From 5f1517cadb98c2b85b4063c66048d7b1a109ba94 Mon Sep 17 00:00:00 2001
From: Zhaolin Deng <zhaolin.deng@student.unimelb.edu.au>
Date: Sun, 14 Oct 2018 14:30:15 +0800
Subject: [PATCH] update
---
fuzz.s | 1 -
fuzzer/Fuzzer.java | 171 +++++++++++++++++++++++----------------------
2 files changed, 87 insertions(+), 85 deletions(-)
diff --git a/fuzz.s b/fuzz.s
index 8b13789..e69de29 100644
--- a/fuzz.s
+++ b/fuzz.s
@@ -1 +0,0 @@
-
diff --git a/fuzzer/Fuzzer.java b/fuzzer/Fuzzer.java
index 6420da0..6816e66 100644
--- a/fuzzer/Fuzzer.java
+++ b/fuzzer/Fuzzer.java
@@ -13,7 +13,7 @@ public class Fuzzer {
private static final String OUTPUT_FILE = "fuzz.s";
private static final List<String> validOpcodes = new ArrayList<String>(Arrays.asList("ADD","SUB","MUL","DIV","LDR","STR","MOV","JMP","JZ"));
private static final int maxRegistry = 32;
- private static final int maxMemory = 65536;
+ private static final int maxMemory = 65535;
private static final String alphabet = "1234567890-=`~!@#$%6&*()_+q wertyuiop[]QWERTYUIOP{}|asdfghjkl;ASDFGHJKL:zxcvbnm,./ZXCVBNM<>?\"\'\\";
public static void main(String[] args) throws IOException {
FileOutputStream out = null;
@@ -23,10 +23,11 @@ public class Fuzzer {
pw = new PrintWriter(out);
Random rg = new Random();
//----------Fuzzer Begins Here----------//
- String line = generateMemoryUnderflow(rg);
- System.out.println("Testing line: "+line);
- pw.println(line);
-
+
+
+
+
+
//----------Fuzzer Ends Here----------
}catch (Exception e){
e.printStackTrace(System.err);
@@ -44,26 +45,25 @@ public class Fuzzer {
//-----------Generation Functions----------//
public static String generateMemoryOverflow(Random rg) {
String line = new String();
- line.concat("MOV R0 "+maxMemory+"%n");
- line.concat("MOV R1 1 %n");
+ line = line +"MOV R0 "+maxMemory+"\n";
+ line = line +"MOV R1 1 \n";
if(rg.nextBoolean()) {
- line.concat("LDR R0 R1 1");
+ line = line +"LDR R0 R1 1";
} else {
- line.concat("STR R0 R1 1");
+ line = line +"STR R0 R1 1";
}
return line;
}
public static String generateMemoryUnderflow(Random rg) {
String line = new String();
- line.concat("MOV R0 "+(maxMemory*-1)+"%n");
- line.concat("MOV R1 1 %n");
+ line = line +"MOV R0 "+(maxMemory*-1)+"\n";
+ line = line +"MOV R1 1 \n";
if(rg.nextBoolean()) {
- line.concat("LDR R0 R1 -1");
+ line = line+"LDR R0 R1 -1";
} else {
- line.concat("STR R0 R1 -1");
+ line = line+"STR R0 R1 -1";
}
- System.out.println("line: "+line);
return line;
}
@@ -85,109 +85,109 @@ public class Fuzzer {
case(0):
goodRegA = rg.nextInt(maxRegistry);
goodRegB = rg.nextInt(maxRegistry);
- line.concat("ADD ");
+ line = line +"ADD ";
pos = rg.nextInt(3);
switch(pos) {
case(0):
- line.concat("R"+invalidRegistry+" R"+goodRegA+" R"+goodRegB);
+ line = line +"R"+invalidRegistry+" R"+goodRegA+" R"+goodRegB;
break;
case(1):
- line.concat("R"+goodRegA+" R"+invalidRegistry+" R"+goodRegB);
+ line = line +"R"+goodRegA+" R"+invalidRegistry+" R"+goodRegB;
break;
case(2):
