From 8051817526973907f31aab63912c8f507a701baa Mon Sep 17 00:00:00 2001 From: Alex Groce Date: Tue, 20 Nov 2018 12:16:55 -0700 Subject: [PATCH 01/10] simple fix for libFuzzer ranges --- src/include/deepstate/DeepState.h | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/include/deepstate/DeepState.h b/src/include/deepstate/DeepState.h index 518411f..0436f3c 100644 --- a/src/include/deepstate/DeepState.h +++ b/src/include/deepstate/DeepState.h @@ -235,7 +235,10 @@ DEEPSTATE_INLINE static void DeepState_Check(int expr) { DEEPSTATE_INLINE static tname DeepState_ ## Tname ## InRange( \ tname low, tname high) { \ tname x = DeepState_ ## Tname(); \ - (void) DeepState_Assume(low <= x && x <= high); \ + if (!DeepState_UsingLibFuzzer) \ + (void) DeepState_Assume(low <= x && x <= high); \ + else \ + x = low + (x%((high+1)-low)); \ return x; \ } From a3ad1135e7a5afb0cd6ad306a4a46d14f55b4417 Mon Sep 17 00:00:00 2001 From: Alex Groce Date: Thu, 29 Nov 2018 13:25:21 -0700 Subject: [PATCH 02/10] also use mod if replaying --- src/include/deepstate/DeepState.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/include/deepstate/DeepState.h b/src/include/deepstate/DeepState.h index 0436f3c..5fce7a4 100644 --- a/src/include/deepstate/DeepState.h +++ b/src/include/deepstate/DeepState.h @@ -235,7 +235,8 @@ DEEPSTATE_INLINE static void DeepState_Check(int expr) { DEEPSTATE_INLINE static tname DeepState_ ## Tname ## InRange( \ tname low, tname high) { \ tname x = DeepState_ ## Tname(); \ - if (!DeepState_UsingLibFuzzer) \ + if (!(DeepState_UsingLibFuzzer || HAS_FLAGS_input_test_file \ + || HAS_FLAGS_input_test_dir || HAS_FLAGS_input_test_files_dir)) \ (void) DeepState_Assume(low <= x && x <= high); \ else \ x = low + (x%((high+1)-low)); \ From 5c723e0f62fd0c4271a2295c3bb3ace4c9ae90be Mon Sep 17 00:00:00 2001 From: Alex Groce Date: Thu, 29 Nov 2018 13:31:46 -0700 Subject: [PATCH 03/10] fix wrong name for HAS_FLAG --- src/include/deepstate/DeepState.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/include/deepstate/DeepState.h b/src/include/deepstate/DeepState.h index 5fce7a4..23d1f4b 100644 --- a/src/include/deepstate/DeepState.h +++ b/src/include/deepstate/DeepState.h @@ -235,8 +235,8 @@ DEEPSTATE_INLINE static void DeepState_Check(int expr) { DEEPSTATE_INLINE static tname DeepState_ ## Tname ## InRange( \ tname low, tname high) { \ tname x = DeepState_ ## Tname(); \ - if (!(DeepState_UsingLibFuzzer || HAS_FLAGS_input_test_file \ - || HAS_FLAGS_input_test_dir || HAS_FLAGS_input_test_files_dir)) \ + if (!(DeepState_UsingLibFuzzer || HAS_FLAG_input_test_file \ + || HAS_FLAG_input_test_dir || HAS_FLAG_input_test_files_dir)) \ (void) DeepState_Assume(low <= x && x <= high); \ else \ x = low + (x%((high+1)-low)); \ From a0bfead4cf493d78c8fde96679188a0ef3a1bcc8 Mon Sep 17 00:00:00 2001 From: Alex Groce Date: Fri, 30 Nov 2018 12:17:18 -0700 Subject: [PATCH 04/10] verbose --- src/include/deepstate/DeepState.h | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/include/deepstate/DeepState.h b/src/include/deepstate/DeepState.h index 23d1f4b..496372f 100644 --- a/src/include/deepstate/DeepState.h +++ b/src/include/deepstate/DeepState.h @@ -238,8 +238,11 @@ DEEPSTATE_INLINE static void DeepState_Check(int expr) { if (!