store hashes globally

fuzzers/FRET/src/fuzzer.rs

@@ -33,6 +33,8 @@ use log;
 use rand::RngCore;
 use crate::templates;
 use std::ops::Range;
+use crate::systemstate::target_os::freertos::GlobalFreeRTOSTraceMetadata;
+use crate::systemstate::target_os::GlobalSystemTraceData;
 
 // Constants ================================================================================
 
@@ -102,8 +104,9 @@ macro_rules! do_dump_stg {
     if $cli.dump_graph {
         let dump_path = $cli.dump_name.clone().unwrap().with_extension(if $c=="" {"dot"} else {$c});
         println!("Dumping graph to {:?}", &dump_path);
+        let tcb_index = $state.metadata::<GlobalFreeRTOSTraceMetadata>().unwrap().tcb_index().clone();
         if let Some(md) = $state.named_metadata_map_mut().get_mut::<STGFeedbackState<FreeRTOSSystem>>("stgfeedbackstate") {
-            let out = md.graph.map(|_i,x| x.color_print(&md.systemstate_index, &md.tcb_index), |_i,x| x.color_print());
+            let out = md.graph.map(|_i,x| x.color_print(&md.systemstate_index, &tcb_index), |_i,x| x.color_print());
             let outs = Dot::with_config(&out, &[]).to_string();
             let outs = outs.replace("\\\"","\"");
             let outs = outs.replace(';',"\\n");

fuzzers/FRET/src/systemstate/feedbacks.rs

@@ -17,7 +17,7 @@ use super::target_os::TargetSystem;
 use std::borrow::Cow;
 use std::marker::PhantomData;
 
-use crate::systemstate::{stg::STGFeedbackState, target_os::*};
+use crate::systemstate::{stg::STGFeedbackState, target_os::{freertos::GlobalFreeRTOSTraceMetadata, *}};
 use libafl::prelude::StateInitializer;
 
 //=========================== Debugging Feedback
@@ -80,9 +80,9 @@ where {
                         .metadata::<SYS::TraceData>()
                         .expect("TraceData not found").clone();
                     let tcb_index = state
-                        .metadata::<STGFeedbackState<SYS>>()
+                        .metadata::<SYS::GlobalTraceData>()
                         .expect("STGFeedbackState not found")
-                        .tcb_index.clone();
+                        .tcb_index().clone();
                     std::fs::write(
                         tracename,
                         ron::to_string(&(trace, tcb_index))

fuzzers/FRET/src/systemstate/stg.rs

@@ -162,7 +162,6 @@ where
     // aggregated traces as a graph
     pub graph: DiGraph<STGNode<SYS>, STGEdge>,
     pub systemstate_index: HashMap<HashIndex, SYS::State>,
-    pub tcb_index: HashMap<HashIndex, SYS::TCB>,
     pub state_abb_hash_index: HashMap<(u64, u64), NodeIndex>,
     stgnode_index: HashMap<u64, NodeIndex>,
     entrypoint: NodeIndex,
@@ -232,7 +231,6 @@ where
             wort_per_stg_path: HashMap::new(),
             worst_abb_exec_count: HashMap::new(),
             systemstate_index,
-            tcb_index,
             state_abb_hash_index,
             worst_task_jobs: HashMap::new(),
         }

fuzzers/FRET/src/systemstate/target_os/freertos/extraction.rs

@@ -119,12 +119,12 @@ impl FreeRTOSSystemStateModule {
     }
 }
 
-impl<S, I> EmulatorModule<I, S> for FreeRTOSSystemStateHelper
+impl<I, S> EmulatorModule<I, S> for FreeRTOSSystemStateModule
 where
     S: Unpin + HasMetadata,
     I: Unpin,
 {
-    fn first_exec<ET>(&mut self, _qemu: Qemu, emulator_modules: &mut EmulatorModules<ET, I, S>, _state: &mut S)
+    fn first_exec<ET>(&mut self, _qemu: Qemu, emulator_modules: &mut EmulatorModules<ET, I, S>, state: &mut S)
     where
         ET: EmulatorModuleTuple<I, S>,
     {
@@ -150,6 +150,21 @@ where
             ReadExecHook::Empty,
             ReadExecNHook::Function(trace_reads::<ET, I, S>),
         );
+        if !state.has_metadata::<GlobalFreeRTOSTraceMetadata>() {
+            let mut data = GlobalFreeRTOSTraceMetadata::default();
+
+            let mut start_tcb = RefinedTCB::default();
+            *start_tcb.task_name_mut()="Start".to_string();
+            let h_start_tcb = compute_hash(&start_tcb);
+            data.tcb_index_mut().insert(h_start_tcb, start_tcb);
+
+            let mut end_tcb = RefinedTCB::default();
+            *end_tcb.task_name_mut()="End".to_string();
+            let h_end_tcb = compute_hash(&end_tcb);
+            data.tcb_index_mut().insert(h_end_tcb, end_tcb);
+
+            state.add_metadata(data);
+        }
         unsafe { INPUT_MEM = self.input_mem.clone() };
     }
 
