diff --git a/fuzzers/FRET/benchmark/Snakefile b/fuzzers/FRET/benchmark/Snakefile index d0464dfd76..0a800cc5b6 100644 --- a/fuzzers/FRET/benchmark/Snakefile +++ b/fuzzers/FRET/benchmark/Snakefile @@ -1,6 +1,6 @@ import csv import os -def_flags="--no-default-features --features std,snapshot_fast,singlecore,restarting,do_hash_notify_state,trace_job_response_times" +def_flags="--no-default-features --features std,snapshot_fast,singlecore,restarting,do_hash_notify_state,trace_job_response_times,fuzz_int" remote="remote/" RUNTIME=1800 TARGET_REPS_A=2 @@ -48,79 +48,24 @@ rule build_stgpath: shell: "cargo build --target-dir {output} {def_flags},feed_stg_abbhash,sched_stg_abbhash,mutate_stg" -rule build_showmap_int: - output: - directory("bins/target_showmap_int") - shell: - "cargo build --target-dir {output} {def_flags},config_stg,fuzz_int" - -rule build_random_int: - output: - directory("bins/target_random_int") - shell: - "cargo build --target-dir {output} {def_flags},feed_longest,fuzz_int" - - -rule build_frafl_int: - output: - directory("bins/target_frafl_int") - shell: - "cargo build --target-dir {output} {def_flags},config_frafl,fuzz_int" - -rule build_afl_int: - output: - directory("bins/target_afl_int") - shell: - "cargo build --target-dir {output} {def_flags},config_afl,fuzz_int," - -rule build_stg_int: - output: - directory("bins/target_stg_int") - shell: - "cargo build --target-dir {output} {def_flags},config_stg,fuzz_int" - -rule build_stgpath_int: - output: - directory("bins/target_stgpath_int") - shell: - "cargo build --target-dir {output} {def_flags},feed_stg_abbhash,sched_stg_abbhash,mutate_stg,fuzz_int" - rule build_feedgeneration1: output: directory("bins/target_feedgeneration1") shell: "cargo build --target-dir {output} {def_flags},feed_genetic,gensize_1" -rule build_feedgeneration1_int: - output: - directory("bins/target_feedgeneration1_int") - shell: - "cargo build --target-dir {output} {def_flags},feed_genetic,fuzz_int,gensize_1" - rule build_feedgeneration10: output: directory("bins/target_feedgeneration10") shell: "cargo build --target-dir {output} {def_flags},feed_genetic,gensize_10" -rule build_feedgeneration10_int: - output: - directory("bins/target_feedgeneration10_int") - shell: - "cargo build --target-dir {output} {def_flags},feed_genetic,fuzz_int,gensize_10" - rule build_feedgeneration100: output: directory("bins/target_feedgeneration100") shell: "cargo build --target-dir {output} {def_flags},config_genetic,gensize_100" -rule build_feedgeneration100_int: - output: - directory("bins/target_feedgeneration100_int") - shell: - "cargo build --target-dir {output} {def_flags},config_genetic,fuzz_int,gensize_100" - rule run_bench: input: "build/{target}.elf", @@ -163,7 +108,6 @@ rule run_showmap: input: "{remote}build/{target}.elf", "bins/target_showmap", - "bins/target_showmap_int", "{remote}timedump/{fuzzer}/{target}#{num}.case" output: "{remote}timedump/{fuzzer}/{target}#{num}_case.trace.ron", @@ -180,16 +124,12 @@ rule run_showmap: fuzz_len=line['input_size'] bkp=line['return_function'] select_task=line['select_task'] - script="" - if wildcards.fuzzer.find('_int') > -1: - script="export