Introduce replaying fuzzer

libafl/src/executors/mod.rs

@@ -42,7 +42,7 @@ pub mod with_observers;
 pub mod hooks;
 
 /// How an execution finished.
-#[derive(Debug, Clone, Copy, Serialize, Deserialize, PartialEq, Eq)]
+#[derive(Debug, Clone, Copy, Serialize, Deserialize, PartialEq, Eq, Hash)]
 #[cfg_attr(
     any(not(feature = "serdeany_autoreg"), miri),
     expect(clippy::unsafe_derive_deserialize)
@@ -56,6 +56,8 @@ pub enum ExitKind {
     Oom,
     /// The run timed out
     Timeout,
+    /// The run reports inconsistent results, this means the input is not added to the corpus nor the solutions
+    Inconsistent,
     /// Special case for [`DiffExecutor`] when both exitkinds don't match
     Diff {
         /// The exitkind of the primary executor
@@ -68,7 +70,7 @@ pub enum ExitKind {
 }
 
 /// How one of the diffing executions finished.
-#[derive(Debug, Clone, Copy, Serialize, Deserialize, PartialEq, Eq)]
+#[derive(Debug, Clone, Copy, Serialize, Deserialize, PartialEq, Eq, Hash)]
 #[cfg_attr(
     any(not(feature = "serdeany_autoreg"), miri),
     expect(clippy::unsafe_derive_deserialize)
@@ -82,6 +84,8 @@ pub enum DiffExitKind {
     Oom,
     /// The run timed out
     Timeout,
+    /// The run reports inconsistent results
+    Inconsistent,
     /// One of the executors itelf repots a differential, we can't go into further details.
     Diff,
     // The run resulted in a custom `ExitKind`.
@@ -97,6 +101,7 @@ impl From<ExitKind> for DiffExitKind {
             ExitKind::Crash => DiffExitKind::Crash,
             ExitKind::Oom => DiffExitKind::Oom,
             ExitKind::Timeout => DiffExitKind::Timeout,
+            ExitKind::Inconsistent => DiffExitKind::Inconsistent,
             ExitKind::Diff { .. } => DiffExitKind::Diff,
         }
     }

libafl/src/fuzzer/mod.rs

@@ -1,9 +1,11 @@
 //! The `Fuzzer` is the main struct for a fuzz campaign.
 
+pub mod replaying;
+
 use alloc::{string::ToString, vec::Vec};
-use core::{fmt::Debug, time::Duration};
 #[cfg(feature = "std")]
-use std::hash::Hash;
+use core::hash::Hash;
+use core::{fmt::Debug, time::Duration};
 
 #[cfg(feature = "std")]
 use fastbloom::BloomFilter;
@@ -328,6 +330,10 @@ where
     ) -> Result<ExecuteInputResult, Error> {
         let mut res = ExecuteInputResult::None;
 
+        if *exit_kind == ExitKind::Inconsistent {
+            return Ok(ExecuteInputResult::None);
+        }
+
         #[cfg(not(feature = "introspection"))]
         let is_solution = self
             .objective_mut()
@@ -477,7 +483,6 @@ where
                         Event::Objective {
                             #[cfg(feature = "share_objectives")]
                             input,
-
                             objective_size: state.solutions().count(),
                             time: current_time(),
                         },
@@ -672,7 +677,6 @@ where
                 Event::Objective {
                     #[cfg(feature = "share_objectives")]
                     input,
-
                     objective_size: state.solutions().count(),
                     time: current_time(),
                 },
@@ -882,7 +886,7 @@ impl<CS, F, OF> StdFuzzer<CS, F, NopInputFilter, OF> {
     }
 }
 
-#[cfg(feature = "std")] // hashing requires std
+#[cfg(feature = "std")]
 impl<CS, F, OF> StdFuzzer<CS, F, BloomInputFilter, OF> {
     /// Create a new [`StdFuzzer`], which, with a certain certainty, executes each input only once.
     ///