- line.concat("R"+goodRegB+" R"+goodRegA+" R"+invalidRegistry);
+ line = line +"R"+goodRegB+" R"+goodRegA+" R"+invalidRegistry;
break;
}
return line;
case(1):
goodRegA = rg.nextInt(maxRegistry);
goodRegB = rg.nextInt(maxRegistry);
- line.concat("SUB ");
+ line = line +"SUB ";
pos = rg.nextInt(3);
switch(pos) {
case(0):
- line.concat("R"+invalidRegistry+" R"+goodRegA+" R"+goodRegB);
+ line = line +"R"+invalidRegistry+" R"+goodRegA+" R"+goodRegB;
break;
case(1):
- line.concat("R"+goodRegA+" R"+invalidRegistry+" R"+goodRegB);
+ line = line +"R"+goodRegA+" R"+invalidRegistry+" R"+goodRegB;
break;
case(2):
- line.concat("R"+goodRegB+" R"+goodRegA+" R"+invalidRegistry);
+ line = line +"R"+goodRegB+" R"+goodRegA+" R"+invalidRegistry;
break;
}
return line;
case(2):
goodRegA = rg.nextInt(maxRegistry);
goodRegB = rg.nextInt(maxRegistry);
- line.concat("MOV R"+goodRegB+" 1%n");
- line.concat("DIV ");
+ line = line +"MOV R"+goodRegB+" 1\n";
+ line = line +"DIV ";
pos = rg.nextInt(3);
switch(pos) {
case(0):
- line.concat("R"+invalidRegistry+" R"+goodRegA+" R"+goodRegB);
+ line = line +"R"+invalidRegistry+" R"+goodRegA+" R"+goodRegB;
break;
case(1):
- line.concat("R"+goodRegA+" R"+invalidRegistry+" R"+goodRegB);
+ line = line +"R"+goodRegA+" R"+invalidRegistry+" R"+goodRegB;
break;
case(2):
- line.concat("R"+goodRegB+" R"+goodRegA+" R"+invalidRegistry);
+ line = line +"R"+goodRegB+" R"+goodRegA+" R"+invalidRegistry;
break;
}
return line;
case(3):
goodRegA = rg.nextInt(maxRegistry);
goodRegB = rg.nextInt(maxRegistry);
- line.concat("MUL ");
+ line = line +"MUL ";
pos = rg.nextInt(3);
switch(pos) {
case(0):
- line.concat("R"+invalidRegistry+" R"+goodRegA+" R"+goodRegB);
+ line = line +"R"+invalidRegistry+" R"+goodRegA+" R"+goodRegB;
break;
case(1):
- line.concat("R"+goodRegA+" R"+invalidRegistry+" R"+goodRegB);
+ line = line +"R"+goodRegA+" R"+invalidRegistry+" R"+goodRegB;
break;
case(2):
- line.concat("R"+goodRegB+" R"+goodRegA+" R"+invalidRegistry);
+ line = line +"R"+goodRegB+" R"+goodRegA+" R"+invalidRegistry;
break;
}
return line;
case(4):
- line.concat("LDR ");
+ line = line +"LDR ";
goodRegA = rg.nextInt(maxRegistry);
pos = rg.nextInt(2);
val = rg.nextInt(maxMemory);
switch(pos) {
case(0):
- line.concat("R"+invalidRegistry+" "+val+"R"+goodRegA);
+ line = line +"R"+invalidRegistry+" "+val+"R"+goodRegA;
break;
case(1):
- line.concat("R"+goodRegA+" "+val+"R"+invalidRegistry);
+ line = line +"R"+goodRegA+" "+val+"R"+invalidRegistry;
break;
}
return line;
case(5):
- line.concat("STR ");
+ line = line +"STR ";
goodRegA = rg.nextInt(maxRegistry);
pos = rg.nextInt(2);
val = rg.nextInt(maxMemory);
switch(pos) {
case(0):
- line.concat("R"+invalidRegistry+" "+val+"R"+goodRegA);
+ line = line +"R"+invalidRegistry+" "+val+"R"+goodRegA;
break;
case(1):
- line.concat("R"+goodRegA+" "+val+"R"+invalidRegistry);
+ line = line +"R"+goodRegA+" "+val+"R"+invalidRegistry;
break;
}
return line;
case(6):
- line.concat("MOV ");
