Module libafl::stages

Expand description

A Stage is a technique used during fuzzing, working on one crate::corpus::Corpus entry, and potentially altering it or creating new entries. A well-known Stage, for example, is the mutational stage, running multiple crate::mutators::Mutators against a crate::corpus::Testcase, potentially storing new ones, according to crate::feedbacks::Feedback. Other stages may enrich crate::corpus::Testcases with metadata.

Re-exports

pub use mutational::MutationalStage;

pub use mutational::StdMutationalStage;

pub use tracing::ShadowTracingStage;

pub use tracing::TracingStage;

pub use calibrate::CalibrationStage;

pub use power::PowerMutationalStage;

pub use power::StdPowerMutationalStage;

pub use generalization::GeneralizationStage;

pub use owned::StagesOwnedList;

pub use concolic::ConcolicTracingStage;

pub use concolic::SimpleConcolicMutationalStage;

pub use sync::*;

Modules

calibrate

The calibration stage. The fuzzer measures the average exec time and the bitmap size.

concolic

This module contains the concolic stages, which can trace a target using symbolic execution and use the results for fuzzer input and mutations.

generalization

The tracing stage can trace the target and enrich a testcase with metadata, for example for CmpLog.

mutational

Mutational stage is the normal fuzzing stage. For the current input, it will perform a range of random mutations, and then run them in the executor.

owned

A dynamic collection of owned Stages

power

The power schedules. This stage should be invoked after the calibration stage.

push

While normal stages call the executor over and over again, push stages turn this concept upside down: A push stage instead returns an iterator that generates a new result for each time it gets called. With the new testcase, you will have to take care about testcase execution, manually. The push stage relies on internal muttability of the supplied Observers.

sync

For the current input, it will perform a range of random mutations, and then run them in the executor.

tracing

The tracing stage can trace the target and enrich a testcase with metadata, for example for CmpLog.

Structs

ClosureStage

A Stage that will call a closure

PushStageAdapter

Allows us to use a push::PushStage as a normal Stage

Traits

Stage

A stage is one step in the fuzzing process. Multiple stages will be scheduled one by one for each input.

StagesTuple

A tuple holding all Stages used for fuzzing.