scripts/oss-fuzz/output_reproducer.py

*97ef5f88SAlexander Bulekov#!/usr/bin/env python3
*97ef5f88SAlexander Bulekov# -*- coding: utf-8 -*-
*97ef5f88SAlexander Bulekov
*97ef5f88SAlexander Bulekov"""
*97ef5f88SAlexander BulekovConvert plain qtest traces to C or Bash reproducers
*97ef5f88SAlexander Bulekov
*97ef5f88SAlexander BulekovUse this to help build bug-reports or create in-tree reproducers for bugs.
*97ef5f88SAlexander BulekovNote: This will not format C code for you. Pipe the output through
*97ef5f88SAlexander Bulekovclang-format -style="{BasedOnStyle: llvm, IndentWidth: 4, ColumnLimit: 90}"
*97ef5f88SAlexander Bulekovor similar
*97ef5f88SAlexander Bulekov"""
*97ef5f88SAlexander Bulekov
*97ef5f88SAlexander Bulekovimport sys
*97ef5f88SAlexander Bulekovimport os
*97ef5f88SAlexander Bulekovimport argparse
*97ef5f88SAlexander Bulekovimport textwrap
*97ef5f88SAlexander Bulekovfrom datetime import date
*97ef5f88SAlexander Bulekov
*97ef5f88SAlexander Bulekov__author__     = "Alexander Bulekov <alxndr@bu.edu>"
*97ef5f88SAlexander Bulekov__copyright__  = "Copyright (C) 2021, Red Hat, Inc."
*97ef5f88SAlexander Bulekov__license__    = "GPL version 2 or (at your option) any later version"
*97ef5f88SAlexander Bulekov
*97ef5f88SAlexander Bulekov__maintainer__ = "Alexander Bulekov"
*97ef5f88SAlexander Bulekov__email__      = "alxndr@bu.edu"
*97ef5f88SAlexander Bulekov
*97ef5f88SAlexander Bulekov
*97ef5f88SAlexander Bulekovdef c_header(owner):
*97ef5f88SAlexander Bulekov    return """/*
*97ef5f88SAlexander Bulekov * Autogenerated Fuzzer Test Case
*97ef5f88SAlexander Bulekov *
*97ef5f88SAlexander Bulekov * Copyright (c) {date} {owner}
*97ef5f88SAlexander Bulekov *
*97ef5f88SAlexander Bulekov * This work is licensed under the terms of the GNU GPL, version 2 or later.
*97ef5f88SAlexander Bulekov * See the COPYING file in the top-level directory.
*97ef5f88SAlexander Bulekov */
*97ef5f88SAlexander Bulekov
*97ef5f88SAlexander Bulekov#include "qemu/osdep.h"
*97ef5f88SAlexander Bulekov
*97ef5f88SAlexander Bulekov#include "libqos/libqtest.h"
*97ef5f88SAlexander Bulekov
*97ef5f88SAlexander Bulekov    """.format(date=date.today().year, owner=owner)
*97ef5f88SAlexander Bulekov
*97ef5f88SAlexander Bulekovdef c_comment(s):
*97ef5f88SAlexander Bulekov    """ Return a multi-line C comment. Assume the text is already wrapped """
*97ef5f88SAlexander Bulekov    return "/*\n * " + "\n * ".join(s.splitlines()) + "\n*/"
*97ef5f88SAlexander Bulekov
*97ef5f88SAlexander Bulekovdef print_c_function(s):
*97ef5f88SAlexander Bulekov    print("/* ")
*97ef5f88SAlexander Bulekov    for l in s.splitlines():
*97ef5f88SAlexander Bulekov        print(" * {}".format(l))
*97ef5f88SAlexander Bulekov
*97ef5f88SAlexander Bulekovdef bash_reproducer(path, args, trace):
*97ef5f88SAlexander Bulekov    result = '\\\n'.join(textwrap.wrap("cat << EOF | {} {}".format(path, args),
*97ef5f88SAlexander Bulekov                                       72, break_on_hyphens=False,
*97ef5f88SAlexander Bulekov                                       drop_whitespace=False))
*97ef5f88SAlexander Bulekov    for l in trace.splitlines():
*97ef5f88SAlexander Bulekov        result += "\n" + '\\\n'.join(textwrap.wrap(l,72,drop_whitespace=False))
*97ef5f88SAlexander Bulekov    result += "\nEOF"
*97ef5f88SAlexander Bulekov    return result
