Skip to content

Commit

Permalink
resolved #56, resolved #38
Browse files Browse the repository at this point in the history
  • Loading branch information
thientc committed Mar 25, 2023
1 parent f1eb527 commit d07686c
Show file tree
Hide file tree
Showing 5 changed files with 117 additions and 16 deletions.
2 changes: 1 addition & 1 deletion src/clang/include/Futag/ArgumentsUsage.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -169,7 +169,7 @@ class ArgumentsUsage {
// - We should add support for return types
const std::unordered_map<std::string, std::vector<ArgumentType>>
fuctionArgsToTypes = {
{"read", {AT::FILE_PATH, AT::UNKNOWN, AT::SIZE_FIELD}},
{"read", {AT::FILE_DESCRIPTOR, AT::UNKNOWN, AT::SIZE_FIELD}},
{"open", {AT::FILE_PATH, AT::UNKNOWN}},
{"fopen", {AT::FILE_PATH, AT::UNKNOWN}},
{"write", {AT::FILE_DESCRIPTOR, AT::UNKNOWN, AT::SIZE_FIELD}},
Expand Down
Binary file modified src/python/futag-package/dist/futag-2.0.0-py3-none-any.whl
View file
Binary file not shown.
Binary file modified src/python/futag-package/dist/futag-2.0.0.tar.gz
View file
Binary file not shown.
2 changes: 1 addition & 1 deletion src/python/futag-package/src/futag/fuzzer.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -612,7 +612,7 @@ def fuzz(self, extra_param: str = ""):
"-max_total_time=" + str(self.totaltime),
"-artifact_prefix=" + dir.as_posix() + "/",
]
if not extra_param:
if extra_param:
execute_command = execute_command + extra_param.split(" ")
if self.debug:
print("-- [Futag] FUZZING command:" +
Expand Down
129 changes: 115 additions & 14 deletions src/python/futag-package/src/futag/generator.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,7 @@ def __init__(self, futag_llvm_package: str, library_root: str, target_type: int
self.futag_llvm_package = futag_llvm_package
self.library_root = library_root
self.target_library = None
self.header = []

self.gen_anonymous = False
self.gen_this_function = True
Expand Down Expand Up @@ -218,6 +219,9 @@ def __gen_header(self, target_function_name):
include_lines.append("#include <" + i + ">\n")
for i in included_headers:
include_lines.append("#include " + i + "\n")
if self.header:
for i in self.header:
include_lines.append("#include " + i + "\n")
return include_lines

def __gen_builtin(self, param_name, gen_type_info):
Expand Down Expand Up @@ -608,6 +612,35 @@ def __gen_input_file(self, param_name, gen_type_info):
"buffer_size": []
}

def __gen_file_descriptor(self, param_name, gen_type_info):
if not "<fcntl.h>" in self.header:
self.header += ["<fcntl.h>"]
cur_gen_free = [" " + x for x in self.gen_free]
gen_lines = [
"//GEN_FILE_DESCRIPTOR\n",
"const char* " + param_name + "_tmp" + str(self.file_idx) + " = \"futag_input_file_" +
str(self.file_idx - 1) + "\";\n",
"FILE * fp_" + str(self.file_idx - 1) +
" = fopen(" + param_name + "_tmp" + str(self.file_idx) + ",\"w\");\n",
"if (fp_" + str(self.file_idx - 1) + " == NULL) {\n",
]
gen_lines += cur_gen_free
gen_lines += [
" return 0;\n",
"}\n",
"fwrite(pos, 1, file_size[" + str(self.file_idx - 1) +
"], fp_" + str(self.file_idx - 1) + ");\n",
"fclose(fp_" + str(self.file_idx - 1) + ");\n",
"pos += file_size[" + str(self.file_idx - 1) + "];\n",
gen_type_info["type_name"] + " " + param_name + "= open(" + param_name + "_tmp" + str(self.file_idx) + ", O_RDWR);\n"
]
gen_free = ["close(" + param_name + ");\n"]
return {
"gen_lines": gen_lines,
"gen_free": gen_free,
"buffer_size": []
}

def __search_in_typedefs(self, type_name, typedefs):
# Are there multiple type definitions for the same data type???
result = None
Expand Down Expand Up @@ -692,7 +725,16 @@ def __gen_var_function(self, func_param_name: str, func):
for gen_type_info in arg["gen_list"]:
if gen_type_info["gen_type"] == GEN_BUILTIN:
this_gen_size = False
if param_id > 0 and (func["params"][param_id - 1]["gen_list"][0]["gen_type"] in [GEN_CSTRING, GEN_CXXSTRING] or arg["param_usage"] == "SIZE_FIELD"):
if arg["param_usage"] in ["FILE_DESCRIPTOR"]:
curr_name = "fd_" + curr_name + str(self.file_idx) # string_prefix
self.file_idx += 1
curr_gen = self.__gen_file_descriptor(
curr_name, gen_type_info)
gen_dict["buffer_size"] += curr_gen["buffer_size"]
gen_dict["gen_lines"] += curr_gen["gen_lines"]
gen_dict["gen_free"] += curr_gen["gen_free"]
break
elif param_id > 0 and (func["params"][param_id - 1]["gen_list"][0]["gen_type"] in [GEN_CSTRING, GEN_CXXSTRING] or arg["param_usage"] == "SIZE_FIELD"):
if gen_type_info["type_name"] in ["size_t", "unsigned char", "char", "int", "unsigned", "unsigned int", "short", "unsigned short", "short int", "unsigned short int"]:
curr_name = "sz_" + curr_name # size_prefix
curr_gen = self.__gen_strsize(
Expand All @@ -702,7 +744,6 @@ def __gen_var_function(self, func_param_name: str, func):
gen_dict["gen_free"] += curr_gen["gen_free"]
this_gen_size = True # with break, we may not need this variable :)
break

if not this_gen_size:
curr_name = "b_" + curr_name # builtin_prefix
curr_gen = self.__gen_builtin(curr_name, gen_type_info)
Expand Down Expand Up @@ -1112,16 +1153,24 @@ def __gen_target_function(self, func, param_id) -> bool:
for gen_type_info in curr_param["gen_list"]:
prev_param_name = curr_name
if gen_type_info["gen_type"] == GEN_BUILTIN:
# GEN FILE DESCRIPTOR
# GEN STRING SIZE
this_gen_size = False
if param_id > 0 and (func["params"][param_id - 1]["gen_list"][0]["gen_type"] in [GEN_CSTRING, GEN_CXXSTRING] or curr_param["param_usage"] == "SIZE_FIELD"):
if curr_param["param_usage"] in ["FILE_DESCRIPTOR"]:
curr_name = "fd_" + curr_name + str(self.file_idx) # string_prefix
self.file_idx += 1
curr_gen = self.__gen_file_descriptor(
curr_name, gen_type_info)
self.__append_gen_dict(curr_gen)
break
# GEN STRING SIZE

elif param_id > 0 and (func["params"][param_id - 1]["gen_list"][0]["gen_type"] in [GEN_CSTRING, GEN_CXXSTRING] or curr_param["param_usage"] == "SIZE_FIELD"):

if gen_type_info["type_name"] in ["size_t", "unsigned char", "char", "int", "unsigned", "unsigned int", "short", "unsigned short", "short int", "unsigned short int"]:
curr_name = "sz_" + curr_name # size_prefix
curr_gen = self.__gen_strsize(
curr_name, curr_param["param_type"], self.dyn_size_idx)
self.__append_gen_dict(curr_gen)
this_gen_size = True # with break, we may not need this variable :)
this_gen_size = True
break
if not this_gen_size:
curr_name = "b_" + curr_name # builtin_prefix
Expand Down Expand Up @@ -1489,7 +1538,7 @@ def compile_targets(self, workers: int = 4, keep_failed: bool = False, extra_inc
extra_dynamiclink (str, optional): option for add dynamic libraries while compiling. Defaults to "".
flags (str, optional): flags for compiling fuzz-drivers. Defaults to "-fsanitize=address -g -O0".
coverage (bool, optional): option for add coverage flag. Defaults to False.
"""
"""

