/*
* Generate and munge a 64bit number.
*/
u64 rand64(void)
{
unsigned long r = 0;
if (rand_bool()) {
/* 32-bit ranges. */
r = rand32();
} else {
/* 33:64-bit ranges. */
switch (rand() % 7) {
case 0: r = rand_single_bit(64);
break;
case 1: r = randbits(64);
break;
case 2: r = rand32() | rand32() << 31;
break;
case 3: r = taviso();
break;
case 4: r = rand8x8();
break;
case 5: r = rept8(8);
break;
/* Sometimes pick a not-so-random number. */
case 6: return get_interesting_value();
}
/* limit the size */
switch (rand() % 4) {
case 0: r &= 0x000000ffffffffffULL;
break;
case 1: r &= 0x0000ffffffffffffULL;
break;
case 2: r &= 0x00ffffffffffffffULL;
break;
}
}
/* Sometimes invert the generated number. */
if (rand_bool())
r = ~r;
/* increase distribution in MSB */
if ((rand() % 10)) {
unsigned int i;
unsigned int rounds;
rounds = rand() % 4;
for (i = 0; i < rounds; i++)
r |= (1UL << ((__WORDSIZE - 1) - (rand() % 8)));
}
/* randomly flip sign bit. */
if (rand_bool())
r |= (1UL << (__WORDSIZE - 1));
return r;
}
/*
* Generate, and munge a 32bit number.
*/
unsigned int rand32(void)
{
unsigned long r = 0;
r = __rand32();
if (rand_bool()) {
unsigned int i;
unsigned int rounds;
/* mangle it. */
rounds = rand() % 3;
for (i = 0; i < rounds; i++) {
if (rand_bool())
r |= __rand32();
else
r ^= __rand32();
}
}
/* Sometimes deduct it from INT_MAX */
if (rand_bool())
r = INT_MAX - r;
/* Sometimes flip sign */
if (rand_bool())
r |= (1L << 31);
/* we might get lucky if something is counting ints/longs etc. */
if (rand() % 100 < 25) {
int _div = 1 << rand_range(1, 4); /* 2,4,8 or 16 */
r /= _div;
}
/* limit the size */
switch (rand() % 5) {
case 0: r &= 0xff;
break;
case 1: r &= 0xffff;
break;
case 2: r &= PAGE_MASK;
break;
case 3: r &= 0xffffff;
break;
case 4: // do nothing
break;
}
return r;
}
static void sanitise_splice(int childno)
{
if ((rand() % 10) < 3)
return;
if (rand_bool()) {
shm->a1[childno] = shm->pipe_fds[rand() % MAX_PIPE_FDS];
shm->a2[childno] = 0;
}
if (rand_bool()) {
shm->a3[childno] = shm->pipe_fds[rand() % MAX_PIPE_FDS];
shm->a4[childno] = 0;
}
}
static int open_testfile(char *filename)
{
int fd;
/* file might be around from an earlier run, nuke it. */
(void) unlink(filename);
if (rand_bool()) {
fd = open_with_fopen(filename, O_RDWR);
if (fd != -1)
output(2, "fd[%d] = fopen(\"%s\", O_RDWR)\n", fd, filename);
fcntl(fd, F_SETFL, random_fcntl_setfl_flags());
} else {
const unsigned long open_flags[] = { O_DIRECT, O_DSYNC, O_SYNC, };
int flags = 0;
flags = set_rand_bitmask(ARRAY_SIZE(open_flags), open_flags);;
fd = open(filename, O_CREAT | flags, 0666);
if (fd != -1)
output(2, "fd[%d] = open(\"%s\", flags:%x)\n", fd, filename, flags); //TODO: decode flags
}
return fd;
}
unsigned long get_interesting_value(void)
{
#if __WORDSIZE == 32
return get_interesting_32bit_value();
#else
unsigned long low = 0;
if (rand_bool())
low = get_interesting_32bit_value();
switch (rand() % 13) {
case 0: return 0;
case 1: return low;
case 2: return 0x0000000100000000UL | low;
case 3: return 0x7fffffff00000000UL | low;
case 4: return 0x8000000000000000UL | low;
case 5: return 0xffffffff00000000UL | low;
case 6: return 0xffffffffffffff00UL | (rand() % 256);
case 7: return 0xffffffffffffffffUL - page_size;
case 8: return PAGE_OFFSET | (low << 4);
case 9: return KERNEL_ADDR | (low & 0xffffff);
case 10: return MODULE_ADDR | (low & 0xffffff);
case 11: return per_arch_interesting_addr(low);
case 12: return (low << 32);
}
return low; // unreachable, but gcc is dumb.
