fuzzanything / hopper Goto Github PK

Hopper is a tool for generating fuzzing test cases for libraries automatically using interpretative fuzzing.

License: Other

Dockerfile 0.10% Shell 1.29% Rust 85.68% Assembly 0.09% C 7.02% C++ 5.67% CMake 0.16%

fuzzing testing api-testing binary security fuzzer library-testing afl fuzzing-framework rust

hopper's Introduction

Hopper

Hopper is a tool for generating fuzzing test cases for libraries automatically using interpretative fuzzing. It transforms the problem of library fuzzing into the problem of interpreter fuzzing, enabling exploration of a vast range of API usages for library fuzzing out of the box. Some key features of Hopper include:

Interpretative API invoking without any fuzz driver.
Type-aware mutation for arguments.
Automatic intra- and inter-API constraints learning.
Binary instrumentation support.

To learn more about Hopper, check out our paper at CCS '23.

Build Hopper

Build Requirements

Linux-amd64 (Tested on Ubuntu 20.04 and Debian Buster)
Rust stable (>= 1.60), can be obtained using rustup
Clang (>= 5.0, Install Clang), rust-bindgen leverages libclang to preprocess, parse, and type check C and C++ header files.

Build Hopper itself

./build.sh

The script will create a install directory in hopper's root directory, then you can use hopper. To use the command anywhere, you can set the project directory in your PATH variable.

Using Docker

You can choose to use the Dockerfile, which build the requirements and Hopper.

docker build -t hopper ./
docker run --name hopper_dev --privileged -v /path-to-lib:/fuzz -it --rm hopper /bin/bash

Compile library with Hopper

Take csjon for example (More examples).

hopper compile --header ./cJSON.h --library ./libcjson.so --output output

Use hopper compile --help to see detailed usage. If the compiling reports errors about header file, refer to the usage of rust-bindgen, which we used for parsing header file. You may wrap the header file with the missing definitions. Hopper uses E9Patch to instrument binaries by default. Optionally, you can use LLVM for source code instrumentation.

After running compile, you will find that it generates the following files in the output directory:

bin/hopper-fuzzer: generates inputs, maintains states, and uses harness to execute the inputs.
bin/hopper-harness: executes the inputs.
bin/hopper-translate: translates inputs to C source code.
bin/hopper-generator: replays the generate process.
bin/hopper-sanitizer: sanitize and minimize crashes.

Header files

If there are multiple header files, you can create a new header file, and include all of them.
If header files are compiled depending on specific environment variables. You can set it by : BINDGEN_EXTRA_CLANG_ARGS.
If the header file includes API functions that you do not want to test, use --func-pattern to filter them while running the fuzzer.

Environment variable for compiling

HOPPER_MAP_SIZE_POW2: controls the size of coverage path. The default value is 16, and it should be in the range of [16, 20]. e.g. HOPPER_MAP_SIZE_POW2=18.
HOPPER_INST_RATIO: controls how likely a block will be chosen for instrumentation. The default value is 100, and it should be in the range of (0, 100]. e.g. HOPPER_INST_RATIO=75.
HOPPER_INCLUDE_SEARCH_PATH: includes the search path of file in header files. e.g. HOPPER_INCLUDE_SEARCH_PATH=../.
HOPPER_FUNC_BLACKLIST: includes function blacklists that hopper won't compile. bindgen will not generate code for the functions. e.g. HOPPER_FUNC_BLACKLIST=f1,f2.
HOPPER_TYPE_BLACKLIST: includes type blacklists that hopper won't compile. bindgen will not generate code for the types. e.g. HOPPER_TYPE_BLACKLIST=type1,type2.
HOPPER_ITEM_BLACKLIST: includes item(constants/variables) blacklists that hopper won't compile. bindgen will not generate code for the items. e.g. HOPPER_ITEM_BLACKLIST=IPPORT_RESERVED
HOPPER_CUSTOM_OPAQUE_LIST: includes custom opaque types we defined. e.g. HOPPER_CUSTOM_OPAQUE_LIST=type1.
HOPPER_FUZZ_INLINE_FUNCTION: includes inline function as our targets, see FAQ in bindgen.

Tips

You can set the arguments and environment variables for compiling and running in a configuration file named hopper.config, see examples/* for details.
Reduce density: If density is larger than 20%, the IDs of edges are likely to have hash-collisions. We can a) increase HOPPER_MAP_SIZE_POW2 or b) reduce HOPPER_INST_RATIO.
Multiple libraries: (1) merge the archives into one shared library, e.g. gcc -shared -o c.so -Wl,--whole-archive a.a b.a -Wl,--no-whole-archive; (2) pass all of them into hopper compiler by --library a.so b.so.

Fuzz Library with Hopper

hopper fuzz output --func-pattern cJSON_*

Use hopper fuzz output --help to see detailed usage.

After running fuzz, it will generate following directories.

queue: generated normal inputs.
hangs: generated timeout inputs.
crashes: generated crash inputs.
misc: store some temporal files or stats.

Environment variable for running

DISABLE_CALL_DET: disables call's deterministic mutating.
DISABLE_GEN_FAIL: disables generating programs for functions that have been failed to invoke.
HOPPER_SEED_DIR: provides seeds for byte-like arguments (default: output/seeds if t exists).
HOPPER_DICT: provides dictionary for byte-like arguments. The grammar is the same as AFL's.
HOPPER_API_INSENSITIVE_COV: disables API-sensitive branch counting.
HOPPER_FAST_EXECUTE_LOOP: number of programs executed (in a loop) for each fork, set as 0 or 1 to break the loop. e.g. HOPPER_FAST_EXECUTE_LOOP=10.

System configuration

Set system core dumps as AFL (on the host if you execute Hopper in a Docker container).

echo core | sudo tee /proc/sys/kernel/core_pattern

Function pattern

Hopper generates inputs for all functions that appear in both headers and libraries by default. However, there are two ways to filter functions in Hopper: excluding functions or including functions. This way, it can be focus on interesting functions.

`--func-pattern`

hopper fuzz output --func-pattern @cJSON_parse,!cJSON_InitHook,cJSON_*

The pattern can be a function name, e.g. cJSON_parse, or a simple pattern, e.g. cJSON_*.
If you have multiple patterns, use , to join them, e.g cJSON_*,HTTP_*.
You can use @ prefix to limit the fuzzer to only fuzz specific function, while the others can be candidates that provide values for fields or arguments, e.g. @cJSON_parse,cJSON_*.
! is used as prefix for excluding some specific functions, e.g !cJSON_InitHook,cJSON_*.

`--custom-rules`

The patterns can be defined in the file passed by --custom-rules.

// hopper fuzz output --custom-rules path-to-file
func_target cJSON_parse
func_exclude cJSON_InitHook
func_include cJSON_*,HTTP_*

Constraints

Hopper infers both intra- and inter-API constraints to invoking the APIs correctly.
The constraints are written in output/misc/constraint.config. You can remove the file to reset the constraints. Additionally, users can define a file that describes custom constraints for API invocations, which is passed by --custom-rules. The constraints will override the inferred ones.

// hopper fuzz output --custom-rules path-to-file
// Grammar: 
// func, type : prefix for adding a rule for function or type
// $[0-9]+    : function's i-th argument, or index in array
// [a-zA-Z_]+ : object field
// 0, 128 ..  : integer constants
// "xxxx"     : string constants
// methods    : $len, $range, $null, $non_null, $need_init, $read_file, $write_file, $ret_from, $cast_from, $use, $arr_len, $opaque, $len_factors
// others     :  pointer(&) , option(?), e.g &.$0.len,  `len` field in the pointer's first element
//
// Set one argument in a function to be specific constant
func test_add[$0] = 128
// One argument must be the length of another one
func test_arr[$1] = $len($0)
// Or one field must be the length of another field
func test_arr[$0][len] = $len([$0][name])
// One argument must be in a certain range
func test_arr[$1] = $range(0, $len($0))
// Argument should be non-null
func test_non_null[$0] = $non_null
// Argument should be null
func test_null[$0] = $null
// Argument should be specific string
func test_magic[$0] = "magic"
// Argument should be a file and the file will be read
func test_path[$0] = $read_file
// Argument should be use the value of specific function's return
func test_use[$0] = $ret_from(test_create)
// Argument should be specific type for void pointer. The type should start with *mut or *const.
func test_void[$0] = $cast_from(*mut u8)
// The array suppose has a minimal array length
func test_void[$0][&] = $arr_len(256)
// The array's length is formed by the factors
func fread[$0][&] = $len_factors(1, $2)
// Or
func gzfread[$0][&] = $len_factors($1, $2)
// Field in argument should be specific constant
func test_field[$0][len] = 128
// Deeper fields
func test_field[$0][&.elements.$0] = 128

// One field `len` in a type must be the length of another field `p`
type ArrayWrap[len] = $len(p)
// One nested union `inner_union` in a type must be set to `member2` 
type ComplicatedStruct[inner_union] = $use(member2)
// Type is opaque that used as an opaque pointer
type Partial = $opaque
// A type should be init with specific function
type Partial = $init_with(test_init, 0)

// ctx: set context for specific function
// Add a context for function
ctx test_use[$0] <- test_init
// Add implicit context
ctx test_use[*] <- test_init
// Add optional context that preferred to use
ctx test_use[$0] <- test_init ?
// Add forbidden context
ctx test_use[$0] <- ! test_init

// alias: alias types across different function
alias handleA <- useA($0),createA($ret),freeA($0)

// assert: adding specific assertions for calls
assert test_one == 1
assert test_non_zero != 0

Seeds for bytes arguments

If there is a seeds directory (Set by HOPPER_SEED_DIR), Hopper will try to read files inside it and uses them as the seeds for bytes arguments (e.g. char*). Also, you can indicate the seeds for specific argument via its parameter names, e.g make the subdirectory as @buf for parameter whose name is buf.

Logging

Hopper uses Rust's log crate to print log information. The default log level is INFO. If you want to print all logging information (DEBUG and TRACE), you can set the environment LOG_TYPE during running Hopper, e.g. LOG_TYPE=trace ./hopper. The detailed logging will be written at output/fuzzer_r*.log and output/harness_r*.log.

Reproduce execution

Hopper can reproduce the execution of programs at output directories.

hopper-harness can parse and explain the inputs by Hopper's runtime. It will print the internal states during execution in detail.

./bin/hopper-harness ./queue/id_000000

hopper-translate can translate the input to C source code. The C files can be a witness for reporting issues.

./bin/hopper-translate --input ./queue/id_000000  --header path-to/xx.h --output test.c
# then compile it with specific library
gcc -I/path-to-head -L/path-to-lib -l:libcjson.so test.c -o test

hopper-generator is able to replay input generation except execution. You can use it to analyse how the input was generated or mutated.

./bin/hopper-generator ./queue/id_000000

hopper-sanitizer can minimize and verify the crashes generated by Hopper. It excludes crashes that violate constraints and de-duplicate crashes according to call stacks.

./bin/hopper-sanitizer

Test

Test rust code

Run all testcases

RUST_BACKTRACE=1 cargo test -- --nocapture

Testsuite (test libraries)

How to run and write testuite

Real world examples

Examples

Evaluating results via source-based code coverage

Compile the libraries' source code with LLVM source-based code sanitizer. You should set the compiling flags, e.g.

export CFLAGS="${CFLAGS:-} -fprofile-instr-generate -fcoverage-mapping -gline-tables-only -g"
make

Compile the libraries with cov instrumentation mode. e.g.

hopper compile --instrument cov --header ./cJSON.h --library ./libcjson_cov.so --output output_cov

Run the interpreter with all generated seed inputs (SEED_DIR).

# run hopper and use llvm-cov to compute the coverage.
SEED_DIR=./output/queue hopper cov output_cov

Contributing guidelines

We have listed some tasks in Roadmap. If you are interested, please feel free to discuss with us and contribute your code.

Coding

Zero cargo check warning
Zero cargo clippy warning
Zero FAILED in cargo test
Try to write tests for your code

Profiling

perf record --call-graph=dwarf ./bin/hopper-fuzzer
# use flamegraph directly
perf script | stackcollapse-perf.pl | rust-unmangle | flamegraph.pl > flame.svg
# use inferno
perf script | inferno-collapse-perf | inferno-flamegraph > flamegraph.svg

perf will produce huge intermediate data for analysis, so do not run fuzzer more than 2 minutes.

hopper's People

Contributors

Stargazers

Watchers

hopper's Issues

Can't find any function for gadgets!

Hi!
I'm trying to use Hopper on a library but it reports "Can't find any function for gadgets!"
The library API names all start with "__", so I commented two places in Hopper's source code that has if f_name.starts_with('_') { return; } but it still reports the same error.
May I ask how should I fix this?

i got a new bug about 'struct'

I have defined a structure like this

typedef struct test {
struct test *next;
} test_t;

when i translated id_000000 i got a wrong c code file：

int main() {
test *v0_tmp[] = {NULL, }; // list
....
}

it used test not test_t or struct test

Hopper build fails on Windows 10

I am trying to build Hopper (Commit: e73a03a) on Windows 10. My build environment is as follows:

OS: Windows 10.0.19044.1288
Compiler: rustc 1.75.0 (82e1608df 2023-12-21)
Toolchain: stable-x86_64-pc-windows-gnu
Backend: gcc 11.4.0 (Cygwin)

I am hitting build issues in the platform-specific code. I tried to hand-fix some of them, but quickly I hit my limit. Has this version (the latest one at the time of posting this issue) of Hopper been tested on Windows 10 (or any other version of Windows)? If you did, can you please share the details of the build environment?

Fuzzer crashes when fuzzing with instrumented compiled library

Dear authors,

I am trying to use Hopper to fuzz the cJson library and evaluate coverage using the method provided by README.md. However, I ran into the following error.

2023-12-08 01:28:21.268606 +00:00] INFO [hopper-core/src/fuzz/infer/mod.rs:221] start verify function `cJSON_DeleteItemFromObject`
[2023-12-08 01:28:21.402481 +00:00] INFO [hopper-core/src/fuzz/infer/mod.rs:265] finish verify function `cJSON_DeleteItemFromObject`
[2023-12-08 01:28:21.402876 +00:00] DEBUG [hopper-core/src/fuzz/infer/mod.rs:144] re-generate pilot-det program
(......)
[2023-12-08 01:28:21.403596 +00:00] WARN [hopper-core/src/fuzz/infer/mod.rs:47] fail to generate successful pilot-det program!
[2023-12-08 01:28:21.443131 +00:00] WARN [hopper-core/src/fuzz/infer/mod.rs:48] pilot-det program: <HEADER> ID: 0, Parent: None,
<0> load next: alloc::vec::Vec<hopper_harness::cJSON> = vec(1)[{ next: mut* null, prev: mut* null, child: mut* null, type_: 0, valuestring: mut* null, valueint: 0, valuedouble: 0, string: mut* null,  }, ]
<1> load prev: alloc::vec::Vec<hopper_harness::cJSON> = vec(1)[{ next: mut* null, prev: mut* null, child: mut* null, type_: 0, valuestring: mut* null, valueint: 0, valuedouble: 0, string: mut* null,  }, ]
<2> load child: alloc::vec::Vec<hopper_harness::cJSON> = vec(1)[{ next: mut* null, prev: mut* null, child: mut* null, type_: 0, valuestring: mut* null, valueint: 0, valuedouble: 0, string: mut* null,  }, ]
<3> load valuestring: alloc::vec::Vec<i8> = bvec(34)["AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="]
<4> load string: alloc::vec::Vec<i8> = bvec(43)["AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="]
<5> load next: alloc::vec::Vec<hopper_harness::cJSON> = vec(1)[{ next: mut* <0>[], prev: mut* <1>[], child: mut* <2>[], type_: 0, valuestring: mut* <3>[], valueint: 0, valuedouble: 0, string: mut* <4>[],  }, ]
<6> load next: alloc::vec::Vec<hopper_harness::cJSON> = vec(1)[{ next: mut* null, prev: mut* null, child: mut* null, type_: 0, valuestring: mut* null, valueint: 0, valuedouble: 0, string: mut* null,  }, ]
<7> load prev: alloc::vec::Vec<hopper_harness::cJSON> = vec(1)[{ next: mut* null, prev: mut* null, child: mut* null, type_: 0, valuestring: mut* null, valueint: 0, valuedouble: 0, string: mut* null,  }, ]
<8> load child: alloc::vec::Vec<hopper_harness::cJSON> = vec(1)[{ next: mut* null, prev: mut* null, child: mut* null, type_: 0, valuestring: mut* null, valueint: 0, valuedouble: 0, string: mut* null,  }, ]
<9> load valuestring: alloc::vec::Vec<i8> = bvec(65)["AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="]
<10> load string: alloc::vec::Vec<i8> = bvec(54)["AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"]
<11> load prev: alloc::vec::Vec<hopper_harness::cJSON> = vec(1)[{ next: mut* <6>[], prev: mut* <7>[], child: mut* <8>[], type_: 0, valuestring: mut* <9>[], valueint: 0, valuedouble: 0, string: mut* <10>[],  }, ]
<12> load next: alloc::vec::Vec<hopper_harness::cJSON> = vec(1)[{ next: mut* null, prev: mut* null, child: mut* null, type_: 0, valuestring: mut* null, valueint: 0, valuedouble: 0, string: mut* null,  }, ]
<13> load prev: alloc::vec::Vec<hopper_harness::cJSON> = vec(1)[{ next: mut* null, prev: mut* null, child: mut* null, type_: 0, valuestring: mut* null, valueint: 0, valuedouble: 0, string: mut* null,  }, ]
<14> load child: alloc::vec::Vec<hopper_harness::cJSON> = vec(1)[{ next: mut* null, prev: mut* null, child: mut* null, type_: 0, valuestring: mut* null, valueint: 0, valuedouble: 0, string: mut* null,  }, ]
<15> load valuestring: alloc::vec::Vec<i8> = bvec(57)["AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"]
<16> load string: alloc::vec::Vec<i8> = bvec(40)["AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="]
<17> load child: alloc::vec::Vec<hopper_harness::cJSON> = vec(1)[{ next: mut* <12>[], prev: mut* <13>[], child: mut* <14>[], type_: 0, valuestring: mut* <15>[], valueint: 0, valuedouble: 0, string: mut* <16>[],  }, ]
<18> load valuestring: alloc::vec::Vec<i8> = bvec(24)["AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"]
<19> load string: alloc::vec::Vec<i8> = bvec(30)["AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"]
<20> load object: alloc::vec::Vec<hopper_harness::cJSON> = vec(1)[{ next: mut* <5>[], prev: mut* <11>[], child: mut* <17>[], type_: 0, valuestring: mut* <18>[], valueint: 0, valuedouble: 0, string: mut* <19>[],  }, ]
<21> load object: hopper::runtime::FuzzMutPointer<hopper_harness::cJSON> = mut* <20>[]
<22> load string: alloc::vec::Vec<i8> = bvec(49)["AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="]
<23> load string: hopper::runtime::FuzzConstPointer<i8> = const* <22>[]
<24> call $target: cJSON_DeleteItemFromObject ? (<21>, <23>, )
<END>
<RNG> { state: 3789975838155152769, increment: 9004290527146035689,  }
<FLAG> 3

[2023-12-08 01:28:21.443175 +00:00] WARN [hopper-core/src/fuzz/infer/mod.rs:60] API `cJSON_DeleteItemFromObject` crashed after refining.
[2023-12-08 01:28:21.443226 +00:00] INFO [hopper-core/src/fuzz/infer/mod.rs:37] [40/78] start pilot infer `cJSON_DeleteItemFromObjectCaseSensitive` ..