# include_subdir = self.target_library["header_dirs"]
# include_subdir = include_subdir + [x.parents[0].as_posix() for x in (self.build_path).glob("**/*.h")] + [x.parents[0].as_posix() for x in (self.build_path).glob("**/*.hpp")] + [self.build_path.as_posix()]
Expand All @@ -1499,7 +1548,8 @@ def compile_targets(self, workers: int = 4, keep_failed: bool = False, extra_inc
# include_subdir = list(set(include_subdir))
if not flags:
if coverage:
compiler_flags_aflplusplus = COMPILER_FLAGS + " " + COMPILER_COVERAGE_FLAGS + " " + DEBUG_FLAGS + " -fPIE"
compiler_flags_aflplusplus = COMPILER_FLAGS + " " + \
COMPILER_COVERAGE_FLAGS + " " + DEBUG_FLAGS + " -fPIE"
compiler_flags_libFuzzer = FUZZ_COMPILER_FLAGS + " " +\
COMPILER_COVERAGE_FLAGS + " " + DEBUG_FLAGS
else:
Expand Down Expand Up @@ -1719,7 +1769,8 @@ def __init__(self, futag_llvm_package: str, library_root: str, target_type: int
self.target_library = None
self.consumer_contexts = None
self.total_context = []

self.header = []

self.gen_anonymous = False
self.gen_this_function = True
self.gen_lines = []
Expand Down Expand Up @@ -1894,6 +1945,9 @@ def __gen_header(self, target_function_name):
include_lines.append("#include <" + i + ">\n")
for i in included_headers:
include_lines.append("#include " + i + "\n")
if self.header:
for i in self.header:
include_lines.append("#include " + i + "\n")
return include_lines

def __gen_builtin(self, param_name, gen_type_info):
Expand Down Expand Up @@ -2283,6 +2337,36 @@ def __gen_input_file(self, param_name, gen_type_info):
"gen_free": [],
"buffer_size": []
}

def __gen_file_descriptor(self, param_name, gen_type_info):
if not "<fcntl.h>" in self.header:
self.header += ["<fcntl.h>"]
cur_gen_free = [" " + x for x in self.gen_free]
gen_lines = [
"//GEN_FILE_DESCRIPTOR\n",
"const char* " + param_name + "_tmp" + str(self.file_idx) + " = \"futag_input_file_" +
str(self.file_idx - 1) + "\";\n",
"FILE * fp_" + str(self.file_idx - 1) +
" = fopen(" + param_name + "_tmp" + str(self.file_idx) + ",\"w\");\n",
"if (fp_" + str(self.file_idx - 1) + " == NULL) {\n",
]
gen_lines += cur_gen_free
gen_lines += [
" return 0;\n",
"}\n",
"fwrite(pos, 1, file_size[" + str(self.file_idx - 1) +
"], fp_" + str(self.file_idx - 1) + ");\n",
"fclose(fp_" + str(self.file_idx - 1) + ");\n",
"pos += file_size[" + str(self.file_idx - 1) + "];\n",
gen_type_info["type_name"] + " " + param_name + "= open(" + param_name + "_tmp" + str(self.file_idx) + ", O_RDWR);\n"
]
gen_free = ["close(" + param_name + ");\n"]
return {
"gen_lines": gen_lines,
"gen_free": gen_free,
"buffer_size": []
}


