AFLplusplus
diff --git a/‎fuzzers/baby_fuzzer/src/main.rs
Lines changed: 5 additions & 10 deletions b/‎fuzzers/baby_fuzzer/src/main.rs
Lines changed: 5 additions & 10 deletions
diff --git a/‎fuzzers/frida_libpng/src/fuzzer.rs
Lines changed: 2 additions & 6 deletions b/‎fuzzers/frida_libpng/src/fuzzer.rs
Lines changed: 2 additions & 6 deletions
diff --git a/‎fuzzers/libfuzzer_libmozjpeg/src/lib.rs
Lines changed: 5 additions & 6 deletions b/‎fuzzers/libfuzzer_libmozjpeg/src/lib.rs
Lines changed: 5 additions & 6 deletions
diff --git a/‎fuzzers/libfuzzer_libpng/src/lib.rs
Lines changed: 8 additions & 6 deletions b/‎fuzzers/libfuzzer_libpng/src/lib.rs
Lines changed: 8 additions & 6 deletions
diff --git a/‎fuzzers/libfuzzer_reachability/src/lib.rs
Lines changed: 17 additions & 42 deletions b/‎fuzzers/libfuzzer_reachability/src/lib.rs
Lines changed: 17 additions & 42 deletions
diff --git a/‎fuzzers/libfuzzer_stb_image/src/main.rs
Lines changed: 7 additions & 4 deletions b/‎fuzzers/libfuzzer_stb_image/src/main.rs
Lines changed: 7 additions & 4 deletions
diff --git a/‎libafl/Cargo.toml
Lines changed: 2 additions & 1 deletion b/‎libafl/Cargo.toml
Lines changed: 2 additions & 1 deletion
diff --git a/‎libafl/build.rs
Lines changed: 18 additions & 0 deletions b/‎libafl/build.rs
Lines changed: 18 additions & 0 deletions
@@ -46,9 +46,8 @@ pub fn main() {
     // such as the notification of the addition of a new item to the corpus
     let mut mgr = SimpleEventManager::new(stats);
 
-    // Create an observation channel using the siganls map
-    let observer =
-        StdMapObserver::new("signals", unsafe { &mut SIGNALS }, unsafe { SIGNALS.len() });
+    // Create an observation channel using the signals map
+    let observer = StdMapObserver::new("signals", unsafe { &mut SIGNALS });
 
     // create a State from scratch
     let mut state = State::new(
@@ -76,13 +75,9 @@ pub fn main() {
     let scheduler = QueueCorpusScheduler::new();
 
     // Create the executor for an in-process function with just one observer
-    let mut executor = InProcessExecutor::new(
-        &mut harness,
-        tuple_list!(observer),
-        &mut state,
-        &mut mgr,
-    )
-    .expect("Failed to create the Executor".into());
+    let mut executor =
+        InProcessExecutor::new(&mut harness, tuple_list!(observer), &mut state, &mut mgr)
+            .expect("Failed to create the Executor".into());
 
     // Generator of printable bytearrays of max size 32
     let mut generator = RandPrintablesGenerator::new(32);
 
@@ -258,12 +258,8 @@ unsafe fn fuzz(
     };
 
     let frida_options = FridaOptions::parse_env_options();
-    let mut frida_helper = FridaInstrumentationHelper::new(
-        &gum,
-        &frida_options,
-        module_name,
-        &modules_to_instrument,
-    );
+    let mut frida_helper =
+        FridaInstrumentationHelper::new(&gum, &frida_options, module_name, &modules_to_instrument);
 
     // Create an observation channel using the coverage map
     let edges_observer = HitcountsMapObserver::new(StdMapObserver::new_from_ptr(
 
