connection interruptions more gracefully by @omergreen in #921
• SIGINT handlers, and Release StateRestorer shmem by @tokatoka in #894
• [Windows] Setup ASAN death callback by @tokatoka in #908
• TinyInst by @tokatoka in #854
  #931
• libafl: Remove set_initial, initial_mut from MapObserver trait by @langston-barrett in #932
• [Windows] Handle crashes without exception by @maxammann in #912
• Fast device+mem QEMU snapshots by @andreafioraldi in #930
• CI: Only test fuzzers with diffing deps by @andreafioraldi in #940
• disable libafl's default features in libafl-frida by @omergreen in #939
• Add mips support for QemuTracerHelper by @Sparrrgh in #941
• Deduplicate crash handlers by @tokatoka in #951
• [Windows] Add libfuzzer example for windows with ASAN by @maxammann in #934
• Make stalker.exclude() configurable from command line arguments by @tokatoka in #956
• Remodelling Observers/Examples that rely on UB by @domenukk in #950
• SimpleMonitor optionally with user_monitor stats by @TeumessianFox in #970
• Forkserver example with forkserver.c (#726) by @ergrelet in #973
• Remove declare -A by @tokatoka in #976
• Better MIPS register naming by @Sparrrgh in #977
• book review part2 by @hexcoder- in #980
• Book: Explain SymCC constraint solving (follow up on #980) by @domenukk in #986
• Changes to improve FRIDA x64 performance by @WorksButNotTested in #985
• Corpus maps by @andreafioraldi in #947
• OnDiskCorpus: Write metadata by default, metadata gzip compression by @domenukk in #995
• stacktrace: Use unresolved backtrace call by @arafel in #1002
• Optimization of FRIDA instrumentation for AARCH64 by @WorksButNotTested in #989
• SyncFromBrokerStage to sync from a broker with a different Input type by @andreafioraldi in #997
• TinyInst Update by @tokatoka in #968
• LLMP Message Timeout by @domenukk in #1005
• Introduce MutatorId, Tuneable fixes by @domenukk in #1022
• libafl_frida: Allow compilation for iOS by @fabianfreyer in #1023
• New Logo by @domenukk in #1025
• Python CI by @domenukk in #1024
• Remove {update,clear}_hash from ObserverWithHashField, add hasher (extending #1019) by @domenukk in #1028

##Fixes

• check_for_blobs.sh: respect gitignore by @Mrmaxmeier in #876
• Fix windows timeout by @tokatoka in #842
• Fix memory leaks and module instrumentation in frida_gdiplus by @khang06 in #841
• Fix aarch64 read_time_counter() by @tokatoka in #849
• CI: small fixes by @Mrmaxmeier in #855
• Fix launcher to work with returning run_client functions by @eknoes in #860
• sort of fix core affinity on mac arm64 by @devnexen in #873
• fixing freebsd unused import warning in core affinity. by @devnexen in #897
• Fix QEMU systemmode fuzzing by @alwinber in #883
• Update and fix concolic support by @julihoh in #901
• Fix scores when using on_replace by @VTCAKAVSMoACE in https://github.com/AFL...

0.8.2

Highlights

• NYX bridge with LibAFL with libafl_nyx by @syheliel
• JSON logging monitor by @eknoes
• Testcase and corpus minimizers by @VTCAKAVSMoACE
• TimeoutInprocessForkExecutor by @tokatoka
• Builds on various *nix operating systems by @devnexen

