Rust 2024 edition (#3022)

* Rust 2024 edition

* gen = generalized

* Fixes

* more fix

* More fix

* even more fix

* fix libfuzzer

* ignore clippy lint

* even more

* fix docs?

* more?

* More pub more better

* win

* docs

* more

* More

* doc stuff?

* counter_maps->counters_maps

* libafl qemu fixes for rust 2024

* fix?

* fmt

* unsafe lint

* final fixes

* fmt

* working?

* not working

* unused import

* win?

* update libafl qemu hash

* fmt

* fix

* unused imports

* fix

* fix

* more foix

* less edition

* fix

---------

Co-authored-by: Romain Malmain <[email protected]>

Author: domenukk

.github/workflows/build_and_test.yml

@@ -223,6 +223,7 @@ jobs:
     steps:
       - uses: actions/checkout@v4
       - uses: taiki-e/install-action@cargo-hack
+      - run: rustup upgrade
       # Note: We currently only specify minimum rust versions for the default workspace members
       - run: cargo hack check --rust-version -p libafl -p libafl_bolts -p libafl_derive -p libafl_cc -p libafl_targets
 

.gitignore

@@ -74,6 +74,5 @@ libafl_nyx/packer
 harness
 program
 fuzzer_libpng*
-forkserver_simple
 
 *.patch

bindings/pylibafl/Cargo.toml

@@ -5,7 +5,7 @@ version = "0.15.1"
 license = "MIT OR Apache-2.0"
 repository = "https://github.com/AFLplusplus/LibAFL/"
 keywords = ["fuzzing", "testing", "security", "python"]
-edition = "2021"
+edition = "2024"
 categories = ["development-tools::testing", "emulators", "embedded", "os"]
 
 [dependencies]

docs/src/advanced_features/no_std.md

@@ -31,7 +31,7 @@ Here, we use it in Rust. `external_current_millis` is then called from LibAFL.
 Note that it needs to be `no_mangle` in order to get picked up by LibAFL at linktime:
 
 ```rust,ignore
-#[no_mangle]
+#[unsafe(no_mangle)]
 pub extern "C" fn external_current_millis() -> u64 {
     unsafe { my_real_seconds()*1000 }
 }

docs/src/core_concepts/executor.md

@@ -32,7 +32,9 @@ As you can see from the forkserver example,
 //Coverage map shared between observer and executor
 let mut shmem = StdShMemProvider::new().unwrap().new_shmem(MAP_SIZE).unwrap();
 //let the forkserver know the shmid
-shmem.write_to_env("__AFL_SHM_ID").unwrap();
+unsafe {
+    shmem.write_to_env("__AFL_SHM_ID").unwrap();
+}
 let mut shmem_buf = shmem.as_slice_mut();
 ```
 

fuzzers/baby/baby_fuzzer_swap_differential/Cargo.toml

@@ -21,7 +21,7 @@ debug = true
 
 [build-dependencies]
 anyhow = "1.0.89"
-bindgen = "0.70.1"
+bindgen = "0.71.1"
 cc = "=1.2.7"      # fix me later
 
 [dependencies]

fuzzers/baby/backtrace_baby_fuzzers/forkserver_executor/src/main.rs

@@ -40,7 +40,9 @@ pub fn main() {
 
     let mut shmem = shmem_provider.new_shmem(MAP_SIZE).unwrap();
     //let the forkserver know the shmid
-    shmem.write_to_env("__AFL_SHM_ID").unwrap();
+    unsafe {
+        shmem.write_to_env("__AFL_SHM_ID").unwrap();
+    }
     let shmem_map: &mut [u8; MAP_SIZE] = shmem
         .as_slice_mut()
         .try_into()

fuzzers/forkserver/forkserver_libafl_cc/src/main.rs

@@ -97,7 +97,9 @@ pub fn main() {
     // The coverage map shared between observer and executor
     let mut shmem = shmem_provider.new_shmem(MAP_SIZE).unwrap();
     // let the forkserver know the shmid
-    shmem.write_to_env("__AFL_SHM_ID").unwrap();
+    unsafe {
+        shmem.write_to_env("__AFL_SHM_ID").unwrap();
+    }
     let shmem_buf = shmem.as_slice_mut();
     // the next line is not needed
     // unsafe { EDGES_MAP_PTR = shmem_buf.as_mut_ptr() };

fuzzers/forkserver/forkserver_simple/Cargo.toml

@@ -2,7 +2,7 @@
 name = "forkserver_simple"
 version = "0.14.1"
 authors = ["tokatoka <[email protected]>"]
-edition = "2021"
+edition = "2024"
 
