plympton 1.1.0

data/lib/plympton/block.rb

@@ -0,0 +1,19 @@
+module Plympton
+	# Class responsible for parsing a YAML serialized block object
+    class Block
+		# YAML Entries
+        attr_accessor   :startEA, :endEA, :numInstructions
+
+		# Defines the objects YAML tag
+		# @return [String] A string signifying the start of an object of this class
+        def to_yaml_type
+            "!fuzz.io,2011/Block"
+        end
+
+        # Convenience method for printing a block 
+        # @return [String] A string representation of a block object
+		def to_s()
+			"#{self.class} (#{self.__id__}):  Start Address: #{startEA}, End Address #{endEA}, No. of Instructions: #{numInstructions}"
+		end
+    end
+end

data/lib/plympton/chunk.rb

@@ -0,0 +1,20 @@
+module Plympton
+	# Class responsible for parsing a YAML serialized chunk object
+    class Chunk
+		# YAML entries
+        attr_accessor   :startEA, :endEA, :blockList, :numBlocks
+
+        # Defines the objects YAML tag
+		# @return [String] A string signifying the start of an object of this class
+        def to_yaml_type
+            "!fuzz.io,2011/Chunk"
+        end
+
+        # Convenience method for printing a chunk 
+        # @return [String] A string representation of a chunk object 
+		def to_s()
+			"#{self.class} (#{self.__id__}):"
+		end
+
+    end
+end

data/lib/plympton/disassembly.rb

@@ -0,0 +1,105 @@
+module Plympton
+	# Class responsible for working with a disassembly
+	class Disassembly
+		attr_accessor	:attributes
+		attr_accessor	:expression
+
+		# Create an instance of the disassembly class
+		# Reads in a YAML serialized disassembly
+		# @param [String] Path to the YAML serialized disassembly
+		# @param [String] A mathematical expression for object evaluation
+		def initialize(yamlDisassembly, literalExpression="")
+
+			# Check for existence of the file
+			if(!File.exists?(yamlDisassembly)) then
+				return(nil)
+			end
+
+			# Unserialize the YAML disassembly
+			@attributes = YAML.load(File.open(yamlDisassembly))	
+			@attributes.setup()
+
+			# Create an instance of the expression
+			initialize_solver(literalExpression)
+		end
+
+		# Wrapper function for the solver's evaluate function 
+		# After expression evaluation it resets for another turn
+		# @param [BigDecimal] Test case runtime, defaults to zero
+		# @return [BigDecimal] The results of the evaluated expression
+		def evaluate(runtime="0")
+			@attributes.runtime = BigDecimal(runtime)
+			result = @expression.evaluate()
+			initialize_solver(@expression.expressionCache)
+
+			# Catch Not A Number or Infinite cases
+			if(result.nan?() or result.infinite?()) then
+				result = BigDecimal("0")
+			end
+
+			return(result)
+		end
+
+		# Function to process hit tracing recorded by Valgrind tools (rufus and callgrind)
+		# @param [String] Path to a valgrind trace file
+		def valgrind_coverage(valgrindTrace)
+
+			# Open the valgrind xml trace file
+			xmlFile = File.open(valgrindTrace, "r")
+			xmlDoc = Nokogiri::XML(xmlFile)
+
+			# Delete any previous hit traces
+			@attributes.functionHitTrace.clear()
+
+			# Parse all the function hits 
+			xmlDoc.xpath("//hit").each do |hit|
+				functionOffset = hit.search("offset").first().inner_text()
+				#puts "Function offset hit: #{functionOffset}"
+				if(@attributes.functionHash.has_key?(functionOffset)) then
+				#puts "Function offset found: #{functionOffset}"
+					if(!@attributes.functionHitTrace.has_key?(functionOffset)) then
+						@attributes.functionHitTrace[functionOffset] = [1] 
+					else
+						@attributes.functionHitTrace[functionOffset][0] = @attributes.functionHitTrace[functionOffset][0] + 1 
+					end
+
+					# Parse all the functions this function called
+					hit.xpath("callee").each do |callee|
+						calleeOffset = callee.search("offset").first().inner_text()
+						numberOfCalls = callee.search("numberOfCalls").first().inner_text().to_i()
+						if(@attributes.functionHash.has_key?(calleeOffset)) then
+							if(!@attributes.functionHitTrace.has_key?(functionOffset)) then
+								@attributes.functionHitTrace[functionOffset] = [numberOfCalls] 
+							else
+								@attributes.functionHitTrace[functionOffset][0] = @attributes.functionHitTrace[functionOffset][0] + numberOfCalls 
+							end
+
+							#puts "Function offset: #{functionOffset} -> #{calleeOffset}"
+							# Increment the number of transitions for a state
+							@attributes.functionHash[functionOffset].numTransitions += BigDecimal("#{numberOfCalls}")
+
+							# Update the transition matrix
+							@attributes.transitionMatrix[@attributes.functionHash[functionOffset].markovIdx, @attributes.functionHash[calleeOffset].markovIdx] = @attributes.transitionMatrix[@attributes.functionHash[functionOffset].markovIdx, @attributes.functionHash[calleeOffset].markovIdx] + BigDecimal("#{numberOfCalls}") 
+
+							# Keep track of call trace and number of times called
+							@attributes.trace << "#{@attributes.functionHash[functionOffset].markovIdx}:#{@attributes.functionHash[calleeOffset].markovIdx}:#{numberOfCalls}"
+						end
+					end # end callee xpath
+				end # end function hash check for hit function
+			end # end hit xpath
+
+			# Cleanup open file
+			xmlFile.close()
+		end
+
+		# Parses a mathematical expression and setups for function evaluation
+		# @param [String] A mathematical expression for object evaluation
+		def initialize_solver(literalExpression)
+			# Allocate an expression to solve
+			@expression = Solver::Parser.new(Solver::Lexer.new(literalExpression))
+			@expression.expressionCache = literalExpression
+			@expression.objectCache = @attributes
+		end
+	
+	end
+end