What's Changed

• New Pass Manager Arguments in #724
• Core affinity implementation for freebsd by @devnexen in #736
• NYX Executor (GSoC '22) by @syheliel in #693
• OSX force_load option in #743
• Add continous JSON Logging monitor by @eknoes in #738
• Netopenbsd build fix by @devnexen in #746
• follow-up on netbsd build fix, simplification. by @devnexen in #750
• Add test case minimising stage by @VTCAKAVSMoACE in #735
• Implement a corpus minimiser by @VTCAKAVSMoACE in #739
• Skippable stage, generator wrapper for Grimoire in #748
• MapFeedback: Adding support for with_name() by @TeumessianFox in #752
• dragonflybsd build fix for core affinity. by @devnexen in #753
• CI for FreeBSD in #754
• core affinity for FreeBSD pinning task to the wanted cpu by @devnexen in #756
• Do not zero-init struct in QEMU in #758
• adjust NyxExecutor trait bound to HasTargetBytes from HasBytesVec by @tcheinen in #760
• libafl_frida ASan hook adding apple's memset_pattern* api. by @devnexen in #761
• frida follow up on previous change for apple. by @devnexen in #763
• Add track_stability option to CalibrationStage in #781
• Dump registers on freebsd amd64 by @devnexen in #779
• Builds on Illumos, by @devnexen in #775
• reduces warnings when only version output is asked. by @devnexen in #778
• Extend gramatron recursive mutator to recurse 5 times in #783
• Dump registers on NetBSD amd64 by @devnexen in #786
• Add support for ARMBE8 by @WorksButNotTested in #768
• Dump reg for openbsd by @devnexen in #787
• Windows gdiplus by @expend20 in #789 & #792
• Remove clang download from windows CI by @expend20 in #791
• write_crash netbsd implementation by @devnexen in #788
• bolts::cpu::read_time_counter on arm64 by @devnexen in #790
• Add ability to use virtual dispatch to stagesTuple by @radl97 in #801
• Adding CPSR register for arm qemu emulation by @TeumessianFox in #800
• Enable additional rustc errors in test only in #809
• Adding fork feature passing from libafl_qemu to libafl crate by @TeumessianFox in #806
• Hide prelude behind feature flag in #782
• TimeoutInprocessForkExecutor in #797
• Fixes typo and grammar in spawn_instances.md doc by @Emauz in #811
• Minor changes for linux without fork feature by @TeumessianFox in #814
• Hook IsProcessorFeaturePresent to crash with STATUS_STACK_BUFFER_OVERRUN exception by @expend20 in #804
• Added Hacking TMNF blogpost to Resources in #819
• Moving to named parameters in format strings in #827

Fixes

• Unbreak tui with 1 client by @nicklangsysdig in #734
• Fix autotokens doc in #751
• Fix spelling error by @AidenRHall in #745
• Fix documentation error by @Lancern in #747
• Add doc for nyx by @syheliel in #759
• Fix cargo doc failed on windows by @SpaceWhite in #762
• Fix forkserver options in #771
• Stability improvements in #773
• Fix len miscalculation in grimoire string replace in #794
• Disable ObserversOwnedMap due to new Rust error in #807
• Fix FreeBSD CI in #820
• Backport AFL++ issue #1548 in #826
• Various Doc and CI fixes by @andreafioraldi, @tokatoka, @domenukk, @thebendavis, @Emauz

New Contributors

• @nicklangsysdig made their first contribution in #734
• @AidenRHall made their first contribution in #745
• @Lancern made their first contribution in #747
• @VTCAKAVSMoACE made their first contribution in #735
• @tcheinen made their first contribution in #760
• @SpaceWhite made their first contribution in #762
• @WorksButNotTested made their first contribution in #768
• @thebendavis made their first contribution in #796
• @radl97 made their first contribution in #801
• @Emauz made their first contribution in #811

Full Changelog: 0.8.1...0.8.2

0.8.1

Highlights

• Qemu arm launcher example by @TeumessianFox in #708
• Windows support for LLVM passes by @abgeana in #710
• Mac OS Autotokens by @tokatoka #723
• Raw API for full-system libafl_qemu by @andreafioraldi in #692

Further Changes

• Prelude module by @andreafioraldi in #709
• Change StdWeightedScheduler API by @tokatoka in #712
• Add HitcountsIterableMapObserver, rename AsMutIter to AsIterMut by @domenukk in #713
• Updated requirements in #714 & #715
• Remove num_cpus dependency by @domenukk in #717
• Deriving Clone for NopMonitor by @z2-2z in #721
• add rustfmt.toml by @syheliel in #722

Fixes

• Update fuzzbench_weighted to EXPLORE, fix linking by @tokatoka in #707
• Fix Autotokens by @tokatoka in #706
• Fix SIGILL handling in libafl_qemu by @andreafioraldi in #711
• Resize MapFeedbackMetadata with observer.initial() by @tokatoka in #718
• Simd Fix by @tokatoka in #729
• fix typo in aarch64.rs by @zuypt in #731

