dblotsky / stringfuzz Goto Github PK
View Code? Open in Web Editor NEWFuzzer and generator for string and regex problems in SMT-LIB 2.x format.
License: Other
Fuzzer and generator for string and regex problems in SMT-LIB 2.x format.
License: Other
Hello,
I am using your stringfuzz and figure out a minor issue in generating tests.
When you generate tests with double-quote character " with language SMT2.5, it seems you forget to escape it into \". I found it in folders regex-small, regex-big, and regex-deep in your benchmark at http://stringfuzz.dmitryblotsky.com/benchmarks/, for example, regex-small-00037.smt25 containing (str.to.re """").
The issue leads to an error in running CVC4 when the solver handles the test.
Hope my comment useful.
Best regards,
Diep
For convenience when generating large numbers of cases, it would be useful to generate a random seed for the user if one is not set on the command line. Currently multiple invocations of the same command and arguments generate the same output.
stringfuzzx should strip out get-model and set-info status
The IndexOf
operator, which exists in the smt20
language, cannot be converted to smt25
. Attempting to do so throws an exception stringfuzz.generator.NotSupported
.
The appropriate conversion for IndexOf
in smt25
is str.indexof
. The arguments do not need to be changed in any way, just the name of the operator.
Features:
I think this is a side effect of the parser changes.
line 100, in make_random_terms
The following won't scan. We get:
scanning error:
WHITESPACE '\n\n'
LPAREN '('
SYMBOL 'declare-const'
WHITESPACE ' '
IDENTIFIER 'p0'
'.0.action Bool)\n(assert (= p0.0.action (= "s3" actionNamespace)))\n\n(declare-const p0.0.resource Bool'...
(declare-const actionNamespace String)
(declare-const resourceAccount String)
(declare-const resourcePartition String)
(declare-const resourceRegion String)
(declare-const resourceResource String)
(declare-const resourceService String)
; Action: p0.0
(declare-const p0.0.action Bool)
(assert (= p0.0.action (= "s3" actionNamespace)))
; Resource: p0.0
(declare-const p0.0.resource Bool)
;
(assert (= p0.0.resource (and (= "aws" resourcePartition) (= "s3" resourceService) (= "" resourceRegion) (= "" resourceAccount)
; (and (str.prefixof "aaa" resourceResource) (str.suffixof s1 resourceResource) (str.prefixof "bbb" s1))
(str.in.re resourceResource (re.++ (re.++ (str.to.re "aaa") re.all) (re.++ (str.to.re "bbb") re.all)))
)))
; Statement: p0.0
(declare-const p0.0.statement.allows Bool)
(declare-const p0.0.statement.denies Bool)
(assert (= p0.0.statement.allows (and p0.0.action p0.0.resource)))
(assert (not p0.0.statement.denies))
; Policy: 0
(declare-const p0.allows Bool)
(declare-const p0.denies Bool)
(declare-const p0.neutral Bool)
(assert (= p0.allows (and (not p0.denies) p0.0.statement.allows)))
(assert (= p0.denies p0.0.statement.denies))
(assert (= p0.neutral (and (not p0.allows) (not p0.denies))))
; Action: p1.0
(declare-const p1.0.action Bool)
(assert (= p1.0.action (= "s3" actionNamespace)))
; Resource: p1.0
(declare-const p1.0.resource Bool)
(assert (= p1.0.resource (and (= "aws" resourcePartition) (= "s3" resourceService) (= "" resourceRegion) (= "" resourceAccount)
; (str.prefixof "aaabbb" resourceResource)
(str.in.re resourceResource (re.++ (str.to.re "aaabbb") re.all))
)))
; Statement: p1.0
(declare-const p1.0.statement.allows Bool)
(declare-const p1.0.statement.denies Bool)
(assert (= p1.0.statement.allows (and p1.0.action p1.0.resource)))
(assert (not p1.0.statement.denies))
; Policy: 1
(declare-const p1.allows Bool)
(declare-const p1.denies Bool)
(declare-const p1.neutral Bool)
(assert (= p1.allows (and (not p1.denies) p1.0.statement.allows)))
(assert (= p1.denies p1.0.statement.denies))
(assert (= p1.neutral (and (not p1.allows) (not p1.denies))))
(assert p0.allows)
(assert (or p1.denies p1.neutral))
(check-sat)
(get-model)
This could be related to Issue #3, but removing comments doesn't fix the problem. It might be the dots in the identifier name.