*97ef5f88SAlexander Bulekov
*97ef5f88SAlexander Bulekovdef c_reproducer(name, args, trace):
*97ef5f88SAlexander Bulekov    result = []
*97ef5f88SAlexander Bulekov    result.append("""static void {}(void)\n{{""".format(name))
*97ef5f88SAlexander Bulekov
*97ef5f88SAlexander Bulekov    # libqtest will add its own qtest args, so get rid of them
*97ef5f88SAlexander Bulekov    args = args.replace("-accel qtest","")
*97ef5f88SAlexander Bulekov    args = args.replace(",accel=qtest","")
*97ef5f88SAlexander Bulekov    args = args.replace("-machine accel=qtest","")
*97ef5f88SAlexander Bulekov    args = args.replace("-qtest stdio","")
*97ef5f88SAlexander Bulekov    result.append("""QTestState *s = qtest_init("{}");""".format(args))
*97ef5f88SAlexander Bulekov    for l in trace.splitlines():
*97ef5f88SAlexander Bulekov        param = l.split()
*97ef5f88SAlexander Bulekov        cmd = param[0]
*97ef5f88SAlexander Bulekov        if cmd == "write":
*97ef5f88SAlexander Bulekov            buf = param[3][2:] #Get the 0x... buffer and trim the "0x"
*97ef5f88SAlexander Bulekov            assert len(buf)%2 == 0
*97ef5f88SAlexander Bulekov            bufbytes = [buf[i:i+2] for i in range(0, len(buf), 2)]
*97ef5f88SAlexander Bulekov            bufstring = '\\x'+'\\x'.join(bufbytes)
*97ef5f88SAlexander Bulekov            addr = param[1]
*97ef5f88SAlexander Bulekov            size = param[2]
*97ef5f88SAlexander Bulekov            result.append("""qtest_bufwrite(s, {}, "{}", {});""".format(
*97ef5f88SAlexander Bulekov                          addr, bufstring, size))
*97ef5f88SAlexander Bulekov        elif cmd.startswith("in") or cmd.startswith("read"):
*97ef5f88SAlexander Bulekov            result.append("qtest_{}(s, {});".format(
*97ef5f88SAlexander Bulekov                          cmd, param[1]))
*97ef5f88SAlexander Bulekov        elif cmd.startswith("out") or cmd.startswith("write"):
*97ef5f88SAlexander Bulekov            result.append("qtest_{}(s, {}, {});".format(
*97ef5f88SAlexander Bulekov                          cmd, param[1], param[2]))
*97ef5f88SAlexander Bulekov        elif cmd == "clock_step":
*97ef5f88SAlexander Bulekov            if len(param) ==1:
*97ef5f88SAlexander Bulekov                result.append("qtest_clock_step_next(s);")
*97ef5f88SAlexander Bulekov            else:
*97ef5f88SAlexander Bulekov                result.append("qtest_clock_step(s, {});".format(param[1]))
*97ef5f88SAlexander Bulekov    result.append("qtest_quit(s);\n}")
*97ef5f88SAlexander Bulekov    return "\n".join(result)
*97ef5f88SAlexander Bulekov
*97ef5f88SAlexander Bulekovdef c_main(name, arch):
*97ef5f88SAlexander Bulekov    return """int main(int argc, char **argv)
*97ef5f88SAlexander Bulekov{{
*97ef5f88SAlexander Bulekov    const char *arch = qtest_get_arch();
*97ef5f88SAlexander Bulekov
*97ef5f88SAlexander Bulekov    g_test_init(&argc, &argv, NULL);
*97ef5f88SAlexander Bulekov
*97ef5f88SAlexander Bulekov   if (strcmp(arch, "{arch}") == 0) {{
*97ef5f88SAlexander Bulekov        qtest_add_func("fuzz/{name}",{name});
*97ef5f88SAlexander Bulekov   }}
*97ef5f88SAlexander Bulekov
*97ef5f88SAlexander Bulekov   return g_test_run();
*97ef5f88SAlexander Bulekov}}""".format(name=name, arch=arch)
*97ef5f88SAlexander Bulekov
*97ef5f88SAlexander Bulekovdef main():