New Contributors

• @zuypt made their first contribution in #731

Full Changelog: 0.8.0...0.8.1

0.8.0

Highlights

• Graphical TUI Monitor based on tui-rs (#480)
• Differential Fuzzing Support: Differential executor, diff feedback, stdio observers (#521)
• Grimoire structured fuzzing support (#487)
• LLVM AutoTokens (#470)
• Much simpler API for feedback states (#627)
• Switched all example fuzzers from Makefiles to cargo-make (#537)
• libafl::Error can generate Backtraces (#617)
• Refactored libafl Python (#632)
• [libafl_frida] Enabled ASan for Apple (#478)
• [libafl_qemu] snapshot fuzzing (#484)
• [libafl_qemu] custom GDB commands for LibAFL (#671)

Further Changes

• Rework ShMem by @domenukk in #472
• libfuzzer-like repro arguments for fuzzbench by @andreafioraldi in #475
• Add AsSlice, AsMutSlice traits, refactor MapObservers to be iterable, and have associated types by @domenukk in #477
• [libafl_qemu] map_fixed and mprotect target memory by @evanrichter in #483
• AnyMap and owned collections of Observers and Stages by @andreafioraldi in #491
• [libafl_qemu] simplify emu::{read,write}_mem by @evanrichter in #496
• Expose more options to python qemu sugar by @epi052 in #492
• [libafl_qemu] GuestAddr type by @evanrichter in #501
• extend python forkserver api by @epi052 in #500
• Add options parser by @epi052 in #493
• Implement backtrace observers for crash dedupe by @yussf in #379
• Builder for CommandExecutor & Tokens Refactoring by @domenukk in #508
• Coverage accounting (BB metric atm) by @andreafioraldi in #507
• Frida Runtime Tuples by @tokatoka in #457
• frida-asan: Throw an exception on a failed new instead of just returning null by @s1341 in #512
• libafl_cc: -fsanitize=fuzzer is an alias to --libafl by @andreafioraldi in #518
• Non weak default sanitizers options functions by @andreafioraldi in #519
• Set map observers initial value to T::default() on creation by @andreafioraldi in #520
• Forkserver builder by @tokatoka in #523
• Autodict forkserver by @tokatoka in #525
• Github workflows frida build on windows by @tokatoka in #536
• Initial support to Python bindings for the libafl crate by @faroukfaiz10 in #429
• Walk the map observer using as_ref_iter() in the map feedback by @andreafioraldi in #535
• libafl_qemu decouple hooks from the executor and QemuForkExecutor by @andreafioraldi in #528
• [libafl_qemu] EasyElf::resolve_symbol return GuestAddr by @evanrichter in #540
• Add signal option to forkserver_simple by @tklengyel in #548
• Closure hooks and on thread create hook by @andreafioraldi in #542
• afl_exec_sec feature to count executions per second in the same way as AFL (sliding window), disabled by default by @andreafioraldi in #555
• Add function call level granularity for coverage accounting by @shouc in #552
• Add probabilistic sampling corpus scheduler by @shouc in #544
• Dump Control Flow Graph in AFLCoverage LLVM Pass by @shouc in #557
• Weighted corpus entry selection by @tokatoka in #570
• Set the number of stacked mutations in MOpt mutator by @tokatoka in #587
• Powerschedule::RAND by @tokatoka in #596
• Use ucontext from bolts::os::unix_signals for armv7 support by @pr0me in #612
• Update clap by @tokatoka in #621
• adding equivalent arm32 syscall for qemu snapshot by @elbiazo in #628
• Cmplog New Pass Manager & LLVM 14 Fixes by @tokatoka in #626
• Added autofix script by @domenukk in #639
• Moved to no_std preamble by @domenukk in #643
• Drop the build_id depedency and move to bolts by @andreafioraldi in #649
• Make OutFile auto-remove refcounted on drop by @domenukk in #654
• Windows-rs Update by @tokatoka in #657
• Moved core_affinity to bolts by @domenukk in #655
• Windows CI for frida by @tokatoka in #658
• C forkserver logic in libafl_targets by @andreafioraldi in #650
• Apple aarch64 fixes by @domenukk in #660
• LIBAFL_DEBUG_OUTPUT in Launcher and OnDiskTOMLMonitor to create fuzzer_stats by @andreafioraldi in #666
• Generating core ids based on the actual count of logical cores by @wizche in #669
• CustomBuf Events to exchange any data between fuzzers by @domenukk in #672
• New hooks for libafl_qemu by @andreafioraldi in #673
• Extend weighted scheduler by @tokatoka in #685
• TUI monitor no longer breaks the terminal if main thread panics by @TeumessianFox in #699

