Hearmen · dsmic · Feb 9, 2020 · Feb 9, 2020 · Feb 9, 2020 · Feb 9, 2020
diff --git a/SHM_TEST_get.c b/SHM_TEST_get.c
@@ -0,0 +1,68 @@
+//compile with gcc -o SHM_TEST_get SHM_TEST_get.c -lrt
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <sys/mman.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <string.h>
+#include <stdint.h>
+
+#define STORAGE_ID "/SHM_TEST"
+#define STORAGE_SIZE 0x100000
+
+struct shmem_data {
+    uint32_t num_edges;
+    unsigned char edges[];
+};
+
+
+int main(int argc, char *argv[])
+{
+	int res;
+	int fd;
+	char data[STORAGE_SIZE];
+	struct shmem_data* data1;
+	pid_t pid;
+	void *addr;
+    char* shm_key = getenv("SHM_ID");
+
+	pid = getpid();
+
+	// get shared memory file descriptor (NOT a file)
+	if (shm_key)
+        fd = shm_open(shm_key, O_RDONLY, S_IRUSR | S_IWUSR);
+    else
+        fd = shm_open(STORAGE_ID, O_RDONLY, S_IRUSR | S_IWUSR);
+
+	if (fd == -1)
+	{
+		perror("open");
+		return 10;
+	}
+
+	// map shared memory to process address space
+	addr = mmap(NULL, STORAGE_SIZE, PROT_READ, MAP_SHARED, fd, 0);
+	if (addr == MAP_FAILED)
+	{
+		perror("mmap");
+		return 30;
+	}
+
+	// place data into memory
+	//memcpy(data, addr, STORAGE_SIZE);
+	data1 = addr;
+    int counter=0;
+	//printf("Size %u\n",  (*data1).num_edges);
+	for (int i=0;i<data1->num_edges;i++) {
+		if (0 != data1->edges[i / 8] && (1 << (i % 8))) {
+            //printf("cov\n");
+            counter++;
+        }
+        //else
+        //    printf("-\n");
+    }
+    printf("SHM Edges %u :: %d / %u --> %6.2f coverage\n",(*data1).num_edges,counter,data1->num_edges,100.0 * counter / data1->num_edges );
+	return 0;
+}
diff --git a/SHM_TEST_set.c b/SHM_TEST_set.c
@@ -0,0 +1,96 @@
+// compile with 
+// gcc -o SHM_TEST_set SHM_TEST_set.c -lrt
+// run fuzzilli patched javascript engine with environmentvariable SHM_ID=/SHM_TEST
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <sys/mman.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <string.h>
+#include <signal.h>
+
+#define STORAGE_ID "/SHM_TEST"
+#define STORAGE_SIZE 0x100000
+#define DATA "Hello, World! From PID %d 0000000000000"
+
+int go_on = 1;
+void handle_sigint(int sigint) {
+    go_on = 0;
+}
+
+int main(int argc, char *argv[])
+{
+	int res;
+	int fd;
+	int len;
+	pid_t pid;
+	void *addr;
+	char data[STORAGE_SIZE];
+    char* shm_key = getenv("SHM_ID");
+    signal(SIGINT, handle_sigint);    
+    signal(SIGTERM, handle_sigint);    
+    //signal(SIGABRT, handle_sigint);    
+    //signal(SIGKILL, handle_sigint);    
+
+	pid = getpid();
+	sprintf(data, DATA, pid);
+
+	// get shared memory file descriptor (NOT a file)
+	if (shm_key)
+        fd = shm_open(shm_key, O_RDWR | O_CREAT, S_IRUSR | S_IWUSR);
+    else
+        fd = shm_open(STORAGE_ID, O_RDWR | O_CREAT, S_IRUSR | S_IWUSR);
+
+	if (fd == -1)
+	{
+		perror("open");
+		return 10;
+	}
+
+	// extend shared memory object as by default it's initialized with size 0
+	res = ftruncate(fd, STORAGE_SIZE);
+	if (res == -1)
+	{
+		perror("ftruncate");
+		return 20;
+	}
+
+	// map shared memory to process address space
+	addr = mmap(NULL, STORAGE_SIZE, PROT_WRITE, MAP_SHARED, fd, 0);
+	if (addr == MAP_FAILED)
+	{
+		perror("mmap");
+		return 30;
+	}
+
+	// place data into memory
+	len = strlen(data) + 1;
+	memcpy(addr, data, STORAGE_SIZE);
+
+	// wait for someone to read it
+	while (go_on)
+        sleep(1);
+
+	// mmap cleanup
+	res = munmap(addr, STORAGE_SIZE);
+	if (res == -1)
+	{
+		perror("munmap");
+		return 40;
+	}
+
+	// shm_open cleanup
+	if (shm_key)
+    	fd = shm_unlink(shm_key);
+    else
+    	fd = shm_unlink(STORAGE_ID);
+
+	if (fd == -1)
+	{
+		perror("unlink");
+		return 100;
+	}
+
+	return 0;
+}
diff --git a/esbuilder/jsbuilder.js b/esbuilder/jsbuilder.js
@@ -8,6 +8,11 @@ var rawValue = require('./raw');
 