FUZZER=$(pwd)/{input[2]}/debug/fret\n" - else: - script="export FUZZER=$(pwd)/{input[1]}/debug/fret\n" script+=""" + export FUZZER=$(pwd)/{input[1]}/debug/fret mkdir -p $(dirname {output}) set +e - echo $FUZZER -n $(pwd)/{remote}/timedump/{wildcards.fuzzer}/{wildcards.target}#{wildcards.num}_case -s {select_task} -t -a -r -g -k {input[0]} -c ./target_symbols.csv showmap -i {input[3]} - $FUZZER -n $(pwd)/{remote}/timedump/{wildcards.fuzzer}/{wildcards.target}#{wildcards.num}_case -s {select_task} -t -a -r -g -k {input[0]} -c ./target_symbols.csv showmap -i {input[3]} + echo $FUZZER -n $(pwd)/{remote}/timedump/{wildcards.fuzzer}/{wildcards.target}#{wildcards.num}_case -s {select_task} -t -a -r -g -k {input[0]} -c ./target_symbols.csv showmap -i {input[2]} + $FUZZER -n $(pwd)/{remote}/timedump/{wildcards.fuzzer}/{wildcards.target}#{wildcards.num}_case -s {select_task} -t -a -r -g -k {input[0]} -c ./target_symbols.csv showmap -i {input[2]} exit 0 """ if wildcards.fuzzer.find('random') >= 0: @@ -220,7 +160,7 @@ rule all_main: rule all_main_int: input: - expand("timedump/{fuzzer}/{target}.{num}", fuzzer=['random_int','afl_int','feedgeneration10_int','state_int'], target=['waters_int','watersv2_int'],num=range(0,4)) + expand("timedump/{fuzzer}/{target}.{num}", fuzzer=['random','afl','feedgeneration10','state'], target=['waters_int','watersv2_int'],num=range(0,4)) rule all_compare_feedgeneration: input: @@ -228,7 +168,7 @@ rule all_compare_feedgeneration: rule all_compare_feedgeneration_int: input: - expand("timedump/{fuzzer}/{target}.{num}", fuzzer=['feedgeneration1_int','feedgeneration10_int','feedgeneration100_int'], target=['waters_int','watersv2_int'],num=range(0,10)) + expand("timedump/{fuzzer}/{target}.{num}", fuzzer=['feedgeneration1','feedgeneration10','feedgeneration100'], target=['waters_int','watersv2_int'],num=range(0,10)) rule all_compare_afl: input: @@ -236,7 +176,7 @@ rule all_compare_afl: rule all_compare_afl_int: input: - expand("timedump/{fuzzer}/{target}.{num}", fuzzer=['afl_int','frafl_int','feedlongest_int'], target=['waters_int','watersv2_int'],num=range(0,10)) + expand("timedump/{fuzzer}/{target}.{num}", fuzzer=['afl','frafl','feedlongest'], target=['waters_int','watersv2_int'],num=range(0,10)) rule all_images: input: @@ -244,35 +184,35 @@ rule all_images: rule all_images_int: input: - expand("{remote}timedump/{fuzzer}/{target}.{num}.trace.csv.png",remote=remote, fuzzer=['frafl_int','feedgeneration10_int','state_int'], target=['waters_int'],num=range(0,3)) + expand("{remote}timedump/{fuzzer}/{target}.{num}.trace.csv.png",remote=remote, fuzzer=['frafl','feedgeneration10','state'], target=['waters_int'],num=range(0,3)) rule clusterfuzz: input: expand("timedump/{fuzzer}/{target}.{num}", fuzzer=['random','afl','feedgeneration10','state'], target=['waters','watersv2'],num=MY_RANGE_A), - expand("timedump/{fuzzer}/{target}.{num}", fuzzer=['random_int','afl_int','feedgeneration10_int','state_int'], target=['waters_int','watersv2_int'],num=MY_RANGE_A), + expand("timedump/{fuzzer}/{target}.{num}", fuzzer=['random','afl','feedgeneration10','state'], target=['waters_int','watersv2_int'],num=MY_RANGE_A), expand("timedump/{fuzzer}/{target}.