data/lib/plympton/function.rb

@@ -0,0 +1,31 @@
+module Plympton
+	# Class responsible for parsing a YAML serialized function object
+    class Function
+		# YAML Entries
+        attr_accessor   :name, :startAddress, :endAddress, :savedRegSize, :localVarSize, :argSize, :frameSize, :numArgs, :numLocalVars, :isImport, :numChunks, :chunkList, :cyclomaticComplexity
+
+		attr_accessor :numInstructions
+		attr_accessor :numTransitions, :markovIdx
+
+        # Defines the objects YAML tag
+		# @return [String] A string signifying the start of an object of this class
+		def to_yaml_type
+			"!fuzz.io,2011/Function"
+		end
+
+		def set_total_number_of_instructions()
+			@numInstructions = 0
+			@chunkList.each do |chunk|
+				chunk.blockList.each do |block|
+					@numInstructions = @numInstructions + block.numInstructions
+				end
+			end
+		end
+		
+        # Convenience method for printing a function 
+        # @return [String] A string representation of a function object
+		def to_s()
+			"#{self.class} (#{self.__id__}):#{name}"
+		end
+    end
+end

data/lib/plympton/matrix.rb

@@ -0,0 +1,59 @@
+class NMatrix 
+	# Class Methods
+
+	# Create a new square matrix of BigDecimal 0 objects
+	# @param [Fixnum] Number of rows and columns
+#	def self.square(dimension)
+#		matrix = PlymptonMatrix.object(dimension, dimension)
+#		matrix.fill!(BigDecimal("0"))
+#		puts matrix.class()
+#		return(matrix)
+#	end
+
+	def investigate()
+		dimensions = shape()
+		rowDimension = dimensions[0]
+		colDimension = dimensions[1]
+		puts ""
+		for row in 0...rowDimension 
+			for column in 0...colDimension
+				print " %10f" % self[row, column].to_s('F')
+			end
+			puts""
+		end
+	end
+
+	# Allocate a matrix of BigDecimal zeros
+	# @param [Fixnum] Size of the square matrix n x n
+	# @returns [PlymptonMatrix] An n x n matrix with every entry a BigDecimal("0")
+#	def self.zero(size)
+#		PlymptonMatrix.build(size) do
+#			BigDecimal("0")
+#		end
+#	end
+
+	# Instance Methods 
+	# Prints the string representation of a Matrix object 
+	# @params [Hash] Hash of functions defined by an object
+#	def to_s()
+#		rowSize = row_size()
+#		colSize = column_size()
+#
+#		# Print Matrix Header
+#		print "%12s" % ""
+#		for colIdx in 0...colSize do
+#			print "%10d" % colIdx
+#		end
+#		spacer = "-" * 100
+#		print "\n           %s\n" % spacer 
+#
+#		for rowIdx in 0...rowSize do
+#			print "%10d |" % rowIdx 
+#			for colIdx in 0...colSize do
+#				print" %10f" % self[rowIdx, colIdx].to_s('10F')
+#			end
+#			print(" |\n")
+#		end
+#		nil
+#	end
+end

