about summary refs log tree commit diff
diff options
context:
space:
mode:
authorNguyễn Gia Phong <cnx@loang.net>2025-10-17 07:41:10 +0900
committerNguyễn Gia Phong <cnx@loang.net>2025-10-17 07:41:10 +0900
commit3a2e8fd0b06ebb738d9d4677659249e05b09e7cb (patch)
tree46e7ab24161958d60fb980dd1e28096c0fb28dd6
parent663ea12374e958fa83ac7e1b439dd6ab22bb59ed (diff)
downloadtaosc-3a2e8fd0b06ebb738d9d4677659249e05b09e7cb.tar.gz
Give up fancy things 0.0.3.dev1
Diffstat
-rw-r--r--Variables.zig21


-rw-r--r--collect.c17


-rw-r--r--fix.m423


-rw-r--r--jump.c8


-rw-r--r--patch.c26


-rw-r--r--synth.zig13


6 files changed, 64 insertions, 44 deletions
diff --git a/Variables.zig b/Variables.zig
index c4c40de..99f7061 100644
--- a/Variables.zig
+++ b/Variables.zig
@@ -24,14 +24,10 @@ const cwd = std.fs.cwd;
 const divCeil = std.math.divCeil;
 const fields = std.meta.fields;
 const std = @import("std");
-const suggestVectorLength = std.simd.suggestVectorLength;
 
-pub const RegisterEnum = enum(u5) { // TODO: u4
-    rflags, // TODO: remove
-    r15, r14, r13, r12, r11, r10, r9, r8,
-    rdi, rsi, rbp, rbx, rdx, rcx, rax,
-    rsp, // TODO: remove
-    rip, // TODO: remove
+pub const RegisterEnum = enum(u4) {
+    rax, rbx, rcx, rdx, rsi, rdi, rsp, rbp,
+    r8, r9, r10, r11, r12, r13, r14, r15,
 
     pub fn format(tag: RegisterEnum, writer: *Writer) Writer.Error!void {
         try writer.print("{s}", .{ @tagName(tag) });
@@ -41,17 +37,14 @@ const Register = i64;
 const Registers = [fields(RegisterEnum).len]Register;
 
 pub const signed_integers = .{ i64, i32, i16, i8 };
-const len = suggestVectorLength(Register).?;
-const alignment = @alignOf(@Vector(len, Register));
+const alignment = @alignOf(Register);
 comptime {
-    for (signed_integers) |Int| {
-        assert(alignment == @alignOf(@Vector(len, Int)));
-        assert(alignment % @sizeOf(Int) == 0);
-    }
+    for (signed_integers) |Int|
+        assert(alignment >= @alignOf(Int));
 }
 
 fn alignedSize(T: type, count: usize) !usize {
-    return try divCeil(usize, @sizeOf(T) * count, alignment) * alignment;
+    return try divCeil(usize, @sizeOf(T) * count, @alignOf(T)) * @alignOf(T);
 }
 
 fn packedSize(T: type, container_size: usize, count: usize) !usize {
diff --git a/collect.c b/collect.c
index dc009f1..ad8cf2d 100644
--- a/collect.c
+++ b/collect.c
@@ -59,7 +59,22 @@ void log(const struct STATE *state)
 
