From 65d4fa53b94b772153f7361c39a41881a763b9c2 Mon Sep 17 00:00:00 2001 From: Michael Rodler Date: Tue, 19 Jul 2022 10:29:21 +0200 Subject: [PATCH 1/2] added bench to bug mode --- src/Fuzz/Fuzz.fs | 3 ++- src/Fuzz/Options.fs | 7 ++++++- src/Fuzz/TCManage.fs | 2 ++ 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/src/Fuzz/Fuzz.fs b/src/Fuzz/Fuzz.fs index 3a2ee0d2c..118362195 100644 --- a/src/Fuzz/Fuzz.fs +++ b/src/Fuzz/Fuzz.fs @@ -118,7 +118,8 @@ let rec private fuzzLoop opt contSpec concQ randQ = let concQ, randQ = repeatGreyConcolic opt concQ randQ concolicBudget // Perform random fuzzing let concQ, randQ = repeatRandFuzz opt contSpec concQ randQ randFuzzBudget - fuzzLoop opt contSpec concQ randQ + if not (TCManage.shallStop opt) then + fuzzLoop opt contSpec concQ randQ let private fuzzingTimer opt = async { let timespan = System.TimeSpan (0, 0, 0, opt.Timelimit) diff --git a/src/Fuzz/Options.fs b/src/Fuzz/Options.fs index a079b8aee..98463fac6 100644 --- a/src/Fuzz/Options.fs +++ b/src/Fuzz/Options.fs @@ -13,6 +13,7 @@ type FuzzerCLI = | [] NoDDFA | [] CheckOptionalBugs | [] UseOthersOracle + | [] BenchToBug with interface IArgParserTemplate with member s.Usage = @@ -29,6 +30,7 @@ with | UseOthersOracle -> "Report bugs using other tools' oracles as well.\n\ Currently we support (BD/IB/ME/RE) X (sFuzz/ILF/Mythril/MANTICORE)." + | BenchToBug -> "stop analysis after first bug found" type FuzzOption = { Verbosity : int @@ -40,6 +42,7 @@ type FuzzOption = { DynamicDFA : bool CheckOptionalBugs : bool UseOthersOracle : bool + BenchToBug : bool } let parseFuzzOption (args: string array) = @@ -55,4 +58,6 @@ let parseFuzzOption (args: string array) = StaticDFA = not (r.Contains(<@ NoSDFA @>)) // Enabled by default. DynamicDFA = not (r.Contains(<@ NoDDFA @>)) // Enabled by default. CheckOptionalBugs = r.Contains(<@ CheckOptionalBugs @>) - UseOthersOracle = r.Contains(<@ UseOthersOracle @>) } + UseOthersOracle = r.Contains(<@ UseOthersOracle @>) + BenchToBug = r.Contains(<@ BenchToBug @>) + } diff --git a/src/Fuzz/TCManage.fs b/src/Fuzz/TCManage.fs index 78861840f..fdd61b714 100644 --- a/src/Fuzz/TCManage.fs +++ b/src/Fuzz/TCManage.fs @@ -126,3 +126,5 @@ let evalAndSave opt seed = if not covGain && duGain && opt.Verbosity >= 2 then log "[*] Internal new seed: %s" (Seed.toString seed) covGain || duGain // Returns whether this seed is meaningful. + +let shallStop opt = (opt.BenchToBug && totalBug > 0) From a1bd96e0be9b27cfd19a71aff8ff3860b3c90ee8 Mon Sep 17 00:00:00 2001 From: Michael Rodler Date: Tue, 19 Jul 2022 10:45:40 +0200 Subject: [PATCH 2/2] print statistics also on bench-to-bug finish --- src/Fuzz/Fuzz.fs | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/src/Fuzz/Fuzz.fs b/src/Fuzz/Fuzz.fs index 118362195..2d74c2b94 100644 --- a/src/Fuzz/Fuzz.fs +++ b/src/Fuzz/Fuzz.fs @@ -121,15 +121,18 @@ let rec private fuzzLoop opt contSpec concQ randQ = if not (TCManage.shallStop opt) then fuzzLoop opt contSpec concQ randQ -let private fuzzingTimer opt = async { - let timespan = System.TimeSpan (0, 0, 0, opt.Timelimit) - System.Threading.Thread.Sleep (timespan) - printLine "Fuzzing timeout expired." +let private exitWith opt msg = + printLine msg if opt.CheckOptionalBugs then TCManage.checkFreezingEtherBug () log "===== Statistics =====" TCManage.printStatistics () log "Done, clean up and exit..." exit (0) + +let private fuzzingTimer opt = async { + let timespan = System.TimeSpan (0, 0, 0, opt.Timelimit) + System.Threading.Thread.Sleep (timespan) + exitWith opt "Fuzzing timeout expired." } let run args = @@ -148,3 +151,4 @@ let run args = let randQ = List.fold RandFuzzQueue.enqueue (RandFuzzQueue.init ()) initSeeds log "Start main fuzzing phase" fuzzLoop opt contSpec concQ randQ + exitWith opt "Fuzzing Stopped"