more fixes

fuzzers/binary_only/fuzzbench_fork_qemu/src/fuzzer.rs

@@ -314,7 +314,7 @@ fn fuzz(
         5,
     )?;
 
-    let power: StdPowerMutationalStage<_, _, BytesInput, _, _> =
+    let power: StdPowerMutationalStage<_, _, BytesInput, _, _, _> =
         StdPowerMutationalStage::new(mutator);
 
     // A minimization+queue policy to get testcasess from the corpus

fuzzers/binary_only/fuzzbench_qemu/src/fuzzer.rs

@@ -317,7 +317,7 @@ fn fuzz(
         5,
     )?;
 
-    let power: StdPowerMutationalStage<_, _, BytesInput, _, _> =
+    let power: StdPowerMutationalStage<_, _, BytesInput, _, _, _> =
         StdPowerMutationalStage::new(mutator);
 
     // A minimization+queue policy to get testcasess from the corpus

fuzzers/binary_only/qemu_launcher/src/instance.rs

@@ -274,7 +274,7 @@ impl<M: Monitor> Instance<'_, M> {
                 5,
             )?;
 
-            let power: StdPowerMutationalStage<_, _, BytesInput, _, _> =
+            let power: StdPowerMutationalStage<_, _, BytesInput, _, _, _> =
                 StdPowerMutationalStage::new(mutator);
 
             // The order of the stages matter!

fuzzers/forkserver/fuzzbench_forkserver/src/main.rs

@@ -298,7 +298,7 @@ fn fuzz(
         5,
     )?;
 
-    let power: StdPowerMutationalStage<_, _, BytesInput, _, _> =
+    let power: StdPowerMutationalStage<_, _, BytesInput, _, _, _> =
         StdPowerMutationalStage::new(mutator);
 
     // A minimization+queue policy to get testcasess from the corpus

fuzzers/forkserver/fuzzbench_forkserver_cmplog/src/main.rs

@@ -300,7 +300,7 @@ fn fuzz(
         5,
     )?;
 
-    let power: StdPowerMutationalStage<_, _, BytesInput, _, _> =
+    let power: StdPowerMutationalStage<_, _, BytesInput, _, _, _> =
         StdPowerMutationalStage::new(mutator);
 
     // A minimization+queue policy to get testcasess from the corpus

fuzzers/forkserver/libafl-fuzz/src/fuzzer.rs

@@ -266,7 +266,7 @@ define_run_client!(state, mgr, fuzzer_dir, core_id, opt, is_main_node, {
         SupportedMutationalStages::StdMutational(StdMutationalStage::new(mutation), PhantomData)
     } else {
         SupportedMutationalStages::PowerMutational(
-            StdPowerMutationalStage::new(mutation),
+            StdPowerMutationalStage::<_, _, BytesInput, _, _, _>::new(mutation),
             PhantomData,
         )
     };
@@ -487,7 +487,9 @@ define_run_client!(state, mgr, fuzzer_dir, core_id, opt, is_main_node, {
         let tracing = AFLppCmplogTracingStage::new(cmplog_executor, cmplog_ref);
 
         // Create a randomic Input2State stage
-        let rq = MultiMutationalStage::new(AFLppRedQueen::with_cmplog_options(true, true));
+        let rq = MultiMutationalStage::<_, _, BytesInput, _, _, _>::new(
+            AFLppRedQueen::with_cmplog_options(true, true),
+        );
 
         // Create an IfStage and wrap the CmpLog stages in it.
         // We run cmplog on the second fuzz run of the testcase.

fuzzers/forkserver/libafl-fuzz/src/stages/mutational_stage.rs

@@ -7,18 +7,19 @@ use libafl::{
 use libafl_bolts::Named;
 
 #[derive(Debug)]
-pub enum SupportedMutationalStages<E, EM, I, M, S, SM, P, Z> {
-    StdMutational(SM, PhantomData<(E, EM, I, M, S, Z)>),
-    PowerMutational(P, PhantomData<(E, EM, I, M, S, Z)>),
+pub enum SupportedMutationalStages<SM, P> {
+    StdMutational(SM, PhantomData<P>),
+    PowerMutational(P, PhantomData<SM>),
 }
 
-impl<E, EM, I, M, S, SM, P, Z> MutationalStage<M, S>
-    for SupportedMutationalStages<E, EM, I, M, S, SM, P, Z>
+impl<S, SM, P> MutationalStage<S> for SupportedMutationalStages<SM, P>
 where
-    SM: MutationalStage<M, S>,
-    P: MutationalStage<M, S>,
+    SM: MutationalStage<S>,
+    P: MutationalStage<S, Mutator = SM::Mutator>,
 {
-    fn mutator(&self) -> &M {
+    type Mutator = SM::Mutator;
+    /// The mutator, added to this stage
+    fn mutator(&self) -> &Self::Mutator {
         match self {
             Self::StdMutational(m, _) => m.mutator(),
             Self::PowerMutational(p, _) => p.mutator(),
@@ -27,7 +28,7 @@ where
 