#endif /* __WORDSIZE */
}
static void sanitise_write(struct syscallrecord *rec)
{
if (rand_bool())
rec->a3 = 1;
else
rec->a3 = rand() % page_size;
}
void rough_up(Level *lvl) {
unsigned x, y;
/* Sanitize our input: */
for(x=0; x<lvl->width * lvl->height; x++)
lvl->array[x] = !!lvl->array[x];
/* Mark all spots that are blank, but next to spots that are marked: */
for(x=0; x<lvl->width; x++) {
for(y=0; y<lvl->height; y++) {
unsigned t = 0;
if(lvl->array[y*lvl->width + x]) continue;
t += (x!=0 ) && lvl->array[y*lvl->width + x - 1] == 1;
t += (x!=lvl->width-1 ) && lvl->array[y*lvl->width + x + 1] == 1;
t += (y!=0 ) && lvl->array[(y-1)*lvl->width + x] == 1;
t += (y!=lvl->height-1) && lvl->array[(y+1)*lvl->width + x] == 1;
if(t) lvl->array[y*lvl->width + x] = 2;
}
}
/* For every marked spot, randomly fill it: */
for(x=0; x<lvl->width * lvl->height; x++)
if(lvl->array[x] == 2)
lvl->array[x] = rand_bool(500);
}
static void fabricate_onepage_struct(char *page)
{
unsigned int i;
for (i = 0; i < page_size; ) {
void **ptr;
ptr = (void*) &page[i];
/* 4 byte (32bit) 8 byte (64bit) alignment */
if (i & ~((__WORDSIZE / 8) - 1)) {
unsigned long val;
i += sizeof(unsigned long);
if (i > page_size)
return;
if (rand_bool())
val = rand64();
else
val = (unsigned long) get_address();
*(unsigned long *)ptr = val;
} else {
/* int alignment */
i += sizeof(unsigned int);
if (i > page_size)
return;
*(unsigned int *)ptr = rand32();
}
}
}
static unsigned long handle_arg_address(struct syscallrecord *rec, unsigned int argnum)
{
unsigned long addr = 0;
if (argnum == 1)
return (unsigned long) get_address();
if (rand_bool())
return (unsigned long) get_address();
/* Half the time, we look to see if earlier args were also ARG_ADDRESS,
* and munge that instead of returning a new one from get_address() */
addr = find_previous_arg_address(rec, argnum);
switch (rand() % 4) {
case 0: break; /* return unmodified */
case 1: addr++;
break;
case 2: addr+= sizeof(int);
break;
case 3: addr+= sizeof(long);
break;
}
return addr;
}
void phonet_rand_socket(struct socket_triplet *st)
{
st->protocol = 0;
if (rand_bool())
st->type = SOCK_DGRAM;
else
st->type = SOCK_SEQPACKET;
}
void llc_rand_socket(struct socket_triplet *st)
{
st->protocol = rand() % PROTO_MAX;
if (rand_bool())
st->type = SOCK_STREAM;
else
st->type = SOCK_DGRAM;
}
void caif_rand_socket(struct socket_triplet *st)
{
st->protocol = rand() % _CAIFPROTO_MAX;
if (rand_bool())
st->type = SOCK_SEQPACKET;
else
st->type = SOCK_STREAM;
}
static void ioctl_mangle_arg(struct syscallrecord *rec)
{
/* the argument could mean anything, because ioctl sucks like that. */
if (rand_bool())
rec->a3 = rand32();
else
rec->a3 = (unsigned long) get_non_null_address();
}
void netlink_rand_socket(struct socket_triplet *st)
{
if (rand_bool())
st->type = SOCK_RAW;
else
st->type = SOCK_DGRAM;
st->protocol = rand() % (_NETLINK_MAX + 1);
}
void netlink_rand_socket(struct socket_triplet *st)
{
if (rand_bool())
st->type = SOCK_RAW;
else
st->type = SOCK_DGRAM;
st->protocol = rand() % (NETLINK_CRYPTO + 1); // Current highest netlink socket.