New Contributors

• @sagittarius-a made their first contribution in #488
• @epi052 made their first contribution in #492
• @yussf made their first contribution in #379
• @tklengyel made their first contribution in #548
• @shouc made their first contribution in #552
• @syheliel made their first contribution in #564
• @h1994st made their first contribution in #606
• @WilliamParks made their first contribution in #623
• @aoli-al made their first contribution in #616
• @elbiazo made their first contribution in #628
• @peamaeq made their first contribution in #637
• @wizche made their first contribution in #669
• @z2-2z made their first contribution in #688
• @Scepticz made their first contribution in #675
• @TeumessianFox made their first contribution in #699

Full Changelog: 0.7.1...0.8.0

0.7.1

Highlights

• a new libafl_qemu API for binary-only fuzzing
• heaps of fixes for libafl_frida and better Windows support
• MiMalloc allocator for speed and stability in examples
• Less (!) generics
• Message-passing fixes for aarch64

What's Changed

• Windows timeout fix with critical sections by @tokatoka in #391
• Symcc submodule referencing a path by @domenukk in #411
• Fix timeout type from u32 to i64 in windows TimeoutExecutor by @tokatoka in #414
• Fix forkserver_simple clap issue by @tokatoka in #412
• Fix Clap about() issue by @tokatoka in #417
• Debug output for forkserver by @andreafioraldi in #413
• Reworking example fuzzers to use Structopt instead of yaml, and introduced Cores API by @domenukk in #420
• Fix makefile for frida_libpng by @domenukk in #422
• Various fixes for CI by @domenukk in #423
• Open the stdout-file once by @s1341 in #419
• Use AddVectoredExceptionHandler to register exception handlers by @tokatoka in #403
• Frida Refactor: Separate Frida other helper functions into each Runtime by @tokatoka in #418
• Implement AflMap by @vanhauser-thc in #416
• Frida shadow fix by @tokatoka in #425
• Fix frida-mode for debug builds, ensure it will continue to work on release builds by @s1341 in #427
• Other/User defined WIndows Exceptions by @tokatoka in #402
• Refactor libafl_qemu creating the Emulator struct and post syscall hooks by @andreafioraldi in #430
• Drcov remodelling by @domenukk in #415
• DrCov Runtime by @tokatoka in #432
• Implement max total allocation size for frida asan by @s1341 in #433
• Fix strncmp hook to only check the length of the needle string by @s1341 in #434
• [libafl_qemu] fix build.rs by @evanrichter in #435
• Frida various fixes by @s1341 in #436
• Use MiMalloc for fuzzbench fuzzer by @tokatoka in #439
• Add errors for missing Docs, add Docs by @domenukk in #440
• [libafl_qemu] prevent unneeded build.rs runs by @evanrichter in #441
• Updated dependencies by @domenukk in #443
• Derive debug for all structs in LibAFL by @domenukk in #442
• Cpu atomics for LLMP by @domenukk in #438
• [libafl_qemu] fix i386 Regs values by @evanrichter in #444
• Various fixes related to frida mode by @s1341 in #445
• Fix a typo in TODO.md by @yerke in #450
• Reorder type parameters in the correct order by @tokatoka in #449
• Disable pita 🥙 compiler in debug mode by @domenukk in #454
• Move to clap 3.0 by @domenukk in #447
• Add OwnedSlice::RefRaw to keep track of raw pointers by @domenukk in #448
• Reduce generics for various Has* traits by @evanrichter in #456
• Use UserStats for Stability by @tokatoka in #451
• Optional signal value to kill forked processes on timeout by @v-p-b in #461
• Fix windows build by @tokatoka in #462
• Asan fix by @tokatoka in #460
• Add --libaf-no-link to libafl_cc by @andreafioraldi in #464
• Shadow bit by @tokatoka in #455
• Bump to 0.7.1 by @andreafioraldi in #465
• Add --libafl arg in libafl_cc and enable it for fuzzbench by @andreafioraldi in #466
• Bump libafl_frida to 0.7.1 by @andreafioraldi in #467
• Bump libafl_sugar to 0.7.1 by @andreafioraldi in #468

