Lib.rs

LibAFL › Features

Cargo Features

[dependencies]
libafl = { version = "0.12.0", default-features = false, features = ["document-features", "std", "introspection", "scalability_introspection", "prelude", "afl_exec_sec", "errors_backtrace", "corpus_btreemap", "gzip", "fork", "adaptive_serialization", "handle_sigpipe", "tcp_manager", "regex", "casr", "cmin", "prometheus_monitor", "concolic_mutation", "tui_monitor", "unicode", "multipart_inputs", "derive", "cli", "qemu_cli", "frida_cli", "rand_trait", "serdeany_autoreg", "llmp_broker_timeouts", "llmp_bind_public", "llmp_compression", "llmp_debug", "llmp_small_maps", "agpl", "nautilus", "concat-idents"] }
default = derive, fork, gzip, llmp_broker_timeouts, llmp_compression, llmp_small_maps, prelude, rand_trait, regex, serdeany_autoreg, std, tui_monitor

These default features are set whenever libafl is added without default-features = false somewhere in the dependency tree.

Enables xxh3 of libafl_bolts

libafl_bolts:

Replaces ahash with the potentially faster xxh3 in some parts of the lib. This yields a stable and fast hash, but may increase the resulting binary size slightly This also enables certain hashing and rand features in no_std no-alloc.

document-features

Enables document-features

Document all features of this crate (for cargo doc)

std default casr? llmp_broker_timeouts llmp_debug? nautilus? prometheus_monitor? regex tcp_manager? = backtrace, bincode, nix, serde_json, serial_test, typed-builder, uuid, wait-timeout

Feature Flags

General Features

Enables features that need rust's std lib to work, like print, env, ... support

Enables std of libafl_bolts, serde, and serde_json

serde:

serialization lib

Affects cached::CachedOnDiskCorpus, inmemory_ondisk::InMemoryOnDiskMetadata, inmemory_ondisk::InMemoryOnDiskCorpus, corpus::inmemory_ondisk, corpus::ondisk, corpus::cached, ondisk::OnDiskMetadataFormat, launcher::Launcher, llmp::LlmpRestartingEventManager, llmp::ManagerKind, llmp::setup_restarting_mgr_std, llmp::RestartingMgr, events::centralized, events::launcher, events::EVENTMGR_SIGHANDLER_STATE, events::ShutdownSignalData, simple::SimpleRestartingEventManager, tcp::TcpRestartingEventManager, tcp::TcpManagerKind, tcp::setup_restarting_mgr_tcp

introspection

Collects performance statistics of the fuzzing pipeline and displays it on Monitor components

Affects feedbacks::Feedback.is_interesting_introspection, feedbacks::FeedbackLogic.is_pair_interesting_introspection, monitors::ClientStats.introspection_monitor, monitors::NUM_PERF_FEATURES, tui::PerfTuiContext, tui::TuiContext.introspection, state::HasClientPerfMonitor, state::MaybeHasClientPerfMonitor

scalability_introspection

Collects stats about scalability

Affects state::MaybeHasScalabilityMonitor, state::HasScalabilityMonitor

prelude default

Expose libafl::prelude for access without additional using directives

Enables prelude of libafl_bolts

afl_exec_sec

Calculate exec/sec like AFL, using 5 second time windows

Affects monitors::ClientStats.last_window_executions, monitors::ClientStats.last_execs_per_sec

errors_backtrace

Stores the backtraces of all generated Errors. Good for debugging, but may come with a slight performance hit.

Enables errors_backtrace of libafl_bolts

corpus_btreemap

Switches from HashMap to BTreeMap for CorpusId

Affects inmemory::TestcaseStorageMap.map

gzip default

Enables gzip compression in certain parts of the lib

Enables gzip of libafl_bolts

fork default

If set, will use the fork() syscall to spawn children, instead of launching a new command, if supported by the OS (has no effect on Windows).

Enables derive of libafl_bolts

Affects launcher::CentralizedLauncher, executors::forkserver

adaptive_serialization

Collected stats to decide if observers must be serialized or not (which should reduce mem use and increase speed)

Affects events::AdaptiveSerializer

handle_sigpipe

If this feature is set, LibAFL targets (and the fuzzer) will crash on SIGPIPE on unix systems.

tcp_manager = std, tokio

Additional Components

Enables TcpEventManager, a simple EventManager proxying everything via TCP. This uses tokio.