}
unsigned int rand32(void)
{
unsigned long r = 0;
r = __rand32();
if (rand_bool()) {
unsigned int i;
unsigned int rounds;
/* mangle it. */
rounds = rand() % 3;
for (i = 0; i < rounds; i++) {
switch (rand_bool()) {
case 0: r |= __rand32();
break;
case 1: r ^= __rand32();
break;
default:
break;
}
}
}
if (rand_bool())
r = INT_MAX - r;
if (rand_bool())
r |= (1L << 31);
/* limit the size */
switch (rand() % 4) {
case 0: r &= 0xff;
break;
case 1: r &= 0xffff;
break;
case 2: r &= 0xffffff;
break;
default:
break;
}
return r;
}
void decnet_rand_socket(struct socket_triplet *st)
{
if (rand_bool()) {
st->type = SOCK_SEQPACKET;
st->protocol = DNPROTO_NSP;
} else {
st->type = SOCK_STREAM;
st->protocol = rand() % PROTO_MAX;
}
}
static void sanitise_mlockall(int childno)
{
if (shm->a1[childno] != 0)
return;
if (rand_bool())
shm->a1[childno] = MCL_CURRENT;
else
shm->a1[childno] = MCL_FUTURE;
}
static int open_socket(unsigned int domain, unsigned int type, unsigned int protocol)
{
int fd;
__unused__ int ret;
struct sockaddr *sa = NULL;
socklen_t salen;
struct sockopt so = { 0, 0, 0, 0 };
fd = socket(domain, type, protocol);
if (fd == -1)
return fd;
shm->sockets[nr_sockets].fd = fd;
shm->sockets[nr_sockets].triplet.family = domain;
shm->sockets[nr_sockets].triplet.type = type;
shm->sockets[nr_sockets].triplet.protocol = protocol;
output(2, "fd[%i] = domain:%i (%s) type:0x%x protocol:%i\n",
fd, domain, get_proto_name(domain), type, protocol);
/* Set some random socket options. */
sso_socket(&shm->sockets[nr_sockets].triplet, &so, fd);
nr_sockets++;
/* Sometimes, listen on created sockets. */
if (rand_bool()) {
/* fake a sockaddr. */
generate_sockaddr((struct sockaddr **) &sa, (socklen_t *) &salen, domain);
ret = bind(fd, sa, salen);
/* if (ret == -1)
debugf("bind: %s\n", strerror(errno));
else
debugf("bind: success!\n");
*/
ret = listen(fd, (rand() % 2) + 1);
/* if (ret == -1)
debugf("listen: %s\n", strerror(errno));
else
debugf("listen: success!\n");
*/
}
/* If we didn't have a function for this sockaddr type, we would
* have returned page_rand, so don't free() it or we segv. */
if (sa == (struct sockaddr *) page_rand)
return fd;
if (sa != NULL)
free(sa);
return fd;
}
void inet_rand_socket(struct socket_triplet *st)
{
switch (rand() % 4) {
case 0: st->type = SOCK_STREAM; // TCP/SCTP
switch (rand() % 3) {
case 0:
st->protocol = 0;
break;
case 1:
st->protocol = IPPROTO_TCP;
break;
case 2:
st->protocol = IPPROTO_SCTP;
break;
default:
break;
}
break;
case 1: st->type = SOCK_DGRAM; // UDP
if (rand_bool())
st->protocol = 0;
else
st->protocol = IPPROTO_UDP;
break;
case 2: st->type = SOCK_SEQPACKET; // SCTP
if (rand_bool())
st->protocol = 0;
else
st->protocol = IPPROTO_SCTP;
break;
case 3: st->type = SOCK_RAW;
st->protocol = rand() % PROTO_MAX;
break;
default:
break;
}
}
static void dirty_every_other_page(struct map *map)
{
char *p = map->ptr;
unsigned int i, nr, first;
nr = nr_pages(map);
first = rand_bool();
for (i = first; i < nr; i+=2)
p[i * page_size] = rand();
}
const char * generate_pathname(void)
{
const char *pathname = get_filename();
char *newpath;
unsigned int len;
if (pathname == NULL) /* handle -n correctly. */
return NULL;
/* 90% chance of returning an unmangled filename */
if ((rand() % 100) < 90)
return pathname;
/* Create a bogus filename. */
newpath = zmalloc(MAX_PATH_LEN); // FIXME: We leak this.
