switch to simple stages

fuzzers/wcet_qemu_sys/src/bin/fuzzer.rs

@@ -1,5 +1,6 @@
 //! A singlethreaded QEMU fuzzer that can auto-restart.
 
+use libafl::corpus::QueueCorpusScheduler;
 use libafl_qemu::QemuInstrumentationFilter;
 use wcet_qemu_sys::sysstate::helpers::QemuSystemStateHelper;
 use wcet_qemu_sys::sysstate::observers::QemuSysStateObserver;
@@ -126,6 +127,11 @@ pub fn main() {
                 .long("libafl-edges")
                 .takes_value(true),
         )
+        .arg(
+            Arg::new("traces")
+                .long("libafl-traces")
+                .takes_value(true),
+        )
         .arg(
             Arg::new("snapshot")
                 .help("The qcow2 file used for snapshots")
@@ -190,9 +196,14 @@ pub fn main() {
         None => None
     };
 
+    let traces = match res.value_of("traces") {
+        Some(st) => Some(PathBuf::from(st.to_string())),
+        None => None
+    };
+
     let snapshot = PathBuf::from(res.value_of("snapshot").unwrap().to_string());
 
-    fuzz(out_dir, crashes, in_dir, tokens, logfile, timeout, kernel, edges, snapshot)
+    fuzz(out_dir, crashes, in_dir, tokens, logfile, timeout, kernel, edges, traces, snapshot)
         .expect("An error occurred while fuzzing");
 }
 
@@ -216,9 +227,10 @@ fn fuzz(
     seed_dir: PathBuf,
     tokenfile: Option<PathBuf>,
     logfile: PathBuf,
-    timeout: Duration,
+    _timeout: Duration,
     kernel: PathBuf,
     dump_edges: Option<PathBuf>,
+    dump_traces: Option<PathBuf>,
     snapshot: PathBuf,
 ) -> Result<(), Error> {
     env::remove_var("LD_LIBRARY_PATH");
@@ -351,19 +363,20 @@ fn fuzz(
         )
     });
 
-    let calibration = CalibrationStage::new(&mut state, &edges_observer);
+    // let calibration = CalibrationStage::new(&mut state, &edges_observer);
 
     // Setup a randomic Input2State stage
-    let i2s = StdMutationalStage::new(StdScheduledMutator::new(tuple_list!(I2SRandReplace::new())));
+    // let i2s = StdMutationalStage::new(StdScheduledMutator::new(tuple_list!(I2SRandReplace::new())));
 
     // Setup a MOPT mutator
     let mutator = StdMOptMutator::new(&mut state, havoc_mutations().merge(tokens_mutations()), 5)?;
 
-    let power = PowerMutationalStage::new(mutator, PowerSchedule::FAST, &edges_observer);
+    // let power = PowerMutationalStage::new(mutator, PowerSchedule::FAST, &edges_observer);
+    let mutation = StdMutationalStage::new(mutator);
 
     // A minimization+queue policy to get testcasess from the corpus
     // let scheduler = IndexesLenTimeMinimizerCorpusScheduler::new(PowerQueueCorpusScheduler::new());
-    let scheduler = LenTimeMaximizerCorpusScheduler::new(PowerQueueCorpusScheduler::new());
+    let scheduler = QueueCorpusScheduler::new();
     
 
     // A fuzzer with feedbacks and a corpus scheduler
@@ -390,7 +403,7 @@ fn fuzz(
     };
 
     let system_state_filter = QemuInstrumentationFilter::AllowList(vec![svh..svh+1]);
-    let executor = QemuExecutor::new(
+    let mut executor = QemuExecutor::new(
         &mut harness,
         &emu,
         tuple_list!(
@@ -407,9 +420,9 @@ fn fuzz(
     )?;
 
     // Create the executor for an in-process function with one observer for edge coverage and one for the execution time
-    let executor = TimeoutExecutor::new(executor, timeout);
+    // let executor = TimeoutExecutor::new(executor, timeout);
     // Show the cmplog observer
-    let mut executor = ShadowExecutor::new(executor, tuple_list!(cmplog_observer));
+    // let mut executor = ShadowExecutor::new(executor, tuple_list!(cmplog_observer));
 
     // Read tokens
     if let Some(tokenfile) = &tokenfile {
@@ -435,10 +448,10 @@ fn fuzz(
         }
     }
 
-    let tracing = ShadowTracingStage::new(&mut executor);
+    // let tracing = ShadowTracingStage::new(&mut executor);
 
     // The order of the stages matter!
-    let mut stages = tuple_list!(calibration, tracing, i2s, power);
+    let mut stages = tuple_list!(mutation);
 
     // Remove target ouput (logs still survive)
     #[cfg(unix)]