def reset(self, frag_store: FragmentStore)-> str:
sequence = []
for i in range(random.randint(1, 10)):
self._length += 1
# Alloc
size = random.choice(self.sizes)
if random.random() > .995:
# .5 % of the time select at random from the list of candidates
candidates = frag_store.get_fragments_for_size(size)
sequence.append("# Randomly selecting from size {}".format(
size))
sequence.append("$var_vtx_{} = {};".format(
i, random.choice(candidates)[0]))
else:
# 99.5% of the time use the shortest sequence in the candidates
candidates = frag_store.get_shortest_fragments_for_size(size)
seq = random.choice(candidates)
sequence.append(
"# Selecting sequence {} for size {}".format(
seq[1], size))
sequence.append("$var_vtx_{} = {};".format(i, seq[0]))
self._last_instantiation = "\n".join(sequence)
return self._last_instantiation
def as_code(self, frag_store: FragmentStore) -> str:
if self._accepted_solution is not None:
return self._accepted_solution
sequence = []
still_alloced = set()
self._length = 0
for i in range(random.randint(1, 1000)):
self._length += 1
if still_alloced and random.random() > .98:
# Free
to_free = random.sample(still_alloced, 1)[0]
sequence.append("$var_vtx_{} = 0;".format(to_free))
still_alloced.remove(to_free)
continue
# Alloc
size = random.choice(self.sizes)
if random.random() > .995:
# .5 % of the time select at random from the list of candidates
candidates = frag_store.get_fragments_for_size(size)
sequence.append("# Randomly selecting from size {}".format(
size))
sequence.append("$var_vtx_{} = {};".format(
i, random.choice(candidates)[0]))
else:
# 99.5% of the time use the shortest sequence in the candidates
candidates = frag_store.get_shortest_fragments_for_size(size)
seq = random.choice(candidates)
sequence.append(
"# Selecting sequence {} for size {}".format(
seq[1], size))
sequence.append("$var_vtx_{} = {};".format(i, seq[0]))
still_alloced.add(i)
self._last_instantiation = "\n".join(sequence)
'''
size = random.choice(self.sizes)
candidates = frag_store.get_shortest_fragments_for_size(size)
seq = random.choice(candidates)
sequence.append("$var_vtx_{} = {};".format(1, seq[0]))
self._times += 1
self._last_instantiation = self._last_instantiation + "\n" + "\n".join(sequence)
'''
return self._last_instantiation
def as_code_by_index(self, frag_store: FragmentStore, index: int):
if self._accepted_solution is not None:
return self._accepted_solution
seq = frag_store.get_fragments_by_index(index)
sequence = []
sequence.append("$var_vtx_{} = {};".format(
1, seq))
#logging.info("action is {} and get sequence is {}".format(index, seq))
self._last_instantiation = self._last_instantiation + "\n" + "\n".join(sequence)
return self._last_instantiation
logger.error("Output directory {} exists".format(output_dir_path))
sys.exit(1)
else:
os.mkdir(output_dir_path.as_posix())
if args.single_process:
logger.info("Running a single analysis process")
else:
logger.info("Utilising {} cores".format(args.jobs))
logger.info("Analysing the PHP binary at {}".format(args.php))
logger.info("Template: {}".format(args.template))
logger.info("Time limit: {}".format(args.time_limit))
fragment_paths = [pathlib.Path(p) for p in args.fragments]
fragment_store = FragmentStore(fragment_paths)
logger.info("{} unique sequences across {} fragments loaded from {}".format(
fragment_store.num_sequences(), fragment_store.num_fragments(),
[p.as_posix() for p in fragment_paths]))
template = Template(args.template, fragment_store)
logger.info("Loaded template from {}".format(args.template))
logger.info("Template contains {} stages".format(
template.num_remaining_stages()))
for size in template.hlm_sizes_in_use():
fragments = fragment_store.get_fragments_for_size(size)
if fragments:
logger.info("{} allocation sequences for size {}".format(
len(fragments), size))
else:
parser.add_argument('-j',
'--jobs',
type=int,
default=os.cpu_count(),
help="The number of concurrent jobs to run")
parser.add_argument('--debug',
action='store_true',
default=False,
help="Enable debug mode (verbose logging)")
args = parser.parse_args()
if args.debug:
for handler in logging.root.handlers[:]:
logging.root.removeHandler(handler)
logging.basicConfig(level=logging.DEBUG)
logger.info("Utilising {} cores".format(args.jobs))
logger.info("Analysing the PHP binary at {}".format(args.php))
fragment_path = pathlib.Path(args.fragments)
fragment_store = FragmentStore(fragment_path)
logger.info("{} unique sequences across {} fragments loaded from {}".format(
fragment_store.num_sequences(), fragment_store.num_fragments(),
fragment_path))
res = php7.fuzz(fragment_store, args.jobs, args.php, args.time_limit)
logger.info("{} new interaction sequence discovered".format(len(res)))
out_path = fragment_path.with_name(OUT_PREFIX + fragment_path.name)
logger.info("Writing fuzzing results to {}".format(out_path))
php7.dump_to_file(res, out_path.as_posix())