introduce INPUT_BYTES_OFFSET constant
This commit is contained in:
parent
2466fc5cb6
commit
eb3914e5c1
@ -34,6 +34,7 @@ use wcet_qemu_sys::sysstate::helpers::QemuSystemStateHelper;
|
|||||||
use wcet_qemu_sys::sysstate::observers::QemuSysStateObserver;
|
use wcet_qemu_sys::sysstate::observers::QemuSysStateObserver;
|
||||||
use wcet_qemu_sys::sysstate::feedbacks::SysStateFeedbackState;
|
use wcet_qemu_sys::sysstate::feedbacks::SysStateFeedbackState;
|
||||||
use wcet_qemu_sys::sysstate::feedbacks::NovelSysStateFeedback;
|
use wcet_qemu_sys::sysstate::feedbacks::NovelSysStateFeedback;
|
||||||
|
use wcet_qemu_sys::sysstate::INPUT_BYTES_OFFSET;
|
||||||
use wcet_qemu_sys::worst::QemuHashMapObserver;
|
use wcet_qemu_sys::worst::QemuHashMapObserver;
|
||||||
use wcet_qemu_sys::minimizer::QemuCaseMinimizerStage;
|
use wcet_qemu_sys::minimizer::QemuCaseMinimizerStage;
|
||||||
use hashbrown::HashMap;
|
use hashbrown::HashMap;
|
||||||
@ -530,6 +531,7 @@ fn fuzz(
|
|||||||
let mut buf = target.as_slice();
|
let mut buf = target.as_slice();
|
||||||
let mut len = buf.len();
|
let mut len = buf.len();
|
||||||
let mut int_tick : Option<u32> = None;
|
let mut int_tick : Option<u32> = None;
|
||||||
|
if INPUT_BYTES_OFFSET!= 0 {
|
||||||
if len > 2 {
|
if len > 2 {
|
||||||
let mut t : [u8; 4] = [0,0,0,0]; // 4 extra bytes determine the tick to execute an interrupt
|
let mut t : [u8; 4] = [0,0,0,0]; // 4 extra bytes determine the tick to execute an interrupt
|
||||||
t[0]=buf[0];
|
t[0]=buf[0];
|
||||||
@ -538,13 +540,16 @@ fn fuzz(
|
|||||||
buf = &buf[2..];
|
buf = &buf[2..];
|
||||||
len = buf.len();
|
len = buf.len();
|
||||||
}
|
}
|
||||||
|
}
|
||||||
if len >= 32 {
|
if len >= 32 {
|
||||||
buf = &buf[0..32];
|
buf = &buf[0..32];
|
||||||
len = 32;
|
len = 32;
|
||||||
}
|
}
|
||||||
|
|
||||||
unsafe {
|
unsafe {
|
||||||
|
if INPUT_BYTES_OFFSET!= 0 {
|
||||||
libafl_int_offset = 347780+int_tick.unwrap_or(0);
|
libafl_int_offset = 347780+int_tick.unwrap_or(0);
|
||||||
|
}
|
||||||
// INTR_OFFSET = int_tick;
|
// INTR_OFFSET = int_tick;
|
||||||
emu.write_mem(test_length_ptr,&(len as u32).to_le_bytes());
|
emu.write_mem(test_length_ptr,&(len as u32).to_le_bytes());
|
||||||
emu.write_mem(input_addr,buf);
|
emu.write_mem(input_addr,buf);
|
||||||
@ -610,7 +615,7 @@ fn fuzz(
|
|||||||
// let tracing = ShadowTracingStage::new(&mut executor);
|
// let tracing = ShadowTracingStage::new(&mut executor);
|
||||||
|
|
||||||
// The order of the stages matter!
|
// The order of the stages matter!
