From 2dfb5f853d30d51d7c906e42437dfcad150c8823 Mon Sep 17 00:00:00 2001 From: Alwin Berger Date: Fri, 4 Jul 2025 07:30:01 +0000 Subject: [PATCH] reduce state space by ignoring lower priorities --- fuzzers/FRET/Cargo.toml | 3 ++- fuzzers/FRET/benchmark/Snakefile | 2 +- fuzzers/FRET/src/systemstate/stg.rs | 1 - .../src/systemstate/target_os/freertos/post_processing.rs | 7 +++++++ 4 files changed, 10 insertions(+), 3 deletions(-) diff --git a/fuzzers/FRET/Cargo.toml b/fuzzers/FRET/Cargo.toml index 8399b58f65..4924689b90 100644 --- a/fuzzers/FRET/Cargo.toml +++ b/fuzzers/FRET/Cargo.toml @@ -5,7 +5,7 @@ authors = ["Alwin Berger "] edition = "2021" [features] -default = ["std", "snapshot_fast", "restarting", "do_hash_notify_state", "do_hash_notify_value", "config_stg", "fuzz_int", "shortcut", "trace_job_response_times" ] +default = ["std", "snapshot_fast", "restarting", "do_hash_notify_state", "do_hash_notify_value", "config_stg", "fuzz_int", "shortcut", "trace_job_response_times", "observe_systemstate_unordered" ] std = [] # Exec environemnt basics snapshot_restore = [] @@ -19,6 +19,7 @@ shortcut = [] observe_edges = [] # observe cfg edges observe_hitcounts = [ "observe_edges" ] # reduces edge granularity observe_systemstate = [] +observe_systemstate_unordered = [] do_hash_notify_state = [] do_hash_notify_value = [] trace_job_response_times = [ "trace_stg" ] diff --git a/fuzzers/FRET/benchmark/Snakefile b/fuzzers/FRET/benchmark/Snakefile index 7e82fb3bd1..46d533b59c 100644 --- a/fuzzers/FRET/benchmark/Snakefile +++ b/fuzzers/FRET/benchmark/Snakefile @@ -2,7 +2,7 @@ import csv import os envvars: "BENCHDIR" -def_flags="--release --no-default-features --features std,snapshot_fast,restarting,do_hash_notify_state,do_hash_notify_value,fuzz_int,trace_job_response_times" +def_flags="--release --no-default-features --features std,snapshot_fast,restarting,do_hash_notify_state,do_hash_notify_value,fuzz_int,trace_job_response_times,observe_systemstate_unordered" benchdir=os.environ["BENCHDIR"] RUNTIME=(3600*24) diff --git a/fuzzers/FRET/src/systemstate/stg.rs b/fuzzers/FRET/src/systemstate/stg.rs index 84c40e5b32..2036667779 100644 --- a/fuzzers/FRET/src/systemstate/stg.rs +++ b/fuzzers/FRET/src/systemstate/stg.rs @@ -1,4 +1,3 @@ - use hashbrown::HashSet; use libafl::inputs::Input; /// Feedbacks organizing SystemStates as a graph diff --git a/fuzzers/FRET/src/systemstate/target_os/freertos/post_processing.rs b/fuzzers/FRET/src/systemstate/target_os/freertos/post_processing.rs index 026010c360..f90cbd51ac 100644 --- a/fuzzers/FRET/src/systemstate/target_os/freertos/post_processing.rs +++ b/fuzzers/FRET/src/systemstate/target_os/freertos/post_processing.rs @@ -94,6 +94,13 @@ pub(crate) fn refine_system_states( .collect(); collector.append(&mut tmp); } + #[cfg(feature = "observe_systemstate_unordered")] + { + // respect the order of the first ``lookahead`` tasks and sort the rest by task name + const lookahead : usize = 2; + collector.get_mut(lookahead..).map(|x| x.sort_by(|a, b| a.task_name.cmp(&b.task_name))); + + } // collect delay list let mut delay_list: Vec = tcb_list_to_vec_cached(i.delay_list, &mut i.dumping_ground)