+ line = line +"MOV ";
goodRegA = rg.nextInt(maxRegistry);
val = rg.nextInt(maxMemory);
- line.concat("R"+invalidRegistry+" "+val);
+ line = line +"R"+invalidRegistry+" "+val;
return line;
}
return line;
@@ -197,38 +197,38 @@ public class Fuzzer {
String line = new String();
Boolean positive = rg.nextBoolean();
if(!positive) {
- line.concat("MOV R0 -70000");
+ line = line +"MOV R0 -70000";
}else {
- line.concat("MOV R0 70000");
+ line = line +"MOV R0 70000";
}
return line;
}
public static String generateLineOverFlow() {
String line = new String();
- line.concat("RET R0");
+ line = line +"RET R0";
for(int x=0;x<2000;x++) {
- line.concat("a");
+ line = line +"a";
}
return line;
}
public static String generateInstructionOverflow() {
String line = new String();
- line.concat("MOV R0 0%n");
- line.concat("MOV R1 1");
+ line = line +"MOV R0 0\n";
+ line = line +"MOV R1 1";
for(int x=0;x<70000;x++) {
- line.concat("%nADD R0 R0 R1");
+ line = line +"\nADD R0 R0 R1";
}
return line;
}
public static String generateDivideByZero(){
String line = new String();
- line.concat("MOV R0 0%n");
- line.concat("MOV R1 1%n");
- line.concat("DIV R2 R1 R0%n");
- line.concat("RET R2");
+ line = line +"MOV R0 0\n";
+ line = line +"MOV R1 1\n";
+ line = line +"DIV R2 R1 R0\n";
+ line = line +"RET R2";
return line;
}
@@ -236,23 +236,23 @@ public class Fuzzer {
String line = new String();
for(int x=1;x<maxRegistry-1;x++) {
- line.concat("ADD R0 R0 R"+x+"%n");
+ line = line +"ADD R0 R0 R"+x+"\n";
}
- line.concat("RET R0");
+ line = line +"RET R0";
return line;
}
public static String generateDirtyMemoryRead(Random rg) {
String line = new String();
int attempts = 20;
- line.concat("MOV R0 0");
+ line = line +"MOV R0 0";
for(int x=0;x<attempts;x++) {
int value = rg.nextInt(maxMemory);
if(rg.nextBoolean()) {
value = value*-1;
}
- line.concat("%nLDR R0 "+value+" R1%n");
- line.concat("ADD R2 R2 R1%n");
+ line = line +"\nLDR R0 "+value+" R1\n";
+ line = line +"ADD R2 R2 R1\n";
}
return line;
}
@@ -265,7 +265,7 @@ public class Fuzzer {
} else {
val = (programLength-lineNumber+1);
}
- line.concat("JMP "+val);
+ line = line +"JMP "+val;
return line;
}
@@ -278,24 +278,24 @@ public class Fuzzer {
} else {
val = (programLength-lineNumber+2);
}
- line.concat("MOV R0 0%n");
- line.concat("JZ R0 "+val);
+ line = line +"MOV R0 0\n";
+ line = line +"JZ R0 "+val;
return line;
}
public static String intOverflow() {
String line = new String();
- line.concat("MOV R0 65535%n");
- line.concat("MUL R1 R0 R0%n");
- line.concat("MUL R1 R0 R0");
+ line = line +"MOV R0 65535\n";
+ line = line +"MUL R1 R0 R0\n";
+ line = line +"MUL R1 R0 R0";
return line;
}
public static String intUnderflow() {
String line = new String();
- line.concat("MOV R0 -65535%n");
- line.concat("MUL R1 R0 R0%n");
- line.concat("MUL R1 R0 R0");
+ line = line +"MOV R0 -65535\n";
+ line = line +"MUL R1 R0 R0\n";
+ line = line +"MUL R1 R0 R0";
return line;
}
@@ -305,51 +305,54 @@ public class Fuzzer {