     /// The list of mutators, added to this stage (as mutable ref)
     #[inline]
-    fn mutator_mut(&mut self) -> &mut M {
+    fn mutator_mut(&mut self) -> &mut Self::Mutator {
         match self {
             Self::StdMutational(m, _) => m.mutator_mut(),
             Self::PowerMutational(p, _) => p.mutator_mut(),
@@ -43,7 +44,7 @@ where
     }
 }
 
-impl<E, EM, I, M, S, SM, P, Z> Named for SupportedMutationalStages<E, EM, I, M, S, SM, P, Z>
+impl<SM, P> Named for SupportedMutationalStages<SM, P>
 where
     SM: Named,
     P: Named,
@@ -56,8 +57,7 @@ where
     }
 }
 
-impl<E, EM, I, M, S, SM, P, Z> Stage<E, EM, S, Z>
-    for SupportedMutationalStages<E, EM, I, M, S, SM, P, Z>
+impl<E, EM, S, SM, P, Z> Stage<E, EM, S, Z> for SupportedMutationalStages<SM, P>
 where
     SM: Stage<E, EM, S, Z>,
     P: Stage<E, EM, S, Z>,

fuzzers/inprocess/dynamic_analysis/src/lib.rs

@@ -314,7 +314,7 @@ fn fuzz(
         5,
     )?;
 
-    let power: StdPowerMutationalStage<_, _, BytesInput, _, _> =
+    let power: StdPowerMutationalStage<_, _, BytesInput, _, _, _> =
         StdPowerMutationalStage::new(mutator);
 
     // A minimization+queue policy to get testcasess from the corpus

fuzzers/inprocess/fuzzbench/src/lib.rs

@@ -307,7 +307,7 @@ fn fuzz(
         5,
     )?;
 
-    let power: StdPowerMutationalStage<_, _, BytesInput, _, _> =
+    let power: StdPowerMutationalStage<_, _, BytesInput, _, _, _> =
         StdPowerMutationalStage::new(mutator);
 
     // A minimization+queue policy to get testcasess from the corpus

fuzzers/inprocess/fuzzbench_ctx/src/lib.rs

@@ -317,7 +317,7 @@ fn fuzz(
         5,
     )?;
 
-    let power: StdPowerMutationalStage<_, _, BytesInput, _, _> =
+    let power: StdPowerMutationalStage<_, _, BytesInput, _, _, _> =
         StdPowerMutationalStage::new(mutator);
 
     // A minimization+queue policy to get testcasess from the corpus

fuzzers/inprocess/fuzzbench_text/src/lib.rs

@@ -374,7 +374,7 @@ fn fuzz_binary(
         5,
     )?;
 
-    let power: StdPowerMutationalStage<_, _, BytesInput, _, _> =
+    let power: StdPowerMutationalStage<_, _, BytesInput, _, _, _> =
         StdPowerMutationalStage::new(mutator);
 
     // A minimization+queue policy to get testcasess from the corpus
@@ -589,7 +589,7 @@ fn fuzz_text(
         5,
     )?;
 
-    let power: StdPowerMutationalStage<_, _, BytesInput, _, _> =
+    let power: StdPowerMutationalStage<_, _, BytesInput, _, _, _> =
         StdPowerMutationalStage::new(mutator);
 
     let grimoire_mutator = StdScheduledMutator::with_max_stack_pow(

fuzzers/inprocess/libfuzzer_libpng/src/lib.rs

@@ -143,7 +143,7 @@ fn fuzz(corpus_dirs: &[PathBuf], objective_dir: PathBuf, broker_port: u16) -> Re
 
     let mutator = StdScheduledMutator::new(havoc_mutations().merge(tokens_mutations()));
 
-    let power: StdPowerMutationalStage<_, _, BytesInput, _, _> =
+    let power: StdPowerMutationalStage<_, _, BytesInput, _, _, _> =
         StdPowerMutationalStage::new(mutator);
 
     let mut stages = tuple_list!(calibration, power);

fuzzers/inprocess/libfuzzer_libpng_cmin/src/lib.rs

@@ -140,7 +140,7 @@ fn fuzz(corpus_dirs: &[PathBuf], objective_dir: PathBuf, broker_port: u16) -> Re
 
     let mutator = StdScheduledMutator::new(havoc_mutations().merge(tokens_mutations()));
 
-    let power: StdPowerMutationalStage<_, _, BytesInput, _, _> =
+    let power: StdPowerMutationalStage<_, _, BytesInput, _, _, _> =
         StdPowerMutationalStage::new(mutator);
 
     let mut stages = tuple_list!(calibration, power);

fuzzers/inprocess/libfuzzer_libpng_tcp_manager/src/lib.rs

@@ -141,7 +141,7 @@ fn fuzz(corpus_dirs: &[PathBuf], objective_dir: PathBuf, broker_port: u16) -> Re
 
     let mutator = StdScheduledMutator::new(havoc_mutations().merge(tokens_mutations()));
 
