diff --git a/fuzzers/wcet_qemu_sys/src/bin/fuzzer.rs b/fuzzers/wcet_qemu_sys/src/bin/fuzzer.rs index efef1d896a..3c4b6059eb 100644 --- a/fuzzers/wcet_qemu_sys/src/bin/fuzzer.rs +++ b/fuzzers/wcet_qemu_sys/src/bin/fuzzer.rs @@ -35,6 +35,7 @@ use wcet_qemu_sys::sysstate::observers::QemuSysStateObserver; use wcet_qemu_sys::sysstate::feedbacks::SysStateFeedbackState; use wcet_qemu_sys::sysstate::feedbacks::NovelSysStateFeedback; use wcet_qemu_sys::worst::QemuHashMapObserver; +use wcet_qemu_sys::minimizer::QemuCaseMinimizerStage; use hashbrown::HashMap; use clap::{App, Arg}; use core::{cell::RefCell, time::Duration}; @@ -609,7 +610,7 @@ fn fuzz( // let tracing = ShadowTracingStage::new(&mut executor); // The order of the stages matter! - let mut stages = tuple_list!(mutation); + let mut stages = tuple_list!(QemuCaseMinimizerStage::new(16),mutation); // Remove target ouput (logs still survive) #[cfg(unix)] diff --git a/fuzzers/wcet_qemu_sys/src/lib.rs b/fuzzers/wcet_qemu_sys/src/lib.rs index 34b31773e6..a9c17174e1 100644 --- a/fuzzers/wcet_qemu_sys/src/lib.rs +++ b/fuzzers/wcet_qemu_sys/src/lib.rs @@ -3,4 +3,5 @@ #[cfg(target_os = "linux")] pub mod sysstate; -pub mod worst; \ No newline at end of file +pub mod worst; +pub mod minimizer; \ No newline at end of file diff --git a/fuzzers/wcet_qemu_sys/src/minimizer.rs b/fuzzers/wcet_qemu_sys/src/minimizer.rs new file mode 100644 index 0000000000..8822bca5d0 --- /dev/null +++ b/fuzzers/wcet_qemu_sys/src/minimizer.rs @@ -0,0 +1,70 @@ + +use libafl::inputs::HasBytesVec; +use libafl::corpus::Corpus; +use libafl::bolts::rands::Rand; +use libafl::inputs::BytesInput; +use libafl::stages::Stage; +use libafl::stages::MutationalStage; +use libafl::stages::mutational::DEFAULT_MUTATIONAL_MAX_ITERATIONS; +use core::marker::PhantomData; +use libafl::Evaluator; +use libafl::state::HasRand; +use libafl::state::HasCorpus; +use libafl::Error; +use libafl::state::HasClientPerfMonitor; +use libafl::mutators::Mutator; +use libafl::inputs::Input; + +#[derive(Clone, Debug)] +pub struct QemuCaseMinimizerStage +where + S: HasClientPerfMonitor + HasCorpus + HasRand, + Z: Evaluator, +{ + max_input_length: usize, + #[allow(clippy::type_complexity)] + phantom: PhantomData<(E, EM, S, Z)>, +} + +impl Stage for QemuCaseMinimizerStage +where + S: HasClientPerfMonitor + HasCorpus + HasRand, + Z: Evaluator, +{ + #[inline] + #[allow(clippy::let_and_return)] + fn perform( + &mut self, + fuzzer: &mut Z, + executor: &mut E, + state: &mut S, + manager: &mut EM, + corpus_idx: usize, + ) -> Result<(), Error> { + let mut corpus = state.corpus_mut(); + let mut case = corpus.get(corpus_idx).unwrap().borrow_mut(); + let mut input = case.input_mut().as_mut().unwrap(); + let mut bytes = input.bytes_mut(); + if bytes.len() > self.max_input_length { + bytes.drain(self.max_input_length..); + } + + #[cfg(feature = "introspection")] + state.introspection_monitor_mut().finish_stage(); + Ok(()) + } +} + +impl QemuCaseMinimizerStage +where + S: HasClientPerfMonitor + HasCorpus + HasRand, + Z: Evaluator, +{ + /// Creates a new default mutational stage + pub fn new(max: usize) -> Self { + Self { + max_input_length: max, + phantom: PhantomData, + } + } +} \ No newline at end of file