diff --git a/fuzzers/FRET/src/systemstate/mutational.rs b/fuzzers/FRET/src/systemstate/mutational.rs index 69f1234616..bc8c94ef1b 100644 --- a/fuzzers/FRET/src/systemstate/mutational.rs +++ b/fuzzers/FRET/src/systemstate/mutational.rs @@ -9,7 +9,7 @@ use libafl_bolts::{rands::{ random_seed, Rand, StdRand }, Named}; use libafl::{ - common::{HasMetadata, HasNamedMetadata}, corpus::{self, Corpus}, events::{Event, EventFirer, LogSeverity}, fuzzer::Evaluator, inputs::{HasMutatorBytes, HasTargetBytes, Input, MultipartInput}, mark_feature_time, prelude::{new_hash_feedback, CorpusId, MutationResult, Mutator, UsesInput}, stages::Stage, start_timer, state::{HasCorpus, HasRand, MaybeHasClientPerfMonitor, UsesState}, Error + common::{HasMetadata, HasNamedMetadata}, corpus::{self, Corpus}, events::{Event, EventFirer, LogSeverity}, fuzzer::Evaluator, inputs::{HasMutatorBytes, HasTargetBytes, Input, MultipartInput}, mark_feature_time, prelude::{new_hash_feedback, AggregatorOps, CorpusId, MutationResult, Mutator, UserStats, UserStatsValue, UsesInput}, stages::Stage, start_timer, state::{HasCorpus, HasRand, MaybeHasClientPerfMonitor, UsesState}, Error }; use libafl::prelude::State; use petgraph::{graph::NodeIndex, graph::{self, DiGraph}}; @@ -126,6 +126,38 @@ where } } +static mut num_stage_execs : u64 = 0; +static mut sum_reruns : u64 = 0; +static mut sum_interesting_reruns : u64 = 0; + +impl InterruptShiftStage +where + E: UsesState, + EM: UsesState, + EM: EventFirer, + Z: Evaluator, + Z::State: MaybeHasClientPerfMonitor + HasCorpus + HasRand + HasMetadata + HasNamedMetadata, + ::Input: Input, + Z::State: UsesInput>, + I: HasMutatorBytes + Default +{ + fn report_stats(&self, state: &mut as UsesState>::State, manager: &mut EM) { + unsafe { + let _ = manager.fire( + state, + Event::UpdateUserStats { + name: Cow::from("InterruptShiftStage"), + value: UserStats::new( + UserStatsValue::String(Cow::from(format!("{} -> {}/{} {:.1}% ", num_stage_execs, sum_interesting_reruns, sum_reruns, sum_interesting_reruns as f32 * 100.0 / sum_reruns as f32))), + AggregatorOps::None, + ), + phantom: PhantomData, + }, + ); + } + } +} + impl Stage for InterruptShiftStage where E: UsesState, @@ -147,16 +179,20 @@ where if self.interrup_config.len() == 0 {return Ok(());} // configuration implies no interrupts let mut myrand = StdRand::new(); myrand.set_seed(state.rand_mut().next()); + unsafe {num_stage_execs+=1;} let mut rerun_count = 0; // count how many times we rerun the executor // Try many times to find a mutation that is not already in the corpus - let loopbound = 50; + let loopbound = 5; for _ in 0..loopbound { // Choose which isr to mutate let interrup_config = match myrand.choose(&self.interrup_config) { Some(s) => s, - Option::None => return Ok(()) + Option::None => { + self.report_stats(state, manager); + return Ok(()) + } }; let name = format!("isr_{}_times", interrup_config.0); // manager.log(state, LogSeverity::Info, format!("Mutation {}/{}", loopbound, loopcount))?; @@ -375,9 +411,14 @@ where if do_rerun { rerun_count+=1; let (_, corpus_idx) = fuzzer.evaluate_input(state, executor, manager, new_input)?; + if corpus_idx.is_some() { unsafe{sum_interesting_reruns+=1;}} else if corpus_idx.is_none() && loopbound<=0 { break;} } else {if loopbound<=0 {break;}} } + unsafe { + sum_reruns+=rerun_count; + } + self.report_stats(state, manager); Ok(()) }