SYS-OSS/FRET-LibAFL
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fixes timing, scheduler

Browse Source
This commit is contained in:
Alwin Berger 2024-05-21 18:24:23 +02:00
parent 2886aafb65
commit e9c27b3065
4 changed files with 26 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
fuzzers/FRET/src/fuzzer.rs
View File

@ -455,7 +455,7 @@ pub fn fuzz() {
if i == 0 || true {
unsafe {start_tick = u32::from_le_bytes(t) % LIMIT + FIRST_INT;}
} else {
start_tick = u32::saturating_add(start_tick,max(MINIMUM_INTER_ARRIVAL_TIME,u32::from_le_bytes(t)));
start_tick = u32::saturating_add(start_tick,max(unsafe{MINIMUM_INTER_ARRIVAL_TIME},u32::from_le_bytes(t)));
}
libafl_interrupt_offsets[i] = start_tick;
libafl_num_interrupts = i+1;

12
fuzzers/FRET/src/mutational.rs
View File

@ -14,7 +14,11 @@ use libafl::{
use libafl::prelude::State;
use crate::{clock::IcHist, fuzzer::{DO_NUM_INTERRUPT, FIRST_INT}, systemstate::{stg::{STGFeedbackState, STGNodeMetadata}, ExecInterval, FreeRTOSSystemStateMetadata, ReducedFreeRTOSSystemState}};
pub const MINIMUM_INTER_ARRIVAL_TIME : u32 = 700 * 1000 * (1 << 4);
pub static mut MINIMUM_INTER_ARRIVAL_TIME : u32 = 1000 /*ms*/ * 62500;
// one isn per 2**4 ns
// virtual insn/sec 62500000 = 1/16 GHz
// 1ms = 62500 insn
// 1us = 62.5 insn
//======================= Custom mutator
@ -85,7 +89,7 @@ where
if i == 0 || true {
start_tick = u32::saturating_add(u32::from_le_bytes(t),FIRST_INT);
} else {
start_tick = u32::saturating_add(start_tick,max(MINIMUM_INTER_ARRIVAL_TIME,u32::from_le_bytes(t)));
start_tick = u32::saturating_add(start_tick,max(unsafe{MINIMUM_INTER_ARRIVAL_TIME},u32::from_le_bytes(t)));
}
interrupt_offsets[i] = start_tick;
num_interrupts = i+1;
@ -136,10 +140,10 @@ where
let mut lb = 0;
let mut ub : u32 = marks[marks.len()-1].0.end_tick.try_into().expect("ticks > u32");
if i > 0 {
lb = u32::saturating_add(interrupt_offsets[i-1],MINIMUM_INTER_ARRIVAL_TIME);
lb = u32::saturating_add(interrupt_offsets[i-1],unsafe{MINIMUM_INTER_ARRIVAL_TIME});
}
if i < num_interrupts-1 {
ub = u32::saturating_sub(interrupt_offsets[i+1],MINIMUM_INTER_ARRIVAL_TIME);
ub = u32::saturating_sub(interrupt_offsets[i+1],unsafe{MINIMUM_INTER_ARRIVAL_TIME});
}
// get old hit and handler
let old_hit = marks.iter().filter(

24
fuzzers/FRET/src/systemstate/feedbacks.rs
View File

@ -20,6 +20,7 @@ use hashbrown::HashMap;
use libafl::{executors::ExitKind, inputs::Input, observers::ObserversTuple, state::HasMetadata};
use serde::{Deserialize, Serialize};
use super::ExecInterval;
use super::ReducedFreeRTOSSystemState;
use super::FreeRTOSSystemStateMetadata;
use super::observers::QemuSystemStateObserver;
@ -148,7 +149,8 @@ pub struct DumpSystraceFeedback
{
dumpfile: Option<PathBuf>,
dump_metadata: bool,
last_trace: Option<Vec<ReducedFreeRTOSSystemState>>,
last_states: Option<HashMap<u64, ReducedFreeRTOSSystemState>>,
last_trace: Option<Vec<ExecInterval>>,
}
impl<S> Feedback<S> for DumpSystraceFeedback
@ -172,23 +174,23 @@ where
let names : Vec<String> = observer.last_run.iter().map(|x| x.current_task.task_name.clone()).collect();
match &self.dumpfile {
Some(s) => {
std::fs::write(s,ron::to_string(&observer.last_run).expect("Error serializing hashmap")).expect("Can not dump to file");
std::fs::write(s,ron::to_string(&(&observer.last_trace,&observer.last_states)).expect("Error serializing hashmap")).expect("Can not dump to file");
self.dumpfile = None
},
None => if self.dump_metadata {println!("{:?}\n{:?}",observer.last_run,names);}
};
if self.dump_metadata {self.last_trace=Some(observer.last_run.clone());}
// if self.dump_metadata {self.last_trace=Some(observer.last_trace.clone());}
Ok(false)
}
/// Append to the testcase the generated metadata in case of a new corpus item
#[inline]
fn append_metadata<OT>(&mut self, _state: &mut S, observers: &OT, testcase: &mut Testcase<S::Input>) -> Result<(), Error> {
if !self.dump_metadata {return Ok(());}
let a = self.last_trace.take();
match a {
Some(s) => testcase.metadata_map_mut().insert(FreeRTOSSystemStateMetadata::new(s)),
None => (),
}
// let a = self.last_trace.take();
// match a {
// Some(s) => testcase.metadata_map_mut().insert(FreeRTOSSystemStateMetadata::new(s)),
// None => (),
// }
Ok(())
}
@ -213,12 +215,12 @@ impl DumpSystraceFeedback
/// Creates a new [`DumpSystraceFeedback`]
#[must_use]
pub fn new() -> Self {
Self {dumpfile: None, dump_metadata: false, last_trace: None}
Self {dumpfile: None, dump_metadata: false, last_trace: None, last_states: None }
}
pub fn with_dump(dumpfile: Option<PathBuf>) -> Self {
Self {dumpfile: dumpfile, dump_metadata: false, last_trace: None}
Self {dumpfile: dumpfile, dump_metadata: false, last_trace: None, last_states: None}
}
pub fn metadata_only() -> Self {
Self {dumpfile: None, dump_metadata: true, last_trace: None}
Self {dumpfile: None, dump_metadata: true, last_trace: None, last_states: None}
}
}

5
fuzzers/FRET/src/systemstate/stg.rs
View File

@ -201,7 +201,10 @@ pub struct STGNodeMetadata {
}
impl STGNodeMetadata {
pub fn new(nodes: Vec<NodeIndex>, edges: Vec<EdgeIndex>, intervals: Vec<ExecInterval>) -> Self{
Self {indices: edges.iter().map(|x| x.index()).collect(), intervals, nodes, edges, tcref: 0}
let mut indices : Vec<_> = edges.iter().map(|x| x.index()).collect();
indices.sort_unstable();
indices.dedup();
Self {indices, intervals, nodes, edges, tcref: 0}
}
}
impl AsSlice for STGNodeMetadata {