(DeepState_UsingLibFuzzer || HAS_FLAG_input_test_file \ || HAS_FLAG_input_test_dir || HAS_FLAG_input_test_files_dir)) \ (void) DeepState_Assume(low <= x && x <= high); \ - else \ + else { \ + DeepState_LogFormat(DeepState_LogInfo, \ + "Fixing value\n"); \ x = low + (x%((high+1)-low)); \ + \} return x; \ } From 5dff6925f5e6f1ae0a1a62424a5eae537a488c24 Mon Sep 17 00:00:00 2001 From: Alex Groce Date: Fri, 30 Nov 2018 12:24:27 -0700 Subject: [PATCH 05/10] more verbose assumption failures --- src/lib/DeepState.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/lib/DeepState.c b/src/lib/DeepState.c index e6395ed..b872fa5 100644 --- a/src/lib/DeepState.c +++ b/src/lib/DeepState.c @@ -298,6 +298,9 @@ int32_t DeepState_MaxInt(int32_t v) { void _DeepState_Assume(int expr, const char *expr_str, const char *file, unsigned line) { if (!expr) { + DeepState_LogFormat(DeepState_LogError, + "%s(%u): Assumption %s failed", + file, line, expr_str); DeepState_Abandon("Assumption failed"); } } From 72d3b5bcf9acacd42c925e0657f04099393d29bc Mon Sep 17 00:00:00 2001 From: Alex Groce Date: Fri, 30 Nov 2018 12:29:55 -0700 Subject: [PATCH 06/10] tell when computing a range --- src/include/deepstate/DeepState.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/include/deepstate/DeepState.h b/src/include/deepstate/DeepState.h index 496372f..0419420 100644 --- a/src/include/deepstate/DeepState.h +++ b/src/include/deepstate/DeepState.h @@ -235,14 +235,14 @@ DEEPSTATE_INLINE static void DeepState_Check(int expr) { DEEPSTATE_INLINE static tname DeepState_ ## Tname ## InRange( \ tname low, tname high) { \ tname x = DeepState_ ## Tname(); \ + DeepState_LogFormat(DeepState_LogInfo, "Computing a range"); \ if (!(DeepState_UsingLibFuzzer || HAS_FLAG_input_test_file \ || HAS_FLAG_input_test_dir || HAS_FLAG_input_test_files_dir)) \ (void) DeepState_Assume(low <= x && x <= high); \ - else { \ - DeepState_LogFormat(DeepState_LogInfo, \ - "Fixing value\n"); \ + else { + DeepState_LogFormat(DeepState_LogInfo, "Fixing value"); \ x = low + (x%((high+1)-low)); \ - \} + \} return x; \ } From b61bfd162af46e09e355210d27564abbf6758a5a Mon Sep 17 00:00:00 2001 From: Alex Groce Date: Fri, 30 Nov 2018 12:43:30 -0700 Subject: [PATCH 07/10] fix various issues --- src/include/deepstate/DeepState.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/include/deepstate/DeepState.h b/src/include/deepstate/DeepState.h index 0419420..bcc03f9 100644 --- a/src/include/deepstate/DeepState.h +++ b/src/include/deepstate/DeepState.h @@ -235,14 +235,14 @@ DEEPSTATE_INLINE static void DeepState_Check(int expr) { DEEPSTATE_INLINE static tname DeepState_ ## Tname ## InRange( \ tname low, tname high) { \ tname x = DeepState_ ## Tname(); \ - DeepState_LogFormat(DeepState_LogInfo, "Computing a range"); \ + DeepState_LogFormat(DeepState_LogInfo, "Computing a range"); \ if (!