程序代写 #include “Instrument.h”

程序代写 CS代考 / Algorithm算法代写代考

#include “Instrument.h”

using namespace llvm;

Copyright By PowCoder代写 加微信 powcoder

namespace instrument {

static const char *SanitizerFunctionName = “__dbz_sanitizer__”;
static const char *CoverageFunctionName = “__coverage__”;

* Implement divide-by-zero sanitizer.
void instrumentSanitizer(Module *M, Function &F, Instruction &I) {
/* Add your code here */
int divisor = 0;
int line = 0;
int column = 0;
LLVMContext &context = M->getContext();
Type* divisorType = Type::getInt32Ty(context);

* Implement code coverage instrumentation.
void instrumentCoverage(Module *M, Function &F, Instruction &I) {
/* Add your code here */
int line = 0;
int column = 0;

LLVMContext &context = M->getContext();
Type* funcType = Type::getVoidTy(context);
Type* lineType = Type::getInt32Ty(context);
Type* columnType = Type::getInt32Ty(context);

DebugLoc debug = I.getDebugLoc();
((debug) ? Twine(line = debug.getLine()) : Twine(““));
((debug) ? Twine(column = debug.getCol()) : Twine(““));

if (line > 0) {
errs() << "line: " << line << " column: " << column << '\n'; bool Instrument::runOnFunction(Function &F) { /* Add your code here */ Module *M = F.getParent(); for (auto& B : F) { for (auto& I : B) { instrumentCoverage(M, F, I); instrumentSanitizer(M, F, I); return true; char Instrument::ID = 1; static RegisterPass
X(“Instrument”, “Instrumentations for Dynamic Analysis”, false, false);

} // namespace instrument
#include
#include
#include
#include
#include

#include “Mutate.h”
#include “Utils.h”

int Freq = 1000000;
int Count = 0;

bool test(std::string &Target, std::string &Input, std::string &CampaignStr, std::string &OutDir) {
int ReturnCode = runTarget(Target, Input);
switch (ReturnCode) {
if (Count % Freq == 0)
storePassingInput(Input, CampaignStr, OutDir);
return true;
fprintf(stderr, “%d crashes found\n”, failureCount);
storeCrashingInput(Input, CampaignStr, OutDir);
return false;
fprintf(stderr, “%s not found\n”, Target.c_str());

// ./fuzzer [exe file] [seed input dir] [output dir]
int main(int argc, char **argv) {
if (argc < 5) { printf("usage %s [exe file] [seed input dir] [output dir] [campaign]\n", argv[0]); struct stat Buffer; if (stat(argv[1], &Buffer)) { fprintf(stderr, "%s not found\n", argv[1]); if (stat(argv[2], &Buffer)) { fprintf(stderr, "%s not found\n", argv[2]); if (stat(argv[3], &Buffer)) { fprintf(stderr, "%s not found\n", argv[3]); if (argc >= 6) {
Freq = strtol(argv[5],NULL,10);

std::string Target(argv[1]);
std::string SeedInputDir(argv[2]);
std::string OutDir(argv[3]);

std::string CampaignStr(argv[4]);
Campaign FuzzCampaign;
if (!toCampaign(CampaignStr, FuzzCampaign)) {

initialize(OutDir);

if (readSeedInputs(SeedInputDir)) {
fprintf(stderr, “Cannot read seed input directory\n”);

while (true) {
for (auto i = 0; i < SeedInputs.size(); i++) { auto I = SeedInputs[i]; std::string Mutant = mutate(I, FuzzCampaign); test(Target, Mutant, CampaignStr, OutDir); SeedInputs.push_back(Mutant); #include "Mutate.h" #include
#include

std::map to_campaign =
{{“MutationA”, MutationA}, {“MutationB”, MutationB}, {“MutationC”, MutationC}};

bool toCampaign(std::string Str, Campaign& FuzzCampaign) {
auto I = to_campaign.find(Str);
if (I == to_campaign.end()) {
fprintf(stderr, “\”%s\” not a valid fuzz campaign, choice options are: “, Str.c_str());
for (auto &I2 : to_campaign) {
fprintf(stderr, “%s “, I2.first.c_str());
fprintf(stderr, “\n”);
return false;
FuzzCampaign = I->second;
return true;

* Implement your mutation algorithms.