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 

fuzzers/forkserver/forkserver_simple/build.rs

@@ -1,7 +1,7 @@
 use std::{
     env,
     path::Path,
-    process::{exit, Command},
+    process::{Command, exit},
 };
 
 const AFL_URL: &str = "https://github.com/AFLplusplus/AFLplusplus";
@@ -12,7 +12,9 @@ fn main() {
         exit(0);
     }
 
-    env::remove_var("DEBUG");
+    unsafe {
+        env::remove_var("DEBUG");
+    }
     let cwd = env::current_dir().unwrap().to_string_lossy().to_string();
 
     let afl = format!("{}/AFLplusplus", &cwd);

fuzzers/forkserver/forkserver_simple/src/main.rs

@@ -3,27 +3,26 @@ use std::path::PathBuf;
 
 use clap::Parser;
 use libafl::{
+    HasMetadata,
     corpus::{Corpus, InMemoryCorpus, OnDiskCorpus},
     events::SimpleEventManager,
-    executors::{forkserver::ForkserverExecutor, HasObservers},
+    executors::{HasObservers, forkserver::ForkserverExecutor},
     feedback_and_fast, feedback_or,
     feedbacks::{CrashFeedback, MaxMapFeedback, TimeFeedback},
     fuzzer::{Fuzzer, StdFuzzer},
     inputs::BytesInput,
     monitors::SimpleMonitor,
-    mutators::{havoc_mutations, tokens_mutations, StdScheduledMutator, Tokens},
+    mutators::{StdScheduledMutator, Tokens, havoc_mutations, tokens_mutations},
     observers::{CanTrack, HitcountsMapObserver, StdMapObserver, TimeObserver},
     schedulers::{IndexesLenTimeMinimizerScheduler, QueueScheduler},
     stages::mutational::StdMutationalStage,
     state::{HasCorpus, StdState},
-    HasMetadata,
 };
 use libafl_bolts::{
-    current_nanos,
+    AsSliceMut, Truncate, current_nanos,
     rands::StdRand,
     shmem::{ShMem, ShMemProvider, UnixShMemProvider},
-    tuples::{tuple_list, Handled, Merge},
-    AsSliceMut, Truncate,
+    tuples::{Handled, Merge, tuple_list},
 };
 use nix::sys::signal::Signal;
 
@@ -97,7 +96,9 @@ pub fn main() {
     // The coverage map shared between observer and executor
     let mut shmem = shmem_provider.new_shmem(MAP_SIZE).unwrap();
     // let the forkserver know the shmid
-    shmem.write_to_env("__AFL_SHM_ID").unwrap();
+    unsafe {
+        shmem.write_to_env("__AFL_SHM_ID").unwrap();
+    }
     let shmem_buf = shmem.as_slice_mut();
 
     // Create an observation channel using the signals map

fuzzers/forkserver/fuzzbench_forkserver/src/main.rs

@@ -242,7 +242,9 @@ fn fuzz(
     // The coverage map shared between observer and executor
     let mut shmem = shmem_provider.new_shmem(MAP_SIZE).unwrap();
     // let the forkserver know the shmid
-    shmem.write_to_env("__AFL_SHM_ID").unwrap();
+    unsafe {
+        shmem.write_to_env("__AFL_SHM_ID").unwrap();
+    }
     let shmem_buf = shmem.as_slice_mut();
     // To let know the AFL++ binary that we have a big map
     std::env::set_var("AFL_MAP_SIZE", format!("{}", MAP_SIZE));
@@ -348,7 +350,9 @@ fn fuzz(
         // The cmplog map shared between observer and executor
         let mut cmplog_shmem = shmem_provider.uninit_on_shmem::<AFLppCmpLogMap>().unwrap();
         // let the forkserver know the shmid
-        cmplog_shmem.write_to_env("__AFL_CMPLOG_SHM_ID").unwrap();
+        unsafe {
+            cmplog_shmem.write_to_env("__AFL_CMPLOG_SHM_ID").unwrap();
+        }
         let cmpmap = unsafe { OwnedRefMut::<AFLppCmpLogMap>::from_shmem(&mut cmplog_shmem) };
 
