clippy fixes

Author: domenukk

fuzzers/libfuzzer_libpng/Makefile

@@ -1,52 +1,55 @@
 PWD=`pwd`
+FUZZER_NAME="fuzzer_libpng"
 
 all:
 	# Build the libpng libfuzzer library
 	cargo build --release
 
     # Build the libpng harness	
-	$(PWD)/target/release/cxx \
+	$(PWD)/target/release/libafl_cxx \
 		$(PWD)/harness.cc \
 		$(PWD)/libpng-1.6.37/.libs/libpng16.a \
 		-I$(PWD)/libpng-1.6.37/ \
-		-o fuzzer \
+		-o $(FUZZER_NAME) \
 		-lm -lz
 
 run: all
-	./fuzzer &
-	./fuzzer >/dev/null 2>/dev/null &
+	./$(FUZZER_NAME) &
+	sleep 0.2
+	./$(FUZZER_NAME) >/dev/null 2>/dev/null &
 
 test: all
-	timeout 60s ./fuzzer &
-	timeout 59s taskset 0x00000001 ./fuzzer >/dev/null 2>/dev/null &
-	timeout 59s taskset 0x00000002 ./fuzzer >/dev/null 2>/dev/null &
-	timeout 59s taskset 0x00000004 ./fuzzer >/dev/null 2>/dev/null &
-	timeout 59s taskset 0x00000008 ./fuzzer >/dev/null 2>/dev/null &
-	# timeout 59s taskset 0x00000010 ./fuzzer >/dev/null 2>/dev/null &
-	# timeout 59s taskset 0x00000020 ./fuzzer >/dev/null 2>/dev/null &
-	# timeout 59s taskset 0x00000040 ./fuzzer >/dev/null 2>/dev/null &
-	# timeout 59s taskset 0x00000080 ./fuzzer >/dev/null 2>/dev/null &
-	# timeout 59s taskset 0x00000100 ./fuzzer >/dev/null 2>/dev/null &
-	# timeout 59s taskset 0x00000200 ./fuzzer >/dev/null 2>/dev/null &
-	# timeout 59s taskset 0x00000400 ./fuzzer >/dev/null 2>/dev/null &
-	# timeout 59s taskset 0x00000800 ./fuzzer >/dev/null 2>/dev/null &
-	# timeout 59s taskset 0x00001000 ./fuzzer >/dev/null 2>/dev/null &
-	# timeout 59s taskset 0x00002000 ./fuzzer >/dev/null 2>/dev/null &
-	# timeout 59s taskset 0x00004000 ./fuzzer >/dev/null 2>/dev/null &
-	# timeout 59s taskset 0x00008000 ./fuzzer >/dev/null 2>/dev/null &
-	# timeout 59s taskset 0x00010000 ./fuzzer >/dev/null 2>/dev/null &
-	# timeout 59s taskset 0x00020000 ./fuzzer >/dev/null 2>/dev/null &
-	# timeout 59s taskset 0x00040000 ./fuzzer >/dev/null 2>/dev/null &
-	# timeout 59s taskset 0x00080000 ./fuzzer >/dev/null 2>/dev/null &
-	# timeout 59s taskset 0x00100000 ./fuzzer >/dev/null 2>/dev/null &
-	# timeout 59s taskset 0x00200000 ./fuzzer >/dev/null 2>/dev/null &
-	# timeout 59s taskset 0x00400000 ./fuzzer >/dev/null 2>/dev/null &
-	# timeout 59s taskset 0x00800000 ./fuzzer >/dev/null 2>/dev/null &
-	# timeout 59s taskset 0x01000000 ./fuzzer >/dev/null 2>/dev/null &
-	# timeout 59s taskset 0x02000000 ./fuzzer >/dev/null 2>/dev/null &
-	# timeout 59s taskset 0x04000000 ./fuzzer >/dev/null 2>/dev/null &
-	# timeout 59s taskset 0x08000000 ./fuzzer >/dev/null 2>/dev/null &
-	# timeout 59s taskset 0x10000000 ./fuzzer >/dev/null 2>/dev/null &
-	# timeout 59s taskset 0x20000000 ./fuzzer >/dev/null 2>/dev/null &