[2023-12-08 01:29:21.239102 +00:00] INFO [hopper-core/src/fuzzer.rs:546] [00:01:26] #queue: 1, #crashes: 1, #hangs: 0, #edge: 1, density: 0.00%, #round: 1050, #exec: 151.24k (70%), #speed: 1758.62 (0.28ms)
[2023-12-08 01:29:21.239123 +00:00] DEBUG [hopper-core/src/depot/select.rs:95] select program 0 as seed, score: (0, 4.4807021848923e-22)
[2023-12-08 01:29:21.275917 +00:00] DEBUG [hopper-core/src/fuzzer.rs:188] start generation in round 1051
[2023-12-08 01:29:21.276529 +00:00] DEBUG [hopper-core/src/fuzzer.rs:476] fail at runtime!
[2023-12-08 01:29:21.288278 +00:00] DEBUG [hopper-core/src/fuzzer.rs:476] fail at runtime!
[2023-12-08 01:29:21.295362 +00:00] DEBUG [hopper-core/src/fuzzer.rs:476] fail at runtime!
[2023-12-08 01:29:21.303327 +00:00] DEBUG [hopper-core/src/depot/select.rs:95] select program 0 as seed, score: (0, 4.03263196640307e-22)
[2023-12-08 01:29:21.346079 +00:00] DEBUG [hopper-core/src/depot/select.rs:95] select program 0 as seed, score: (0, 3.629368769762763e-22)
[2023-12-08 01:29:21.387766 +00:00] DEBUG [hopper-core/src/fuzzer.rs:188] start generation in round 1054
[2023-12-08 01:29:21.396590 +00:00] DEBUG [hopper-core/src/fuzzer.rs:476] fail at runtime!
[2023-12-08 01:29:21.413728 +00:00] DEBUG [hopper-core/src/depot/select.rs:95] select program 0 as seed, score: (0, 3.2664318927864865e-22)
[2023-12-08 01:29:21.453537 +00:00] DEBUG [hopper-core/src/fuzzer.rs:188] start generation in round 1056
[2023-12-08 01:29:21.461710 +00:00] DEBUG [hopper-core/src/fuzzer.rs:476] fail at runtime!
[2023-12-08 01:29:21.482016 +00:00] DEBUG [hopper-core/src/fuzzer.rs:188] start generation in round 1057
[2023-12-08 01:29:21.508778 +00:00] DEBUG [hopper-core/src/depot/select.rs:95] select program 0 as seed, score: (0, 2.9397887035078377e-22)
[2023-12-08 01:29:21.547142 +00:00] DEBUG [hopper-core/src/depot/select.rs:95] select program 0 as seed, score: (0, 2.645809833157054e-22)
[2023-12-08 01:29:21.582797 +00:00] DEBUG [hopper-core/src/fuzzer.rs:188] start generation in round 1060
[2023-12-08 01:29:21.604086 +00:00] DEBUG [hopper-core/src/depot/select.rs:95] select program 0 as seed, score: (0, 2.3812288498413486e-22)
[2023-12-08 01:29:21.643170 +00:00] DEBUG [hopper-core/src/depot/select.rs:95] select program 0 as seed, score: (0, 2.1431059648572137e-22)
[2023-12-08 01:29:21.681461 +00:00] DEBUG [hopper-core/src/depot/select.rs:95] select program 0 as seed, score: (0, 1.9287953683714923e-22)
[2023-12-08 01:29:21.718410 +00:00] DEBUG [hopper-core/src/depot/select.rs:95] select program 0 as seed, score: (0, 1.7359158315343432e-22)
[2023-12-08 01:29:21.754672 +00:00] DEBUG [hopper-core/src/fuzzer.rs:188] start generation in round 1065
[2023-12-08 01:29:21.776089 +00:00] DEBUG [hopper-core/src/depot/select.rs:95] select program 0 as seed, score: (0, 1.562324248380909e-22)
[2023-12-08 01:29:21.811978 +00:00] DEBUG [hopper-core/src/depot/select.rs:95] select program 0 as seed, score: (0, 1.406091823542818e-22)
[2023-12-08 01:29:21.850029 +00:00] DEBUG [hopper-core/src/depot/select.rs:95] select program 0 as seed, score: (0, 1.265482641188536e-22)
[2023-12-08 01:29:21.891879 +00:00] DEBUG [hopper-core/src/fuzzer.rs:188] start generation in round 1069
[2023-12-08 01:29:21.901766 +00:00] DEBUG [hopper-core/src/fuzzer.rs:476] fail at runtime!
[2023-12-08 01:29:21.907281 +00:00] DEBUG [hopper-core/src/fuzzer.rs:476] fail at runtime!
[2023-12-08 01:29:21.920616 +00:00] DEBUG [hopper-core/src/fuzzer.rs:188] start generation in round 1070
[2023-12-08 01:29:21.940268 +00:00] DEBUG [hopper-core/src/fuzzer.rs:476] fail at runtime!
[2023-12-08 01:29:21.944234 +00:00] DEBUG [hopper-core/src/depot/select.rs:95] select program 0 as seed, score: (0, 1.1389343770696824e-22)
[2023-12-08 01:29:21.985782 +00:00] DEBUG [hopper-core/src/fuzzer.rs:188] start generation in round 1072
[2023-12-08 01:29:22.007961 +00:00] DEBUG [hopper-core/src/fuzzer.rs:188] start generation in round 1073
[2023-12-08 01:29:22.017440 +00:00] DEBUG [hopper-core/src/fuzzer.rs:476] fail at runtime!
[2023-12-08 01:29:22.031839 +00:00] DEBUG [hopper-core/src/fuzzer.rs:188] start generation in round 1074
[2023-12-08 01:29:22.061477 +00:00] DEBUG [hopper-core/src/fuzzer.rs:188] start generation in round 1075
[2023-12-08 01:29:22.070225 +00:00] DEBUG [hopper-core/src/fuzzer.rs:476] fail at runtime!
[2023-12-08 01:29:22.086733 +00:00] DEBUG [hopper-core/src/fuzzer.rs:188] start generation in round 1076
[2023-12-08 01:29:22.107959 +00:00] DEBUG [hopper-core/src/depot/select.rs:95] select program 0 as seed, score: (0, 1.0250409393627142e-22)
[2023-12-08 01:29:22.143383 +00:00] DEBUG [hopper-core/src/fuzzer.rs:188] start generation in round 1078
[2023-12-08 01:29:22.166745 +00:00] DEBUG [hopper-core/src/depot/select.rs:95] select program 0 as seed, score: (0, 9.225368454264429e-23)
[2023-12-08 01:29:22.202170 +00:00] DEBUG [hopper-core/src/depot/select.rs:95] select program 0 as seed, score: (0, 8.302831608837985e-23)
[2023-12-08 01:29:22.240950 +00:00] DEBUG [hopper-core/src/fuzzer.rs:188] start generation in round 1081
[2023-12-08 01:29:22.242586 +00:00] DEBUG [hopper-core/src/fuzzer.rs:476] fail at runtime!
[2023-12-08 01:29:22.260266 +00:00] DEBUG [hopper-core/src/depot/select.rs:95] select program 0 as seed, score: (0, 7.472548447954187e-23)
[2023-12-08 01:29:22.297202 +00:00] DEBUG [hopper-core/src/fuzzer.rs:188] start generation in round 1083
[2023-12-08 01:29:22.300476 +00:00] DEBUG [hopper-core/src/fuzzer.rs:476] fail at runtime!
[2023-12-08 01:29:22.319906 +00:00] DEBUG [hopper-core/src/depot/select.rs:95] select program 0 as seed, score: (0, 6.725293603158769e-23)
[2023-12-08 01:29:22.355204 +00:00] DEBUG [hopper-core/src/depot/select.rs:95] select program 0 as seed, score: (0, 6.052764242842892e-23)
[2023-12-08 01:29:22.394105 +00:00] DEBUG [hopper-core/src/depot/select.rs:95] select program 0 as seed, score: (0, 5.447487818558603e-23)
[2023-12-08 01:29:22.431966 +00:00] DEBUG [hopper-core/src/depot/select.rs:95] select program 0 as seed, score: (0, 4.902739036702743e-23)
[2023-12-08 01:29:22.470885 +00:00] DEBUG [hopper-core/src/depot/select.rs:95] select program 0 as seed, score: (0, 4.412465133032469e-23)
[2023-12-08 01:29:22.515432 +00:00] DEBUG [hopper-core/src/depot/select.rs:95] select program 0 as seed, score: (0, 3.971218619729222e-23)
[2023-12-08 01:29:22.554763 +00:00] DEBUG [hopper-core/src/depot/select.rs:95] select program 0 as seed, score: (0, 3.5740967577563e-23)
[2023-12-08 01:29:22.593248 +00:00] DEBUG [hopper-core/src/fuzzer.rs:188] start generation in round 1091
[2023-12-08 01:29:22.621515 +00:00] DEBUG [hopper-core/src/fuzzer.rs:188] start generation in round 1092
[2023-12-08 01:29:22.644958 +00:00] DEBUG [hopper-core/src/depot/select.rs:95] select program 0 as seed, score: (0, 3.21668708198067e-23)
[2023-12-08 01:29:22.680706 +00:00] DEBUG [hopper-core/src/fuzzer.rs:188] start generation in round 1094
[2023-12-08 01:29:22.705837 +00:00] DEBUG [hopper-core/src/fuzzer.rs:188] start generation in round 1095
[2023-12-08 01:29:22.709264 +00:00] DEBUG [hopper-core/src/fuzzer.rs:476] fail at runtime!
[2023-12-08 01:29:22.713035 +00:00] DEBUG [hopper-core/src/fuzzer.rs:476] fail at runtime!
[2023-12-08 01:29:22.731422 +00:00] DEBUG [hopper-core/src/fuzzer.rs:476] fail at runtime!
[2023-12-08 01:29:22.734556 +00:00] DEBUG [hopper-core/src/depot/select.rs:95] select program 0 as seed, score: (0, 2.8950183737826033e-23)
[2023-12-08 01:29:22.768811 +00:00] DEBUG [hopper-core/src/depot/select.rs:95] select program 0 as seed, score: (0, 2.605516536404343e-23)
[2023-12-08 01:29:22.805252 +00:00] DEBUG [hopper-core/src/depot/select.rs:95] select program 0 as seed, score: (0, 2.344964882763909e-23)
[2023-12-08 01:29:22.843082 +00:00] DEBUG [hopper-core/src/fuzzer.rs:188] start generation in round 1099
[2023-12-08 01:29:22.865636 +00:00] INFO [hopper-core/src/fuzzer.rs:546] [00:01:27] #queue: 1, #crashes: 1, #hangs: 0, #edge: 1, density: 0.00%, #round: 1100, #exec: 158.13k (70%), #speed: 1817.66 (0.27ms)

I built my docker environment based on the Dockerfile you provided. I also tried changing the locale to en_US.UTF-8 in Dockerfile, but that didn't help.

在测试re2库的时候使用hopper compile报错

你好，我在使用hopper compile命令的时候报错

The following warnings were emitted during compilation:

warning: [email protected]: dir=/hopper/examples/re2/output, lib=re2_fuzz

error: failed to run custom build command for `hopper-harness v1.0.0 (/hopper/hopper-harness)`
note: To improve backtraces for build dependencies, set the CARGO_PROFILE_RELEASE_BUILD_OVERRIDE_DEBUG=true environment variable to enable debug information generation.

Caused by:
  process didn't exit successfully: `/hopper/examples/re2/output/release/build/hopper-harness-a59f80c74cb58da4/build-script-build` (exit status: 101)
  --- stdout

  cargo:warning=dir=/hopper/examples/re2/output, lib=re2_fuzz
  cargo:rustc-link-lib=dylib=re2_fuzz
  cargo:rustc-link-arg=-v,-Wl,-rpath,-std=c++11,-lc,/hopper/examples/re2/output
  cargo:rustc-link-search=native=/hopper/examples/re2/output
  cargo:rustc-link-arg=-v,-Wl,--allow-shlib-undefined,-std=c++,-lc
  cargo:rerun-if-changed=/hopper/examples/re2/re2/src/re2/re2.h

  --- stderr
  /hopper/examples/re2/re2/src/re2/re2.h:184:10: fatal error: 'algorithm' file not found
  thread 'main' panicked at hopper-harness/build.rs:255:10:
  Unable to generate bindings: ClangDiagnostic("/hopper/examples/re2/re2/src/re2/re2.h:184:10: fatal error: 'algorithm' file not found\n")
  stack backtrace:
     0: rust_begin_unwind
               at /rustc/07dca489ac2d933c78d3c5158e3f43beefeb02ce/library/std/src/panicking.rs:645:5
     1: core::panicking::panic_fmt
               at /rustc/07dca489ac2d933c78d3c5158e3f43beefeb02ce/library/core/src/panicking.rs:72:14
     2: core::result::unwrap_failed
               at /rustc/07dca489ac2d933c78d3c5158e3f43beefeb02ce/library/core/src/result.rs:1649:5
     3: core::result::Result<T,E>::expect
     4: build_script_build::main
     5: core::ops::function::FnOnce::call_once
  note: Some details are omitted, run with `RUST_BACKTRACE=full` for a verbose backtrace.
error: failed to compile `hopper-harness v1.0.0 (/hopper/hopper-harness)`, intermediate artifacts can be found at `/hopper/examples/re2/output`.
To reuse those artifacts with a future compilation, set the environment variable `CARGO_TARGET_DIR` to that path.
09:33:14 [ERROR] Meets error: cargo install error
Error: cargo install error

Location:
    hopper-compiler/src/cargo.rs:112:5

我觉得主要是由于我没有链接上algorithm导致的，所以我修改了/hopper/hopper-harness/build.rs的link_libraries()函数里的参数

cargo:rustc-link-arg=-Wl,-rpath,{dir}修改为了cargo:rustc-link-arg=-v,-Wl,-rpath,-std=c++11,-lc,{dir}
cargo:rustc-link-arg=-Wl,--allow-shlib-undefined修改为了cargo:rustc-link-arg=-v,-Wl,--allow-shlib-undefined,-std=c++,-lc
但是还是报错了，想问下这个问题要怎么解决，谢谢

how to solve this compiler error?