Affects events::tcp

regex default casr? = std

Enables the NaiveTokenizer and StacktraceObserver

Enables regex

Affects encoded::NaiveTokenizer, observers::stacktrace

casr = libcasr, regex, std

Enables deduplication based on libcasr for StacktraceObserver

Affects stacktrace::collect_backtrace

cmin = z3

Enables features for corpus minimization

Affects corpus::minimizer

prometheus_monitor = async-std, futures, prometheus-client, std, tide

Enables the PrometheusMonitor which will monitor stats via UDP, for Grafana and others.

Affects monitors::prometheus

concolic_mutation = z3

Include a simple concolic mutator based on z3

Affects concolic::SimpleConcolicMutationalStage

tui_monitor default = crossterm, ratatui

Enable the fancy TuiMonitor for a termanal UI using crossterm

Affects monitors::tui

unicode = bitvec, reqwest, zip

Enables StringClassificationStage and associated mutators, which allow for mutations which preserve the Unicode property data

Enables libafl_bolts, rc of serde and std of ahash

The hash function already used in hashbrown

Affects mutators::string, stages::string

multipart_inputs = arrayvec, rand_trait

Enable multi-part input formats and mutators

Affects inputs::multi, mutators::multi

derive default = libafl_derive

LibAFL-Bolts Features

Provide the #[derive(SerdeAny)] macro. provide `derive(SerdeAny) macro.

Enables derive of libafl_bolts

cli frida_cli? qemu_cli?

Expose libafl_bolts::cli for easy commandline parsing of common fuzzer settings

Enables cli of libafl_bolts

qemu_cli = cli

Enables extra commandline flags for qemu-based fuzzers in cli

Enables qemu_cli of libafl_bolts

frida_cli = cli

Enables extra commandline flags for frida-based fuzzers in cli

Enables frida_cli of libafl_bolts

rand_trait default multipart_inputs?

If set, libafl_bolt's rand implementations will implement rand::Rng

Enables rand_trait of libafl_bolts

serdeany_autoreg default

SerdeAny features

Automatically register all #[derive(SerdeAny)] types at startup.

Enables serdeany_autoreg of libafl_bolts

llmp_broker_timeouts default = std

### LLMP features

The broker loop will yield occasionally, even without status messages from client nodes

llmp_bind_public

If set, llmp will bind to 0.0.0.0, allowing cross-device communication. Binds to localhost by default.

Enables llmp_bind_public of libafl_bolts

llmp_compression default

Enables llmp compression using GZip

Enables llmp_compression of libafl_bolts

Affects llmp::COMPRESS_THRESHOLD

llmp_debug = std

Enables debug output for LLMP (also needs a logger installed)

Enables llmp_debug of libafl_bolts

llmp_small_maps default

Reduces the initial map size for llmp
reduces initial map size for llmp

Enables llmp_small_maps of libafl_bolts

agpl = nautilus

License-Changing Dependencies(!)

Enables all features hiding dependencies licensed under AGPL

nautilus agpl? = grammartec, std

Enables the Nautilus Grammar Mutator (AGPL-licensed)

Enables std of serde_json

Affects feedbacks::nautilus, generators::nautilus, inputs::nautilus, mutators::nautilus

Features from optional dependencies

In crates that don't use the dep: syntax, optional dependencies automatically become Cargo features. These features may have been created by mistake, and this functionality may be removed in the future.

libafl_derive derive
bincode std
backtrace std

Enables backtrace

Used to get the stacktrace in StacktraceObserver

typed-builder std

Enables typed-builder ^0.16

Implement the builder pattern at compiletime

serde_json nautilus? std
nix std

Enables nix ^0.27

uuid std
ratatui tui_monitor

Enables ratatui ^0.23.0

Commandline rendering, for TUI Monitor

crossterm tui_monitor
prometheus-client prometheus_monitor?

Enables prometheus-client ^0.21

For the prometheus monitor

tide prometheus_monitor?
async-std prometheus_monitor?
futures prometheus_monitor?
tokio tcp_manager?

Enables tokio

only used for TCP Event Manager right now

wait-timeout std

Enables wait-timeout

used by CommandExecutor to wait for child process

z3 cmin? concolic_mutation?

Enables z3

for concolic mutation

concat-idents implicit feature

Enables concat-idents

concat-idents:

Allows concatenating multiple identifiers and using them everywhere

libcasr casr?
bitvec unicode?

Enables bitvec

used for string range storage

arrayvec multipart_inputs?

Enables arrayvec

used for fixed-len collects

serial_test std

Enables serial_test ^2

optional-dev deps (change when target.'cfg(accessible(::std))'.test-dependencies will be stable)

grammartec nautilus?

Enables grammartec

AGPL
!!! this create requires nightly

reqwest build unicode?

Enables reqwest ^0.11

zip build unicode?

Enables zip ^0.6