Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Input Types and Mutators for Numeric Types #2760

Merged
merged 35 commits into from
Dec 15, 2024

Conversation

riesentoaster
Copy link
Contributor

No description provided.

@riesentoaster
Copy link
Contributor Author

Turns out Rust has some built-in functionality I did not know about.

@riesentoaster riesentoaster marked this pull request as draft December 12, 2024 15:40
@riesentoaster
Copy link
Contributor Author

Let me figure out mapping for these as well.

@riesentoaster riesentoaster marked this pull request as ready for review December 12, 2024 22:47
@riesentoaster
Copy link
Contributor Author

Thoughts?

@tokatoka tokatoka requested a review from domenukk December 12, 2024 23:36
@domenukk
Copy link
Member

Left some more comments (sorry :D)

Also, it probably makes sense to support an "interesting values" mutator(?)

pub const INTERESTING_32: [i32; 27] = [

Note that stacking mutations probably makes a lot less sense for int mutations btw, no clue how to best model that.

@riesentoaster
Copy link
Contributor Author

riesentoaster commented Dec 13, 2024

Left some more comments (sorry :D)

Thank you for your time!

Also, it probably makes sense to support an "interesting values" mutator(?)

pub const INTERESTING_32: [i32; 27] = [

Ideally, you'd want to statically generate them at this point, otherwise you'll create a lot of duplicate code. Maybe I'll get around to it at some point. Create an issue and merge this for now?

Note that stacking mutations probably makes a lot less sense for int mutations btw, no clue how to best model that.

Fair enough, but I'm not sure you'd ever use this outside of mapped mutators anyways, and there stacking makes sense again, so 🤷‍♂️.

use super::{ValueInput, ValueMutRefInput};
use crate::mutators::numeric::Numeric;

fn take_numeric<I: Numeric + Clone>(i: I) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What is this supposed to test? I wouldn't be at all surprised if the compiler notices that this is all dead code and optimizes it away. Perhaps this should assert_eq! that i.clone.f() is the same as ValueInput::from(i.clone()).f().inner()?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Valid point, this definitely is not a robust testing regime.

To be honest, this was mostly a test during development that the types work out, so the fact that it compiles is the main testing success.

Previous implementations panicked on certain values, and especially min and max values seemed unstable. I don't think this is still possible, but I figured the cost of leaving this here is minimal compared to potential breakage.

Ideally however, we'd prove some of these properties, I have no idea how to do this though.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have renamed the test to better reflect what it's currently doing.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm now also checking if the operations actually change the values. Still not comprehensive, but it's a start.


/// Flip the bit at the specified offset.
///
/// Has no effect if `offset` is out of bounds for the type.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This seems inconsistent with the impl below, << panics if the RHS is too big (playground)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You're right, I have added a safety notice. Is that enough?

fn randomize<R: Rand>(&mut self, rand: &mut R) {
// flip random bits, no need to reset to zero
*self ^= <$t>::from(rand.next());
*self ^= <$t>::from(rand.next()) << 64;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should only be done on values >64 bit. It's useless overhead on anything else

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Like, since rand.next() changes the state, it has to be executed even though the value is ignored.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The macro is only called for u128 and i128, I have another implementation with a straight cast for the other types:

*self = rand.next() as $t;

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Aaah missed that, nice! <3

Copy link
Member

@domenukk domenukk Dec 15, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

could be something like:
*self = (((rand.next() as u128 << 64)) | rand.next() as u128) as $t

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nevermind that guy isn't optimized

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

*self ^= <$t>::from(rand.next()) << 64 | <$t>::from(rand.next());

This produces the same output, but clippy doesn't complain about infallible casts.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why xor? Just assign

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The casts are all right, fwiw. But I'm fine with either. Shifting in unsigned land is in generally less ... weird.. though, that's why I prefer it. play it safe.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fair enough.

@domenukk domenukk merged commit 61e3f0b into AFLplusplus:main Dec 15, 2024
103 checks passed
@domenukk
Copy link
Member

Thanks!

riesentoaster added a commit to riesentoaster/LibAFL that referenced this pull request Dec 15, 2024
* fixing empty multipart name

* fixing clippy

* New rules for the contributing (AFLplusplus#2752)

* Rules

* more

* aa

* Improve Flexibility of DumpToDiskStage (AFLplusplus#2753)