 	static mutex_t mutex = MUTEX_INITIALIZER;
 	while (mutex_lock(&mutex) < 0);
-	write(output_file, (const char *)state, sizeof(struct STATE));
+	write(output_file, (const char *)&state->rax, sizeof(int64_t));
+	write(output_file, (const char *)&state->rbx, sizeof(int64_t));
+	write(output_file, (const char *)&state->rcx, sizeof(int64_t));
+	write(output_file, (const char *)&state->rdx, sizeof(int64_t));
+	write(output_file, (const char *)&state->rsi, sizeof(int64_t));
+	write(output_file, (const char *)&state->rdi, sizeof(int64_t));
+	write(output_file, (const char *)&state->rsp, sizeof(int64_t));
+	write(output_file, (const char *)&state->rbp, sizeof(int64_t));
+	write(output_file, (const char *)&state->r8, sizeof(int64_t));
+	write(output_file, (const char *)&state->r9, sizeof(int64_t));
+	write(output_file, (const char *)&state->r10, sizeof(int64_t));
+	write(output_file, (const char *)&state->r11, sizeof(int64_t));
+	write(output_file, (const char *)&state->r12, sizeof(int64_t));
+	write(output_file, (const char *)&state->r13, sizeof(int64_t));
+	write(output_file, (const char *)&state->r14, sizeof(int64_t));
+	write(output_file, (const char *)&state->r15, sizeof(int64_t));
 	write(output_file, (const char *)state->rsp, stack_size);
 	fsync(output_file);
 	mutex_unlock(&mutex);
diff --git a/fix.m4 b/fix.m4
index 4ae99b9..fc7c2ce 100644
--- a/fix.m4
+++ b/fix.m4
@@ -17,7 +17,6 @@
 # You should have received a copy of the GNU Affero General Public License
 # along with taosc.  If not, see <https://www.gnu.org/licenses/>.
 
-set -eux -o pipefail
 save_exit_code() {
   set +e
   timeout -k 1 $1 ${@:2} 1>/dev/null 2>&1
@@ -36,6 +35,8 @@ then
   echo Usage: taosc-fix WORKDIR TIMEOUT EXECUTABLE PROOFS_OF_CONCEPT [OPTION]...
   exit 1
 fi
+
+set -eux -o pipefail
 wd="$(realpath $1)"
 test -d "$wd"
 timeout=$2
@@ -103,7 +104,8 @@ e9tool -100 -M addr=$patch_loc -P 'if dest(state)@patch goto'\
   -o "$bin.patched" "$binary"
 
 # TODO: FUZZOLIC's options
-fuzzolic -kmprst 90000 -i "$poc" -o "$wd/fuzzolic" -- "$binary" $option @@
+fuzzolic -kmprst 90000 -i "$poc" -o "$wd/fuzzolic" -- "$binary" $options @@ ||
+  true # FIXME: failing with the same status as the target program
 rm -fr "$wd/input"
 mkdir -p "$wd/input/benign"
 cp -r "$poc" "$wd/input/malicious"
@@ -127,13 +129,16 @@ do
   output_dir="$wd/values/$(basename "$input_dir")"
   mkdir -p "$output_dir"
   # TODO: use parallel
-  for input in "$input_dir"/*
-  do
-    output="$output_dir/$(basename "$input")"
-    save_exit_code $timeout\
-      env TAOSC_STACK_SIZE=$stack_size TAOSC_OUTPUT=$output\
-      "$bin.collect" $options "$input"
-  done
+  if test "$(ls -A "$input_dir")"
+  then
+    for input in "$input_dir"/*
+    do
+      output="$output_dir/$(basename "$input")"
+      save_exit_code $timeout\
+        env TAOSC_STACK_SIZE=$stack_size TAOSC_OUTPUT=$output\
+        "$bin.collect" $options "$input"
+    done
+  fi
 done
 # TODO: split if the patch location is reached multiple times with an input
 taosc-synth $stack_size "$wd"/values/{benign,malicious} > "$wd/predicates"
diff --git a/jump.c b/jump.c
index 5110ae9..23d9801 100644
--- a/jump.c
+++ b/jump.c
@@ -28,14 +28,14 @@ static const void *destination;
  */
 static uint64_t getenvull(const char *name)
 {
-	const char *const s = getenv(name);
-	if (s == NULL)
+	const char *const str = getenv(name);
+	if (str == NULL)
 		return 0ULL;
 	errno = 0;
-	const uint64_t u = strtoull(s, NULL, 0);
+	const uint64_t ull = strtoull(str, NULL, 0);
 	if (errno)
 		return 0ULL;
-	return u;
+	return ull;
 }
 
 void init(int argc, const char *const *argv, char **envp)
diff --git a/patch.c b/patch.c
index eacf2b1..027142b 100644
--- a/patch.c
+++ b/patch.c
@@ -20,32 +20,32 @@
 