*97ef5f88SAlexander Bulekov    parser = argparse.ArgumentParser()
*97ef5f88SAlexander Bulekov    group = parser.add_mutually_exclusive_group()
*97ef5f88SAlexander Bulekov    group.add_argument("-bash", help="Only output a copy-pastable bash command",
*97ef5f88SAlexander Bulekov                        action="store_true")
*97ef5f88SAlexander Bulekov    group.add_argument("-c", help="Only output a c function",
*97ef5f88SAlexander Bulekov                        action="store_true")
*97ef5f88SAlexander Bulekov    parser.add_argument('-owner', help="If generating complete C source code, \
*97ef5f88SAlexander Bulekov                        this specifies the Copyright owner",
*97ef5f88SAlexander Bulekov                        nargs='?', default="<name of author>")
*97ef5f88SAlexander Bulekov    parser.add_argument("-no_comment", help="Don't include a bash reproducer \
*97ef5f88SAlexander Bulekov                        as a comment in the C reproducers",
*97ef5f88SAlexander Bulekov                        action="store_true")
*97ef5f88SAlexander Bulekov    parser.add_argument('-name', help="The name of the c function",
*97ef5f88SAlexander Bulekov                        nargs='?', default="test_fuzz")
*97ef5f88SAlexander Bulekov    parser.add_argument('input_trace', help="input QTest command sequence \
*97ef5f88SAlexander Bulekov                        (stdin by default)",
*97ef5f88SAlexander Bulekov                        nargs='?', type=argparse.FileType('r'),
*97ef5f88SAlexander Bulekov                        default=sys.stdin)
*97ef5f88SAlexander Bulekov    args = parser.parse_args()
*97ef5f88SAlexander Bulekov
*97ef5f88SAlexander Bulekov    qemu_path = os.getenv("QEMU_PATH")
*97ef5f88SAlexander Bulekov    qemu_args = os.getenv("QEMU_ARGS")
*97ef5f88SAlexander Bulekov    if not qemu_args or not qemu_path:
*97ef5f88SAlexander Bulekov        print("Please set QEMU_PATH and QEMU_ARGS environment variables")
*97ef5f88SAlexander Bulekov        sys.exit(1)
*97ef5f88SAlexander Bulekov
*97ef5f88SAlexander Bulekov    bash_args = qemu_args
*97ef5f88SAlexander Bulekov    if " -qtest stdio" not in  qemu_args:
*97ef5f88SAlexander Bulekov        bash_args += " -qtest stdio"
*97ef5f88SAlexander Bulekov
*97ef5f88SAlexander Bulekov    arch = qemu_path.split("-")[-1]
*97ef5f88SAlexander Bulekov    trace = args.input_trace.read().strip()
*97ef5f88SAlexander Bulekov
*97ef5f88SAlexander Bulekov    if args.bash :
*97ef5f88SAlexander Bulekov        print(bash_reproducer(qemu_path, bash_args, trace))
*97ef5f88SAlexander Bulekov    else:
*97ef5f88SAlexander Bulekov        output = ""
*97ef5f88SAlexander Bulekov        if not args.c:
*97ef5f88SAlexander Bulekov            output += c_header(args.owner) + "\n"
*97ef5f88SAlexander Bulekov        if not args.no_comment:
*97ef5f88SAlexander Bulekov            output += c_comment(bash_reproducer(qemu_path, bash_args, trace))
*97ef5f88SAlexander Bulekov        output += c_reproducer(args.name, qemu_args, trace)
*97ef5f88SAlexander Bulekov        if not args.c:
*97ef5f88SAlexander Bulekov            output += c_main(args.name, arch)
*97ef5f88SAlexander Bulekov        print(output)
*97ef5f88SAlexander Bulekov
*97ef5f88SAlexander Bulekov
*97ef5f88SAlexander Bulekovif __name__ == '__main__':
*97ef5f88SAlexander Bulekov    main()