work environment: Ubuntu22.10 gcc-12.0.1 cargo-1.74
when I run build.sh, it shows me an error as follow:

gcc hopper-e9-rt.o -o hopper-e9-rt -pie -nostdlib -Wl,-z -Wl,max-page-size=4096 -Wl,-z -Wl,norelro -Wl,-z -Wl,stack-size=0 -Wl,--export-dynamic -Wl,--entry=0x0 -Wl,--strip-all
/usr/bin/ld: hopper-e9-rt.o: in function `e9_vsnprintf':
hopper-e9-rt.c:(.text+0xaef): undefined reference to `strlen'
/usr/bin/ld: hopper-e9-rt.o: in function `print_message':
hopper-e9-rt.c:(.text+0x12bd): undefined reference to `strlen'
collect2: error: ld returned 1 exit status

error: linking (hopper-e9-rt) failed

how could I solve it?

hopper compile error "unsatisfied trait bounds"

Hi,
I try to use hopper to compile liburing 2.3 but received such errors.
My env:

OS: Ubuntu 18.04.6 LTS
LLVM/CLANG: 14
liburing: 2.3
Command of running hopper: ./hopper compile --header libraries/liburing/src/install/include/liburing.h --library libraries/liburing/src/install/lib/liburing.so.2.3 --output libraries/liburing_output
Command of compiling liburing: git checkout liburing-2.3 && ./configure --cc=gcc --cxx=g++ --prefix=./install && make && make install

The errors showing below

warning: [email protected]: `unsafe extern "C" fn io_uring_register_probe (ring : :: hopper :: FuzzMutPointer :: < io_uring > , p : :: hopper :: FuzzMutPointer :: < io_uring_probe > , nr : :: std :: os :: raw :: c_uint ,) -> :: std :: os :: raw :: c_int` use excluded type: io_uring_probe
     Running `/user/.rustup/toolchains/stable-x86_64-unknown-linux-gnu/bin/rustc --crate-name hopper_harness --edition=2021 hopper-harness/src/lib.rs --error-format=json --json=diagnostic-rendered-ansi,artifacts,future-incompat --diagnostic-width=154 --crate-type lib --emit=dep-info,metadata,link -C opt-level=3 -C embed-bitcode=no --cfg 'feature="ctor_hook"' --cfg 'feature="default"' --cfg 'feature="e9_mode"' -C metadata=ac7a15b5cb441f7e -C extra-filename=-ac7a15b5cb441f7e --out-dir /user/projects/Hopper/libraries/liburing_output/release/deps -L dependency=/user/projects/Hopper/libraries/liburing_output/release/deps --extern clap=/user/projects/Hopper/libraries/liburing_output/release/deps/libclap-f796d2d592042330.rmeta --extern color_eyre=/user/projects/Hopper/libraries/liburing_output/release/deps/libcolor_eyre-6e11e7e718553b05.rmeta --extern eyre=/user/projects/Hopper/libraries/liburing_output/release/deps/libeyre-8de9684e9a86710d.rmeta --extern flexi_logger=/user/projects/Hopper/libraries/liburing_output/release/deps/libflexi_logger-5449234d1a45935d.rmeta --extern hopper=/user/projects/Hopper/libraries/liburing_output/release/deps/libhopper-9d6696c9b0b16b77.rmeta --extern log=/user/projects/Hopper/libraries/liburing_output/release/deps/liblog-7ea073d29580dd87.rmeta --extern rand=/user/projects/Hopper/libraries/liburing_output/release/deps/librand-36f2e5236f427ea7.rmeta --extern regex=/user/projects/Hopper/libraries/liburing_output/release/deps/libregex-1307898c021f9ece.rmeta --extern time=/user/projects/Hopper/libraries/liburing_output/release/deps/libtime-54c2cf7576b85054.rmeta -L native=/user/projects/Hopper/libraries/liburing_output -l dylib=uring_fuzz -C link-arg=-Wl,-rpath,/user/projects/Hopper/libraries/liburing_output -C link-arg=-Wl,--allow-shlib-undefined -L native=/user/projects/Hopper/libraries/liburing_output/release/build/hopper-6f980b1081e881e7/out -L native=/user/projects/Hopper/libraries/liburing_output/release/build/hopper-6f980b1081e881e7/out -L native=/user/projects/Hopper/libraries/liburing_output/release/build/plthook-0c9585c544eeb6d6/out`
error[E0599]: the function or associated item `generate_new` exists for struct `FuzzMutPointer<io_uring_sqe>`, but its trait bounds were not satisfied
    --> /user/projects/Hopper/libraries/liburing_output/release/build/hopper-harness-5d16b3afd3f083ab/out/fuzz_extend.rs:5214:61
     |
5214 |             sqes: <::hopper::FuzzMutPointer<io_uring_sqe>>::generate_new(
     |                                                             ^^^^^^^^^^^^ function or associated item cannot be called on `FuzzMutPointer<io_uring_sqe>` due to unsatisfied trait bounds
     |
     = note: the following trait bounds were not satisfied:
             `&FuzzMutPointer<io_uring_sqe>: FnFuzzable`
             which is required by `&FuzzMutPointer<io_uring_sqe>: ObjGenerate`
             `&FuzzMutPointer<io_uring_sqe>: FnSignature`
             which is required by `&FuzzMutPointer<io_uring_sqe>: ObjGenerate`
             `&mut FuzzMutPointer<io_uring_sqe>: FnFuzzable`
             which is required by `&mut FuzzMutPointer<io_uring_sqe>: ObjGenerate`
             `&mut FuzzMutPointer<io_uring_sqe>: Clone`
             which is required by `&mut FuzzMutPointer<io_uring_sqe>: ObjGenerate`
             `&mut FuzzMutPointer<io_uring_sqe>: FnSignature`
             which is required by `&mut FuzzMutPointer<io_uring_sqe>: ObjGenerate`

error[E0599]: no method named `det_mutate` found for struct `FuzzMutPointer` in the current scope
    --> /user/projects/Hopper/libraries/liburing_output/release/build/hopper-harness-5d16b3afd3f083ab/out/fuzz_extend.rs:5288:32
     |
5288 |                 7 => self.sqes.det_mutate(state.get_child_mut("sqes")?),
     |                                ^^^^^^^^^^ method not found in `FuzzMutPointer<io_uring_sqe>`

error[E0599]: no method named `mutate` found for struct `FuzzMutPointer` in the current scope
    --> /user/projects/Hopper/libraries/liburing_output/release/build/hopper-harness-5d16b3afd3f083ab/out/fuzz_extend.rs:5322:32
     |
5322 |                 7 => self.sqes.mutate(state.get_child_mut("sqes")?),
     |                                ^^^^^^ method not found in `FuzzMutPointer<io_uring_sqe>`

...
omit many errors
...

Some errors have detailed explanations: E0277, E0599.
For more information about an error, try `rustc --explain E0277`.
The following warnings were emitted during compilation:

warning: [email protected]: dir=/user/projects/Hopper/libraries/liburing_output, lib=uring_fuzz
warning: [email protected]: item: "__IncompleteArrayField < T >", disable replace ptr
warning: [email protected]: item: "__IncompleteArrayField < T >", disable replace ptr
warning: [email protected]: __IncompleteArrayField has not clone attribute! # [repr (C)] # [derive (Default)] ,
warning: [email protected]: __BindgenUnionField has not clone attribute! # [repr (C)] ,
warning: [email protected]: io_uring_sqe has not clone attribute! # [repr (C)] ,
warning: [email protected]: io_uring_sqe__bindgen_ty_6 has not clone attribute! # [repr (C)] ,
warning: [email protected]: io_uring_cqe has not clone attribute! # [repr (C)] # [derive (Debug)] ,
warning: [email protected]: io_uring_probe has not clone attribute! # [repr (C)] # [derive (Debug)] ,
warning: [email protected]: `unsafe extern "C" fn io_uring_get_probe_ring (ring : :: hopper :: FuzzMutPointer :: < io_uring >) -> :: hopper :: FuzzMutPointer :: < io_uring_probe >` use excluded type: io_uring_probe
warning: [email protected]: `unsafe extern "C" fn io_uring_get_probe () -> :: hopper :: FuzzMutPointer :: < io_uring_probe >` use excluded type: io_uring_probe
warning: [email protected]: `unsafe extern "C" fn io_uring_free_probe (probe : :: hopper :: FuzzMutPointer :: < io_uring_probe >)` use excluded type: io_uring_probe
warning: [email protected]: `unsafe extern "C" fn io_uring_peek_batch_cqe (ring : :: hopper :: FuzzMutPointer :: < io_uring > , cqes : :: hopper :: FuzzMutPointer :: < :: hopper :: FuzzMutPointer :: < io_uring_cqe > > , count : :: std :: os :: raw :: c_uint ,) -> :: std :: os :: raw :: c_uint` use excluded type: io_uring_cqe
warning: [email protected]: `unsafe extern "C" fn io_uring_wait_cqes (ring : :: hopper :: FuzzMutPointer :: < io_uring > , cqe_ptr : :: hopper :: FuzzMutPointer :: < :: hopper :: FuzzMutPointer :: < io_uring_cqe > > , wait_nr : :: std :: os :: raw :: c_uint , ts : :: hopper :: FuzzMutPointer :: < __kernel_timespec > , sigmask : :: hopper :: FuzzMutPointer :: < sigset_t > ,) -> :: std :: os :: raw :: c_int` use excluded type: io_uring_cqe
warning: [email protected]: `unsafe extern "C" fn io_uring_wait_cqe_timeout (ring : :: hopper :: FuzzMutPointer :: < io_uring > , cqe_ptr : :: hopper :: FuzzMutPointer :: < :: hopper :: FuzzMutPointer :: < io_uring_cqe > > , ts : :: hopper :: FuzzMutPointer :: < __kernel_timespec > ,) -> :: std :: os :: raw :: c_int` use excluded type: io_uring_cqe
warning: [email protected]: `unsafe extern "C" fn io_uring_submit_and_wait_timeout (ring : :: hopper :: FuzzMutPointer :: < io_uring > , cqe_ptr : :: hopper :: FuzzMutPointer :: < :: hopper :: FuzzMutPointer :: < io_uring_cqe > > , wait_nr : :: std :: os :: raw :: c_uint , ts : :: hopper :: FuzzMutPointer :: < __kernel_timespec > , sigmask : :: hopper :: FuzzMutPointer :: < sigset_t > ,) -> :: std :: os :: raw :: c_int` use excluded type: io_uring_cqe
warning: [email protected]: `unsafe extern "C" fn io_uring_register_probe (ring : :: hopper :: FuzzMutPointer :: < io_uring > , p : :: hopper :: FuzzMutPointer :: < io_uring_probe > , nr : :: std :: os :: raw :: c_uint ,) -> :: std :: os :: raw :: c_int` use excluded type: io_uring_probe

