Use LibAFL for mutation?

[domenukk]

Hey, this looks awesome!
I'm the maintainer of LibAFL, the fuzzing library, and wanted to shamelessly plug it here.
While the lib itself has binary-only instrumentation(frida, TinyInst), this seems to be a very different and promising approach.

The benefits for hyperpom would be that you'll instantly have the best-performing scheduling and input generation, according to fuzzbench, and can use advanced features like grammar fuzzing, token-level fuzzing, and Grimoire.

And, while I don't usually post this to random fuzzer GitHubs, in this case it seems totally straight forward to do, since it's all written in rust:
You probably just wrap these few lines inside an LibAFL executor:

hyperpom/src/core.rs

Line 837 in 85a4df8

let exec_ret = match iterations.as_mut() {

and then add an Observer to expose your coverage collection to the lib.
Then hyperpom could already use LibAFL's mutational stage. Potentially there is some extra work to feed LibAFL's cmplog stage with your cmp coverage, if you'd want that.
Of course, you probably don't want to use the whole LibAFL setup since it seems to replicate most that you have already build (launching multiple processes, IPC, etc), but you can just take the mutators

Just putting the idea out there, happy to help if you're interested ;)
Feel free to close otherwise

[0xLyte]

Hi, thanks a lot!
And no worries, libAFL definitely makes sense here. :p

I'll have a look and leave this issue open for now.
I can't give you an exact ETA, since I need to play a bit more with libAFL to integrate it properly, but it should be doable.