From b9f0151e87d8167e08e44be0bfe15c58fe307d99 Mon Sep 17 00:00:00 2001
From: Alwin Berger <alwin.berger@tu-dortmund.de>
Date: Wed, 14 Aug 2024 08:55:23 +0200
Subject: [PATCH] repeat interrupt mutations

---
 fuzzers/FRET/src/systemstate/mutational.rs | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/fuzzers/FRET/src/systemstate/mutational.rs b/fuzzers/FRET/src/systemstate/mutational.rs
index 62b4bc69a9..707830c995 100644
--- a/fuzzers/FRET/src/systemstate/mutational.rs
+++ b/fuzzers/FRET/src/systemstate/mutational.rs
@@ -10,7 +10,7 @@ use libafl_bolts::rands::{
     Rand
 };
 use libafl::{
-    common::{HasMetadata, HasNamedMetadata}, corpus::{self, Corpus}, fuzzer::Evaluator, inputs::{HasMutatorBytes, HasTargetBytes, Input, MultipartInput}, mark_feature_time, prelude::{new_hash_feedback, CorpusId, MutationResult, Mutator, UsesInput}, stages::Stage, start_timer, state::{HasCorpus, HasRand, MaybeHasClientPerfMonitor, UsesState}, Error
+    common::{HasMetadata, HasNamedMetadata}, corpus::{self, Corpus}, events::{Event, EventFirer, LogSeverity}, fuzzer::Evaluator, inputs::{HasMutatorBytes, HasTargetBytes, Input, MultipartInput}, mark_feature_time, prelude::{new_hash_feedback, CorpusId, MutationResult, Mutator, UsesInput}, stages::Stage, start_timer, state::{HasCorpus, HasRand, MaybeHasClientPerfMonitor, UsesState}, Error
 };
 use libafl::prelude::State;
 use petgraph::{graph::NodeIndex, graph::{self, DiGraph}};
@@ -68,7 +68,7 @@ fn is_candidate_for_new_branches(graph: &DiGraph<STGNode, STGEdge>, node: NodeIn
     !has_interrupt_handler_non_systick(graph, node) && !is_interrupt_handler(graph, node)
 }
 
-// TODO: thic can be much more efficient, if the graph stored snapshots of the state and input progress was tracked
+// TODO: this can be much more efficient, if the graph stored snapshots of the state and input progress was tracked
 /// Determines if a given node in the state transition graph (STG) is a candidate for introducing new branches.
 pub fn try_force_new_branches(interrupt_ticks : &[u32], fbs: &STGFeedbackState, meta: &STGNodeMetadata) -> Option<Vec<u32>> {
     let mut new = false;
@@ -116,6 +116,7 @@ impl<E, EM, Z, I> Stage<E, EM, Z> for InterruptShiftStage<E, EM, Z>
 where
     E: UsesState<State = Z::State>,
     EM: UsesState<State = Z::State>,
+    EM: EventFirer,
     Z: Evaluator<E, EM>,
     Z::State: MaybeHasClientPerfMonitor + HasCorpus + HasRand + HasMetadata + HasNamedMetadata,
     <Z::State as UsesInput>::Input: Input,
@@ -131,6 +132,12 @@ where
     ) -> Result<(), Error> {
         let mut myrand = StdRand::new();
         myrand.set_seed(state.rand_mut().next());
+
+        let mut loopcount = 0;
+        let mut loopbound = 50;
+        loop {
+            // manager.log(state, LogSeverity::Info, format!("Mutation {}/{}", loopbound, loopcount))?;
+            loopbound-=1;
         let current_case = state.current_testcase()?;
         let old_input = current_case.input().as_ref().unwrap();
         let old_interrupt_times = old_input.parts_by_name("interrupts").next();
@@ -375,7 +382,10 @@ where
         drop(current_case);
         // InterruptShifterMutator::mutate(&mut mymut, state, &mut input, 0)?;
         if do_rerun {
+            loopcount+=1;
             let (_, corpus_idx) = fuzzer.evaluate_input(state, executor, manager, new_input)?;
+            if corpus_idx.is_none() && loopbound<=0 { break;}
+        } else {if loopbound<=0 {break;}}
         }
         Ok(())
     }