shithub: fuzz

Download patch

ref: 52bd05c217fdaa140e294dd7b104e81d82c882be
parent: 32dfab624c2d80aedb3158035a7d6f2a6662116e
author: Steven Sleder <[email protected]>
date: Wed Nov 14 01:04:53 EST 2018

More printing changes

--- a/fuzz.h
+++ b/fuzz.h
@@ -96,10 +96,18 @@
 // Enum to track types of inputs
 typedef int type;
 enum type {
-t_int,		// int
-t_long,		// long
-t_DirS,		// Dir*
-t_charS		// char*
+t_int,
+t_uint,
+t_IOchunkS,
+t_long,
+t_ulong,
+t_vlong,
+t_longS,
+t_DirS,
+t_DirSS,
+t_char,
+t_uchar,
+t_charS
 };
 
 // Structure to track an instance of a given type
--- /dev/null
+++ b/fuzz.h.orig
@@ -1,0 +1,163 @@
+#ifndef FUZZ_H
+#define FUZZ_H
+
+#include <u.h>
+#include <libc.h>
+#include "list.h"
+#include "mutate.h"
+
+// Number of calls in enum calls
+#define NCALLS 66
+#define NTYPES 4
+
+// Global variables
+extern int logfd;
+
+/* 
+For full list of syscalls:
+
+If systab doesn't exist, do: cd /sys/src/9/port && mk
+/sys/src/9/port/systab.h
+/sys/src/libc/9syscall/sys.h
+/sys/include/libc.h:537
+*/
+
+// User space syscall definitions as per libc.h with sc_ prefix added
+typedef int call;
+enum call {
+sc_exits	,	//	_exits(char*);
+sc_abort	,	//	abort(void);
+sc_access	,	//	access(char*, int);
+sc_alarm	,	//	alarm(ulong);
+sc_await	,	//	await(char*, int);
+sc_bind	,		//	bind(char*, char*, int);
+sc_brk	,		//	brk(void*);
+sc_chdir	,	//	chdir(char*);
+sc_close	,	//	close(int);
+sc_create	,	//	create(char*, int, ulong);
+sc_dup	,		//	dup(int, int);
+sc_errstr	,	//	errstr(char*, uint);
+sc_exec	,		//	exec(char*, char*[]);
+sc_execl	,	//	execl(char*, ...);
+sc_fork	,		//	fork(void);
+sc_rfork	,	//	rfork(int);
+sc_fauth	,	//	fauth(int, char*);
+sc_fstat	,	//	fstat(int, uchar*, int);
+sc_fwstat	,	//	fwstat(int, uchar*, int);
+sc_fversion,	//	fversion(int, int, char*, int);
+sc_mount	,	//	mount(int, int, char*, int, char*);
+sc_unmount,		//	unmount(char*, char*);
+sc_noted	,	//	noted(int);
+sc_notify	,	//	notify(void(*)(void*, char*));
+sc_open	,		//	open(char*, int);
+sc_fd2path,		//	fd2path(int, char*, int);
+sc_pipe	,		//	pipe(int*);
+sc_pread	,	//	pread(int, void*, long, vlong);
+sc_preadv,		//	preadv(int, IOchunk*, int, vlong);
+sc_pwrite	,	//	pwrite(int, void*, long, vlong);
+sc_pwritev,		//	pwritev(int, IOchunk*, int, vlong);
+sc_read	,		//	read(int, void*, long);
+sc_readn	,	//	readn(int, void*, long);
+sc_readv	,	//	readv(int, IOchunk*, int);
+sc_remove,		//	remove(char*);
+sc_sbrk	,		//	sbrk(ulong);
+sc_oseek	,	//	oseek(int, long, int);
