From e9c27b3065f58b134464825a691ffa94aac734ae Mon Sep 17 00:00:00 2001 From: Alwin Berger Date: Tue, 21 May 2024 18:24:23 +0200 Subject: [PATCH] fixes timing, scheduler --- fuzzers/FRET/src/fuzzer.rs | 2 +- fuzzers/FRET/src/mutational.rs | 12 ++++++++---- fuzzers/FRET/src/systemstate/feedbacks.rs | 24 ++++++++++++----------- fuzzers/FRET/src/systemstate/stg.rs | 5 ++++- 4 files changed, 26 insertions(+), 17 deletions(-) diff --git a/fuzzers/FRET/src/fuzzer.rs b/fuzzers/FRET/src/fuzzer.rs index 1e25134e63..9e47279172 100644 --- a/fuzzers/FRET/src/fuzzer.rs +++ b/fuzzers/FRET/src/fuzzer.rs @@ -455,7 +455,7 @@ pub fn fuzz() { if i == 0 || true { unsafe {start_tick = u32::from_le_bytes(t) % LIMIT + FIRST_INT;} } else { - start_tick = u32::saturating_add(start_tick,max(MINIMUM_INTER_ARRIVAL_TIME,u32::from_le_bytes(t))); + start_tick = u32::saturating_add(start_tick,max(unsafe{MINIMUM_INTER_ARRIVAL_TIME},u32::from_le_bytes(t))); } libafl_interrupt_offsets[i] = start_tick; libafl_num_interrupts = i+1; diff --git a/fuzzers/FRET/src/mutational.rs b/fuzzers/FRET/src/mutational.rs index 69bbc8504c..9414ccbed8 100644 --- a/fuzzers/FRET/src/mutational.rs +++ b/fuzzers/FRET/src/mutational.rs @@ -14,7 +14,11 @@ use libafl::{ use libafl::prelude::State; use crate::{clock::IcHist, fuzzer::{DO_NUM_INTERRUPT, FIRST_INT}, systemstate::{stg::{STGFeedbackState, STGNodeMetadata}, ExecInterval, FreeRTOSSystemStateMetadata, ReducedFreeRTOSSystemState}}; -pub const MINIMUM_INTER_ARRIVAL_TIME : u32 = 700 * 1000 * (1 << 4); +pub static mut MINIMUM_INTER_ARRIVAL_TIME : u32 = 1000 /*ms*/ * 62500; +// one isn per 2**4 ns +// virtual insn/sec 62500000 = 1/16 GHz +// 1ms = 62500 insn +// 1us = 62.5 insn //======================= Custom mutator @@ -85,7 +89,7 @@ where if i == 0 || true { start_tick = u32::saturating_add(u32::from_le_bytes(t),FIRST_INT); } else { - start_tick = u32::saturating_add(start_tick,max(MINIMUM_INTER_ARRIVAL_TIME,u32::from_le_bytes(t))); + start_tick = u32::saturating_add(start_tick,max(unsafe{MINIMUM_INTER_ARRIVAL_TIME},u32::from_le_bytes(t))); } interrupt_offsets[i] = start_tick; num_interrupts = i+1; @@ -136,10 +140,10 @@ where let mut lb = 0; let mut ub : u32 = marks[marks.len()-1].0.end_tick.try_into().expect("ticks > u32"); if i > 0 { - lb = u32::saturating_add(interrupt_offsets[i-1],MINIMUM_INTER_ARRIVAL_TIME); + lb = u32::saturating_add(interrupt_offsets[i-1],unsafe{MINIMUM_INTER_ARRIVAL_TIME}); } if i < num_interrupts-1 { - ub = u32::saturating_sub(interrupt_offsets[i+1],MINIMUM_INTER_ARRIVAL_TIME); + ub = u32::saturating_sub(interrupt_offsets[i+1],unsafe{MINIMUM_INTER_ARRIVAL_TIME}); } // get old hit and handler let old_hit = marks.iter().filter( diff --git a/fuzzers/FRET/src/systemstate/feedbacks.rs b/fuzzers/FRET/src/systemstate/feedbacks.rs index 7b4997bbb1..4a46e4b739 100644 --- a/fuzzers/FRET/src/systemstate/feedbacks.rs +++ b/fuzzers/FRET/src/systemstate/feedbacks.rs @@ -20,6 +20,7 @@ use hashbrown::HashMap; use libafl::{executors::ExitKind, inputs::Input, observers::ObserversTuple, state::HasMetadata}; use