diff options
| -rw-r--r-- | Variables.zig | 21 | ||||
| -rw-r--r-- | collect.c | 17 | ||||
| -rw-r--r-- | fix.m4 | 23 | ||||
| -rw-r--r-- | jump.c | 8 | ||||
| -rw-r--r-- | patch.c | 26 | ||||
| -rw-r--r-- | synth.zig | 13 |
6 files changed, 64 insertions, 44 deletions
diff --git a/Variables.zig b/Variables.zig index c4c40de..99f7061 100644 --- a/Variables.zig +++ b/Variables.zig @@ -24,14 +24,10 @@ const cwd = std.fs.cwd; const divCeil = std.math.divCeil; const fields = std.meta.fields; const std = @import("std"); -const suggestVectorLength = std.simd.suggestVectorLength; -pub const RegisterEnum = enum(u5) { // TODO: u4 - rflags, // TODO: remove - r15, r14, r13, r12, r11, r10, r9, r8, - rdi, rsi, rbp, rbx, rdx, rcx, rax, - rsp, // TODO: remove - rip, // TODO: remove +pub const RegisterEnum = enum(u4) { + rax, rbx, rcx, rdx, rsi, rdi, rsp, rbp, + r8, r9, r10, r11, r12, r13, r14, r15, pub fn format(tag: RegisterEnum, writer: *Writer) Writer.Error!void { try writer.print("{s}", .{ @tagName(tag) }); @@ -41,17 +37,14 @@ const Register = i64; const Registers = [fields(RegisterEnum).len]Register; pub const signed_integers = .{ i64, i32, i16, i8 }; -const len = suggestVectorLength(Register).?; -const alignment = @alignOf(@Vector(len, Register)); +const alignment = @alignOf(Register); comptime { - for (signed_integers) |Int| { - assert(alignment == @alignOf(@Vector(len, Int))); - assert(alignment % @sizeOf(Int) == 0); - } + for (signed_integers) |Int| + assert(alignment >= @alignOf(Int)); } fn alignedSize(T: type, count: usize) !usize { - return try divCeil(usize, @sizeOf(T) * count, alignment) * alignment; + return try divCeil(usize, @sizeOf(T) * count, @alignOf(T)) * @alignOf(T); } fn packedSize(T: type, container_size: usize, count: usize) !usize { diff --git a/collect.c b/collect.c index dc009f1..ad8cf2d 100644 --- a/collect.c +++ b/collect.c @@ -59,7 +59,22 @@ void log(const struct STATE *state) static mutex_t mutex = MUTEX_INITIALIZER; while (mutex_lock(&mutex) < 0); - write(output_file, (const char *)state, sizeof(struct STATE)); + write(output_file, (const char *)&state->rax, sizeof(int64_t)); + write(output_file, (const char *)&state->rbx, sizeof(int64_t)); + write(output_file, (const char *)&state->rcx, sizeof(int64_t)); + write(output_file, (const char *)&state->rdx, sizeof(int64_t)); + write(output_file, (const char *)&state->rsi, sizeof(int64_t)); + write(output_file, (const char *)&state->rdi, sizeof(int64_t)); + write(output_file, (const char *)&state->rsp, sizeof(int64_t)); + write(output_file, (const char *)&state->rbp, sizeof(int64_t)); + write(output_file, (const char *)&state->r8, sizeof(int64_t)); + write(output_file, (const char *)&state->r9, sizeof(int64_t)); + write(output_file, (const char *)&state->r10, sizeof(int64_t)); + write(output_file, (const char *)&state->r11, sizeof(int64_t)); + write(output_file, (const char *)&state->r12, sizeof(int64_t)); + write(output_file, (const char *)&state->r13, sizeof(int64_t)); + write(output_file, (const char *)&state->r14, sizeof(int64_t)); + write(output_file, (const char *)&state->r15, sizeof(int64_t)); write(output_file, (const char *)state->rsp, stack_size); fsync(output_file); mutex_unlock(&mutex); diff --git a/fix.m4 b/fix.m4 index 4ae99b9..fc7c2ce 100644 --- a/fix.m4 +++ b/fix.m4 @@ -17,7 +17,6 @@ # You should have received a copy of the GNU Affero General Public License # along with taosc. If not, see <https://www.gnu.org/licenses/>. -set -eux -o pipefail save_exit_code() { set +e timeout -k 1 $1 ${@:2} 1>/dev/null 2>&1 @@ -36,6 +35,8 @@ then echo Usage: taosc-fix WORKDIR TIMEOUT EXECUTABLE PROOFS_OF_CONCEPT [OPTION]... exit 1 fi + +set -eux -o pipefail wd="$(realpath $1)" test -d "$wd" timeout=$2 @@ -103,7 +104,8 @@ e9tool -100 -M addr=$patch_loc -P 'if dest(state)@patch goto'\ -o "$bin.patched" "$binary" # TODO: FUZZOLIC's options -fuzzolic -kmprst 90000 -i "$poc" -o "$wd/fuzzolic" -- "$binary" $option @@ +fuzzolic -kmprst 90000 -i "$poc" -o "$wd/fuzzolic" -- "$binary" $options @@ || + true # FIXME: failing with the same status as the target program rm -fr "$wd/input" mkdir -p "$wd/input/benign" cp -r "$poc" "$wd/input/malicious" @@ -127,13 +129,16 @@ do