(DeepState_UsingLibFuzzer || HAS_FLAG_input_test_file \ || HAS_FLAG_input_test_dir || HAS_FLAG_input_test_files_dir)) \ (void) DeepState_Assume(low <= x && x <= high); \ - else { + else { \ DeepState_LogFormat(DeepState_LogInfo, "Fixing value"); \ x = low + (x%((high+1)-low)); \ - \} + } \ return x; \ } From 9bd1e6b7f0c7591ba6f58fb4d220ce69159d4494 Mon Sep 17 00:00:00 2001 From: Alex Groce Date: Fri, 30 Nov 2018 12:52:02 -0700 Subject: [PATCH 08/10] fixup --- src/include/deepstate/DeepState.h | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/src/include/deepstate/DeepState.h b/src/include/deepstate/DeepState.h index bcc03f9..23d1f4b 100644 --- a/src/include/deepstate/DeepState.h +++ b/src/include/deepstate/DeepState.h @@ -235,14 +235,11 @@ DEEPSTATE_INLINE static void DeepState_Check(int expr) { DEEPSTATE_INLINE static tname DeepState_ ## Tname ## InRange( \ tname low, tname high) { \ tname x = DeepState_ ## Tname(); \ - DeepState_LogFormat(DeepState_LogInfo, "Computing a range"); \ if (!(DeepState_UsingLibFuzzer || HAS_FLAG_input_test_file \ || HAS_FLAG_input_test_dir || HAS_FLAG_input_test_files_dir)) \ (void) DeepState_Assume(low <= x && x <= high); \ - else { \ - DeepState_LogFormat(DeepState_LogInfo, "Fixing value"); \ + else \ x = low + (x%((high+1)-low)); \ - } \ return x; \ } From 87dd39d93cd878f98f3e44d2bf81aa0e9902ba01 Mon Sep 17 00:00:00 2001 From: Alex Groce Date: Sat, 1 Dec 2018 12:47:43 -0700 Subject: [PATCH 09/10] fix formatting --- src/include/deepstate/DeepState.h | 4 ++-- src/lib/DeepState.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/include/deepstate/DeepState.h b/src/include/deepstate/DeepState.h index 23d1f4b..1020910 100644 --- a/src/include/deepstate/DeepState.h +++ b/src/include/deepstate/DeepState.h @@ -236,10 +236,10 @@ DEEPSTATE_INLINE static void DeepState_Check(int expr) { tname low, tname high) { \ tname x = DeepState_ ## Tname(); \ if (!(DeepState_UsingLibFuzzer || HAS_FLAG_input_test_file \ - || HAS_FLAG_input_test_dir || HAS_FLAG_input_test_files_dir)) \ + || HAS_FLAG_input_test_dir || HAS_FLAG_input_test_files_dir)) \ (void) DeepState_Assume(low <= x && x <= high); \ else \ - x = low + (x%((high+1)-low)); \ + x = low + (x%((high+1)-low)); \ return x; \ } diff --git a/src/lib/DeepState.c b/src/lib/DeepState.c index b872fa5..26c9fee 100644 --- a/src/lib/DeepState.c +++ b/src/lib/DeepState.c @@ -299,8 +299,8 @@ void _DeepState_Assume(int expr, const char *expr_str, const char *file, unsigned line) { if (!expr) { DeepState_LogFormat(DeepState_LogError, - "%s(%u): Assumption %s failed", - file, line, expr_str); + "%s(%u): Assumption %s failed", + file, line, expr_str); DeepState_Abandon("Assumption failed"); } } From 8b912a8ce1dc8db658a3f5f1246484807b5318db Mon Sep 17 00:00:00 2001 From: Alex Groce Date: Sun, 2 Dec 2018 20:34:19 -0700 Subject: [PATCH 10/10] allow abort in libfuzzer --- src/lib/DeepState.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/lib/DeepState.c b/src/lib/DeepState.c index 26c9fee..91bbfc4 100644 --- a/src/lib/DeepState.c +++ b/src/lib/DeepState.c @@ -601,6 +601,13 @@ extern int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { enum DeepState_TestRunResult result = DeepState_RunTestLLVM(test); + const char* abort_check = getenv("LIBFUZZER_ABORT_ON_FAIL"); + if (abort_check != NULL) { + if ((result == DeepState_TestRunFail) || (result == DeepState_TestRunCrash)) { + abort(); + } + } + DeepState_Teardown(); DeepState_CurrentTestRun = NULL; free(mem);