{num}", fuzzer=['feedgeneration1','feedgeneration10','feedgeneration100'], target=['waters_int','watersv2'],num=MY_RANGE_B), - expand("timedump/{fuzzer}/{target}.{num}", fuzzer=['feedgeneration1_int','feedgeneration10_int','feedgeneration100_int'], target=['waters_int','watersv2_int'],num=MY_RANGE_B), + expand("timedump/{fuzzer}/{target}.{num}", fuzzer=['feedgeneration1','feedgeneration10','feedgeneration100'], target=['waters_int','watersv2_int'],num=MY_RANGE_B), expand("timedump/{fuzzer}/{target}.{num}", fuzzer=['afl','frafl','feedlongest'], target=['waters','watersv2'],num=MY_RANGE_B), - expand("timedump/{fuzzer}/{target}.{num}", fuzzer=['afl_int','frafl_int','feedlongest_int'], target=['waters_int','watersv2_int'],num=MY_RANGE_B), + expand("timedump/{fuzzer}/{target}.{num}", fuzzer=['afl','frafl','feedlongest'], target=['waters_int','watersv2_int'],num=MY_RANGE_B), rule all_new: input: expand("timedump/{fuzzer}/{target}#{num}.time", fuzzer=['feedgeneration100', 'frafl', 'stg'], target=['waters', 'watersv2', 'waterspart', 'waterspartv2'],num=range(0,2)), - expand("timedump/{fuzzer}/{target}#{num}.time", fuzzer=['feedgeneration100_int', 'frafl_int', 'stg_int'], target=['waters_int', 'watersv2_int', 'waterspart_int', 'waterspartv2_int'],num=range(0,2)), + expand("timedump/{fuzzer}/{target}#{num}.time", fuzzer=['feedgeneration100', 'frafl', 'stg'], target=['waters_int', 'watersv2_int', 'waterspart_int', 'waterspartv2_int'],num=range(0,2)), # expand("timedump/{fuzzer}/{target}#{num}.time", fuzzer=['random', 'stgpath'], target=['waters', 'watersv2'],num=range(0,3)), # expand("timedump/{fuzzer}/{target}#{num}.time", fuzzer=['random_int', 'stgpath_int'], target=['waters_int', 'watersv2_int'],num=range(0,3)) rule all_showmap: input: expand("{remote}timedump/{fuzzer}/{target}#{num}_case.trace.ron",remote=remote, fuzzer=['frafl', 'stg'], target=['watersv2'],num=range(2,3)), - expand("{remote}timedump/{fuzzer}/{target}#{num}_case.trace.ron",remote=remote, fuzzer=['frafl_int', 'stg_int'], target=['watersv2_int'],num=range(0,3)), + expand("{remote}timedump/{fuzzer}/{target}#{num}_case.trace.ron",remote=remote, fuzzer=['frafl', 'stg'], target=['watersv2_int'],num=range(0,3)), expand("{remote}timedump/{fuzzer}/{target}#{num}_case.trace.ron",remote=remote, fuzzer=['random', 'stgpath'], target=['watersv2'],num=range(0,1)), - expand("{remote}timedump/{fuzzer}/{target}#{num}_case.trace.ron",remote=remote, fuzzer=['random_int', 'stgpath_int'], target=['watersv2_int'],num=range(0,1)) + expand("{remote}timedump/{fuzzer}/{target}#{num}_case.trace.ron",remote=remote, fuzzer=['random', 'stgpath'], target=['watersv2_int'],num=range(0,1)) rule quicktest: input: - expand("timedump/{fuzzer}/{target}#{num}.time", fuzzer=['feedgeneration100_int', 'frafl_int', 'stg_int'], target=['release'],num=range(0,1)), - expand("timedump/{fuzzer}/{target}#{num}.time", fuzzer=['random_int', 'stgpath_int'], target=['release'],num=range(0,1)) + expand("timedump/{fuzzer}/{target}#{num}.time", fuzzer=['feedgeneration100', 'frafl', 'stg'], target=['release'],num=range(0,1)), + expand("timedump/{fuzzer}/{target}#{num}.time", fuzzer=['random', 