SYS-OSS/FRET-LibAFL
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

new setup for interrupts

Browse Source
This commit is contained in:
Alwin Berger 2022-04-26 00:35:11 +02:00
parent 67165640c5
commit 0b638d9020
3 changed files with 13 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
fuzzers/wcet_qemu_sys/src/bin/fuzzer.rs
View File

@ -70,8 +70,7 @@ use libafl_qemu::{
edges, edges,
edges::QemuEdgeCoverageHelper, edges::QemuEdgeCoverageHelper,
elf::EasyElf, elf::EasyElf,
emu::Emulator, emu::Emulator, filter_qemu_args, libafl_int_offset,
filter_qemu_args,
snapshot_sys::QemuSysSnapshotHelper, snapshot_sys::QemuSysSnapshotHelper,
QemuExecutor, QemuExecutor,
clock, clock,
@ -416,11 +415,11 @@ fn fuzz(
let target = input.target_bytes(); let target = input.target_bytes();
let mut buf = target.as_slice(); let mut buf = target.as_slice();
let mut len = buf.len(); let mut len = buf.len();
let mut int_tick : Option<u64> = None; let mut int_tick : Option<u32> = None;
if len > 4 { if len > 4 {
let mut t : [u8; 4] = [0,0,0,0]; // 4 extra bytes determine the tick to execute an interrupt let mut t : [u8; 4] = [0,0,0,0]; // 4 extra bytes determine the tick to execute an interrupt
t.copy_from_slice(&buf[0..4]); t.copy_from_slice(&buf[0..4]);
int_tick = Some(u32::from_le_bytes(t) as u64); int_tick = Some(u32::from_le_bytes(t));
buf = &buf[4..]; buf = &buf[4..];
len = buf.len(); len = buf.len();
} }
@ -430,7 +429,8 @@ fn fuzz(
} }
unsafe { unsafe {
INTR_OFFSET = int_tick; libafl_int_offset = int_tick.unwrap_or(0);
// INTR_OFFSET = int_tick;
emu.write_mem(test_length_ptr,&(len as u32).to_le_bytes()); emu.write_mem(test_length_ptr,&(len as u32).to_le_bytes());
emu.write_mem(input_addr,buf); emu.write_mem(input_addr,buf);

9
fuzzers/wcet_qemu_sys/src/bin/showmap.rs
View File

@ -40,7 +40,7 @@ use libafl::{
use libafl_qemu::{ use libafl_qemu::{
edges, edges,
edges::QemuEdgeCoverageHelper, edges::QemuEdgeCoverageHelper,
emu::Emulator, filter_qemu_args, emu::Emulator, filter_qemu_args, libafl_int_offset,
elf::EasyElf, elf::EasyElf,
snapshot_sys::QemuSysSnapshotHelper, snapshot_sys::QemuSysSnapshotHelper,
clock::{QemuClockObserver}, clock::{QemuClockObserver},
@ -338,11 +338,11 @@ fn fuzz(
let target = input.target_bytes(); let target = input.target_bytes();
let mut buf = target.as_slice(); let mut buf = target.as_slice();
let mut len = buf.len(); let mut len = buf.len();
let mut int_tick : Option<u64> = None; let mut int_tick : Option<u32> = None;
if len > 4 { if len > 4 {
let mut t : [u8; 4] = [0,0,0,0]; // 4 extra bytes determine the tick to execute an interrupt let mut t : [u8; 4] = [0,0,0,0]; // 4 extra bytes determine the tick to execute an interrupt
t.copy_from_slice(&buf[0..4]); t.copy_from_slice(&buf[0..4]);
int_tick = Some(u32::from_le_bytes(t) as u64); int_tick = Some(u32::from_le_bytes(t));
buf = &buf[4..]; buf = &buf[4..];
len = buf.len(); len = buf.len();
} }
@ -352,7 +352,8 @@ fn fuzz(
} }
unsafe { unsafe {
INTR_OFFSET = int_tick; libafl_int_offset = int_tick.unwrap_or(0);
// INTR_OFFSET = int_tick;
emu.write_mem(test_length_ptr,&(len as u32).to_le_bytes()); emu.write_mem(test_length_ptr,&(len as u32).to_le_bytes());
emu.write_mem(input_addr,buf); emu.write_mem(input_addr,buf);

3
libafl_qemu/src/emu.rs
View File

@ -221,6 +221,9 @@ extern "C" {
#[cfg(feature = "systemmode")] #[cfg(feature = "systemmode")]
#[cfg(feature = "arm")] #[cfg(feature = "arm")]
pub fn libafl_send_irq(irqn: u32); pub fn libafl_send_irq(irqn: u32);
#[cfg(feature = "systemmode")]
#[cfg(feature = "arm")]
pub static mut libafl_int_offset: u32;
static exec_path: *const u8; static exec_path: *const u8;
static guest_base: usize; static guest_base: usize;