-	# timeout 59s taskset 0x40000000 ./fuzzer >/dev/null 2>/dev/null &
-	# timeout 59s taskset 0x80000000 ./fuzzer >/dev/null 2>/dev/null &
+	timeout 60s ./$(FUZZER_NAME) &
+	sleep 0.2
+	timeout 59s taskset 0x00000001 ./$(FUZZER_NAME) >/dev/null 2>/dev/null &
+	timeout 59s taskset 0x00000002 ./$(FUZZER_NAME) >/dev/null 2>/dev/null &
+	timeout 59s taskset 0x00000004 ./$(FUZZER_NAME) >/dev/null 2>/dev/null &
+	timeout 59s taskset 0x00000008 ./$(FUZZER_NAME) >/dev/null 2>/dev/null &
+	# timeout 59s taskset 0x00000010 ./$(FUZZER_NAME) >/dev/null 2>/dev/null &
+	# timeout 59s taskset 0x00000020 ./$(FUZZER_NAME) >/dev/null 2>/dev/null &
+	# timeout 59s taskset 0x00000040 ./$(FUZZER_NAME) >/dev/null 2>/dev/null &
+	# timeout 59s taskset 0x00000080 ./$(FUZZER_NAME) >/dev/null 2>/dev/null &
+	# timeout 59s taskset 0x00000100 ./$(FUZZER_NAME) >/dev/null 2>/dev/null &
+	# timeout 59s taskset 0x00000200 ./$(FUZZER_NAME) >/dev/null 2>/dev/null &
+	# timeout 59s taskset 0x00000400 ./$(FUZZER_NAME) >/dev/null 2>/dev/null &
+	# timeout 59s taskset 0x00000800 ./$(FUZZER_NAME) >/dev/null 2>/dev/null &
+	# timeout 59s taskset 0x00001000 ./$(FUZZER_NAME) >/dev/null 2>/dev/null &
+	# timeout 59s taskset 0x00002000 ./$(FUZZER_NAME) >/dev/null 2>/dev/null &
+	# timeout 59s taskset 0x00004000 ./$(FUZZER_NAME) >/dev/null 2>/dev/null &
+	# timeout 59s taskset 0x00008000 ./$(FUZZER_NAME) >/dev/null 2>/dev/null &
+	# timeout 59s taskset 0x00010000 ./$(FUZZER_NAME) >/dev/null 2>/dev/null &
+	# timeout 59s taskset 0x00020000 ./$(FUZZER_NAME) >/dev/null 2>/dev/null &
+	# timeout 59s taskset 0x00040000 ./$(FUZZER_NAME) >/dev/null 2>/dev/null &
+	# timeout 59s taskset 0x00080000 ./$(FUZZER_NAME) >/dev/null 2>/dev/null &
+	# timeout 59s taskset 0x00100000 ./$(FUZZER_NAME) >/dev/null 2>/dev/null &
+	# timeout 59s taskset 0x00200000 ./$(FUZZER_NAME) >/dev/null 2>/dev/null &
+	# timeout 59s taskset 0x00400000 ./$(FUZZER_NAME) >/dev/null 2>/dev/null &
+	# timeout 59s taskset 0x00800000 ./$(FUZZER_NAME) >/dev/null 2>/dev/null &
+	# timeout 59s taskset 0x01000000 ./$(FUZZER_NAME) >/dev/null 2>/dev/null &
+	# timeout 59s taskset 0x02000000 ./$(FUZZER_NAME) >/dev/null 2>/dev/null &
+	# timeout 59s taskset 0x04000000 ./$(FUZZER_NAME) >/dev/null 2>/dev/null &
+	# timeout 59s taskset 0x08000000 ./$(FUZZER_NAME) >/dev/null 2>/dev/null &
+	# timeout 59s taskset 0x10000000 ./$(FUZZER_NAME) >/dev/null 2>/dev/null &
+	# timeout 59s taskset 0x20000000 ./$(FUZZER_NAME) >/dev/null 2>/dev/null &
+	# timeout 59s taskset 0x40000000 ./$(FUZZER_NAME) >/dev/null 2>/dev/null &
+	# timeout 59s taskset 0x80000000 ./$(FUZZER_NAME) >/dev/null 2>/dev/null &

