Add MutatedTransform to the input type for tmin & push mutational stage

[tokatoka]

like this

LibAFL/libafl/src/stages/mutational.rs

Line 97 in c8c5d89

I: MutatedTransform<Self::Input, Self::State> + Clone,

in mutational stage

[tejas012321011]

I would like to contribute to it. Can you please explain to me in some detail, what you need me to do, and provide any starting references/resources that can help in contributing, if any?

[gerceboss]

Sorry , But I could not find Input types in the files you mentioned , instead I found the other types which were not generics as it is in the file you mentioned.
<Self::State as UsesInput>::Input: HasLen + Hash how do I add MutatedTransform here ?
@tokatoka

[am009]

I have been investigating this issue and reading related codes these days.

The MutatedTransform is introduced in this commit along with the Grimoire. Grimoire is a new fuzzing technique that can efficiently fuzz programs that require highly structured inputs (e.g., a programming language).

The modifications to the mutational stage in the commit serves as a good reference. Previously, you get the testcase from the corpus, then convert it into input, mutate it using mutators, and execute it. Now with MutatedTransform, you use try_transform_from to convert from testcase to MutatedTransform<Input, State>, then pass it to mutators (mutators now mutate over a brand new type), and convert back to input using try_transform_into before execution. try_transform_into also returns a MutatedTransformPost callback that is called after new testcase is inserted into the corpus.

For example, type UnicodeInput = (BytesInput, StringIdentificationMetadata) implemented MutatedTransform<BytesInput, S>. Besides byte array, it also contains additional metadata (StringIdentificationMetadata). When it is transformed from a Testcase (using try_transform_from), the metadata is fetched from the testcase and UnicodeInput is constructed. Then UnicodeInput is passed to mutators. Mutators can leverage the metadata to perform better mutations. After mutation and before execution, UnicodeInput is transformed back into BytesInput (using try_transform_into), and StringIdentificationMetadata is returned as MutatedTransformPost. When the new mutated input is interesting and is inserted into the corpus as a testcase, the post-callback is called to insert the corresponding metadata for the testcase.

For any other types that do not need such a mechanism, there is a reflexive definition that implements MutatedTransform<I, S> for I. It makes try_transform_into a no-operation, and mutators still mutate over I because now I is doubled as MutatedTransform<I, S>.