diff --git a/fuzzer/Fuzzer.java b/fuzzer/Fuzzer.java
index 9ae09334c63f1fe2deecc2e5dd0463e730ca375b..4ea3793c44732a161c1f9f1b4aa5a803212c13ae 100644
--- a/fuzzer/Fuzzer.java
+++ b/fuzzer/Fuzzer.java
@@ -11,7 +11,7 @@ import java.util.Random;
public class Fuzzer {
private static final String OUTPUT_FILE = "fuzz.s";
- private static final List<String> validOpcodes = new ArrayList<String>(Arrays.asList("ADD","SUB","MUL","DIV","RET","LDR","STR","MOV","JMP","JZ"));
+ private static final List<String> validOpcodes = new ArrayList<String>(Arrays.asList("ADD","SUB","MUL","DIV","LDR","STR","MOV","JMP","JZ"));
private static final int maxRegistry = 32;
private static final int maxMemory = 65536;
public static void main(String[] args) throws IOException {
@@ -36,58 +36,296 @@ public class Fuzzer {
}
}
- public String generateMemoryOverflow() {
- return null;
+ //-----------Generation Functions----------//
+ public String generateMemoryOverflow(Random rg) {
+ String line = new String();
+ line.concat("MOV R0 "+maxMemory+"%n");
+ line.concat("MOV R1 1 %n");
+ if(rg.nextBoolean()) {
+ line.concat("LDR R0 R1 1");
+ } else {
+ line.concat("STR R0 R1 1");
+ }
+ return line;
}
- public String generateMemoryUnderflow() {
- return null;
+
+ public String generateMemoryUnderflow(Random rg) {
+ String line = new String();
+ line.concat("MOV R0 "+(maxMemory*-1)+"%n");
+ line.concat("MOV R1 1 %n");
+ if(rg.nextBoolean()) {
+ line.concat("LDR R0 R1 -1");
+ } else {
+ line.concat("STR R0 R1 -1");
+ }
+ return line;
}
- public String generateRegOverflow() {
- return null;
+
+ public String generateRegOverflow(Random rg) {
+ String line = new String();
+ int invalidRegistry;
+ Boolean overflow = rg.nextBoolean();
+ if(overflow) {
+ invalidRegistry = 32;
+ }
+ else {
+ invalidRegistry = -1;
+ }
+ int goodRegA;
+ int goodRegB;
+ int pos;
+ int val;
+ switch(rg.nextInt(7)){
+ case(0):
+ goodRegA = rg.nextInt(maxRegistry);
+ goodRegB = rg.nextInt(maxRegistry);
+ line.concat("ADD ");
+ pos = rg.nextInt(3);
+
+ switch(pos) {
+ case(0):
+ line.concat("R"+invalidRegistry+" R"+goodRegA+" R"+goodRegB);
+ break;
+ case(1):
+ line.concat("R"+goodRegA+" R"+invalidRegistry+" R"+goodRegB);
+ break;
+ case(2):
+ line.concat("R"+goodRegB+" R"+goodRegA+" R"+invalidRegistry);
+ break;
+ }
+ return line;
+ case(1):
+ goodRegA = rg.nextInt(maxRegistry);
+ goodRegB = rg.nextInt(maxRegistry);
+ line.concat("SUB ");
+ pos = rg.nextInt(3);
+
+ switch(pos) {
+ case(0):
+ line.concat("R"+invalidRegistry+" R"+goodRegA+" R"+goodRegB);
+ break;
+ case(1):
+ line.concat("R"+goodRegA+" R"+invalidRegistry+" R"+goodRegB);
+ break;
+ case(2):
+ line.concat("R"+goodRegB+" R"+goodRegA+" R"+invalidRegistry);
+ break;
+ }
+ return line;
+ case(2):
+ goodRegA = rg.nextInt(maxRegistry);
+ goodRegB = rg.nextInt(maxRegistry);
+ line.concat("MOV R"+goodRegB+" 1%n");
+ line.concat("DIV ");
+ pos = rg.nextInt(3);
+
+ switch(pos) {
+ case(0):
+ line.concat("R"+invalidRegistry+" R"+goodRegA+" R"+goodRegB);
+ break;
+ case(1):
+ line.concat("R"+goodRegA+" R"+invalidRegistry+" R"+goodRegB);
+ break;
+ case(2):
+ line.concat("R"+goodRegB+" R"+goodRegA+" R"+invalidRegistry);
+ break;
+ }
+ return line;
+ case(3):
+ goodRegA = rg.nextInt(maxRegistry);
+ goodRegB = rg.nextInt(maxRegistry);
+ line.concat("MUL ");
+ pos = rg.nextInt(3);
+
+ switch(pos) {
+ case(0):
+ line.concat("R"+invalidRegistry+" R"+goodRegA+" R"+goodRegB);
+ break;
+ case(1):
+ line.concat("R"+goodRegA+" R"+invalidRegistry+" R"+goodRegB);
+ break;
+ case(2):
+ line.concat("R"+goodRegB+" R"+goodRegA+" R"+invalidRegistry);
+ break;
+ }
+ return line;
+ case(4):
+ line.concat("LDR ");
+ goodRegA = rg.nextInt(maxRegistry);
+ pos = rg.nextInt(2);
+ val = rg.nextInt(maxMemory);
+ switch(pos) {
+ case(0):
+ line.concat("R"+invalidRegistry+" "+val+"R"+goodRegA);
+ break;
+ case(1):
+ line.concat("R"+goodRegA+" "+val+"R"+invalidRegistry);
+ break;
+ }
+ return line;
+ case(5):
+ line.concat("STR ");
+ goodRegA = rg.nextInt(maxRegistry);
+ pos = rg.nextInt(2);
+ val = rg.nextInt(maxMemory);
+ switch(pos) {
+ case(0):
+ line.concat("R"+invalidRegistry+" "+val+"R"+goodRegA);
+ break;
+ case(1):
+ line.concat("R"+goodRegA+" "+val+"R"+invalidRegistry);
+ break;
+ }
+ return line;
+ case(6):
+ line.concat("MOV ");
+ goodRegA = rg.nextInt(maxRegistry);
+ val = rg.nextInt(maxMemory);
+ line.concat("R"+invalidRegistry+" "+val);
+ return line;
+ }
+ return line;
}
- public String generateRegUnderflow() {
+
+ //DZL
+ public String generateOffsetOverFlow() {
return null;
}
+
public String generateLineOverFlow() {
- return null;
+ String line = new String();
+ line.concat("RET R0");
+ for(int x=0;x<2000;x++) {
+ line.concat("a");
+ }
+ return line;
}
+
public String generateInstructionOverflow() {
- return null;
+ String line = new String();
+ line.concat("MOV R0 0%n");
+ line.concat("MOV R1 1");
+ for(int x=0;x<70000;x++) {
+ line.concat("%nADD R0 R0 R1");
+ }
+ return line;
}
+
public String generateDivideByZero(){
- return null;
+ String line = new String();
+ line.concat("MOV R0 0%n");
+ line.concat("MOV R1 1%n");
+ line.concat("DIV R2 R1 R0%n");
+ line.concat("RET R2");
+ return line;
}
+
+ //DZL
public String generateDirtyRegistyRead() {
return null;
}
- public String generateDirtyMemoryRead() {
- return null;
+
+ public String generateDirtyMemoryRead(Random rg) {
+ String line = new String();
+ int attempts = 20;
+ line.concat("MOV R0 0");
+ for(int x=0;x<attempts;x++) {
+ int value = rg.nextInt(maxMemory);
+ if(rg.nextBoolean()) {
+ value = value*-1;
+ }
+ line.concat("%nLDR R0 "+value+" R1%n");
+ line.concat("ADD R2 R2 R1%n");
+ }
+ return line;
}
- public String jmpOverflow() {
- return null;
- }
- public String jmpUnderflow() {
- return null;
+ public String jmpOverflow(int programLength,int lineNumber,Random rg) {
+ String line = new String();
+ int val;
+ if(rg.nextBoolean()) {
+ val = -1*(lineNumber+2);
+ } else {
+ val = (programLength-lineNumber+1);
+ }
+ line.concat("JMP "+val);
+ return line;
}
- public String jzOverflow() {
- return null;
- }
- public String jzUnderflow() {
- return null;
+
+ public String jzOverflow(int programLength,int lineNumber,Random rg) {
+
+ String line = new String();
+ int val;
+ if(rg.nextBoolean()) {
+ val = -1*(lineNumber+2);
+ } else {
+ val = (programLength-lineNumber+2);
+ }
+ line.concat("MOV R0 0%n");
+ line.concat("JZ R0 "+val);
+ return line;
}
+
public String intOverflow() {
- return null;
+ String line = new String();
+ line.concat("MOV R0 65535%n");
+ line.concat("MUL R1 R0 R0%n");
+ line.concat("MUL R1 R0 R0");
+ return line;
}
+
public String intUnderflow() {
- return null;
+ String line = new String();
+ line.concat("MOV R0 -65535%n");
+ line.concat("MUL R1 R0 R0%n");
+ line.concat("MUL R1 R0 R0");
+ return line;
}
- public String generateInvalidString() {
+
+ //DZL
+ public String generateInvalidOperands(Random rg) {
+ //rg.nextInt(3)
+ //register = rg.nextInt(maxRegistry);
+ //wrong operands
+ //too many arguments
return null;
}
- public String generateInstructionComment() {
+ //CAL
+ public String generateInvalidFunctionName() {
return null;
}
+
+ public String generateInstructionComment(Random rg) {
+ String line = new String();
+ line.concat(";");
+ String instr = generateValidReturn(rg);
+ line.concat(instr);
+ return line;
+ }
+
+ public String generateValidReturn(Random rg) {
+ String line = new String();
+ line.concat("RET");
+ line.concat(" R"+rg.nextInt(maxRegistry));
+ return line;
+ }
+
+ public String generateInvalidReturn(Random rg) {
+ int invalidRegistry;
+ String line = new String();
+ line.concat("RET");
+ Boolean overflow = rg.nextBoolean();
+ if(overflow) {
+ invalidRegistry = 32;
+ }
+ else {
+ invalidRegistry = -1;
+ }
+
+ line.concat(" R"+invalidRegistry);
+ return line;
+ }
+
public String generateValidString(Random rg,int programLength,int lineNumber){
int index = rg.nextInt(validOpcodes.size());
String opcode = validOpcodes.get(index);
@@ -107,9 +345,6 @@ public class Fuzzer {
case("DIV"):
numregs = 3;
break;
- case("RET"):
- numregs = 1;
- break;
case("LDR"):
numregs = 2;
offset = (rg.nextInt(2*maxMemory))-maxMemory;
@@ -149,7 +384,7 @@ public class Fuzzer {
offset = (rg.nextInt(programLength));
offset = offset - lineNumber;
if(offset<0) {
- offset = offset-1;
+ offset = offset-2;
line.concat("JMP 2%n");
} else if(offset == 0) {
offset = offset+1;