Merge pull request #11 from hxuhack/dev-master

source directory decoupled

Author: zzrcxb

README.md

@@ -34,7 +34,7 @@ Then, compile the dependencies: `python3 compile.py -l`
 
 To change our default compiler, please visit `config/compile.json` to modify the `CC` to your preferred compiler.
 
-To change the test cases' root folder, please visit `config/test_settings.py` to change the `src_dirs`.
+To change the test cases' root folder, please visit `config/test_settings.py` to change the 4th element of corresponding record in `switches`.
 
 **Pay attention!** If you are using Triton, please change the Triton installation path at the end of `config/test_settings.py`
 

config/test_settings.py

@@ -1,10 +1,6 @@
 # ============ run_tests Setting ==============
 FUNC_NAME = 'logic_bomb'
 
-src_dirs = [
-    'src/',
-]
-
 cmds_tp_angr = ["clang -Iinclude -Lbuild -o angr/%s.out -xc - -lutils -lpthread -lcrypto -lm",
             "python script/angr_run.py -r -l%d angr/%s.out"]
 
@@ -13,7 +9,7 @@
 
 cmds_tp_klee = [
     "clang -Iinclude -Lbuild -Wno-unused-parameter -emit-llvm -o klee/%s.bc -c -g klee/a.c -lpthread -lutils -lcrypto -lm",
-    "klee klee/%s.bc",
+    "klee --libc=uclibc --posix-runtime klee/%s.bc",
     "python3 script/klee_run.py -e%d -p%s"
 ]
 
@@ -32,11 +28,11 @@
 klee_tp_path = 'templates/klee.c'
 
 switches = {
-    'angr': [cmds_tp_angr, angr_tp_path, 'angr'],
-    'angr_cpp': [cmds_tp_angr_cpp, angr_tp_path, 'angr'],
-    'triton': [cmds_tp_triton, triton_tp_path, 'triton'],
-    'triton_cpp': [cmds_tp_triton_cpp, triton_tp_path, 'triton'],
-    'klee': [cmds_tp_klee, klee_tp_path, 'klee'],
+    'angr': [cmds_tp_angr, angr_tp_path, 'angr', ('src/', )],
+    'angr_cpp': [cmds_tp_angr_cpp, angr_tp_path, 'angr', ('src_cpp/', )],
+    'triton': [cmds_tp_triton, triton_tp_path, 'triton', ('src/', )],
+    'triton_cpp': [cmds_tp_triton_cpp, triton_tp_path, 'triton', ('src_cpp/', )],
+    'klee': [cmds_tp_klee, klee_tp_path, 'klee', ('src/', )],
 }
 
 # ============ triton Setting ==============

include/utils.h

@@ -9,6 +9,8 @@
 #include <string.h>
 #include <time.h>
 #include <sys/time.h>
+#include <sys/stat.h>
+#include <fcntl.h>
 #include <errno.h>
 #include <unistd.h>
 #include <err.h>

run_tests.py

@@ -17,7 +17,7 @@ def kill_all(process):
     parent.kill()
 
 
-def ATKrun(target , src_dirs, func_name='logic_bomb', default_stdin_len=10, maxtime=60):
+def ATKrun(target, func_name='logic_bomb', default_stdin_len=10, maxtime=60, source=None, skip=False):
     def params_list_parser(params):
         if len(params.strip()) == 0:
             return []
@@ -36,12 +36,12 @@ def params_list_parser(params):
                 res.append((var_type, var_name))
             return res
 
-    cmds_tp, tp_path, prefix = target
+    cmds_tp, tp_path, prefix, src_dirs = target
     if not os.path.exists(prefix):
         os.mkdir(prefix)
 
-    if not os.path.exists('tmp'):
-        os.mkdir('tmp')
+    if source and not os.path.exists(source):
+        os.mkdir(source)
 
     ERROR = 0
     CORRECT = 1
@@ -93,8 +93,11 @@ def params_list_parser(params):
                 print(res)
                 res = '\n'.join([content, res])
                 outname = file if len(file.split('.')) == 1 else file.split('.')[0]
-                with open('tmp/' + file, 'w') as f:
+                if source:
+                    with open(os.path.join(source, file), 'w') as f:
                         f.write(res)
+                    if skip:
+                        continue
                 if prefix == 'angr':
                     cmds.append(cmds_tp[0] % outname)
                     cmds.append(cmds_tp[1] % (default_stdin_len, outname))
@@ -176,17 +179,24 @@ def params_list_parser(params):
 
 
 if __name__ == '__main__':
-    from config.test_settings import src_dirs, switches, FUNC_NAME
+    from config.test_settings import switches, FUNC_NAME
     from collections import OrderedDict
     import argparse
 
