diff --git a/DICE-Evaluation/ARM/Fuzzing/CreateBaseDir.py b/DICE-Evaluation/ARM/Fuzzing/CreateBaseDir.py index f9a8cc9..1d8cf24 100755 --- a/DICE-Evaluation/ARM/Fuzzing/CreateBaseDir.py +++ b/DICE-Evaluation/ARM/Fuzzing/CreateBaseDir.py @@ -39,9 +39,14 @@ help="fuzzing run number") parser.add_argument("-B", "--base", dest="base", default="FuzzDir", help="base dir for fuzzing ") + parser.add_argument("-P", "--project", dest="project", default="", + help="project name (if unspecified, generates for all built-in projects)") args = parser.parse_args() + if len(args.project) != 0: + dirs = [args.project] + base = args.base run_num = args.run @@ -50,4 +55,4 @@ for d in dirs: os.makedirs(base + "/" + d + "/" + run_num + "/inputs") os.makedirs(base + "/" + d + "/" + run_num + "/outputs") - Create(base + "/" + d + "/" + run_num + "/inputs/input.data") \ No newline at end of file + Create(base + "/" + d + "/" + run_num + "/inputs/input.data") diff --git a/DICE-Evaluation/ARM/Fuzzing/fuzz.py b/DICE-Evaluation/ARM/Fuzzing/fuzz.py index 216845b..6400945 100755 --- a/DICE-Evaluation/ARM/Fuzzing/fuzz.py +++ b/DICE-Evaluation/ARM/Fuzzing/fuzz.py @@ -18,6 +18,7 @@ import configparser import argparse +import stat from argparse import Namespace cfg_board = {"f103": "NUCLEO-F103RB", "f429": "STM32F429I-Discovery", "f303":"NUCLEO_F303RE", \ @@ -222,22 +223,46 @@ def sigalarm_handler(signum, frame): cmd_afl += ["-d"] # end of afl options - if 'none' in cfg.redzones: - cmd_afl += [cfg.qemu_bin, "-nographic", - "-board", cfg_board[cfg.mcu] , "-mcu", cfg_mcu[cfg.mcu], "-image", cfg.img, - "-pm-stage", "3", "-aflFile", "@@", - ] - - else: - cmd_afl += [cfg.qemu_bin, "-nographic", - "-board", cfg_board[cfg.mcu] , "-mcu", cfg_mcu[cfg.mcu], "-image", cfg.img, "--dmaFile", cfg.redzones, - "-pm-stage", "3", "-aflFile", "@@", - + cmd_no_afl = [cfg.qemu_bin, "-nographic", + "-board", cfg_board[cfg.mcu] , "-mcu", cfg_mcu[cfg.mcu], "-image", cfg.img, + "-pm-stage", "3", "-aflFile", "@@" + ] + + if not 'none' in cfg.redzones: + cmd_no_afl += [ + "--dmaFile", cfg.redzones, ] + cmd_afl += cmd_no_afl print("cmd_afl: %s\n" % ' '.join(cmd_afl)) + + # Write run_fw.py + with open("run_fw.py", "w") as f: + f.write("#!/usr/bin/env python3\n") + f.write("import sys,subprocess\n") + f.write("if len(sys.argv) < 3 or len(sys.argv) > 4:\n") + f.write(" print(\"Usage: %s last_round_of_model_instantiation test_case [--debug]\" % sys.argv[0])\n") + f.write(" print(\"\t--debug argument is optional. It halts QEMU and wait for a debugger to be attached on TCP port 9000\")\n") + f.write(" sys.exit(-1)\n") + f.write("\n") + # replace "'@@'" with "sys.argv[2]" + cmd = str(cmd_no_afl + ["-model-input", "%s/%%s/peripheral_model.json %% sys.argv[1]" % cfg.working_dir]).replace("'@@'", "sys.argv[2]").replace(" % sys.argv[1]'", "' % sys.argv[1]") + f.write("cmd = %s\n" % str(cmd)) + f.write("\n") + f.write("if len(sys.argv) == 4 and sys.argv[3] == '--debug':\n") + f.write(" # halt qemu and wait for a debugger to be attached\n") + f.write(" cmd+=%s\n" % str(["-gdb", "tcp::9000", "-S"])) + f.write("print(cmd)\n") + f.write("\n") + f.write("subprocess.call(cmd)\n") + os.chmod("run_fw.py", stat.S_IRWXU) + + print("cmd_afl: %s\n" % ' '.join(cmd_afl)) + + + if not args.no_fuzzing: subprocess.call(cmd_afl, env=dict(os.environ, AFL_NO_FORKSRV=''))