ShMem should not give out references, pt. 2

[langston-barrett]

You can recreate #1748 with the impl DerefMut<Target = [u8]> for MmapShMem.

// cargo init
// cargo add --no-default-features --features=std --git https://github.com/AFLplusplus/LibAFL libafl_bolts
// cargo run

use std::ops::{DerefMut as _};
use libafl_bolts::shmem::{ShMemProvider as _};

pub fn main() {
    let mut prov = libafl_bolts::shmem::MmapShMemProvider::default();
    let mut shmem1 = unsafe { prov.new_on_shmem::<u8>(0).unwrap_unchecked() };
    let mut shmem2 = unsafe { prov.clone_ref(&shmem1).unwrap_unchecked() };
    let r1 = &mut shmem1.deref_mut()[0];
    let r2 = &mut shmem2.deref_mut()[0];
    go(r1, r2);
}

pub fn go(r1: &mut u8, r2: &mut u8) {
    mut_r1(r1);
    mut_r2(r2);
    if *r1 == 1 {
        println!("r1 = {r1}");
    }
}

pub fn mut_r1(r1: &mut u8) {
    *r1 = 1;
}

pub fn mut_r2(r2: &mut u8) {
    *r2 = 32;
}

Prints

r1 = 32

[langston-barrett]

Unfortunately, this DerefMut instance provides as_slice_mut, which appears to be the predominant way of accessing shared memory throughout the codebase: https://github.com/search?q=repo%3AAFLplusplus%2FLibAFL+%2Fshmem.as_slice_mut%2F&type=code

[domenukk]

Looking through the codebas, this PR introduced DerefMut here..
b024846

Maybe we can undo parts of it?