-    let power: StdPowerMutationalStage<_, _, BytesInput, _, _> =
+    let power: StdPowerMutationalStage<_, _, BytesInput, _, _, _> =
         StdPowerMutationalStage::new(mutator);
 
     let mut stages = tuple_list!(calibration, power);

fuzzers/inprocess/libfuzzer_windows_asan/src/lib.rs

@@ -110,7 +110,7 @@ fn fuzz(corpus_dirs: &[PathBuf], objective_dir: PathBuf, broker_port: u16) -> Re
 
     let mutator = StdScheduledMutator::new(havoc_mutations().merge(tokens_mutations()));
 
-    let power: StdPowerMutationalStage<_, _, BytesInput, _, _> =
+    let power: StdPowerMutationalStage<_, _, BytesInput, _, _, _> =
         StdPowerMutationalStage::new(mutator);
 
     let mut stages = tuple_list!(calibration, power);

libafl/src/stages/mutational.rs

@@ -81,12 +81,15 @@ where
 /// A Mutational stage is the stage in a fuzzing run that mutates inputs.
 /// Mutational stages will usually have a range of mutations that are
 /// being applied to the input one by one, between executions.
-pub trait MutationalStage<M, S> {
+pub trait MutationalStage<S> {
+    /// The mutator of this stage
+    type Mutator;
+
     /// The mutator registered for this stage
-    fn mutator(&self) -> &M;
+    fn mutator(&self) -> &Self::Mutator;
 
     /// The mutator registered for this stage (mutable)
-    fn mutator_mut(&mut self) -> &mut M;
+    fn mutator_mut(&mut self) -> &mut Self::Mutator;
 
     /// Gets the number of iterations this mutator should run for.
     fn iterations(&self, state: &mut S) -> Result<usize, Error>;
@@ -109,19 +112,21 @@ pub struct StdMutationalStage<E, EM, I, M, S, Z> {
     phantom: PhantomData<(E, EM, I, S, Z)>,
 }
 
-impl<E, EM, I, M, S, Z> MutationalStage<M, S> for StdMutationalStage<E, EM, I, M, S, Z>
+impl<E, EM, I, M, S, Z> MutationalStage<S> for StdMutationalStage<E, EM, I, M, S, Z>
 where
     S: HasRand,
 {
+    type Mutator = M;
+
     /// The mutator, added to this stage
     #[inline]
-    fn mutator(&self) -> &M {
+    fn mutator(&self) -> &Self::Mutator {
         &self.mutator
     }
 
     /// The list of mutators, added to this stage (as mutable ref)
     #[inline]
-    fn mutator_mut(&mut self) -> &mut M {
+    fn mutator_mut(&mut self) -> &mut Self::Mutator {
         &mut self.mutator
     }
 

libafl/src/stages/power.rs

@@ -49,20 +49,21 @@ impl<E, F, EM, I, M, S, Z> Named for PowerMutationalStage<E, F, EM, I, M, S, Z>
     }
 }
 
-impl<E, F, EM, I, M, S, Z> MutationalStage<M, S> for PowerMutationalStage<E, F, EM, I, M, S, Z>
+impl<E, F, EM, I, M, S, Z> MutationalStage<S> for PowerMutationalStage<E, F, EM, I, M, S, Z>
 where
     S: HasCurrentTestcase,
     F: TestcaseScore<S>,
 {
+    type Mutator = M;
     /// The mutator, added to this stage
     #[inline]
-    fn mutator(&self) -> &M {
+    fn mutator(&self) -> &Self::Mutator {
         &self.mutator
     }
 
     /// The list of mutators, added to this stage (as mutable ref)
     #[inline]
-    fn mutator_mut(&mut self) -> &mut M {
+    fn mutator_mut(&mut self) -> &mut Self::Mutator {
         &mut self.mutator
     }
 

libafl/src/stages/tuneable.rs

@@ -161,23 +161,24 @@ pub struct TuneableMutationalStage<E, EM, I, M, S, Z> {
     phantom: PhantomData<(E, EM, I, S, Z)>,
 }
 
-impl<E, EM, I, M, S, Z> MutationalStage<M, S> for TuneableMutationalStage<E, EM, I, M, S, Z>
+impl<E, EM, I, M, S, Z> MutationalStage<S> for TuneableMutationalStage<E, EM, I, M, S, Z>
 where
     M: Mutator<I, S>,
     Z: Evaluator<E, EM>,
     S: HasCorpus + HasRand + HasNamedMetadata + HasMetadata + HasExecutions + HasCurrentTestcase,
     I: MutatedTransform<<S::Corpus as Corpus>::Input, S> + Clone,
     <S::Corpus as Corpus>::Input: Input,
 {
+    type Mutator = M;
     /// The mutator, added to this stage
     #[inline]
-    fn mutator(&self) -> &M {
+    fn mutator(&self) -> &Self::Mutator {
         &self.mutator
     }
 
     /// The list of mutators, added to this stage (as mutable ref)
     #[inline]
-    fn mutator_mut(&mut self) -> &mut M {
+    fn mutator_mut(&mut self) -> &mut Self::Mutator {
         &mut self.mutator
     }