always1 = seed always0 = ctypes.c_uint32(~seed).value # for every <DEPTH> bit positions for mask in fuzz: seed2 = seed ^ mask syn2 = common.syntax_from_insword(seed2) if syn == syn2: always1 &= seed2 always0 &= ctypes.c_uint32(~seed2).value else: pass constMaskStr = '' for i in xrange(31, -1, -1): assert not ((always1 & (1 << i)) and (always0 & (1 << i))) if always1 & (1 << i): constMaskStr += '1' elif always0 & (1 << i): constMaskStr += '0' else: constMaskStr += 'x' #print 'always1: %08X' % always1 #print 'always0: %08X' % always0 constbits = always1 | always0 changebits = ctypes.c_uint32(~constbits).value print "{%s,{0x%08X,0x%08X}}, // %s %s" % \ (('"%s"' % syn).rjust(32), seed, changebits, constMaskStr, common.disasm(seed))
############### # go! ############### fuzz = common.fuzz5() targets = sorted(opc2seed) if sys.argv[1:] and sys.argv[1].startswith('--survey='): opc = sys.argv[1][9:] seed = opc2seed[opc] print "// on %08X: %s" % (seed, opc) for mask in fuzz: seed2 = seed ^ mask instr2 = common.disasm(seed2) if not instr2.startswith(opc): continue print instr2 sys.exit(0) start = targets[0] # just an opcode, like `./syn_seeds --start=poppl` if sys.argv[1:] and sys.argv[1].startswith('--start='): start = sys.argv[1][8:] ON = False
syn2mask[m.group(1)] = int(m.group(3),16) ############### # go! ############### seen = {} fuzz = common.fuzz6() syntaxes = sorted(syn2seed) for syn in syntaxes: shuffle(fuzz) seed = syn2seed[syn] mask = syn2mask[syn] distxt = common.disasm(seed) syn = common.syntax_from_string(distxt) print "\t// examples of %s" % syn collection = 0 for f in fuzz: seed2 = seed ^ (mask & f) distxt2 = common.disasm(seed2) syn2 = common.syntax_from_string(distxt2) if syn != syn2: continue if distxt2 in seen: continue
if m: opc2seed[m.group(1)] = int(m.group(2),16) ############### # go! ############### fuzz = common.fuzz4() targets = sorted(opc2seed) if sys.argv[1:]: targets = [sys.argv[1]] syn2seed = {} for opc in targets: seed = opc2seed[opc] #print "// on %08X: %s" % (seed, opc) for mask in fuzz: seed2 = seed ^ mask instr2 = common.disasm(seed2) syn2 = common.syntax_from_string(instr2) if syn2 == opc or syn2.startswith(opc+' '): if not (syn2 in syn2seed): print '"%s": 0x%08X" % (syn2, seed2) syn2seed[syn2] = seed2
#!/usr/bin/env python import common seen = {} for seed in xrange(0, 0x100000000): distxt = common.disasm(seed) if distxt == 'undef': continue fqo = distxt if ' ' in fqo: fqo = fqo[0:fqo.index(' ')] opcnew = common.fqo_to_opcode(fqo) if not (opcnew in seen): seen[opcnew] = seed print "%08X %s" % (seed, opcnew)
print "'%s': 0x%08X" % (syn, example) syn2example[syn] = example # for every <DEPTH> bit positions for positions in itertools.combinations(range(32), DEPTH): for bitvalues in itertools.product([0,1], repeat=DEPTH): example2 = example for i in range(DEPTH): mask = 1 << positions[i] if bitvalues[i]: #print 'setting bit %d' % positions[i] example2 |= mask else: #print 'clearing bit %d' % positions[i] example2 &= ctypes.c_uint32(~mask).value instr2 = common.disasm(example2) syn2 = common.syntax_from_string(instr2) if not (syn2 == opc or syn2.startswith(opc+' ')): continue #print '%08X: %s %s' % (example2, instr2, syn2) if not syn2 in syn2example: print "'%s': 0x%08X" % (syn2, example2) syn2example[syn2] = example2