         let cmplog_observer = StdCmpObserver::new("cmplog", cmpmap, true);

fuzzers/forkserver/fuzzbench_forkserver_cmplog/src/main.rs

@@ -244,7 +244,9 @@ fn fuzz(
     // The coverage map shared between observer and executor
     let mut shmem = shmem_provider.new_shmem(MAP_SIZE).unwrap();
     // let the forkserver know the shmid
-    shmem.write_to_env("__AFL_SHM_ID").unwrap();
+    unsafe {
+        shmem.write_to_env("__AFL_SHM_ID").unwrap();
+    }
     let shmem_buf = shmem.as_slice_mut();
     // To let know the AFL++ binary that we have a big map
     std::env::set_var("AFL_MAP_SIZE", format!("{MAP_SIZE}"));
@@ -351,7 +353,9 @@ fn fuzz(
         // The cmplog map shared between observer and executor
         let mut cmplog_shmem = shmem_provider.uninit_on_shmem::<AFLppCmpLogMap>().unwrap();
         // let the forkserver know the shmid
-        cmplog_shmem.write_to_env("__AFL_CMPLOG_SHM_ID").unwrap();
+        unsafe {
+            cmplog_shmem.write_to_env("__AFL_CMPLOG_SHM_ID").unwrap();
+        }
         let cmpmap = unsafe { OwnedRefMut::from_shmem(&mut cmplog_shmem) };
 
         let cmplog_observer = AFLppCmpLogObserver::new("cmplog", cmpmap, true);

fuzzers/forkserver/libafl-fuzz/src/executor.rs

@@ -200,7 +200,7 @@ pub fn find_afl_binary(filename: &str, same_dir_as: Option<PathBuf>) -> Result<P
         false
     };
 
-    #[expect(clippy::useless_conversion)] // u16 on MacOS, u32 on Linux
+    #[allow(clippy::useless_conversion)] // u16 on MacOS, u32 on Linux
     let permission = if is_library {
         u32::from(S_IRUSR) // user can read
     } else {

fuzzers/forkserver/libafl-fuzz/src/fuzzer.rs

@@ -122,7 +122,9 @@ define_run_client!(state, mgr, fuzzer_dir, core_id, opt, is_main_node, {
     let mut shmem = shmem_provider
         .new_shmem(opt.map_size.unwrap_or(AFL_DEFAULT_MAP_SIZE))
         .unwrap();
-    shmem.write_to_env(SHMEM_ENV_VAR).unwrap();
+    unsafe {
+        shmem.write_to_env(SHMEM_ENV_VAR).unwrap();
+    }
     let shmem_buf = shmem.as_slice_mut();
 
     // If we are in Nyx Mode, we need to use a different map observer.
@@ -300,14 +302,17 @@ define_run_client!(state, mgr, fuzzer_dir, core_id, opt, is_main_node, {
 
     // Set LD_PRELOAD (Linux) && DYLD_INSERT_LIBRARIES (OSX) for target.
     if let Some(preload_env) = &opt.afl_preload {
-        std::env::set_var("LD_PRELOAD", preload_env);
-        std::env::set_var("DYLD_INSERT_LIBRARIES", preload_env);
+        // TODO: Audit that the environment access only happens in single-threaded code.
+        unsafe { std::env::set_var("LD_PRELOAD", preload_env) };
+        // TODO: Audit that the environment access only happens in single-threaded code.
+        unsafe { std::env::set_var("DYLD_INSERT_LIBRARIES", preload_env) };
     }
 
