ref: 52bd05c217fdaa140e294dd7b104e81d82c882be
parent: 32dfab624c2d80aedb3158035a7d6f2a6662116e
author: Steven Sleder <[email protected]>
date: Wed Nov 14 01:04:53 EST 2018
More printing changes
--- a/fuzz.h
+++ b/fuzz.h
@@ -96,10 +96,18 @@
// Enum to track types of inputs
typedef int type;
enum type {
-t_int, // int
-t_long, // long
-t_DirS, // Dir*
-t_charS // char*
+t_int,
+t_uint,
+t_IOchunkS,
+t_long,
+t_ulong,
+t_vlong,
+t_longS,
+t_DirS,
+t_DirSS,
+t_char,
+t_uchar,
+t_charS
};
// Structure to track an instance of a given type
--- /dev/null
+++ b/fuzz.h.orig
@@ -1,0 +1,163 @@
+#ifndef FUZZ_H
+#define FUZZ_H
+
+#include <u.h>
+#include <libc.h>
+#include "list.h"
+#include "mutate.h"
+
+// Number of calls in enum calls
+#define NCALLS 66
+#define NTYPES 4
+
+// Global variables
+extern int logfd;
+
+/*
+For full list of syscalls:
+
+If systab doesn't exist, do: cd /sys/src/9/port && mk
+/sys/src/9/port/systab.h
+/sys/src/libc/9syscall/sys.h
+/sys/include/libc.h:537
+*/
+
+// User space syscall definitions as per libc.h with sc_ prefix added
+typedef int call;
+enum call {
+sc_exits , // _exits(char*);
+sc_abort , // abort(void);
+sc_access , // access(char*, int);
+sc_alarm , // alarm(ulong);
+sc_await , // await(char*, int);
+sc_bind , // bind(char*, char*, int);
+sc_brk , // brk(void*);
+sc_chdir , // chdir(char*);
+sc_close , // close(int);
+sc_create , // create(char*, int, ulong);
+sc_dup , // dup(int, int);
+sc_errstr , // errstr(char*, uint);
+sc_exec , // exec(char*, char*[]);
+sc_execl , // execl(char*, ...);
+sc_fork , // fork(void);
+sc_rfork , // rfork(int);
+sc_fauth , // fauth(int, char*);
+sc_fstat , // fstat(int, uchar*, int);
+sc_fwstat , // fwstat(int, uchar*, int);
+sc_fversion, // fversion(int, int, char*, int);
+sc_mount , // mount(int, int, char*, int, char*);
+sc_unmount, // unmount(char*, char*);
+sc_noted , // noted(int);
+sc_notify , // notify(void(*)(void*, char*));
+sc_open , // open(char*, int);
+sc_fd2path, // fd2path(int, char*, int);
+sc_pipe , // pipe(int*);
+sc_pread , // pread(int, void*, long, vlong);
+sc_preadv, // preadv(int, IOchunk*, int, vlong);
+sc_pwrite , // pwrite(int, void*, long, vlong);
+sc_pwritev, // pwritev(int, IOchunk*, int, vlong);
+sc_read , // read(int, void*, long);
+sc_readn , // readn(int, void*, long);
+sc_readv , // readv(int, IOchunk*, int);
+sc_remove, // remove(char*);
+sc_sbrk , // sbrk(ulong);
+sc_oseek , // oseek(int, long, int);
+sc_seek, // seek(int, vlong, int);
+sc_segattach, // segattach(int, char*, void*, ulong);
+sc_segbrk , // segbrk(void*, void*);
+sc_segdetach, // segdetach(void*);
+sc_segflush, // segflush(void*, ulong);
+sc_segfree, // segfree(void*, ulong);
+sc_semacquire, // semacquire(long*, int);
+sc_semrelease, // semrelease(long*, long);
+sc_sleep, // sleep(long);
+sc_stat, // stat(char*, uchar*, int);
+sc_tsemacquire, // tsemacquire(long*, ulong);
+sc_wait, // wait(void);
+sc_waitpid, // waitpid(void);
+sc_write, // write(int, void*, long);
+sc_writev, // writev(int, IOchunk*, int);
+sc_wstat, // wstat(char*, uchar*, int);
+sc_rendezvous, // rendezvous(void*, void*);
+sc_dirstat, // dirstat(char*);
+sc_dirfstat, // dirfstat(int);
+sc_dirwstat, // dirwstat(char*, Dir*);
+sc_dirfwstat, // dirfwstat(int, Dir*);
+sc_dirread, // dirread(int, Dir**);
+sc_nulldir, // nulldir(Dir*);
+sc_dirreadall, // dirreadall(int, Dir**);
+sc_getpid , // getpid(void);
+sc_getppid, // getppid(void);
+sc_rerrstr, // rerrstr(char*, uint);
+sc_sysname, // sysname(void);
+sc_werrstr // werrstr(char*, ...);
+};
+
+// Enum to track types of inputs
+typedef int type;
+enum type {
+<<<<<<< working copy
+t_int,
+t_uint,
+t_IOchunkS,
+t_long,
+t_ulong,
+t_vlong,
