DeforaNetworks/deepstate
3
0
Fork 0
Code Releases Activity
169 Commits 2 Branches 0 Tags
70dd92cb276f0a64f07c1937d7ece7b6d6278639
Commit Graph

51 Commits

Author SHA1 Message Date
Alex Groce
70dd92cb27 Fix message on abandon 2018-06-25 17:32:38 -07:00
Alex Groce
f821097775 Log Error on abandon 2018-06-25 17:26:02 -07:00
Alex Groce
16e9255396 abandon, rather than fatal, on failed assumption, for fuzzing 2018-06-23 15:00:52 -07:00
Pierre Pronchery
7ce41d6bc7 Check malloc() for errors 2018-02-26 22:05:24 +01:00
Joe Ranweiler
f39a89d059 Use consistent naming conventions 2018-02-21 19:32:26 -08:00
Joe Ranweiler
49fd41f5e1 Return bool from DeepState_Catch... functions 2018-02-21 19:31:45 -08:00
Joe Ranweiler
691cf24108 Remove usage of old internal globals 
- Use `DeepState_CurrentTestRun` global shared struct
- Allocate memory for the above in `DeepState_Setup()`
- Update `DeepState_Catch...` functions to map enums to status ints
 2018-02-21 19:22:20 -08:00
Joe Ranweiler
f07fd1cab7 Split up mapping and init of current test run globals 
- Use `DeepState_AllocCurrentTestRun()` to map memory in take-over setup
- Add error handling for `mmap()` call
- Unify init of test globals via `DeepState_InitCurrentTestRun()`
 2018-02-21 19:09:01 -08:00
Joe Ranweiler
4f711da986 Use DeepState_CurrentTestRun in take-over test case replays 
- Map shared memory for `DeepState_CurrentTestRun`
- For non-crashing forked test runs, inspect the above to figure out
  what happened. In particular, this supports `CHECK` and soft failures.
 2018-02-21 18:52:23 -08:00
Joe Ranweiler
d4dc9eaa01 Add struct for info about single test runs, update in global setters 
Instead of exit codes, we will use the global instance of this (shared
with a parent process) to determine the result of forked test runs.
 2018-02-21 18:49:42 -08:00
Joe Ranweiler
9d47f21f5a Hide mutation of test globals behind internal functions 2018-02-21 17:17:43 -08:00
Joe Ranweiler
341c2da0f8 Fix type of --take_over flag 2018-02-21 16:56:12 -08:00
Joe Ranweiler
c09feec114 Call DeepState_Begin() for each forked take-over test case 2018-02-20 15:52:14 -08:00
Joe Ranweiler
23dbbbdc57 Log all test run result cases in native take-over 
Warning: this does not work correctly with tests that soft fail, e.g.
via a `CHECK` assertion. This is because the soft failures only update
the child's `DeepState_TestFailed` global variable, but do not exit.
What we will soon do is share memory with the child process, and derive
the "test result" from that shared memeory.
 2018-02-20 15:43:34 -08:00
Joe Ranweiler
a81f816d89 If in take-over mode, exit on fatal error 
In take-over mode, the "test" is the entire binary being executed as a
child process. So, we want to exit, rather than trying to `longjmp()` to
`DeepState_ReturnToRun`, which was never initialized.
 2018-02-20 15:43:34 -08:00
Joe Ranweiler
065c97c2c0 Add --take_over flag to native binaries 2018-02-20 15:43:34 -08:00
Joe Ranweiler
661c600d2b Add impl of native takeover test case replay 2018-02-20 15:43:34 -08:00
Joe Ranweiler
93a95b0e96 Use native fake test and file name that matches executors 2018-02-20 15:43:34 -08:00
Joe Ranweiler
45fcfe0921 Add DeepState_TakeOver() interface 2018-02-20 10:31:29 -08:00
Joe Ranweiler
23af5b562d Add DeepState_Crash() hook 2018-02-14 12:22:38 -08:00
Joe Ranweiler
ac7e57a833 Consistently stub test case save hooks 2018-02-14 10:24:15 -08:00
Joe Ranweiler
ab43f75361 Add hook to save crashing tests 2018-02-14 10:24:15 -08:00
Joe Ranweiler
d81cbba137 Clear log stream before failing with longjmp in fatal log 
When an assertion fails in the C++ API, it ultimately invokes a
`Fatal`-level `DeepState_Log()`. This calls `DeepState_Fail()`, which
longjmps. If we don't clear the log buffer here, it won't get cleared by
the usual logic which does so. This causes hanging, unflushed log
messages to persist between tests.

