new setup for interrupts

2022-04-26 00:35:11 +02:00 · 2022-04-26 00:35:11 +02:00 · 0b638d9020
commit 0b638d9020
parent 67165640c5
3 changed files with 13 additions and 9 deletions
--- a/fuzzers/wcet_qemu_sys/src/bin/fuzzer.rs
+++ b/fuzzers/wcet_qemu_sys/src/bin/fuzzer.rs
@ -70,8 +70,7 @@ use libafl_qemu::{
    edges,
    edges::QemuEdgeCoverageHelper,
    elf::EasyElf,
-    emu::Emulator,
-    filter_qemu_args,
+    emu::Emulator, filter_qemu_args, libafl_int_offset,
    snapshot_sys::QemuSysSnapshotHelper,
    QemuExecutor,
    clock,
@ -416,11 +415,11 @@ fn fuzz(
        let target = input.target_bytes();
        let mut buf = target.as_slice();
        let mut len = buf.len();
-        let mut int_tick : Option<u64> = None;
+        let mut int_tick : Option<u32> = None;
        if len > 4 {
            let mut t : [u8; 4] = [0,0,0,0];    // 4 extra bytes determine the tick to execute an interrupt
            t.copy_from_slice(&buf[0..4]);
-            int_tick = Some(u32::from_le_bytes(t) as u64);
+            int_tick = Some(u32::from_le_bytes(t));
            buf = &buf[4..];
            len = buf.len();
        }
@ -430,7 +429,8 @@ fn fuzz(
        }

        unsafe {
-            INTR_OFFSET = int_tick;
+            libafl_int_offset = int_tick.unwrap_or(0);
+            // INTR_OFFSET = int_tick;
            emu.write_mem(test_length_ptr,&(len as u32).to_le_bytes());
            emu.write_mem(input_addr,buf);

--- a/fuzzers/wcet_qemu_sys/src/bin/showmap.rs
+++ b/fuzzers/wcet_qemu_sys/src/bin/showmap.rs
@ -40,7 +40,7 @@ use libafl::{
 use libafl_qemu::{
    edges,
    edges::QemuEdgeCoverageHelper,
-    emu::Emulator, filter_qemu_args,
+    emu::Emulator, filter_qemu_args, libafl_int_offset,
    elf::EasyElf,
    snapshot_sys::QemuSysSnapshotHelper,
    clock::{QemuClockObserver},
@ -338,11 +338,11 @@ fn fuzz(
        let target = input.target_bytes();
        let mut buf = target.as_slice();
        let mut len = buf.len();
-        let mut int_tick : Option<u64> = None;
+        let mut int_tick : Option<u32> = None;
        if len > 4 {
            let mut t : [u8; 4] = [0,0,0,0];    // 4 extra bytes determine the tick to execute an interrupt
            t.copy_from_slice(&buf[0..4]);
-            int_tick = Some(u32::from_le_bytes(t) as u64);
+            int_tick = Some(u32::from_le_bytes(t));
            buf = &buf[4..];
            len = buf.len();
        }
@ -352,7 +352,8 @@ fn fuzz(
        }

        unsafe {
-            INTR_OFFSET = int_tick;
+            libafl_int_offset = int_tick.unwrap_or(0);
+            // INTR_OFFSET = int_tick;
            emu.write_mem(test_length_ptr,&(len as u32).to_le_bytes());
            emu.write_mem(input_addr,buf);

--- a/libafl_qemu/src/emu.rs
+++ b/libafl_qemu/src/emu.rs
@ -221,6 +221,9 @@ extern "C" {
    #[cfg(feature = "systemmode")]
    #[cfg(feature = "arm")]
    pub fn libafl_send_irq(irqn: u32);
+    #[cfg(feature = "systemmode")]
+    #[cfg(feature = "arm")]
+    pub static mut libafl_int_offset: u32;

    static exec_path: *const u8;
    static guest_base: usize;