Пример #1
0
    def output(self, app_package_name, app_class_files_path):
        
        with open(RunParameters.OUTPUT_FILE, "a") as csv_file:
            writer = csv.writer(csv_file, delimiter=',', quotechar='|', quoting=csv.QUOTE_MINIMAL)
            while (time.time() - self.start_time) < self.time_limit:
                
                #computing snapshots
                num_snapshots = 0
                for key in self.state_graph.states:
                    if self.state_graph.states[key].solid:
                        num_snapshots = num_snapshots+1
                
                #read coverage
                coverage_manager.pull_coverage_files("temp", app_package_name, app_class_files_path,
                                                     vm.VM.ip + ':' + vm.VM.adb_port)

                coverage_manager.compute_current_coverage(app_class_files_path)    # output in coverage.txt
                current_coverage = coverage_manager.read_current_coverage()

                # write files
                writer.writerow([str(int(time.time()-self.start_time)), str(len(self.state_graph.states)),str(num_snapshots), str(self.num_restore), str(current_coverage)])
                time.sleep(120)
                
                print "current threads:  " + str(threading.active_count())


        csv_file.close()         
Пример #2
0
    def run(self, app_name, recent_path_size, timeout, app_class_files_path,
            login_script):

        #launching the app
        self.init_app(app_name, login_script)

        recent_path = deque(maxlen=recent_path_size)
        self.num_restore = 0
        start_time = time.time()
        self.start_sys_event_generator()
        self.start_output(app_name, app_class_files_path)

        while (time.time() - start_time) < timeout:

            log_proc = state_monitor.get_monitor_proc(app_name)
            monkey_watcher = self.start_monkey(app_name)
            self.start_crash_watcher()

            self.start_exec(log_proc, monkey_watcher, recent_path,
                            recent_path_size, app_name, app_class_files_path)

            coverage_manager.pull_coverage_files(
                self.num_restore, app_name, app_class_files_path,
                vm.VM.ip + ':' + vm.VM.adb_port)

            coverage_manager.compute_current_coverage(app_class_files_path)
            current_coverage = coverage_manager.read_current_coverage()
            print "--the current line coverage : " + str(current_coverage)

            # fittest_state = self.strategy.get_fittest_state()
            fittest_state = self.strategy.get_k_neighbours_fittest_state()
            print "--the fittest state is " + str(fittest_state)

            self.vm.restore_snapshot(str(fittest_state))
            self.vm.reconnect_adb()
            self.monkey_controller.kill_monkey()
            state = self.state_graph.retrieve(fittest_state)
            state.add_restore_count()
            self.state_id_being_fuzzed = fittest_state

            self.num_restore = self.num_restore + 1
            print "Num of restores: " + str(self.num_restore)

        ## terminate
        print 'Timeout reached. Terminating...'
        self.monkey_controller.kill_monkey()
Пример #3
0
    def start_exec(self, log_proc, monkey_watcher, recent_path, recent_path_size, app_package_name, app_class_files_path):
        
        current_coverage = coverage_manager.read_current_coverage()
        event_num=0    
        
        log_watcher=select.poll()
        log_watcher.register(log_proc.stdout, select.POLLIN)

        while True:
            line=""
            if log_proc.poll() != None or not monkey_watcher.isAlive():
                print "no app info in logs ---"
                break

            try:
                if log_watcher.poll(1):
                   line=log_proc.stdout.readline()
                else:
                   continue
            except select.error:
                print "ting: select.error catched!"
                pass

            #parsing the line, skip if the line is empty or there is no state_id
            state_info = self.parse_line(line)
            if state_info is None:
                continue

            id = str(state_info[str(LogcatMessageType.STATE_ID)])
            num_widgets = state_info[str(LogcatMessageType.CONTROLLABLE_WIDGETS)]
            print "--extracted id: "+str(id) +"  num_controllable_widgets: " + str(num_widgets) 

            if id is None:
                continue

            #case where events do not trigger state transition
            if id == self.state_id_being_fuzzed:
                event_num=event_num+1
                print "--event num: " + str(event_num)
                if event_num > 200:
                    #penalize the state
                    state_being_fuzzed = self.state_graph.retrieve(self.state_id_being_fuzzed)
                    if state_being_fuzzed is not None:
                        state_being_fuzzed.add_transition_to_existing_state()
                    #clear observed states
                    recent_path.clear()
                    break

                #bring app under test to front
                if  self.state_id_being_fuzzed == "OOAUT":
                    self.bring_app_to_front(self.pkg_name)
                    
            
            #case where events trigger state transition
            else:
                print "--transiton occurs"
                

                if self.state_graph.is_exist(id):
                    print "--the state " + str(id) +"  exists"
                    self.state_graph.add_edge(self.state_id_being_fuzzed, id)
                    
                    parent = self.state_graph.retrieve(self.state_id_being_fuzzed)
                    parent.add_transition_to_existing_state()
                else:
                    print "--a new state is triggered and add " + str(id) + " into the state graph."

                    self.state_graph.add_node(id)
                    self.state_graph.add_edge(self.state_id_being_fuzzed, id)

                        #rewarding
                    parent = self.state_graph.retrieve(self.state_id_being_fuzzed)
                    child = self.state_graph.retrieve(id)
                    
                    coverage_manager.pull_coverage_files("temp", app_package_name, app_class_files_path,
                                                         vm.VM.ip + ':' + vm.VM.adb_port)

                    coverage_manager.compute_current_coverage(app_class_files_path)  # output in coverage.txt
                    new_coverage = coverage_manager.read_current_coverage()
                    print "--coverage when the new state is triggered: " + str(new_coverage) + " current coverage: " + str(current_coverage)
                    
                    
                    if new_coverage > current_coverage:
                        parent.add_transition_to_high_coverage(child)
                            
                        if id != "OOAUT": 
                            print "--taking snapshot..."
                            self.vm.take_snapshot(id, "", True)
                            self.state_graph.retrieve(id).solid = True

                            current_coverage = new_coverage


                    else:
                        parent.add_transition_to_low_coverage(child)

                self.state_graph.retrieve(id).set_controllable_widgets(int(num_widgets))
                   
 
                self.state_id_being_fuzzed = id 
                event_num=0
                recent_path.append(id)
                
                #logging
                print(recent_path)
                print('the portion to the top 20% most frequent states: ' + str(self.state_graph.compute_frequent_node_portion(list(recent_path), 0.2)))
                #print "--length: "+str(len(recent_path))
                #print(self.state_graph.dump())

                
                if len(recent_path) == recent_path_size and self.state_graph.compute_frequent_node_portion(list(recent_path), 0.2) >= 0.8:
                    recent_path.clear()
                    self.num_restore = self.num_restore +1
                    break