exectime increase feedback

2023-01-11 16:09:06 +01:00 · 2023-01-11 16:09:06 +01:00 · eeaf7eb43f
commit eeaf7eb43f
parent 68c4887dad
6 changed files with 69 additions and 10 deletions
--- a/fuzzers/FRET/Cargo.toml
+++ b/fuzzers/FRET/Cargo.toml
@ -5,7 +5,7 @@ authors = ["Andrea Fioraldi <andreafioraldi@gmail.com>", "Dominik Maier <domenuk
 edition = "2021"
 [features]
-default = ["std", "snapshot_fast", "singlecore"]
+default = ["std", "snapshot_restore", "singlecore"]
 std = []
 snapshot_restore = []
 snapshot_fast = [ "snapshot_restore" ]
--- a/fuzzers/FRET/benchmark/Makefile
+++ b/fuzzers/FRET/benchmark/Makefile
@ -1,4 +1,4 @@
-TIME=7200
+TIME=3600
 corpora/%/seed:
 	mkdir -p $$(dirname $@)
@ -28,5 +28,7 @@ timedump/%$(FUZZ_RANDOM): corpora/%/seed
 all_sequential: timedump/sequential/mpeg2$(FUZZ_RANDOM) timedump/sequential/dijkstra$(FUZZ_RANDOM) timedump/sequential/epic$(FUZZ_RANDOM)
 all_kernel: timedump/kernel/bsort$(FUZZ_RANDOM) timedump/kernel/insertsort$(FUZZ_RANDOM) # timedump/kernel/fft$(FUZZ_RANDOM)
 clean:
 	rm -rf corpora timedump
--- a/fuzzers/FRET/benchmark/target_symbols.csv
+++ b/fuzzers/FRET/benchmark/target_symbols.csv
@ -1,5 +1,8 @@
 kernel,main_function,input_symbol,input_size,return_function
-mpeg2,main,mpeg2_oldorgframe,90112,mpeg2_return
+mpeg2,mpeg2_main,mpeg2_oldorgframe,90112,mpeg2_return
-audiobeam,main,audiobeam_input,11520,audiobeam_return
+audiobeam,audiobeam_main,audiobeam_input,11520,audiobeam_return
-epic,main,epic_image,4096,epic_return
+epic,epic_main,epic_image,4096,epic_return
-dijkstra,main,dijkstra_AdjMatrix,10000,dijkstra_return
+dijkstra,dijkstra_main,dijkstra_AdjMatrix,10000,dijkstra_return
 fft,fft_main,fft_twidtable,2046,fft_return
 bsort,bsort_main,bsort_Array,400,bsort_return
 insertsort,insertsort_main,insertsort_a,44,insertsort_return
--- a/fuzzers/FRET/fuzzer.sh
+++ b/fuzzers/FRET/fuzzer.sh
@ -13,4 +13,4 @@ cd "$parent_path"
 [ -n "$9" -a "$9" != "+" -a -z "$SHOWMAP_TEXTINPUT" ]  && export SHOWMAP_TEXTINPUT="$9"
 [ -z "$FUZZER" ] && export FUZZER=target/debug/fret
-$FUZZER -icount shift=3,align=off,sleep=off -machine mps2-an385 -monitor null -kernel $KERNEL -serial null -nographic -S -semihosting --semihosting-config enable=on,target=native # -snapshot -drive if=none,format=qcow2,file=dummy.qcow2
+$FUZZER -icount shift=3,align=off,sleep=off -machine mps2-an385 -monitor null -kernel $KERNEL -serial null -nographic -S -semihosting --semihosting-config enable=on,target=native -snapshot -drive if=none,format=qcow2,file=dummy.qcow2
--- a/fuzzers/FRET/src/fuzzer.rs
+++ b/fuzzers/FRET/src/fuzzer.rs
@ -37,7 +37,7 @@ use libafl_qemu::{
 use crate::{
    clock::{QemuClockObserver, ClockTimeFeedback, QemuClockIncreaseFeedback, ICOUNT_HISTORY},
    qemustate::QemuStateRestoreHelper,
-    systemstate::{helpers::QemuSystemStateHelper, observers::QemuSystemStateObserver, feedbacks::DumpSystraceFeedback}, worst::TimeMaximizerCorpusScheduler,
+    systemstate::{helpers::QemuSystemStateHelper, observers::QemuSystemStateObserver, feedbacks::DumpSystraceFeedback}, worst::{TimeMaximizerCorpusScheduler, ExecTimeIncFeedback},
 };
 pub static mut MAX_INPUT_SIZE: usize = 32;
@ -63,7 +63,7 @@ pub fn fuzz() {
        str::parse::<usize>(&s).expect("FUZZ_SIZE was not a number");
    };
    // Hardcoded parameters
-    let timeout = Duration::from_secs(3);
+    let timeout = Duration::from_secs(1);
    let broker_port = 1337;
    let cores = Cores::from_cmdline("1").unwrap();
    let corpus_dirs = [PathBuf::from("./corpus")];
@ -208,7 +208,9 @@ pub fn fuzz() {
            MaxMapFeedback::new_tracking(&edges_observer, true, true),
            // QemuClockIncreaseFeedback::default(),
            // Time feedback, this one does not need a feedback state
-            ClockTimeFeedback::new_with_observer(&clock_time_observer)
+            ClockTimeFeedback::new_with_observer(&clock_time_observer),
            // Feedback to reward any input which increses the execution time
            ExecTimeIncFeedback::new()
        );
        #[cfg(feature = "systemstate")]
        let mut feedback = feedback_or!(
--- a/fuzzers/FRET/src/worst.rs
+++ b/fuzzers/FRET/src/worst.rs
@ -262,3 +262,55 @@ impl Named for ExecTimeCollectorFeedbackState
        "ExecTimeCollectorFeedbackState"
    }
 }
 //===================================================================
 /// A Feedback which expects a certain minimum execution time
 #[derive(Serialize, Deserialize, Clone, Debug)]
 pub struct ExecTimeIncFeedback
 {
    longest_time: u64,
 }
 impl<S> Feedback<S> for ExecTimeIncFeedback
 where
    S: UsesInput + HasClientPerfMonitor,
 {
    #[allow(clippy::wrong_self_convention)]
    fn is_interesting<EM, OT>(
        &mut self,
        _state: &mut S,
        _manager: &mut EM,
        _input: &S::Input,
        observers: &OT,
        _exit_kind: &ExitKind,
    ) -> Result<bool, Error>
    where
        EM: EventFirer<State = S>,
        OT: ObserversTuple<S>,
    {
        let observer = observers.match_name::<QemuClockObserver>("clocktime")
            .expect("QemuClockObserver not found");
        if observer.last_runtime() > self.longest_time {
            self.longest_time = observer.last_runtime();
        }
        Ok(observer.last_runtime() > self.longest_time)
    }
 }
 impl Named for ExecTimeIncFeedback
 {
    #[inline]
    fn name(&self) -> &str {
        "ExecTimeReachedFeedback"
    }
 }
 impl ExecTimeIncFeedback
 where
 {
    /// Creates a new [`ExecTimeReachedFeedback`]
    #[must_use]
    pub fn new() -> Self {
        Self {longest_time: 0}
    }
 }