@@ -279,9 +294,9 @@ where
                 .collect::<Vec<_>>();
             jobs
         };
-        _state.metadata_mut::<STGFeedbackState<FreeRTOSSystem>>()
+        _state.metadata_mut::<GlobalFreeRTOSTraceMetadata>()
             .unwrap()
-            .tcb_index
+            .tcb_index_mut()
             .extend(tcb_map.into_iter());
         _state.add_metadata(FreeRTOSTraceMetadata::new(refined_states, intervals, mem_reads, jobs, need_to_debug));
     }

fuzzers/FRET/src/systemstate/target_os/freertos/mod.rs

@@ -25,6 +25,7 @@ impl TargetSystem for FreeRTOSSystem {
     type State = FreeRTOSSystemState;
     type TCB = RefinedTCB;
     type TraceData = FreeRTOSTraceMetadata;
+    type GlobalTraceData = GlobalFreeRTOSTraceMetadata;
 }
 
 impl TaskControlBlock for RefinedTCB {
@@ -279,6 +280,36 @@ pub(super)struct FreeRTOSSystemStateContext {
     pub mem_reads: Vec<(u32, u8)>,
 }
 
+#[derive(Debug, Default, Serialize, Deserialize, Clone)]
+pub struct GlobalFreeRTOSTraceMetadata
+{
+    pub tcb_index: HashMap<HashIndex, <<FreeRTOSTraceMetadata as SystemTraceData>::State as SystemState>::TCB>,
+    tcref: isize,
+}
+
+impl GlobalSystemTraceData for GlobalFreeRTOSTraceMetadata
+{
+    type State = FreeRTOSSystemState;
+    type TCB = RefinedTCB;
+
+    fn tcb_index(&self) -> &HashMap<HashIndex, Self::TCB> {
+        &self.tcb_index
+    }
+    fn tcb_index_mut(&mut self) -> &mut HashMap<HashIndex, Self::TCB> {
+        &mut self.tcb_index
+    }
+}
+
+impl HasRefCnt for GlobalFreeRTOSTraceMetadata
+{
+    fn refcnt(&self) -> isize {
+        self.tcref
+    }
+
+    fn refcnt_mut(&mut self) -> &mut isize {
+        &mut self.tcref
+    }
+}
 
 #[derive(Debug, Default, Serialize, Deserialize, Clone)]
 pub struct FreeRTOSTraceMetadata
@@ -368,6 +399,7 @@ impl SystemTraceData for FreeRTOSTraceMetadata
     }
 }
 
+libafl_bolts::impl_serdeany!(GlobalFreeRTOSTraceMetadata);
 libafl_bolts::impl_serdeany!(FreeRTOSTraceMetadata);
 libafl_bolts::impl_serdeany!(RefinedTCB);
 libafl_bolts::impl_serdeany!(FreeRTOSSystemState);

fuzzers/FRET/src/systemstate/target_os/mod.rs

@@ -29,6 +29,8 @@ pub trait TargetSystem: Serialize + Sized + for<'de> Deserialize<'de> + Default
     type TCB: TaskControlBlock;
     /// The type used to store trace data for the system.
     type TraceData: SystemTraceData<State = Self::State>;
+    // The type used to store global trace data for the system.
+    type GlobalTraceData: GlobalSystemTraceData<State = Self::State, TCB = Self::TCB>;
 }
 
 /// A trait representing the system state of a target system, which includes methods to access the current task.
@@ -43,6 +45,14 @@ pub trait SystemState: Serialize + Sized + for<'a> Deserialize<'a> + Default + D
     fn print_lists(&self, tcb_index: &HashMap<HashIndex, Self::TCB>) -> String;
 }
 
+pub trait GlobalSystemTraceData: Serialize + Sized + for<'a> Deserialize<'a> + Default + Debug + Clone + SerdeAny + HasRefCnt {
+    type State: SystemState;
+    type TCB: TaskControlBlock;
+
+    fn tcb_index(&self) -> &HashMap<HashIndex, Self::TCB>;
+    fn tcb_index_mut(&mut self) -> &mut HashMap<HashIndex, Self::TCB>;
+}
+
 pub trait SystemTraceData: Serialize + Sized + for<'a> Deserialize<'a> + Default + Debug + Clone + SerdeAny + HasRefCnt {
     type State: SystemState;