Another crash. I don't have an input, but I have the command and trace. This happened consistently for 500 jobs. Normally after 5-8 hours.
Mutated with the following command: stringfuzzx --file /tmp/tmpr_9wd6tx --random bandit --operator 'IndexOf2'
Trace:
File "/project/6001884/joescott/banditfuzz/venv/bin/stringfuzzx", line 7, in <module>
exec(compile(f.read(), __file__, 'exec'))
File "/project/6001884/joescott/banditfuzz/banditfuzz/stringfuzz/bin/stringfuzzx", line 259, in <module>
main()
File "/project/6001884/joescott/banditfuzz/banditfuzz/stringfuzz/bin/stringfuzzx", line 253, in main
transformed = transformer(ast, **transformer_args)
File "/project/6001884/joescott/banditfuzz/banditfuzz/stringfuzz/stringfuzz/transformers/bandit.py", line 129, in bandit
transformed = BanditTransformer(ast, pair).walk()
File "/project/6001884/joescott/banditfuzz/banditfuzz/stringfuzz/stringfuzz/ast_walker.py", line 16, in walk
self.walk_expression(expression, None)
File "/project/6001884/joescott/banditfuzz/banditfuzz/stringfuzz/stringfuzz/ast_walker.py", line 27, in walk_expression
self.walk_expression(sub_expression, expression)
File "/project/6001884/joescott/banditfuzz/banditfuzz/stringfuzz/stringfuzz/ast_walker.py", line 27, in walk_expression
self.walk_expression(sub_expression, expression)
File "/project/6001884/joescott/banditfuzz/banditfuzz/stringfuzz/stringfuzz/ast_walker.py", line 27, in walk_expression
self.walk_expression(sub_expression, expression)
File "/project/6001884/joescott/banditfuzz/banditfuzz/stringfuzz/stringfuzz/ast_walker.py", line 27, in walk_expression
self.walk_expression(sub_expression, expression)
File "/project/6001884/joescott/banditfuzz/banditfuzz/stringfuzz/stringfuzz/ast_walker.py", line 23, in walk_expression
self.enter_expression(expression, parent)
File "/project/6001884/joescott/banditfuzz/banditfuzz/stringfuzz/stringfuzz/transformers/bandit.py", line 31, in enter_expression
if expr.body[i] == self.pair[0]:
File "/project/6001884/joescott/banditfuzz/banditfuzz/stringfuzz/stringfuzz/ast.py", line 95, in __eq__
return repr(self) == repr(other)
File "/project/6001884/joescott/banditfuzz/banditfuzz/stringfuzz/stringfuzz/ast.py", line 244, in __repr__
return '(\'{}\' {})'.format(self.symbol, with_spaces(self.body))
File "/project/6001884/joescott/banditfuzz/banditfuzz/stringfuzz/stringfuzz/ast.py", line 90, in with_spaces
return ' '.join(map(repr, terms))
File "/project/6001884/joescott/banditfuzz/banditfuzz/stringfuzz/stringfuzz/ast.py", line 244, in __repr__
return '(\'{}\' {})'.format(self.symbol, with_spaces(self.body))
File "/project/6001884/joescott/banditfuzz/banditfuzz/stringfuzz/stringfuzz/ast.py", line 90, in with_spaces
return ' '.join(map(repr, terms))
File "/project/6001884/joescott/banditfuzz/banditfuzz/stringfuzz/stringfuzz/ast.py", line 244, in __repr__
return '(\'{}\' {})'.format(self.symbol, with_spaces(self.body))
File "/project/6001884/joescott/banditfuzz/banditfuzz/stringfuzz/stringfuzz/ast.py", line 90, in with_spaces
