Module stages

Help

Expand description

A Stage is a technique used during fuzzing, working on one crate::corpus::Corpus entry, and potentially altering it or creating new entries. A well-known Stage, for example, is the mutational stage, running multiple crate::mutators::Mutators against a crate::corpus::Testcase, potentially storing new ones, according to crate::feedbacks::Feedback. Other stages may enrich crate::corpus::Testcases with metadata.

Re-exports§

pub use afl_stats::AflStatsStage;
pub use afl_stats::CalibrationTime;
pub use afl_stats::FuzzTime;
pub use afl_stats::SyncTime;
pub use calibrate::CalibrationStage;
pub use concolic::ConcolicTracingStage;
pub use concolic::SimpleConcolicMutationalStage;
pub use generalization::GeneralizationStage;
pub use mutational::MutationalStage;
pub use mutational::StdMutationalStage;
pub use power::PowerMutationalStage;
pub use power::StdPowerMutationalStage;
pub use time_tracker::TimeTrackingStageWrapper;
pub use tmin::ObserverEqualityFactory;
pub use tmin::ObserverEqualityFeedback;
pub use tmin::StdTMinMutationalStage;
pub use tracing::TracingStage;
pub use verify_timeouts::TimeoutsToVerify;
pub use verify_timeouts::VerifyTimeoutsStage;
pub use colorization::*;
pub use dump::*;
pub use logics::*;
pub use sync::*;
pub use tuneable::*;
pub use unicode::*;
pub use shadow::*;
pub use replay::*;

Modules§

afl_stats: Stage to compute and report AFL++ stats
calibrate: The calibration stage. The fuzzer measures the average exec time and the bitmap size.
colorization: The colorization stage from colorization() in afl++
concolic: This module contains the concolic stages, which can trace a target using symbolic execution and use the results for fuzzer input and mutations.
dump: The DumpToDiskStage is a stage that dumps the corpus and the solutions to disk to e.g. allow AFL to sync
generalization: The tracing stage can trace the target and enrich a crate::corpus::Testcase with metadata, for example for CmpLog.
generation: The GenStage generates a single input and evaluates it.
logics: Stage wrappers that add logics to stage list
mutational: Mutational stage is the normal fuzzing stage. For the current input, it will perform a range of random mutations, and then run them in the executor.
power: The power schedules. This stage should be invoked after the calibration stage.
push: PushStages return inputs instead of calling an executor
replay: The replay stage can scan all inputs and executes them once per input
shadow: A stage that runs the shadow executor using also the shadow observers. Unlike tracing stage, this stage CAN be used with inprocess executor.
sync: The SyncFromDiskStage is a stage that imports inputs from disk for e.g. sync with AFL
time_tracker: Stage that wraps another stage and tracks it’s execution time in State
tmin: The StdTMinMutationalStage is a stage which will attempt to minimize corpus entries.
tracing: The tracing stage can trace the target and enrich a testcase with metadata, for example for CmpLog.
tuneable: A MutationalStage where the mutator iteration can be tuned at runtime
unicode: Stages which analysis common to Unicode-style mutations
verify_timeouts: Stage that re-runs captured Timeouts with double the timeout to verify Note: To capture the timeouts, use in conjunction with CaptureTimeoutFeedback Note: Will NOT work with in process executors due to the potential for restarts/crashes when running inputs.

Structs§

ClosureStage: A Stage that will call a closure
ExecutionCountRestartHelper: A tool shed of functions to be used for stages that try to run for n iterations.
ExecutionCountRestartHelperMetadata: SerdeAny metadata used to keep track of executions since start for a given stage.
RetryCountRestartHelper: Progress which permits a fixed amount of resumes per round of fuzzing. If this amount is ever exceeded, the input will no longer be executed by this stage.
StageId: The index of a stage

Statics§

CLOSURE_STAGE_NAME: The name for closure stage

Traits§