shithub: fuzz

--- a/fuzz.h

+++ b/fuzz.h

@@ -3,9 +3,13 @@

 #include <u.h>

 #include <libc.h>

+#include <libsec.h>

 #include "list.h"

 #include "mutate.h"

+// Minimum amount of time in ms required for rand() to cycle

+#define MIN_SLEEP 128

 // Number of calls in enum calls

 #define NCALLS 68

 #define NTYPES 16

@@ -14,6 +18,7 @@

 // In main.c

 extern	int		logfd;

 extern	Lock	loglck;

+extern	Lock	rnglck;

/*

 For full list of syscalls:

@@ -162,7 +167,8 @@

 // mutate.c → See mutate.h

 // main.c

-void dolog(char*, ...);

-void debug(char*, ...);

+void	dolog(char*, ...);

+void	debug(char*, ...);

+ulong	rng(void);

 #endif

--- a/main.c

+++ b/main.c

@@ -3,6 +3,7 @@

 // Global variables are bad

 int		logfd = -1; // fd of the log file, initialized in main

 Lock	loglck;		// Lock for logger

+Lock	rnglck;		// Lock for rng

 // Commandline usage warning

 void

@@ -40,6 +41,18 @@

 	#endif

+// Thread-safe sleepable random number generator

+ulong

+rng(void)

+{

+	ulong n;

+	lock(&rnglck);

+	n = fastrand();

+	sleep(MIN_SLEEP);

+	unlock(&rnglck);

+	return n;

+}

 /* Prototypes */

 void	initsctable(void);

 int		name2index(char*);

@@ -86,7 +99,8 @@

 	// save so we don't have two different time(0)'s

-	int fuzz_seed = time(0);

+	//int fuzz_seed = time(0);

+	int fuzz_seed = truerand();

 	srand(fuzz_seed);

 	dolog("== Seed Value: %d ==\n", fuzz_seed);

--- a/mutate.c

+++ b/mutate.c

@@ -9,14 +9,13 @@

     if(*round == ROUND_NUM)

-	dolog("First seeding of rand\n");

-        *in_val = rand();

+        *in_val = rng();

     else

-        (*in_val) << (rand() % (4 + 1 - 0) + 0);

+        (*in_val) << (rng() % (4 + 1 - 0) + 0);

         // Segfaults when fuzzing close() ↓

-        (*in_val) |= (rand() % (15 + 1 - 0) + 0);

+        (*in_val) |= (rng() % (15 + 1 - 0) + 0);

@@ -28,12 +27,12 @@

 		in_val = (int**) malloc(sizeof(int*));

 		*in_val = (int*) malloc(sizeof(int));

-		**in_val = rand();

+		**in_val = rng();

 	else

-	        (**in_val) << (rand() % (4 + 1 - 0) + 0);

-        	(**in_val) |= (rand() % (15 + 1 - 0) + 0);

+	        (**in_val) << (rng() % (4 + 1 - 0) + 0);

+        	(**in_val) |= (rng() % (15 + 1 - 0) + 0);

@@ -42,12 +41,12 @@

     if(*round == ROUND_NUM)

-        *in_val = rand();

+        *in_val = rng();

     else

-        (*in_val) << (rand() % (4 + 1 - 0) + 0);

-        (*in_val) |= (rand() % (15 + 1 - 0) + 0);

+        (*in_val) << (rng() % (4 + 1 - 0) + 0);

+        (*in_val) |= (rng() % (15 + 1 - 0) + 0);

@@ -59,7 +58,7 @@

         free(*in_val);

     const int MAX_SIZE = 2048;

-    int size = rand() % MAX_SIZE + 1;

+    int size = rng() % MAX_SIZE + 1;

 		in_val = malloc(sizeof(char*) * 1);

     *in_val = malloc(sizeof(char) * size);

@@ -67,7 +66,7 @@

     int i;

     for(i = 0; i < size; i++)

-        (*in_val)[i] = rand() % 255;

+        (*in_val)[i] = rng() % 255;

     (*in_val)[size - 1] = '\0';