fuzzers/libfuzzer_libpng/README.md

@@ -6,6 +6,8 @@ In contrast to other fuzzer examples, this setup uses `fuzz_loop_for`, to occasi
 While this costs performance, it can be useful for targets with memory leaks or other instabilities.
 If your target is really instable, however, consider exchanging the `InProcessExecutor` for a `ForkserverExecutor` instead.
 
+It also uses the `introspection` feature, printing fuzzer stats during execution.
+
 To show off crash detection, we added a `ud2` instruction to the harness, edit harness.cc if you want a non-crashing example.
 It has been tested on Linux.
 
@@ -51,7 +53,7 @@ This allows you to run multiple different builds of the same fuzzer alongside, f
 
 ## Run
 
-The first time you run the binary, the broker will open a tcp port (currently on port `1337`), waiting for fuzzer clients to connect. This port is local and only used for the initial handshake. All further communication happens via shared map, to be independent of the kernel. Currently you must run the clients from the libfuzzer_libpng directory for them to be able to access the PNG corpus.
+The first time you run the binary, the broker will open a tcp port (currently on port `1337`), waiting for fuzzer clients to connect. This port is local and only used for the initial handshake. All further communication happens via shared map, to be independent of the kernel. Currently, you must run the clients from the libfuzzer_libpng directory for them to be able to access the PNG corpus.
 
 ```
 ./fuzzer_libpng

fuzzers/libfuzzer_libpng/src/lib.rs

@@ -63,7 +63,7 @@ fn fuzz(corpus_dirs: Vec<PathBuf>, objective_dir: PathBuf, broker_port: u16) ->
             }
         },
     };
-    
+
     // Create an observation channel using the coverage map
     let edges = unsafe { &mut EDGES_MAP[0..MAX_EDGES_NUM] };
     let edges_observer = HitcountsMapObserver::new(StdMapObserver::new("edges", edges));
@@ -78,7 +78,6 @@ fn fuzz(corpus_dirs: Vec<PathBuf>, objective_dir: PathBuf, broker_port: u16) ->
             StdRand::with_seed(current_nanos()),
             // Corpus that will be evolved, we keep it in memory for performance
             InMemoryCorpus::new(),
-
             // Feedbacks to rate the interestingness of an input
             feedback_or!(
                 MaxMapFeedback::new_tracking_with_observer(&edges_observer, true, false),
@@ -92,7 +91,6 @@ fn fuzz(corpus_dirs: Vec<PathBuf>, objective_dir: PathBuf, broker_port: u16) ->
         )
     });
 
-
     println!("We're a client, let's fuzz :)");
 
     // Create a PNG dictionary if not existing

libafl/src/cpu.rs

@@ -6,6 +6,7 @@
 /// implementations of reading a cycle counter. In this way, an experiment only has to
 /// change this implementation rather than every instead of [`cpu::read_time_counter`]
 #[cfg(target_arch = "x86_64")]
+#[must_use]
 pub fn read_time_counter() -> u64 {
     unsafe { core::arch::x86_64::_rdtsc() }
 }

libafl/src/events/llmp.rs

@@ -262,7 +262,7 @@ where
                 client.update_executions(*executions as u64, *time);
 
                 // Update the performance stats for this client
-                client.update_introspection_stats(*introspection_stats);
+                client.update_introspection_stats(**introspection_stats);
 
                 // Display the stats via `.display` only on core #1
                 if sender_id == 1 {

libafl/src/events/mod.rs

@@ -111,7 +111,7 @@ where
         executions: usize,
 
         /// Current performance statistics
-        introspection_stats: ClientPerfStats,
+        introspection_stats: Box<ClientPerfStats>,
 
         phantom: PhantomData<I>,
     },

libafl/src/events/simple.rs

@@ -115,7 +115,7 @@ where
             } => {
                 // TODO: The stats buffer should be added on client add.
                 stats.client_stats_mut()[0].update_executions(*executions as u64, *time);
-                stats.client_stats_mut()[0].update_introspection_stats(*introspection_stats);
