kmc7468/cs420
1
0
Fork 0
mirror of https://github.com/kmc7468/cs420.git synced 2025-12-15 23:18:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update fuzzer

Browse Source
This commit is contained in:
Minseong Jang
2022-04-04 20:34:26 +09:00
parent 3a36e47985
commit e567681ed9
4 changed files with 69 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
tests/fuzz.py
View File

@@ -155,7 +155,7 @@ def polish(src, inc_path):
return src_replaced
def make_reduce_criteria(tests_dir, fuzz_arg):
def make_reduce_criteria(tests_dir, fuzz_arg, analyze):
"""Make executable reduce_criteria.sh
"""
# Make shell script i.e. dependent to KECC path
@@ -164,6 +164,7 @@ def make_reduce_criteria(tests_dir, fuzz_arg):
"$FUZZ_ARG": fuzz_arg,
"$KECC_BIN": str(os.path.abspath(os.path.join(tests_dir, "../target/release/kecc"))),
"$FUZZ_BIN": str(os.path.abspath(os.path.join(tests_dir, "../target/release/fuzz"))),
"$CLANG_ANALYZE": str(analyze).lower(),
}
with open(os.path.join(tests_dir, "reduce-criteria-template.sh"), "r") as t:
temp = t.read()
@@ -183,14 +184,14 @@ def make_reduce_criteria(tests_dir, fuzz_arg):
proc.kill()
raise e
def creduce(tests_dir, fuzz_arg):
def creduce(tests_dir, fuzz_arg, analyze):
"""Reduce `tests/test_polished.c` to `tests/test_reduced.c`
First, we copy test_polished.c to test_reduced.c.
Then, when Creduce reduces test_reduced.c, it overwrites partially reduced program to itself.
Original file is moved to test_reduced.c.orig which is then identical to test_polished.c.
"""
make_reduce_criteria(tests_dir, fuzz_arg)
make_reduce_criteria(tests_dir, fuzz_arg, analyze)
try:
args = ["cp", "test_polished.c", "test_reduced.c"]
@@ -204,7 +205,7 @@ def creduce(tests_dir, fuzz_arg):
try:
# --tidy: Do not make a backup copy of each file to reduce as file.orig
args = ["creduce", "--tidy", "./reduce-criteria.sh", "test_reduced.c"]
args = ["creduce", "--tidy", "--timeout", "20", "./reduce-criteria.sh", "test_reduced.c"]
proc = subprocess.Popen(args, stdout=subprocess.PIPE, stderr=subprocess.STDOUT, cwd=tests_dir)
(out, err) = proc.communicate()
if proc.returncode != 0:
@@ -269,6 +270,7 @@ if __name__ == "__main__":
parser.add_argument('--skip-build', action='store_true', help="Skipping cargo build")
parser.add_argument('--easy', action='store_true', help="Generate more easy code by csmith option")
parser.add_argument('--seed', type=int, help="Provide seed of fuzz generation", default=-1)
parser.add_argument('--clang-analyze', action='store_true', help="Use clang static analyzer for reducing. It prevents undefined behaviors coming from reduced program, but perhaps take a long time to do so")
args = parser.parse_args()
if args.print and args.irgen:
@@ -301,6 +303,6 @@ if __name__ == "__main__":
print("Skip building. Please run `cargo build --features=build-bin --release --bin fuzz --bin kecc` to manually build.")
if args.reduce:
creduce(tests_dir, fuzz_arg)
creduce(tests_dir, fuzz_arg, args.clang_analyze)
else:
fuzz(tests_dir, fuzz_arg, args.num, args.easy)