Boolean hasval = rg.nextBoolean();
int index = rg.nextInt(validOpcodes.size());
String opcode = validOpcodes.get(index);
- line.concat(opcode);
+ line = line +opcode;
for(int x=0;x<regs;x++) {
int register = rg.nextInt(maxRegistry);
- line.concat(" R"+register);
+ line = line +" R"+register;
}
if(hasval) {
int value=rg.nextInt(maxMemory);
- line.concat(" "+value);
+ line = line +" "+value;
}
//too many arguments
- return null;
+ return line;
}
public static String generateInvalidFunctionName(Random rg,String line) {
char[] charLine = line.toCharArray();
+ System.out.println("line"+line);
int change = rg.nextInt(3)+1;
+ System.out.println("change"+change);
for(int x=0;x<change;x++) {
int index = rg.nextInt(charLine.length);
char character = alphabet.charAt(rg.nextInt(alphabet.length()));
+ System.out.println("char at:"+x+" is "+character);
charLine[index] = character;
}
- return charLine.toString();
+ return new String(charLine);
}
public static String generateInstructionComment(Random rg) {
String line = new String();
- line.concat(";");
+ line = line +";";
String instr = generateValidReturn(rg);
- line.concat(instr);
+ line = line +instr;
return line;
}
public static String generateValidReturn(Random rg) {
String line = new String();
- line.concat("RET");
- line.concat(" R"+rg.nextInt(maxRegistry));
+ line = line +"RET";
+ line = line +" R"+rg.nextInt(maxRegistry);
return line;
}
public static String generateInvalidReturn(Random rg) {
int invalidRegistry;
String line = new String();
- line.concat("RET");
+ line = line +"RET";
Boolean overflow = rg.nextBoolean();
if(overflow) {
invalidRegistry = 32;
@@ -358,7 +361,7 @@ public class Fuzzer {
invalidRegistry = -1;
}
- line.concat(" R"+invalidRegistry);
+ line = line +" R"+invalidRegistry;
return line;
}
@@ -388,10 +391,10 @@ public class Fuzzer {
case("STR"):
//special case - form <REGISTER VALUE REGISTER>
offset = (rg.nextInt(2*maxMemory))-maxMemory;
- line.concat(opcode);
- line.concat(" R"+rg.nextInt(maxRegistry));
- line.concat(" "+offset);
- line.concat(" R"+rg.nextInt(maxRegistry));
+ line = line +opcode;
+ line = line +" R"+rg.nextInt(maxRegistry);
+ line = line +" "+offset;
+ line = line +" R"+rg.nextInt(maxRegistry);
return line;
case("MOV"):
numregs = 1;
@@ -408,7 +411,7 @@ public class Fuzzer {
offset = offset - lineNumber;
if(offset<0) {
offset = offset-1;
- line.concat("JMP 2%n");
+ line = line +"JMP 2\n";
} else if(offset == 0) {
offset = offset+1;
}
@@ -421,19 +424,19 @@ public class Fuzzer {
offset = offset - lineNumber;
if(offset<0) {
offset = offset-2;
- line.concat("JMP 2%n");
+ line = line +"JMP 2\n";
} else if(offset == 0) {
offset = offset+1;
}
break;
}
- line.concat(opcode);
+ line = line +opcode;
int x;
for(x=0;x<numregs;x++){
- line.concat(" R"+rg.nextInt(maxRegistry));
+ line = line +" R"+rg.nextInt(maxRegistry);
}
if(offset!=null){
- line.concat(" "+offset);
+ line = line +" "+offset;
}
return line;
}
--
GitLab