fuzz multiple interrupts

hw/timer/armv7m_systick.c

@@ -310,9 +310,11 @@ static void armv7m_systick_register_types(void)
 type_init(armv7m_systick_register_types)
 
 /* Begin LibAFL instrumentation */
+#define MAX_NUM_INTERRUPT 32
 extern void libafl_send_irq(int irqn);
-volatile unsigned int libafl_int_offset = 0;
+volatile uint32_t libafl_interrupt_offsets[MAX_NUM_INTERRUPT];
-static ptimer_state* mytimer;
+volatile uint64_t libafl_num_interrupts;
+static ptimer_state* libafl_interrupt_timers[MAX_NUM_INTERRUPT] = {0};
 /* This can be moved to a helper function later */
 static void libafl_timed_int_hook(void*);
 static void libafl_timed_int_hook(void* arg)
@@ -321,15 +323,18 @@ static void libafl_timed_int_hook(void* arg)
 }
 void libafl_start_int_timer( void );
 void libafl_start_int_timer( void ) {
-    if (libafl_int_offset==0) {return;}
+    if (libafl_num_interrupts == 0) {return;}
-    if (!mytimer) {
+    for (int i=0; i<libafl_num_interrupts && i<MAX_NUM_INTERRUPT; i++) {
-        mytimer = ptimer_init(&libafl_timed_int_hook, NULL, 0);
+        if (libafl_interrupt_offsets[i] == 0) {continue;}
+        if (!libafl_interrupt_timers[i]) {
+            libafl_interrupt_timers[i] = ptimer_init(&libafl_timed_int_hook, NULL, 0);
+        }
+        ptimer_transaction_begin(libafl_interrupt_timers[i]);
+        ptimer_stop(libafl_interrupt_timers[i]);
+        ptimer_set_period(libafl_interrupt_timers[i], libafl_interrupt_offsets[i]);
+        ptimer_set_count(libafl_interrupt_timers[i], 16); // needs to be in sync with shift
+        ptimer_run(libafl_interrupt_timers[i], 1);
+        ptimer_transaction_commit(libafl_interrupt_timers[i]);
     }
-    ptimer_transaction_begin(mytimer);
-    ptimer_stop(mytimer);
-    ptimer_set_period(mytimer, libafl_int_offset);
-    ptimer_set_count(mytimer, 8);
-    ptimer_run(mytimer, 1);
-    ptimer_transaction_commit(mytimer);
 }
 /* End LibAFL instrumentation */