+sc_seek,		//	seek(int, vlong, int);
+sc_segattach,	//	segattach(int, char*, void*, ulong);
+sc_segbrk	,	//	segbrk(void*, void*);
+sc_segdetach,	//	segdetach(void*);
+sc_segflush,	//	segflush(void*, ulong);
+sc_segfree,		//	segfree(void*, ulong);
+sc_semacquire,	//	semacquire(long*, int);
+sc_semrelease,	//	semrelease(long*, long);
+sc_sleep,		//	sleep(long);
+sc_stat,		//	stat(char*, uchar*, int);
+sc_tsemacquire,	//	tsemacquire(long*, ulong);
+sc_wait,		//	wait(void);
+sc_waitpid,		//	waitpid(void);
+sc_write,		//	write(int, void*, long);
+sc_writev,		//	writev(int, IOchunk*, int);
+sc_wstat,		//	wstat(char*, uchar*, int);
+sc_rendezvous,	//	rendezvous(void*, void*);
+sc_dirstat,		//	dirstat(char*);
+sc_dirfstat,	//	dirfstat(int);
+sc_dirwstat,	//	dirwstat(char*, Dir*);
+sc_dirfwstat,	//	dirfwstat(int, Dir*);
+sc_dirread,		//	dirread(int, Dir**);
+sc_nulldir,		//	nulldir(Dir*);
+sc_dirreadall,	//	dirreadall(int, Dir**);
+sc_getpid	,	//	getpid(void);
+sc_getppid,		//	getppid(void);
+sc_rerrstr,		//	rerrstr(char*, uint);
+sc_sysname,		//	sysname(void);
+sc_werrstr		//	werrstr(char*, ...);
+};
+
+// Enum to track types of inputs
+typedef int type;
+enum type {
+<<<<<<< working copy
+t_int,
+t_uint,
+t_IOchunkS,
+t_long,
+t_ulong,
+t_vlong,
+t_longS,
+t_DirS,
+t_DirSS,
+t_char,
+t_uchar,
+t_charS
+=======
+t_int,		// int
+t_long,		// long
+t_DirS,		// Dir*
+t_charS		// char*
+>>>>>>> destination
+};
+
+// Structure to track an instance of a given type
+typedef struct t_type t_type;
+struct t_type
+{
+	void*	var;	// Variable to track
+	type	t;		// Type of the variable to cast to
+};
+
+// Type names table -- in input.c
+extern char *typenames[NTYPES];
+
+// User space system call names table -- NCALLS length -- in input.c
+extern char *callnames[NCALLS];
+
+// Structure to track state of system calling
+typedef struct caller caller;
+struct caller
+{
+	call		c;			// System call in use
+	char*		name;		// Real name of syscall
+	int			round;		// Last run executed
+	int			seed;		// Seed call was initialized with
+	List		inputs;		// List of input types in order from left→right
+};
+
+// Index of system calls -- one for each enum'd system call
+caller syscalls[NCALLS];
+
+/* == Function prototypes == */
+
+// input.c
+void	fuzz(caller*);
+void	hjsync(void);
+void	log_call(caller*);
+
+// inlist.c
+List*	mkinlist(List*, call);
+
+
+// list.c → See list.h
+
+// mutate.c → See mutate.h
+
+#endif
--- a/input.c
+++ b/input.c
@@ -102,8 +102,34 @@
 	fprint(logfd, "\n\tSeed: %d", sc->seed);
 