 var variable = require('./variable').default;
 var reference = require('./reference');
+//require('../espath/lib/path');
+
+var ValueInfo = require('../espath/lib/path').valueinfo;
+var ValueType = require('../espath/lib/path').valuetype;
+var ValueMap = require('../espath/lib/path').valuemap;
 
 var definition = require('./definition');
 var PatternVisitor = require('./pattern-visitor').default;
@@ -1574,7 +1579,7 @@ class Builder extends esbuilder.Builder{
                 console.log(parent.object);
                 let objValuetype  = this.pathManager.acquire(parent.object)._valueType;
                 var valueinfo = this.currentValueTable().get(objValuetype.getSymIndex(0x74));
-                node.name = random.randomElement([...valueinfo.getProps().keys()]);
+                if (valueinfo) {node.name = random.randomElement([...valueinfo.getProps().keys()]);}
                 break;
             }
 
@@ -2535,4 +2540,4 @@ class Builder extends esbuilder.Builder{
 
 }
 
-exports.default = Builder;
+exports.default = Builder;
diff --git a/espath/lib/path-manager.js b/espath/lib/path-manager.js
@@ -148,8 +148,10 @@ class PathManager{
     __updateValueMap(node, path){  
         var objPath;
         objPath = this.acquire(node.object);
-        for(let prop of this.__valueTable.get(objPath._valueType.__symIndex).__props){
-            path.valueMap.set(prop[0],prop[1]);
+        if (objPath._valueType) {
+            for(let prop of this.__valueTable.get(objPath._valueType.__symIndex).__props){
+                path.valueMap.set(prop[0],prop[1]);
+            }
         }
     }
 
@@ -364,7 +366,7 @@ class PathManager{
             classType = new ValueInfo(0x0040);
             for(let method of node.body){
                 console.log(method);
-                if(/Identifier/.test(method.key.type)){
+                if(method.key && /Identifier/.test(method.key.type)){
                     classType.__props.set(method.key.name, this.acquire(method)._valueType);//this.__currentValueMap.get(property.key.name));
                 }
             }
@@ -374,7 +376,7 @@ class PathManager{
             valuetype = new ValueType(0x0040,["classType"+(this.__valueTable.size-1)]);
 