return ' '.join(map(repr, terms))
File "/project/6001884/joescott/banditfuzz/banditfuzz/stringfuzz/stringfuzz/ast.py", line 244, in __repr__
return '(\'{}\' {})'.format(self.symbol, with_spaces(self.body))
File "/project/6001884/joescott/banditfuzz/banditfuzz/stringfuzz/stringfuzz/ast.py", line 90, in with_spaces
return ' '.join(map(repr, terms))
File "/project/6001884/joescott/banditfuzz/banditfuzz/stringfuzz/stringfuzz/ast.py", line 244, in __repr__
return '(\'{}\' {})'.format(self.symbol, with_spaces(self.body))
File "/project/6001884/joescott/banditfuzz/banditfuzz/stringfuzz/stringfuzz/ast.py", line 90, in with_spaces
return ' '.join(map(repr, terms))
File "/project/6001884/joescott/banditfuzz/banditfuzz/stringfuzz/stringfuzz/ast.py", line 244, in __repr__
return '(\'{}\' {})'.format(self.symbol, with_spaces(self.body))
File "/project/6001884/joescott/banditfuzz/banditfuzz/stringfuzz/stringfuzz/ast.py", line 90, in with_spaces
return ' '.join(map(repr, terms))
File "/project/6001884/joescott/banditfuzz/banditfuzz/stringfuzz/stringfuzz/ast.py", line 244, in __repr__
return '(\'{}\' {})'.format(self.symbol, with_spaces(self.body))
File "/project/6001884/joescott/banditfuzz/banditfuzz/stringfuzz/stringfuzz/ast.py", line 90, in with_spaces
return ' '.join(map(repr, terms))
File "/project/6001884/joescott/banditfuzz/banditfuzz/stringfuzz/stringfuzz/ast.py", line 244, in __repr__
return '(\'{}\' {})'.format(self.symbol, with_spaces(self.body))
(this loops)
Additional sharcnet os stuff FWIW:
unhandled error warning: Can't locate Data/Dumper.pm in @INC (@INC contains: /cvmfs/soft.computecanada.ca/nix/var/nix/profiles/16.09/lib/perl5/site_perl /cvmfs/soft.computecanada.ca/nix/var/nix/profiles/16.09/lib/perl5 /cvmfs/soft.computecanada.ca/nix/var/nix/profiles/16.09/lib/perl5 /cvmfs/soft.computecanada.ca/nix/var/nix/profiles/16.09/lib/perl5/site_perl /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at ./banditfuzz/timeout/timeout line 115.
BEGIN failed--compilation aborted at ./banditfuzz/timeout/timeout line 115.
unhandled error warning: Can't locate Data/Dumper.pm in @INC (@INC contains: /cvmfs/soft.computecanada.ca/nix/var/nix/profiles/16.09/lib/perl5/site_perl /cvmfs/soft.computecanada.ca/nix/var/nix/profiles/16.09/lib/perl5 /cvmfs/soft.computecanada.ca/nix/var/nix/profiles/16.09/lib/perl5 /cvmfs/soft.computecanada.ca/nix/var/nix/profiles/16.09/lib/perl5/site_perl /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at ./banditfuzz/timeout/timeout line 115.
BEGIN failed--compilation aborted at ./banditfuzz/timeout/timeout line 115.
unhandled error warning: Can't locate Data/Dumper.pm in @INC (@INC contains: /cvmfs/soft.computecanada.ca/nix/var/nix/profiles/16.09/lib/perl5/site_perl /cvmfs/soft.computecanada.ca/nix/var/nix/profiles/16.09/lib/perl5 /cvmfs/soft.computecanada.ca/nix/var/nix/profiles/16.09/lib/perl5 /cvmfs/soft.computecanada.ca/nix/var/nix/profiles/16.09/lib/perl5/site_perl /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at ./banditfuzz/timeout/timeout line 115.
