DeforaNetworks/deepstate
3
0
Fork 0
Code Releases Activity
766 Commits 2 Branches 0 Tags
Commit Graph

766 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Alex Groce
16e9255396 abandon, rather than fatal, on failed assumption, for fuzzing 2018-06-23 15:00:52 -07:00
Dan Guido
079b8083fa
Merge pull request #58 from withzombies/master 
Add gitignore
 2018-06-20 19:28:03 -04:00
Ryan Stortz
1ab3d0d01f Add gitignore 2018-06-20 19:16:56 -04:00
Alex Groce
b314bb25c8
Update README.md 2018-05-25 10:50:50 -07:00
Alex Groce
9f5ef8e053
Move links to NAU website 
(NAU may move our pages when the college switches names)
 2018-05-06 10:52:02 -07:00
Peter Goodman
f1ba0ff2f8
Merge pull request #55 from DeforaNetworks/khorben/malloc-check 
Check malloc() for errors
 2018-03-15 19:48:59 +08:00
Peter Goodman
4246294f86
Merge pull request #56 from arunjohnkuruvilla/master 
Used toplevel manticore.issymbolic. Fixes Issue #14
 2018-03-06 10:57:44 +08:00
arunjohnkuruvilla
72aea332aa Used toplevel manticore.issymbolic instead of manticore.utils.helpers.issymbolic. Fixed Issue #14 2018-03-02 20:15:04 -05:00
Pierre Pronchery
7ce41d6bc7 Check malloc() for errors 2018-02-26 22:05:24 +01:00
Joe Ranweiler
ca5fada9f4
Merge pull request #54 from trailofbits/require-c99 
Explicitly use C99 standard when building library
 2018-02-25 15:20:18 -08:00
Joe Ranweiler
f9ab98e43a
Explicitly use C99 standard when building library 2018-02-25 15:17:06 -08:00
Joe Ranweiler
2752af7c22
Merge pull request #50 from trailofbits/klee-support 
KLEE API support
 2018-02-25 10:34:37 -08:00
Joe Ranweiler
35f73f2496
Add KLEE support to Manticore executor 2018-02-25 10:27:48 -08:00
Joe Ranweiler
96dafe6f41
Fix wrapped indentation 2018-02-25 10:27:48 -08:00
Joe Ranweiler
376235808a
Internally support varying take-over symbols in Manticore executor 2018-02-25 10:27:48 -08:00
Joe Ranweiler
2cb1bf002d
Add impl for klee_choose() 2018-02-25 10:27:48 -08:00
Joe Ranweiler
dc9c353244
Comment out unsupported klee_is_symbolic 
This takes a memory address as an argument, not a possibly-symbolic
value (which we do support). We probably need to extend the DeepState
API to support this robustly.
 2018-02-25 10:27:48 -08:00
Joe Ranweiler
2ff08e5d70
Add impls for KLEE symbolic int functions 2018-02-25 10:27:47 -08:00
Joe Ranweiler
63f22739f9
Impl supported klee_get_val functions 
We will extend the DeepState API to support the others.
 2018-02-25 10:27:47 -08:00
Joe Ranweiler
a1aaeee8c8
Use short-lived preprocessor def 2018-02-25 10:27:47 -08:00
Joe Ranweiler
16ce8d6e00
Add decl, impl for klee_abort() 2018-02-25 10:27:47 -08:00
Joe Ranweiler
27b2a490ee
Comment out unsupported KLEE functions 
We don't declare the functions to ensure compilation fails fast, not
linking. We keep the commented prototype for the sake of documentation,
instead of just deleting it. We may also eventually be able to impl the
functions if we extend the DeepState API.
 2018-02-25 10:27:47 -08:00
Joe Ranweiler
994d29b2d3
Add no-op impls for KLEE-internal debugging functions 2018-02-25 10:27:47 -08:00
Joe Ranweiler
e33b910182
Add no-op impls for KLEE engine commands 
These functions do not have a DeepState equivalent, nor do they impact
the semantics of the symbolic program to be executed.