* fixing empty multipart name

* fixing clippy

* improve flexibility of DumpToDiskStage

* adding note to MIGRATION.md

* Introduce WrappingMutator

* introducing mutators for int types

* fixing no_std

* random fixes

* Add hash derivation for WrappingInput

* Revert fixes that broke things

* Derive Default on WrappingInput

* Add unit tests

* Fixes according to code review

* introduce mappable ValueInputs

* remove unnecessary comments

* Elide more lifetimes

* remove dead code

* simplify hashing

* improve docs

* improve randomization

* rename method to align with standard library

* add typedefs for int types for ValueMutRefInput

* rename test

* add safety notice to trait function

* improve randomize performance for i128/u128

* rename macro

* improve comment

* actually check return values in test

* make 128 bit int randomize even more efficient

* shifting signed values

---------

Co-authored-by: Dongjia "toka" Zhang <[email protected]>
Co-authored-by: Dominik Maier <[email protected]>
domenukk added a commit that referenced this pull request Dec 28, 2024
* fixing empty multipart name

* fixing clippy

* New rules for the contributing (#2752)

* Rules

* more

* aa

* Improve Flexibility of DumpToDiskStage (#2753)

* fixing empty multipart name

* fixing clippy

* improve flexibility of DumpToDiskStage

* adding note to MIGRATION.md

* Update bindgen requirement from 0.70.1 to 0.71.1 (#2756)

Updates the requirements on [bindgen](https://github.com/rust-lang/rust-bindgen) to permit the latest version.
- [Release notes](https://github.com/rust-lang/rust-bindgen/releases)
- [Changelog](https://github.com/rust-lang/rust-bindgen/blob/main/CHANGELOG.md)
- [Commits](rust-lang/rust-bindgen@v0.70.1...v0.71.1)

---
updated-dependencies:
- dependency-name: bindgen
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* No Use* from stages (#2745)

* no from stage

* fixer

* doc fix

* how was this working????

* more fixes

* delete more

* rq

* cargo-fuzz

* m

* aa

* Update CONTRIBUTING.md MIGRATION.md (#2762)

* No Uses* from `fuzzer` (#2761)

* go

* fixing stuf

* hello from windows

* more

* lolg

* lolf

* fix

* a

---------

Co-authored-by: Your Name <[email protected]>

* Remove useless cfgs (#2764)

* Link libresolv on all Apple OSs (#2767)

* Somewhat ugly CI fix... (#2768)

* Maybe fix CI

* does this help?

* Very dirty 'fix'

* Add Input Types and Mutators for Numeric Types (#2760)

* fixing empty multipart name

* fixing clippy

* New rules for the contributing (#2752)

* Rules

* more

* aa

* Improve Flexibility of DumpToDiskStage (#2753)

* fixing empty multipart name

* fixing clippy

* improve flexibility of DumpToDiskStage

* adding note to MIGRATION.md

* Introduce WrappingMutator

* introducing mutators for int types

* fixing no_std

* random fixes

* Add hash derivation for WrappingInput

* Revert fixes that broke things

* Derive Default on WrappingInput

* Add unit tests

* Fixes according to code review

* introduce mappable ValueInputs

* remove unnecessary comments

* Elide more lifetimes

* remove dead code

* simplify hashing

* improve docs

* improve randomization

* rename method to align with standard library

* add typedefs for int types for ValueMutRefInput

* rename test

* add safety notice to trait function

* improve randomize performance for i128/u128

* rename macro

* improve comment

* actually check return values in test

* make 128 bit int randomize even more efficient

* shifting signed values

---------

Co-authored-by: Dongjia "toka" Zhang <[email protected]>
Co-authored-by: Dominik Maier <[email protected]>

* Add HashMutator

* Fix docs

* Fix docs again

* introducing bloom filter

* fix tests

* Implement evaluate_filtered

* Add macros to libafl_bolts tuples for mapping and merging types (#2788)

* Add macros

* Use the macros for havoc_mutations

* Fix docs

* improve merge_tuple_list_type to accept n items

* libafl_cc: Automatically find llvm_ar path (#2790)

* imemory_ondisk: Don't fail write under any circumstances if locking is disabled (#2791)

* imemory_ondisk: Don't fail write under any circumstances if locking is disabled

* fmt

* inmemory_ondisk: Add a log message on failure

* clippy'

* micro optimization

* Revert changes to global Cargo.toml

* Hide std-dependent dependency behind std feature

* Fix example fuzzer

* Rename constructor for filtered fuzzer

* Reorder generics alphabetically

* Rename HashingMutator, add note to MutationResult about filtered fuzzers

* Improve StdFuzzer according to feedback

* rename hashing mutator

* Fix english in comment

* Cleanup of old PRs that break the CI

* Fix more CI bugs

* Code cleanup

* Remove unnecessary comments

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: Dongjia "toka" Zhang <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Your Name <[email protected]>
Co-authored-by: Sharad Khanna <[email protected]>
Co-authored-by: Dominik Maier <[email protected]>
Co-authored-by: s1341 <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants