dblotsky / stringfuzz Goto Github PK
View Code? Open in Web Editor NEWFuzzer and generator for string and regex problems in SMT-LIB 2.x format.
License: Other
stringfuzz's People
Contributors
Stargazers
Watchers
stringfuzz's Issues
Issue with double-quote character
Hello,
I am using your stringfuzz and figure out a minor issue in generating tests.
When you generate tests with double-quote character " with language SMT2.5, it seems you forget to escape it into \". I found it in folders regex-small, regex-big, and regex-deep in your benchmark at http://stringfuzz.dmitryblotsky.com/benchmarks/, for example, regex-small-00037.smt25 containing (str.to.re """").
The issue leads to an error in running CVC4 when the solver handles the test.
Hope my comment useful.
Best regards,
Diep
Output should be randomized if random seed is not specified
For convenience when generating large numbers of cases, it would be useful to generate a random seed for the user if one is not set on the command line. Currently multiple invocations of the same command and arguments generate the same output.
stringfuzzx strips out satisfiability info
stringfuzzx should strip out get-model and set-info status
stringfuzzx: IndexOf not supported when converting to smt25
The IndexOf operator, which exists in the smt20 language, cannot be converted to smt25. Attempting to do so throws an exception stringfuzz.generator.NotSupported.
The appropriate conversion for IndexOf in smt25 is str.indexof. The arguments do not need to be changed in any way, just the name of the operator.
There should be an Add/Remove transformer
Features:
- Randomly add a new assert (with fresh vars or existing vars)
- Randomly remove an assert
stringfuzzg regex: NameError: name 'ReConcatNode' is not defined
I think this is a side effect of the parser changes.
line 100, in make_random_terms
scanning error
The following won't scan. We get:
scanning error:
WHITESPACE '\n\n'
LPAREN '('
SYMBOL 'declare-const'
WHITESPACE ' '
IDENTIFIER 'p0'
'.0.action Bool)\n(assert (= p0.0.action (= "s3" actionNamespace)))\n\n(declare-const p0.0.resource Bool'...
(declare-const actionNamespace String)
(declare-const resourceAccount String)
(declare-const resourcePartition String)
(declare-const resourceRegion String)
(declare-const resourceResource String)
(declare-const resourceService String)
; Action: p0.0
(declare-const p0.0.action Bool)
(assert (= p0.0.action (= "s3" actionNamespace)))
; Resource: p0.0
(declare-const p0.0.resource Bool)
;
(assert (= p0.0.resource (and (= "aws" resourcePartition) (= "s3" resourceService) (= "" resourceRegion) (= "" resourceAccount)
; (and (str.prefixof "aaa" resourceResource) (str.suffixof s1 resourceResource) (str.prefixof "bbb" s1))
(str.in.re resourceResource (re.++ (re.++ (str.to.re "aaa") re.all) (re.++ (str.to.re "bbb") re.all)))
)))
; Statement: p0.0
(declare-const p0.0.statement.allows Bool)
(declare-const p0.0.statement.denies Bool)
(assert (= p0.0.statement.allows (and p0.0.action p0.0.resource)))
(assert (not p0.0.statement.denies))
; Policy: 0
(declare-const p0.allows Bool)
(declare-const p0.denies Bool)
(declare-const p0.neutral Bool)
(assert (= p0.allows (and (not p0.denies) p0.0.statement.allows)))
(assert (= p0.denies p0.0.statement.denies))
(assert (= p0.neutral (and (not p0.allows) (not p0.denies))))
; Action: p1.0
(declare-const p1.0.action Bool)
(assert (= p1.0.action (= "s3" actionNamespace)))
; Resource: p1.0
(declare-const p1.0.resource Bool)
(assert (= p1.0.resource (and (= "aws" resourcePartition) (= "s3" resourceService) (= "" resourceRegion) (= "" resourceAccount)
; (str.prefixof "aaabbb" resourceResource)
(str.in.re resourceResource (re.++ (str.to.re "aaabbb") re.all))
)))
; Statement: p1.0
(declare-const p1.0.statement.allows Bool)
(declare-const p1.0.statement.denies Bool)
(assert (= p1.0.statement.allows (and p1.0.action p1.0.resource)))
(assert (not p1.0.statement.denies))
; Policy: 1
(declare-const p1.allows Bool)
(declare-const p1.denies Bool)
(declare-const p1.neutral Bool)
(assert (= p1.allows (and (not p1.denies) p1.0.statement.allows)))
(assert (= p1.denies p1.0.statement.denies))
(assert (= p1.neutral (and (not p1.allows) (not p1.denies))))
(assert p0.allows)
(assert (or p1.denies p1.neutral))
(check-sat)
(get-model)
This could be related to Issue #3, but removing comments doesn't fix the problem. It might be the dots in the identifier name.
Bandit Issue #3
Another crash. I don't have an input, but I have the command and trace. This happened consistently for 500 jobs. Normally after 5-8 hours.
Mutated with the following command: stringfuzzx --file /tmp/tmpr_9wd6tx --random bandit --operator 'IndexOf2'
Trace:
File "/project/6001884/joescott/banditfuzz/venv/bin/stringfuzzx", line 7, in <module>
exec(compile(f.read(), __file__, 'exec'))
File "/project/6001884/joescott/banditfuzz/banditfuzz/stringfuzz/bin/stringfuzzx", line 259, in <module>
main()
File "/project/6001884/joescott/banditfuzz/banditfuzz/stringfuzz/bin/stringfuzzx", line 253, in main
transformed = transformer(ast, **transformer_args)
File "/project/6001884/joescott/banditfuzz/banditfuzz/stringfuzz/stringfuzz/transformers/bandit.py", line 129, in bandit
transformed = BanditTransformer(ast, pair).walk()
File "/project/6001884/joescott/banditfuzz/banditfuzz/stringfuzz/stringfuzz/ast_walker.py", line 16, in walk
self.walk_expression(expression, None)
File "/project/6001884/joescott/banditfuzz/banditfuzz/stringfuzz/stringfuzz/ast_walker.py", line 27, in walk_expression
self.walk_expression(sub_expression, expression)
File "/project/6001884/joescott/banditfuzz/banditfuzz/stringfuzz/stringfuzz/ast_walker.py", line 27, in walk_expression
self.walk_expression(sub_expression, expression)
File "/project/6001884/joescott/banditfuzz/banditfuzz/stringfuzz/stringfuzz/ast_walker.py", line 27, in walk_expression
self.walk_expression(sub_expression, expression)
File "/project/6001884/joescott/banditfuzz/banditfuzz/stringfuzz/stringfuzz/ast_walker.py", line 27, in walk_expression
self.walk_expression(sub_expression, expression)
File "/project/6001884/joescott/banditfuzz/banditfuzz/stringfuzz/stringfuzz/ast_walker.py", line 23, in walk_expression
self.enter_expression(expression, parent)
File "/project/6001884/joescott/banditfuzz/banditfuzz/stringfuzz/stringfuzz/transformers/bandit.py", line 31, in enter_expression
if expr.body[i] == self.pair[0]:
File "/project/6001884/joescott/banditfuzz/banditfuzz/stringfuzz/stringfuzz/ast.py", line 95, in __eq__
return repr(self) == repr(other)
File "/project/6001884/joescott/banditfuzz/banditfuzz/stringfuzz/stringfuzz/ast.py", line 244, in __repr__
return '(\'{}\' {})'.format(self.symbol, with_spaces(self.body))
File "/project/6001884/joescott/banditfuzz/banditfuzz/stringfuzz/stringfuzz/ast.py", line 90, in with_spaces
return ' '.join(map(repr, terms))
File "/project/6001884/joescott/banditfuzz/banditfuzz/stringfuzz/stringfuzz/ast.py", line 244, in __repr__
return '(\'{}\' {})'.format(self.symbol, with_spaces(self.body))
File "/project/6001884/joescott/banditfuzz/banditfuzz/stringfuzz/stringfuzz/ast.py", line 90, in with_spaces
return ' '.join(map(repr, terms))
File "/project/6001884/joescott/banditfuzz/banditfuzz/stringfuzz/stringfuzz/ast.py", line 244, in __repr__
return '(\'{}\' {})'.format(self.symbol, with_spaces(self.body))
File "/project/6001884/joescott/banditfuzz/banditfuzz/stringfuzz/stringfuzz/ast.py", line 90, in with_spaces
return ' '.join(map(repr, terms))
File "/project/6001884/joescott/banditfuzz/banditfuzz/stringfuzz/stringfuzz/ast.py", line 244, in __repr__
return '(\'{}\' {})'.format(self.symbol, with_spaces(self.body))
File "/project/6001884/joescott/banditfuzz/banditfuzz/stringfuzz/stringfuzz/ast.py", line 90, in with_spaces
return ' '.join(map(repr, terms))
File "/project/6001884/joescott/banditfuzz/banditfuzz/stringfuzz/stringfuzz/ast.py", line 244, in __repr__
return '(\'{}\' {})'.format(self.symbol, with_spaces(self.body))
File "/project/6001884/joescott/banditfuzz/banditfuzz/stringfuzz/stringfuzz/ast.py", line 90, in with_spaces
return ' '.join(map(repr, terms))
File "/project/6001884/joescott/banditfuzz/banditfuzz/stringfuzz/stringfuzz/ast.py", line 244, in __repr__
return '(\'{}\' {})'.format(self.symbol, with_spaces(self.body))
File "/project/6001884/joescott/banditfuzz/banditfuzz/stringfuzz/stringfuzz/ast.py", line 90, in with_spaces
return ' '.join(map(repr, terms))
File "/project/6001884/joescott/banditfuzz/banditfuzz/stringfuzz/stringfuzz/ast.py", line 244, in __repr__
return '(\'{}\' {})'.format(self.symbol, with_spaces(self.body))
File "/project/6001884/joescott/banditfuzz/banditfuzz/stringfuzz/stringfuzz/ast.py", line 90, in with_spaces
return ' '.join(map(repr, terms))
File "/project/6001884/joescott/banditfuzz/banditfuzz/stringfuzz/stringfuzz/ast.py", line 244, in __repr__
return '(\'{}\' {})'.format(self.symbol, with_spaces(self.body))
(this loops)
Additional sharcnet os stuff FWIW:
unhandled error warning: Can't locate Data/Dumper.pm in @INC (@INC contains: /cvmfs/soft.computecanada.ca/nix/var/nix/profiles/16.09/lib/perl5/site_perl /cvmfs/soft.computecanada.ca/nix/var/nix/profiles/16.09/lib/perl5 /cvmfs/soft.computecanada.ca/nix/var/nix/profiles/16.09/lib/perl5 /cvmfs/soft.computecanada.ca/nix/var/nix/profiles/16.09/lib/perl5/site_perl /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at ./banditfuzz/timeout/timeout line 115.
BEGIN failed--compilation aborted at ./banditfuzz/timeout/timeout line 115.
unhandled error warning: Can't locate Data/Dumper.pm in @INC (@INC contains: /cvmfs/soft.computecanada.ca/nix/var/nix/profiles/16.09/lib/perl5/site_perl /cvmfs/soft.computecanada.ca/nix/var/nix/profiles/16.09/lib/perl5 /cvmfs/soft.computecanada.ca/nix/var/nix/profiles/16.09/lib/perl5 /cvmfs/soft.computecanada.ca/nix/var/nix/profiles/16.09/lib/perl5/site_perl /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at ./banditfuzz/timeout/timeout line 115.
BEGIN failed--compilation aborted at ./banditfuzz/timeout/timeout line 115.
unhandled error warning: Can't locate Data/Dumper.pm in @INC (@INC contains: /cvmfs/soft.computecanada.ca/nix/var/nix/profiles/16.09/lib/perl5/site_perl /cvmfs/soft.computecanada.ca/nix/var/nix/profiles/16.09/lib/perl5 /cvmfs/soft.computecanada.ca/nix/var/nix/profiles/16.09/lib/perl5 /cvmfs/soft.computecanada.ca/nix/var/nix/profiles/16.09/lib/perl5/site_perl /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at ./banditfuzz/timeout/timeout line 115.
BEGIN failed--compilation aborted at ./banditfuzz/timeout/timeout line 115.
unhandled error warning: Can't locate Data/Dumper.pm in @INC (@INC contains: /cvmfs/soft.computecanada.ca/nix/var/nix/profiles/16.09/lib/perl5/site_perl /cvmfs/soft.computecanada.ca/nix/var/nix/profiles/16.09/lib/perl5 /cvmfs/soft.computecanada.ca/nix/var/nix/profiles/16.09/lib/perl5 /cvmfs/soft.computecanada.ca/nix/var/nix/profiles/16.09/lib/perl5/site_perl /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at ./banditfuzz/timeout/timeout line 115.
BEGIN failed--compilation aborted at ./banditfuzz/timeout/timeout line 115.
unhandled error warning: Can't locate Data/Dumper.pm in @INC (@INC contains: /cvmfs/soft.computecanada.ca/nix/var/nix/profiles/16.09/lib/perl5/site_perl /cvmfs/soft.computecanada.ca/nix/var/nix/profiles/16.09/lib/perl5 /cvmfs/soft.computecanada.ca/nix/var/nix/profiles/16.09/lib/perl5 /cvmfs/soft.computecanada.ca/nix/var/nix/profiles/16.09/lib/perl5/site_perl /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at ./banditfuzz/timeout/timeout line 115.
BEGIN failed--compilation aborted at ./banditfuzz/timeout/timeout line 115.
unhandled error warning: Can't locate Data/Dumper.pm in @INC (@INC contains: /cvmfs/soft.computecanada.ca/nix/var/nix/profiles/16.09/lib/perl5/site_perl /cvmfs/soft.computecanada.ca/nix/var/nix/profiles/16.09/lib/perl5 /cvmfs/soft.computecanada.ca/nix/var/nix/profiles/16.09/lib/perl5 /cvmfs/soft.computecanada.ca/nix/var/nix/profiles/16.09/lib/perl5/site_perl /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at ./banditfuzz/timeout/timeout line 115.
BEGIN failed--compilation aborted at ./banditfuzz/timeout/timeout line 115.
unhandled error warning: Can't locate Data/Dumper.pm in @INC (@INC contains: /cvmfs/soft.computecanada.ca/nix/var/nix/profiles/16.09/lib/perl5/site_perl /cvmfs/soft.computecanada.ca/nix/var/nix/profiles/16.09/lib/perl5 /cvmfs/soft.computecanada.ca/nix/var/nix/profiles/16.09/lib/perl5 /cvmfs/soft.computecanada.ca/nix/var/nix/profiles/16.09/lib/perl5/site_perl /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at ./banditfuzz/timeout/timeout line 115.
BEGIN failed--compilation aborted at ./banditfuzz/timeout/timeout line 115.
unhandled error warning: Can't locate Data/Dumper.pm in @INC (@INC contains: /cvmfs/soft.computecanada.ca/nix/var/nix/profiles/16.09/lib/perl5/site_perl /cvmfs/soft.computecanada.ca/nix/var/nix/profiles/16.09/lib/perl5 /cvmfs/soft.computecanada.ca/nix/var/nix/profiles/16.09/lib/perl5 /cvmfs/soft.computecanada.ca/nix/var/nix/profiles/16.09/lib/perl5/site_perl /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at ./banditfuzz/timeout/timeout line 115.
BEGIN failed--compilation aborted at ./banditfuzz/timeout/timeout line 115.
unhandled error warning: Can't locate Data/Dumper.pm in @INC (@INC contains: /cvmfs/soft.computecanada.ca/nix/var/nix/profiles/16.09/lib/perl5/site_perl /cvmfs/soft.computecanada.ca/nix/var/nix/profiles/16.09/lib/perl5 /cvmfs/soft.computecanada.ca/nix/var/nix/profiles/16.09/lib/perl5 /cvmfs/soft.computecanada.ca/nix/var/nix/profiles/16.09/lib/perl5/site_perl /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at ./banditfuzz/timeout/timeout line 115.
BEGIN failed--compilation aborted at ./banditfuzz/timeout/timeout line 115.
unhandled error warning: Can't locate Data/Dumper.pm in @INC (@INC contains: /cvmfs/soft.computecanada.ca/nix/var/nix/profiles/16.09/lib/perl5/site_perl /cvmfs/soft.computecanada.ca/nix/var/nix/profiles/16.09/lib/perl5 /cvmfs/soft.computecanada.ca/nix/var/nix/profiles/16.09/lib/perl5 /cvmfs/soft.computecanada.ca/nix/var/nix/profiles/16.09/lib/perl5/site_perl /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at ./banditfuzz/timeout/timeout line 115.
BEGIN failed--compilation aborted at ./banditfuzz/timeout/timeout line 115.
stringfuzzx: scanning error for comment
Converting the following input from SMT2.5 to SMT2.0 with stringfuzzx results in a scanning error:
(set-logic QF_S)
(declare-const X String)
(declare-const Y String)
(assert (= "abc" (str.++ X Y)))
(check-sat)
;(get-model)
Removing the semicolon on the last line (which starts a line comment) results in the expected output being displayed. Has support been added in the grammar for comments in input files?
Bandit Issue #1
Command:
stringfuzzx --file /tmp/tmpup689xdy --random bandit --operator 'IndexOf2'
Input:
(set-logic QF_S)
(declare-fun var0 () String)
(declare-fun var1 () String)
(declare-fun var2 () String)
(declare-fun var3 () Int)
(declare-fun var4 () Int)
(declare-fun var5 () Int)
(declare-fun var6 () Bool)
(declare-fun var7 () Bool)
(declare-fun var8 () Bool)
(assert (< var5 var4))
(assert (str.in.re var0 re.allchar))
(assert (< (str.len var1) (str.indexof var0 var2 var4)))
(assert (str.prefixof (str.replace var2 var0 var2) (str.replace var0 var2 var0)))
(check-sat)
stringfuzzx fuzz: should not produce negative numbers
Line 34 in fuzz.py can produce negative numbers.
literal.value = random.randint(-literal.value, literal.value)It was intended to be:
literal.value += random.randint(-literal.value, literal.value)@dblotsky do you mind if I fix it and push straight to master?
stringfuzzg should specify satisfiability status, if known
scripts can't be run from the base directory
The README says that the scripts can be run from the root directory of the repository with commands such as ./bin/stringfuzzg --help. When I run this command from the base directory, it prints the following error:
Traceback (most recent call last):
File "./bin/stringfuzzg", line 11, in <module>
from stringfuzz.constants import LANGUAGES, SMT_20_STRING, SMT_25_STRING
ImportError: No module named 'stringfuzz'
The same problem occurs when trying to run stringfuzzx or stringstats. Is there something special that needs to be done to set up the libraries used prior to running these scripts?
stringfuzz should be able to parse sorts properly
This includes:
()((name (Constructor Sort)))((name1 (Constructor Sort)) (name2 (Constructor Sort)))(Constructor Sort)Sort
stringfuzzg should always specify the logic
All string benchmarks should start with the line (set-logic QF_S).
stringfuzzx graft shouldn't swap with str.to.re args
Graft can cause (str.to.re (str.++ x y)). The only argument that can appear in (str.to.re) is a string constant literal.
stringfuzzx translate should not modify re.range arguments
Sometimes terms like (re.range "i" "h") are generated.
Make it a command-line flag to enable this, and have it off by default.
I'll make a PR with the other two issues as well.
stringfuzz can parse n-ary concats
They should be parsed as n-ary (where n > 1) concats, but always internally rewritten to binary concats.
stringfuzz should generate negative literals using unary negation
So, -5 generates (- 5).
stringfuzzx multiply shouldn't change arguments of re.range
Sometimes terms like (re.range "aaaa" "bbbb") are generated
I can add a command-line argument to enable this (turn it off by default). @dblotsky, do you mind if I push it straight to master?
Bandit Issue #2
Command:
stringfuzzx --file /tmp/tmpuu5r6x7i --random bandit --operator 'IndexOf2'
Input:
(set-logic QF_S)
(declare-fun var0 () String)
(declare-fun var1 () String)
(declare-fun var2 () String)
(declare-fun var3 () Int)
(declare-fun var4 () Int)
(declare-fun var5 () Int)
(declare-fun var6 () Bool)
(declare-fun var7 () Bool)
(declare-fun var8 () Bool)
(assert (> var4 var4))
(assert (< (str.indexof var0 var2 var5) (str.len var2)))
(assert (>= (str.len var0) (str.indexof var2 var2 var4)))
(assert (< (str.len var2) (str.indexof var1 var1 var3)))
(assert (not var6))
(check-sat)
stringfuzzg random-ast works
semantics change: re.all / re.allchar
An update to the SMT-LIB strings language standard has differentiated the re.all and re.allchar operators. The semantics of these operators should be handled as follows:
re.allcharis a regex term that matches any single character.re.allis a regex term that matches any string.- These two operators are distinct, have different semantics, and cannot be substituted for each other without changing the meaning of an AST (so
re.allis no longer just a different name forre.allchar).
./bin/stringfuzzg not work without installing
I run the command below in the root directory of the repository (without installing):
./bin/stringfuzzg --helpAnd I get the error:
โ stringfuzz git:(main) ./bin/stringfuzzg
Traceback (most recent call last):
File "./bin/stringfuzzg", line 11, in <module>
from stringfuzz.constants import LANGUAGES, SMT_20_STRING, SMT_25_STRING
ModuleNotFoundError: No module named 'stringfuzz'stringfuzzg should support norn as a new language
Norn only supports SMT-LIB 2.0, though its string syntax is the same as that for the "smt25" language in stringfuzz. A new language should be added that combines the "smt25" string syntax with the SMT-LIB 2.0 syntax.
stringfuzzg: command line arguments
This might be a design choice, and not a bug. Basically the order of command line arguments matters when maybe sometimes it shouldn't. For example, this works stringfuzzg --seed 1 regex, but this doesn't stringfuzzg regex --seed 1.
On the one hand this is nice because it makes it clear what is an argument to stringfuzzg and what is an argument to the specific generator. On the other hand it can be a little surprising.
Banditfuzz Branch Crashs. Three different inputs/error logs
Error 1:
echo "(set-logic QF_S) (set-logic QF_S)(declare-fun var0 () String)(declare-fun var1 () String)(declare-fun var2 () Int)(declare-fun var3 () Int)(declare-fun var4 () Bool)(declare-fun var5 () Bool)(assert (str.suffixof var1 var0))(assert (str.in.re (str.substr var0 var3 1) (re.* re.allchar)))(check-sat)" | stringfuzzx --random bandit --operator 'InRegex'
Crash:
`
Traceback (most recent call last):
File "/usr/local/bin/stringfuzzx", line 7, in
exec(compile(f.read(), file, 'exec'))
File "/mnt/c/Users/joe/Desktop/BanditFuzz/banditfuzz/stringfuzz/bin/stringfuzzx", line 259, in
main()
File "/mnt/c/Users/joe/Desktop/BanditFuzz/banditfuzz/stringfuzz/bin/stringfuzzx", line 253, in main
transformed = transformer(ast, **transformer_args)
File "/mnt/c/Users/joe/Desktop/BanditFuzz/banditfuzz/stringfuzz/stringfuzz/transformers/bandit.py", line 99, in bandit
pair = gen_pair(op, finder.target, finder.variables, depth)
File "/mnt/c/Users/joe/Desktop/BanditFuzz/banditfuzz/stringfuzz/stringfuzz/transformers/bandit.py", line 87, in gen_pair
args.append(make_random_expression(variables, s, depth))
File "/mnt/c/Users/joe/Desktop/BanditFuzz/banditfuzz/stringfuzz/stringfuzz/generators/random_ast.py", line 126, in make_random_expression
random_args = [make_random_expression(variables, arg_sort, shrunken_depth) for arg_sort in signature]
File "/mnt/c/Users/joe/Desktop/BanditFuzz/banditfuzz/stringfuzz/stringfuzz/generators/random_ast.py", line 126, in
random_args = [make_random_expression(variables, arg_sort, shrunken_depth) for arg_sort in signature]
File "/mnt/c/Users/joe/Desktop/BanditFuzz/banditfuzz/stringfuzz/stringfuzz/generators/random_ast.py", line 109, in make_random_expression
return make_random_terminal(variables, sort)
File "/mnt/c/Users/joe/Desktop/BanditFuzz/banditfuzz/stringfuzz/stringfuzz/generators/random_ast.py", line 98, in make_random_terminal
return random.choice(variables[sort])
TypeError: list indices must be integers or slices, not str
`
Error 2:
echo "(set-logic QF_S) (set-logic QF_S)(declare-fun var0 () String)(declare-fun var1 () String)(declare-fun var2 () Int)(declare-fun var3 () Int)(declare-fun var4 () Bool)(declare-fun var5 () Bool)(assert (str.suffixof var1 var1))(assert (str.prefixof var1 var0))(check-sat)" | stringfuzzx --random bandit --operator '>'
Crash:
Traceback (most recent call last): File "/usr/local/bin/stringfuzzx", line 7, in <module> exec(compile(f.read(), __file__, 'exec')) File "/mnt/c/Users/joe/Desktop/BanditFuzz/banditfuzz/stringfuzz/bin/stringfuzzx", line 259, in <module> main() File "/mnt/c/Users/joe/Desktop/BanditFuzz/banditfuzz/stringfuzz/bin/stringfuzzx", line 253, in main transformed = transformer(ast, **transformer_args) File "/mnt/c/Users/joe/Desktop/BanditFuzz/banditfuzz/stringfuzz/stringfuzz/transformers/bandit.py", line 96, in bandit finder.walk() File "/mnt/c/Users/joe/Desktop/BanditFuzz/banditfuzz/stringfuzz/stringfuzz/ast_walker.py", line 16, in walk self.walk_expression(expression, None) File "/mnt/c/Users/joe/Desktop/BanditFuzz/banditfuzz/stringfuzz/stringfuzz/ast_walker.py", line 23, in walk_expression self.enter_expression(expression, parent) File "/mnt/c/Users/joe/Desktop/BanditFuzz/banditfuzz/stringfuzz/stringfuzz/transformers/bandit.py", line 45, in enter_expression if self.op.get_symbol() == expr.get_symbol(): AttributeError: 'NoneType' object has no attribute 'get_symbol'
Error 3
echo "(set-logic QF_S) (set-logic QF_S)(declare-fun var0 () String)(declare-fun var1 () String)(declare-fun var2 () Int)(declare-fun var3 () Int)(declare-fun var4 () Bool)(declare-fun var5 () Bool)(assert (<= (str.indexof var0 "FeqdG?=_%l" 9) (str.len var1)))(assert (str.in.re (str.at "5j[^GK$1R." var3) (re.+ re.allchar)))(check-sat)" | stringfuzzx --random bandit --operator 'ReUnion'
Crash:
Traceback (most recent call last): File "/usr/local/bin/stringfuzzx", line 7, in <module> exec(compile(f.read(), __file__, 'exec')) File "/mnt/c/Users/joe/Desktop/BanditFuzz/banditfuzz/stringfuzz/bin/stringfuzzx", line 259, in <module> main() File "/mnt/c/Users/joe/Desktop/BanditFuzz/banditfuzz/stringfuzz/bin/stringfuzzx", line 229, in main ast = parse(raw_in, input_language) File "/mnt/c/Users/joe/Desktop/BanditFuzz/banditfuzz/stringfuzz/stringfuzz/parser.py", line 419, in parse return parse_tokens(scan(text, language), language, text) File "/mnt/c/Users/joe/Desktop/BanditFuzz/banditfuzz/stringfuzz/stringfuzz/scanner.py", line 261, in scan raise ScanningError('scanning error:\n{}\n {!r}...'.format(token_context, text_context)) stringfuzz.scanner.ScanningError: scanning error: IN_RE 'str.in.re' WHITESPACE ' ' LPAREN '(' AT 'str.at' WHITESPACE ' ' '5j[^GKR. var3) (re.+ re.allchar)))(check-sat)\n'...
bin/stringmerge works
stringfuzzx: unsupported regex operators
stringfuzzx fails to parse an SMT2.5 input file containing the operator re.allchar, which is supported by SMT2.5 (but not in SMT2.0).
Example input:
(set-logic QF_S)
(declare-const X String)
(assert (str.in.re X (re.* re.allchar)))
(check-sat)
(get-model)
Although the re.allchar (and re.all) operators do not exist in the SMT2.0 string standard, they are valid in SMT2.5.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.