output_dir="$wd/values/$(basename "$input_dir")" mkdir -p "$output_dir" # TODO: use parallel - for input in "$input_dir"/* - do - output="$output_dir/$(basename "$input")" - save_exit_code $timeout\ - env TAOSC_STACK_SIZE=$stack_size TAOSC_OUTPUT=$output\ - "$bin.collect" $options "$input" - done + if test "$(ls -A "$input_dir")" + then + for input in "$input_dir"/* + do + output="$output_dir/$(basename "$input")" + save_exit_code $timeout\ + env TAOSC_STACK_SIZE=$stack_size TAOSC_OUTPUT=$output\ + "$bin.collect" $options "$input" + done + fi done # TODO: split if the patch location is reached multiple times with an input taosc-synth $stack_size "$wd"/values/{benign,malicious} > "$wd/predicates" diff --git a/jump.c b/jump.c index 5110ae9..23d9801 100644 --- a/jump.c +++ b/jump.c @@ -28,14 +28,14 @@ static const void *destination; */ static uint64_t getenvull(const char *name) { - const char *const s = getenv(name); - if (s == NULL) + const char *const str = getenv(name); + if (str == NULL) return 0ULL; errno = 0; - const uint64_t u = strtoull(s, NULL, 0); + const uint64_t ull = strtoull(str, NULL, 0); if (errno) return 0ULL; - return u; + return ull; } void init(int argc, const char *const *argv, char **envp) diff --git a/patch.c b/patch.c index eacf2b1..027142b 100644 --- a/patch.c +++ b/patch.c @@ -20,32 +20,32 @@ #include "stdlib.c" -const char *taosc_predicate; -const void *taosc_destination; +static const void *destination; +static const char *predicate; /* * Get an environment variable and parse as a number. * Return 0 on error. */ -uint64_t getenvull(const char *name) +static uint64_t getenvull(const char *name) { - const char *const s = getenv(name); - if (s == NULL) + const char *const str = getenv(name); + if (str == NULL) return 0ULL; errno = 0; - const uint64_t u = strtoull(s, NULL, 0); + const uint64_t ull = strtoull(str, NULL, 0); if (errno) return 0ULL; - return u; + return ull; } void init(int argc, const char *const *argv, char **envp) { environ = envp; - taosc_predicate = getenv("TAOSC_PREDICATE"); - if (taosc_predicate == NULL) - taosc_predicate = "p0"; /* false */ - taosc_destination = (void *) getenvull("TAOSC_DESTINATION"); + destination = (void *) getenvull("TAOSC_DEST"); + predicate = getenv("TAOSC_PRED"); + if (predicate == NULL) + predicate = "p0"; /* false */ } /* Parse *p as an integer. */ @@ -97,6 +97,6 @@ int64_t eval(const char **ptr, const int64_t *env) const void *dest(const struct STATE *state) { - const char *tmp = taosc_predicate; - return eval(&tmp, (const int64_t *) state) ? NULL : taosc_destination; + const char *tmp = predicate; + return eval(&tmp, (const int64_t *) state) ? NULL : destination; } diff --git a/synth.zig b/synth.zig index 4e74cd8..3e04407 100644 --- a/synth.zig +++ b/synth.zig @@ -29,6 +29,7 @@ const page_allocator = std.heap.page_allocator; const parseUnsigned = std.fmt.parseUnsigned; const print = std.debug.print; const std = @import("std"); +const stdout = std.fs.File.stdout; const RegisterEnum = Variables.RegisterEnum; const Variables = @import("Variables.zig"); @@ -52,7 +53,7 @@ const Comparison = struct { } pub fn format(cmp: Comparison, writer: *Writer) Writer.Error!void { - try writer.print("{s}{f}{f}", .{ + try writer.print("{s} {f} {f}", .{ switch (cmp.op) { .lt => "<", .lte => "<=", @@ -68,13 +69,18 @@ const Comparison = struct { }; pub fn main() !void { + var buffer: [80]u8 = undefined; + var writer = stdout().writer(&buffer); var arena = ArenaAllocator.init(page_allocator); defer arena.deinit(); const allocator = arena.allocator(); const args = try argsAlloc(allocator); defer argsFree(allocator, args); if (args.len != 4) { - print("Usage: taosc-synth STACK_SIZE BOTTOM_DIR TOP_DIR", .{}); + try writer.interface.print("Usage: taosc-synth {s} {s} {s}\n", .{ + "STACK_SIZE", "BOTTOM_DIR", "TOP_DIR", + }); + try writer.interface.flush(); exit(1); } const stack_size = try parseUnsigned(usize, args[1], 0); @@ -91,6 +97,7 @@ pub fn main() !void { for (enums.values(CompareOperator)) |op| { const cmp = Comparison{ .lhs = lhs, .op = op, .rhs = rhs }; if (try cmp.check(bot, top)) - print("{f}\n", .{ cmp }); + try writer.interface.print("{f}\n", .{ cmp }); }; + try writer.interface.flush(); } |