Expand description
A Stage
is a technique used during fuzzing, working on one crate::corpus::Corpus
entry, and potentially altering it or creating new entries.
A well-known Stage
, for example, is the mutational stage, running multiple crate::mutators::Mutator
s against a crate::corpus::Testcase
, potentially storing new ones, according to crate::feedbacks::Feedback
.
Other stages may enrich crate::corpus::Testcase
s with metadata.
Re-exports
pub use mutational::MutationalStage;
pub use mutational::StdMutationalStage;
pub use tmin::MapEqualityFactory;
pub use tmin::MapEqualityFeedback;
pub use tmin::StdTMinMutationalStage;
pub use tmin::TMinMutationalStage;
pub use tracing::ShadowTracingStage;
pub use tracing::TracingStage;
pub use calibrate::CalibrationStage;
pub use power::PowerMutationalStage;
pub use power::StdPowerMutationalStage;
pub use generalization::GeneralizationStage;
pub use owned::StagesOwnedList;
pub use concolic::ConcolicTracingStage;
pub use concolic::SimpleConcolicMutationalStage;
pub use sync::*;
Modules
The calibration stage. The fuzzer measures the average exec time and the bitmap size.
This module contains the
concolic
stages, which can trace a target using symbolic execution
and use the results for fuzzer input and mutations.The tracing stage can trace the target and enrich a testcase with metadata, for example for
CmpLog
.Mutational stage is the normal fuzzing stage.
For the current input, it will perform a range of random mutations, and then run them in the executor.
A dynamic collection of owned Stages
The power schedules. This stage should be invoked after the calibration stage.
While normal stages call the executor over and over again, push stages turn this concept upside down:
A push stage instead returns an iterator that generates a new result for each time it gets called.
With the new testcase, you will have to take care about testcase execution, manually.
The push stage relies on internal muttability of the supplied
Observers
.For the current input, it will perform a range of random mutations, and then run them in the executor.
The
TMinMutationalStage
is a stage which will attempt to minimize corpus entries.The tracing stage can trace the target and enrich a testcase with metadata, for example for
CmpLog
.Structs
A
Stage
that will call a closureAllows us to use a
push::PushStage
as a normal Stage
The
SkippableStage
wraps any Stage
so that it can be skipped, according to a condition.Enums
The decision if the
SkippableStage
should be skippedTraits
A stage is one step in the fuzzing process.
Multiple stages will be scheduled one by one for each input.
A tuple holding all
Stages
used for fuzzing.