Polish a tad HEAD main

1 files changed, 18 insertions, 16 deletions

diff --git a/fix.m4 b/fix.m4
index cbf3725..4647d00 100644
--- a/fix.m4
+++ b/fix.m4
@@ -1,6 +1,6 @@
 #!/bin/sh
 # Patcher
-# Copyright (C) 2024  Nguy?n Gia Phong
+# Copyright (C) 2024  Nguyễn Gia Phong
 #
 # This file is part of taosc.
 #
@@ -17,30 +17,32 @@
 # You should have received a copy of the GNU Affero General Public License
 # along with taosc.  If not, see <https://www.gnu.org/licenses/>.
 
-set -e
+set -ex
 if test $# -ne 3
 then
-  echo Usage: taosc-fix binary instruction-address working-directory
+  echo Usage: taosc-fix binary address workdir
   exit 1
 fi
 binary="$(realpath $1)"
 address="$2"
 wd="$(realpath $3)"
+bin="$wd/$(basename $binary)"
 
+afl-dyninst -x "$binary" "$bin.fuzzee"
 pushd DATA_DIR > /dev/null
 trap 'popd > /dev/null' EXIT
-collect="$wd/$(basename $binary).collect"
-e9tool -M addr=$address -P 'log(state)@collect' -o "$collect.orig" "$binary"
-afl-dyninst -i "$collect.orig" -o "$collect"
-patched="$wd/$(basename $binary).patched"
-e9tool -M addr=$address -P 'if dest(state)@patch goto' -o "$patched" "$binary"
+e9tool -M addr=$address -P 'log(state)@collect'\
+  -o "$bin.collect" "$binary"
+e9tool -M addr=$address -P 'if dest(state)@patch goto'\
+  -o "$bin.patched" "$binary"
 
+# TODO: augment number of executions
+afl-dyninst-env afl-fuzz -i "$wd/fuzz/exploits" -o "$wd/fuzz/crashes"\
+  -CE 10000 -- "$bin.fuzzee" -d @@
+find "$wd/fuzz/crashes/default/crashes" -name id:* |
+  parallel TAOSC_OUTPUT="$wd/vars/neg/"'$(basename {})' "$bin.collect" -d {}
+time taosc-synth "$wd/vars" > "$wd/predicates"
 taosc-scout "$binary" "$address" > "$wd/destinations"
-#for dest in $(taosc-slice "$binary" "$address")
-#do
-#  for dest in $(taosc-slice "$binary" "$address")
-#  do
-#    TAOSC_PREDICATE="<v15p0" TAOSC_DESTINATION=$dest $patched\
-#      -d /home/cnx/Sauces/apr/vulnfix/data/binutils/cve_2017_14745/exploit
-#  done
-#done
+
+# TAOSC_PREDICATE=">=v15p0" TAOSC_DESTINATION=0x "$bin.patched" -d @@
+# vim: filetype=sh.m4