error: could not compile `hopper-harness` (lib) due to 30 previous errors

Caused by:
  process didn't exit successfully: `/user/.rustup/toolchains/stable-x86_64-unknown-linux-gnu/bin/rustc --crate-name hopper_harness --edition=2021 hopper-harness/src/lib.rs --error-format=json --json=diagnostic-rendered-ansi,artifacts,future-incompat --diagnostic-width=154 --crate-type lib --emit=dep-info,metadata,link -C opt-level=3 -C embed-bitcode=no --cfg 'feature="ctor_hook"' --cfg 'feature="default"' --cfg 'feature="e9_mode"' -C metadata=ac7a15b5cb441f7e -C extra-filename=-ac7a15b5cb441f7e --out-dir /user/projects/Hopper/libraries/liburing_output/release/deps -L dependency=/user/projects/Hopper/libraries/liburing_output/release/deps --extern clap=/user/projects/Hopper/libraries/liburing_output/release/deps/libclap-f796d2d592042330.rmeta --extern color_eyre=/user/projects/Hopper/libraries/liburing_output/release/deps/libcolor_eyre-6e11e7e718553b05.rmeta --extern eyre=/user/projects/Hopper/libraries/liburing_output/release/deps/libeyre-8de9684e9a86710d.rmeta --extern flexi_logger=/user/projects/Hopper/libraries/liburing_output/release/deps/libflexi_logger-5449234d1a45935d.rmeta --extern hopper=/user/projects/Hopper/libraries/liburing_output/release/deps/libhopper-9d6696c9b0b16b77.rmeta --extern log=/user/projects/Hopper/libraries/liburing_output/release/deps/liblog-7ea073d29580dd87.rmeta --extern rand=/user/projects/Hopper/libraries/liburing_output/release/deps/librand-36f2e5236f427ea7.rmeta --extern regex=/user/projects/Hopper/libraries/liburing_output/release/deps/libregex-1307898c021f9ece.rmeta --extern time=/user/projects/Hopper/libraries/liburing_output/release/deps/libtime-54c2cf7576b85054.rmeta -L native=/user/projects/Hopper/libraries/liburing_output -l dylib=uring_fuzz -C link-arg=-Wl,-rpath,/user/projects/Hopper/libraries/liburing_output -C link-arg=-Wl,--allow-shlib-undefined -L native=/user/projects/Hopper/libraries/liburing_output/release/build/hopper-6f980b1081e881e7/out -L native=/user/projects/Hopper/libraries/liburing_output/release/build/hopper-6f980b1081e881e7/out -L native=/user/projects/Hopper/libraries/liburing_output/release/build/plthook-0c9585c544eeb6d6/out` (exit status: 1)
warning: build failed, waiting for other jobs to finish...
warning: `hopper` (lib) generated 4 warnings (run `cargo fix --lib -p hopper` to apply 4 suggestions)
error: failed to compile `hopper-harness v1.0.0 (/user/projects/Hopper/hopper-harness)`, intermediate artifacts can be found at `/user/projects/Hopper/libraries/liburing_output`.
To reuse those artifacts with a future compilation, set the environment variable `CARGO_TARGET_DIR` to that path.
13:54:41 [ERROR] Meets error: cargo install error
Error: cargo install error

Location:
    hopper-compiler/src/cargo.rs:112:5

reference to packed field is unaligned error

Hello,

I try to use hopper to compile dlt-daemon but received such errors.

My env:
OS: Ubuntu 20.04 LTS
Command of running hopper: hopper compile
hopper.config:

# Configurations for hopper fuzzer

# Full path for header file
TEST_HEADER=dlt.h

# Full path to shared library
TEST_LIBRARY=libdlt.so.2.18.10

# Output directory
OUT_DIR=output

HOPPER_INCLUDE_SEARCH_PATH=/root/Hopper/examples/dlt-daemon/include/dlt/

error:

    Running `/root/.rustup/toolchains/stable-x86_64-unknown-linux-gnu/bin/rustc --crate-name hopper_harness --edition=2021 hopper-harness/src/lib.rs --error-format=json --json=diagnostic-rendered-ansi,artifacts,future-incompat --diagnostic-width=174 --crate-type lib --emit=dep-info,metadata,link -C opt-level=3 -C embed-bitcode=no --cfg 'feature="ctor_hook"' --cfg 'feature="default"' --cfg 'feature="e9_mode"' -C metadata=687dd90bd6d51332 -C extra-filename=-687dd90bd6d51332 --out-dir /root/Hopper/examples/dlt-daemon/output/release/deps -L dependency=/root/Hopper/examples/dlt-daemon/output/release/deps --extern clap=/root/Hopper/examples/dlt-daemon/output/release/deps/libclap-433ad04dcf339593.rmeta --extern color_eyre=/root/Hopper/examples/dlt-daemon/output/release/deps/libcolor_eyre-3590dbd2654eaae7.rmeta --extern eyre=/root/Hopper/examples/dlt-daemon/output/release/deps/libeyre-8de9684e9a86710d.rmeta --extern flexi_logger=/root/Hopper/examples/dlt-daemon/output/release/deps/libflexi_logger-9dab0a9998f3f896.rmeta --extern hopper=/root/Hopper/examples/dlt-daemon/output/release/deps/libhopper-6d727dd385288175.rmeta --extern log=/root/Hopper/examples/dlt-daemon/output/release/deps/liblog-db5663930c6645cc.rmeta --extern rand=/root/Hopper/examples/dlt-daemon/output/release/deps/librand-36f2e5236f427ea7.rmeta --extern regex=/root/Hopper/examples/dlt-daemon/output/release/deps/libregex-e47f3653c6831a53.rmeta --extern time=/root/Hopper/examples/dlt-daemon/output/release/deps/libtime-54c2cf7576b85054.rmeta -L native=/root/Hopper/examples/dlt-daemon/output -l dylib=dlt_fuzz -C link-arg=-Wl,-rpath,/root/Hopper/examples/dlt-daemon/output -C link-arg=-Wl,--allow-shlib-undefined -L native=/root/Hopper/examples/dlt-daemon/output/release/build/hopper-565d265b08d09895/out -L native=/root/Hopper/examples/dlt-daemon/output/release/build/hopper-565d265b08d09895/out -L native=/root/Hopper/examples/dlt-daemon/output/release/build/plthook-78dd2bb6b947ddd3/out`
error[E0793]: reference to packed field is unaligned
    --> /root/Hopper/examples/dlt-daemon/output/release/build/hopper-harness-c2ee6e3eabb8c5dd/out/fuzz_extend.rs:4358:22
     |
4358 |                 1 => self.seconds.det_mutate(state.get_child_mut("seconds")?),
     |                      ^^^^^^^^^^^^
     |
     = note: packed structs are only aligned by one byte, and many modern architectures penalize unaligned field accesses
     = note: creating a misaligned reference is undefined behavior (even if that reference is never dereferenced)
     = help: copy the field contents to a local variable, or replace the reference with a raw pointer and use `read_unaligned`/`write_unaligned` (loads and stores via `*p` must be properly aligned even when using raw pointers)

error[E0793]: reference to packed field is unaligned
    --> /root/Hopper/examples/dlt-daemon/output/release/build/hopper-harness-c2ee6e3eabb8c5dd/out/fuzz_extend.rs:4359:22
     |
4359 |                   2 => self
     |  ______________________^
4360 | |                     .microseconds
     | |_________________________________^
     |
     = note: packed structs are only aligned by one byte, and many modern architectures penalize unaligned field accesses
     = note: creating a misaligned reference is undefined behavior (even if that reference is never dereferenced)
     = help: copy the field contents to a local variable, or replace the reference with a raw pointer and use `read_unaligned`/`write_unaligned` (loads and stores via `*p` must be properly aligned even when using raw pointers)

error[E0793]: reference to packed field is unaligned
    --> /root/Hopper/examples/dlt-daemon/output/release/build/hopper-harness-c2ee6e3eabb8c5dd/out/fuzz_extend.rs:4379:22
     |
4379 |                 1 => self.seconds.mutate(state.get_child_mut("seconds")?),
     |                      ^^^^^^^^^^^^
     |
     = note: packed structs are only aligned by one byte, and many modern architectures penalize unaligned field accesses
     = note: creating a misaligned reference is undefined behavior (even if that reference is never dereferenced)
     = help: copy the field contents to a local variable, or replace the reference with a raw pointer and use `read_unaligned`/`write_unaligned` (loads and stores via `*p` must be properly aligned even when using raw pointers)

error[E0793]: reference to packed field is unaligned
    --> /root/Hopper/examples/dlt-daemon/output/release/build/hopper-harness-c2ee6e3eabb8c5dd/out/fuzz_extend.rs:4380:22
     |
4380 |                   2 => self
     |  ______________________^
4381 | |                     .microseconds
     | |_________________________________^
     |
     = note: packed structs are only aligned by one byte, and many modern architectures penalize unaligned field accesses
     = note: creating a misaligned reference is undefined behavior (even if that reference is never dereferenced)
     = help: copy the field contents to a local variable, or replace the reference with a raw pointer and use `read_unaligned`/`write_unaligned` (loads and stores via `*p` must be properly aligned even when using raw pointers)

error[E0793]: reference to packed field is unaligned
    --> /root/Hopper/examples/dlt-daemon/output/release/build/hopper-harness-c2ee6e3eabb8c5dd/out/fuzz_extend.rs:4412:24
     |
4412 |                   return self
     |  ________________________^
4413 | |                     .seconds
     | |____________________________^
     |
     = note: packed structs are only aligned by one byte, and many modern architectures penalize unaligned field accesses
     = note: creating a misaligned reference is undefined behavior (even if that reference is never dereferenced)
     = help: copy the field contents to a local variable, or replace the reference with a raw pointer and use `read_unaligned`/`write_unaligned` (loads and stores via `*p` must be properly aligned even when using raw pointers)

error[E0793]: reference to packed field is unaligned
    --> /root/Hopper/examples/dlt-daemon/output/release/build/hopper-harness-c2ee6e3eabb8c5dd/out/fuzz_extend.rs:4417:24
     |
4417 |                 return self.microseconds.mutate_by_op(
     |                        ^^^^^^^^^^^^^^^^^
     |
     = note: packed structs are only aligned by one byte, and many modern architectures penalize unaligned field accesses
     = note: creating a misaligned reference is undefined behavior (even if that reference is never dereferenced)
     = help: copy the field contents to a local variable, or replace the reference with a raw pointer and use `read_unaligned`/`write_unaligned` (loads and stores via `*p` must be properly aligned even when using raw pointers)

error[E0793]: reference to packed field is unaligned
    --> /root/Hopper/examples/dlt-daemon/output/release/build/hopper-harness-c2ee6e3eabb8c5dd/out/fuzz_extend.rs:4439:37
     |
4439 |         layout.add_field("seconds", self.seconds.get_layout(fold_ptr));
     |                                     ^^^^^^^^^^^^
     |
     = note: packed structs are only aligned by one byte, and many modern architectures penalize unaligned field accesses
     = note: creating a misaligned reference is undefined behavior (even if that reference is never dereferenced)
     = help: copy the field contents to a local variable, or replace the reference with a raw pointer and use `read_unaligned`/`write_unaligned` (loads and stores via `*p` must be properly aligned even when using raw pointers)

error[E0793]: reference to packed field is unaligned
    --> /root/Hopper/examples/dlt-daemon/output/release/build/hopper-harness-c2ee6e3eabb8c5dd/out/fuzz_extend.rs:4440:42
     |
4440 |         layout.add_field("microseconds", self.microseconds.get_layout(fold_ptr));
     |                                          ^^^^^^^^^^^^^^^^^
     |
     = note: packed structs are only aligned by one byte, and many modern architectures penalize unaligned field accesses
     = note: creating a misaligned reference is undefined behavior (even if that reference is never dereferenced)
     = help: copy the field contents to a local variable, or replace the reference with a raw pointer and use `read_unaligned`/`write_unaligned` (loads and stores via `*p` must be properly aligned even when using raw pointers)

error[E0793]: reference to packed field is unaligned
    --> /root/Hopper/examples/dlt-daemon/output/release/build/hopper-harness-c2ee6e3eabb8c5dd/out/fuzz_extend.rs:4451:26
     |
4451 |             "seconds" => self.seconds.get_ptr_by_keys(&keys[1..]),
     |                          ^^^^^^^^^^^^
     |
     = note: packed structs are only aligned by one byte, and many modern architectures penalize unaligned field accesses
     = note: creating a misaligned reference is undefined behavior (even if that reference is never dereferenced)
     = help: copy the field contents to a local variable, or replace the reference with a raw pointer and use `read_unaligned`/`write_unaligned` (loads and stores via `*p` must be properly aligned even when using raw pointers)

