Skip to content
Snippets Groups Projects
Commit 5f4ea710 authored by Zhaolin Deng's avatar Zhaolin Deng
Browse files

merge

parents 5039b9ab 95a0d1bb
No related branches found
No related tags found
No related merge requests found
Expand all Show whitespace changes
Inline Side-by-side
fuzz.s
+ 37275
0
View file @ 5f4ea710
This diff is collapsed.
fuzzer/Fuzzer.java
+ 90
28
View file @ 5f4ea710
...@@ -11,10 +11,11 @@ import java.util.Random; ...@@ -11,10 +11,11 @@ import java.util.Random;
public class Fuzzer { public class Fuzzer {
private static final String OUTPUT_FILE = "fuzz.s"; private static final String OUTPUT_FILE = "fuzz.s";
private static final List<String> validOpcodes = new ArrayList<String>(Arrays.asList("ADD","SUB","MUL","DIV","LDR","STR","MOV","JMP","JZ")); private static final List<String> validOpcodes = new ArrayList<String>(Arrays.asList("ADD","SUB","MUL","DIV","LDR","STR","MOV"));
private static final int maxRegistry = 32; private static final int maxRegistry = 32;
private static final int maxMemory = 65535; private static final int maxMemory = 65535;
private static final int maxPadding = 40000; private static final int maxPadding = 40000;
private static final int strategies = 13;
private static final String alphabet = "1234567890-=`~!@#$%6&*()_+q wertyuiop[]QWERTYUIOP{}|asdfghjkl;ASDFGHJKL:zxcvbnm,./ZXCVBNM<>?\"\'\\"; private static final String alphabet = "1234567890-=`~!@#$%6&*()_+q wertyuiop[]QWERTYUIOP{}|asdfghjkl;ASDFGHJKL:zxcvbnm,./ZXCVBNM<>?\"\'\\";
public static void main(String[] args) throws IOException { public static void main(String[] args) throws IOException {
FileOutputStream out = null; FileOutputStream out = null;
...@@ -23,8 +24,10 @@ public class Fuzzer { ...@@ -23,8 +24,10 @@ public class Fuzzer {
out = new FileOutputStream(OUTPUT_FILE); out = new FileOutputStream(OUTPUT_FILE);
pw = new PrintWriter(out); pw = new PrintWriter(out);
Random rg = new Random(); Random rg = new Random();
//----------Fuzzer Begins Here----------// //----------Fuzzer Begins Here----------//
//-----Decide Strategy-----// //-----Decide Strategy-----//
int strat = rg.nextInt(strategies);
/*** /***
* 0 - Valid Termination * 0 - Valid Termination
* 1 - Memory Overflow * 1 - Memory Overflow
...@@ -36,14 +39,16 @@ public class Fuzzer { ...@@ -36,14 +39,16 @@ public class Fuzzer {
* 7 - Dirty Read Memory * 7 - Dirty Read Memory
* 8 - Pc Overflow * 8 - Pc Overflow
* 9 - Int Overflow * 9 - Int Overflow
* 10 - Invalid * 10 - Invalid Operands
* 11 - Invalid Name
* 12 - Invalid return
*/ */
//-----Decide Strategy-----// //-----Decide Strategy-----//
// pw.println(generateMemoryOverflow(rg)); /* pw.println(generateMemoryOverflow(rg));
// pw.println(generateMemoryOverflow(rg)); pw.println(generateMemoryOverflow(rg));
// pw.println(generateMemoryOverflow(rg)); pw.println(generateMemoryOverflow(rg));
pw.println(";------------------1-----------------------"); pw.println(";------------------1-----------------------");
pw.println(generateMemoryUnderflow(rg)); pw.println(generateMemoryUnderflow(rg));
pw.println(generateMemoryUnderflow(rg)); pw.println(generateMemoryUnderflow(rg));
...@@ -57,15 +62,15 @@ public class Fuzzer { ...@@ -57,15 +62,15 @@ public class Fuzzer {
pw.println(generateOffsetOverFlow(rg)); pw.println(generateOffsetOverFlow(rg));
pw.println(generateOffsetOverFlow(rg)); pw.println(generateOffsetOverFlow(rg));
pw.println(";------------------4-----------------------"); pw.println(";------------------4-----------------------");
// pw.println(generateLineOverFlow()); pw.println(generateLineOverFlow());
pw.println(";------------------5-----------------------"); pw.println(";------------------5-----------------------");
pw.println(generateDivideByZero()); pw.println(generateDivideByZero());
pw.println(";------------------6-----------------------"); pw.println(";------------------6-----------------------");
// pw.println(generateDirtyRegistyRead()); pw.println(generateDirtyRegistyRead());
// pw.println(";------------------7-----------------------"); pw.println(";------------------7-----------------------");
// pw.println(generateDirtyMemoryRead(rg)); pw.println(generateDirtyMemoryRead(rg));
// pw.println(generateDirtyMemoryRead(rg)); pw.println(generateDirtyMemoryRead(rg));
