From a3e38b6abbb17e821e5d4112160769d53a6ddc68 Mon Sep 17 00:00:00 2001 From: Alwin Berger Date: Thu, 20 Apr 2023 16:50:23 +0200 Subject: [PATCH] skip unchanged interrupts --- fuzzers/FRET/src/mutational.rs | 31 ++++++++++++++++++------------- 1 file changed, 18 insertions(+), 13 deletions(-) diff --git a/fuzzers/FRET/src/mutational.rs b/fuzzers/FRET/src/mutational.rs index 6c09036454..0f397f1adf 100644 --- a/fuzzers/FRET/src/mutational.rs +++ b/fuzzers/FRET/src/mutational.rs @@ -207,7 +207,8 @@ where .get(corpus_idx)? .borrow_mut().clone(); let mut newinput = _input.input_mut().as_mut().unwrap().clone(); - let mut tmpinput = _input.input_mut().as_mut().unwrap().clone(); + // let mut tmpinput = _input.input_mut().as_mut().unwrap().clone(); + let mut do_rerun = false; { // need our own random generator, because borrowing rules let mut myrand = StdRand::new(); @@ -230,11 +231,10 @@ where for j in 0 as usize..4 as usize { t[j]=target_bytes[i*4+j]; } - if i == 0 { + if i == 0 || true { start_tick = u32::from_le_bytes(t); } else { - // start_tick = u32::saturating_add(start_tick,max(MINIMUM_INTER_ARRIVAL_TIME,u32::from_le_bytes(t))); - start_tick = u32::from_le_bytes(t); + start_tick = u32::saturating_add(start_tick,max(MINIMUM_INTER_ARRIVAL_TIME,u32::from_le_bytes(t))); } interrupt_offsets[i] = start_tick; num_interrupts = i+1; @@ -243,7 +243,7 @@ where } interrupt_offsets.sort(); - println!("Vor Mutator: {:?}", interrupt_offsets[0..num_interrupts].to_vec()); + // println!("Vor Mutator: {:?}", interrupt_offsets[0..num_interrupts].to_vec()); // let num_i = min(target_bytes.len() / 4, DO_NUM_INTERRUPT); let mut suffix = target_bytes.split_off(4 * num_interrupts); let mut prefix : Vec<[u8; 4]> = vec![]; @@ -262,10 +262,10 @@ where let m = interrupt_offsets[0..num_interrupts].iter().any(|x| (curr.start_tick..curr.end_tick).contains(&(*x as u64))); if m { marks.push((curr, i, 1)); - println!("1: {}",curr.current_task.task_name); + // println!("1: {}",curr.current_task.task_name); } else if last_m { marks.push((curr, i, 2)); - println!("2: {}",curr.current_task.task_name); + // println!("2: {}",curr.current_task.task_name); } else { marks.push((curr, i, 0)); } @@ -293,6 +293,7 @@ where }; // find reachable alternatives let alternatives : Vec<_> = marks.iter().filter(|x| + x.2 != 2 && ( x.0.start_tick < (lb as u64) && (lb as u64) < x.0.end_tick || x.0.start_tick < (ub as u64) && (ub as u64) < x.0.end_tick ) @@ -308,18 +309,19 @@ where let choice = myrand.choose(untouched); interrupt_offsets[i] = myrand.between(choice.0.start_tick, choice.0.end_tick) .try_into().expect("tick > u32"); - println!("no alternatives, choose random i: {} {} -> {}",i,tmp,interrupt_offsets[i]); + do_rerun = true; + // println!("no alternatives, choose random i: {} {} -> {}",i,tmp,interrupt_offsets[i]); continue; } else { // do nothing - println!("no alternatives, do nothing i: {} {}",i,interrupt_offsets[i]); + // println!("no alternatives, do nothing i: {} {}",i,interrupt_offsets[i]); continue; } } let replacement = myrand.choose(alternatives); if (old_hit.map_or(false, |x| x == replacement)) { // use the old value - println!("chose old value, do nothing i: {} {}",i,interrupt_offsets[i]); + // println!("chose old value, do nothing i: {} {}",i,interrupt_offsets[i]); continue; } else { let extra = if (old_hit.map_or(false, |x| x.1 < replacement.1)) { @@ -329,12 +331,13 @@ where let tmp = interrupt_offsets[i]; interrupt_offsets[i] = (myrand.between(replacement.0.start_tick, replacement.0.end_tick) + extra).try_into().expect("ticks > u32"); - println!("chose new alternative, i: {} {} -> {}",i,tmp, interrupt_offsets[i]); + // println!("chose new alternative, i: {} {} -> {}",i,tmp, interrupt_offsets[i]); + do_rerun = true; } } let mut numbers : Vec = interrupt_offsets[0..num_interrupts].to_vec(); numbers.sort(); - println!("Mutator: {:?}", numbers); + // println!("Mutator: {:?}", numbers); let mut start : u32 = 0; // for i in 0..numbers.len() { // let tmp = numbers[i]; @@ -353,7 +356,9 @@ where newinput.bytes_mut().append(&mut n); } // InterruptShifterMutator::mutate(&mut mymut, state, &mut input, 0)?; - let (_, corpus_idx) = fuzzer.evaluate_input(state, executor, manager, newinput)?; + if do_rerun { + let (_, corpus_idx) = fuzzer.evaluate_input(state, executor, manager, newinput)?; + } Ok(()) } }