From 7fbb96677792c733302c6e2c03b71daf07306fda Mon Sep 17 00:00:00 2001
From: Joe Ranweiler <joe@lemma.co>
Date: Wed, 14 Feb 2018 12:05:07 -0800
Subject: [PATCH] Detect, report crashes in `deepstate-angr`

---
 bin/deepstate/common.py    | 16 ++++++++++++++++
 bin/deepstate/main_angr.py | 12 ++++++++++--
 2 files changed, 26 insertions(+), 2 deletions(-)

diff --git a/bin/deepstate/common.py b/bin/deepstate/common.py
index f118da3..61b7eef 100644
--- a/bin/deepstate/common.py
+++ b/bin/deepstate/common.py
@@ -215,6 +215,7 @@ class DeepState(object):
   def begin_test(self, info):
     """Begin processing the test associated with `info`."""
     self.context['failed'] = False
+    self.context['crashed'] = False
     self.context['abandoned'] = False
     self.context['log'] = []
     for level in LOG_LEVEL_TO_LOGGER:
@@ -324,6 +325,8 @@ class DeepState(object):
 
     if self.context['failed']:
       test_name += ".fail"
+    elif self.context['crashed']:
+      test_name += ".crash"
     else:
       test_name += ".pass"
 
@@ -375,6 +378,11 @@ class DeepState(object):
     executing the current state."""
     pass
 
+  def crash_test(self):
+    """Notify the symbolic executor that this test has crashed and stop
+    executing the current state."""
+    self.context['crashed'] = True
+
   def fail_test(self):
     """Notify the symbolic executor that this test has failed and stop
     executing the current state."""
@@ -469,6 +477,14 @@ class DeepState(object):
       self.log_message(LOG_LEVEL_INFO, "Passed: {}".format(info.name))
       self.pass_test()
 
+  def api_crash(self):
+    """Implements the `DeepState_Crash` API function, which marks this test as
+    having failed, and stops further execution."""
+    self.context['crashed'] = True
+    info = self.context['info']
+    self.log_message(LOG_LEVEL_ERROR, "Crashed: {}".format(info.name))
+    self.crash_test()
+
   def api_fail(self):
     """Implements the `DeepState_Fail` API function, which marks this test as
     having failed, and stops further execution."""
diff --git a/bin/deepstate/main_angr.py b/bin/deepstate/main_angr.py
index bcac38c..d7c8097 100644
--- a/bin/deepstate/main_angr.py
+++ b/bin/deepstate/main_angr.py
@@ -165,6 +165,12 @@ class Pass(angr.SimProcedure):
     DeepAngr(procedure=self).api_pass()
 
 
+class Crash(angr.SimProcedure):
+  """Implements DeepState_Crash, which notifies us of a crashing test."""
+  def run(self):
+    DeepAngr(procedure=self).api_crash()
+
+
 class Fail(angr.SimProcedure):
   """Implements DeepState_Fail, which notifies us of a failing test."""
   def run(self):
@@ -281,8 +287,9 @@ def do_run_test(project, test, apis, run_state):
     DeepAngr(state=state).report()
 
   for error in test_manager.errored:
-    print "Error", error.error
-    error.debug()
+    da = DeepAngr(state=error.state)
+    da.crash_test()
+    da.report()
 
 def run_test(project, test, apis, run_state):
   """Symbolically executes a single test function."""
@@ -374,6 +381,7 @@ def main():
   hook_function(project, apis['MaxUInt'], MaxUInt)
   hook_function(project, apis['Assume'], Assume)
   hook_function(project, apis['Pass'], Pass)
+  hook_function(project, apis['Crash'], Crash)
   hook_function(project, apis['Fail'], Fail)
   hook_function(project, apis['Abandon'], Abandon)
   hook_function(project, apis['SoftFail'], SoftFail)