 	int x;
-	for (x; x < ((sc->inputs).size); x++) {
-		//fprint(logfd, "\n\t\t%s", callnames[ ((t_type*) lget(&(sc->inputs), x))->t ]);
+	for (x; x < (sc->inputs.size); x++) {
+		t_type* ele = lget(&(sc->inputs), x);
+
+		fprint(logfd, "\n\t\t%s : ", callnames[ele->t]);
+		
+		switch(ele->t) {
+			case t_int :
+				fprint(logfd, "%d", (int) ele->var);
+				break;
+			case t_uint :
+				fprint(logfd, "%d", (uint) ele->var);
+			case t_long :
+				fprint(logfd, "%ld", (long) ele->var);
+				break;
+			case t_ulong :
+				fprint(logfd, "%lu", (ulong) ele->var);
+				break;
+			case t_DirS :
+				fprint(logfd, "%s", (Dir*) ele->var);
+				break;
+			case t_charS :
+				fprint(logfd, "%s", (char*) ele->var);
+				break;
+			case t_char :
+				fprint(logfd, "%c", (char) ele->var);
+			default :
+				exits("Unknown input variable type!");
+		}
 	}
 }
 
--- /dev/null
+++ b/input.c.orig
@@ -1,0 +1,222 @@
+#include "fuzz.h"
+
+// Procedurally generate input to syscall
+void
+fuzz(caller *sc)
+{
+	// TODO
+	switch(sc->c) {
+		case sc_exits :			//	_exits(char*);
+		case sc_abort :			//	abort(void);
+		case sc_access :		//	access(char* : int);
+		case sc_alarm :			//	alarm(ulong);
+		case sc_await :			//	await(char* : int);
+		case sc_bind :			//	bind(char* : char* : int);
+		case sc_brk :			//	brk(void*);
+		case sc_chdir :			//	chdir(char*);
+		case sc_close :			//	close(int);
+			// increment the round counter
+			(sc->round)++;
+
+			// mutate the input
+			int fd;
+
+			// log the variables
+			log_call(sc);
+
+			// sync the disk
+			hjsync();
+			
+			// execute the call
+			close(fd);
+
+			break;
+		case sc_create :		//	create(char* : int : ulong);
+		case sc_dup :			//	dup(int : int);
+		case sc_errstr :		//	errstr(char* : uint);
+		case sc_exec :			//	exec(char* : char*[]);
+		case sc_execl :			//	execl(char* : ...);
+		case sc_fork :			//	fork(void);
+		case sc_rfork :			//	rfork(int);
+		case sc_fauth :			//	fauth(int : char*);
+		case sc_fstat :			//	fstat(int : uchar* : int);
+		case sc_fwstat :		//	fwstat(int : uchar* : int);
+		case sc_fversion :		//	fversion(int : int : char* : int);
+		case sc_mount :			//	mount(int : int : char* : int : char*);
+		case sc_unmount :		//	unmount(char* : char*);
+		case sc_noted :			//	noted(int);
+		case sc_notify :		//	notify(void(*)(void* : char*));
+		case sc_open :			//	open(char* : int);
+		case sc_fd2path :		//	fd2path(int : char* : int);
+		case sc_pipe :			//	pipe(int*);
+		case sc_pread :			//	pread(int : void* : long : vlong);
+		case sc_preadv :		//	preadv(int : IOchunk* : int : vlong);
+		case sc_pwrite :		//	pwrite(int : void* : long : vlong);
+		case sc_pwritev :		//	pwritev(int : IOchunk* : int : vlong);
+		case sc_read :			//	read(int : void* : long);
+		case sc_readn :			//	readn(int : void* : long);
+		case sc_readv :			//	readv(int : IOchunk* : int);
+		case sc_remove :		//	remove(char*);
+		case sc_sbrk :			//	sbrk(ulong);
+		case sc_oseek :			//	oseek(int : long : int);
+		case sc_seek :			//	seek(int : vlong : int);
+		case sc_segattach :		//	segattach(int : char* : void* : ulong);
+		case sc_segbrk	 :		//	segbrk(void* : void*);
+		case sc_segdetach :		//	segdetach(void*);
+		case sc_segflush :		//	segflush(void* : ulong);