@@ -83,7 +82,7 @@

         free(*in_val);

     const int MAX_SIZE = 2048;

-    int size = rand() % MAX_SIZE + 1;

+    int size = rng() % MAX_SIZE + 1;

     *in_val = malloc(sizeof(char) * size);

@@ -90,7 +89,7 @@

     int i;

     for(i = 0; i < size; i++)

-        (*in_val)[i] = rand() % 255;

+        (*in_val)[i] = rng() % 255;

     (*in_val)[size - 1] = '\0';

@@ -98,7 +97,7 @@

int

 mut_charstararr(char*** in_val, int *round)

-    int length = (rand() % (64 + 1 - 1) + 1);

+    int length = (rng() % (64 + 1 - 1) + 1);

     return length;

@@ -108,12 +107,12 @@

     if(*round == ROUND_NUM)

-        *in_val = (rand() << 16) | rand();

+        *in_val = (rng() << 16) | rng();

     else

-        (*in_val) << (rand() % (4 + 1 - 0) + 0);

-        (*in_val) |= (rand() % (15 + 1 - 0) + 0);

+        (*in_val) << (rng() % (4 + 1 - 0) + 0);

+        (*in_val) |= (rng() % (15 + 1 - 0) + 0);

@@ -125,13 +124,13 @@

 	// TODO -- check that this is correct

 	in_val = (long**) malloc(sizeof(long*));

 	*in_val = (long*) malloc(sizeof(long));

-	**in_val = (rand() << 16) | rand();

+	**in_val = (rng() << 16) | rng();

     else

-	(**in_val) << (rand() % (4 + 1 - 0) + 0);

+	(**in_val) << (rng() % (4 + 1 - 0) + 0);

 	// Segfaults when fuzzing sleep ↓

-	(**in_val) |= (rand() % (15 + 1 - 0 ) + 0);

+	(**in_val) |= (rng() % (15 + 1 - 0 ) + 0);

@@ -140,12 +139,12 @@

     if(*round == ROUND_NUM)

-        *in_val = (rand() << 16) | rand();

+        *in_val = (rng() << 16) | rng();

     else

-        (*in_val) << (rand() % (4 + 1 - 0) + 0);

-        (*in_val) |= (rand() % (15 + 1 - 0) + 0);

+        (*in_val) << (rng() % (4 + 1 - 0) + 0);

+        (*in_val) |= (rng() % (15 + 1 - 0) + 0);

@@ -154,12 +153,12 @@

     if(*round == ROUND_NUM)

-        *in_val = (rand() << 48) | (rand() << 32) | (rand() << 16) | rand();

+        *in_val = (rng() << 48) | (rng() << 32) | (rng() << 16) | rng();

     else

-        (*in_val) << (rand() % (4 + 1 - 0) + 0);

-        (*in_val) |= (rand() % (15 + 1 - 0) + 0);

+        (*in_val) << (rng() % (4 + 1 - 0) + 0);

+        (*in_val) |= (rng() % (15 + 1 - 0) + 0);

@@ -168,7 +167,7 @@

     if(*round == ROUND_NUM)

-        //*in_val = rand();

+        //*in_val = rng();

     else

@@ -180,7 +179,7 @@

     if(*round == ROUND_NUM)

-        //*in_val = rand();

+        //*in_val = rng();

     else

@@ -192,7 +191,7 @@

     if(*round == ROUND_NUM)

-        //*in_val = rand();

+        //*in_val = rng();

     else

@@ -204,7 +203,7 @@

     if(*round == ROUND_NUM)

-        //*in_val = rand();

+        //*in_val = rng();

     else

@@ -216,7 +215,7 @@

     if(*round == ROUND_NUM)

-        //*in_val = rand();

+        //*in_val = rng();

     else

@@ -228,7 +227,7 @@

     if(*round == ROUND_NUM)

-        //*in_val = rand();

+        //*in_val = rng();

     else

@@ -240,7 +239,7 @@

     if(*round == ROUND_NUM)

-        //*in_val = rand();

+        //*in_val = rng();

     else