@@ -22,7 +22,7 @@ use libafl::{
 };
 
 use libafl_targets::{
-    libfuzzer_initialize, libfuzzer_test_one_input, CMP_MAP, CMP_MAP_SIZE, EDGES_MAP, MAX_EDGES_NUM,
+    libfuzzer_initialize, libfuzzer_test_one_input, CMP_MAP, EDGES_MAP, MAX_EDGES_NUM,
 };
 
 const ALLOC_MAP_SIZE: usize = 16 * 1024;
@@ -59,15 +59,14 @@ fn fuzz(corpus_dirs: Vec<PathBuf>, objective_dir: PathBuf, broker_port: u16) ->
         setup_restarting_mgr_std(stats, broker_port).expect("Failed to setup the restarter".into());
 
     // Create an observation channel using the coverage map
-    let edges_observer =
-        StdMapObserver::new("edges", unsafe { &mut EDGES_MAP }, unsafe { MAX_EDGES_NUM });
+    let edges = unsafe { &mut EDGES_MAP[0..MAX_EDGES_NUM] };
+    let edges_observer = StdMapObserver::new("edges", edges);
 
     // Create an observation channel using the cmp map
-    let cmps_observer = StdMapObserver::new("cmps", unsafe { &mut CMP_MAP }, CMP_MAP_SIZE);
+    let cmps_observer = StdMapObserver::new("cmps", unsafe { &mut CMP_MAP });
 
     // Create an observation channel using the allocations map
-    let allocs_observer =
-        StdMapObserver::new("allocs", unsafe { &mut libafl_alloc_map }, ALLOC_MAP_SIZE);
+    let allocs_observer = StdMapObserver::new("allocs", unsafe { &mut libafl_alloc_map });
 
     // If not restarting, create a State from scratch
     let mut state = state.unwrap_or_else(|| {
 
@@ -63,11 +63,13 @@ fn fuzz(corpus_dirs: Vec<PathBuf>, objective_dir: PathBuf, broker_port: u16) ->
             }
         },
     };
-
+    
     // Create an observation channel using the coverage map
-    let edges_observer = HitcountsMapObserver::new(unsafe {
-        StdMapObserver::new("edges", &mut EDGES_MAP, MAX_EDGES_NUM)
-    });
+    let edges = unsafe { &mut EDGES_MAP[0..MAX_EDGES_NUM] };
+    let edges_observer = HitcountsMapObserver::new(StdMapObserver::new("edges", edges));
+
+    // Create an observation channel to keep track of the execution time
+    let time_observer = TimeObserver::new("time");
 
     // If not restarting, create a State from scratch
     let mut state = state.unwrap_or_else(|| {
@@ -79,7 +81,7 @@ fn fuzz(corpus_dirs: Vec<PathBuf>, objective_dir: PathBuf, broker_port: u16) ->
             // Feedbacks to rate the interestingness of an input
             feedback_or!(
                 MaxMapFeedback::new_with_observer_track(&edges_observer, true, false),
-                TimeFeedback::new()
+                TimeFeedback::new_with_observer(&time_observer)
             ),
             // Corpus in which we store solutions (crashes in this example),
             // on disk so the user can get them after stopping the fuzzer
@@ -122,7 +124,7 @@ fn fuzz(corpus_dirs: Vec<PathBuf>, objective_dir: PathBuf, broker_port: u16) ->
     let mut executor = TimeoutExecutor::new(
         InProcessExecutor::new(
             &mut harness,
-            tuple_list!(edges_observer, TimeObserver::new("time")),
+            tuple_list!(edges_observer, time_observer),
             &mut state,
             &mut restarting_mgr,
         )?,
 
@@ -1,38 +1,28 @@
 //! A libfuzzer-like fuzzer with llmp-multithreading support and restarts
 //! The example harness is built for libpng.
 
