IntelPT babyfuzzer remove TUI (#3725)

* libafl_intelpt README.md: Add also my name

* intelPT babyfuzzer lints

- Remove the TUI monitor as it is useless in babyfuzzers where the process ends on the first objective in less than a second

- Try to clarify a bit some comments

Author: Marcondiro

crates/libafl_intelpt/README.md

@@ -1,4 +1,4 @@
-# Intel Processor Trace (PT) low level code
+# Intel Processor Trace (PT) low level code for `LibAFL`
 
 This module is a wrapper around the `IntelPT` kernel driver, exposing functionalities specifically crafted for `LibAFL`.
 
@@ -7,6 +7,8 @@ At the moment only `Linux` hosts are supported.
 You can run `sudo -E cargo test intel_pt_check_availability -- --show-output` to check if your host has all the features
 used by this crate.
 
+This crate is part of [LibAFL](https://github.com/AFLplusplus/LibAFL) and is maintained by Marco Cavenati.
+
 ## The `LibAFL` Project
 
 The `LibAFL` project is part of [`AFLplusplus`](https://github.com/AFLplusplus) and maintained by

fuzzers/binary_only/intel_pt_baby_fuzzer/README.md

@@ -9,8 +9,7 @@ The tested program is a simple Rust function without any instrumentation.
 After building this example with `cargo build`, you need to give to the executable the necessary capabilities with 
 `sudo setcap cap_ipc_lock,cap_sys_ptrace,cap_sys_admin,cap_syslog=ep ./target/debug/intel_pt_baby_fuzzer`.
 
-You can run this example using `cargo run`, and you can enable the TUI feature by building and running with 
-`--features tui`.
+You can run this example using `cargo run`.
 
 As an alternative, simply run `just` to build and run the fuzzer (requires `just`).
 

fuzzers/binary_only/intel_pt_baby_fuzzer/src/main.rs

@@ -2,10 +2,6 @@ use std::{
     hint::black_box, num::NonZero, path::PathBuf, process, ptr::copy_nonoverlapping, time::Duration,
 };
 
-#[cfg(feature = "tui")]
-use libafl::monitors::tui::TuiMonitor;
-#[cfg(not(feature = "tui"))]
-use libafl::monitors::SimpleMonitor;
 use libafl::{
     corpus::{InMemoryCorpus, OnDiskCorpus},
     events::SimpleEventManager,
@@ -18,26 +14,27 @@ use libafl::{
     fuzzer::{Fuzzer, StdFuzzer},
     generators::RandPrintablesGenerator,
     inputs::{BytesInput, HasTargetBytes},
+    monitors::SimpleMonitor,
     mutators::{havoc_mutations::havoc_mutations, scheduled::HavocScheduledMutator},
     observers::ConstMapObserver,
     schedulers::QueueScheduler,
     stages::mutational::StdMutationalStage,
     state::StdState,
 };
-use libafl_bolts::{current_nanos, nonnull_raw_mut, rands::StdRand, tuples::tuple_list, AsSlice};
+use libafl_bolts::{current_nanos, nonnull_raw_mut, rands::StdRand, tuples::tuple_list};
 use proc_maps::get_process_maps;
 
-// Coverage map
+// Edge coverage map.
 const MAP_SIZE: usize = 4096;
 static mut MAP: [u8; MAP_SIZE] = [0; MAP_SIZE];
 static mut MAP_PTR: *mut u8 = &raw mut MAP as _;
 
 pub fn main() {
-    // The closure that we want to fuzz
+    // The function that we want to fuzz
     let mut harness = |input: &BytesInput| {
-        let target = input.target_bytes();
-        let buf = target.as_slice();
+        let buf = input.target_bytes();
         if !buf.is_empty() && buf[0] == b'a' {
+            // Avoid compiler optimizations
             let _do_something = black_box(0);
             if buf.len() > 1 && buf[1] == b'b' {
                 let _do_something = black_box(0);
@@ -50,17 +47,16 @@ pub fn main() {
     };
 
     // Create an observation channel using the map
-    let observer = unsafe { ConstMapObserver::from_mut_ptr("signals", nonnull_raw_mut!(MAP)) };
+    let observer = unsafe { ConstMapObserver::from_mut_ptr("edges", nonnull_raw_mut!(MAP)) };
 
     // Feedback to rate the interestingness of an input
     let mut feedback = MaxMapFeedback::new(&observer);
 
     // A feedback to choose if an input is a solution or not
     let mut objective = CrashFeedback::new();
 
-    // create a State from scratch
     let mut state = StdState::new(
-        // RNG
+        // Random Number Generator
         StdRand::with_seed(current_nanos()),
         // Corpus that will be evolved, we keep it in memory for performance
         InMemoryCorpus::new(),
@@ -75,14 +71,8 @@ pub fn main() {
     )
     .unwrap();
 
-    // The Monitor trait define how the fuzzer stats are displayed to the user
-    #[cfg(not(feature = "tui"))]
+    // The Monitor define how the fuzzer stats are displayed to the user, here we simply print
     let mon = SimpleMonitor::new(|s| println!("{s}"));
-    #[cfg(feature = "tui")]
-    let mon = TuiMonitor::builder()
-        .title("Baby Fuzzer Intel PT")
-        .enhanced_graphics(false)
-        .build();
 
     // The event manager handle the various events generated during the fuzzing loop
     // such as the notification of the addition of a new item to the corpus
@@ -113,6 +103,7 @@ pub fn main() {
         })
         .collect::<Vec<_>>();
 
+    // Pass the executable memory to the code responsible for Intel PT trace decoding
     let pt = IntelPT::builder().images(images).build().unwrap();
     // Intel PT hook that will handle the setup of Intel PT for each execution and fill the map
     let pt_hook = unsafe {