data/lib/plympton/object.rb

@@ -0,0 +1,153 @@
+module Plympton
+	# Class responsible for parsing a YAML serialized object
+	class Object 
+		# YAML entries
+		attr_accessor   :textSegmentStart, :textSegmentEnd, :functionList, :importList, :numFunctions, :numImports, :numBlocks, :name 
+
+		# Class Attributes not imported via YAML
+		attr_accessor	:runtime
+		attr_accessor   :functionHash
+		attr_accessor	:functionHitTrace
+		attr_accessor	:transitionMatrix
+		attr_accessor	:trace
+
+		# Defines the objects YAML tag
+		# @return [String] A string signifying the start of an object of this class
+		def to_yaml_type
+			"!fuzz.io,2011/Object"
+		end
+
+		# Creates hashes for function lookup and cleans up data imported via YAML::load 
+		def setup()
+			# Housekeeping on library name
+			@name.chomp!()
+
+			# Allocate a hash for function hit tracing
+			@functionHitTrace = Hash.new()
+
+			# Create a function hash for lookups
+			init_function_hash()
+
+			# Add in the markov function (any function not defined by a shared library)
+			markovFunction = Plympton::Function.new() 
+			markovFunction.markovIdx = 0
+			markovFunction.numTransitions = BigDecimal("0")
+			@functionHash["-1"] = markovFunction
+
+			# Precompute number of instructions per function and set markovIdx
+			markovIdx = 1
+			@functionList.each do |function|
+				function.set_total_number_of_instructions()
+				function.markovIdx = markovIdx
+				function.numTransitions = BigDecimal("0")
+				markovIdx += 1
+			end
+
+			# Allocate transition matrix (# functions + special state 0)
+			# Transition matrix persists across test case runs
+#			dimension = @functionHash.size() + 1
+			dimension = @functionHash.size()
+			@transitionMatrix = NMatrix.object(dimension, dimension).fill!(BigDecimal("0"))
+
+			# Allocate a trace for Markov chains
+			@trace = Array.new()
+		end
+
+		# 
+		# @param [String] Base variable name to create a sum and average function
+		# @param [Symbol] Associated instance variable to calculate the sum and average
+		def self.define_sum_avg(variable, attribute)
+			sum_function = variable + "s"
+			define_method(sum_function.to_sym()) do 
+				result = BigDecimal("0")
+				if(@functionHitTrace !=nil and @functionHitTrace.length() > 0) then
+					# Iterate through the function's hit hash
+					@functionHitTrace.each do |offset, numberTimesExecuted|
+						result = result + BigDecimal("#{@functionHash[offset].send(attribute.to_sym())}") * BigDecimal("#{numberTimesExecuted[0]}")
+					end
+				end
+				return(result)
+			end
+
+			# Define the average function
+			avg_function = variable + "a"
+			define_method(avg_function.to_sym()) do 
+				# Catch if the functionHitTrace length is zero
+				numFunctionsExecuted = BigDecimal("0") 
+				@functionHitTrace.each do |offset, numberTimesExecuted|
+					numFunctionsExecuted = numFunctionsExecuted + BigDecimal("#{numberTimesExecuted[0]}")
+				end
+
+				send(sum_function.to_sym())/numFunctionsExecuted
+			end
+		end
+
+		# Define all the sum and average functions
+		{"A" => :numArgs, "B" => :numLocalVars, "C" => :argSize, "D" => :localVarSize,"E" => :numInstructions,"F" => :frameSize,"G" => :cyclomaticComplexity}.each do |variable, attribute|
+			define_sum_avg(variable, attribute)
+		end
+
+		# Function to calculate execution path uniqueness:
+		# http://www.cs.ucf.edu/~czou/research/EvolutionaryInputCrafting-ACSAC07.pdf
+		# Had to scale due to overflow: log 1/product(pi) = log(productpi)-1 = -log(productpi) = - summation log(pi)
+		# @return [BigDecimal] The steady state transition probability
+		def U()
+			dimensions = @transitionMatrix.shape()
+			rowDimension = dimensions[0]
+			colDimension = dimensions[1]
+			pMatrix = NMatrix.object(rowDimension, colDimension).fill!(BigDecimal("0"))
+
+			# Calculate the new transition probabilities
+			@functionHash.each_value do |function|
+				rowIdx = function.markovIdx
+#				puts "#{function.startAddress}: #{function.numTransitions.to_s("F")}"
+				for column in 0...colDimension
+					if(function.numTransitions != BigDecimal("0")) then
+						pMatrix[rowIdx,column] = @transitionMatrix[rowIdx,column]/function.numTransitions
+					end
+				end
+			end
+
+			# Calculate the statistic for function path uniqueness
+			pathUniqueness = BigDecimal("0")
+			@trace.each do |callTrace|
+				traceArr = callTrace.split(":")
+				traceArr[2].to_i.times do
+					#pathUniqueness += BigMath.log(pMatrix[traceArr[0].to_i(), traceArr[1].to_i()], 6)
+					pathUniqueness += Math.log(pMatrix[traceArr[0].to_i(), traceArr[1].to_i()].to_f())
+				end
+			#	puts "#{pMatrix[traceArr[0].to_i(), traceArr[1].to_i()].to_f()}"
+			end
+
+			#puts "Path Uniqueness is: #{pathUniqueness.to_s("F")}"	
+			pathUniqueness = BigDecimal(pathUniqueness.abs.to_s())
+			#puts "Path Uniqueness is: #{pathUniqueness.to_s("F")}"	
+			@trace.clear()
+			return(pathUniqueness)
+		end
+
+		# Function to calculate the function coverage of a test case run
+		# Total number of unique functions/Total number of unique functions executed
+		# @return [BigDecimal] The percentage 
+		def V()
+			functionCoverage = @functionHitTrace.length()/@numFunctions
+			return(BigDecimal(functionCoverage.to_s()))	
+		end
+
+		private
+
+		# Convenience method for creating a lookup hash for functions based on hex address
+		def init_function_hash()
+			@functionHash = Hash.new()
+			@functionList.each do |function|
+				@functionHash[function.startAddress] = function
+			end
+		end
+
+		# Convenience method for printing a chromosome
+		# @return [String] A string representation of the chromosome object
+		def to_s()
+			"#{self.class} (#{self.__id__}):\n#{name}\t#{textSegmentStart}\t#{textSegmentEnd}\t#{numFunctions}\t#{numImports}\t#{numBlocks}"
+		end
+	end
+end

