AFLplusplus
Rewrite InProcessExecutors
- We should use builder pattern instead of current constructors that has 90% same code
- Redesign crash, timeout hooks.
Can we change this to "rewrite executors"? There is too much technical debt here.
While we're at it, I'm not sure why run_target gets a reference to the Fuzzer. Last I checked, this was only used in some InProcessExecutors to retrieve observers, and I think you already have/can get a reference to those by directly passing the observers to the executor during creation. This is just a cyclical dependency, which is never great. Stuff like passing self to a function on another struct raises some alarm bells for me:
https://github.com/AFLplusplus/LibAFL/blob/c5b7c7c23514c79c5b5df50d6c577b2d23fec430/libafl/src/fuzzer/mod.rs#L936
While we're at it, I'm not sure why run_target gets a reference to the Fuzzer
this is for crash handler. When you crash in a inproc handler, you have to continue execution from a signal handler. This signal handler has to know the pointer to 4 things, the executor, the fuzzer, the state, and the event manager.
We write the pointer to these object before executions, so we need the references.
Last I checked, this was only used in some InProcessExecutors to retrieve observers, and I think you already have/can get a reference to those by directly passing the observers to the executor during creation.
In the crash handler, we need to get fuzzer.objectives() so that's why we need fuzzer.
In the crash handler, we need to get fuzzer.objectives() so that's why we need fuzzer.
The only thing ever needed from the fuzzer are the objectives, right? In that case: Why not just pass the OT instead of the entire fuzzer?
Alright, it works. Ready to merge from my side.
This doesn't mean this issue is to be closed, but at least the executors are a bit more disentangled from fuzzer.