add input_counter to system state

fuzzers/wcet_qemu_sys/src/bin/fuzzer.rs

@@ -252,6 +252,11 @@ fn fuzz(
         .expect("Symbol FUZZ_LENGTH not found");
     let test_length_ptr = virt2phys(test_length_ptr,&elf.goblin());
     println!("FUZZ_LENGTH @ {:#x}", test_length_ptr);
+    let input_counter = elf
+        .resolve_symbol("FUZZ_POINTER", 0)
+        .expect("Symbol FUZZ_POINTER not found");
+    // let input_counter = virt2phys(input_counter,&elf.goblin());
+    println!("FUZZ_LENGTH @ {:#x}", test_length_ptr);
     let check_breakpoint = elf
         .resolve_symbol("trigger_Qemu_break", 0)
         .expect("Symbol trigger_Qemu_break not found");
@@ -423,7 +428,11 @@ fn fuzz(
             QemuCmpLogHelper::new(),
             //QemuAsanHelper::new(),
             QemuSysSnapshotHelper::new(), 
-            QemuSystemStateHelper::with_instrumentation_filter(system_state_filter,curr_tcb_pointer.try_into().unwrap(),task_queue_addr.try_into().unwrap())
+            QemuSystemStateHelper::with_instrumentation_filter(
+                system_state_filter,curr_tcb_pointer.try_into().unwrap(),
+                task_queue_addr.try_into().unwrap(),
+                input_counter.try_into().unwrap()
+            )
         ),
         tuple_list!(edges_observer, clock_observer,sysstate_observer),
         &mut fuzzer,

fuzzers/wcet_qemu_sys/src/bin/showmap.rs

@@ -234,6 +234,11 @@ fn fuzz(
         .expect("Symbol FUZZ_LENGTH not found");
     let test_length_ptr = virt2phys(test_length_ptr,&elf.goblin());
     println!("FUZZ_LENGTH @ {:#x}", test_length_ptr);
+    let input_counter = elf
+        .resolve_symbol("FUZZ_POINTER", 0)
+        .expect("Symbol FUZZ_POINTER not found");
+    // let input_counter = virt2phys(input_counter,&elf.goblin());
+    println!("FUZZ_LENGTH @ {:#x}", test_length_ptr);
     let check_breakpoint = elf
         .resolve_symbol("trigger_Qemu_break", 0)
         .expect("Symbol trigger_Qemu_break not found");
@@ -348,7 +353,11 @@ fn fuzz(
             // QemuCmpLogHelper::new(),
             // QemuAsanHelper::new(),
             QemuSysSnapshotHelper::new(),
-            QemuSystemStateHelper::with_instrumentation_filter(system_state_filter,curr_tcb_pointer.try_into().unwrap(),task_queue_addr.try_into().unwrap())
+            QemuSystemStateHelper::with_instrumentation_filter(
+                system_state_filter,curr_tcb_pointer.try_into().unwrap(),
+                task_queue_addr.try_into().unwrap(),
+                input_counter.try_into().unwrap()
+            )
         ),
         tuple_list!(edges_observer,clock_observer,QemuSysStateObserver::new()),
         &mut fuzzer,

fuzzers/wcet_qemu_sys/src/sysstate/helpers.rs

@@ -24,21 +24,32 @@ pub struct QemuSystemStateHelper {
     filter: QemuInstrumentationFilter,
     tcb_addr: u32,
     ready_queues: u32,
+    input_counter: u32,
 }
 
 impl QemuSystemStateHelper {
     #[must_use]
-    pub fn new(tcb_addr: u32, ready_queues: u32) -> Self {
+    pub fn new(
+        tcb_addr: u32,
+        ready_queues: u32,
+        input_counter: u32
+    ) -> Self {
         Self {
             filter: QemuInstrumentationFilter::None,
             tcb_addr: tcb_addr,
             ready_queues: ready_queues,
+            input_counter: input_counter,
         }
     }
 
     #[must_use]
-    pub fn with_instrumentation_filter(filter: QemuInstrumentationFilter, tcb_addr: u32, ready_queues: u32) -> Self {
+    pub fn with_instrumentation_filter(
-        Self { filter, tcb_addr, ready_queues}
+        filter: QemuInstrumentationFilter,
+        tcb_addr: u32,
+        ready_queues: u32,
+        input_counter: u32
+    ) -> Self {
+        Self { filter, tcb_addr, ready_queues, input_counter}
     }
 
     #[must_use]
@@ -82,6 +93,9 @@ where
     let listbytes : u32 = u32::try_from(std::mem::size_of::<freertos::List_t>()).unwrap();
     let mut sysstate = FreeRTOSSystemStateRaw::default();
     sysstate.qemu_tick = emulator.get_ticks();
+    let mut buf : [u8; 4] = [0,0,0,0];
+    unsafe { emulator.read_mem(h.input_counter.into(), &mut buf) };
+    sysstate.input_counter = u32::from_le_bytes(buf);
 
     let curr_tcb_addr : freertos::void_ptr = freertos::emu_lookup::lookup(emulator, h.tcb_addr);
     sysstate.current_tcb = freertos::emu_lookup::lookup(emulator,curr_tcb_addr);

fuzzers/wcet_qemu_sys/src/sysstate/mod.rs

@@ -25,6 +25,7 @@ pub struct FreeRTOSSystemStateRaw {
     current_tcb: TCB_t,
     prio_ready_lists: [freertos::List_t; NUM_PRIOS],
     dumping_ground: HashMap<u32,freertos::rtos_struct>,
+    input_counter: u32,
 }
 /// List of system state dumps from QemuHelpers
 static mut CURRENT_SYSSTATE_VEC: Vec<FreeRTOSSystemStateRaw> = vec![];
@@ -86,6 +87,7 @@ impl MiniTCB {
 pub struct MiniFreeRTOSSystemState {
     start_tick: u64,
     end_tick: u64,
+    input_counter: u32,
     current_task: MiniTCB,
     ready_list_after: Vec<MiniTCB>,
 }

fuzzers/wcet_qemu_sys/src/sysstate/observers.rs

@@ -124,6 +124,7 @@ for mut i in input.drain(..) {
         start_tick: start_tick,
         end_tick: i.qemu_tick,
         ready_list_after: collector,
+        input_counter: i.input_counter,
     });
     start_tick=i.qemu_tick;
 }