error[E0793]: reference to packed field is unaligned
    --> /root/Hopper/examples/dlt-daemon/output/release/build/hopper-harness-c2ee6e3eabb8c5dd/out/fuzz_extend.rs:4452:31
     |
4452 |             "microseconds" => self.microseconds.get_ptr_by_keys(&keys[1..]),
     |                               ^^^^^^^^^^^^^^^^^
     |
     = note: packed structs are only aligned by one byte, and many modern architectures penalize unaligned field accesses
     = note: creating a misaligned reference is undefined behavior (even if that reference is never dereferenced)
     = help: copy the field contents to a local variable, or replace the reference with a raw pointer and use `read_unaligned`/`write_unaligned` (loads and stores via `*p` must be properly aligned even when using raw pointers)

error[E0793]: reference to packed field is unaligned
    --> /root/Hopper/examples/dlt-daemon/output/release/build/hopper-harness-c2ee6e3eabb8c5dd/out/fuzz_extend.rs:4502:23
     |
4502 |         buf.push_str(&self.seconds.serialize()?);
     |                       ^^^^^^^^^^^^
     |
     = note: packed structs are only aligned by one byte, and many modern architectures penalize unaligned field accesses
     = note: creating a misaligned reference is undefined behavior (even if that reference is never dereferenced)
     = help: copy the field contents to a local variable, or replace the reference with a raw pointer and use `read_unaligned`/`write_unaligned` (loads and stores via `*p` must be properly aligned even when using raw pointers)

error[E0793]: reference to packed field is unaligned
    --> /root/Hopper/examples/dlt-daemon/output/release/build/hopper-harness-c2ee6e3eabb8c5dd/out/fuzz_extend.rs:4505:23
     |
4505 |         buf.push_str(&self.microseconds.serialize()?);
     |                       ^^^^^^^^^^^^^^^^^
     |
     = note: packed structs are only aligned by one byte, and many modern architectures penalize unaligned field accesses
     = note: creating a misaligned reference is undefined behavior (even if that reference is never dereferenced)
     = help: copy the field contents to a local variable, or replace the reference with a raw pointer and use `read_unaligned`/`write_unaligned` (loads and stores via `*p` must be properly aligned even when using raw pointers)

error[E0793]: reference to packed field is unaligned
    --> /root/Hopper/examples/dlt-daemon/output/release/build/hopper-harness-c2ee6e3eabb8c5dd/out/fuzz_extend.rs:4555:23
     |
4555 |         buf.push_str(&self.seconds.serialize_obj(state.get_child("seconds")?)?);
     |                       ^^^^^^^^^^^^
     |
     = note: packed structs are only aligned by one byte, and many modern architectures penalize unaligned field accesses
     = note: creating a misaligned reference is undefined behavior (even if that reference is never dereferenced)
     = help: copy the field contents to a local variable, or replace the reference with a raw pointer and use `read_unaligned`/`write_unaligned` (loads and stores via `*p` must be properly aligned even when using raw pointers)

error[E0793]: reference to packed field is unaligned
    --> /root/Hopper/examples/dlt-daemon/output/release/build/hopper-harness-c2ee6e3eabb8c5dd/out/fuzz_extend.rs:4559:14
     |
4559 |               &self
     |  ______________^
4560 | |                 .microseconds
     | |_____________________________^
     |
     = note: packed structs are only aligned by one byte, and many modern architectures penalize unaligned field accesses
     = note: creating a misaligned reference is undefined behavior (even if that reference is never dereferenced)
     = help: copy the field contents to a local variable, or replace the reference with a raw pointer and use `read_unaligned`/`write_unaligned` (loads and stores via `*p` must be properly aligned even when using raw pointers)

error[E0793]: reference to packed field is unaligned
    --> /root/Hopper/examples/dlt-daemon/output/release/build/hopper-harness-c2ee6e3eabb8c5dd/out/fuzz_extend.rs:4648:14
     |
4648 |               &self
     |  ______________^
4649 | |                 .seconds
     | |________________________^
     |
     = note: packed structs are only aligned by one byte, and many modern architectures penalize unaligned field accesses
     = note: creating a misaligned reference is undefined behavior (even if that reference is never dereferenced)
     = help: copy the field contents to a local variable, or replace the reference with a raw pointer and use `read_unaligned`/`write_unaligned` (loads and stores via `*p` must be properly aligned even when using raw pointers)

error[E0793]: reference to packed field is unaligned
    --> /root/Hopper/examples/dlt-daemon/output/release/build/hopper-harness-c2ee6e3eabb8c5dd/out/fuzz_extend.rs:4654:14
     |
4654 |               &self
     |  ______________^
4655 | |                 .microseconds
     | |_____________________________^
     |
     = note: packed structs are only aligned by one byte, and many modern architectures penalize unaligned field accesses
     = note: creating a misaligned reference is undefined behavior (even if that reference is never dereferenced)
     = help: copy the field contents to a local variable, or replace the reference with a raw pointer and use `read_unaligned`/`write_unaligned` (loads and stores via `*p` must be properly aligned even when using raw pointers)

error[E0793]: reference to packed field is unaligned
    --> /root/Hopper/examples/dlt-daemon/output/release/build/hopper-harness-c2ee6e3eabb8c5dd/out/fuzz_extend.rs:4701:22
     |
4701 |                 2 => self.len.det_mutate(state.get_child_mut("len")?),
     |                      ^^^^^^^^
     |
     = note: packed structs are only aligned by one byte, and many modern architectures penalize unaligned field accesses
     = note: creating a misaligned reference is undefined behavior (even if that reference is never dereferenced)
     = help: copy the field contents to a local variable, or replace the reference with a raw pointer and use `read_unaligned`/`write_unaligned` (loads and stores via `*p` must be properly aligned even when using raw pointers)

error[E0793]: reference to packed field is unaligned
    --> /root/Hopper/examples/dlt-daemon/output/release/build/hopper-harness-c2ee6e3eabb8c5dd/out/fuzz_extend.rs:4719:22
     |
4719 |                 2 => self.len.mutate(state.get_child_mut("len")?),
     |                      ^^^^^^^^
     |
     = note: packed structs are only aligned by one byte, and many modern architectures penalize unaligned field accesses
     = note: creating a misaligned reference is undefined behavior (even if that reference is never dereferenced)
     = help: copy the field contents to a local variable, or replace the reference with a raw pointer and use `read_unaligned`/`write_unaligned` (loads and stores via `*p` must be properly aligned even when using raw pointers)

error[E0793]: reference to packed field is unaligned
    --> /root/Hopper/examples/dlt-daemon/output/release/build/hopper-harness-c2ee6e3eabb8c5dd/out/fuzz_extend.rs:4753:24
     |
4753 |                   return self
     |  ________________________^
4754 | |                     .len
     | |________________________^
     |
     = note: packed structs are only aligned by one byte, and many modern architectures penalize unaligned field accesses
     = note: creating a misaligned reference is undefined behavior (even if that reference is never dereferenced)
     = help: copy the field contents to a local variable, or replace the reference with a raw pointer and use `read_unaligned`/`write_unaligned` (loads and stores via `*p` must be properly aligned even when using raw pointers)

error[E0793]: reference to packed field is unaligned
    --> /root/Hopper/examples/dlt-daemon/output/release/build/hopper-harness-c2ee6e3eabb8c5dd/out/fuzz_extend.rs:4769:33
     |
4769 |         layout.add_field("len", self.len.get_layout(fold_ptr));
     |                                 ^^^^^^^^
     |
     = note: packed structs are only aligned by one byte, and many modern architectures penalize unaligned field accesses
     = note: creating a misaligned reference is undefined behavior (even if that reference is never dereferenced)
     = help: copy the field contents to a local variable, or replace the reference with a raw pointer and use `read_unaligned`/`write_unaligned` (loads and stores via `*p` must be properly aligned even when using raw pointers)

error[E0793]: reference to packed field is unaligned
    --> /root/Hopper/examples/dlt-daemon/output/release/build/hopper-harness-c2ee6e3eabb8c5dd/out/fuzz_extend.rs:4780:22
     |
4780 |             "len" => self.len.get_ptr_by_keys(&keys[1..]),
     |                      ^^^^^^^^
     |
     = note: packed structs are only aligned by one byte, and many modern architectures penalize unaligned field accesses
     = note: creating a misaligned reference is undefined behavior (even if that reference is never dereferenced)
     = help: copy the field contents to a local variable, or replace the reference with a raw pointer and use `read_unaligned`/`write_unaligned` (loads and stores via `*p` must be properly aligned even when using raw pointers)

error[E0793]: reference to packed field is unaligned
    --> /root/Hopper/examples/dlt-daemon/output/release/build/hopper-harness-c2ee6e3eabb8c5dd/out/fuzz_extend.rs:4815:23
     |
4815 |         buf.push_str(&self.len.serialize()?);
     |                       ^^^^^^^^
     |
     = note: packed structs are only aligned by one byte, and many modern architectures penalize unaligned field accesses
     = note: creating a misaligned reference is undefined behavior (even if that reference is never dereferenced)
     = help: copy the field contents to a local variable, or replace the reference with a raw pointer and use `read_unaligned`/`write_unaligned` (loads and stores via `*p` must be properly aligned even when using raw pointers)

error[E0793]: reference to packed field is unaligned
    --> /root/Hopper/examples/dlt-daemon/output/release/build/hopper-harness-c2ee6e3eabb8c5dd/out/fuzz_extend.rs:4859:23
     |
4859 |         buf.push_str(&self.len.serialize_obj(state.get_child("len")?)?);
     |                       ^^^^^^^^
     |
     = note: packed structs are only aligned by one byte, and many modern architectures penalize unaligned field accesses
     = note: creating a misaligned reference is undefined behavior (even if that reference is never dereferenced)
     = help: copy the field contents to a local variable, or replace the reference with a raw pointer and use `read_unaligned`/`write_unaligned` (loads and stores via `*p` must be properly aligned even when using raw pointers)

error[E0793]: reference to packed field is unaligned
    --> /root/Hopper/examples/dlt-daemon/output/release/build/hopper-harness-c2ee6e3eabb8c5dd/out/fuzz_extend.rs:4931:14
     |
4931 |               &self
     |  ______________^
4932 | |                 .len
     | |____________________^
     |
     = note: packed structs are only aligned by one byte, and many modern architectures penalize unaligned field accesses
     = note: creating a misaligned reference is undefined behavior (even if that reference is never dereferenced)
     = help: copy the field contents to a local variable, or replace the reference with a raw pointer and use `read_unaligned`/`write_unaligned` (loads and stores via `*p` must be properly aligned even when using raw pointers)

error[E0793]: reference to packed field is unaligned
    --> /root/Hopper/examples/dlt-daemon/output/release/build/hopper-harness-c2ee6e3eabb8c5dd/out/fuzz_extend.rs:4974:22
     |
4974 |                 1 => self.seid.det_mutate(state.get_child_mut("seid")?),
     |                      ^^^^^^^^^
     |
     = note: packed structs are only aligned by one byte, and many modern architectures penalize unaligned field accesses
     = note: creating a misaligned reference is undefined behavior (even if that reference is never dereferenced)
     = help: copy the field contents to a local variable, or replace the reference with a raw pointer and use `read_unaligned`/`write_unaligned` (loads and stores via `*p` must be properly aligned even when using raw pointers)

