diff --git a/fuzzers/FRET/src/fuzzer.rs b/fuzzers/FRET/src/fuzzer.rs index 637ddfb6f4..2d0dd56f34 100644 --- a/fuzzers/FRET/src/fuzzer.rs +++ b/fuzzers/FRET/src/fuzzer.rs @@ -34,11 +34,13 @@ use libafl_qemu::{ edges, edges::QemuEdgeCoverageHelper, elf::EasyElf, emu::Emulator, GuestPhysAddr, QemuExecutor, QemuHooks, Regs, QemuInstrumentationFilter, GuestAddr, }; +use rand::{SeedableRng, StdRng, Rng}; use crate::{ clock::{QemuClockObserver, ClockTimeFeedback, QemuClockIncreaseFeedback, IcHist}, qemustate::QemuStateRestoreHelper, systemstate::{helpers::QemuSystemStateHelper, observers::QemuSystemStateObserver, feedbacks::{DumpSystraceFeedback, NovelSystemStateFeedback}, graph::{SysMapFeedback, SysGraphFeedbackState, GraphMaximizerCorpusScheduler}}, worst::{TimeMaximizerCorpusScheduler, ExecTimeIncFeedback, TimeStateMaximizerCorpusScheduler}, }; +pub const RNG_SEED: u64 = 1; pub const MAX_NUM_INTERRUPT: usize = 32; pub const DO_NUM_INTERRUPT: usize = 32; @@ -274,7 +276,7 @@ pub fn fuzz() { let mut state = state.unwrap_or_else(|| { StdState::new( // RNG - StdRand::with_seed(current_nanos()), + StdRand::with_seed(RNG_SEED), // Corpus that will be evolved, we keep it in memory for performance InMemoryCorpus::new(), // Corpus in which we store solutions (crashes in this example), @@ -408,10 +410,11 @@ pub fn fuzz() { // let mut generator = RandBytesGenerator::new(MAX_INPUT_SIZE); let target_duration = Duration::from_secs(num); let start_time = std::time::Instant::now(); + let mut rng = StdRng::seed_from_u64(RNG_SEED); while start_time.elapsed() < target_duration { // let inp = generator.generate(&mut state).unwrap(); // libafl's generator is too slow - let inp = BytesInput::new(vec![rand::random::(); MAX_INPUT_SIZE]); + let inp = BytesInput::new(vec![rng.gen::(); MAX_INPUT_SIZE]); fuzzer.evaluate_input(&mut state, &mut executor, &mut mgr, inp).unwrap(); } }} else {