|
||||||
let mut stages = tuple_list!(QemuCaseMinimizerStage::new(16),mutation);
|
let mut stages = tuple_list!(mutation,QemuCaseMinimizerStage::new(16));
|
||||||
|
|
||||||
// Remove target ouput (logs still survive)
|
// Remove target ouput (logs still survive)
|
||||||
#[cfg(unix)]
|
#[cfg(unix)]
|
||||||
@ -642,6 +647,7 @@ fn fuzz(
|
|||||||
.unwrap();
|
.unwrap();
|
||||||
let newgraph = feedbackstate.graph.map(
|
let newgraph = feedbackstate.graph.map(
|
||||||
|_, n| n.get_taskname(),
|
|_, n| n.get_taskname(),
|
||||||
|
// |_, n| format!("{} {:?}",n.get_taskname(),n.get_input_counts().iter().min().unwrap_or(&0)),
|
||||||
|_, e| e,
|
|_, e| e,
|
||||||
);
|
);
|
||||||
let tempg = format!("{:?}",Dot::with_config(&newgraph, &[Config::EdgeNoLabel]));
|
let tempg = format!("{:?}",Dot::with_config(&newgraph, &[Config::EdgeNoLabel]));
|
||||||
|
|||||||
@ -4,6 +4,7 @@ use wcet_qemu_sys::sysstate::helpers::INTR_OFFSET;
|
|||||||
use std::io::Read;
|
use std::io::Read;
|
||||||
use wcet_qemu_sys::sysstate::observers::QemuSysStateObserver;
|
use wcet_qemu_sys::sysstate::observers::QemuSysStateObserver;
|
||||||
use wcet_qemu_sys::sysstate::feedbacks::DumpSystraceFeedback;
|
use wcet_qemu_sys::sysstate::feedbacks::DumpSystraceFeedback;
|
||||||
|
use wcet_qemu_sys::sysstate::INPUT_BYTES_OFFSET;
|
||||||
use wcet_qemu_sys::worst::QemuHashMapObserver;
|
use wcet_qemu_sys::worst::QemuHashMapObserver;
|
||||||
use wcet_qemu_sys::{
|
use wcet_qemu_sys::{
|
||||||
worst::{DumpMapFeedback,DummyFeedback},
|
worst::{DumpMapFeedback,DummyFeedback},
|
||||||
@ -339,6 +340,7 @@ fn fuzz(
|
|||||||
let mut buf = target.as_slice();
|
let mut buf = target.as_slice();
|
||||||
let mut len = buf.len();
|
let mut len = buf.len();
|
||||||
let mut int_tick : Option<u32> = None;
|
let mut int_tick : Option<u32> = None;
|
||||||
|
if INPUT_BYTES_OFFSET!= 0 {
|
||||||
if len > 2 {
|
if len > 2 {
|
||||||
let mut t : [u8; 4] = [0,0,0,0]; // 4 extra bytes determine the tick to execute an interrupt
|
let mut t : [u8; 4] = [0,0,0,0]; // 4 extra bytes determine the tick to execute an interrupt
|
||||||
t[0]=buf[0];
|
t[0]=buf[0];
|
||||||
@ -347,13 +349,16 @@ fn fuzz(
|
|||||||
buf = &buf[2..];
|
buf = &buf[2..];
|
||||||
len = buf.len();
|
len = buf.len();
|
||||||
}
|
}
|
||||||
|
}
|
||||||
if len >= 32 {
|
if len >= 32 {
|
||||||
buf = &buf[0..32];
|
buf = &buf[0..32];
|
||||||
len = 32;
|
len = 32;
|
||||||
}
|
}
|
||||||
|
|
||||||
unsafe {
|
unsafe {
|
||||||
// libafl_int_offset = 347780+int_tick.unwrap_or(0);
|
if INPUT_BYTES_OFFSET!= 0 {
|
||||||
|
libafl_int_offset = 347780+int_tick.unwrap_or(0);
|
||||||
|
}
|
||||||
// INTR_OFFSET = int_tick;
|
// INTR_OFFSET = int_tick;
|
||||||
emu.write_mem(test_length_ptr,&(len as u32).to_le_bytes());
|
emu.write_mem(test_length_ptr,&(len as u32).to_le_bytes());
|
||||||
emu.write_mem(input_addr,buf);
|
emu.write_mem(input_addr,buf);
|
||||||
|
|||||||
@ -104,6 +104,9 @@ impl SysGraphNode {
|
|||||||
pub fn get_taskname(&self) -> &str {
|
pub fn get_taskname(&self) -> &str {
|
||||||
&self.base.current_task.task_name
|
&self.base.current_task.task_name
|
||||||
}
|
}
|
||||||
|
pub fn get_input_counts(&self) -> Vec<u32> {
|
||||||
|
self.variants.iter().map(|x| x.input_counter).collect()
|
||||||
|
}
|
||||||
}
|
}
|
||||||
impl PartialEq for SysGraphNode {
|
impl PartialEq for SysGraphNode {
|
||||||
fn eq(&self, other: &SysGraphNode) -> bool {
|
fn eq(&self, other: &SysGraphNode) -> bool {
|
||||||
@ -456,13 +459,12 @@ where
|
|||||||
|
|
||||||
