repeat interrupt mutations

2024-08-14 08:55:23 +02:00 · 2024-08-14 08:55:23 +02:00 · b9f0151e87
commit b9f0151e87
parent 712ac137d7
1 changed files with 12 additions and 2 deletions
--- a/fuzzers/FRET/src/systemstate/mutational.rs
+++ b/fuzzers/FRET/src/systemstate/mutational.rs
@ -10,7 +10,7 @@ use libafl_bolts::rands::{
    Rand
 };
 use libafl::{
-    common::{HasMetadata, HasNamedMetadata}, corpus::{self, Corpus}, fuzzer::Evaluator, inputs::{HasMutatorBytes, HasTargetBytes, Input, MultipartInput}, mark_feature_time, prelude::{new_hash_feedback, CorpusId, MutationResult, Mutator, UsesInput}, stages::Stage, start_timer, state::{HasCorpus, HasRand, MaybeHasClientPerfMonitor, UsesState}, Error
+    common::{HasMetadata, HasNamedMetadata}, corpus::{self, Corpus}, events::{Event, EventFirer, LogSeverity}, fuzzer::Evaluator, inputs::{HasMutatorBytes, HasTargetBytes, Input, MultipartInput}, mark_feature_time, prelude::{new_hash_feedback, CorpusId, MutationResult, Mutator, UsesInput}, stages::Stage, start_timer, state::{HasCorpus, HasRand, MaybeHasClientPerfMonitor, UsesState}, Error
 };
 use libafl::prelude::State;
 use petgraph::{graph::NodeIndex, graph::{self, DiGraph}};
@ -68,7 +68,7 @@ fn is_candidate_for_new_branches(graph: &DiGraph<STGNode, STGEdge>, node: NodeIn
    !has_interrupt_handler_non_systick(graph, node) && !is_interrupt_handler(graph, node)
 }

-// TODO: thic can be much more efficient, if the graph stored snapshots of the state and input progress was tracked
+// TODO: this can be much more efficient, if the graph stored snapshots of the state and input progress was tracked
 /// Determines if a given node in the state transition graph (STG) is a candidate for introducing new branches.
 pub fn try_force_new_branches(interrupt_ticks : &[u32], fbs: &STGFeedbackState, meta: &STGNodeMetadata) -> Option<Vec<u32>> {
    let mut new = false;
@ -116,6 +116,7 @@ impl<E, EM, Z, I> Stage<E, EM, Z> for InterruptShiftStage<E, EM, Z>
 where
    E: UsesState<State = Z::State>,
    EM: UsesState<State = Z::State>,
+    EM: EventFirer,
    Z: Evaluator<E, EM>,
    Z::State: MaybeHasClientPerfMonitor + HasCorpus + HasRand + HasMetadata + HasNamedMetadata,
    <Z::State as UsesInput>::Input: Input,
@ -131,6 +132,12 @@ where
    ) -> Result<(), Error> {
        let mut myrand = StdRand::new();
        myrand.set_seed(state.rand_mut().next());
+
+        let mut loopcount = 0;
+        let mut loopbound = 50;
+        loop {
+            // manager.log(state, LogSeverity::Info, format!("Mutation {}/{}", loopbound, loopcount))?;
+            loopbound-=1;
        let current_case = state.current_testcase()?;
        let old_input = current_case.input().as_ref().unwrap();
        let old_interrupt_times = old_input.parts_by_name("interrupts").next();
@ -375,7 +382,10 @@ where
        drop(current_case);
        // InterruptShifterMutator::mutate(&mut mymut, state, &mut input, 0)?;
        if do_rerun {
+            loopcount+=1;
            let (_, corpus_idx) = fuzzer.evaluate_input(state, executor, manager, new_input)?;
+            if corpus_idx.is_none() && loopbound<=0 { break;}
+        } else {if loopbound<=0 {break;}}
        }
        Ok(())
    }