add a testcase minimizer

fuzzers/wcet_qemu_sys/src/bin/fuzzer.rs

@@ -35,6 +35,7 @@ use wcet_qemu_sys::sysstate::observers::QemuSysStateObserver;
 use wcet_qemu_sys::sysstate::feedbacks::SysStateFeedbackState;
 use wcet_qemu_sys::sysstate::feedbacks::NovelSysStateFeedback;
 use wcet_qemu_sys::worst::QemuHashMapObserver;
+use wcet_qemu_sys::minimizer::QemuCaseMinimizerStage;
 use hashbrown::HashMap;
 use clap::{App, Arg};
 use core::{cell::RefCell, time::Duration};
@@ -609,7 +610,7 @@ fn fuzz(
     // let tracing = ShadowTracingStage::new(&mut executor);
 
     // The order of the stages matter!
-    let mut stages = tuple_list!(mutation);
+    let mut stages = tuple_list!(QemuCaseMinimizerStage::new(16),mutation);
 
     // Remove target ouput (logs still survive)
     #[cfg(unix)]

fuzzers/wcet_qemu_sys/src/lib.rs

@@ -3,4 +3,5 @@
 #[cfg(target_os = "linux")]
 pub mod sysstate;
 
-pub mod worst;
+pub mod worst;
+pub mod minimizer;

fuzzers/wcet_qemu_sys/src/minimizer.rs

@@ -0,0 +1,70 @@
+
+use libafl::inputs::HasBytesVec;
+use libafl::corpus::Corpus;
+use libafl::bolts::rands::Rand;
+use libafl::inputs::BytesInput;
+use libafl::stages::Stage;
+use libafl::stages::MutationalStage;
+use libafl::stages::mutational::DEFAULT_MUTATIONAL_MAX_ITERATIONS;
+use core::marker::PhantomData;
+use libafl::Evaluator;
+use libafl::state::HasRand;
+use libafl::state::HasCorpus;
+use libafl::Error;
+use libafl::state::HasClientPerfMonitor;
+use libafl::mutators::Mutator;
+use libafl::inputs::Input;
+
+#[derive(Clone, Debug)]
+pub struct QemuCaseMinimizerStage<E, EM, S, Z>
+where
+    S: HasClientPerfMonitor + HasCorpus<BytesInput> + HasRand,
+    Z: Evaluator<E, EM, BytesInput, S>,
+{
+	max_input_length: usize,
+    #[allow(clippy::type_complexity)]
+    phantom: PhantomData<(E, EM, S, Z)>,
+}
+
+impl<E, EM, S, Z> Stage<E, EM, S, Z> for QemuCaseMinimizerStage<E, EM, S, Z>
+where
+    S: HasClientPerfMonitor + HasCorpus<BytesInput> + HasRand,
+    Z: Evaluator<E, EM, BytesInput, S>,
+{
+    #[inline]
+    #[allow(clippy::let_and_return)]
+    fn perform(
+        &mut self,
+        fuzzer: &mut Z,
+        executor: &mut E,
+        state: &mut S,
+        manager: &mut EM,
+        corpus_idx: usize,
+    ) -> Result<(), Error> {
+		let mut corpus = state.corpus_mut();
+		let mut case = corpus.get(corpus_idx).unwrap().borrow_mut();
+		let mut input = case.input_mut().as_mut().unwrap();
+		let mut bytes = input.bytes_mut();
+		if bytes.len() > self.max_input_length {
+			bytes.drain(self.max_input_length..);
+		}
+
+        #[cfg(feature = "introspection")]
+        state.introspection_monitor_mut().finish_stage();
+		Ok(())
+    }
+}
+
+impl<E, EM, S, Z> QemuCaseMinimizerStage<E, EM, S, Z>
+where
+    S: HasClientPerfMonitor + HasCorpus<BytesInput> + HasRand,
+    Z: Evaluator<E, EM, BytesInput, S>,
+{
+    /// Creates a new default mutational stage
+    pub fn new(max: usize) -> Self {
+        Self {
+			max_input_length: max,
+            phantom: PhantomData,
+        }
+    }
+}