trace_abbs and dump path

fuzzers/FRET/Cargo.toml

@@ -10,6 +10,7 @@ std = []
 snapshot_restore = []
 snapshot_fast = [ "snapshot_restore" ]
 singlecore = []
+trace_abbs = []
 systemstate = []
 systemgraph = [ "systemstate" ]
 systemtrace = [ "systemstate" ]

fuzzers/FRET/benchmark/Makefile

@@ -1,4 +1,4 @@
-TIME=5400
+TIME=7200
 
 corpora/%/seed:
 	mkdir -p $$(dirname $@)
@@ -24,7 +24,7 @@ timedump/%$(FUZZ_RANDOM)$(SUFFIX): corpora/%/seed
 	BREAKPOINT=$$(echo $$LINE | cut -d, -f5) \
 	SEED_RANDOM=1 \
 	TIME_DUMP=benchmark/$@ \
-	CASE_DUMP=benchmark/$@.case; \
+	CASE_DUMP=benchmark/$@; \
 	../fuzzer.sh + + + + + $(TIME) + + + > $@_log
 	#SEED_DIR=benchmark/corpora/$*
 

fuzzers/FRET/src/fuzzer.rs

@@ -28,7 +28,7 @@ use libafl::{
     stages::StdMutationalStage,
     state::{HasCorpus, StdState, HasMetadata, HasNamedMetadata},
     Error,
-    prelude::{SimpleMonitor, SimpleEventManager, AsMutSlice, RandBytesGenerator, Generator, SimpleRestartingEventManager, HasBytesVec}, Evaluator,
+    prelude::{SimpleMonitor, SimpleEventManager, AsMutSlice, RandBytesGenerator, Generator, SimpleRestartingEventManager, HasBytesVec, minimizer::TopRatedsMetadata}, Evaluator,
 };
 use libafl_qemu::{
     edges, edges::QemuEdgeCoverageHelper, elf::EasyElf, emu::Emulator, GuestPhysAddr, QemuExecutor,
@@ -404,7 +404,11 @@ pub fn fuzz() {
                             }
                         }
                         match worst_input {
-                            Some(wi) => {fs::write(&td,wi).expect("Failed to write worst corpus element");},
+                            Some(wi) => {
+                                let mut cd = String::from(&td);
+                                cd.push_str(".case");
+                                fs::write(&cd,wi).expect("Failed to write worst corpus element");
+                            },
                             None => (),
                         }
                         #[cfg(feature = "systemgraph")]
@@ -415,6 +419,16 @@ pub fn fuzz() {
                                 fs::write(&gd,ron::to_string(&md).expect("Failed to serialize graph")).expect("Failed to write graph");
                             }
                         }
+                        {
+                            let mut gd = String::from(&td);
+                            if let Some(md) = state.metadata_mut().get_mut::<TopRatedsMetadata>() {
+                                let mut uniq: Vec<usize> = md.map.values().map(|x| x.clone()).collect();
+                                uniq.sort();
+                                uniq.dedup();
+                                gd.push_str(&format!(".{}.toprated", uniq.len()));
+                                fs::write(&gd,ron::to_string(&md.map).expect("Failed to serialize metadata")).expect("Failed to write graph");
+                            }
+                        }
                     }
                 },
             }

fuzzers/FRET/src/systemstate/helpers.rs

@@ -69,6 +69,7 @@ where
         QT: QemuHelperTuple<S>,
     {
         _hooks.instruction(self.kerneladdr, exec_syscall_hook::<QT, S>, false);
+        #[cfg(feature = "trace_abbs")]
         _hooks.jmps(Some(gen_jmp_is_syscall::<QT, S>), Some(trace_api_call::<QT, S>));
     }