Trait libafl::fuzzer::Fuzzer

source ·

pub trait Fuzzer<E, EM, ST>: Sized + UsesStatewhere
    Self::State: HasClientPerfMonitor + HasMetadata + HasExecutions,
    E: UsesState<State = Self::State>,
    EM: ProgressReporter<State = Self::State>,
    ST: StagesTuple<E, EM, Self::State, Self>,{
    // Required method
    fn fuzz_one(
        &mut self,
        stages: &mut ST,
        executor: &mut E,
        state: &mut EM::State,
        manager: &mut EM
    ) -> Result<CorpusId, Error>;

    // Provided methods
    fn fuzz_loop(
        &mut self,
        stages: &mut ST,
        executor: &mut E,
        state: &mut EM::State,
        manager: &mut EM
    ) -> Result<CorpusId, Error> { ... }
    fn fuzz_loop_for(
        &mut self,
        stages: &mut ST,
        executor: &mut E,
        state: &mut EM::State,
        manager: &mut EM,
        iters: u64
    ) -> Result<CorpusId, Error> { ... }
}

Expand description

The main fuzzer trait.

Required Methods§

source

fn fuzz_one( &mut self, stages: &mut ST, executor: &mut E, state: &mut EM::State, manager: &mut EM ) -> Result<CorpusId, Error>

Fuzz for a single iteration. Returns the index of the last fuzzed corpus item. (Note: An iteration represents a complete run of every stage. Therefore it does not mean that the harness is executed for once, because each stage could run the harness for multiple times)

If you use this fn in a restarting scenario to only run for n iterations, before exiting, make sure you call event_mgr.on_restart(&mut state)?;. This way, the state will be available in the next, respawned, iteration.

Provided Methods§

source

fn fuzz_loop( &mut self, stages: &mut ST, executor: &mut E, state: &mut EM::State, manager: &mut EM ) -> Result<CorpusId, Error>

Fuzz forever (or until stopped)

source

fn fuzz_loop_for( &mut self, stages: &mut ST, executor: &mut E, state: &mut EM::State, manager: &mut EM, iters: u64 ) -> Result<CorpusId, Error>

Fuzz for n iterations. Returns the index of the last fuzzed corpus item. (Note: An iteration represents a complete run of every stage. therefore the number n is not always equal to the number of the actual harness executions, because each stage could run the harness for multiple times)

If you use this fn in a restarting scenario to only run for n iterations, before exiting, make sure you call event_mgr.on_restart(&mut state)?;. This way, the state will be available in the next, respawned, iteration.

Implementors§

source §

impl<CS, E, EM, F, OF, OT, ST> Fuzzer<E, EM, ST> for StdFuzzer<CS, F, OF, OT>where CS: Scheduler, E: UsesState<State = CS::State>, EM: ProgressReporter + EventProcessor<E, Self, State = CS::State>, F: Feedback<CS::State>, OF: Feedback<CS::State>, CS::State: HasClientPerfMonitor + HasExecutions + HasMetadata + HasCorpus + HasTestcase, ST: StagesTuple<E, EM, CS::State, Self>,