Lib.rs

LibAFL › Features

Cargo Features

[dependencies]
libafl = { version = "0.14.0", default-features = false, features = ["document-features", "std", "track_hit_feedbacks", "introspection", "scalability_introspection", "prelude", "afl_exec_sec", "errors_backtrace", "corpus_btreemap", "gzip", "fork", "handle_sigpipe", "tcp_manager", "tcp_compression", "multi_machine", "regex", "casr", "intel_pt", "cmin", "prometheus_monitor", "concolic_mutation", "tui_monitor", "unicode", "multipart_inputs", "derive", "cli", "qemu_cli", "frida_cli", "rand_trait", "serdeany_autoreg", "llmp_broker_timeouts", "llmp_bind_public", "llmp_compression", "llmp_debug", "llmp_small_maps", "nautilus", "concat-idents", "clap"] }
default = derive, fork, gzip, llmp_broker_timeouts, llmp_compression, llmp_small_maps, rand_trait, regex, serdeany_autoreg, std

These default features are set whenever libafl is added without default-features = false somewhere in the dependency tree.

Enables xxh3 of libafl_bolts

libafl_bolts:

Replaces ahash with the potentially faster xxh3 in some parts of the lib. This yields a stable and fast hash, but may increase the resulting binary size slightly This also enables certain hashing and rand features in no_std no-alloc.

document-features

Enables document-features

Document all features of this crate (for cargo doc)

std default casr? intel_pt? llmp_broker_timeouts llmp_debug? multi_machine? nautilus? prometheus_monitor? regex tcp_manager? track_hit_feedbacks? = backtrace, bincode, serde_json, serial_test, typed-builder, uuid, wait-timeout

Feature Flags

General Features

Enables features that need rust's std lib to work, like print, env, ... support

Enables nix, std of libafl_bolts and std of serde and serde_json

serde:

serialization lib

Affects cached::CachedOnDiskCorpus, inmemory_ondisk::InMemoryOnDiskCorpus, corpus::inmemory_ondisk, corpus::ondisk, corpus::cached, ondisk::OnDiskMetadataFormat, broker_hooks::centralized, launcher::Launcher, llmp::restarting, restarting::LlmpRestartingEventManager, restarting::ManagerKind, restarting::setup_restarting_mgr_std, restarting::setup_restarting_mgr_std_adaptive, restarting::RestartingMgr, events::centralized, events::launcher, events::EVENTMGR_SIGHANDLER_STATE, events::ShutdownSignalData, simple::SimpleRestartingEventManager, tcp::TcpRestartingEventManager

track_hit_feedbacks = std

Tracks the Feedbacks and the Objectives that were interesting for a Testcase

Affects feedbacks::Feedback.last_result, feedbacks::Feedback.append_hit_feedbacks, feedbacks::FeedbackLogic.last_result, feedbacks::FeedbackLogic.append_hit_feedbacks

introspection

Collects performance statistics of the fuzzing pipeline and displays it on Monitor components

Affects feedbacks::Feedback.is_interesting_introspection, monitors::ClientStats.introspection_monitor, monitors::NUM_PERF_FEATURES, tui::PerfTuiContext, tui::TuiContext.introspection, state::HasClientPerfMonitor, state::MaybeHasClientPerfMonitor

scalability_introspection

Collects stats about scalability

Affects state::MaybeHasScalabilityMonitor, state::HasScalabilityMonitor

prelude

Expose libafl::prelude for access without additional using directives

Enables prelude of libafl_bolts

afl_exec_sec

Calculate exec/sec like AFL, using 5 second time windows

Affects monitors::ClientStats.last_window_executions, monitors::ClientStats.last_execs_per_sec

errors_backtrace

Stores the backtraces of all generated Errors. Good for debugging, but may come with a slight performance hit.

Enables errors_backtrace of libafl_bolts

corpus_btreemap

Switches from HashMap to BTreeMap for CorpusId

Affects inmemory::TestcaseStorageMap.map

gzip default

Enables gzip compression in certain parts of the lib

Enables gzip of libafl_bolts

fork default

If set, will use the fork() syscall to spawn children, instead of launching a new command, if supported by the OS (has no effect on Windows).

Enables derive of libafl_bolts

Affects launcher::CentralizedLauncher, executors::forkserver

handle_sigpipe

If this feature is set, LibAFL targets (and the fuzzer) will crash on SIGPIPE on unix systems.

tcp_manager tcp_compression? = std, tokio

Additional Components

Enables TcpEventManager, a simple EventManager proxying everything via TCP. This uses tokio.