serde::{Deserialize, Serialize}; +use super::ExecInterval; use super::ReducedFreeRTOSSystemState; use super::FreeRTOSSystemStateMetadata; use super::observers::QemuSystemStateObserver; @@ -148,7 +149,8 @@ pub struct DumpSystraceFeedback { dumpfile: Option, dump_metadata: bool, - last_trace: Option>, + last_states: Option>, + last_trace: Option>, } impl Feedback for DumpSystraceFeedback @@ -172,23 +174,23 @@ where let names : Vec = observer.last_run.iter().map(|x| x.current_task.task_name.clone()).collect(); match &self.dumpfile { Some(s) => { - std::fs::write(s,ron::to_string(&observer.last_run).expect("Error serializing hashmap")).expect("Can not dump to file"); + std::fs::write(s,ron::to_string(&(&observer.last_trace,&observer.last_states)).expect("Error serializing hashmap")).expect("Can not dump to file"); self.dumpfile = None }, None => if self.dump_metadata {println!("{:?}\n{:?}",observer.last_run,names);} }; - if self.dump_metadata {self.last_trace=Some(observer.last_run.clone());} + // if self.dump_metadata {self.last_trace=Some(observer.last_trace.clone());} Ok(false) } /// Append to the testcase the generated metadata in case of a new corpus item #[inline] fn append_metadata(&mut self, _state: &mut S, observers: &OT, testcase: &mut Testcase) -> Result<(), Error> { if !self.dump_metadata {return Ok(());} - let a = self.last_trace.take(); - match a { - Some(s) => testcase.metadata_map_mut().insert(FreeRTOSSystemStateMetadata::new(s)), - None => (), - } + // let a = self.last_trace.take(); + // match a { + // Some(s) => testcase.metadata_map_mut().insert(FreeRTOSSystemStateMetadata::new(s)), + // None => (), + // } Ok(()) } @@ -213,12 +215,12 @@ impl DumpSystraceFeedback /// Creates a new [`DumpSystraceFeedback`] #[must_use] pub fn new() -> Self { - Self {dumpfile: None, dump_metadata: false, last_trace: None} + Self {dumpfile: None, dump_metadata: false, last_trace: None, last_states: None } } pub fn with_dump(dumpfile: Option) -> Self { - Self {dumpfile: dumpfile, dump_metadata: false, last_trace: None} + Self {dumpfile: dumpfile, dump_metadata: false, last_trace: None, last_states: None} } pub fn metadata_only() -> Self { - Self {dumpfile: None, dump_metadata: true, last_trace: None} + Self {dumpfile: None, dump_metadata: true, last_trace: None, last_states: None} } } \ No newline at end of file diff --git a/fuzzers/FRET/src/systemstate/stg.rs b/fuzzers/FRET/src/systemstate/stg.rs index 0e560d4382..b1296f367e 100644 --- a/fuzzers/FRET/src/systemstate/stg.rs +++ b/fuzzers/FRET/src/systemstate/stg.rs @@ -201,7 +201,10 @@ pub struct STGNodeMetadata { } impl STGNodeMetadata { pub fn new(nodes: Vec, edges: Vec, intervals: Vec) -> Self{ - Self {indices: edges.iter().map(|x| x.index()).collect(), intervals, nodes, edges, tcref: 0} + let mut indices : Vec<_> = edges.iter().map(|x| x.index()).collect(); + indices.sort_unstable(); + indices.dedup(); + Self {indices, intervals, nodes, edges, tcref: 0} } } impl AsSlice for STGNodeMetadata {