add edge filter

fuzzers/FRET/Cargo.toml

@@ -34,7 +34,7 @@ sched_afl = []
 sched_stg = []
 # overall_configs
 config_genetic = ["gensize_100","feed_genetic","sched_genetic"]
-config_afl = ["feed_afl","sched_afl"]
+config_afl = ["feed_afl","sched_afl","observe_hitcounts"]
 config_frafl = ["feed_afl","sched_afl","feed_longest"]
 config_stg = ["feed_stg","sched_stg"]
 

fuzzers/FRET/src/fuzzer.rs

@@ -376,8 +376,9 @@ pub fn fuzz() {
     #[cfg(feature = "observe_systemstate")]
     let mut api_ranges = get_all_fn_symbol_ranges(&elf, api_range);
 
-    #[cfg(feature = "observe_systemstate")]
     let mut isr_ranges : HashMap<String,std::ops::Range<GuestAddr>> = systemstate::helpers::ISR_SYMBOLS.iter().filter_map(|x| (api_ranges.get(&x.to_string()).map(|y| (x.to_string(),y.clone())))).collect();
+    let denylist=isr_ranges.values().map(|x| x.clone()).collect();
+    let denylist = QemuInstrumentationFilter::DenyList(denylist); // do not count isr jumps, which are useless
     #[cfg(feature = "observe_systemstate")]
     let mut isr_addreses : HashMap<GuestAddr, String> = systemstate::helpers::ISR_SYMBOLS.iter().filter_map(|x| (api_ranges.remove(&x.to_string()).map(|y| (y.start,x.to_string())))).collect();
 
@@ -595,7 +596,7 @@ pub fn fuzz() {
         #[cfg(feature = "observe_systemstate")]
         let qhelpers = (QemuSystemStateHelper::new(api_addreses,api_ranges,isr_addreses,isr_ranges,curr_tcb_pointer,task_queue_addr,task_delay_addr,task_delay_overflow_addr,scheduler_lock,scheduler_running, critical_section,input_counter_ptr,app_range.clone()), qhelpers);
         #[cfg(feature = "observe_edges")]
-        let qhelpers = (QemuEdgeCoverageHelper::default(), qhelpers);
+        let qhelpers = (QemuEdgeCoverageHelper::new(denylist), qhelpers);
         let qhelpers = (QemuStateRestoreHelper::new(), qhelpers);
 
         let mut hooks = QemuHooks::new(emu.clone(),qhelpers);