-use core::time::Duration;
 use std::{env, path::PathBuf};
 
 use libafl::{
     bolts::tuples::tuple_list,
-    corpus::{
-        Corpus, InMemoryCorpus, IndexesLenTimeMinimizerCorpusScheduler, OnDiskCorpus,
-        QueueCorpusScheduler,
-    },
+    corpus::{Corpus, InMemoryCorpus, OnDiskCorpus, RandCorpusScheduler},
     events::{setup_restarting_mgr_std, EventManager},
-    executors::{inprocess::InProcessExecutor, ExitKind, TimeoutExecutor},
-    feedback_or,
-    feedbacks::{
-        CrashFeedback, MaxMapFeedback, ReachabilityFeedback, TimeFeedback, TimeoutFeedback,
-    },
+    executors::{inprocess::InProcessExecutor, ExitKind},
+    feedbacks::{MaxMapFeedback, ReachabilityFeedback},
     fuzzer::{Fuzzer, StdFuzzer},
     mutators::scheduled::{havoc_mutations, StdScheduledMutator},
     mutators::token_mutations::Tokens,
-    observers::{HitcountsMapObserver, StdMapObserver, TimeObserver},
+    observers::{HitcountsMapObserver, StdMapObserver},
     stages::mutational::StdMutationalStage,
     state::{HasCorpus, HasMetadata, State},
     stats::SimpleStats,
     utils::{current_nanos, StdRand},
     Error,
 };
-
 use libafl_targets::{libfuzzer_initialize, libfuzzer_test_one_input, EDGES_MAP, MAX_EDGES_NUM};
 
-#[cfg(unix)]
 const TARGET_SIZE: usize = 4;
 
-#[cfg(unix)]
 extern "C" {
     static __libafl_target_list: *mut usize;
 }
@@ -75,12 +65,12 @@ fn fuzz(corpus_dirs: Vec<PathBuf>, objective_dir: PathBuf, broker_port: u16) ->
     };
 
     // Create an observation channel using the coverage map
-    let edges_observer = HitcountsMapObserver::new(unsafe {
-        StdMapObserver::new("edges", &mut EDGES_MAP, MAX_EDGES_NUM)
-    });
+    let edges = unsafe { &mut EDGES_MAP[0..MAX_EDGES_NUM] };
+    let edges_observer = HitcountsMapObserver::new(StdMapObserver::new("edges", edges));
 
     let reachability_observer =
         unsafe { StdMapObserver::new_from_ptr("png.c", __libafl_target_list, TARGET_SIZE) };
+
     // If not restarting, create a State from scratch
     let mut state = state.unwrap_or_else(|| {
         State::new(
@@ -89,19 +79,12 @@ fn fuzz(corpus_dirs: Vec<PathBuf>, objective_dir: PathBuf, broker_port: u16) ->
             // Corpus that will be evolved, we keep it in memory for performance
             InMemoryCorpus::new(),
             // Feedbacks to rate the interestingness of an input
-            feedback_or!(
-                MaxMapFeedback::new_with_observer_track(&edges_observer, true, false),
-                TimeFeedback::new()
-            ),
+            MaxMapFeedback::new_with_observer_track(&edges_observer, true, false),
             // Corpus in which we store solutions (crashes in this example),
             // on disk so the user can get them after stopping the fuzzer
             OnDiskCorpus::new(objective_dir).unwrap(),
             // Feedbacks to recognize an input as solution
-            feedback_or!(
-                CrashFeedback::new(),
-                TimeoutFeedback::new(),
-                ReachabilityFeedback::new_with_observer(&reachability_observer)
-            ),
+            ReachabilityFeedback::new_with_observer(&reachability_observer),
         )
     });
 
@@ -125,8 +108,8 @@ fn fuzz(corpus_dirs: Vec<PathBuf>, objective_dir: PathBuf, broker_port: u16) ->
     // A fuzzer with just one stage
     let mut fuzzer = StdFuzzer::new(tuple_list!(stage));
 
-    // A minimization+queue policy to get testcasess from the corpus
-    let scheduler = IndexesLenTimeMinimizerCorpusScheduler::new(QueueCorpusScheduler::new());
+    // A random policy to get testcasess from the corpus
+    let scheduler = RandCorpusScheduler::new();
 
     // The wrapped harness function, calling out to the LLVM-style harness
     let mut harness = |buf: &[u8]| {
@@ -135,20 +118,12 @@ fn fuzz(corpus_dirs: Vec<PathBuf>, objective_dir: PathBuf, broker_port: u16) ->
     };
 
