SYS-OSS/FRET-LibAFL
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

write out times over time

Browse Source
This commit is contained in:
Alwin Berger 2023-01-25 14:55:04 +01:00
parent 1f538f9834
commit 8fcc54bbdd
3 changed files with 59 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
fuzzers/FRET/benchmark/.gitignore vendored
View File

@ -1,7 +1,8 @@
timedump *dump
timedump*
corpora corpora
build build
mnt mnt
.R* .R*
*.png *.png
*.pdf *.pdf

41
fuzzers/FRET/src/clock.rs
View File

@ -11,10 +11,10 @@ use libafl::{
observers::{Observer,VariableMapObserver}, observers::{Observer,VariableMapObserver},
state::{StdState, HasNamedMetadata}, state::{StdState, HasNamedMetadata},
Error, Error,
observers::ObserversTuple, prelude::UsesInput, observers::ObserversTuple, prelude::UsesInput, impl_serdeany,
}; };
use serde::{Deserialize, Serialize}; use serde::{Deserialize, Serialize};
use std::{cell::UnsafeCell, cmp::max}; use std::{cell::UnsafeCell, cmp::max, env, fs::OpenOptions, io::Write};
use libafl::bolts::tuples::Named; use libafl::bolts::tuples::Named;
use libafl_qemu::{ use libafl_qemu::{
@ -82,9 +82,11 @@ impl Default for MaxIcountMetadata {
} }
} }
//========== Observer /// A piece of metadata tracking all icounts
#[derive(Debug, SerdeAny, Serialize, Deserialize)]
pub struct IcHist(pub Vec<u64>);
pub static mut ICOUNT_HISTORY : Vec<u64> = vec![]; //========== Observer
/// A simple observer, just overlooking the runtime of the target. /// A simple observer, just overlooking the runtime of the target.
#[derive(Serialize, Deserialize, Debug, Clone)] #[derive(Serialize, Deserialize, Debug, Clone)]
@ -114,7 +116,7 @@ impl QemuClockObserver {
impl<S> Observer<S> for QemuClockObserver impl<S> Observer<S> for QemuClockObserver
where where
S: UsesInput, S: UsesInput + HasMetadata,
{ {
fn pre_exec(&mut self, _state: &mut S, _input: &S::Input) -> Result<(), Error> { fn pre_exec(&mut self, _state: &mut S, _input: &S::Input) -> Result<(), Error> {
// Only remember the pre-run ticks if presistent mode ist used // Only remember the pre-run ticks if presistent mode ist used
@ -133,7 +135,32 @@ where
unsafe { self.end_tick = emu::icount_get_raw() }; unsafe { self.end_tick = emu::icount_get_raw() };
// println!("clock post {}", self.end_tick); // println!("clock post {}", self.end_tick);
// println!("Number of Ticks: {} <- {} {}",self.end_tick - self.start_tick, self.end_tick, self.start_tick); // println!("Number of Ticks: {} <- {} {}",self.end_tick - self.start_tick, self.end_tick, self.start_tick);
unsafe { ICOUNT_HISTORY.push(self.end_tick - self.start_tick) }; let metadata =_state.metadata_mut();
let hist = metadata.get_mut::<IcHist>();
match hist {
None => {
metadata.insert(IcHist(vec![self.end_tick - self.start_tick]));
}
Some(v) => {
v.0.push(self.end_tick - self.start_tick);
if v.0.len() >= 1000 {
if let Ok(td) = env::var("TIME_DUMP") {
let mut file = OpenOptions::new()
.read(true)
.write(true)
.create(true)
.append(true)
.open(td).expect("Could not open timedump");
for i in std::mem::take(&mut v.0).into_iter() {
writeln!(file, "{}", i).expect("Write to dump failed");
}
} else {
// If we don't write out values we don't need to remember them at all
v.0.clear();
}
}
}
}
Ok(()) Ok(())
} }
} }
@ -167,7 +194,7 @@ pub struct ClockTimeFeedback {
impl<S> Feedback<S> for ClockTimeFeedback impl<S> Feedback<S> for ClockTimeFeedback
where where
S: UsesInput + HasClientPerfMonitor, S: UsesInput + HasClientPerfMonitor + HasMetadata,
{ {
#[allow(clippy::wrong_self_convention)] #[allow(clippy::wrong_self_convention)]
fn is_interesting<EM, OT>( fn is_interesting<EM, OT>(

