add clock count to systemstate feedback

2022-02-22 00:10:17 +01:00 · 2022-02-22 00:10:17 +01:00 · 53bd755647
commit 53bd755647
parent ffdaf22b1d
1 changed files with 14 additions and 4 deletions
--- a/fuzzers/wcet_qemu_sys/src/system_trace.rs
+++ b/fuzzers/wcet_qemu_sys/src/system_trace.rs
@ -1,3 +1,4 @@
+use libafl_qemu::QemuClockObserver;
 use libafl::feedbacks::FeedbackState;
 use libafl::corpus::Testcase;
 use libafl::state::HasFeedbackStates;
@ -394,7 +395,7 @@ pub fn list_to_tcb_vec_owned(list: List_t, dump: &mut HashMap<u32,rtos_struct>)
 #[derive(Serialize, Deserialize, Clone, Debug, Default)]
 pub struct SysStateFeedbackState
 {
-    known_traces: HashMap<u64,(u64,usize)>,
+    known_traces: HashMap<u64,(u64,u64,usize)>, // encounters,ticks,length
    longest: Vec<MiniFreeRTOSSystemState>,
 }
 impl Named for SysStateFeedbackState
@ -440,6 +441,8 @@ where
    {
        let observer = observers.match_name::<QemuSysStateObserver>("sysstate")
            .expect("QemuSysStateObserver not found");
+        let clock_observer = observers.match_name::<QemuClockObserver>("clock")  //TODO not fixed
+            .expect("QemuSysStateObserver not found");
        let feedbackstate = state
            .feedback_states_mut()
            .match_name_mut::<SysStateFeedbackState>("sysstate")
@ -449,19 +452,26 @@ where
        observer.last_run.hash(&mut hasher);
        let somehash = hasher.finish();
        let mut is_novel = false;
+        let mut takes_longer = false;
        match feedbackstate.known_traces.get_mut(&somehash) {
            None => {
                is_novel = true;
-                feedbackstate.known_traces.insert(somehash,(1,observer.last_run.len()));
+                feedbackstate.known_traces.insert(somehash,(1,clock_observer.last_runtime(),observer.last_run.len()));
+            }
+            Some(s) => {
+                s.0+=1;
+                if s.1 < clock_observer.last_runtime() {
+                    s.1 = clock_observer.last_runtime();
+                    takes_longer = true;
+                }
            }
-            Some(s) => s.0+=1,
        }
        if observer.last_run.len() > feedbackstate.longest.len() {
            feedbackstate.longest=observer.last_run.clone();
        }
        self.last_trace = Some(observer.last_run.clone());
        // if (!is_novel) { println!("not novel") };
-        Ok(is_novel)
+        Ok(is_novel | takes_longer)
    }

    /// Append to the testcase the generated metadata in case of a new corpus item