+                stats.client_stats_mut()[0].update_introspection_stats(**introspection_stats);
                 stats.display(event.name().to_string());
                 Ok(BrokerEventResult::Handled)
             }

libafl/src/fuzzer.rs

@@ -120,9 +120,9 @@ pub trait Fuzzer<E, EM, S, CS> {
         Ok(ret)
     }
 
-    /// Given the last time, if stats_timeout seconds passed, send off an info/stats/heartbeat message to the broker.
+    /// Given the last time, if `stats_timeout` seconds passed, send off an info/stats/heartbeat message to the broker.
     /// Returns the new `last` time (so the old one, unless `stats_timeout` time has passed and stats have been sent)
-    /// Will return an Error, if the stats could not be sent.
+    /// Will return an [`crate::Error`], if the stats could not be sent.
     fn maybe_report_stats(
         state: &mut S,
         manager: &mut EM,
@@ -225,7 +225,7 @@ where
                     Event::UpdatePerfStats {
                         executions: *state.executions(),
                         time: cur,
-                        introspection_stats: state.introspection_stats().clone(),
+                        introspection_stats: Box::new(*state.introspection_stats()),
                         phantom: PhantomData,
                     },
                 )?;

libafl/src/stats/mod.rs

@@ -396,11 +396,12 @@ const NUM_PERF_FEATURES: usize = PerfFeature::Count as usize;
 impl ClientPerfStats {
     /// Create a blank [`ClientPerfStats`] with the `start_time` and `current_time` with
     /// the current clock counter
+    #[must_use]
     pub fn new() -> Self {
-        let start_time = crate::cpu::read_time_counter().try_into().unwrap();
+        let start_time = crate::cpu::read_time_counter();
 
         Self {
-            start_time: start_time,
+            start_time,
             current_time: start_time,
             scheduler: 0,
             manager: 0,
@@ -604,6 +605,7 @@ impl ClientPerfStats {
 
 #[cfg(feature = "introspection")]
 impl core::fmt::Display for ClientPerfStats {
+    #[allow(clippy::cast_precision_loss)]
     fn fmt(&self, f: &mut core::fmt::Formatter) -> Result<(), core::fmt::Error> {
         // Calculate the elapsed time from the stats
         let elapsed: f64 = (self.current_time - self.start_time) as f64;
@@ -620,7 +622,7 @@ impl core::fmt::Display for ClientPerfStats {
         // Create the formatted string
         writeln!(
             f,
-            "Scheduler: {:4.2} | Manager: {:4.2} | Stages:\n",
+            "Scheduler: {:4.2} | Manager: {:4.2} | Stages:",
             scheduler_percent, manager_percent
         )?;
 
@@ -632,7 +634,7 @@ impl core::fmt::Display for ClientPerfStats {
             }
 
             // Write the stage header
-            write!(f, "  Stage {}:\n", stage_index)?;
+            writeln!(f, "  Stage {}:", stage_index)?;
 
             for (feature_index, feature) in features.iter().enumerate() {
                 // Calculate this current stage's percentage
@@ -650,7 +652,7 @@ impl core::fmt::Display for ClientPerfStats {
                 let feature: PerfFeature = feature_index.into();
 
                 // Write the percentage for this feature
-                write!(f, "    {:6.4}: {:?}\n", feature_percent, feature)?;
+                writeln!(f, "    {:6.4}: {:?}", feature_percent, feature)?;
             }
 
             for (feedback_index, feedback) in self.feedbacks.iter().enumerate() {
@@ -666,9 +668,9 @@ impl core::fmt::Display for ClientPerfStats {
                 other_percent -= feedback_percent;
 
                 // Write the percentage for this feedback
-                write!(
+                writeln!(
                     f,
-                    "    {:6.4}: Feedback index {}\n",
+                    "    {:6.4}: Feedback index {}",
                     feedback_percent, feedback_index
                 )?;
             }