add input_counter to system state
This commit is contained in:
parent
0693422e44
commit
89cf096b9d
@ -252,6 +252,11 @@ fn fuzz(
|
||||
.expect("Symbol FUZZ_LENGTH not found");
|
||||
let test_length_ptr = virt2phys(test_length_ptr,&elf.goblin());
|
||||
println!("FUZZ_LENGTH @ {:#x}", test_length_ptr);
|
||||
let input_counter = elf
|
||||
.resolve_symbol("FUZZ_POINTER", 0)
|
||||
.expect("Symbol FUZZ_POINTER not found");
|
||||
// let input_counter = virt2phys(input_counter,&elf.goblin());
|
||||
println!("FUZZ_LENGTH @ {:#x}", test_length_ptr);
|
||||
let check_breakpoint = elf
|
||||
.resolve_symbol("trigger_Qemu_break", 0)
|
||||
.expect("Symbol trigger_Qemu_break not found");
|
||||
@ -423,7 +428,11 @@ fn fuzz(
|
||||
QemuCmpLogHelper::new(),
|
||||
//QemuAsanHelper::new(),
|
||||
QemuSysSnapshotHelper::new(),
|
||||
QemuSystemStateHelper::with_instrumentation_filter(system_state_filter,curr_tcb_pointer.try_into().unwrap(),task_queue_addr.try_into().unwrap())
|
||||
QemuSystemStateHelper::with_instrumentation_filter(
|
||||
system_state_filter,curr_tcb_pointer.try_into().unwrap(),
|
||||
task_queue_addr.try_into().unwrap(),
|
||||
input_counter.try_into().unwrap()
|
||||
)
|
||||
),
|
||||
tuple_list!(edges_observer, clock_observer,sysstate_observer),
|
||||
&mut fuzzer,
|
||||
|
||||
@ -234,6 +234,11 @@ fn fuzz(
|
||||
.expect("Symbol FUZZ_LENGTH not found");
|
||||
let test_length_ptr = virt2phys(test_length_ptr,&elf.goblin());
|
||||
println!("FUZZ_LENGTH @ {:#x}", test_length_ptr);
|
||||
let input_counter = elf
|
||||
.resolve_symbol("FUZZ_POINTER", 0)
|
||||
.expect("Symbol FUZZ_POINTER not found");
|
||||
// let input_counter = virt2phys(input_counter,&elf.goblin());
|
||||
println!("FUZZ_LENGTH @ {:#x}", test_length_ptr);
|
||||
let check_breakpoint = elf
|
||||
.resolve_symbol("trigger_Qemu_break", 0)
|
||||
.expect("Symbol trigger_Qemu_break not found");
|
||||
@ -348,7 +353,11 @@ fn fuzz(
|
||||
// QemuCmpLogHelper::new(),
|
||||
// QemuAsanHelper::new(),
|
||||
QemuSysSnapshotHelper::new(),
|
||||
QemuSystemStateHelper::with_instrumentation_filter(system_state_filter,curr_tcb_pointer.try_into().unwrap(),task_queue_addr.try_into().unwrap())
|
||||
QemuSystemStateHelper::with_instrumentation_filter(
|
||||
system_state_filter,curr_tcb_pointer.try_into().unwrap(),
|
||||
task_queue_addr.try_into().unwrap(),
|
||||
input_counter.try_into().unwrap()
|
||||
)
|
||||
),
|
||||
tuple_list!(edges_observer,clock_observer,QemuSysStateObserver::new()),
|
||||
&mut fuzzer,
|
||||
|
||||
@ -24,21 +24,32 @@ pub struct QemuSystemStateHelper {
|
||||
filter: QemuInstrumentationFilter,
|
||||
tcb_addr: u32,
|
||||
ready_queues: u32,
|
||||
input_counter: u32,
|
||||
}
|
||||
|
||||
impl QemuSystemStateHelper {
|
||||
#[must_use]
|
||||
pub fn new(tcb_addr: u32, ready_queues: u32) -> Self {
|
||||
pub fn new(
|
||||
tcb_addr: u32,
|
||||
ready_queues: u32,
|
||||
input_counter: u32
|
||||
) -> Self {
|
||||
Self {
|
||||
filter: QemuInstrumentationFilter::None,
|
||||
tcb_addr: tcb_addr,
|
||||
ready_queues: ready_queues,
|
||||
input_counter: input_counter,
|
||||
}
|
||||
}
|
||||
|
||||
#[must_use]
|
||||
pub fn with_instrumentation_filter(filter: QemuInstrumentationFilter, tcb_addr: u32, ready_queues: u32) -> Self {
|
||||
Self { filter, tcb_addr, ready_queues}
|
||||
pub fn with_instrumentation_filter(
|
||||
filter: QemuInstrumentationFilter,
|
||||
tcb_addr: u32,
|
||||
ready_queues: u32,
|
||||
input_counter: u32
|
||||
) -> Self {
|
||||
Self { filter, tcb_addr, ready_queues, input_counter}
|
||||
}
|
||||
|
||||
#[must_use]
|
||||
@ -82,6 +93,9 @@ where
|
||||
let listbytes : u32 = u32::try_from(std::mem::size_of::<freertos::List_t>()).unwrap();
|
||||
let mut sysstate = FreeRTOSSystemStateRaw::default();
|
||||
sysstate.qemu_tick = emulator.get_ticks();
|
||||
let mut buf : [u8; 4] = [0,0,0,0];
|
||||
unsafe { emulator.read_mem(h.input_counter.into(), &mut buf) };
|
||||
sysstate.input_counter = u32::from_le_bytes(buf);
|
||||
|
||||
let curr_tcb_addr : freertos::void_ptr = freertos::emu_lookup::lookup(emulator, h.tcb_addr);
|
||||
sysstate.current_tcb = freertos::emu_lookup::lookup(emulator,curr_tcb_addr);
|
||||
|
||||
@ -25,6 +25,7 @@ pub struct FreeRTOSSystemStateRaw {
|
||||
current_tcb: TCB_t,
|
||||
prio_ready_lists: [freertos::List_t; NUM_PRIOS],
|
||||
dumping_ground: HashMap<u32,freertos::rtos_struct>,
|
||||
input_counter: u32,
|
||||
}
|
||||
/// List of system state dumps from QemuHelpers
|
||||
static mut CURRENT_SYSSTATE_VEC: Vec<FreeRTOSSystemStateRaw> = vec![];
|
||||
@ -86,6 +87,7 @@ impl MiniTCB {
|
||||
pub struct MiniFreeRTOSSystemState {
|
||||
start_tick: u64,
|
||||
end_tick: u64,
|
||||
input_counter: u32,
|
||||
current_task: MiniTCB,
|
||||
ready_list_after: Vec<MiniTCB>,
|
||||
}
|
||||
|
||||
@ -124,6 +124,7 @@ for mut i in input.drain(..) {
|
||||
start_tick: start_tick,
|
||||
end_tick: i.qemu_tick,
|
||||
ready_list_after: collector,
|
||||
input_counter: i.input_counter,
|
||||
});
|
||||
start_tick=i.qemu_tick;
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user