 #include "stdlib.c"
 
-const char *taosc_predicate;
-const void *taosc_destination;
+static const void *destination;
+static const char *predicate;
 
 /*
  * Get an environment variable and parse as a number.
  * Return 0 on error.
  */
-uint64_t getenvull(const char *name)
+static uint64_t getenvull(const char *name)
 {
-	const char *const s = getenv(name);
-	if (s == NULL)
+	const char *const str = getenv(name);
+	if (str == NULL)
 		return 0ULL;
 	errno = 0;
-	const uint64_t u = strtoull(s, NULL, 0);
+	const uint64_t ull = strtoull(str, NULL, 0);
 	if (errno)
 		return 0ULL;
-	return u;
+	return ull;
 }
 
 void init(int argc, const char *const *argv, char **envp)
 {
 	environ = envp;
-	taosc_predicate = getenv("TAOSC_PREDICATE");
-	if (taosc_predicate == NULL)
-		taosc_predicate = "p0"; /* false */
-	taosc_destination = (void *) getenvull("TAOSC_DESTINATION");
+	destination = (void *) getenvull("TAOSC_DEST");
+	predicate = getenv("TAOSC_PRED");
+	if (predicate == NULL)
+		predicate = "p0"; /* false */
 }
 
 /* Parse *p as an integer. */
@@ -97,6 +97,6 @@ int64_t eval(const char **ptr, const int64_t *env)
 
 const void *dest(const struct STATE *state)
 {
-	const char *tmp = taosc_predicate;
-	return eval(&tmp, (const int64_t *) state) ? NULL : taosc_destination;
+	const char *tmp = predicate;
+	return eval(&tmp, (const int64_t *) state) ? NULL : destination;
 }
diff --git a/synth.zig b/synth.zig
index 4e74cd8..3e04407 100644
--- a/synth.zig
+++ b/synth.zig
@@ -29,6 +29,7 @@ const page_allocator = std.heap.page_allocator;
 const parseUnsigned = std.fmt.parseUnsigned;
 const print = std.debug.print;
 const std = @import("std");
+const stdout = std.fs.File.stdout;
 
 const RegisterEnum = Variables.RegisterEnum;
 const Variables = @import("Variables.zig");
@@ -52,7 +53,7 @@ const Comparison = struct {
     }
 
     pub fn format(cmp: Comparison, writer: *Writer) Writer.Error!void {
-        try writer.print("{s}{f}{f}", .{
+        try writer.print("{s} {f} {f}", .{
             switch (cmp.op) {
                 .lt => "<",
                 .lte => "<=",
@@ -68,13 +69,18 @@ const Comparison = struct {
 };
 
 pub fn main() !void {
+    var buffer: [80]u8 = undefined;
+    var writer = stdout().writer(&buffer);
     var arena = ArenaAllocator.init(page_allocator);
     defer arena.deinit();
     const allocator = arena.allocator();
     const args = try argsAlloc(allocator);
     defer argsFree(allocator, args);
     if (args.len != 4) {
-        print("Usage: taosc-synth STACK_SIZE BOTTOM_DIR TOP_DIR", .{});
+        try writer.interface.print("Usage: taosc-synth {s} {s} {s}\n", .{
+            "STACK_SIZE", "BOTTOM_DIR", "TOP_DIR",
+        });
+        try writer.interface.flush();
         exit(1);
     }
     const stack_size = try parseUnsigned(usize, args[1], 0);
@@ -91,6 +97,7 @@ pub fn main() !void {
                 for (enums.values(CompareOperator)) |op| {
                     const cmp = Comparison{ .lhs = lhs, .op = op, .rhs = rhs };
                     if (try cmp.check(bot, top))
-                        print("{f}\n", .{ cmp });
+                        try writer.interface.print("{f}\n", .{ cmp });
                 };
+    try writer.interface.flush();
 }

 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-10-27 15:44:50 +0000