From 6e688a7451d2367dc390759cb9abee5453dd6e3f Mon Sep 17 00:00:00 2001
From: Alwin Berger <alwin.berger@tu-dortmund.de>
Date: Mon, 3 Jan 2022 16:37:57 +0100
Subject: [PATCH] cortex demo for fuzzing

---
 FreeRTOS/Demo/CORTEX_M3_MPS2_QEMU_GCC/main.c       |  2 +-
 .../Demo/CORTEX_M3_MPS2_QEMU_GCC/main_blinky.c     | 14 +++++++++++++-
 FreeRTOS/Demo/CORTEX_M3_MPS2_QEMU_GCC/shell.nix    |  7 +++++++
 3 files changed, 21 insertions(+), 2 deletions(-)
 create mode 100644 FreeRTOS/Demo/CORTEX_M3_MPS2_QEMU_GCC/shell.nix

diff --git a/FreeRTOS/Demo/CORTEX_M3_MPS2_QEMU_GCC/main.c b/FreeRTOS/Demo/CORTEX_M3_MPS2_QEMU_GCC/main.c
index 27381622..c1418812 100644
--- a/FreeRTOS/Demo/CORTEX_M3_MPS2_QEMU_GCC/main.c
+++ b/FreeRTOS/Demo/CORTEX_M3_MPS2_QEMU_GCC/main.c
@@ -68,7 +68,7 @@ int main()
             #error "Invalid Selection...\nPlease Select a Demo application from the main command"
         }
     #endif /* if ( mainCREATE_SIMPLE_BLINKY_DEMO_ONLY == 1 ) */
-        snprint
+        //snprint
     return 0;
 }
 
diff --git a/FreeRTOS/Demo/CORTEX_M3_MPS2_QEMU_GCC/main_blinky.c b/FreeRTOS/Demo/CORTEX_M3_MPS2_QEMU_GCC/main_blinky.c
index 707c7fe1..23738e73 100644
--- a/FreeRTOS/Demo/CORTEX_M3_MPS2_QEMU_GCC/main_blinky.c
+++ b/FreeRTOS/Demo/CORTEX_M3_MPS2_QEMU_GCC/main_blinky.c
@@ -77,6 +77,9 @@ void main_blinky( void )
     }
 }
 
+volatile unsigned char FUZZ_INPUT[4096] = {2};
+volatile uint32_t FUZZ_LENGTH = 4096;
+
 static void prvQueueSendTask( void * pvParameters )
 {
     TickType_t xNextWakeTime;
@@ -101,6 +104,11 @@ static void prvQueueSendTask( void * pvParameters )
     }
 }
 
+__attribute__((noinline)) static void trigger_Qemu_break( void )
+{
+    puts("Trigger");
+}
+
 volatile uint32_t ulRxEvents = 0;
 static void prvQueueReceiveTask( void * pvParameters )
 {
@@ -121,10 +129,14 @@ static void prvQueueReceiveTask( void * pvParameters )
          * is it the expected value?  If it is, toggle the LED. */
         if( ulReceivedValue == ulExpectedValue )
         {
-            printf( "%s\n", "blinking" );
+            printf( "%s %u -> %u\n", "blinking", ulRxEvents, FUZZ_INPUT[0]);
             vTaskDelay( 1000 );
             ulReceivedValue = 0U;
             ulRxEvents++;
+            if (ulRxEvents%4096 == FUZZ_INPUT[0])
+            {
+                trigger_Qemu_break();
+            }
         }
     }
 }
diff --git a/FreeRTOS/Demo/CORTEX_M3_MPS2_QEMU_GCC/shell.nix b/FreeRTOS/Demo/CORTEX_M3_MPS2_QEMU_GCC/shell.nix
new file mode 100644
index 00000000..ae4eea2c
--- /dev/null
+++ b/FreeRTOS/Demo/CORTEX_M3_MPS2_QEMU_GCC/shell.nix
@@ -0,0 +1,7 @@
+let pkgs = import <nixpkgs> {
+    #crossSystem = (import <nixpkgs/lib>).systems.examples.arm-embedded;
+};
+in
+  pkgs.mkShell {
+    nativeBuildInputs = [pkgs.gcc-arm-embedded];
+  }