 2018-02-25 10:27:47 -08:00
Joe Ranweiler
6b95aab503
Impl klee_silent_exit() 2018-02-25 10:27:47 -08:00
Joe Ranweiler
9e3d1d1eb2
Impl KLEE warning funcs 2018-02-25 10:27:47 -08:00
Joe Ranweiler
330f58b944
Add KLEE support to angr executor 2018-02-25 10:27:47 -08:00
Joe Ranweiler
4edfccd953
Internally support varying take-over symbols in angr executor 2018-02-25 10:27:47 -08:00
Joe Ranweiler
973d2a9264
Add KLEE example 2018-02-25 10:27:47 -08:00
Joe Ranweiler
236ee6856e
Add lib impl for klee_make_symbolic() 2018-02-23 15:42:17 -08:00
Joe Ranweiler
f7791f216f
Add stub header that declares the KLEE API 2018-02-23 15:42:17 -08:00
Joe Ranweiler
4947890344
Merge pull request #49 from trailofbits/child-proc-mem-share 
Use shared memory to determine results of forked test runs
 2018-02-22 09:35:35 -08:00
Joe Ranweiler
f39a89d059
Use consistent naming conventions 2018-02-21 19:32:26 -08:00
Joe Ranweiler
49fd41f5e1
Return bool from DeepState_Catch... functions 2018-02-21 19:31:45 -08:00
Joe Ranweiler
691cf24108
Remove usage of old internal globals 
- Use `DeepState_CurrentTestRun` global shared struct
- Allocate memory for the above in `DeepState_Setup()`
- Update `DeepState_Catch...` functions to map enums to status ints
 2018-02-21 19:22:20 -08:00
Joe Ranweiler
f07fd1cab7
Split up mapping and init of current test run globals 
- Use `DeepState_AllocCurrentTestRun()` to map memory in take-over setup
- Add error handling for `mmap()` call
- Unify init of test globals via `DeepState_InitCurrentTestRun()`
 2018-02-21 19:09:01 -08:00
Joe Ranweiler
4f711da986
Use DeepState_CurrentTestRun in take-over test case replays 
- Map shared memory for `DeepState_CurrentTestRun`
- For non-crashing forked test runs, inspect the above to figure out
  what happened. In particular, this supports `CHECK` and soft failures.
 2018-02-21 18:52:23 -08:00
Joe Ranweiler
d4dc9eaa01
Add struct for info about single test runs, update in global setters 
Instead of exit codes, we will use the global instance of this (shared
with a parent process) to determine the result of forked test runs.
 2018-02-21 18:49:42 -08:00
Joe Ranweiler
9d47f21f5a
Hide mutation of test globals behind internal functions 2018-02-21 17:17:43 -08:00
Joe Ranweiler
341c2da0f8
Fix type of --take_over flag 2018-02-21 16:56:12 -08:00
Joe Ranweiler
454ee11a6e
Merge pull request #44 from trailofbits/take-over-api 
Take-over API
 2018-02-20 16:06:21 -08:00
Joe Ranweiler
c09feec114
Call DeepState_Begin() for each forked take-over test case 2018-02-20 15:52:14 -08:00
Joe Ranweiler
23dbbbdc57
Log all test run result cases in native take-over 
Warning: this does not work correctly with tests that soft fail, e.g.
via a `CHECK` assertion. This is because the soft failures only update
the child's `DeepState_TestFailed` global variable, but do not exit.
What we will soon do is share memory with the child process, and derive
the "test result" from that shared memeory.
 2018-02-20 15:43:34 -08:00
Joe Ranweiler
a81f816d89
If in take-over mode, exit on fatal error 
In take-over mode, the "test" is the entire binary being executed as a
child process. So, we want to exit, rather than trying to `longjmp()` to
`DeepState_ReturnToRun`, which was never initialized.
 2018-02-20 15:43:34 -08:00
Joe Ranweiler
065c97c2c0
Add --take_over flag to native binaries 2018-02-20 15:43:34 -08:00
Joe Ranweiler
661c600d2b
Add impl of native takeover test case replay 2018-02-20 15:43:34 -08:00
Joe Ranweiler
93a95b0e96
Use native fake test and file name that matches executors 2018-02-20 15:43:34 -08:00
Joe Ranweiler
4d5e390c15
Factor out native runs of saved cases for a single test 2018-02-20 15:43:34 -08:00
Joe Ranweiler
2ea978999b
Replace DeepState_TakeOver() with Manticore function model 
Now we have API parity with the angr executor, and return 1 from
`DeepState_TakeOver()` when it is hooked for symbolic execution under
the Manticore backend.
 2018-02-20 15:43:34 -08:00
Joe Ranweiler
9e7266399c
Add TakeOver impl to Manticore executor 2018-02-20 15:43:34 -08:00