let mut collection : Vec<Vec<u8>> = Vec::new();
|
let mut collection : Vec<Vec<u8>> = Vec::new();
|
||||||
let mut current_pointer : usize = 0;
|
let mut current_pointer : usize = 0;
|
||||||
let INPUT_BYTES_OFFSET = 0; // Offset for interrupt bytes
|
|
||||||
for t in &trace.inner {
|
for t in &trace.inner {
|
||||||
let node = &g[*t];
|
let node = &g[*t];
|
||||||
for v in &node.variants {
|
for v in &node.variants {
|
||||||
if v.input == input.bytes() {
|
if v.input == input.bytes() {
|
||||||
if v.input_counter > current_pointer.try_into().unwrap() {
|
if v.input_counter > current_pointer.try_into().unwrap() {
|
||||||
collection.push(v.input[INPUT_BYTES_OFFSET+current_pointer..INPUT_BYTES_OFFSET+v.input_counter as usize].to_owned());
|
collection.push(v.input[current_pointer..v.input_counter as usize].to_owned());
|
||||||
current_pointer = v.input_counter as usize;
|
current_pointer = v.input_counter as usize;
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
@ -474,7 +476,7 @@ where
|
|||||||
collection[index_to_mutate][i] = myrand.below(0xFF) as u8;
|
collection[index_to_mutate][i] = myrand.below(0xFF) as u8;
|
||||||
}
|
}
|
||||||
for i in collection.concat().iter().enumerate() {
|
for i in collection.concat().iter().enumerate() {
|
||||||
input.bytes_mut()[INPUT_BYTES_OFFSET+i.0]=*i.1;
|
input.bytes_mut()[i.0]=*i.1;
|
||||||
}
|
}
|
||||||
|
|
||||||
Ok(MutationResult::Mutated)
|
Ok(MutationResult::Mutated)
|
||||||
@ -547,7 +549,7 @@ where
|
|||||||
// follow the path, extract snippets from last reads, find common snippets.
|
// follow the path, extract snippets from last reads, find common snippets.
|
||||||
// those are likley keys parts. choose random parts from other sibling traces
|
// those are likley keys parts. choose random parts from other sibling traces
|
||||||
let inp_c_end = g[*trace.inner.last().unwrap()].base.input_counter;
|
let inp_c_end = g[*trace.inner.last().unwrap()].base.input_counter;
|
||||||
let mut num_to_reverse = 1;
|
let mut num_to_reverse = myrand.below(trace.inner.len().try_into().unwrap());
|
||||||
for t in trace.inner.iter().rev() {
|
for t in trace.inner.iter().rev() {
|
||||||
let int_c_prefix = g[*t].base.input_counter;
|
let int_c_prefix = g[*t].base.input_counter;
|
||||||
if int_c_prefix < inp_c_end {
|
if int_c_prefix < inp_c_end {
|
||||||
|
|||||||
@ -15,6 +15,8 @@ pub mod observers;
|
|||||||
pub mod feedbacks;
|
pub mod feedbacks;
|
||||||
pub mod graph;
|
pub mod graph;
|
||||||
|
|
||||||
|
pub const INPUT_BYTES_OFFSET : u32 = 2; // Offset for interrupt bytes
|
||||||
|
|
||||||
// Constants
|
// Constants
|
||||||
const NUM_PRIOS: usize = 5;
|
const NUM_PRIOS: usize = 5;
|
||||||
|
|
||||||
|
|||||||
@ -1,3 +1,4 @@
|
|||||||
|
use crate::sysstate::INPUT_BYTES_OFFSET;
|
||||||
use libafl::inputs::HasTargetBytes;
|
use libafl::inputs::HasTargetBytes;
|
||||||
use libafl::bolts::HasLen;
|
use libafl::bolts::HasLen;
|
||||||
use libafl::bolts::tuples::Named;
|
use libafl::bolts::tuples::Named;
|
||||||
@ -129,7 +130,7 @@ for mut i in input.drain(..) {
|
|||||||
start_tick: start_tick,
|
start_tick: start_tick,
|
||||||
end_tick: i.qemu_tick,
|
end_tick: i.qemu_tick,
|
||||||
ready_list_after: collector,
|
ready_list_after: collector,
|
||||||
input_counter: i.input_counter,
|
input_counter: i.input_counter+INPUT_BYTES_OFFSET,
|
||||||
last_pc: i.last_pc,
|
last_pc: i.last_pc,
|
||||||
});
|
});
|
||||||
start_tick=i.qemu_tick;
|
start_tick=i.qemu_tick;
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user