From 6a18fa75f451483402539ac749e8d3b40707cfa6 Mon Sep 17 00:00:00 2001
From: Alwin Berger <alwin.berger@tu-dortmund.de>
Date: Sun, 29 May 2022 00:43:02 +0200
Subject: [PATCH] add RandInputSnippetMutator

---
 fuzzers/wcet_qemu_sys/src/sysstate/graph.rs | 92 ++++++++++++++++++++-
 1 file changed, 91 insertions(+), 1 deletion(-)

diff --git a/fuzzers/wcet_qemu_sys/src/sysstate/graph.rs b/fuzzers/wcet_qemu_sys/src/sysstate/graph.rs
index 22e8b63d57..82182fd50b 100644
--- a/fuzzers/wcet_qemu_sys/src/sysstate/graph.rs
+++ b/fuzzers/wcet_qemu_sys/src/sysstate/graph.rs
@@ -408,7 +408,97 @@ where
         "RandGraphSnippetMutator"
     }
 }
-//============================= Mutators
+//=============================== Snippets
+pub struct RandInputSnippetMutator<I, S>
+where
+    I: Input + HasBytesVec,
+    S: HasRand + HasMetadata + HasCorpus<I> + HasSolutions<I>,
+{
+    phantom: PhantomData<(I, S)>,
+}
+impl<I, S> RandInputSnippetMutator<I, S>
+where
+    I: Input + HasBytesVec,
+    S: HasRand + HasMetadata + HasCorpus<I> + HasSolutions<I>,
+{
+    pub fn new() -> Self {
+        RandInputSnippetMutator{phantom: PhantomData}
+    }
+}
+impl<I, S> Mutator<I, S> for RandInputSnippetMutator<I, S>
+where
+    I: Input + HasBytesVec,
+    S: HasRand + HasMetadata + HasCorpus<I> + HasSolutions<I> + HasFeedbackStates,
+{
+    fn mutate(
+        &mut self, 
+        state: &mut S, 
+        input: &mut I, 
+        _stage_idx: i32
+    ) -> Result<MutationResult, Error>
+    {
+        // need our own random generator, because borrowing rules
+        let mut myrand = StdRand::new();
+        let tmp = &mut state.rand_mut();
+        myrand.set_seed(tmp.next());   
+        drop(tmp);
+
+        let feedbackstate = state
+            .feedback_states()
+            .match_name::<SysGraphFeedbackState>("SysMap")
+            .unwrap();
+        let g = &feedbackstate.graph;
+        let tmp = state.metadata().get::<SysGraphMetadata>();
+        if tmp.is_none() {  // if there are no metadata it was probably not interesting anyways
+            return Ok(MutationResult::Skipped);
+        }
+        let trace = tmp.expect("SysGraphMetadata not found");
+
+        let mut collection : Vec<Vec<u8>> = Vec::new();
+        let mut current_pointer : usize = 0;
+        let INPUT_BYTES_OFFSET = 0; // Offset for interrupt bytes
+        for t in &trace.inner {
+            let node = &g[*t];
+            for v in &node.variants {
+                if v.input == input.bytes() {
+                    if v.input_counter > current_pointer.try_into().unwrap() {
+                        collection.push(v.input[INPUT_BYTES_OFFSET+current_pointer..INPUT_BYTES_OFFSET+v.input_counter as usize].to_owned());
+                        current_pointer = v.input_counter as usize;
+                    }
+                    break;
+                }
+            }
+        }
+        let index_to_mutate = myrand.below(collection.len() as u64) as usize;
+        for i in 0..collection[index_to_mutate].len() {
+            collection[index_to_mutate][i] = myrand.below(0xFF) as u8;
+        }
+        for i in collection.concat().iter().enumerate() {
+            input.bytes_mut()[INPUT_BYTES_OFFSET+i.0]=*i.1;
+        }
+
+        Ok(MutationResult::Mutated)
+    }
+
+    fn post_exec(
+        &mut self, 
+        _state: &mut S, 
+        _stage_idx: i32, 
+        _corpus_idx: Option<usize>
+    ) -> Result<(), Error> {
+        Ok(())
+    }
+}
+
+impl<I, S> Named for RandInputSnippetMutator<I, S>
+where
+    I: Input + HasBytesVec,
+    S: HasRand + HasMetadata + HasCorpus<I> + HasSolutions<I> + HasFeedbackStates,
+{
+    fn name(&self) -> &str {
+        "RandInputSnippetMutator"
+    }
+}
 //=============================== Suffix
 pub struct RandGraphSuffixMutator<I, S>
 where