data/lib/plympton/solver.g

@@ -0,0 +1,118 @@
+grammar Solver;
+
+options { 
+		language = Ruby;
+}
+
+tokens {
+	PLUS		= '+';
+	MINUS		= '-';
+	MULT		= '*';
+	DIV			= '/';
+	MOD			= '%';
+	EXP			= '^';
+	LPAREN		= '(';
+	RPAREN		= ')';
+}
+
+@header {
+	require 'bigdecimal/math'
+}
+
+@members {
+	attr_accessor :expressionCache
+	attr_accessor :objectCache
+
+	# Recovery function handling errors 
+	def recover( error = $! )
+		puts "Parser Recovering: #{error}"
+		exit(1)
+	end
+
+	# Reporting function handling errors 
+	def report_error( error = $! )
+		puts "Parser Reporting: #{error}"
+		exit(1)
+	end
+}
+
+
+@lexer::members {
+	# Recovery function handling errors 
+	def recover( error = $! )
+		puts "Lexer Recovering: #{error}"
+		exit(1)
+	end
+
+	# Reporting function handling errors 
+	def report_error( error = $! )
+		puts "Lexer Reporting: #{error}"
+		exit(1)
+	end
+}
+
+/*------------------------------------------------------------------
+ * PARSER RULES
+ *------------------------------------------------------------------*/
+evaluate returns [result] 
+			: r=expression {$result = $r.result }
+			;
+expression returns [result]
+  : r=mult
+    ( '+' r2=mult { $r.result += $r2.result }
+    | '-' r2=mult { $r.result -= $r2.result }
+    )* { $result = $r.result }
+  ;
+
+mult returns [result]
+  : r=log
+    ( '*' r2=log { $r.result *= $r2.result }
+    | '/' r2=log { $r.result /= $r2.result } 
+    )* { $result = $r.result };
+
+log returns [result]
+  : 'ln' r=exp { $result = BigMath.log(r, 2)}
+  | r=exp { $result = $r.result }
+  ;
+
+exp returns [result]
+  : r=atom ( '^' r2=atom { $r.result **= $r2.result.to_i() } )? { $result = $r.result }
+  ;
+
+atom returns [result] 
+			:		(a=INT   {$result = BigDecimal($a.text)}
+			|		 a=FLOAT {$result = BigDecimal($a.text)}
+			|		 LPAREN r=expression { $result = $r.result } RPAREN
+			|		 a=MODVAR	 {
+						$result = @objectCache.send($a.text)
+			}
+			|		 a=UNMODVAR { 
+						case $a.text 
+							when 'R'
+								$result = @objectCache.runtime 
+							when 'U'
+								$result = @objectCache.send($a.text)
+							when 'V'
+								$result = @objectCache.send($a.text)
+							else
+								$result = BigDecimal("0")
+							end
+					 }
+			)
+ ;
+
+/*------------------------------------------------------------------
+ * LEXER RULES
+ *------------------------------------------------------------------*/
+INT		   : (DIGIT)+ ;
+FLOAT	   : INT '.' INT;
+MODVAR	   : 'A'..'G'(MODIFIER); 
+UNMODVAR   : ( 'R' | 'U' | 'V' );
+WHITESPACE : ( '\t' | ' ' | '\r' | '\n'| '\u000C' )+ { $channel = HIDDEN; };
+
+/*------------------------------------------------------------------
+ * Fragment RULES (Only used as part of another Lexer Rule)
+ *------------------------------------------------------------------*/
+
+fragment DIGIT : '0'..'9';
+fragment MODIFIER: 'a'|'s';