+t_longS,
+t_DirS,
+t_DirSS,
+t_char,
+t_uchar,
+t_charS
+=======
+t_int, // int
+t_long, // long
+t_DirS, // Dir*
+t_charS // char*
+>>>>>>> destination
+};
+
+// Structure to track an instance of a given type
+typedef struct t_type t_type;
+struct t_type
+{
+ void* var; // Variable to track
+ type t; // Type of the variable to cast to
+};
+
+// Type names table -- in input.c
+extern char *typenames[NTYPES];
+
+// User space system call names table -- NCALLS length -- in input.c
+extern char *callnames[NCALLS];
+
+// Structure to track state of system calling
+typedef struct caller caller;
+struct caller
+{
+ call c; // System call in use
+ char* name; // Real name of syscall
+ int round; // Last run executed
+ int seed; // Seed call was initialized with
+ List inputs; // List of input types in order from left→right
+};
+
+// Index of system calls -- one for each enum'd system call
+caller syscalls[NCALLS];
+
+/* == Function prototypes == */
+
+// input.c
+void fuzz(caller*);
+void hjsync(void);
+void log_call(caller*);
+
+// inlist.c
+List* mkinlist(List*, call);
+
+
+// list.c → See list.h
+
+// mutate.c → See mutate.h
+
+#endif
--- a/input.c
+++ b/input.c
@@ -102,8 +102,34 @@
fprint(logfd, "\n\tSeed: %d", sc->seed);
int x;
- for (x; x < ((sc->inputs).size); x++) {
- //fprint(logfd, "\n\t\t%s", callnames[ ((t_type*) lget(&(sc->inputs), x))->t ]);
+ for (x; x < (sc->inputs.size); x++) {
+ t_type* ele = lget(&(sc->inputs), x);
+
+ fprint(logfd, "\n\t\t%s : ", callnames[ele->t]);
+
+ switch(ele->t) {
+ case t_int :
+ fprint(logfd, "%d", (int) ele->var);
+ break;
+ case t_uint :
+ fprint(logfd, "%d", (uint) ele->var);
+ case t_long :
+ fprint(logfd, "%ld", (long) ele->var);
+ break;
+ case t_ulong :
+ fprint(logfd, "%lu", (ulong) ele->var);
+ break;
+ case t_DirS :
+ fprint(logfd, "%s", (Dir*) ele->var);
+ break;
+ case t_charS :
+ fprint(logfd, "%s", (char*) ele->var);
+ break;
+ case t_char :
+ fprint(logfd, "%c", (char) ele->var);
+ default :
+ exits("Unknown input variable type!");
+ }
}
}
--- /dev/null
+++ b/input.c.orig
@@ -1,0 +1,222 @@
+#include "fuzz.h"
+
+// Procedurally generate input to syscall
+void
+fuzz(caller *sc)
+{
+ // TODO
+ switch(sc->c) {
+ case sc_exits : // _exits(char*);
+ case sc_abort : // abort(void);
+ case sc_access : // access(char* : int);
+ case sc_alarm : // alarm(ulong);
+ case sc_await : // await(char* : int);
+ case sc_bind : // bind(char* : char* : int);
+ case sc_brk : // brk(void*);
+ case sc_chdir : // chdir(char*);
+ case sc_close : // close(int);
+ // increment the round counter
+ (sc->round)++;
+
+ // mutate the input
+ int fd;
+
+ // log the variables
+ log_call(sc);
+
+ // sync the disk
+ hjsync();
+
+ // execute the call
+ close(fd);
+
+ break;
+ case sc_create : // create(char* : int : ulong);
+ case sc_dup : // dup(int : int);
+ case sc_errstr : // errstr(char* : uint);
+ case sc_exec : // exec(char* : char*[]);
+ case sc_execl : // execl(char* : ...);
+ case sc_fork : // fork(void);
+ case sc_rfork : // rfork(int);
+ case sc_fauth : // fauth(int : char*);
+ case sc_fstat : // fstat(int : uchar* : int);
+ case sc_fwstat : // fwstat(int : uchar* : int);
+ case sc_fversion : // fversion(int : int : char* : int);
+ case sc_mount : // mount(int : int : char* : int : char*);
+ case sc_unmount : // unmount(char* : char*);
+ case sc_noted : // noted(int);
+ case sc_notify : // notify(void(*)(void* : char*));
+ case sc_open : // open(char* : int);
+ case sc_fd2path : // fd2path(int : char* : int);
+ case sc_pipe : // pipe(int*);
+ case sc_pread : // pread(int : void* : long : vlong);
+ case sc_preadv : // preadv(int : IOchunk* : int : vlong);
+ case sc_pwrite : // pwrite(int : void* : long : vlong);