def __search_in_typedefs(self, type_name, typedefs):
# Are there multiple type definitions for the same data type???
Expand Down Expand Up @@ -2368,7 +2452,16 @@ def __gen_var_function(self, func_param_name: str, func):
for gen_type_info in arg["gen_list"]:
if gen_type_info["gen_type"] == GEN_BUILTIN:
this_gen_size = False
if param_id > 0 and (func["params"][param_id - 1]["gen_list"][0]["gen_type"] in [GEN_CSTRING, GEN_CXXSTRING] or arg["param_usage"] == "SIZE_FIELD"):
if curr_param["param_usage"] in ["FILE_DESCRIPTOR"]:
curr_name = "fd_" + curr_name + str(self.file_idx) # string_prefix
self.file_idx += 1
curr_gen = self.__gen_file_descriptor(
curr_name, gen_type_info)
gen_dict["buffer_size"] += curr_gen["buffer_size"]
gen_dict["gen_lines"] += curr_gen["gen_lines"]
gen_dict["gen_free"] += curr_gen["gen_free"]
break
elif param_id > 0 and (func["params"][param_id - 1]["gen_list"][0]["gen_type"] in [GEN_CSTRING, GEN_CXXSTRING] or arg["param_usage"] == "SIZE_FIELD"):
if gen_type_info["type_name"] in ["size_t", "unsigned char", "char", "int", "unsigned", "unsigned int", "short", "unsigned short", "short int", "unsigned short int"]:
curr_name = "sz_" + curr_name # size_prefix
curr_gen = self.__gen_strsize(
Expand Down Expand Up @@ -2684,7 +2777,7 @@ def __gen_target_function(self, call, func, param_id) -> bool:
func_call += ",".join(param_list)
func_call += ");\n"
gen_lines.append(func_call)

if self.gen_free:
gen_lines.append("//FREE\n")
for line in self.gen_free:
Expand Down Expand Up @@ -2742,7 +2835,14 @@ def __gen_target_function(self, call, func, param_id) -> bool:
# GEN FILE DESCRIPTOR
# GEN STRING SIZE
this_gen_size = False
if param_id > 0 and (func["params"][param_id - 1]["gen_list"][0]["gen_type"] in [GEN_CSTRING, GEN_CXXSTRING] or curr_param["param_usage"] == "SIZE_FIELD"):
if curr_param["param_usage"] in ["FILE_DESCRIPTOR"]:
curr_name = "fd_" + curr_name + str(self.file_idx) # string_prefix
self.file_idx += 1
curr_gen = self.__gen_file_descriptor(
curr_name, gen_type_info)
self.__append_gen_dict(curr_gen)
break
elif param_id > 0 and (func["params"][param_id - 1]["gen_list"][0]["gen_type"] in [GEN_CSTRING, GEN_CXXSTRING] or curr_param["param_usage"] == "SIZE_FIELD"):
if gen_type_info["type_name"] in ["size_t", "unsigned char", "char", "int", "unsigned", "unsigned int", "short", "unsigned short", "short int", "unsigned short int"]:
curr_name = "sz_" + curr_name # size_prefix
curr_gen = self.__gen_strsize(
Expand Down Expand Up @@ -3064,7 +3164,8 @@ def compile_targets(self, workers: int = 4, keep_failed: bool = False, extra_inc
# include_subdir = list(set(include_subdir))
if not flags:
if coverage:
compiler_flags_aflplusplus = COMPILER_FLAGS + " " + COMPILER_COVERAGE_FLAGS + " " + DEBUG_FLAGS + " -fPIE"
compiler_flags_aflplusplus = COMPILER_FLAGS + " " + \
COMPILER_COVERAGE_FLAGS + " " + DEBUG_FLAGS + " -fPIE"
compiler_flags_libFuzzer = FUZZ_COMPILER_FLAGS + " " +\
COMPILER_COVERAGE_FLAGS + " " + DEBUG_FLAGS
else:
Expand Down Expand Up @@ -3246,7 +3347,7 @@ def sort_callexprs(self):
Returns:
_type_: _description_
"""
"""
if not self.consumer_contexts:
return False

Expand Down

0 comments on commit d07686c

Please sign in to comment.