BEGIN failed--compilation aborted at ./banditfuzz/timeout/timeout line 115.
unhandled error warning: Can't locate Data/Dumper.pm in @INC (@INC contains: /cvmfs/soft.computecanada.ca/nix/var/nix/profiles/16.09/lib/perl5/site_perl /cvmfs/soft.computecanada.ca/nix/var/nix/profiles/16.09/lib/perl5 /cvmfs/soft.computecanada.ca/nix/var/nix/profiles/16.09/lib/perl5 /cvmfs/soft.computecanada.ca/nix/var/nix/profiles/16.09/lib/perl5/site_perl /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at ./banditfuzz/timeout/timeout line 115.
BEGIN failed--compilation aborted at ./banditfuzz/timeout/timeout line 115.
unhandled error warning: Can't locate Data/Dumper.pm in @INC (@INC contains: /cvmfs/soft.computecanada.ca/nix/var/nix/profiles/16.09/lib/perl5/site_perl /cvmfs/soft.computecanada.ca/nix/var/nix/profiles/16.09/lib/perl5 /cvmfs/soft.computecanada.ca/nix/var/nix/profiles/16.09/lib/perl5 /cvmfs/soft.computecanada.ca/nix/var/nix/profiles/16.09/lib/perl5/site_perl /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at ./banditfuzz/timeout/timeout line 115.
BEGIN failed--compilation aborted at ./banditfuzz/timeout/timeout line 115.
unhandled error warning: Can't locate Data/Dumper.pm in @INC (@INC contains: /cvmfs/soft.computecanada.ca/nix/var/nix/profiles/16.09/lib/perl5/site_perl /cvmfs/soft.computecanada.ca/nix/var/nix/profiles/16.09/lib/perl5 /cvmfs/soft.computecanada.ca/nix/var/nix/profiles/16.09/lib/perl5 /cvmfs/soft.computecanada.ca/nix/var/nix/profiles/16.09/lib/perl5/site_perl /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at ./banditfuzz/timeout/timeout line 115.
BEGIN failed--compilation aborted at ./banditfuzz/timeout/timeout line 115.
unhandled error warning: Can't locate Data/Dumper.pm in @INC (@INC contains: /cvmfs/soft.computecanada.ca/nix/var/nix/profiles/16.09/lib/perl5/site_perl /cvmfs/soft.computecanada.ca/nix/var/nix/profiles/16.09/lib/perl5 /cvmfs/soft.computecanada.ca/nix/var/nix/profiles/16.09/lib/perl5 /cvmfs/soft.computecanada.ca/nix/var/nix/profiles/16.09/lib/perl5/site_perl /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at ./banditfuzz/timeout/timeout line 115.
BEGIN failed--compilation aborted at ./banditfuzz/timeout/timeout line 115.
unhandled error warning: Can't locate Data/Dumper.pm in @INC (@INC contains: /cvmfs/soft.computecanada.ca/nix/var/nix/profiles/16.09/lib/perl5/site_perl /cvmfs/soft.computecanada.ca/nix/var/nix/profiles/16.09/lib/perl5 /cvmfs/soft.computecanada.ca/nix/var/nix/profiles/16.09/lib/perl5 /cvmfs/soft.computecanada.ca/nix/var/nix/profiles/16.09/lib/perl5/site_perl /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at ./banditfuzz/timeout/timeout line 115.
BEGIN failed--compilation aborted at ./banditfuzz/timeout/timeout line 115.
unhandled error warning: Can't locate Data/Dumper.pm in @INC (@INC contains: /cvmfs/soft.computecanada.ca/nix/var/nix/profiles/16.09/lib/perl5/site_perl /cvmfs/soft.computecanada.ca/nix/var/nix/profiles/16.09/lib/perl5 /cvmfs/soft.computecanada.ca/nix/var/nix/profiles/16.09/lib/perl5 /cvmfs/soft.computecanada.ca/nix/var/nix/profiles/16.09/lib/perl5/site_perl /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at ./banditfuzz/timeout/timeout line 115.
