diff --git a/fuzzers/wcet_qemu_sys/src/system_trace.rs b/fuzzers/wcet_qemu_sys/src/system_trace.rs index ee955099ba..c511dc99cc 100644 --- a/fuzzers/wcet_qemu_sys/src/system_trace.rs +++ b/fuzzers/wcet_qemu_sys/src/system_trace.rs @@ -1,3 +1,4 @@ +use libafl_qemu::QemuClockObserver; use libafl::feedbacks::FeedbackState; use libafl::corpus::Testcase; use libafl::state::HasFeedbackStates; @@ -394,7 +395,7 @@ pub fn list_to_tcb_vec_owned(list: List_t, dump: &mut HashMap) #[derive(Serialize, Deserialize, Clone, Debug, Default)] pub struct SysStateFeedbackState { - known_traces: HashMap, + known_traces: HashMap, // encounters,ticks,length longest: Vec, } impl Named for SysStateFeedbackState @@ -440,6 +441,8 @@ where { let observer = observers.match_name::("sysstate") .expect("QemuSysStateObserver not found"); + let clock_observer = observers.match_name::("clock") //TODO not fixed + .expect("QemuSysStateObserver not found"); let feedbackstate = state .feedback_states_mut() .match_name_mut::("sysstate") @@ -449,19 +452,26 @@ where observer.last_run.hash(&mut hasher); let somehash = hasher.finish(); let mut is_novel = false; + let mut takes_longer = false; match feedbackstate.known_traces.get_mut(&somehash) { None => { is_novel = true; - feedbackstate.known_traces.insert(somehash,(1,observer.last_run.len())); + feedbackstate.known_traces.insert(somehash,(1,clock_observer.last_runtime(),observer.last_run.len())); + } + Some(s) => { + s.0+=1; + if s.1 < clock_observer.last_runtime() { + s.1 = clock_observer.last_runtime(); + takes_longer = true; + } } - Some(s) => s.0+=1, } if observer.last_run.len() > feedbackstate.longest.len() { feedbackstate.longest=observer.last_run.clone(); } self.last_trace = Some(observer.last_run.clone()); // if (!is_novel) { println!("not novel") }; - Ok(is_novel) + Ok(is_novel | takes_longer) } /// Append to the testcase the generated metadata in case of a new corpus item