always1 = seed
always0 = ctypes.c_uint32(~seed).value
# for every <DEPTH> bit positions
for mask in fuzz:
seed2 = seed ^ mask
syn2 = common.syntax_from_insword(seed2)
if syn == syn2:
always1 &= seed2
always0 &= ctypes.c_uint32(~seed2).value
else:
pass
constMaskStr = ''
for i in xrange(31, -1, -1):
assert not ((always1 & (1 << i)) and (always0 & (1 << i)))
if always1 & (1 << i):
constMaskStr += '1'
elif always0 & (1 << i):
constMaskStr += '0'
else:
constMaskStr += 'x'
#print 'always1: %08X' % always1
#print 'always0: %08X' % always0
constbits = always1 | always0
changebits = ctypes.c_uint32(~constbits).value
print "{%s,{0x%08X,0x%08X}}, // %s %s" % \
(('"%s"' % syn).rjust(32), seed, changebits, constMaskStr, common.disasm(seed))
###############
# go!
###############
fuzz = common.fuzz5()
targets = sorted(opc2seed)
if sys.argv[1:] and sys.argv[1].startswith('--survey='):
opc = sys.argv[1][9:]
seed = opc2seed[opc]
print "// on %08X: %s" % (seed, opc)
for mask in fuzz:
seed2 = seed ^ mask
instr2 = common.disasm(seed2)
if not instr2.startswith(opc):
continue
print instr2
sys.exit(0)
start = targets[0]
# just an opcode, like `./syn_seeds --start=poppl`
if sys.argv[1:] and sys.argv[1].startswith('--start='):
start = sys.argv[1][8:]
ON = False
###############
# go!
###############
fuzz = common.fuzz5()
targets = sorted(opc2seed)
if sys.argv[1:] and sys.argv[1].startswith('--survey='):
opc = sys.argv[1][9:]
seed = opc2seed[opc]
print "// on %08X: %s" % (seed, opc)
for mask in fuzz:
seed2 = seed ^ mask
instr2 = common.disasm(seed2)
if not instr2.startswith(opc):
continue
print instr2
sys.exit(0)
start = targets[0]
# just an opcode, like `./syn_seeds --start=poppl`
if sys.argv[1:] and sys.argv[1].startswith('--start='):
start = sys.argv[1][8:]
ON = False
syn2mask[m.group(1)] = int(m.group(3),16)
###############
# go!
###############
seen = {}
fuzz = common.fuzz6()
syntaxes = sorted(syn2seed)
for syn in syntaxes:
shuffle(fuzz)
seed = syn2seed[syn]
mask = syn2mask[syn]
distxt = common.disasm(seed)
syn = common.syntax_from_string(distxt)
print "\t// examples of %s" % syn
collection = 0
for f in fuzz:
seed2 = seed ^ (mask & f)
distxt2 = common.disasm(seed2)
syn2 = common.syntax_from_string(distxt2)
if syn != syn2:
continue
if distxt2 in seen:
continue
if m:
opc2seed[m.group(1)] = int(m.group(2),16)
###############
# go!
###############
fuzz = common.fuzz4()
targets = sorted(opc2seed)
if sys.argv[1:]:
targets = [sys.argv[1]]
syn2seed = {}
for opc in targets:
seed = opc2seed[opc]
#print "// on %08X: %s" % (seed, opc)
for mask in fuzz:
seed2 = seed ^ mask
instr2 = common.disasm(seed2)
syn2 = common.syntax_from_string(instr2)
if syn2 == opc or syn2.startswith(opc+' '):
if not (syn2 in syn2seed):
print '"%s": 0x%08X" % (syn2, seed2)
syn2seed[syn2] = seed2
#!/usr/bin/env python
import common
seen = {}
for seed in xrange(0, 0x100000000):
distxt = common.disasm(seed)
if distxt == 'undef':
continue
fqo = distxt
if ' ' in fqo:
fqo = fqo[0:fqo.index(' ')]
opcnew = common.fqo_to_opcode(fqo)
if not (opcnew in seen):
seen[opcnew] = seed
print "%08X %s" % (seed, opcnew)
print "'%s': 0x%08X" % (syn, example) syn2example[syn] = example # for every <DEPTH> bit positions for positions in itertools.combinations(range(32), DEPTH): for bitvalues in itertools.product([0,1], repeat=DEPTH): example2 = example for i in range(DEPTH): mask = 1 << positions[i] if bitvalues[i]: #print 'setting bit %d' % positions[i] example2 |= mask else: #print 'clearing bit %d' % positions[i] example2 &= ctypes.c_uint32(~mask).value instr2 = common.disasm(example2) syn2 = common.syntax_from_string(instr2) if not (syn2 == opc or syn2.startswith(opc+' ')): continue #print '%08X: %s %s' % (example2, instr2, syn2) if not syn2 in syn2example: print "'%s': 0x%08X" % (syn2, example2) syn2example[syn2] = example2