BEGIN failed--compilation aborted at ./banditfuzz/timeout/timeout line 115.
unhandled error warning: Can't locate Data/Dumper.pm in @INC (@INC contains: /cvmfs/soft.computecanada.ca/nix/var/nix/profiles/16.09/lib/perl5/site_perl /cvmfs/soft.computecanada.ca/nix/var/nix/profiles/16.09/lib/perl5 /cvmfs/soft.computecanada.ca/nix/var/nix/profiles/16.09/lib/perl5 /cvmfs/soft.computecanada.ca/nix/var/nix/profiles/16.09/lib/perl5/site_perl /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at ./banditfuzz/timeout/timeout line 115.
BEGIN failed--compilation aborted at ./banditfuzz/timeout/timeout line 115.
Converting the following input from SMT2.5 to SMT2.0 with stringfuzzx results in a scanning error:
(set-logic QF_S)
(declare-const X String)
(declare-const Y String)
(assert (= "abc" (str.++ X Y)))
(check-sat)
;(get-model)
Removing the semicolon on the last line (which starts a line comment) results in the expected output being displayed. Has support been added in the grammar for comments in input files?
Command:
stringfuzzx --file /tmp/tmpup689xdy --random bandit --operator 'IndexOf2'
Input:
(set-logic QF_S)
(declare-fun var0 () String)
(declare-fun var1 () String)
(declare-fun var2 () String)
(declare-fun var3 () Int)
(declare-fun var4 () Int)
(declare-fun var5 () Int)
(declare-fun var6 () Bool)
(declare-fun var7 () Bool)
(declare-fun var8 () Bool)
(assert (< var5 var4))
(assert (str.in.re var0 re.allchar))
(assert (< (str.len var1) (str.indexof var0 var2 var4)))
(assert (str.prefixof (str.replace var2 var0 var2) (str.replace var0 var2 var0)))
(check-sat)
Line 34 in fuzz.py can produce negative numbers.
literal.value = random.randint(-literal.value, literal.value)
It was intended to be:
literal.value += random.randint(-literal.value, literal.value)
@dblotsky do you mind if I fix it and push straight to master?
The README says that the scripts can be run from the root directory of the repository with commands such as ./bin/stringfuzzg --help
. When I run this command from the base directory, it prints the following error:
Traceback (most recent call last):
File "./bin/stringfuzzg", line 11, in <module>
from stringfuzz.constants import LANGUAGES, SMT_20_STRING, SMT_25_STRING
ImportError: No module named 'stringfuzz'
The same problem occurs when trying to run stringfuzzx
or stringstats
. Is there something special that needs to be done to set up the libraries used prior to running these scripts?
This includes:
()
((name (Constructor Sort)))
((name1 (Constructor Sort)) (name2 (Constructor Sort)))
(Constructor Sort)
Sort
All string benchmarks should start with the line (set-logic QF_S).
Graft can cause (str.to.re (str.++ x y)). The only argument that can appear in (str.to.re) is a string constant literal.
Sometimes terms like (re.range "i" "h") are generated.
Make it a command-line flag to enable this, and have it off by default.
I'll make a PR with the other two issues as well.
They should be parsed as n-ary (where n > 1) concats, but always internally rewritten to binary concats.
So, -5
generates (- 5)
.
Sometimes terms like (re.range "aaaa" "bbbb") are generated
I can add a command-line argument to enable this (turn it off by default). @dblotsky, do you mind if I push it straight to master?
Command:
stringfuzzx --file /tmp/tmpuu5r6x7i --random bandit --operator 'IndexOf2'
Input:
(set-logic QF_S)
(declare-fun var0 () String)
(declare-fun var1 () String)
(declare-fun var2 () String)
(declare-fun var3 () Int)
(declare-fun var4 () Int)
(declare-fun var5 () Int)
(declare-fun var6 () Bool)
(declare-fun var7 () Bool)
(declare-fun var8 () Bool)
(assert (> var4 var4))
(assert (< (str.indexof var0 var2 var5) (str.len var2)))
(assert (>= (str.len var0) (str.indexof var2 var2 var4)))
(assert (< (str.len var2) (str.indexof var1 var1 var3)))
(assert (not var6))
(check-sat)
An update to the SMT-LIB strings language standard has differentiated the re.all
and re.allchar
operators. The semantics of these operators should be handled as follows:
re.allchar
is a regex term that matches any single character.re.all
is a regex term that matches any string.re.all
is no longer just a different name for re.allchar
).I run the command below in the root directory of the repository (without installing):
./bin/stringfuzzg --help
And I get the error:
โ stringfuzz git:(main) ./bin/stringfuzzg
Traceback (most recent call last):
File "./bin/stringfuzzg", line 11, in <module>
from stringfuzz.constants import LANGUAGES, SMT_20_STRING, SMT_25_STRING
ModuleNotFoundError: No module named 'stringfuzz'
Norn only supports SMT-LIB 2.0, though its string syntax is the same as that for the "smt25" language in stringfuzz. A new language should be added that combines the "smt25" string syntax with the SMT-LIB 2.0 syntax.
This might be a design choice, and not a bug. Basically the order of command line arguments matters when maybe sometimes it shouldn't. For example, this works stringfuzzg --seed 1 regex
, but this doesn't stringfuzzg regex --seed 1
.
On the one hand this is nice because it makes it clear what is an argument to stringfuzzg and what is an argument to the specific generator. On the other hand it can be a little surprising.
Error 1:
echo "(set-logic QF_S) (set-logic QF_S)(declare-fun var0 () String)(declare-fun var1 () String)(declare-fun var2 () Int)(declare-fun var3 () Int)(declare-fun var4 () Bool)(declare-fun var5 () Bool)(assert (str.suffixof var1 var0))(assert (str.in.re (str.substr var0 var3 1) (re.* re.allchar)))(check-sat)" | stringfuzzx --random bandit --operator 'InRegex'
Crash:
`
Traceback (most recent call last):
File "/usr/local/bin/stringfuzzx", line 7, in
exec(compile(f.read(), file, 'exec'))
File "/mnt/c/Users/joe/Desktop/BanditFuzz/banditfuzz/stringfuzz/bin/stringfuzzx", line 259, in
main()
File "/mnt/c/Users/joe/Desktop/BanditFuzz/banditfuzz/stringfuzz/bin/stringfuzzx", line 253, in main
transformed = transformer(ast, **transformer_args)
File "/mnt/c/Users/joe/Desktop/BanditFuzz/banditfuzz/stringfuzz/stringfuzz/transformers/bandit.py", line 99, in bandit
pair = gen_pair(op, finder.target, finder.variables, depth)
File "/mnt/c/Users/joe/Desktop/BanditFuzz/banditfuzz/stringfuzz/stringfuzz/transformers/bandit.py", line 87, in gen_pair
args.append(make_random_expression(variables, s, depth))
File "/mnt/c/Users/joe/Desktop/BanditFuzz/banditfuzz/stringfuzz/stringfuzz/generators/random_ast.py", line 126, in make_random_expression
random_args = [make_random_expression(variables, arg_sort, shrunken_depth) for arg_sort in signature]
File "/mnt/c/Users/joe/Desktop/BanditFuzz/banditfuzz/stringfuzz/stringfuzz/generators/random_ast.py", line 126, in
random_args = [make_random_expression(variables, arg_sort, shrunken_depth) for arg_sort in signature]
File "/mnt/c/Users/joe/Desktop/BanditFuzz/banditfuzz/stringfuzz/stringfuzz/generators/random_ast.py", line 109, in make_random_expression
return make_random_terminal(variables, sort)
File "/mnt/c/Users/joe/Desktop/BanditFuzz/banditfuzz/stringfuzz/stringfuzz/generators/random_ast.py", line 98, in make_random_terminal
return random.choice(variables[sort])
TypeError: list indices must be integers or slices, not str
`
Error 2:
echo "(set-logic QF_S) (set-logic QF_S)(declare-fun var0 () String)(declare-fun var1 () String)(declare-fun var2 () Int)(declare-fun var3 () Int)(declare-fun var4 () Bool)(declare-fun var5 () Bool)(assert (str.suffixof var1 var1))(assert (str.prefixof var1 var0))(check-sat)" | stringfuzzx --random bandit --operator '>'
Crash:
Traceback (most recent call last): File "/usr/local/bin/stringfuzzx", line 7, in <module> exec(compile(f.read(), __file__, 'exec')) File "/mnt/c/Users/joe/Desktop/BanditFuzz/banditfuzz/stringfuzz/bin/stringfuzzx", line 259, in <module> main() File "/mnt/c/Users/joe/Desktop/BanditFuzz/banditfuzz/stringfuzz/bin/stringfuzzx", line 253, in main transformed = transformer(ast, **transformer_args) File "/mnt/c/Users/joe/Desktop/BanditFuzz/banditfuzz/stringfuzz/stringfuzz/transformers/bandit.py", line 96, in bandit finder.walk() File "/mnt/c/Users/joe/Desktop/BanditFuzz/banditfuzz/stringfuzz/stringfuzz/ast_walker.py", line 16, in walk self.walk_expression(expression, None) File "/mnt/c/Users/joe/Desktop/BanditFuzz/banditfuzz/stringfuzz/stringfuzz/ast_walker.py", line 23, in walk_expression self.enter_expression(expression, parent) File "/mnt/c/Users/joe/Desktop/BanditFuzz/banditfuzz/stringfuzz/stringfuzz/transformers/bandit.py", line 45, in enter_expression if self.op.get_symbol() == expr.get_symbol(): AttributeError: 'NoneType' object has no attribute 'get_symbol'
Error 3
echo "(set-logic QF_S) (set-logic QF_S)(declare-fun var0 () String)(declare-fun var1 () String)(declare-fun var2 () Int)(declare-fun var3 () Int)(declare-fun var4 () Bool)(declare-fun var5 () Bool)(assert (<= (str.indexof var0 "FeqdG?=_%l" 9) (str.len var1)))(assert (str.in.re (str.at "5j[^GK$1R." var3) (re.+ re.allchar)))(check-sat)" | stringfuzzx --random bandit --operator 'ReUnion'
Crash:
Traceback (most recent call last): File "/usr/local/bin/stringfuzzx", line 7, in <module> exec(compile(f.read(), __file__, 'exec')) File "/mnt/c/Users/joe/Desktop/BanditFuzz/banditfuzz/stringfuzz/bin/stringfuzzx", line 259, in <module> main() File "/mnt/c/Users/joe/Desktop/BanditFuzz/banditfuzz/stringfuzz/bin/stringfuzzx", line 229, in main ast = parse(raw_in, input_language) File "/mnt/c/Users/joe/Desktop/BanditFuzz/banditfuzz/stringfuzz/stringfuzz/parser.py", line 419, in parse return parse_tokens(scan(text, language), language, text) File "/mnt/c/Users/joe/Desktop/BanditFuzz/banditfuzz/stringfuzz/stringfuzz/scanner.py", line 261, in scan raise ScanningError('scanning error:\n{}\n {!r}...'.format(token_context, text_context)) stringfuzz.scanner.ScanningError: scanning error: IN_RE 'str.in.re' WHITESPACE ' ' LPAREN '(' AT 'str.at' WHITESPACE ' ' '5j[^GKR. var3) (re.+ re.allchar)))(check-sat)\n'...
stringfuzzx fails to parse an SMT2.5 input file containing the operator re.allchar
, which is supported by SMT2.5 (but not in SMT2.0).
Example input:
(set-logic QF_S)
(declare-const X String)
(assert (str.in.re X (re.* re.allchar)))
(check-sat)
(get-model)
Although the re.allchar
(and re.all
) operators do not exist in the SMT2.0 string standard, they are valid in SMT2.5.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.