Merge pull request #46 from Evian-Zhang/c-binding-and-toml

Add C header and several improvements

Author: wtdcode

.github/workflows/ci.yaml

@@ -99,3 +99,19 @@ jobs:
         TOKEN: ${{ secrets.CRATES_IO_KEY }}
       run: |
         cargo login $TOKEN && cargo test && cargo publish
+
+  fmt-check:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Cargo fmt
+        run: cargo fmt --check
+
+  fmt-toml-check:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Install taplo
+        run: cargo install taplo-cli --locked
+      - uses: actions/checkout@v4
+      - name: Run taplo
+        run: taplo format --check

.github/workflows/py.yaml

@@ -16,20 +16,14 @@ jobs:
           - { 
               os: ubuntu-latest, 
               arch: x64, 
-              python-ver: '3.8', 
-              name: 'manylinux2014_x86_64'
+              python-version: 'cp38', 
+              name: 'manylinux_x86_64'
             }
           - { 
               os: ubuntu-latest,
               arch: x32,
-              python-ver: '3.8',
-              name: 'manylinux2014_i686'
-            }
-          - { 
-              os: ubuntu-latest,
-              arch: x64,
-              python-ver: '3.8',
-              name: 'sdist'
+              python-version: 'cp38',
+              name: 'manylinux_i686'
             }
           # - { 
           #     os: macos-latest,
@@ -38,6 +32,8 @@ jobs:
           #     name: 'macos_x86_64'
           #   }
     steps:
+    - uses: actions/checkout@v4
+
     - name: set up python
       uses: actions/setup-python@v4
       with:
@@ -51,19 +47,19 @@ jobs:
     - name: Setup Rust cache
       uses: Swatinem/rust-cache@v2
       with:
-        key: ${{ matrix.alt_arch_name }}
+        key: ${{ matrix.config.alt_arch_name }}
 
     - name: Get pip cache dir
       id: pip-cache
-      if: matrix.os != 'windows-latest'
+      if: matrix.config.os != 'windows-latest'
       run: |
         echo "dir=$(pip cache dir)" >> $GITHUB_OUTPUT
     
     - name: Cache python dependencies
       uses: actions/cache@v3
       with:
         path: ${{ steps.pip-cache.outputs.dir || steps.pip-cache-win.outputs.dir }}
-        key: ${{ runner.os }}-pip-${{ matrix.python-version }}
+        key: ${{ runner.os }}-pip-${{ matrix.config.python-version }}
 
     - name: install python dependencies
       run: pip install -U setuptools wheel twine cibuildwheel platformdirs
@@ -82,34 +78,37 @@ jobs:
       uses: actions/cache@v3
       with:
         path: ${{ steps.cibuildwheel-cache.outputs.dir }}
-        key: ${{ runner.os }}-cibuildwheel-${{ matrix.python-version }}
+        key: ${{ runner.os }}-cibuildwheel-${{ matrix.config.python-version }}
 
     - name: build sdist
-      if: matrix.os == 'ubuntu' && matrix.python-version == 'cp310'
+      if: matrix.config.os == 'ubuntu-latest' && matrix.config.python-version == 'cp38'
       run: |
         pip install maturin build
         python -m build --sdist -o wheelhouse
 
-    - name: build ${{ matrix.platform || matrix.os }} binaries
+    - name: build ${{ matrix.config.platform || matrix.config.os }} binaries
       run: cibuildwheel --output-dir wheelhouse
       env:
-        CIBW_BUILD: '${{ matrix.python-version }}-*'
+        CIBW_BUILD: '${{ matrix.config.python-version }}-${{ matrix.config.name }}'
         # rust doesn't seem to be available for musl linux on i686
         CIBW_SKIP: '*-musllinux_i686'
         # we build for "alt_arch_name" if it exists, else 'auto'
-        CIBW_ARCHS: ${{ matrix.alt_arch_name || 'auto' }}
+        CIBW_ARCHS: ${{ matrix.config.alt_arch_name || 'auto' }}
         CIBW_ENVIRONMENT: 'PATH="$HOME/.cargo/bin:$PATH" CARGO_TERM_COLOR="always"'
         CIBW_ENVIRONMENT_WINDOWS: 'PATH="$UserProfile\.cargo\bin;$PATH"'
+        # These are needed for Unicorn and cbindgen
+        CIBW_BEFORE_ALL: >
+          yum update -y && yum install -y llvm llvm-devel clang clang-devel libtool glib2-devel meson ninja-build bison flex
         CIBW_BEFORE_BUILD: rustup show
         CIBW_BEFORE_BUILD_LINUX: >
           curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain=stable --profile=minimal -y &&
           rustup show
-        CIBW_TEST_COMMAND: 'pytest {project}/test'
-        CIBW_TEST_REQUIRES: pytest requests
-        CIBW_TEST_SKIP: '*-macosx_arm64 *-macosx_universal2:arm64'
+        # CIBW_TEST_COMMAND: 'pytest {project}/test'
+        # CIBW_TEST_REQUIRES: pytest requests
+        # CIBW_TEST_SKIP: '*-macosx_arm64 *-macosx_universal2:arm64'
         CIBW_BUILD_VERBOSITY: 1
 