error[E0793]: reference to packed field is unaligned
    --> /root/Hopper/examples/dlt-daemon/output/release/build/hopper-harness-c2ee6e3eabb8c5dd/out/fuzz_extend.rs:4975:22
     |
4975 |                 2 => self.tmsp.det_mutate(state.get_child_mut("tmsp")?),
     |                      ^^^^^^^^^
     |
     = note: packed structs are only aligned by one byte, and many modern architectures penalize unaligned field accesses
     = note: creating a misaligned reference is undefined behavior (even if that reference is never dereferenced)
     = help: copy the field contents to a local variable, or replace the reference with a raw pointer and use `read_unaligned`/`write_unaligned` (loads and stores via `*p` must be properly aligned even when using raw pointers)

error[E0793]: reference to packed field is unaligned
    --> /root/Hopper/examples/dlt-daemon/output/release/build/hopper-harness-c2ee6e3eabb8c5dd/out/fuzz_extend.rs:4992:22
     |
4992 |                 1 => self.seid.mutate(state.get_child_mut("seid")?),
     |                      ^^^^^^^^^
     |
     = note: packed structs are only aligned by one byte, and many modern architectures penalize unaligned field accesses
     = note: creating a misaligned reference is undefined behavior (even if that reference is never dereferenced)
     = help: copy the field contents to a local variable, or replace the reference with a raw pointer and use `read_unaligned`/`write_unaligned` (loads and stores via `*p` must be properly aligned even when using raw pointers)

error[E0793]: reference to packed field is unaligned
    --> /root/Hopper/examples/dlt-daemon/output/release/build/hopper-harness-c2ee6e3eabb8c5dd/out/fuzz_extend.rs:4993:22
     |
4993 |                 2 => self.tmsp.mutate(state.get_child_mut("tmsp")?),
     |                      ^^^^^^^^^
     |
     = note: packed structs are only aligned by one byte, and many modern architectures penalize unaligned field accesses
     = note: creating a misaligned reference is undefined behavior (even if that reference is never dereferenced)
     = help: copy the field contents to a local variable, or replace the reference with a raw pointer and use `read_unaligned`/`write_unaligned` (loads and stores via `*p` must be properly aligned even when using raw pointers)

error[E0793]: reference to packed field is unaligned
    --> /root/Hopper/examples/dlt-daemon/output/release/build/hopper-harness-c2ee6e3eabb8c5dd/out/fuzz_extend.rs:5022:24
     |
5022 |                   return self
     |  ________________________^
5023 | |                     .seid
     | |_________________________^
     |
     = note: packed structs are only aligned by one byte, and many modern architectures penalize unaligned field accesses
     = note: creating a misaligned reference is undefined behavior (even if that reference is never dereferenced)
     = help: copy the field contents to a local variable, or replace the reference with a raw pointer and use `read_unaligned`/`write_unaligned` (loads and stores via `*p` must be properly aligned even when using raw pointers)

error[E0793]: reference to packed field is unaligned
    --> /root/Hopper/examples/dlt-daemon/output/release/build/hopper-harness-c2ee6e3eabb8c5dd/out/fuzz_extend.rs:5027:24
     |
5027 |                   return self
     |  ________________________^
5028 | |                     .tmsp
     | |_________________________^
     |
     = note: packed structs are only aligned by one byte, and many modern architectures penalize unaligned field accesses
     = note: creating a misaligned reference is undefined behavior (even if that reference is never dereferenced)
     = help: copy the field contents to a local variable, or replace the reference with a raw pointer and use `read_unaligned`/`write_unaligned` (loads and stores via `*p` must be properly aligned even when using raw pointers)

error[E0793]: reference to packed field is unaligned
    --> /root/Hopper/examples/dlt-daemon/output/release/build/hopper-harness-c2ee6e3eabb8c5dd/out/fuzz_extend.rs:5042:34
     |
5042 |         layout.add_field("seid", self.seid.get_layout(fold_ptr));
     |                                  ^^^^^^^^^
     |
     = note: packed structs are only aligned by one byte, and many modern architectures penalize unaligned field accesses
     = note: creating a misaligned reference is undefined behavior (even if that reference is never dereferenced)
     = help: copy the field contents to a local variable, or replace the reference with a raw pointer and use `read_unaligned`/`write_unaligned` (loads and stores via `*p` must be properly aligned even when using raw pointers)

error[E0793]: reference to packed field is unaligned
    --> /root/Hopper/examples/dlt-daemon/output/release/build/hopper-harness-c2ee6e3eabb8c5dd/out/fuzz_extend.rs:5043:34
     |
5043 |         layout.add_field("tmsp", self.tmsp.get_layout(fold_ptr));
     |                                  ^^^^^^^^^
     |
     = note: packed structs are only aligned by one byte, and many modern architectures penalize unaligned field accesses
     = note: creating a misaligned reference is undefined behavior (even if that reference is never dereferenced)
     = help: copy the field contents to a local variable, or replace the reference with a raw pointer and use `read_unaligned`/`write_unaligned` (loads and stores via `*p` must be properly aligned even when using raw pointers)

error[E0793]: reference to packed field is unaligned
    --> /root/Hopper/examples/dlt-daemon/output/release/build/hopper-harness-c2ee6e3eabb8c5dd/out/fuzz_extend.rs:5053:23
     |
5053 |             "seid" => self.seid.get_ptr_by_keys(&keys[1..]),
     |                       ^^^^^^^^^
     |
     = note: packed structs are only aligned by one byte, and many modern architectures penalize unaligned field accesses
     = note: creating a misaligned reference is undefined behavior (even if that reference is never dereferenced)
     = help: copy the field contents to a local variable, or replace the reference with a raw pointer and use `read_unaligned`/`write_unaligned` (loads and stores via `*p` must be properly aligned even when using raw pointers)

error[E0793]: reference to packed field is unaligned
    --> /root/Hopper/examples/dlt-daemon/output/release/build/hopper-harness-c2ee6e3eabb8c5dd/out/fuzz_extend.rs:5054:23
     |
5054 |             "tmsp" => self.tmsp.get_ptr_by_keys(&keys[1..]),
     |                       ^^^^^^^^^
     |
     = note: packed structs are only aligned by one byte, and many modern architectures penalize unaligned field accesses
     = note: creating a misaligned reference is undefined behavior (even if that reference is never dereferenced)
     = help: copy the field contents to a local variable, or replace the reference with a raw pointer and use `read_unaligned`/`write_unaligned` (loads and stores via `*p` must be properly aligned even when using raw pointers)

error[E0793]: reference to packed field is unaligned
    --> /root/Hopper/examples/dlt-daemon/output/release/build/hopper-harness-c2ee6e3eabb8c5dd/out/fuzz_extend.rs:5089:23
     |
5089 |         buf.push_str(&self.seid.serialize()?);
     |                       ^^^^^^^^^
     |
     = note: packed structs are only aligned by one byte, and many modern architectures penalize unaligned field accesses
     = note: creating a misaligned reference is undefined behavior (even if that reference is never dereferenced)
     = help: copy the field contents to a local variable, or replace the reference with a raw pointer and use `read_unaligned`/`write_unaligned` (loads and stores via `*p` must be properly aligned even when using raw pointers)

error[E0793]: reference to packed field is unaligned
    --> /root/Hopper/examples/dlt-daemon/output/release/build/hopper-harness-c2ee6e3eabb8c5dd/out/fuzz_extend.rs:5092:23
     |
5092 |         buf.push_str(&self.tmsp.serialize()?);
     |                       ^^^^^^^^^
     |
     = note: packed structs are only aligned by one byte, and many modern architectures penalize unaligned field accesses
     = note: creating a misaligned reference is undefined behavior (even if that reference is never dereferenced)
     = help: copy the field contents to a local variable, or replace the reference with a raw pointer and use `read_unaligned`/`write_unaligned` (loads and stores via `*p` must be properly aligned even when using raw pointers)

error[E0793]: reference to packed field is unaligned
    --> /root/Hopper/examples/dlt-daemon/output/release/build/hopper-harness-c2ee6e3eabb8c5dd/out/fuzz_extend.rs:5133:23
     |
5133 |         buf.push_str(&self.seid.serialize_obj(state.get_child("seid")?)?);
     |                       ^^^^^^^^^
     |
     = note: packed structs are only aligned by one byte, and many modern architectures penalize unaligned field accesses
     = note: creating a misaligned reference is undefined behavior (even if that reference is never dereferenced)
     = help: copy the field contents to a local variable, or replace the reference with a raw pointer and use `read_unaligned`/`write_unaligned` (loads and stores via `*p` must be properly aligned even when using raw pointers)

error[E0793]: reference to packed field is unaligned
    --> /root/Hopper/examples/dlt-daemon/output/release/build/hopper-harness-c2ee6e3eabb8c5dd/out/fuzz_extend.rs:5136:23
     |
5136 |         buf.push_str(&self.tmsp.serialize_obj(state.get_child("tmsp")?)?);
     |                       ^^^^^^^^^
     |
     = note: packed structs are only aligned by one byte, and many modern architectures penalize unaligned field accesses
     = note: creating a misaligned reference is undefined behavior (even if that reference is never dereferenced)
     = help: copy the field contents to a local variable, or replace the reference with a raw pointer and use `read_unaligned`/`write_unaligned` (loads and stores via `*p` must be properly aligned even when using raw pointers)

error[E0793]: reference to packed field is unaligned
    --> /root/Hopper/examples/dlt-daemon/output/release/build/hopper-harness-c2ee6e3eabb8c5dd/out/fuzz_extend.rs:5205:14
     |
5205 |               &self
     |  ______________^
5206 | |                 .seid
     | |_____________________^
     |
     = note: packed structs are only aligned by one byte, and many modern architectures penalize unaligned field accesses
     = note: creating a misaligned reference is undefined behavior (even if that reference is never dereferenced)
     = help: copy the field contents to a local variable, or replace the reference with a raw pointer and use `read_unaligned`/`write_unaligned` (loads and stores via `*p` must be properly aligned even when using raw pointers)

error[E0793]: reference to packed field is unaligned
    --> /root/Hopper/examples/dlt-daemon/output/release/build/hopper-harness-c2ee6e3eabb8c5dd/out/fuzz_extend.rs:5211:14
     |
5211 |               &self
     |  ______________^
5212 | |                 .tmsp
     | |_____________________^
     |
     = note: packed structs are only aligned by one byte, and many modern architectures penalize unaligned field accesses
     = note: creating a misaligned reference is undefined behavior (even if that reference is never dereferenced)
     = help: copy the field contents to a local variable, or replace the reference with a raw pointer and use `read_unaligned`/`write_unaligned` (loads and stores via `*p` must be properly aligned even when using raw pointers)

