SYS-OSS/FRET-LibAFL
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add clock count to systemstate feedback

Browse Source
This commit is contained in:
Alwin Berger 2022-02-22 00:10:17 +01:00
parent ffdaf22b1d
commit 53bd755647
1 changed files with 14 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
fuzzers/wcet_qemu_sys/src/system_trace.rs
View File

@ -1,3 +1,4 @@
use libafl_qemu::QemuClockObserver;
use libafl::feedbacks::FeedbackState; use libafl::feedbacks::FeedbackState;
use libafl::corpus::Testcase; use libafl::corpus::Testcase;
use libafl::state::HasFeedbackStates; use libafl::state::HasFeedbackStates;
@ -394,7 +395,7 @@ pub fn list_to_tcb_vec_owned(list: List_t, dump: &mut HashMap<u32,rtos_struct>)
#[derive(Serialize, Deserialize, Clone, Debug, Default)] #[derive(Serialize, Deserialize, Clone, Debug, Default)]
pub struct SysStateFeedbackState pub struct SysStateFeedbackState
{ {
known_traces: HashMap<u64,(u64,usize)>, known_traces: HashMap<u64,(u64,u64,usize)>, // encounters,ticks,length
longest: Vec<MiniFreeRTOSSystemState>, longest: Vec<MiniFreeRTOSSystemState>,
} }
impl Named for SysStateFeedbackState impl Named for SysStateFeedbackState
@ -440,6 +441,8 @@ where
{ {
let observer = observers.match_name::<QemuSysStateObserver>("sysstate") let observer = observers.match_name::<QemuSysStateObserver>("sysstate")
.expect("QemuSysStateObserver not found"); .expect("QemuSysStateObserver not found");
let clock_observer = observers.match_name::<QemuClockObserver>("clock") //TODO not fixed
.expect("QemuSysStateObserver not found");
let feedbackstate = state let feedbackstate = state
.feedback_states_mut() .feedback_states_mut()
.match_name_mut::<SysStateFeedbackState>("sysstate") .match_name_mut::<SysStateFeedbackState>("sysstate")
@ -449,19 +452,26 @@ where
observer.last_run.hash(&mut hasher); observer.last_run.hash(&mut hasher);
let somehash = hasher.finish(); let somehash = hasher.finish();
let mut is_novel = false; let mut is_novel = false;
let mut takes_longer = false;
match feedbackstate.known_traces.get_mut(&somehash) { match feedbackstate.known_traces.get_mut(&somehash) {
None => { None => {
is_novel = true; is_novel = true;
feedbackstate.known_traces.insert(somehash,(1,observer.last_run.len())); feedbackstate.known_traces.insert(somehash,(1,clock_observer.last_runtime(),observer.last_run.len()));
}
Some(s) => {
s.0+=1;
if s.1 < clock_observer.last_runtime() {
s.1 = clock_observer.last_runtime();
takes_longer = true;
}
} }
Some(s) => s.0+=1,
} }
if observer.last_run.len() > feedbackstate.longest.len() { if observer.last_run.len() > feedbackstate.longest.len() {
feedbackstate.longest=observer.last_run.clone(); feedbackstate.longest=observer.last_run.clone();
} }
self.last_trace = Some(observer.last_run.clone()); self.last_trace = Some(observer.last_run.clone());
// if (!is_novel) { println!("not novel") }; // if (!is_novel) { println!("not novel") };
Ok(is_novel) Ok(is_novel | takes_longer)
} }
/// Append to the testcase the generated metadata in case of a new corpus item /// Append to the testcase the generated metadata in case of a new corpus item