std::string mutateA(std::string Origin) {
// Replace bytes with random values
int lower = 33; // !
int upper = 126; // ~

char root[Origin.size() + 1];
strcpy(root, Origin.c_str());

for (int i = 0; root[i] != 0; i++){
char newChar = (rand() % (upper – lower + 1)) + lower;
root[i] = newChar;

return root;

std::string mutateB(std::string Origin) {
// Swap adjacent bytes
int lenght = Origin.size() + 1;
char temp;
char root[lenght];
strcpy(root, Origin.c_str());

for (int i = 0; root[i] != 0; i+=2){
temp = root[i];
root[i] = root[i + 1];
root[i + 1] = temp;

return root;

std::string mutateC(std::string Origin) {
// Insert a random byte
int lenght = Origin.size() + 1;
int lower = 33; // !
int upper = 126; // ~

char root[lenght];
strcpy(root, Origin.c_str());

root[0] = (rand() % (upper – lower + 1)) + lower;

return root;

std::string mutate(std::string Origin, Campaign& FuzzCampaign) {
std::string Mutant;
switch (FuzzCampaign) {
case MutationA:
return mutateA(Origin);
case MutationB:
return mutateB(Origin);
case MutationC:
return mutateC(Origin);
#include
#include
#include
#include
#include
#include

#include “Mutate.h”
#include “Utils.h”

#include

std::string CampaignToStr(Campaign &FuzzCamp) {
switch (FuzzCamp) {
case MutationA:
return “MutationA”;
case MutationB:
return “MutationB”;
case MutationC:
return “MutationC”;

* Implement your feedback-directed seed update algorithm.
std::pair selectSeedAndCampaign() {

std::string Seed = SeedInputs[MutationA].back();
Campaign FuzzCamp = MutationA;

return std::make_pair(Seed,FuzzCamp);

* Implement your feedback-directed seed update algorithm.
void updateSeedInputs(std::string &Target, std::string &Mutated, Campaign &FuzzCamp, bool Success) {

int Freq = 1000;
int Count = 0;

bool test(std::string &Target, std::string &Input, Campaign &FuzzCamp, std::string &OutDir) {
// Clean up old coverage file before running
std::string CoveragePath = Target + “.cov”;
std::remove(CoveragePath.c_str());

int ReturnCode = runTarget(Target, Input);
switch (ReturnCode) {
if (Count % Freq == 0)
storePassingInput(Input, CampaignToStr(FuzzCamp), OutDir);
return true;
fprintf(stderr, “%d crashes found\n”, failureCount);
storeCrashingInput(Input, CampaignToStr(FuzzCamp), OutDir);
return false;
fprintf(stderr, “%s not found\n”, Target.c_str());

// ./fuzzer [exe file] [seed input dir] [output dir]
int main(int argc, char **argv) {
if (argc < 4) { printf("usage %s [exe file] [seed input dir] [output dir]\n", argv[0]); srand(time(NULL)); struct stat Buffer; if (stat(argv[1], &Buffer)) { fprintf(stderr, "%s not found\n", argv[1]); if (stat(argv[2], &Buffer)) { fprintf(stderr, "%s not found\n", argv[2]); if (stat(argv[3], &Buffer)) { fprintf(stderr, "%s not found\n", argv[3]); if (argc >= 5) {
Freq = strtol(argv[5], NULL, 10);

std::string Target(argv[1]);
std::string SeedInputDir(argv[2]);
std::string OutDir(argv[3]);

initialize(OutDir);

if (readSeedInputs(SeedInputDir)) {
fprintf(stderr, “Cannot read seed input directory\n”);

while (true) {
// NOTE: You should feel free to manipulate this run loop
std::pair SC = selectSeedAndCampaign();
auto Mutant = mutate(SC.first, SC.second);
auto Success = test(Target, Mutant, SC.second, OutDir);
updateSeedInputs(Target, Mutant, SC.second, Success);

#include “Mutate.h”

#include
#include

* Implement your mutation algorithm.

std::map to_campaign = {
{“MutationA”, MutationA},
{“MutationB”, MutationB},
{“MutationC”, MutationC},

bool toCampaign(std::string Str, Campaign& FuzzCampaign) {
auto I = to_campaign.find(Str);
if (I == to_campaign.end()) {
fprintf(stderr, “\”%s\” not a valid fuzz campaign, choice options are: “, Str.c_str());
for (auto &I2 : to_campaign) {
fprintf(stderr, “%s “, I2.first.c_str());
fprintf(stderr, “\n”);
return false;
FuzzCampaign = I->second;
return true;

std::string mutateA(std::string Origin) {
return Origin;

std::string mutateB(std::string Origin) {
return Origin;

std::string mutateC(std::string Origin) {
return Origin;

std::string mutate(std::string Origin, Campaign& FuzzCampaign) {
std::string Mutant;
switch (FuzzCampaign) {
case MutationA:
return mutateA(Origin);
case MutationB:
return mutateB(Origin);
case MutationC:
return mutateC(Origin);

程序代写 CS代考 加微信: powcoder QQ: 1823890830 Email: powcoder@163.com

Related Posts