+ case sc_pwritev : // pwritev(int : IOchunk* : int : vlong);
+ case sc_read : // read(int : void* : long);
+ case sc_readn : // readn(int : void* : long);
+ case sc_readv : // readv(int : IOchunk* : int);
+ case sc_remove : // remove(char*);
+ case sc_sbrk : // sbrk(ulong);
+ case sc_oseek : // oseek(int : long : int);
+ case sc_seek : // seek(int : vlong : int);
+ case sc_segattach : // segattach(int : char* : void* : ulong);
+ case sc_segbrk : // segbrk(void* : void*);
+ case sc_segdetach : // segdetach(void*);
+ case sc_segflush : // segflush(void* : ulong);
+ case sc_segfree : // segfree(void* : ulong);
+ case sc_semacquire : // semacquire(long* : int);
+ case sc_semrelease : // semrelease(long* : long);
+ case sc_sleep : // sleep(long);
+ case sc_stat : // stat(char* : uchar* : int);
+ case sc_tsemacquire : // tsemacquire(long* : ulong);
+ case sc_wait : // wait(void);
+ case sc_waitpid : // waitpid(void);
+ case sc_write : // write(int : void* : long);
+ case sc_writev : // writev(int : IOchunk* : int);
+ case sc_wstat : // wstat(char* : uchar* : int);
+ case sc_rendezvous : // rendezvous(void* : void*);
+ case sc_dirstat : // dirstat(char*);
+ case sc_dirfstat : // dirfstat(int);
+ case sc_dirwstat : // dirwstat(char* : Dir*);
+ case sc_dirfwstat : // dirfwstat(int : Dir*);
+ case sc_dirread : // dirread(int : Dir**);
+ case sc_nulldir : // nulldir(Dir*);
+ case sc_dirreadall : // dirreadall(int : Dir**);
+ case sc_getpid : // getpid(void);
+ case sc_getppid : // getppid(void);
+ case sc_rerrstr : // rerrstr(char* : uint);
+ case sc_sysname : // sysname(void);
+ case sc_werrstr : // werrstr(char* : ...);
+ default :
+ exits("Unknown system call!");
+ }
+}
+
+// Logs the syscall arguments
+void
+log_call(caller *sc)
+{
+ fprint(logfd, "\nSystem Call: %s", sc->name);
+ fprint(logfd, "\n\tRound #: %d", sc->round);
+ fprint(logfd, "\n\tSeed: %d", sc->seed);
+
+ int x;
+ for (x; x < (sc->inputs.size); x++) {
+ t_type* ele = lget(&(sc->inputs), x);
+
+ fprint(logfd, "\n\t\t%s : ", callnames[ele->t]);
+
+ switch(ele->t) {
+ case t_int :
+ fprintf(logfd, "%d", (int) ele->var);
+ break;
+ case t_uint :
+ fprintf(logfd, "%d", (uint) ele->var);
+ case t_long :
+ fprintf(logfd, "%ld", (long) ele->var);
+ break;
+ case t_ulong :
+ fprintf(logfd, "%lu", (ulong) ele->var);
+ break;
+ case t_DirS :
+ fprintf(logfd, "%s", (Dir*) ele->var);
+ break;
+ case t_charS :
+ fprintf(logfd, "%s", (char*) ele->var);
+ break;
+ case t_char :
+ fprintf(logfd, "%c", (char) ele->var);
+ default :
+ exit("Unknown input variable type!");
+ }
+ }
+}
+
+// Syncs the disk in hjfs
+void
+hjsync()
+{
+ // open file and write to sync disk
+ int hjfs = open("/srv/hjfs.cmd", OWRITE);
+ fprint(hjfs, "sync\n");
+ close(hjfs);
+}
+
+// Init callnames here, is extern in fuzz.h
+char *callnames[NCALLS]= {
+"_exits",
+"abort",
+"access",
+"alarm",
+"await",
+"bind",
+"brk",
+"chdir",
+"close",
+"create",
+"dup",
+"errstr",
+"exec",
+"execl",
+"fork",
+"rfork",
+"fauth",
+"fstat",
+"fwstat",
+"fversion",
+"mount",
+"unmount",
+"noted",
+"notify",
+"open",
+"fd2path",
+"pipe",
+"pread",
+"preadv",
+"pwrite",
+"pwritev",
+"read",
+"readn",
+"readv",
+"remove",
+"sbrk",
+"oseek",
+"seek",
+"segattach",
+"segbrk",
+"segdetach",
+"segflush",
+"segfree",
+"semacquire",
+"semrelease",
+"sleep",
+"stat",
+"tsemacquire",
+"wait",
+"waitpid",
+"write",
+"writev",
+"wstat",
+"rendezvous",
+"dirstat",
+"dirfstat",
+"dirwstat",
+"dirfwstat",
+"dirread",
+"nulldir",
+"dirreadall",
+"getpid",
+"getppid",
+"rerrstr",
+"sysname",
+"werrstr"
+};
+
+// Init callnames here, is extern in fuzz.h
+char *typenames[NTYPES]= {
+"int",
+"long",
+"Dir*",
+"char*"
+};