Re: [csmith-dev] Generate two slightly different files

Subject: Re: [csmith-dev] Generate two slightly different files

Date: Mon, 2 May 2016 10:37:22 -0700

Cc: Csmith Dev Mailing List <csmith-dev@flux.utah.edu>

Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc; bh=Q0YsO8aK6qeDcf1VpgrxXNB2K4inu0kewEverZMz4wU=; b=LftNNsDYzoRKodzy7lX8jsO5kexP2n3laOL7/VP2IgtA1bbm5oEpZ25shJqMPwEP/B 90LyyQZNa9PYZfqWjhEIZJ1kcdhlCmpLch9IyOYBI571MhxcAMf0HZcI9x+MolOd4dtt LsegdDeyw7SBDX81eYPgiKqCDarvqOsMjvWkglh3zAJ1y+xXo8H+IyjAPvdIJZBqXhYL LwbqVUQW7f2Fcl9VgrOZ3vTKXbG/TROXBqH7JwnE+pCKUnbTyu9qBjLPv69MNFXJCFA4 JTZzl641k4+Y04vuSe0KaKuUGXg7xLUz9YagXZt8k3NVKeEWxhDsH8m4agKkGNb4pZxc Gr4g==

In-reply-to: <4e0c95db-cc20-ac45-2112-cb005c8eb35a@cs.utah.edu>

List-archive: </listarchives/csmith-dev>

List-help: <mailto:csmith-dev-request@flux.utah.edu?subject=help>

List-id: Csmith Development Mailing List <csmith-dev.flux.utah.edu>

List-post: <mailto:csmith-dev@flux.utah.edu>

List-subscribe: <http://www.flux.utah.edu/mailman/listinfo/csmith-dev>, <mailto:csmith-dev-request@flux.utah.edu?subject=subscribe>

List-unsubscribe: <http://www.flux.utah.edu/mailman/options/csmith-dev>, <mailto:csmith-dev-request@flux.utah.edu?subject=unsubscribe>

References: <jbyfuu568xx.fsf@dokucode.de> <CAB9UgzCsjfhciQ4VZMR6KB2Pxp68aVt8Cbd4ZWDgtd_qPBW2xg@mail.gmail.com> <aca1c14f-e1e6-3e22-c674-5253518dab4a@cs.utah.edu> <jbya8k861fy.fsf@dokucode.de> <4e0c95db-cc20-ac45-2112-cb005c8eb35a@cs.utah.edu>

I think Yang Chen has experimented with the idea of tampering random number sequences generated by Csmith. What he found, IIRC, is that Csmith makes hundreds of random choices (each of them determined by a random number within a range, or a flip of true/false), if we change just one random number in the sequence, all the subsequent random numbers are affected, and the generated program looks vastly different from the original one.

I think the alteration of the random choices has to be done after, not during, the program is generated.

-Xuejun

On Mon, May 2, 2016 at 7:17 AM, John Regehr <regehr@cs.utah.edu> wrote:

Another idea that came to my mind was to manipulate the random stream
csmith uses to generate files. As I understand it correctly, csmith uses
lrand48() to generate a sequence of random numbers that are used to
construct the testcase. If filled with the same seed, the same testcase
would be build. What would happen, if I drop/replace one of these
numbers when generated the "mutant"? For example, one number that is
used relative late in the generation process:

Since you said "relatively late" I think you have already grasped the problem, which is that Csmith is a stateful generator and you can't just swap out a decision since many decisions affect all subsequent decisions.

But since the hack you describe is extremely easy you might as well try this out and see what happens, no big loss if it doesn't work.

John