-    - run: ${{ matrix.ls || 'ls -lh' }} wheelhouse/
+    - run: ${{ matrix.config.ls || 'ls -lh' }} wheelhouse/
 
     - name: '📤 Upload artifact'
       uses: actions/upload-artifact@v4
@@ -131,4 +130,4 @@ jobs:
         uses: pypa/gh-action-pypi-publish@master
         with:
           user: __token__
-          password: ${{ secrets.pypi_pass }}
+          password: ${{ secrets.pypi_pass }}

Cargo.toml

@@ -6,27 +6,35 @@ rust-version = "1.87"
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 
 [dependencies]
-# Unreleased 0.15.3
-libafl_targets = { git = "https://github.com/AFLplusplus/LibAFL", features = [
-    "pointer_maps", "forkserver", "cmplog", "cmplog_extended_instrumentation"], rev = "d5ecf7304dbd377df94d08aed658199eed2956af"}
-libafl = { git = "https://github.com/AFLplusplus/LibAFL", rev = "d5ecf7304dbd377df94d08aed658199eed2956af"}
-libafl_bolts = { git = "https://github.com/AFLplusplus/LibAFL", rev = "d5ecf7304dbd377df94d08aed658199eed2956af"}
+libafl_targets = { version = "0.15.3", features = [
+  "pointer_maps",
+  "forkserver",
+  "cmplog",
+  "cmplog_extended_instrumentation",
+] }
+libafl = "0.15.3"
+libafl_bolts = "0.15.3"
 
-serde ={ version = "1.0", features = ["derive"] }
-unicorn-engine = { git = "https://github.com/unicorn-engine/unicorn", branch = "dev"}
+serde = { version = "1.0", features = ["derive"] }
+unicorn-engine = { git = "https://github.com/unicorn-engine/unicorn", branch = "dev" }
 log = "0.4"
 nix = { version = "0.29", features = ["signal"] }
 env_logger = { version = "0.11", optional = true }
-pyo3 = { version = "0.24.0", features = ["extension-module"], optional = true}
-pyo3-log = { version = "0.12.2", optional = true}
+pyo3 = { version = "0.24.0", features = ["extension-module"], optional = true }
+pyo3-log = { version = "0.12.2", optional = true }
 
 [features]
 default = []
 bindings = ["unicorn-engine/dynamic_linkage", "pyo3", "pyo3-log", "env_logger"]
 
 [lib]
 name = "unicornafl"
-crate-type = ["cdylib", "rlib"] # For python
+crate-type = ["cdylib", "staticlib", "rlib"] # For python
 
 [[example]]
 name = "sample"
+
+[profile.release]
+lto = true
+codegen-units = 1
+strip = true

examples/sample.rs

@@ -75,5 +75,5 @@ fn main() {
     };
 
     let input_file = input_file.map(PathBuf::from);
-    afl_fuzz(uc, input_file, place_input_cb, exits, false, Some(1)).expect("fail to fuzz?")
+    afl_fuzz(uc, input_file, place_input_cb, exits, Some(1)).expect("fail to fuzz?")
 }

