Skip to content

Instantly share code, notes, and snippets.

Avatar

Brendan Dolan-Gavitt moyix

View GitHub Profile
@moyix
moyix / top_fp_all.txt
Last active Sep 27, 2022
Floating point (SSE/SSE2) instruction usage rates among projects in oss-fuzz
View top_fp_all.txt
Total instructions: 48093488942
Total SSE instructions: 100105422
Total XMM instructions: 877832653
Totals by sanitizer:
ASAN: SSE: 39197160, XMM: 308790743
MSAN: SSE: 29922931, XMM: 342062480
UBSAN: SSE: 30985331, XMM: 226979430
All projects per sanitizer, sorted by percent of SSE instructions:
ASAN: SSE Instr / Total = Pct ↓ Wilson
simd : 1122000 / 63479115 = 1.77 % ( 1.76 %)
View 00_README.md

The ffast and the Furious

This is a small and admittedly contrived demo showing how some weird but safe code could become vulnerable if run in an environment where some shared library has changed the FPU's FTZ/DAZ bits to force denormals to zero.

To run it:

# Create an empty file
$ touch gofast.c      
@moyix
moyix / setup.py
Created Sep 5, 2022
Setup.py for jump2db, which drops a bunch of stuff into $HOME
View setup.py
#===============================================================
#
#
#===============================================================
import shutil
from setuptools import find_packages, setup
from os.path import exists,join,relpath
import os
import stat
@moyix
moyix / ensure_fpu.py
Last active Sep 22, 2022
Some handy utils for messing with MXCSR (x86-64 SSE FPU control register)
View ensure_fpu.py
#!/usr/bin/env python
import sys, os
import platform
import ctypes as ct
import mmap
from enum import Enum
import importlib
import functools
import errno
View wheel_metadata.py
import sys
import os
import re
import json
import zipfile
from collections import defaultdict, namedtuple
from collections.abc import Mapping
from email.parser import HeaderParser
from email.policy import compat32
from base64 import urlsafe_b64decode
View extract_and_scan.py
#!/usr/bin/env python
import os
import sys
import subprocess as sp
import tempfile
import hashlib
script_dir = os.path.dirname(os.path.realpath(__file__))
sys.path.append(script_dir)
from fast_check_for_ffast_math import check_file
@moyix
moyix / fast_check_for_ffast_math.py
Created Sep 2, 2022
A faster check to see if a binary has a constructor that enables FTZ/DAZ that just does byte matching
View fast_check_for_ffast_math.py
import sys
import mmap
from elftools.elf.elffile import ELFFile, ELFError
import struct
set_fast_math_code = bytes.fromhex('0fae5c24fc814c24fc408000000fae5424fcc3')
def load_bytes_from_elf(bindata, elf, vaddr, size):
try:
paddr = next(iter(elf.address_offsets(vaddr)))
View xla_constructors.txt
$ objdump -s -j .init_array ./jaxlib/xla_extension.so | sed -e '1,/Contents/ d' | cut -c 10-44 | xxd -r -p | od -A none -w8 -t x8 --endian=little | addr2line -a -f -e ./jaxlib/xla_extension.so | paste -sd ' \n' | c++filt
0x000000000084c5e0 __cpu_indicator_init /dt9-src/libgcc/config/i386/cpuinfo.c:434
0x000000000084ca20 frame_dummy crtstuff.c:?
0x000000000079c440 _GLOBAL__sub_I_xla.cc xla.cc:?
0x000000000079c540 _GLOBAL__sub_I_dlpack.cc dlpack.cc:?
0x000000000079c5f0 _GLOBAL__sub_I_mlir.cc mlir.cc:?
0x000000000079c620 _GLOBAL__sub_I_ops.cc ops.cc:?
0x000000000079c650 _GLOBAL__sub_I_approx_topk.cc approx_topk.cc:?
0x000000000079c680 _GLOBAL__sub_I_approx_topk_shape.cc approx_topk_shape.cc:?
0x000000000079c6b0 _GLOBAL__sub_I_lu_decomposition.cc lu_decomposition.cc:?
@moyix
moyix / check_for_ffast_math.py
Last active Sep 27, 2022
Hacky script to check for the set_fast_math constructor in an executable/shared library using objdump
View check_for_ffast_math.py
#!/usr/bin/env python
import subprocess
import re
import sys
def get_init_array(filename):
# Call objdump -s -j .init_array <filename> to get the contents of the .init_array section
try:
objdump_output = subprocess.check_output(['objdump', '-s', '-j', '.init_array', filename], stderr=subprocess.STDOUT)
@moyix
moyix / 00_output.txt
Created Aug 30, 2022
Demo of extending a rotary position embedding model to a longer context than it was trained on
View 00_output.txt
(sfcodegen) moyix@isabella:~$ python load_codegen_with_longer_context.py
vocab_file vocab.json
merges_file merges.txt
tokenizer_file tokenizer.json
added_tokens_file added_tokens.json
special_tokens_map_file special_tokens_map.json
tokenizer_config_file tokenizer_config.json
Partial prompt from /usr/include/stdlib.h:
[...] restrict __nptr,