Affects events::tcp

tcp_compression = tcp_manager

Enables compression for the TCP manager

Enables gzip of libafl_bolts

multi_machine = enumflags2, std, tokio

Enable multi-machine support

Enables std of ahash

The hash function already used in hashbrown

Affects broker_hooks::centralized_multi_machine, events::multi_machine

regex default casr? nautilus? = std

Enables the NaiveTokenizer and StacktraceObserver

Enables regex

Affects encoded::NaiveTokenizer, observers::stacktrace

casr = libcasr, regex, std

Enables deduplication based on libcasr for StacktraceObserver

Affects stacktrace::collect_backtrace

intel_pt = std

Intel Processor Trace

Enables libafl_intelpt, libipt, nix, and num_enum

Affects hooks::intel_pt

cmin = z3

Enables features for corpus minimization

Affects corpus::minimizer

prometheus_monitor = async-std, futures, prometheus-client, std, tide

Enables the PrometheusMonitor which will monitor stats via UDP, for Grafana and others.

Affects monitors::prometheus

concolic_mutation = z3

Include a simple concolic mutator based on z3

Affects concolic::SimpleConcolicMutationalStage, concolic::SIMPLE_CONCOLIC_MUTATIONAL_NAME

tui_monitor = crossterm, ratatui

Enable the fancy TuiMonitor for a termanal UI using crossterm

Affects monitors::tui

unicode = bitvec

Enables UnicodeClassificationStage and associated mutators, which allow for mutations which preserve the Unicode property data

Enables libafl_bolts, std of ahash, rc of serde

Affects mutators::unicode, stages::unicode

multipart_inputs = arrayvec, rand_trait

Enable multi-part input formats and mutators

Affects inputs::multi, mutators::multi

derive default = libafl_derive

LibAFL-Bolts Features

Provide the #[derive(SerdeAny)] macro. provide `derive(SerdeAny) macro.

Enables derive of libafl_bolts

cli frida_cli? qemu_cli?

Expose libafl_bolts::cli for easy commandline parsing of common fuzzer settings

Enables cli of libafl_bolts

qemu_cli = cli

Enables extra commandline flags for qemu-based fuzzers in cli

Enables qemu_cli of libafl_bolts

frida_cli = cli

Enables extra commandline flags for frida-based fuzzers in cli

Enables frida_cli of libafl_bolts

rand_trait default multipart_inputs? nautilus?

If set, libafl_bolt's rand implementations will implement rand::Rng

Enables rand_trait of libafl_bolts

serdeany_autoreg default

SerdeAny features

Automatically register all #[derive(SerdeAny)] types at startup.

Enables serdeany_autoreg of libafl_bolts

llmp_broker_timeouts default = std

LLMP features

The broker loop will yield occasionally, even without status messages from client nodes

llmp_bind_public

If set, llmp will bind to 0.0.0.0, allowing cross-device communication. Binds to localhost by default.

Enables llmp_bind_public of libafl_bolts

llmp_compression default

Enables llmp compression using GZip

Enables llmp_compression of libafl_bolts

Affects llmp::COMPRESS_THRESHOLD

llmp_debug = std

Enables debug output for LLMP (also needs a logger installed)

Enables llmp_debug of libafl_bolts

llmp_small_maps default

Reduces the initial map size for llmp
reduces initial map size for llmp

Enables llmp_small_maps of libafl_bolts

nautilus = rand_trait, regex, regex-syntax, std

Grammar mutator. Requires nightly.

Enables pyo3 ^0.22.3, std of serde_json

Affects common::nautilus, grammartec::python_grammar_loader, feedbacks::nautilus, generators::nautilus, inputs::nautilus, mutators::nautilus

Features from optional dependencies

In crates that don't use the dep: syntax, optional dependencies automatically become Cargo features. These features may have been created by mistake, and this functionality may be removed in the future.

libafl_derive derive
bincode std
backtrace std

Enables backtrace

Used to get the stacktrace in StacktraceObserver

typed-builder std

Enables typed-builder

Implement the builder pattern at compiletime

serde_json nautilus? std
uuid std
ratatui tui_monitor?

Enables ratatui

Commandline rendering, for TUI Monitor

crossterm tui_monitor?
prometheus-client prometheus_monitor?

Enables prometheus-client

For the prometheus monitor

tide prometheus_monitor?
async-std prometheus_monitor?
futures prometheus_monitor?
tokio multi_machine? tcp_manager?

Enables tokio

used for TCP Event Manager and multi-machine

enumflags2 multi_machine?
wait-timeout std

Enables wait-timeout

used by CommandExecutor to wait for child process

concat-idents implicit feature

Enables concat-idents

concat-idents:

Allows concatenating multiple identifiers and using them everywhere

libcasr casr?
bitvec unicode?

Enables bitvec

used for string range storage

arrayvec multipart_inputs?

Enables arrayvec

used for fixed-len collects

regex-syntax nautilus?

Enables regex-syntax

For nautilus

serial_test std

Enables serial_test

optional-dev deps (change when target.'cfg(accessible(::std))'.test-dependencies will be stable)

clap implicit feature

Enables clap

Optional

z3 unix cmin? concolic_mutation?