Add input setting for multiple tasks

system/main.c

@@ -27,14 +27,12 @@
 #include "sysemu/runstate.h"
 #include "sysemu/sysemu.h"
 #include "migration/snapshot.h"
+#include <math.h>
 
 #ifdef CONFIG_SDL
 #include <SDL.h>
 #endif
 
-
-
-
 int snapshot_save(const char *name);
 int snapshot_load(const char *name);
 
@@ -104,10 +102,9 @@ int main(int argc, char **argv)
 
     argc -= 5;
 
-
     unsigned long deltas[input_size];
+    unsigned int num_tasks = 5;
     u_int32_t inputs[input_size];
-    u_int32_t outputs[input_size];
     //========= Instrumentation end
     qemu_init(argc, argv);
     //========= Instrumentation start
@@ -123,33 +120,42 @@ int main(int argc, char **argv)
     snapshot_save("base");
 
     uint8_t register_in_32b[4];
-    uint8_t reg_tmp_val[4];
+    uint8_t reg_tmp_val[num_tasks][4];
-    uint8_t code_output[4];
     // load input
     // cpu_physical_memory_rw(target_addr, buffer, read_len, true);
 
-    for (u_int32_t i = 0; i < input_size; i++)
+    int task_inputs[num_tasks];
+
+    for (long i = 0; i < pow(input_size, num_tasks); i++)
     {
+        for (int j = 0; j < num_tasks; j++)
+        {
+            task_inputs[j] = i & ((input_size - 1) << (j * __builtin_popcount(input_size - 1)));
+        }
+
         // load the system in the halted state at the beginning of the task; Write input to register
         snapshot_load("base");
         CPUState *cpu = libafl_qemu_get_cpu(0);
-        if (cpu == NULL) {
+        if (cpu == NULL)
+        {
             printf("Error: CPU is NULL.\n");
         }
         // printf("reg count: %d\n", libafl_qemu_num_regs(cpu));
-
+        for (int j = 0; j < num_tasks; j++)
+        {
             // Write i to register format
-        register_in_32b[0] = i & 0xFF; // Least significant byte
+            register_in_32b[0] = task_inputs[j] & 0xFF; // Least significant byte
-        register_in_32b[1] = (i >> 8) & 0xFF;
+            register_in_32b[1] = (task_inputs[j] >> 8) & 0xFF;
-        register_in_32b[2] = (i >> 16) & 0xFF;
+            register_in_32b[2] = (task_inputs[j] >> 16) & 0xFF;
-        register_in_32b[3] = (i >> 24) & 0xFF; // Most significant byte
+            register_in_32b[3] = (task_inputs[j] >> 24) & 0xFF; // Most significant byte
 
-
+            int length = libafl_qemu_read_reg(cpu, j + 1, reg_tmp_val[j]);
-        int length = libafl_qemu_read_reg(cpu, 12, reg_tmp_val);
+            if (length != 4)
-        if(length != 4) {
+            {
                 printf("Error: Could not read register\n");
             }
-        libafl_qemu_write_reg(cpu, 12, register_in_32b);
+            libafl_qemu_write_reg(cpu, j + 1, register_in_32b);
+        }
 
         // Read Result to unint32_t (for debugging)
         // uint32_t res_val = (uint32_t)res_ptr[0] | ((uint32_t)res_ptr[1] << 8) | ((uint32_t)res_ptr[2] << 16) | ((uint32_t)res_ptr[3] << 24);
@@ -164,7 +170,10 @@ int main(int argc, char **argv)
         libafl_qemu_set_native_breakpoint(end);
 
         // Write back the original value to the register
-        libafl_qemu_write_reg(cpu, 12, reg_tmp_val);
+        for (int j = 0; j < num_tasks; j++)
+        {
+            libafl_qemu_write_reg(cpu, j + 1, reg_tmp_val[j]);
+        }
 
         unsigned long start_count = icount_get_raw();
         // printf("Start: %lu\n", start_count);
@@ -172,17 +181,9 @@ int main(int argc, char **argv)
         qemu_main_loop();
         libafl_qemu_remove_native_breakpoint(end);
 
-        length = libafl_qemu_read_reg(cpu, 11, code_output);
-        if(length != 4) {
-            printf("Error: Could not read register\n");
-        }
-        u_int32_t output = (u_int32_t)code_output[0] | ((u_int32_t)code_output[1] << 8) | ((u_int32_t)code_output[2] << 16) | ((u_int32_t)code_output[3] << 24);
-        //printf("Output: %u\n", output);
-
         unsigned long end_count = icount_get_raw();
         // printf("End: %lu\n", end_count);
         inputs[i] = i;
-        outputs[i] = output;
         deltas[i] = end_count - start_count;
 
         // printf("Delta: %lu\n", deltas[i]);
@@ -192,8 +193,9 @@ int main(int argc, char **argv)
     // qemu_chr_fe_write(serial_chr, data, length);
     FILE *fptr = fopen(output_path, "w");
 
-    for (int i = 0; i < input_size; i++) {
+    for (int i = 0; i < input_size; i++)
-        fprintf(fptr, "%d,%lu,%d\n", inputs[i], deltas[i],outputs[i]);
+    {
+        fprintf(fptr, "%d,%lu\n", inputs[i], deltas[i]);
     }
 
     fclose(fptr);