     // Insert appropriate shared libraries if frida_mode
     if opt.frida_mode {
         if opt.frida_asan {
-            std::env::set_var("ASAN_OPTIONS", "detect_leaks=false");
+            // TODO: Audit that the environment access only happens in single-threaded code.
+            unsafe { std::env::set_var("ASAN_OPTIONS", "detect_leaks=false") };
         }
         let frida_bin = find_afl_binary("afl-frida-trace.so", Some(opt.executable.clone()))?
             .display()
@@ -317,8 +322,10 @@ define_run_client!(state, mgr, fuzzer_dir, core_id, opt, is_main_node, {
         } else {
             frida_bin
         };
-        std::env::set_var("LD_PRELOAD", &preload);
-        std::env::set_var("DYLD_INSERT_LIBRARIES", &preload);
+        // TODO: Audit that the environment access only happens in single-threaded code.
+        unsafe { std::env::set_var("LD_PRELOAD", &preload) };
+        // TODO: Audit that the environment access only happens in single-threaded code.
+        unsafe { std::env::set_var("DYLD_INSERT_LIBRARIES", &preload) };
     }
     #[cfg(feature = "nyx")]
     let mut executor = {
@@ -456,7 +463,7 @@ define_run_client!(state, mgr, fuzzer_dir, core_id, opt, is_main_node, {
     // We only run cmplog on the main node
     let cmplog_executable_path = match &opt.cmplog {
         None => "-",
-        Some(ref p) => match p.as_str() {
+        Some(p) => match p.as_str() {
             "0" => opt.executable.to_str().unwrap(),
             _ => p,
         },
@@ -468,7 +475,9 @@ define_run_client!(state, mgr, fuzzer_dir, core_id, opt, is_main_node, {
         let mut cmplog_shmem = shmem_provider.uninit_on_shmem::<AFLppCmpLogMap>().unwrap();
 
         // Let the Forkserver know the CmpLog shared memory map ID.
-        cmplog_shmem.write_to_env("__AFL_CMPLOG_SHM_ID").unwrap();
+        unsafe {
+            cmplog_shmem.write_to_env("__AFL_CMPLOG_SHM_ID").unwrap();
+        }
         let cmpmap = unsafe { OwnedRefMut::from_shmem(&mut cmplog_shmem) };
 
         // Create the CmpLog observer.

fuzzers/inprocess/fuzzbench/Cargo.toml

@@ -5,7 +5,7 @@ authors = [
   "Andrea Fioraldi <[email protected]>",
   "Dominik Maier <[email protected]>",
 ]
-edition = "2021"
+edition = "2024"
 
 [features]
 default = ["std"]

fuzzers/inprocess/fuzzbench/src/bin/libafl_cc.rs

@@ -8,10 +8,15 @@ pub fn main() {
         let mut dir = env::current_exe().unwrap();
         let wrapper_name = dir.file_name().unwrap().to_str().unwrap();
 
-        let is_cpp = match wrapper_name[wrapper_name.len()-2..].to_lowercase().as_str() {
+        let is_cpp = match wrapper_name[wrapper_name.len() - 2..]
+            .to_lowercase()
+            .as_str()
+        {
             "cc" => false,
             "++" | "pp" | "xx" => true,
-            _ => panic!("Could not figure out if c or c++ wrapper was called. Expected {dir:?} to end with c or cxx"),
+            _ => panic!(
+                "Could not figure out if c or c++ wrapper was called. Expected {dir:?} to end with c or cxx"
+            ),
         };
 
         dir.pop();