             for(let method of node.body){
-                if(/Identifier/.test(method.key.type)){
+                if(method.key && /Identifier/.test(method.key.type)){
                     this.__currentValueMap.delete(method.key.name);
                 }
             }
@@ -460,7 +462,7 @@ class PathManager{
         path = this.acquire(node); 
         calleePath = this.acquire(node.callee);
         if(path){
-            if(calleePath._valueType.getType() & 0x20){
+            if(this.__valueTable.get(calleePath._valueType.getSymIndex(0x20)) && calleePath._valueType.getType() & 0x20){
                 console.log(calleePath._valueType);
                 path.setPathValue(this.__valueTable.get(calleePath._valueType.getSymIndex(0x20)).__desc.ret);
             }else{
@@ -528,12 +530,12 @@ class PathManager{
             case "MemberExpression":
                 let objPath = this.acquire(node.left.object);
                 let propPath = this.acquire(node.left.property);
-                if(objPath._valueType.__type >= 0x0010){  // make sure obj is not a literal
+                if(objPath._valueType && objPath._valueType.__type >= 0x0010){  // make sure obj is not a literal
                     valueInfo = this.__valueTable.get(objPath._valueType.getSymIndex(0x70));
-                    if(/Identifier/.test(propPath.node.type)){
+                    if(valueInfo && /Identifier/.test(propPath.node.type)){
                         valueInfo.updateProp(propPath.node.name,right_path.getType());
                     }
-                    else if(/Literal/.test(propPath.node.type)){
+                    else if(valueInfo && /Literal/.test(propPath.node.type)){
                         // if(valueInfo.__props.has(propPath.node.value)){
                         //     valueInfo.__props.get(propPath.node.value).update(right_path._valueType);
                         // }else{
@@ -634,10 +636,10 @@ class PathManager{
         var path =   this.acquire(node); 
         var objPath = this.acquire(node.object);
         var propPath = this.acquire(node.property);
-        if(objPath._valueType.__type >= 0x10 || objPath._valueType.__type&0x0004 ){   // not a literal
+        if(objPath._valueType && (objPath._valueType.__type >= 0x10 || objPath._valueType.__type&0x0004 )){   // not a literal
             var objType = this.__valueTable.get(objPath._valueType.getSymIndex(0x74)); // get the value from valueTable
             if(/Identifier/.test(node.property.type)){  // update the value of current path
-                if(objType.hasProp(node.property.name)){
+                if(objType && objType.hasProp(node.property.name)){
                     path.setPathValue(objType.getProp(node.property.name));
                 }else{
                     //path._valueType = new ValueType();  // there is no prop in the obj 
@@ -650,9 +652,16 @@ class PathManager{
                 path.setPathValue(new ValueType(0x00ff,["anyType"]));
             }
         }
-        for(let availableType of objPath._valueType.__symIndex){
-            for(let [k, v] of this.__valueTable.get(availableType).__props){
-                this.__currentValueMap.delete(k);
+        if (objPath._valueType) {
+            for(let availableType of objPath._valueType.__symIndex){
+                //if (this.__valueTable.get(availableType)) 
+                {	
+					if (this.__valueTable.get(availableType)) {
+                    	for(let [k, v] of this.__valueTable.get(availableType).__props){
+                    	    this.__currentValueMap.delete(k);
+                    	}
+					}
+                }
             }
         }
         if(/Identifier/.test(propPath.node.type)){
@@ -744,7 +753,7 @@ class PathManager{
         let path, objPath, currentEnv;
         path = this.acquire(node);
         objPath = this.acquire(node.object);
-        if(path){
+        if(path && objPath._valueType){
             for(let availableType of objPath._valueType.__symIndex){
                 for(let [k,v] of this.__valueTable.get(availableType).__props){  // for(let [k,v] of this.__valueTable.get(availableType)){ 
                     this.__currentValueMap.delete(k);

diff --git a/espath/lib/path.js b/espath/lib/path.js
@@ -136,11 +136,13 @@ class ValueMap extends Map{
         super();
         if(src){
             for(let [k, vtype] of src){
+                if (vtype) {
                 let newType =  new ValueType(vtype.__type, vtype.__symIndex);
                 this.set(k,newType);
             }
         }
     }
+    }
 
     /**
      * 
@@ -366,10 +368,12 @@ class ValueType{
      * merge the two types
      */
     update(type){
+        if (type) {
         this.updateType(type.__type);
         if(type.__symIndex)
             this.updateSymIndex(type.__symIndex);
         else{}  // do nothing
+        }
     }
 
     setType(_type){
@@ -421,4 +425,4 @@ class ValueType{
 module.exports.path = Path;
 module.exports.valueinfo = ValueInfo;
 module.exports.valuetype = ValueType;
-module.exports.valuemap = ValueMap;
+module.exports.valuemap = ValueMap;
diff --git a/generator.js b/generator.js
@@ -246,8 +246,11 @@ TrimStackTracePath = function(){};
 `
 var preSrcAst = esprima.parse(preSrc).body;
 
+//for (var i=0;i<10;i++)
+//    testMutate();
+//return;
 
-var ast = JSON.parse(raw);
+var ast = esprima.parse(raw);
 
 ast.body = preSrcAst.concat(ast.body);
 

diff --git a/node_modules/.bin/escodegen b/node_modules/.bin/escodegen
diff --git a/node_modules/.bin/escodegen b/node_modules/.bin/escodegen
diff --git a/node_modules/.bin/esgenerate b/node_modules/.bin/esgenerate
diff --git a/node_modules/.bin/esgenerate b/node_modules/.bin/esgenerate
diff --git a/node_modules/escodegen/bin/escodegen.js b/node_modules/escodegen/bin/escodegen.js
diff --git a/node_modules/escodegen/bin/esgenerate.js b/node_modules/escodegen/bin/esgenerate.js
diff --git a/node_modules/escodegen/package.json b/node_modules/escodegen/package.json
diff --git a/page.json b/page.json