44
fuzzers/FRET/src/fuzzer.rs
View File

@ -26,7 +26,7 @@ use libafl::{
observers::{VariableMapObserver}, observers::{VariableMapObserver},
schedulers::{IndexesLenTimeMinimizerScheduler, QueueScheduler}, schedulers::{IndexesLenTimeMinimizerScheduler, QueueScheduler},
stages::StdMutationalStage, stages::StdMutationalStage,
state::{HasCorpus, StdState}, state::{HasCorpus, StdState, HasMetadata},
Error, Error,
prelude::{SimpleMonitor, SimpleEventManager, AsMutSlice, RandBytesGenerator, Generator, SimpleRestartingEventManager}, Evaluator, prelude::{SimpleMonitor, SimpleEventManager, AsMutSlice, RandBytesGenerator, Generator, SimpleRestartingEventManager}, Evaluator,
}; };
@ -35,7 +35,7 @@ use libafl_qemu::{
QemuHooks, Regs, QemuInstrumentationFilter, GuestAddr, QemuHooks, Regs, QemuInstrumentationFilter, GuestAddr,
}; };
use crate::{ use crate::{
clock::{QemuClockObserver, ClockTimeFeedback, QemuClockIncreaseFeedback, ICOUNT_HISTORY}, clock::{QemuClockObserver, ClockTimeFeedback, QemuClockIncreaseFeedback, IcHist},
qemustate::QemuStateRestoreHelper, qemustate::QemuStateRestoreHelper,
systemstate::{helpers::QemuSystemStateHelper, observers::QemuSystemStateObserver, feedbacks::{DumpSystraceFeedback, NovelSystemStateFeedback}}, worst::{TimeMaximizerCorpusScheduler, ExecTimeIncFeedback, TimeStateMaximizerCorpusScheduler}, systemstate::{helpers::QemuSystemStateHelper, observers::QemuSystemStateObserver, feedbacks::{DumpSystraceFeedback, NovelSystemStateFeedback}}, worst::{TimeMaximizerCorpusScheduler, ExecTimeIncFeedback, TimeStateMaximizerCorpusScheduler},
}; };
@ -360,10 +360,10 @@ pub fn fuzz() {
.read(true) .read(true)
.write(true) .write(true)
.create(true) .create(true)
.append(false) .append(true)
.open(td).expect("Could not open timedump"); .open(td).expect("Could not open timedump");
unsafe { if let Some(ichist) = state.metadata().get::<IcHist>() {
for i in ICOUNT_HISTORY.iter() { for i in ichist.0.iter() {
writeln!(file, "{}", i).expect("Write to dump failed"); writeln!(file, "{}", i).expect("Write to dump failed");
} }
} }
@ -400,24 +400,24 @@ pub fn fuzz() {
#[cfg(feature = "singlecore")] #[cfg(feature = "singlecore")]
{ {
let monitor = SimpleMonitor::new(|s| println!("{}", s)); let monitor = SimpleMonitor::new(|s| println!("{}", s));
let mgr = SimpleEventManager::new(monitor); // let mgr = SimpleEventManager::new(monitor);
run_client(None, mgr, 0); // run_client(None, mgr, 0);
// let mut shmem_provider = StdShMemProvider::new().unwrap(); let mut shmem_provider = StdShMemProvider::new().unwrap();
// let (state, mut mgr) = match SimpleRestartingEventManager::launch(monitor, &mut shmem_provider) let (state, mut mgr) = match SimpleRestartingEventManager::launch(monitor, &mut shmem_provider)
// { {
// // The restarting state will spawn the same process again as child, then restarted it each time it crashes. // The restarting state will spawn the same process again as child, then restarted it each time it crashes.
// Ok(res) => res, Ok(res) => res,
// Err(err) => match err { Err(err) => match err {
// Error::ShuttingDown => { Error::ShuttingDown => {
// return; return;
// } }
// _ => { _ => {
// panic!("Failed to setup the restarter: {}", err); panic!("Failed to setup the restarter: {}", err);
// } }
// }, },
// }; };
// run_client(state, mgr, 0); run_client(state, mgr, 0);
} }
// else -> multicore // else -> multicore
#[cfg(not(feature = "singlecore"))] #[cfg(not(feature = "singlecore"))]