len = strlen(pathname);
if (rand_bool())
(void) strncpy(newpath, pathname, len);
else {
if (len < MAX_PATH_LEN - 2) {
/* make it look relative to cwd */
newpath[0] = '.';
newpath[1] = '/';
(void) strncpy(newpath + 2, pathname, len);
}
}
/* 50/50 chance of making it look like a dir */
if (rand_bool()) {
if (len <= MAX_PATH_LEN - 2) {
newpath[len] = '/';
newpath[len + 1] = 0;
}
}
return newpath;
}
static void read_every_other_page(struct map *map)
{
char *p = map->ptr;
unsigned int i, nr, first;
char buf[page_size];
nr = nr_pages(map);
first = rand_bool();
for (i = first; i < nr; i+=2)
memcpy(buf, p + (i * page_size), page_size);
}
/*
* If we successfully remapped a range, we need to update our record of it
* so we don't re-use the old address.
*/
static void post_mremap(struct syscallrecord *rec)
{
void *ptr = (void *) rec->retval;
if (ptr == MAP_FAILED)
return;
map->ptr = ptr;
/* Sometimes dirty the mapping first. */
if (rand_bool())
dirty_mapping(map);
}
double Model::rotateRandom(double maxAngle, double minAngle)
{
std::uniform_real_distribution<double> rand_double_min_max(minAngle, maxAngle);
double angle = rand_double_min_max(m_random);
std::uniform_int_distribution<short> rand_bool(0, 1);
bool flipSign = rand_bool(m_random);
if(flipSign)
angle = -angle;
Eigen::Vector3d axis = Eigen::Vector3d::Random();
axis.normalize();
Eigen::AngleAxis<double> aa(angle, axis);
Eigen::Quaterniond quat(aa);
for(unsigned int i = 0; i < getAmountOfVertices(); i++)
{
auto coords = getVertex(i).coords;
coords = quat * coords;
auto normal = getVertex(i).normal;
normal = quat * normal;
setVertex(i, coords, normal);
}
analyzeMesh();
return angle;
}
static void sanitise_move_pages(int childno)
{
struct map *map;
int *nodes;
unsigned long *page_alloc;
unsigned int i;
if (pagetypes == NULL)
pagetypes = zmalloc(page_size); // The implied memset(0) == NOT_SET
/* number of pages to move */
count = rand() % (page_size / sizeof(void *));
count = max(1, count);
shm->syscall[childno].a2 = count;
/* setup array of ptrs to pages to move */
page_alloc = (unsigned long *) zmalloc(page_size);
shm->scratch[childno] = (unsigned long) page_alloc;
for (i = 0; i < count; i++) {
if (rand_bool()) {
/* malloc */
page_alloc[i] = (unsigned long) memalign(page_size, page_size);
if (!page_alloc[i]) {
free_all_pageallocs(page_alloc);
return;
}
pagetypes[i] = WAS_MALLOC;
} else {
/* mapping. */
map = get_map();
page_alloc[i] = (unsigned long) map->ptr;
pagetypes[i] = WAS_MAP;
}
}
shm->syscall[childno].a3 = (unsigned long) page_alloc;
/* nodes = array of ints specifying desired location for each page */
nodes = malloc(count * sizeof(int));
for (i = 0; i < count; i++)
nodes[i] = (int) rand() % 2;
shm->syscall[childno].a4 = (unsigned long) nodes;