+		case sc_segfree :		//	segfree(void* : ulong);
+		case sc_semacquire :		//	semacquire(long* : int);
+		case sc_semrelease :		//	semrelease(long* : long);
+		case sc_sleep :			//	sleep(long);
+		case sc_stat :			//	stat(char* : uchar* : int);
+		case sc_tsemacquire :		//	tsemacquire(long* : ulong);
+		case sc_wait :			//	wait(void);
+		case sc_waitpid :		//	waitpid(void);
+		case sc_write :			//	write(int : void* : long);
+		case sc_writev :		//	writev(int : IOchunk* : int);
+		case sc_wstat :			//	wstat(char* : uchar* : int);
+		case sc_rendezvous :		//	rendezvous(void* : void*);
+		case sc_dirstat :		//	dirstat(char*);
+		case sc_dirfstat :		//	dirfstat(int);
+		case sc_dirwstat :		//	dirwstat(char* : Dir*);
+		case sc_dirfwstat :		//	dirfwstat(int : Dir*);
+		case sc_dirread :		//	dirread(int : Dir**);
+		case sc_nulldir :		//	nulldir(Dir*);
+		case sc_dirreadall :		//	dirreadall(int : Dir**);
+		case sc_getpid :		//	getpid(void);
+		case sc_getppid	:		//	getppid(void);
+		case sc_rerrstr :		//	rerrstr(char* : uint);
+		case sc_sysname :		//	sysname(void);
+		case sc_werrstr :		//	werrstr(char* : ...);
+		default :
+			exits("Unknown system call!");
+	}
+}
+
+// Logs the syscall arguments
+void
+log_call(caller *sc)
+{
+	fprint(logfd, "\nSystem Call: %s", sc->name);
+	fprint(logfd, "\n\tRound #: %d", sc->round);
+	fprint(logfd, "\n\tSeed: %d", sc->seed);
+
+	int x;
+	for (x; x < (sc->inputs.size); x++) {
+		t_type* ele = lget(&(sc->inputs), x);
+
+		fprint(logfd, "\n\t\t%s : ", callnames[ele->t]);
+		
+		switch(ele->t) {
+			case t_int :
+				fprintf(logfd, "%d", (int) ele->var);
+				break;
+			case t_uint :
+				fprintf(logfd, "%d", (uint) ele->var);
+			case t_long :
+				fprintf(logfd, "%ld", (long) ele->var);
+				break;
+			case t_ulong :
+				fprintf(logfd, "%lu", (ulong) ele->var);
+				break;
+			case t_DirS :
+				fprintf(logfd, "%s", (Dir*) ele->var);
+				break;
+			case t_charS :
+				fprintf(logfd, "%s", (char*) ele->var);
+				break;
+			case t_char :
+				fprintf(logfd, "%c", (char) ele->var);
+			default :
+				exit("Unknown input variable type!");
+		}
+	}
+}
+
+// Syncs the disk in hjfs
+void
+hjsync()
+{
+	// open file and write to sync disk
+	int hjfs = open("/srv/hjfs.cmd", OWRITE);
+	fprint(hjfs, "sync\n");
+	close(hjfs);
+}
+
+// Init callnames here, is extern in fuzz.h
+char *callnames[NCALLS]= {
+"_exits",
+"abort",
+"access",
+"alarm",
+"await",
+"bind",
+"brk",
+"chdir",
+"close",
+"create",
+"dup",
+"errstr",
+"exec",
+"execl",
+"fork",
+"rfork",
+"fauth",
+"fstat",
+"fwstat",
+"fversion",
+"mount",
+"unmount",
+"noted",
+"notify",
+"open",
+"fd2path",
+"pipe",
+"pread",
+"preadv",
+"pwrite",
+"pwritev",
+"read",
+"readn",
+"readv",
+"remove",
+"sbrk",
+"oseek",
+"seek",
+"segattach",
+"segbrk",
+"segdetach",
+"segflush",
+"segfree",
+"semacquire",
+"semrelease",
+"sleep",
+"stat",
+"tsemacquire",
+"wait",
+"waitpid",
+"write",
+"writev",
+"wstat",
+"rendezvous",
+"dirstat",
+"dirfstat",
+"dirwstat",
+"dirfwstat",
+"dirread",
+"nulldir",
+"dirreadall",
+"getpid",
+"getppid",
+"rerrstr",
+"sysname",
+"werrstr"
+};
+
+// Init callnames here, is extern in fuzz.h
+char *typenames[NTYPES]= {
+"int",
+"long",
+"Dir*",
+"char*"
+};