fuzzers/inprocess/fuzzbench/src/lib.rs

@@ -16,47 +16,46 @@ use std::{
 
 use clap::{Arg, Command};
 use libafl::{
+    Error, HasMetadata,
     corpus::{Corpus, InMemoryOnDiskCorpus, OnDiskCorpus},
     events::SimpleRestartingEventManager,
-    executors::{inprocess::InProcessExecutor, ExitKind},
+    executors::{ExitKind, inprocess::InProcessExecutor},
     feedback_or,
     feedbacks::{CrashFeedback, MaxMapFeedback, TimeFeedback},
     fuzzer::{Fuzzer, StdFuzzer},
     inputs::{BytesInput, HasTargetBytes},
     monitors::SimpleMonitor,
     mutators::{
-        havoc_mutations, token_mutations::I2SRandReplace, tokens_mutations, StdMOptMutator,
-        StdScheduledMutator, Tokens,
+        StdMOptMutator, StdScheduledMutator, Tokens, havoc_mutations,
+        token_mutations::I2SRandReplace, tokens_mutations,
     },
     observers::{CanTrack, HitcountsMapObserver, TimeObserver},
     schedulers::{
-        powersched::PowerSchedule, IndexesLenTimeMinimizerScheduler, StdWeightedScheduler,
+        IndexesLenTimeMinimizerScheduler, StdWeightedScheduler, powersched::PowerSchedule,
     },
     stages::{
-        calibrate::CalibrationStage, power::StdPowerMutationalStage, StdMutationalStage,
-        TracingStage,
+        StdMutationalStage, TracingStage, calibrate::CalibrationStage,
+        power::StdPowerMutationalStage,
     },
     state::{HasCorpus, StdState},
-    Error, HasMetadata,
 };
 use libafl_bolts::{
-    current_time,
+    AsSlice, current_time,
     os::dup2,
     rands::StdRand,
     shmem::{ShMemProvider, StdShMemProvider},
-    tuples::{tuple_list, Merge},
-    AsSlice,
+    tuples::{Merge, tuple_list},
 };
 #[cfg(any(target_os = "linux", target_vendor = "apple"))]
 use libafl_targets::autotokens;
 use libafl_targets::{
-    libfuzzer_initialize, libfuzzer_test_one_input, std_edges_map_observer, CmpLogObserver,
+    CmpLogObserver, libfuzzer_initialize, libfuzzer_test_one_input, std_edges_map_observer,
 };
 #[cfg(unix)]
 use nix::unistd::dup;
 
 /// The fuzzer main (as `no_mangle` C function)
-#[no_mangle]
+#[unsafe(no_mangle)]
 pub extern "C" fn libafl_main() {
     // Registry the metadata types used in this fuzzer
     // Needed only on no_std

fuzzers/structure_aware/forkserver_simple_nautilus/src/main.rs

@@ -95,8 +95,12 @@ pub fn main() {
 
     // The coverage map shared between observer and executor
     let mut shmem = shmem_provider.new_shmem(MAP_SIZE).unwrap();
-    // let the forkserver know the shmid
-    shmem.write_to_env("__AFL_SHM_ID").unwrap();
+
+    unsafe {
+        // let the forkserver know the shmid
+        shmem.write_to_env("__AFL_SHM_ID").unwrap();
+    }
+
     let shmem_buf = shmem.as_slice_mut();
 
     // Create an observation channel using the signals map

libafl/Cargo.toml

@@ -11,8 +11,8 @@ repository = "https://github.com/AFLplusplus/LibAFL/"
 readme = "../README.md"
 license = "MIT OR Apache-2.0"
 keywords = ["fuzzing", "testing", "security"]
-edition = "2021"
-rust-version = "1.82"
+edition = "2024"
+rust-version = "1.85"
 categories = [
   "development-tools::testing",
   "emulators",

libafl/examples/tui_mock/main.rs

@@ -4,9 +4,9 @@
 use std::{thread::sleep, time::Duration};
 
 use libafl::monitors::{
-    stats::{manager::ClientStatsManager, ClientStats},
-    tui::TuiMonitor,
     Monitor,
+    stats::{ClientStats, manager::ClientStatsManager},
+    tui::TuiMonitor,
 };
 use libafl_bolts::ClientId;
 

libafl/src/common/mod.rs

@@ -7,8 +7,8 @@ use core::any::type_name;
 pub mod nautilus;
 
 use libafl_bolts::{
-    serdeany::{NamedSerdeAnyMap, SerdeAny, SerdeAnyMap},
     Error,
+    serdeany::{NamedSerdeAnyMap, SerdeAny, SerdeAnyMap},
 };
 /// Trait for elements offering metadata
 pub trait HasMetadata {