/* status = array of ints returning status of each page.*/
shm->syscall[childno].a5 = (unsigned long) calloc(count, sizeof(int));
/* Needs CAP_SYS_NICE */
if (getuid() != 0)
shm->syscall[childno].a6 &= ~MPOL_MF_MOVE_ALL;
}
static void autofs_sanitise(const struct ioctl_group *grp, int childno)
{
struct autofs_dev_ioctl *arg;
pick_random_ioctl(grp, childno);
shm->syscall[childno].a3 = (unsigned long) page_rand;
switch (shm->syscall[childno].a2) {
case AUTOFS_DEV_IOCTL_VERSION:
case AUTOFS_DEV_IOCTL_PROTOVER:
case AUTOFS_DEV_IOCTL_PROTOSUBVER:
case AUTOFS_DEV_IOCTL_OPENMOUNT:
case AUTOFS_DEV_IOCTL_CLOSEMOUNT:
case AUTOFS_DEV_IOCTL_READY:
case AUTOFS_DEV_IOCTL_FAIL:
case AUTOFS_DEV_IOCTL_SETPIPEFD:
case AUTOFS_DEV_IOCTL_CATATONIC:
case AUTOFS_DEV_IOCTL_TIMEOUT:
case AUTOFS_DEV_IOCTL_REQUESTER:
case AUTOFS_DEV_IOCTL_EXPIRE:
case AUTOFS_DEV_IOCTL_ASKUMOUNT:
case AUTOFS_DEV_IOCTL_ISMOUNTPOINT:
arg = (struct autofs_dev_ioctl *)shm->syscall[childno].a3;
init_autofs_dev_ioctl(arg);
arg->ioctlfd = get_random_fd();
arg->fail.token = rand();
arg->fail.status = rand();
if (rand_bool()) {
arg->size += 5;
arg->path[0] = '/';
arg->path[1] = rand();
arg->path[2] = rand();
arg->path[3] = rand();
arg->path[4] = 0;
} else {
int i;
arg->size += rand();
for (i=0; i < 10; ++i)
arg->path[i] = rand();
}
break;
default:
break;
}
}
int single_chip_path(int slot, float * path_arr){
float f_slot = (float)(slot * 1.0);
path_arr[0] = f_slot;
float pos = f_slot;
int final_row;
for(int r=1;r<=PEG_ROWS;r++){
if((pos > SLOT_MIN) && (pos < SLOT_MAX)){
pos += (rand_bool()) ? -0.5 : 0.5;
} else {
pos += (pos==SLOT_MIN) ? 0.5 : -0.5;
}
path_arr[r] = pos;
final_row = r;
}
int final_pos = (int)path_arr[final_row];
return final_pos;
}
int child_read_all_files(__unused__ int childno)
{
struct stat sb;
char *buffer;
unsigned int i;
int fd;
for (i = 0; i < files_in_index; i++) {
int ret;
const char *filename;
filename = fileindex[i];
ret = (lstat(filename, &sb));
if (ret == -1)
continue;
if (sb.st_size == 0)
sb.st_size = page_size;
buffer = malloc(sb.st_size);
if (!buffer)
continue;
memset(buffer, 0, sb.st_size);
fd = open(filename, O_RDONLY | O_NONBLOCK);
if (!fd) {
free(buffer);
continue;
}
ret = read(fd, buffer, sb.st_size);
// if (ret != -1)
// output(0, "%s:%s\n", filename, buffer);
if (rand_bool())
sleep(1);
free(buffer);
close(fd);
}
return 0;
}
void ipx_gen_sockaddr(unsigned long *addr, unsigned long *addrlen)
{
struct sockaddr_ipx *ipx;
unsigned int i;
ipx = malloc(sizeof(struct sockaddr_ipx));
if (ipx == NULL)
return;
ipx->sipx_family = PF_IPX;
ipx->sipx_port = rand();
ipx->sipx_network = rand();
for (i = 0; i < 6; i++)
ipx->sipx_node[i] = rand();
ipx->sipx_type = rand();
ipx->sipx_zero = rand_bool();
*addr = (unsigned long) ipx;
*addrlen = sizeof(struct sockaddr_ipx);
}
