fast snapshots by default

fuzzers/FRET/Cargo.toml

@@ -5,7 +5,7 @@ authors = ["Alwin Berger <alwin.berger@tu-dortmund.de>"]
 edition = "2021"
 
 [features]
-default = ["std", "snapshot_restore", "singlecore", "restarting", "do_hash_notify_state", "config_stg", "fuzz_int" ]
+default = ["std", "snapshot_restore", "snapshot_fast", "singlecore", "restarting", "do_hash_notify_state", "config_stg", "fuzz_int" ]
 std = []
 # Exec environemnt basics
 snapshot_restore = []

fuzzers/FRET/src/fuzzer.rs

@@ -423,20 +423,27 @@ let mut run_client = |state: Option<_>, mut mgr, _core_id| {
         // "-semihosting",
         // "--semihosting-config",
         // "enable=on,target=native",
-        // "-snapshot",
+        #[cfg(not(feature = "snapshot_fast"))]
-        // "-drive",
+        "-snapshot",
-        // "if=none,format=qcow2,file=dummy.qcow2",
+        #[cfg(not(feature = "snapshot_fast"))]
+        "-drive",
+        #[cfg(not(feature = "snapshot_fast"))]
+        "if=none,format=qcow2,file=dummy.qcow2",
     ].into_iter().map(String::from).collect();
     let env: Vec<(String, String)> = env::vars().collect();
     let emu = Qemu::init(&args, &env).expect("Emulator creation failed");
 
-    // if let Some(main_addr) = main_addr {
+    if let Some(main_addr) = main_addr {
-    //     unsafe {
+        unsafe {
-    //         emu.set_breakpoint(main_addr);
+            libafl_qemu::sys::libafl_qemu_set_native_breakpoint(main_addr as u64);
-    //         emu.run();
+            emu.run();
-    //         emu.remove_breakpoint(main_addr);
+            libafl_qemu::sys::libafl_qemu_remove_native_breakpoint(main_addr as u64);
-    //     }
+        }
-    // }
+    }
+    #[cfg(feature = "snapshot_fast")]
+    let initial_snap = Some(emu.create_fast_snapshot(true));
+    #[cfg(not(feature = "snapshot_fast"))]
+    let initial_snap = None;
 
     unsafe { emu.set_breakpoint(breakpoint); }// BREAKPOINT 
 
@@ -590,7 +597,7 @@ let mut run_client = |state: Option<_>, mut mgr, _core_id| {
         let qhelpers = (QemuSystemStateHelper::new(api_addreses,api_ranges,isr_addreses,isr_ranges,curr_tcb_pointer,task_queue_addr,task_delay_addr,task_delay_overflow_addr,scheduler_lock,scheduler_running, critical_section,input_counter_ptr,app_range.clone()), qhelpers);
         #[cfg(feature = "observe_edges")]
         let qhelpers = (QemuEdgeCoverageHelper::new(denylist, QemuFilterList::None), qhelpers);
-        let qhelpers = (QemuStateRestoreHelper::new(), qhelpers);
+        let qhelpers = (QemuStateRestoreHelper::with_fast(initial_snap), qhelpers);
 
         let mut hooks = QemuHooks::new(emu.clone(),qhelpers);
 

fuzzers/FRET/src/qemustate.rs

@@ -16,7 +16,6 @@ use libafl_qemu::{
 #[derive(Debug)]
 pub struct QemuStateRestoreHelper {
     has_snapshot: bool,
-    use_snapshot: bool,
     saved_cpu_states: Vec<CPUArchState>,
     fastsnap: Option<FastSnapshotPtr>
 }
@@ -26,11 +25,15 @@ impl QemuStateRestoreHelper {
     pub fn new() -> Self {
         Self {
             has_snapshot: false,
-            use_snapshot: true,
             saved_cpu_states: vec![],
             fastsnap: None
         }
     }
+    pub fn with_fast(fastsnap: Option<FastSnapshotPtr>) -> Self {
+        let mut r = Self::new();
+        r.fastsnap = fastsnap;
+        r
+    }
 }
 
 impl Default for QemuStateRestoreHelper {