Module libafl::stages

A Stage is a technique used during fuzzing, working on one crate::corpus::Corpus entry, and potentially altering it or creating new entries. A well-known Stage, for example, is the mutational stage, running multiple crate::mutators::Mutators against a crate::corpus::Testcase, potentially storing new ones, according to crate::feedbacks::Feedback. Other stages may enrich crate::corpus::Testcases with metadata.

Re-exports

• pub use calibrate::CalibrationStage;
• pub use concolic::ConcolicTracingStage;
• pub use concolic::SimpleConcolicMutationalStage;
• pub use generalization::GeneralizationStage;
• pub use mutational::MutationalStage;
• pub use mutational::StdMutationalStage;
• pub use power::PowerMutationalStage;
• pub use power::StdPowerMutationalStage;
• pub use stats::AflStatsStage;
• pub use tmin::MapEqualityFactory;
• pub use tmin::MapEqualityFeedback;
• pub use tmin::StdTMinMutationalStage;
• pub use tmin::TMinMutationalStage;
• pub use tracing::ShadowTracingStage;
• pub use tracing::TracingStage;
• pub use colorization::*;
• pub use dump::*;
• pub use logics::*;
• pub use string::*;
• pub use sync::*;
• pub use tuneable::*;

Modules

• calibrate
  The calibration stage. The fuzzer measures the average exec time and the bitmap size.
• colorization
  The colorization stage from colorization() in afl++
• concolic
  This module contains the concolic stages, which can trace a target using symbolic execution and use the results for fuzzer input and mutations.
• dump
  The DumpToDiskStage is a stage that dumps the corpus and the solutions to disk to e.g. allow AFL to sync
• generalization
  The tracing stage can trace the target and enrich a crate::corpus::Testcase with metadata, for example for CmpLog.
• logics
  Stage wrappers that add logics to stage list
• mutational
  Mutational stage is the normal fuzzing stage. For the current input, it will perform a range of random mutations, and then run them in the executor.
• power
  The power schedules. This stage should be invoked after the calibration stage.
• push
  While normal stages call the executor over and over again, push stages turn this concept upside down: A push stage instead returns an iterator that generates a new result for each time it gets called. With the new testcase, you will have to take care about testcase execution, manually. The push stage relies on internal mutability of the supplied Observers.
• stats
  Stage to compute/report AFL stats
• string
  Stages which analysis common to Unicode-style mutations
• sync
  The SyncFromDiskStage is a stage that imports inputs from disk for e.g. sync with AFL
• tmin
  The TMinMutationalStage is a stage which will attempt to minimize corpus entries.
• tracing
  The tracing stage can trace the target and enrich a testcase with metadata, for example for CmpLog.
• tuneable
  A crate::stages::MutationalStage where the mutator iteration can be tuned at runtime

Structs

• ClosureStage
  A Stage that will call a closure
• ExecutionCountRestartHelper
  A tool shed of functions to be used for stages that try to run for n iterations.
• ExecutionCountRestartHelperMetadata
  SerdeAny metadata used to keep track of executions since start for a given stage.
• PushStageAdapter
  Allows us to use a push::PushStage as a normal Stage
• RetryRestartHelper
  Progress which permits a fixed amount of resumes per round of fuzzing. If this amount is ever exceeded, the input will no longer be executed by this stage.

Traits

• HasCurrentStage
  Trait for types which track the current stage
• HasNestedStageStatus
  Trait for types which track nested stages. Stages which themselves contain stage tuples should ensure that they constrain the state with this trait accordingly.
• Stage
  A stage is one step in the fuzzing process. Multiple stages will be scheduled one by one for each input.
• StagesTuple
  A tuple holding all Stages used for fuzzing.