This relationship should eventually be inverted and decoupled.
 2018-02-10 16:09:37 -08:00
Joe Ranweiler
dd8a1c6608 Use external linkage for global input buffer 
This is to support running saved auto-generated test cases.
 2018-02-08 16:07:35 -08:00
Joe Ranweiler
c6eca451c5 Fix flag decl and defs 2018-02-08 14:16:16 -08:00
Peter Goodman
1aa468dabc Minor formatting changes. 2018-02-06 12:18:06 +08:00
Peter Goodman
2eaeb7480c Adding Google Flags-like command-line option parsing, though implemented in C, to the main executable. The code is ported from Granary2. 2018-01-07 16:25:31 -05:00
Peter Goodman
622afcdb98 Made variadic argument lists work in 32 bit x86. 2017-12-13 23:53:48 -05:00
Peter Goodman
1433f34960 Makeing 100% sure that the format_bufs are NUL-terminated. 2017-12-13 22:46:20 -05:00
Peter Goodman
7c585f5c44 Add 32-bit support, i.e. libdeepstate32 2017-12-13 21:53:33 -05:00
Peter Goodman
f4dd61f895 Added overrides for assert_fail and stack_chk_fail. 2017-12-13 14:16:21 -05:00
Peter Goodman
308fe70eb6 Hooked __assert_fail into the logging system. 2017-12-13 12:43:34 -05:00
Peter Goodman
5a84f665b6 Minor tweak. 2017-12-13 01:31:29 -05:00
Peter Goodman
e9bd6dc177 Fixes one or two subtle issues. But the more interesting fix is that I implemented puts in terms of DeepState_Log. Calls to printf that had no format arguments are transformed by the compiler into calls to puts, but that wasn't being wrapped by DeepState, so it was appearing as though those log messages never actually happened. 2017-12-12 14:01:41 -05:00
Peter Goodman
8248bbdcbc Removed usage of old name, added in a Euler power of like primes example. When the pairwise ASSERT_NEs are absent, you get interesting results that show examples of integer overflows. 2017-12-10 20:08:08 -05:00
Peter Goodman
fcd000dc14 Added a maximize objective API to DeepState. 2017-12-10 13:37:47 -05:00
Peter Goodman
188d4517d8 Added prime polynomial example, new Pumping function to address scalability challenges with primality testing, and some improvements to the streaming interface, where if you don't stream in values, then the python side doesn't end up printing out some 'empty' stream infos. 2017-12-09 16:43:43 -05:00
Peter Goodman
f9fb7e81be Initial progress in Issue #7 with support for a Dr. Fuzz harness. 2017-12-08 21:07:52 -05:00
Peter Goodman
5f36822021 Made the report function concretize using the minimizer, so that eventually we'll be able to compare inputs generated across tools 2017-11-09 10:35:48 -05:00
Peter Goodman
6ec7d71188 Added error checking. 2017-11-02 01:05:15 -04:00
Peter Goodman
c4f74e2389 Adds some error checking around finding important symbols and initializing Manticore/Angr. Adds the ability to save concretized bytes to an output directory. For the time being, I'm going with the approach of the user specifying a output dir, then within that I create directories for each file basename in the tests, and subdirectories for each test name, and in there I put binary test files. 2017-11-02 00:54:18 -04:00
Peter Goodman
4f914e4eee Fixes to stream formatting of doubles, they weren't being streamed before. Implemented the chk versions of printf and such, so that they all route through the logging interface as well. Implemented the concretization APIs. 2017-11-01 17:56:54 -04:00
Peter Goodman
d2bc82fc35 Renaming from McTest to DeepState. 2017-11-01 13:38:32 -04:00
Peter Goodman
a46e06b03b Refactored to split common code between Manticore and Angr out into common.py. Implemented the new deferred streaming stuff, it seems to work semi-well for this simple cases I've tested, but there's still work to do. The latest code has some remaining issues. Printing out the final input bytes in Angr shows the wrong thing, although what gets streamed out is right. This is visible when running mctest-angr examples/ArtihmeticProperties. With Manticore, the big issue is that it doesn't properly pickle smt expressions (or something to this effect), so I'm ending up with multiple definitions of the same stuff and that throws exceptions. This is tricky to deal with because the streaming of output needs to be able to save symbolic data. 2017-11-01 02:42:31 -04:00
Peter Goodman
3702bfcb81 Changed how the logging works to log to a static buffer, then the hooks pull info out from there. 2017-10-30 14:16:02 -04:00
Peter Goodman
4b786adc70 Got Manticore (with some minor unpublished fixes) working for McTest, based on Yan's initial work. Most of the angr code directly ports over, which is convenient. Haven't yet implemented McTest_Log (which isn't working for angr, curiously). 2017-10-29 20:35:50 -04:00
Peter Goodman
e0f104aaef Adding logger support, and other things. 2017-10-29 18:54:41 -04:00
Peter Goodman
89da3e8e94 Made it so that tests can be run on their own, independent of a symbolic executor. This will open up libFuzzer support, and concrete execution of solved-for test case inputs. Removed all stuff related to sections. Made tests get registered via initializers. Working on exposing the API functions to be hooked by Manticore via a special system call with addres 0x41414141. Split the Angr version out into the mctest-angr binary, and going to try to make the mctest binary use Manticore. 2017-10-28 19:13:59 -04:00
Peter Goodman
0d336bd4d6 Fixed build errors for c++ test basics. Added a ForAll thingy to abstract around making symbols. Shortened section name lengths. Added a simple arithmetic properties test case. 2017-10-28 01:11:59 -04:00
Peter Goodman
76585f095b Improvements. Now hooking fewer functions, and instead making on big array symbolic. This will make it easier to run the inputs concretely (by eventually filling in the array with the concrete bytes), and will also make possible fuzzer integration (where the fuzzer mutates the bytes of the array) possible. 2017-10-28 00:09:33 -04:00