include/unicornafl.h

@@ -0,0 +1,86 @@
+#ifndef UNICORNAFL_H
+#define UNICORNAFL_H
+
+#include "unicorn/unicorn.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#ifdef __GNUC__
+#define UNICORNAFL_EXPORT __attribute__((visibility("default")))
+#else
+#define UNICORNAFL_EXPORT
+#endif
+
+#define MIN_UC_VERSION 0x02000100
+
+typedef enum uc_afl_ret {
+    UC_AFL_RET_OK = 0,
+    UC_AFL_RET_ERROR,
+    UC_AFL_RET_CHILD,
+    UC_AFL_RET_NO_AFL,
+    UC_AFL_RET_CALLED_TWICE,
+    UC_AFL_RET_FINISHED,
+    UC_AFL_RET_INVALID_UC,
+    UC_AFL_RET_UC_ERR,
+    UC_AFL_RET_LIBAFL,
+    UC_AFL_RET_FFI,
+} uc_afl_ret;
+
+typedef bool (*uc_afl_cb_place_input_t)(uc_engine* uc, char* input,
+                                        size_t input_len,
+                                        uint32_t persistent_round, void* data);
+
+typedef bool (*uc_afl_cb_validate_crash_t)(uc_engine* uc, uc_err unicorn_result,
+                                           char* input, int input_len,
+                                           int persistent_round, void* data);
+
+typedef uc_err (*uc_afl_fuzz_cb_t)(uc_engine *uc, void *data);
+
+//
+//  Start our fuzzer.
+//
+//  If no afl-fuzz instance is found, this function is almost identical to uc_emu_start()
+//  
+//  @uc: The uc_engine return-ed from uc_open().
+//  @input_file: This usually is the input file name provided by the command argument.
+//  @place_input_callback: This callback is triggered every time a new child is generated. It returns 
+//                         true if the input is accepted, or the input would be skipped.
+//  @exits: All possible exits.
+//  @exit_count: The count of the @exits array.
+//  @validate_crash_callback: This callback is triggered every time to check if we are crashed.                     
+//  @always_validate: If this is set to False, validate_crash_callback will be only triggered if
+//                    uc_emu_start (which is called internally by uc_afl_fuzz) returns an error. Or
+//                    the validate_crash_callback will be triggered every time.
+//  @persistent_iters: Fuzz how many times before forking a new child.
+//  @data: The extra data user provides.
+//
+//  @uc_afl_ret: The error the fuzzer returns.
+UNICORNAFL_EXPORT
+uc_afl_ret uc_afl_fuzz(uc_engine* uc, char* input_file,
+                       uc_afl_cb_place_input_t place_input_callback,
+                       uint64_t* exits, size_t exit_count,
+                       uc_afl_cb_validate_crash_t validate_crash_callback,
+                       bool always_validate, uint32_t persistent_iters,
+                       void* data);
+
+//
+// By default, uc_afl_fuzz internall calls uc_emu_start only once and if uc_emu_stop
+// is called, the child will stop fuzzing current test case.
+//
+// To implement more complex fuzzing logic, pass an extra fuzzing_callback with this API.
+//
+UNICORN_EXPORT
+uc_afl_ret uc_afl_fuzz_custom(uc_engine* uc, char* input_file,
+                              uc_afl_cb_place_input_t place_input_callback,
+                              uc_afl_fuzz_cb_t fuzz_callbck,
+                              uc_afl_cb_validate_crash_t validate_crash_callback,
+                              bool always_validate, uint32_t persistent_iters,
+                              void* data);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif

pyproject.toml

@@ -6,17 +6,15 @@ build-backend = "maturin"
 name = "unicornafl"
 requires-python = ">=3.8"
 classifiers = [
-    "Programming Language :: Rust",
-    "Programming Language :: Python :: Implementation :: CPython",
-    "Programming Language :: Python :: Implementation :: PyPy",
+  "Programming Language :: Rust",
+  "Programming Language :: Python :: Implementation :: CPython",
+  "Programming Language :: Python :: Implementation :: PyPy",
 ]
 dynamic = ["version"]
-dependencies = [
-    "unicorn>=2.1.3"
-]
+dependencies = ["unicorn>=2.1.3"]
 
 [tool.maturin]
 bindings = "pyo3"
 manifest-path = "Cargo.toml"
 features = ["bindings"]
-python-source = "python"
+python-source = "python"

src/lib.rs

@@ -102,7 +102,6 @@ pub fn afl_fuzz<'a, D: 'a>(
     input_file: Option<PathBuf>,
     place_input_cb: impl FnMut(&mut Unicorn<'a, UnicornFuzzData<D>>, &[u8], u64) -> bool + 'a,
     exits: Vec<u64>,
-    always_validate: bool,
     persistent_iters: Option<u64>,
 ) -> Result<(), uc_afl_ret> {
     afl_fuzz_custom(
@@ -114,7 +113,7 @@ pub fn afl_fuzz<'a, D: 'a>(
             target::dummy_uc_fuzz_callback,
         ),
         exits,
-        always_validate,
+        false,
         persistent_iters,
     )
 }