New Contributors

• @yerke made their first contribution in #450
• @v-p-b made their first contribution in #461

Full Changelog: 0.7.0...0.7.1

0.7.0

What's Changed

• process crash handler, dump registers on macos arm64 by @devnexen in #271
• initial book entry for concolic by @julihoh in #257
• renamed target_os macos to target_vendor apple by @domenukk in #273
• Fix shmem on android by @s1341 in #272
• Symcc runtime docsrs fix by @julihoh in #270
• Build LibAFL Android in CI by @domenukk in #275
• Refactor configurations with EventConfig by @andreafioraldi in #277
• Token level fuzzing by @andreafioraldi in #274
• openbsd port. by @devnexen in #279
• Fix _LLMP_BIND_ADDR for Windows by @tokatoka in #285
• Build id configuration in std by @andreafioraldi in #286
• Use external, custom time function for no_std environments by @bitwave in #281
• ShMem server race-condition fix for #276 by @domenukk in #278
• Add core_id to launcher run_client closure signature by @s1341 in #290
• PowerSchedule::COE fix by @tokatoka in #295
• added write_file_atomic against ondisk corpus races by @domenukk in #294
• armv7 support: add ucontext struct definition by @pr0me in #297
• cbz, tbz, tbnz support for aarch64 cmplog by @domenukk in #298
• Qemu as lib by @andreafioraldi in #301
• WIP: added unfinished no_std docs by @bitwave in #282
• Example how to build baby-fuzzer as push instead of pull, using Klo-routines by @domenukk in #227
• Python basic bindings for sugar and qemu by @andreafioraldi in #302
• Book refactoring and update by @andreafioraldi in #280
• Fixed CI by ignoring python, resolved multiple warnings by @domenukk in #303
• Fix default UBSan options and avoid timeouts in crash handler by @andreafioraldi in #304
• Qemu new syscall hook and more python API by @andreafioraldi in #306
• Still fixing CI by @domenukk in #305
• Frida windows by @tokatoka in #287
• Qemu Helpers and basic snapshotting by @andreafioraldi in #310
• Allowlist and denylist for QEMU edges and cmps by @andreafioraldi in #311
• Qemu partial instr fix by @andreafioraldi in #312
• Qemu generic hooks by @andreafioraldi in #313
• Python generic qemu hook by @andreafioraldi in #314
• dumping process address maps on netbsd too by @devnexen in #316
• fix tutorial fuzzer by @julihoh in #323
• remove libafl_tests by @tokatoka in #324
• concolic optional runtime by @julihoh in #319
• init git submodule for symcc for symcc_runtime crate when publishing by @julihoh in #321
• don't include all of libafl for symcc_runtime by default by @julihoh in #320
• delayed checkout in ci by @domenukk in #326
• add ability to trace location information in concolic tracer by @julihoh in #322
• update packages related to concolic by @julihoh in #325
• 32 bit arm regs by @domenukk in #315
• update deps by @julihoh in #327
• Fix Typo. by @intrigus-lgtm in #330
• Error message in most likely case of using NONASAN and ASAN fuzzers using the same Fuzzer config by @marcinguy in #329
• Gramatron by @andreafioraldi in #332
• fixes for frida mode for win and checks in rust 1.56 by @domenukk in #334
• fix concolic nofloat filter by @julihoh in #333
• add support for aarch64 in libafl_qemu by @abgeana in #335
• Minor doc fixes by @faroukfaiz10 in #339
• Port gramatron preprocessing to Rust by @andreafioraldi in #341
• Atheris example to fuzz Python Code by @domenukk in #300
• Fix warnings for windows by @tokatoka in #344
• Fix #344 by @tokatoka in #345
• Upgrade to Rust 2021 Edition by @jamcleod in #340
• MultiMapObserver and sancov 8bit-counters instrumentation by @andreafioraldi in #343
• Fix double borrow mut in CachedOnDiskCorpus by @andreafioraldi in #347
• Frida Address Sanitizer for x86_64 by @tokatoka in #331
• Refcnt for MapIndexesMetadata by @andreafioraldi in #348
• Fix the number of clients spawned by @tokatoka in #349
• Minor readme improvement in frida_libpng fuzzer. by @expend20 in #350
• Fix Numbering in Docs by @expend20 in #354
• Fix cfgs for frida asan by @tokatoka in #353
• Fork feature flag to disable fork in Launcher by @domenukk in #351
• Bridge grammartec from Nautilus to libafl by @andreafioraldi in #342
• Fix MaxReducer docstring by @eknoes in #357
• remove unused const hashing mode by @domenukk in #358
• Fixed potential unsoundness due to Rc threading for ShMemProvider by @domenukk in #355
• Add minibsod by @s1341 in #362
• Cmplog instrumentation by @OmreeBenari in #363
• Launch every 100ms by @s1341 in #364
• Fix cfg directives for frida-asan by @s1341 in #365
• make dump_registers method public by @domenukk in #367
• frida-asan: Support different names for the libc++ shared object when hooking by @s1341 in #370
• Support suppression of hooked functions by @s1341 in #369
• Mutational Push Stage by @domenukk in #356
• implemented MapMaxPow2Feedback by @domenukk in #371
• Renamed Stats to Monitors by @domenukk in #373
• Fix staterestore by @tokatoka in #375
• Disk sync by @andreafioraldi in #377
• Reachability fuzzer fix by @tokatoka in #346
• Fix api by @tokatoka in #376
• Frida Refactor: Split FridaHelper into each Runtime by @tokatoka in #368
• AddressSanitizer for libafl_qemu by @andreafioraldi in #378
• Clippy fixes for main by @domenukk in #385
• libafl_qemu cpu_target cfg by @andreafioraldi in #383
• Delete "We're a client, let's fuzz :)" from lib by @tokatoka in #384
• Push stage trait by @domenukk in #380
• Frida Refactor: Frida executor by @tokatoka in #374
• Cmplog instrumentation by @OmreeBenari in #382
• InProcessHandlers by @andreafioraldi in #387
• Qemu fixes and syscalls for every supported arch by @andreafioraldi in #386
• Fix by @tokatoka in #388
• More LLVM passes from AFL++ by @andreafioraldi in #394
• dump_registers and write_crash for armv7 by @pr0me in #393
• make map debuggable by @domenukk in #396
• Ignored qemu fuzzer for non-linux by @domenukk in #397
• better forkserver example by @tokatoka in #3...

