From dcbdc00d7f3ac34fe720d8626f997eb2c5d8b3c9 Mon Sep 17 00:00:00 2001 From: bloodstalker Date: Wed, 23 Aug 2017 19:40:25 +0430 Subject: updated --- README.md | 12 ++++++------ bruiser/README.md | 6 +++++- 2 files changed, 11 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 383f729..cb083fa 100644 --- a/README.md +++ b/README.md @@ -13,8 +13,8 @@ Here's the elevator pitch: mutator is a suite of tools aimed at analysis and aut Here's a detailed list of what's currently available:
mutator-lvl0(m0) will run static checks on the source code, which at the time of writing, includes SaferCpp, Misra-c:2004 and most of MSC2012 and MSC98 rules.
Safercpp runs the automatic refactoring sets on your source code, automatically changing your code to use the SaferCpp libraries.
-mutator-lvl1 and mutator-lvl2 currently only have a few simple refactorings mostly related to code formatting.
-bruiser is an exciting yet experimental feature. You can read about the idea in bruiser's directory.
+mutator-lvl1 is an experimental tool that builds your code as a shared object library and keep it in the memory, later to be used by bruiser to dynamically link against or even run.
+bruiser is an interactive shell-like tool used to mutate the source code plus run the mutants. You can read about the idea in bruiser's directory.
mutatord, the mutator server and the client are also provided as optional features.
#### So why should I choose to use m0 over another static analysis tool? @@ -34,14 +34,14 @@ You can follow Project `mutator` on twitter, @xashmith. mutator is a suite of tools aimed at analysis and automation of C/C++ code development with thin client-server architectur written using the Clang front-end(LibTooling) as a stand-alone in C++. It consists of three(well so far) executables and a UI written in bash. You can run executables like any other CLI tool or just run them through the UI which again acts like a CLI tool. `mutator` also accepts action files that tell it what to do.

-**mutator-lvl0** will run the Misra-C checks.
-**mutator** will run the level-1 implementers and mutators.
-**mutator-lvl2** will run the level-2 implementers and mutators.
+**mutator-lvl0** or `m0` checks for a number of rules(currently mostly Misra-c) on the source code, generating two reports. The first one is mostly a Misra-c report, the second one is the nodes and their ancestries that are hot spots for mutation.
+**mutator** or `m1` will run the level-1 implementers and mutators. `m1` is deprecated.
+**mutator-lvl2** or `m2` will be repurposed into an experiment. the idea is simple. to cut down on the mutant run-time, m2 will build the original source code as a shared library object. due to ASLR(Adress Space Randomization Layout) the real difference between an executable and an `.so` is one single bit in the file header. we will keep the shared object in the memory, use it as a library to link against and even call thorugh the dynamic linker and see how much we can cut down on the execution time of the mutants.
Mutation levels have nothing to do with the order of mutants.
**mutatord** is the mutator daemon that runs the server.
**mutatorclient** is the thin client that sends commands to the server.
**safercpp-arr** is SaferCPP's automatic refactoring tool for arrays.
-**bruiser** the short explanation is that bruiser is an interactive shell that mutates code on demand, gives you insight on the code-base loaded and more. For more info read the README on bruiser's folder in project root.
+**bruiser** the short explanation is that bruiser is an interactive shell that mutates your code, gives you insight on the code-base loaded and more. For more info read the README on bruiser's folder in project root.

## How To get project mutator diff --git a/bruiser/README.md b/bruiser/README.md index 48fdafe..cd4e341 100644 --- a/bruiser/README.md +++ b/bruiser/README.md @@ -22,7 +22,11 @@ The current implementation loads all lua libraries which also includes it's `os` Also like `mutatord` and `mutatorclient`, bruiser does not need any sudo access.
### Non-blind Selective mutation? -bruiser looks at your code, learns your code and then decides how to mutate your code. That's non-blind selective mutation.
+bruiser looks at your code, learns your code and then decides how to mutate your code. That's non-blind selective mutation. now onto a real explanation:
+`m0` generates two sets of reports. one is the rules it checks on code which is for the better part, at the time of writing this very similar to Misra-c. The second report is the ancestry of the node that caused `m0` to tag a node in the first report. the second report is an experimental first attempt at narrowing down the parts of the code that would be better targets for mutation.
+The second point concerns the mutation opertors. The classical mutation operators are blind. Let me demonstrate with an example:
+Imagine we have a classical mutation operator that mutates all `+` operators to `-`. This mutation operator is blind. To put it in simple terms, it takes in text and spits out text with no regards to syntax or semantics.
+`bruiser` will not be using classical blind mutation operators.
### How? I'm going to wrire about it as soon as I get my thoughts organized. In the meantime you can look at the source code for some hints.
-- cgit v1.2.3