// pw.println(generateDirtyMemoryRead(rg)); pw.println(generateDirtyMemoryRead(rg));
pw.println(";------------------8-----------------------"); pw.println(";------------------8-----------------------");
pw.println(jmpOverflow(rg)); pw.println(jmpOverflow(rg));
pw.println(jmpOverflow(rg)); pw.println(jmpOverflow(rg));
...@@ -102,13 +107,81 @@ public class Fuzzer { ...@@ -102,13 +107,81 @@ public class Fuzzer {
pw.println(";------------------16-----------------------"); pw.println(";------------------16-----------------------");
pw.println(generateValidReturn(rg)); pw.println(generateValidReturn(rg));
pw.println(generateValidReturn(rg)); pw.println(generateValidReturn(rg));
pw.println(generateValidReturn(rg)); pw.println(generateValidReturn(rg)); */
//----------Fuzzer Ends Here---------- //----------Fuzzer Ends Here----------
//-----Apply Strategy-----//
if (strat == 6){
pw.println(generateDirtyRegistyRead());
}
else if(strat == 7){
pw.println(generateDirtyMemoryRead(rg));
}
int paddingLines = rg.nextInt(maxPadding);
pw.println(generateDivideByZero());
pw.println(generateInstructionComment(rg));
for(int x=0;x<paddingLines;x++){
pw.println(generateValidString(rg,paddingLines-x+3,x+3));
}
if(strat == 0){
pw.println(generateValidReturn(rg));
}
else if(strat == 1){
if(rg.nextBoolean()){
pw.println(generateMemoryUnderflow(rg));
}
else{
pw.println(generateMemoryOverflow(rg));
}
}
else if(strat == 2){
pw.println(generateRegOverflow(rg));
}
else if(strat == 3){
pw.println(generateOffsetOverFlow(rg));
}
else if(strat == 4){
pw.println(generateLineOverFlow());
}
else if(strat == 5){
pw.println(generateInstructionOverflow());
}
else if(strat == 8){
if(rg.nextBoolean()){
pw.println(jmpOverflow(rg));
}
else{
pw.println(jzOverflow(rg));
}
}
else if(strat == 9){
if(rg.nextBoolean()){
pw.println(intOverflow());
}
else{
pw.println(intUnderflow());
}
}
else if(strat == 10){
pw.println(generateInvalidOperands(rg));
}
else if(strat == 11){
for(int x=0;x<20;x++){
pw.println(generateInvalidFunctionName(rg,generateValidString(rg, 5, 2)));
}
for(int x=0;x<5;x++){
pw.println(generateValidReturn(rg));
}
}
else if(strat == 12){
pw.println(generateInvalidReturn(rg));
}
//-----Apply Strategy-----//
//----------Fuzzer Ends Here----------//
}catch (Exception e){ }catch (Exception e){
e.printStackTrace(System.err); e.printStackTrace(System.err);
System.exit(1); System.exit(1);
...@@ -122,20 +195,6 @@ public class Fuzzer { ...@@ -122,20 +195,6 @@ public class Fuzzer {
} }
} }
//-----------Strategy Functions----------//
public static PrintWriter functionTerminate(PrintWriter pw,Random rd){
return pw;
}
public static PrintWriter createPadding(Random rg,PrintWriter pw,int paddinglines){
return pw;
}
public static PrintWriter invalidStringTerminate(PrintWriter pw){
return pw;
}
public static PrintWriter dirtyRead(PrintWriter pw){
return pw;
}
//-----------Generation Functions----------// //-----------Generation Functions----------//
public static String generateMemoryOverflow(Random rg) { public static String generateMemoryOverflow(Random rg) {
...@@ -364,7 +423,7 @@ public class Fuzzer { ...@@ -364,7 +423,7 @@ public class Fuzzer {
return line; return line;
} }
public static String jzOverflow(int programLength,int lineNumber,Random rg) { public static String jzOverflow(Random rg) {
String line = new String(); String line = new String();
int val; int val;
...@@ -493,7 +552,7 @@ public class Fuzzer { ...@@ -493,7 +552,7 @@ public class Fuzzer {
return line; return line;
case("MOV"): case("MOV"):
numregs = 1; numregs = 1;
offset = rg.nextInt(); offset = rg.nextInt(maxMemory);
Boolean positive = rg.nextBoolean(); Boolean positive = rg.nextBoolean();
if(!positive) { if(!positive) {
offset = -offset; offset = -offset;
...@@ -515,6 +574,9 @@ public class Fuzzer { ...@@ -515,6 +574,9 @@ public class Fuzzer {
case("JZ"): case("JZ"):
//special case - avoid looping infinitly //special case - avoid looping infinitly
numregs = 1; numregs = 1;
if(rg.nextBoolean()) {
offset = -1;
}
offset = (rg.nextInt(programLength)); offset = (rg.nextInt(programLength));
offset = offset - lineNumber; offset = offset - lineNumber;
if(offset<0) { if(offset<0) {
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment