Skip to content
Snippets Groups Projects
Commit c56234a4 authored by Zhaolin Deng's avatar Zhaolin Deng
Browse files

Merge branch 'master' into dzl

parents dc6e07f6 0d73bad4
No related branches found
No related tags found
No related merge requests found
......@@ -11,7 +11,7 @@ import java.util.Random;
public class Fuzzer {
private static final String OUTPUT_FILE = "fuzz.s";
private static final List<String> validOpcodes = new ArrayList<String>(Arrays.asList("ADD","SUB","MUL","DIV","RET","LDR","STR","MOV","JMP","JZ"));
private static final List<String> validOpcodes = new ArrayList<String>(Arrays.asList("ADD","SUB","MUL","DIV","LDR","STR","MOV","JMP","JZ"));
private static final int maxRegistry = 32;
private static final int maxMemory = 65536;
public static void main(String[] args) throws IOException {
......@@ -36,58 +36,296 @@ public class Fuzzer {
}
}
public String generateMemoryOverflow() {
return null;
//-----------Generation Functions----------//
public String generateMemoryOverflow(Random rg) {
String line = new String();
line.concat("MOV R0 "+maxMemory+"%n");
line.concat("MOV R1 1 %n");
if(rg.nextBoolean()) {
line.concat("LDR R0 R1 1");
} else {
line.concat("STR R0 R1 1");
}
public String generateMemoryUnderflow() {
return null;
return line;
}
public String generateRegOverflow() {
return null;
public String generateMemoryUnderflow(Random rg) {
String line = new String();
line.concat("MOV R0 "+(maxMemory*-1)+"%n");
line.concat("MOV R1 1 %n");
if(rg.nextBoolean()) {
line.concat("LDR R0 R1 -1");
} else {
line.concat("STR R0 R1 -1");
}
return line;
}
public String generateRegOverflow(Random rg) {
String line = new String();
int invalidRegistry;
Boolean overflow = rg.nextBoolean();
if(overflow) {
invalidRegistry = 32;
}
else {
invalidRegistry = -1;
}
int goodRegA;
int goodRegB;
int pos;
int val;
switch(rg.nextInt(7)){
case(0):
goodRegA = rg.nextInt(maxRegistry);
goodRegB = rg.nextInt(maxRegistry);
line.concat("ADD ");
pos = rg.nextInt(3);
switch(pos) {
case(0):
line.concat("R"+invalidRegistry+" R"+goodRegA+" R"+goodRegB);
break;
case(1):
line.concat("R"+goodRegA+" R"+invalidRegistry+" R"+goodRegB);
break;
case(2):
line.concat("R"+goodRegB+" R"+goodRegA+" R"+invalidRegistry);
break;
}
return line;
case(1):
goodRegA = rg.nextInt(maxRegistry);
goodRegB = rg.nextInt(maxRegistry);
line.concat("SUB ");
pos = rg.nextInt(3);
switch(pos) {
case(0):
line.concat("R"+invalidRegistry+" R"+goodRegA+" R"+goodRegB);
break;
case(1):
line.concat("R"+goodRegA+" R"+invalidRegistry+" R"+goodRegB);
break;
case(2):
line.concat("R"+goodRegB+" R"+goodRegA+" R"+invalidRegistry);
break;
}
public String generateRegUnderflow() {
return line;
case(2):
goodRegA = rg.nextInt(maxRegistry);
goodRegB = rg.nextInt(maxRegistry);
line.concat("MOV R"+goodRegB+" 1%n");
line.concat("DIV ");
pos = rg.nextInt(3);
switch(pos) {
case(0):
line.concat("R"+invalidRegistry+" R"+goodRegA+" R"+goodRegB);
break;
case(1):
line.concat("R"+goodRegA+" R"+invalidRegistry+" R"+goodRegB);
break;
case(2):
line.concat("R"+goodRegB+" R"+goodRegA+" R"+invalidRegistry);
break;
}
return line;
case(3):
goodRegA = rg.nextInt(maxRegistry);
goodRegB = rg.nextInt(maxRegistry);
line.concat("MUL ");
pos = rg.nextInt(3);
switch(pos) {
case(0):
line.concat("R"+invalidRegistry+" R"+goodRegA+" R"+goodRegB);
break;
case(1):
line.concat("R"+goodRegA+" R"+invalidRegistry+" R"+goodRegB);
break;
case(2):
line.concat("R"+goodRegB+" R"+goodRegA+" R"+invalidRegistry);
break;
}
return line;
case(4):
line.concat("LDR ");
goodRegA = rg.nextInt(maxRegistry);
pos = rg.nextInt(2);
val = rg.nextInt(maxMemory);
switch(pos) {
case(0):
line.concat("R"+invalidRegistry+" "+val+"R"+goodRegA);
break;
case(1):
line.concat("R"+goodRegA+" "+val+"R"+invalidRegistry);
break;
}
return line;
case(5):
line.concat("STR ");
goodRegA = rg.nextInt(maxRegistry);
pos = rg.nextInt(2);
val = rg.nextInt(maxMemory);
switch(pos) {
case(0):
line.concat("R"+invalidRegistry+" "+val+"R"+goodRegA);
break;
case(1):
line.concat("R"+goodRegA+" "+val+"R"+invalidRegistry);
break;
}
return line;
case(6):
line.concat("MOV ");
goodRegA = rg.nextInt(maxRegistry);
val = rg.nextInt(maxMemory);
line.concat("R"+invalidRegistry+" "+val);
return line;
}
return line;
}
//DZL
public String generateOffsetOverFlow() {
return null;
}
public String generateLineOverFlow() {
return null;
String line = new String();
line.concat("RET R0");
for(int x=0;x<2000;x++) {
line.concat("a");
}
return line;
}
public String generateInstructionOverflow() {
return null;
String line = new String();
line.concat("MOV R0 0%n");
line.concat("MOV R1 1");
for(int x=0;x<70000;x++) {
line.concat("%nADD R0 R0 R1");
}
return line;
}
public String generateDivideByZero(){
return null;
String line = new String();
line.concat("MOV R0 0%n");
line.concat("MOV R1 1%n");
line.concat("DIV R2 R1 R0%n");
line.concat("RET R2");
return line;
}
//DZL
public String generateDirtyRegistyRead() {
return null;
}
public String generateDirtyMemoryRead() {
return null;
public String generateDirtyMemoryRead(Random rg) {
String line = new String();
int attempts = 20;
line.concat("MOV R0 0");
for(int x=0;x<attempts;x++) {
int value = rg.nextInt(maxMemory);
if(rg.nextBoolean()) {
value = value*-1;
}
line.concat("%nLDR R0 "+value+" R1%n");
line.concat("ADD R2 R2 R1%n");
}
return line;
}
public String jmpOverflow() {
return null;
public String jmpOverflow(int programLength,int lineNumber,Random rg) {
String line = new String();
int val;
if(rg.nextBoolean()) {
val = -1*(lineNumber+2);
} else {
val = (programLength-lineNumber+1);
}
public String jmpUnderflow() {
return null;
line.concat("JMP "+val);
return line;
}
public String jzOverflow() {
return null;
public String jzOverflow(int programLength,int lineNumber,Random rg) {
String line = new String();
int val;
if(rg.nextBoolean()) {
val = -1*(lineNumber+2);
} else {
val = (programLength-lineNumber+2);
}
public String jzUnderflow() {
return null;
line.concat("MOV R0 0%n");
line.concat("JZ R0 "+val);
return line;
}
public String intOverflow() {
return null;
String line = new String();
line.concat("MOV R0 65535%n");
line.concat("MUL R1 R0 R0%n");
line.concat("MUL R1 R0 R0");
return line;
}
public String intUnderflow() {
return null;
String line = new String();
line.concat("MOV R0 -65535%n");
line.concat("MUL R1 R0 R0%n");
line.concat("MUL R1 R0 R0");
return line;
}
public String generateInvalidString() {
//DZL
public String generateInvalidOperands(Random rg) {
//rg.nextInt(3)
//register = rg.nextInt(maxRegistry);
//wrong operands
//too many arguments
return null;
}
public String generateInstructionComment() {
//CAL
public String generateInvalidFunctionName() {
return null;
}
public String generateInstructionComment(Random rg) {
String line = new String();
line.concat(";");
String instr = generateValidReturn(rg);
line.concat(instr);
return line;
}
public String generateValidReturn(Random rg) {
String line = new String();
line.concat("RET");
line.concat(" R"+rg.nextInt(maxRegistry));
return line;
}
public String generateInvalidReturn(Random rg) {
int invalidRegistry;
String line = new String();
line.concat("RET");
Boolean overflow = rg.nextBoolean();
if(overflow) {
invalidRegistry = 32;
}
else {
invalidRegistry = -1;
}
line.concat(" R"+invalidRegistry);
return line;
}
public String generateValidString(Random rg,int programLength,int lineNumber){
int index = rg.nextInt(validOpcodes.size());
String opcode = validOpcodes.get(index);
......@@ -107,9 +345,6 @@ public class Fuzzer {
case("DIV"):
numregs = 3;
break;
case("RET"):
numregs = 1;
break;
case("LDR"):
numregs = 2;
offset = (rg.nextInt(2*maxMemory))-maxMemory;
......@@ -149,7 +384,7 @@ public class Fuzzer {
offset = (rg.nextInt(programLength));
offset = offset - lineNumber;
if(offset<0) {
offset = offset-1;
offset = offset-2;
line.concat("JMP 2%n");
} else if(offset == 0) {
offset = offset+1;
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment