@@ -34,6 +34,7 @@ Next, we'll add a `script-branch` that will wait for our graphical breakpoint. T
3434allows us to unattended-ly wait until the system is booted and the Simics agent, which
3535allows us to run commands and upload files to the system, is started.
3636
37+
3738Once we get the breakpoint, we will save the booted checkpoint if we did not have
3839one already.
3940
@@ -43,6 +44,45 @@ simulation (since we are running without VMP) will not time out.
4344Finally, we run our fuzzer executable and wait for all commands to execute. Once the
4445fuzzer executable runs, the fuzzer will start and the execution loop will begin.
4546
47+ ``` simics
48+ script-branch {
49+ board.console.con.bp-wait-for-gfx breakpoint-boot 1
50+ echo "Got booted breakpoint. Waiting 10 seconds..."
51+ bp.time.wait-for seconds = 10
52+ echo "Got booted breakpoint, stopping..."
53+ stop
54+
55+ if not (file-exists "booted.ckpt") {
56+ echo "Got booted BP, saving checkpoint..."
57+ write-configuration booted.ckpt
58+ } else {
59+ echo "Already had checkpoint, not saving..."
60+ }
61+
62+ start-agent-manager
63+ $matic = (agent_manager.connect-to-agent)
64+ continue
65+ $matic.wait-for-job
66+ $matic.agent-poll-interval ms = 60000
67+ stop
68+ load-module tsffs
69+ init-tsffs
70+ @tsffs.log_level = 4
71+ @tsffs.start_on_harness = True
72+ @tsffs.stop_on_harness = True
73+ @tsffs.timeout = 3.0
74+ @tsffs.exceptions = [13]
75+ @tsffs.generate_random_corpus = True
76+ @tsffs.iteration_limit = 1000
77+
78+ $matic.upload-dir -overwrite "%simics%/fuzzer/"
79+ $matic.run "C:\\fuzzer\\fuzzer.exe"
80+ continue
81+ $matic.wait-for-job
82+ echo "Done with jobs..."
83+ }
84+ ```
85+
4686For example, you should see something like below. Note that you should see a very large
4787initial spike in coverage on the first fuzzer execution.
4888
0 commit comments