0.6.0

• libafl_qemu with CmpLog, syscalls hooks and more
• Refactor MOpt
• CachedOnDiskCorpus to have an in-memory cache while saving testcases on disk
• libafl_sugar with builder patterns to create common fuzzers
• Concolic Tracing (libafl_concolic @julihoh GSOC 2021)
• InProcessForkExecutor
• ForkserverExecutor shared mem testcase
• TimeoutExecutor for win32
• AFLFast power schedules (@tokatoka GSOC 2021)
• Fix shared memory on macOS

0.5.0

• LLVM passes support in libafl_cc
• Support to routines arguments in CmpLog
• We don't enforce serde on Observer anymore
• MOpt stage and mutator (@tokatoka GSOC 2021)
• Fix link issue when using the Libfuzzer layer and libafl_cc
• Fix some macOS build issues

0.4.0

• CmpLog instructions instrumentation for SanCov and Frida
• Naive Input-to-state mutator using the CmpLog metadata
• Generalize InProcessExecutor to a generic Input trait
• MultiStats stats display
• TimeoutForkserverExecutor
• Shadow Executor and Stage
• Single threaded restartable EventManager
• Configurations in EventManager
• Remove HasExecHooks
• Decouple broker from LlmpEventManager
• New fuzzers: Generic libfuzzer, Fuzzbench