'stgpath'], target=['release'],num=range(0,1)) diff --git a/fuzzers/FRET/benchmark/build_all_bins.sh b/fuzzers/FRET/benchmark/build_all_bins.sh index 6aa040c771..97348af343 100644 --- a/fuzzers/FRET/benchmark/build_all_bins.sh +++ b/fuzzers/FRET/benchmark/build_all_bins.sh @@ -6,15 +6,7 @@ cargo build --target-dir ./bins/target_frafl ${def_flags},config_frafl,feed_long cargo build --target-dir ./bins/target_afl ${def_flags},config_afl,observe_hitcounts cargo build --target-dir ./bins/target_stg ${def_flags},config_stg cargo build --target-dir ./bins/target_stgpath ${def_flags},feed_stg_abbhash,sched_stg_abbhash,mutate_stg -cargo build --target-dir ./bins/target_showmap_int ${def_flags},config_stg,fuzz_int -cargo build --target-dir ./bins/target_random_int ${def_flags},feed_longest,fuzz_int -cargo build --target-dir ./bins/target_afl_int ${def_flags},config_frafl,fuzz_int -cargo build --target-dir ./bins/target_stg_int ${def_flags},config_stg,fuzz_int -cargo build --target-dir ./bins/target_stgpath_int ${def_flags},feed_stg_abbhash,sched_stg_abbhash,mutate_stg,fuzz_int cargo build --target-dir ./bins/target_feedgeneration1 ${def_flags},feed_genetic,gensize_1 -cargo build --target-dir ./bins/target_feedgeneration1_int ${def_flags},feed_genetic,fuzz_int,gensize_1 cargo build --target-dir ./bins/target_feedgeneration10 ${def_flags},feed_genetic,gensize_10 -cargo build --target-dir ./bins/target_feedgeneration10_int ${def_flags},feed_genetic,fuzz_int,gensize_10 cargo build --target-dir ./bins/target_feedgeneration100 ${def_flags},feed_genetic,gensize_100 -cargo build --target-dir ./bins/target_feedgeneration100_int ${def_flags},feed_genetic,fuzz_int,gensize_100 diff --git a/fuzzers/FRET/benchmark/target_symbols.csv b/fuzzers/FRET/benchmark/target_symbols.csv index 0aa5ba0260..1025290423 100644 --- a/fuzzers/FRET/benchmark/target_symbols.csv +++ b/fuzzers/FRET/benchmark/target_symbols.csv @@ -1,34 +1,34 @@ kernel,main_function,input_symbol,input_size,return_function,select_task,interrupts -mpeg2,mpeg2_main,mpeg2_oldorgframe,90112,mpeg2_return,NONE,0#1000 -audiobeam,audiobeam_main,audiobeam_input,11520,audiobeam_return,NONE,0#1000 -epic,epic_main,epic_image,4096,epic_return,NONE,0#1000 -dijkstra,dijkstra_main,dijkstra_AdjMatrix,10000,dijkstra_return,NONE,0#1000 -fft,fft_main,fft_twidtable,2046,fft_return,NONE,0#1000 -bsort,bsort_main,bsort_Array,400,bsort_return,NONE,0#1000 -insertsort,insertsort_main,insertsort_a,400,insertsort_return,NONE,0#1000 -g723_enc,g723_enc_main,g723_enc_INPUT,1024,g723_enc_return,NONE,0#1000 -rijndael_dec,rijndael_dec_main,rijndael_dec_data,32768,rijndael_dec_return,NONE,0#1000 -rijndael_enc,rijndael_enc_main,rijndael_enc_data,31369,rijndael_enc_return,NONE,0#1000 -huff_dec,huff_dec_main,huff_dec_encoded,419,huff_dec_return,NONE,0#1000 -huff_enc,huff_enc_main,huff_enc_plaintext,600,huff_enc_return,NONE,0#1000 -gsm_enc,gsm_enc_main,gsm_enc_pcmdata,6400,gsm_enc_return,NONE,0#1000 -tmr,main,FUZZ_INPUT,32,trigger_Qemu_break,NONE,0#1000 -tacle_rtos,prvStage0,FUZZ_INPUT,604,trigger_Qemu_break,NONE,0#1000 -lift,main_lift,FUZZ_INPUT,100,trigger_Qemu_break,NONE,0#1000 -waters,main_waters,FUZZ_INPUT,4096,trigger_Qemu_break,1129,0#1000 -watersv2,main_waters,FUZZ_INPUT,4096,trigger_Qemu_break,1129,0#1000 -waterspart,main_waters,FUZZ_INPUT,4096,trigger_Qemu_break,1129,0#1000 -waterspartv2,main_waters,FUZZ_INPUT,4096,trigger_Qemu_break,1129,0#1000 +mpeg2,mpeg2_main,mpeg2_oldorgframe,90112,mpeg2_return,NONE, +audiobeam,audiobeam_main,audiobeam_input,11520,audiobeam_return,NONE, +epic,epic_main,epic_image,4096,epic_return,NONE, +dijkstra,dijkstra_main,dijkstra_AdjMatrix,10000,dijkstra_return,NONE, +fft,fft_main,fft_twidtable,2046,fft_return,NONE, +bsort,bsort_main,bsort_Array,400,bsort_return,NONE, +insertsort,insertsort_main,insertsort_a,400,insertsort_return,NONE, +g723_enc,g723_enc_main,g723_enc_INPUT,1024,g723_enc_return,NONE, +rijndael_dec,rijndael_dec_main,rijndael_dec_data,32768,rijndael_dec_return,NONE, +rijndael_enc,rijndael_enc_main,rijndael_enc_data,31369,rijndael_enc_return,NONE, +huff_dec,huff_dec_main,huff_dec_encoded,419,huff_dec_return,NONE, +huff_enc,huff_enc_main,huff_enc_plaintext,600,huff_enc_return,NONE, +gsm_enc,gsm_enc_main,gsm_enc_pcmdata,6400,gsm_enc_return,NONE, +tmr,main,FUZZ_INPUT,32,trigger_Qemu_break,NONE, +tacle_rtos,prvStage0,FUZZ_INPUT,604,trigger_Qemu_break,NONE, +lift,main_lift,FUZZ_INPUT,100,trigger_Qemu_break,NONE, +waters,main_waters,FUZZ_INPUT,4096,trigger_Qemu_break,1129, +watersv2,main_waters,FUZZ_INPUT,4096,trigger_Qemu_break,1129, +waterspart,main_waters,FUZZ_INPUT,4096,trigger_Qemu_break,1129, +waterspartv2,main_waters,FUZZ_INPUT,4096,trigger_Qemu_break,1129, waters_int,main_waters,FUZZ_INPUT,4096,trigger_Qemu_break,1129,0#1000 watersv2_int,main_waters,FUZZ_INPUT,4096,trigger_Qemu_break,1129,0#1000 waterspart_int,main_waters,FUZZ_INPUT,4096,trigger_Qemu_break,1129,0#1000 waterspartv2_int,main_waters,FUZZ_INPUT,4096,trigger_Qemu_break,1129,0#1000 -micro_branchless,main_branchless,FUZZ_INPUT,4,trigger_Qemu_break,NONE,0#1000 +micro_branchless,main_branchless,FUZZ_INPUT,4,trigger_Qemu_break,NONE, micro_int,main_int,FUZZ_INPUT,16,trigger_Qemu_break,NONE,0#1000 micro_longint,main_micro_longint,FUZZ_INPUT,16,trigger_Qemu_break,NONE,0#1000 minimal,main_minimal,FUZZ_INPUT,4096,trigger_Qemu_break,NONE,0#1000 gen3,main_minimal,FUZZ_INPUT,4096,trigger_Qemu_break,NONE,0#1000 -interact,main_interact,FUZZ_INPUT,4096,trigger_Qemu_break,NONE,0#1000 +interact,main_interact,FUZZ_INPUT,4096,trigger_Qemu_break,NONE, interact_int,main_interact,FUZZ_INPUT,4096,trigger_Qemu_break,NONE,0#1000 -release,main_release,FUZZ_INPUT,4096,trigger_Qemu_break,T3,0#10000;1#1000;2#2000;3#3000 +release,main_release,FUZZ_INPUT,4096,trigger_Qemu_break,T3,0#10000;1#5000;2#2000;3#3000 diff --git a/fuzzers/FRET/src/systemstate/mutational.rs b/fuzzers/FRET/src/systemstate/mutational.rs index 1f5187d486..71f4909e4e 100644 --- a/fuzzers/FRET/src/systemstate/mutational.rs +++ b/fuzzers/FRET/src/systemstate/mutational.rs @@ -131,6 +131,7 @@ where state: &mut Self::State, manager: &mut EM ) -> Result<(), Error> { + if self.interrup_config.len() == 0 {return Ok(());} // configuration implies no interrupts let mut myrand = StdRand::new(); myrand.set_seed(state.rand_mut().next());