Fix frida libafl after #1523

[s1341]

This fixes Frida after PR #1523

[fabianfreyer]

Wow, sorry for that! The fix makes sense, LGTM!

[fabianfreyer]

Good catch! I'm wondering whether there's any way to enforce this invariant with types.

[s1341]

Yeah. It was breaking things for me, very very subtley.

[s1341]

I'm open to suggestions for how to enforce this with types.

[domenukk]

how/why does it make a difference when you create the refcell? It really shouldn't, or we're holding it wrong?

[fabianfreyer]

I think this is another instance of frida/frida-rust#76. The lifetime of the ranges needs to outlive the lifetime of the transformer. Since ranges would otherwise be returned owned by the helper, their lifetime is tied to the lifetime of the helper. Ideally, we would need to then ensure the helper outlives the transformer. By using Rc, we're just manually ensuring that the ranges can outlive the transformer even if the lifetime of the helper ends prematurely.

If the transformer could have a lifetime that's consumed by unfollow, and we can have that "owned" by the helper, then we could guarantee that the ranges outlive the helper just by owning both of these on the transformer.

[s1341]

It's not just that. During runtime init, we build assembly sequences which refer to the addresses of their containing runtimes. So it is critical that runtime init happen after the final MOVE. Once we move into the refcell, we never move again.

[fabianfreyer]

Hmm, that sounds like something that could benefit from Pin?

[domenukk]

Yes, everything that's not pinned is free to be moved at any time, even if it's in a refcell. That it works right now is probably just accidental, but sounds like UB.
Let's Pin inside the refcell? :)

[s1341]

I never managed to wrap my head around Pin. @fabianfreyer do you want to take a stab at it?