For more information about this error, try `rustc --explain E0793`.
The following warnings were emitted during compilation:

warning: [email protected]: dir=/root/Hopper/examples/dlt-daemon/output, lib=dlt_fuzz
warning: [email protected]: add_search_path=/root/Hopper/examples/dlt-daemon/include/dlt/
warning: [email protected]: generate callback GENERATED_hopper_callback_0: unsafe extern "C" fn (context_id : :: hopper :: FuzzMutPointer :: < :: std :: os :: raw :: c_char > , log_level : u8 , trace_status : u8 ,)
warning: [email protected]: generate callback GENERATED_hopper_callback_1: unsafe extern "C" fn (service_id : u32 , data : :: hopper :: FuzzMutPointer :: < :: hopper :: FuzzVoid > , length : u32 ,) -> :: std :: os :: raw :: c_int
warning: [email protected]: generate callback GENERATED_hopper_callback_2: unsafe extern "C" fn (service_id : u32 , data : :: hopper :: FuzzMutPointer :: < :: hopper :: FuzzVoid > , length : u32 , priv_data : :: hopper :: FuzzMutPointer :: < :: hopper :: FuzzVoid > ,) -> :: std :: os :: raw :: c_int

error: could not compile `hopper-harness` (lib) due to 40 previous errors

Caused by:
  process didn't exit successfully: `/root/.rustup/toolchains/stable-x86_64-unknown-linux-gnu/bin/rustc --crate-name hopper_harness --edition=2021 hopper-harness/src/lib.rs --error-format=json --json=diagnostic-rendered-ansi,artifacts,future-incompat --diagnostic-width=174 --crate-type lib --emit=dep-info,metadata,link -C opt-level=3 -C embed-bitcode=no --cfg 'feature="ctor_hook"' --cfg 'feature="default"' --cfg 'feature="e9_mode"' -C metadata=687dd90bd6d51332 -C extra-filename=-687dd90bd6d51332 --out-dir /root/Hopper/examples/dlt-daemon/output/release/deps -L dependency=/root/Hopper/examples/dlt-daemon/output/release/deps --extern clap=/root/Hopper/examples/dlt-daemon/output/release/deps/libclap-433ad04dcf339593.rmeta --extern color_eyre=/root/Hopper/examples/dlt-daemon/output/release/deps/libcolor_eyre-3590dbd2654eaae7.rmeta --extern eyre=/root/Hopper/examples/dlt-daemon/output/release/deps/libeyre-8de9684e9a86710d.rmeta --extern flexi_logger=/root/Hopper/examples/dlt-daemon/output/release/deps/libflexi_logger-9dab0a9998f3f896.rmeta --extern hopper=/root/Hopper/examples/dlt-daemon/output/release/deps/libhopper-6d727dd385288175.rmeta --extern log=/root/Hopper/examples/dlt-daemon/output/release/deps/liblog-db5663930c6645cc.rmeta --extern rand=/root/Hopper/examples/dlt-daemon/output/release/deps/librand-36f2e5236f427ea7.rmeta --extern regex=/root/Hopper/examples/dlt-daemon/output/release/deps/libregex-e47f3653c6831a53.rmeta --extern time=/root/Hopper/examples/dlt-daemon/output/release/deps/libtime-54c2cf7576b85054.rmeta -L native=/root/Hopper/examples/dlt-daemon/output -l dylib=dlt_fuzz -C link-arg=-Wl,-rpath,/root/Hopper/examples/dlt-daemon/output -C link-arg=-Wl,--allow-shlib-undefined -L native=/root/Hopper/examples/dlt-daemon/output/release/build/hopper-565d265b08d09895/out -L native=/root/Hopper/examples/dlt-daemon/output/release/build/hopper-565d265b08d09895/out -L native=/root/Hopper/examples/dlt-daemon/output/release/build/plthook-78dd2bb6b947ddd3/out` (exit status: 1)
error: failed to compile `hopper-harness v1.0.0 (/root/Hopper/hopper-harness)`, intermediate artifacts can be found at `/root/Hopper/examples/dlt-daemon/output`.
To reuse those artifacts with a future compilation, set the environment variable `CARGO_TARGET_DIR` to that path.
10:07:05 [ERROR] Meets error: cargo install error
Error: cargo install error

Location:
    hopper-compiler/src/cargo.rs:112:5

hopper fuzz application panicked during c-ares fuzz testing

The application panicked (crashed).
Message: index out of bounds: the len is 8192 but the index is 8192
Location: hopper-core/src/feedback/instr.rs:191

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ BACKTRACE ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
⋮ 6 frames hidden ⋮
7: core::panicking::panic_bounds_check::ha28980b0cc493af1
at :
8: <hopper::feedback::instr::ShmBufIter as core::iter::traits::iterator::Iterator>::next::hb7156ba851ceab66
at :
9: hopper::feedback::mem::::get_fd_list::h905806b5384eb1be
at :
10: hopper::fuzz::infer::res::::crash_infer_resource_exhaustion::h3e311efffa45f7d5
at :
11: hopper::fuzz::infer::::timeout_infer::h40cbb58d174fb3a8
at :
12: hopper::fuzzer::Fuzzer::handle_new_crash::h258e4917e49ba450
at :
13: hopper::fuzzer::Fuzzer::run_program::h9dbd2439772b8c4b
at :
14: hopper::fuzzer::Fuzzer::fuzz_loop::h3189c5566a7554e7
at :
15: hopper::run_fuzzer::hc30f27f42ff29336
at :
16: hopper_fuzzer::main::heefe7a8b9d0345e5
at :
17: std::sys_common::backtrace::__rust_begin_short_backtrace::h0e9d2824653e13f1
at :
18: std::rt::lang_start::{{closure}}::h59af93d5324d0725
at :
19: std::rt::lang_start_internal::h63a185b0ddd212e9
at :
20: main
at :
21: __libc_start_main
at :
22: _start
at :

some mistakes about asan

"Does Hopper support ASan compilation? I encountered the following error when compiling a publicly available library that was compiled with ASan."

error: failed to compile hopper-harness v1.0.0 (~/Desktop/fuzzer/hopper/hopper-harness), intermediate artifacts can be found at ~/Desktop/fuzzer/hopper/output.

error: could not compile hopper-harness (bin "hopper-slice") due to previous error

How to set some arg to mutable string type in rule file

Coverage report is empty

Dear authors,

I am trying to obtain the Hopper's coverage after a fuzzing campaign, but the report results empty, i.e.,

$ cat output_cov/cov/coverage.report 
Filename                      Regions    Missed Regions     Cover   Functions  Missed Functions  Executed       Lines      Missed Lines     Cover
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
TOTAL                               0                 0         -           0                 0         -           0                 0         -

Lemme explain what I tried.

I am targeting libvpx commit 8f8e7414684e97ea9b94710ac7853565c8a11c3a.
The Hopper is at commit f7437dc250a73a2851c22e3d828d26ea345b0e1f.
I am operating in the Docker shipped with the repo.

I compile vpx in release mode, in short:

mkdir libvpx_build
cd libvpx_build
../libvpx/configure --enable-shared --disable-static
make

I generate the harness:

# include all the relevant headers in vpx_all.h
hopper compile --header ${VPX_PATH}/vpx_all.h --library ${VPX_PATH}/libvpx_build/libvpx.so.8.0.0 --output output

I run a fuzzing campaign.
I want all the APIs. I also assume timeout is the correct way to handle campaign's duration.

timeout 1h hopper fuzz output

Hopper seems doing something since the folder output/queue/ is not empty, i.e.,

$ ls output/queue/ | wc -l
685

I compile libvpx with SourceCov. Similarly how I do for measuring coverage in OSS-Fuzz.
(maybe this is not the best configuration, but it does its job for OSS-Fuzz and libfuzzer)

export CC=/bin/clang
export CXX=/bin/clang++

export CXXFLAGS="-fprofile-instr-generate -fcoverage-mapping -g"
export CFLAGS="-fprofile-instr-generate -fcoverage-mapping -g"

# oss-fuzz has 2 GB total memory allocation limit. So, we limit per-allocation
# limit in libvpx to 1 GB to avoid OOM errors. A smaller per-allocation is
# needed for MemorySanitizer (see bug oss-fuzz:9497 and bug oss-fuzz:9499).
if [[ $CFLAGS = *sanitize=memory* ]]; then
        extra_c_flags='-DVPX_MAX_ALLOCABLE_MEMORY=536870912'
else
        extra_c_flags='-DVPX_MAX_ALLOCABLE_MEMORY=1073741824'
fi

LDFLAGS="$CXXFLAGS" LD=$CXX ../libvpx/configure \
        --enable-shared  \
        --disable-static \
        --extra-cflags="${extra_c_flags}" \
        --enable-debug 

make -j all
make

For the sake of clarity, I obtain the same result by setting:

export CXXFLAGS="-fprofile-instr-generate -fcoverage-mapping -gline-tables-only  -g"
export CFLAGS="-fprofile-instr-generate -fcoverage-mapping -gline-tables-only  -g"

To be sure, I also double-checked that libvpx.so.8.0.0 contains the coverage instrumentation:

$ objdump -M intel -d libvpx.so.8.0.0 | grep cov | head
   3c5b0:       0f 84 06 03 00 00       je     3c8bc <__llvm_coverage_mapping+0x274>
   3c5c2:       0f 85 fd 02 00 00       jne    3c8c5 <__llvm_coverage_mapping+0x27d>
   3c602:       0f 84 a4 00 00 00       je     3c6ac <__llvm_coverage_mapping+0x64>
   3c614:       0f 8c 7d 01 00 00       jl     3c797 <__llvm_coverage_mapping+0x14f>
   3c681:       0f 84 1c 01 00 00       je     3c7a3 <__llvm_coverage_mapping+0x15b>
   3c699:       0f 85 95 01 00 00       jne    3c834 <__llvm_coverage_mapping+0x1ec>
   3c6a7:       e9 cb 00 00 00          jmp    3c777 <__llvm_coverage_mapping+0x12f>
   3c6b8:       0f 84 f2 00 00 00       je     3c7b0 <__llvm_coverage_mapping+0x168>
   3c6da:       0f 8c 63 01 00 00       jl     3c843 <__llvm_coverage_mapping+0x1fb>
   3c74c:       7f b2                   jg     3c700 <__llvm_coverage_mapping+0xb8>

I compile the harness in coverage mode.

$ hopper compile  --instrument cov --header ${VPX_PATH}/vpx_all.h --library ${VPX_PATH}/libvpx_build_cov/libvpx.so.8.0.0 --output output_cov
$ SEED_DIR=./output/queue hopper cov output_cov

The seeds seem to be processed, but then the report is empty:

$ cat output_cov/cov/coverage.report 
Filename                      Regions    Missed Regions     Cover   Functions  Missed Functions  Executed       Lines      Missed Lines     Cover
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
TOTAL                               0                 0         -           0                 0         -           0                 0         -

Both documentation and tool usability are at a very high level (I took less than 30 min to run a campaign).
However, to simplify reproducibility, would it be possible to include at least the compilation set-up for the libraries tested in your paper, please?

请问该库是否只支持 library API?

作者您好：
根据您开放的案例来看目前此项目只适用于对library API的情况，请问对于其他二进制可执行文件的API是否可用，谢谢！

Fail to invoke patchelf

Thanks for providing this interesting tool!

While using it, I encountered the following issue. How should I solve it?

07:58:58 [INFO] patchelf cmd: "/hopper/install", lib_name: "libcjson_fuzz.so", path: /hopper/install/output/libcjson_fuzz.so
07:58:58 [ERROR] Meets error: Fail to invoke patchelf
Error: Fail to invoke patchelf

Caused by:
    Permission denied (os error 13)

Location:
    hopper-compiler/src/patch/patchelf.rs:31:10

The crash project encountered a crash through hopper hardness testing, but did not crash after translating

I tested cJson's latest project and found a stack overflow crash. I inputted this error through harness, which corresponds to the corresponding error

Error [hopper:: execute:: executor] 1-execute error: ProcessCrash {pid: Pid (2090086), signal: SIGSEGV}

But when I converted it into a. c file using translate and compiled it, the interface worked fine.

Why does this problem occur？I can provide the corresponding crash logs。