     // Create the executor for an in-process function with one observer for edge coverage and one for the execution time
-    let mut executor = TimeoutExecutor::new(
-        InProcessExecutor::new(
-            &mut harness,
-            tuple_list!(
-                edges_observer,
-                reachability_observer,
-                TimeObserver::new("time")
-            ),
-            &mut state,
-            &mut restarting_mgr,
-        )?,
-        // 10 seconds timeout
-        Duration::new(10, 0),
-    );
+    let mut executor = InProcessExecutor::new(
+        &mut harness,
+        tuple_list!(edges_observer, reachability_observer,),
+        &mut state,
+        &mut restarting_mgr,
+    )?;
 
     // The actual target run starts here.
     // Call LLVMFUzzerInitialize() if present.
 
@@ -63,8 +63,11 @@ fn fuzz(corpus_dirs: Vec<PathBuf>, objective_dir: PathBuf, broker_port: u16) ->
 
     // Create an observation channel using the coverage map
     // We don't use the hitcounts (see the Cargo.toml, we use pcguard_edges)
-    let edges_observer =
-        StdMapObserver::new("edges", unsafe { &mut EDGES_MAP }, unsafe { MAX_EDGES_NUM });
+    let edges = unsafe { &mut EDGES_MAP[0..MAX_EDGES_NUM] };
+    let edges_observer = StdMapObserver::new("edges", edges);
+
+    // Create an observation channel to keep track of the execution time
+    let time_observer = TimeObserver::new("time");
 
     // If not restarting, create a State from scratch
     let mut state = state.unwrap_or_else(|| {
@@ -76,7 +79,7 @@ fn fuzz(corpus_dirs: Vec<PathBuf>, objective_dir: PathBuf, broker_port: u16) ->
             // Feedbacks to rate the interestingness of an input
             feedback_or!(
                 MaxMapFeedback::new_with_observer_track(&edges_observer, true, false),
-                TimeFeedback::new()
+                TimeFeedback::new_with_observer(&time_observer)
             ),
             // Corpus in which we store solutions (crashes in this example),
             // on disk so the user can get them after stopping the fuzzer
@@ -118,7 +121,7 @@ fn fuzz(corpus_dirs: Vec<PathBuf>, objective_dir: PathBuf, broker_port: u16) ->
     // Create the executor for an in-process function with just one observer for edge coverage
     let mut executor = InProcessExecutor::new(
         &mut harness,
-        tuple_list!(edges_observer, TimeObserver::new("time")),
+        tuple_list!(edges_observer, time_observer),
         &mut state,
         &mut restarting_mgr,
     )?;
 
@@ -10,7 +10,8 @@ keywords = ["fuzzing", "testing", "security"]
 edition = "2018"
 build = "build.rs"
 
-# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
+[build-dependencies]
+rustc_version = "0.3.3"
 
 [dev-dependencies]
 criterion = "0.3" # Benchmarking
 
@@ -1,5 +1,7 @@
 //! special handling to build and link libafl
 
+use rustc_version::{version_meta, Channel};
+
 fn main() {
     #[cfg(target_os = "windows")]
     windows::build!(
@@ -9,4 +11,20 @@ fn main() {
         windows::win32::system_services::{CreateFileMappingA, OpenFileMappingA, MapViewOfFile, UnmapViewOfFile},
         windows::win32::debug::{SetUnhandledExceptionFilter, EXCEPTION_POINTERS, EXCEPTION_RECORD, LPTOP_LEVEL_EXCEPTION_FILTER}
     );
+
+    // Set cfg flags depending on release channel
+    match version_meta().unwrap().channel {
+        Channel::Stable => {
+            println!("cargo:rustc-cfg=RUSTC_IS_STABLE");
+        }
+        Channel::Beta => {
+            println!("cargo:rustc-cfg=RUSTC_IS_BETA");
+        }
+        Channel::Nightly => {
+            println!("cargo:rustc-cfg=RUSTC_IS_NIGHTLY");
+        }
+        Channel::Dev => {
+            println!("cargo:rustc-cfg=RUSTC_IS_DEV");
+        }
+    }
 }