     parser = argparse.ArgumentParser()
     parser.add_argument("-e", "--engine", required=True, type=str, help="Symbolic execution engine")
-    parser.add_argument("-t", "--maxtime", required=True, type=int, help="Max running time for a program")
+    parser.add_argument("-t", "--maxtime", required=False, default=60, type=int, help="Max running time for a program")
+    parser.add_argument("-s", "--source", required=False, type=str, help="Output source code into a directory")
+    parser.add_argument("-n", "--no_test", action="store_true", help="Don't do the test")
     args = parser.parse_args()
+    
+    if args.source:
+        print("Saving output results in ", args.source)
 
     try:
-        res = ATKrun(switches[args.engine], src_dirs, func_name=FUNC_NAME, maxtime=args.maxtime)
+        res = ATKrun(switches[args.engine], func_name=FUNC_NAME, maxtime=args.maxtime, source=args.source, skip=args.no_test)
+        if args.source and args.no_test:
+            exit(0)
     except KeyError:
         print('Invalid symbolic engine!')
         exit(1)

script/klee_run.py

@@ -26,7 +26,7 @@
 pattern = re.compile(r"data:(.*)\n")
 tests = []
 running_res = set()
-for file in os.listdir(os.path.join('klee', 'klee-last')):
+for file in sorted(os.listdir(os.path.join('klee', 'klee-last'))):
     if file.endswith('.ktest'):
         cmd = 'KTEST_FILE=klee/klee-last/%s' % file
         res = os.system(cmd + ' klee/a.out') >> 8
@@ -38,11 +38,6 @@
         res = pattern.findall(out)[0].strip()
         tests.append(res)
 
-# tohex = lambda x: ''.join(['\\x%02x' % ord(c) for c in x])
-with open('klee_outputs.csv', 'a', newline='', encoding='utf-8-sig') as csvfile:
-    writer = csv.writer(csvfile)
-    writer.writerow([args.program, ] + [_ for _ in tests])
-
 tests = running_res
 
 if 1 in tests:

script_runner.py

@@ -83,7 +83,6 @@ def run(self, stms: list, index=0, expected_indent=None):
                 if i == len(stms) - 1:
                     raise SyntaxError(stm.stm)
                 tmp_iter = self.evaluate(stm.parsed[-1])
-                print(stm.parsed)
                 for tmp in tmp_iter:
                     try:
                         self.variables.append({key: tmp[index] for index, key in enumerate(stm.parsed[1])})

src/buffer_overflow/heap_bo_l1.c

@@ -7,8 +7,8 @@ int n = 5;
 // {"symvar":{"length": 256}}
 int logic_bomb(char* symvar) {
     char *p, *q;
-    p = malloc(16);
-    q = malloc(16);
+    p = (char*)malloc(16);
+    q = (char*)malloc(16);
     strcpy(p, symvar);
     free(q);
     if (n != 5){

src/contextual_symbolic_value/file_posix_csv.c

@@ -0,0 +1,20 @@
+#include <string.h> 
+#include "utils.h"
+
+#include "a_tester.h"
+
+// {"s":{"length": 16}}
+int logic_bomb(char* s) {
+    int trigger = 0;
+    int fd = open(s, O_RDONLY);
+    if(fd != -1) {
+    	trigger = 1;
+        close(fd);
+    }
+
+    if(trigger) {
+        return BOMB_ENDING;
+    } else {
+        return NORMAL_ENDING;
+    }
+}

src/covert_propogation/file_posix_cp_l1.c

@@ -0,0 +1,26 @@
+#include <string.h>
+
+#include "utils.h"
+#include "a_tester.h"
+
+// {"s": {"length": 4}}
+int logic_bomb(char* s) {
+    int symvar = s[0] - 48;
+    int j;
+    char file[] = "tmp.covpro";
+    int fd = open(file, O_CREAT | O_WRONLY | O_TRUNC, S_IRUSR | S_IWUSR);
+    if(fd < 0)
+    {
+        exit(-1);             
+    }
+    write(fd, &symvar, sizeof symvar);
+    close(fd);
+    fd = open(file, O_RDONLY);
+    read(fd, &j, sizeof j);
+    close(fd);
+    if(j == 7){
+        return 1;
+    } else{
+        return 0;
+    }
+}

templates/klee.c

@@ -1,4 +1,4 @@
-int main() {
+int main(int argc, char** argv) {
     {%
         for {<type>}, {<var>}, {<size>} in {<vp>}:
             if {<type>} == {<"char*">}: