From 288abeb6bf33976ea45c6987d826b9f415832b3a Mon Sep 17 00:00:00 2001
From: Alwin Berger <alwin.berger@tu-dortmund.de>
Date: Fri, 6 Sep 2024 08:38:30 +0200
Subject: [PATCH] prepare multiple interrupt sources

---
 fuzzers/FRET/src/fuzzer.rs                | 11 ++++++-----
 fuzzers/FRET/src/systemstate/helpers.rs   |  5 ++++-
 fuzzers/FRET/src/systemstate/observers.rs |  7 ++++---
 3 files changed, 14 insertions(+), 9 deletions(-)

diff --git a/fuzzers/FRET/src/fuzzer.rs b/fuzzers/FRET/src/fuzzer.rs
index 756f10864b..331045b553 100644
--- a/fuzzers/FRET/src/fuzzer.rs
+++ b/fuzzers/FRET/src/fuzzer.rs
@@ -41,6 +41,7 @@ pub static mut RNG_SEED: u64 = 1;
 pub const FIRST_INT : u32 = 200000;
 
 pub const MAX_NUM_INTERRUPT: usize = 128;
+pub const NUM_INTERRUPT_SOURCES: usize = 6; // Keep in sync with qemu-libafl-bridge/hw/timer/armv7m_systick.c:319 and  FreeRTOS/FreeRTOS/Demo/CORTEX_M3_MPS2_QEMU_GCC/init/startup.c:216
 pub const DO_NUM_INTERRUPT: usize = 128;
 pub static mut MAX_INPUT_SIZE: usize = 32;
 
@@ -70,8 +71,8 @@ return api_addreses;
 
 #[allow(unused)]
 extern "C" {
-static mut libafl_interrupt_offsets : [u32; MAX_NUM_INTERRUPT];
-static mut libafl_num_interrupts : usize;
+static mut libafl_interrupt_offsets : [[u32; MAX_NUM_INTERRUPT]; NUM_INTERRUPT_SOURCES];
+static mut libafl_num_interrupts : [usize; NUM_INTERRUPT_SOURCES];
 }
 
 
@@ -229,7 +230,7 @@ let breakpoint = elf
     .expect("Symbol or env BREAKPOINT not found");
 println!("Breakpoint address = {:#x}", breakpoint);
 unsafe {
-    libafl_num_interrupts = 0;
+    libafl_num_interrupts = [0; NUM_INTERRUPT_SOURCES];
 }
 
 if let Ok(input_len) = env::var("FUZZ_INPUT_LEN") {
@@ -332,8 +333,8 @@ let run_client = |state: Option<_>, mut mgr, _core_id| {
             {
                 let time_bytes = input.parts_by_name("interrupts").next().map(|x| x.1.bytes()).unwrap_or(&[0u8; MAX_NUM_INTERRUPT*4]);
                 let t = input_bytes_to_interrupt_times(time_bytes);
-                for i in 0..t.len() {libafl_interrupt_offsets[i]=t[i];}
-                libafl_num_interrupts=t.len();
+                for i in 0..t.len() {libafl_interrupt_offsets[0][i]=t[i];}
+                libafl_num_interrupts[0]=t.len();
 
                 // println!("Load: {:?}", libafl_interrupt_offsets[0..libafl_num_interrupts].to_vec());
             }
diff --git a/fuzzers/FRET/src/systemstate/helpers.rs b/fuzzers/FRET/src/systemstate/helpers.rs
index f3716fb6c3..069d58a75f 100644
--- a/fuzzers/FRET/src/systemstate/helpers.rs
+++ b/fuzzers/FRET/src/systemstate/helpers.rs
@@ -29,7 +29,10 @@ use super::CaptureEvent;
 
 pub const ISR_SYMBOLS : &'static [&'static str] = &[
 // ISRs
-"Reset_Handler","Default_Handler","Default_Handler2","Default_Handler3","Default_Handler4","Default_Handler5","Default_Handler6","vPortSVCHandler","xPortPendSVHandler","xPortSysTickHandler","isr_starter"
+"Reset_Handler","Default_Handler","Default_Handler2","Default_Handler3","Default_Handler4","Default_Handler5","Default_Handler6","vPortSVCHandler","xPortPendSVHandler","xPortSysTickHandler","ISR_0_Handler", "ISR_1_Handler", "ISR_2_Handler", "ISR_3_Handler", "ISR_4_Handler", "ISR_5_Handler", "ISR_6_Handler", "ISR_7_Handler", "ISR_8_Handler", "ISR_9_Handler", "ISR_10_Handler", "ISR_11_Handler", "ISR_12_Handler", "ISR_13_Handler"
+];
+pub const USR_ISR_SYMBOLS : &'static [&'static str] = &[
+    "ISR_0_Handler", "ISR_1_Handler", "ISR_2_Handler", "ISR_3_Handler", "ISR_4_Handler", "ISR_5_Handler", "ISR_6_Handler", "ISR_7_Handler", "ISR_8_Handler", "ISR_9_Handler", "ISR_10_Handler", "ISR_11_Handler", "ISR_12_Handler", "ISR_13_Handler"
 ];
 
 /// Read ELF program headers to resolve physical load addresses.
diff --git a/fuzzers/FRET/src/systemstate/observers.rs b/fuzzers/FRET/src/systemstate/observers.rs
index 69319d1d47..1ce1f552f4 100644
--- a/fuzzers/FRET/src/systemstate/observers.rs
+++ b/fuzzers/FRET/src/systemstate/observers.rs
@@ -16,6 +16,7 @@ use std::cell::RefCell;
 use std::collections::VecDeque;
 use std::borrow::Cow;
 
+use super::helpers::USR_ISR_SYMBOLS;
 use super::{ AtomicBasicBlock, ExecInterval};
 use super::{
     CURRENT_SYSTEMSTATE_VEC,
@@ -233,7 +234,7 @@ fn get_releases(trace: &Vec<ExecInterval>, states: &HashMap<u64, ReducedFreeRTOS
             });
             continue;
         }
-        if i.start_capture.0 == CaptureEvent::ISRStart && ( i.start_capture.1 == "xPortSysTickHandler" || i.start_capture.1 == "isr_starter" ) {
+        if i.start_capture.0 == CaptureEvent::ISRStart && ( i.start_capture.1 == "xPortSysTickHandler" || USR_ISR_SYMBOLS.contains(&i.start_capture.1.as_str()) ) {
             // detect race-conditions, get start adn end state from the nearest valid intervals
             if states.get(&i.start_state).map(|x| x.read_invalid).unwrap_or(true) {
                 let mut start_index=None;
@@ -411,7 +412,7 @@ fn states2intervals(trace: Vec<ReducedFreeRTOSSystemState>, meta: Vec<(u64, Capt
             },
             CaptureEvent::ISRStart => {
                 // special case for isrs which do not capture their end
-                // if meta[i].2 == "isr_starter" {
+                // if meta[i].2 == "ISR_0_Handler" {
                 //     &2
                 // } else {
                 // regular case
@@ -564,7 +565,7 @@ fn add_abb_info(trace: &mut Vec<ExecInterval>, table: &HashMap<u64, ReducedFreeR
 //     for i in meta.iter_mut() {
 //         if i.1 == CaptureEvent::APIStart && i.2.ends_with("FromISR") {
 //             i.1 = CaptureEvent::ISREnd;
-//             i.2 = "isr_starter".to_string();
+//             i.2 = "ISR_0_Handler".to_string();
 //         }
 //     }
 // }