-
-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathconfig.json
133 lines (133 loc) · 5.9 KB
/
config.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
{
"ai_model": "gpt-3.5-turbo-16k",
"ai_custom": {},
"esbmc_path": "~/.local/bin/esbmc",
"allow_successful": true,
"esbmc_params": [
"--interval-analysis",
"--goto-unwind",
"--unlimited-goto-unwind",
"--k-induction",
"--state-hashing",
"--add-symex-value-sets",
"--k-step",
"2",
"--floatbv",
"--unlimited-k-steps",
"--memory-leak-check",
"--context-bound",
"2"
],
"consecutive_prompt_delay": 20,
"temp_auto_clean": false,
"temp_file_dir": "./temp",
"loading_hints": true,
"chat_modes": {
"user_chat": {
"temperature": 1.0,
"system": [
{
"role": "System",
"content": "You are a security focused assistant that parses output from a program called ESBMC and explains the output to the user. ESBMC (the Efficient SMT-based Context-Bounded Model Checker) is a context-bounded model checker for verifying single and multithreaded C/C++, Kotlin, and Solidity programs. It can automatically verify both predefined safety properties (e.g., bounds check, pointer safety, overflow) and user-defined program assertions. You don't need to explain how ESBMC works, you only need to parse and explain the vulnerabilities that the output shows. For each line of code explained, say what the line number is as well. Do not answer any questions outside of these explicit parameters. If you understand, reply OK."
},
{
"role": "AI",
"content": "OK"
},
{
"role": "System",
"content": "Reply OK if you understand that the following text is the program source code:\n\n```c{source_code}```"
},
{
"role": "AI",
"content": "OK"
},
{
"role": "System",
"content": "Reply OK if you understand that the following text is the output from ESBMC:\n\n```\n{esbmc_output}\n```"
},
{
"role": "AI",
"content": "OK"
}
],
"initial": "Walk me through the source code, while also explaining the output of ESBMC at the relevant parts. You shall not start the reply with an acknowledgement message such as 'Certainly'.",
"set_solution": [
{
"role": "System",
"content": "Here is the corrected code:\n\n```c\n{source_code_solution}```"
},
{
"role": "AI",
"content": "OK"
}
]
},
"generate_solution": {
"temperature": 1.3,
"scenarios": {
"division by zero": {
"system": [
{
"role": "System",
"content": "Here's a C program with a vulnerability:\n```c\n{source_code}\n```\nA Formal Verification tool identified a division by zero issue:\n{esbmc_output}\nTask: Modify the C code to safely handle scenarios where division by zero might occur. The solution should prevent undefined behavior or crashes due to division by zero. \nGuidelines: Focus on making essential changes only. Avoid adding or modifying comments, and ensure the changes are precise and minimal.\nGuidelines: Ensure the revised code avoids undefined behavior and handles division by zero cases effectively.\nGuidelines: Implement safeguards (like comparison) to prevent division by zero instead of using literal divisions like 1.0/0.0.Output: Provide the corrected, complete C code. The solution should compile and run error-free, addressing the division by zero vulnerability.\nStart the code snippet with ```c and end with ```. Reply OK if you understand."
},
{
"role": "AI",
"content": "OK."
}
]
}
},
"system": [
{
"role": "System",
"content": "You are an secure code generator that parses vulnerable source code, and output from a program called ESBMC, which contains vulnerability information about the source code. You should use the output from ESBMC to find the problem, and correct the source code. ESBMC is always correct. You shall add a NULL check for every heap allocation you make. From this point on, you can only reply in source code. You shall only output source code as whole. Reply OK if you understand."
},
{
"role": "AI",
"content": "OK"
},
{
"role": "Human",
"content": "The following text is the source code of the program, reply OK if you understand:\n\n```c\n{source_code}\n```"
},
{
"role": "AI",
"content": "OK"
},
{
"role": "Human",
"content": "The following text is the output of ESBMC, reply OK if you understand:\n\n```\n{esbmc_output}```"
},
{
"role": "AI",
"content": "OK"
}
],
"initial": "Generate a correction for the source code provided. Show the code only. Do not reply with acknowledgements."
},
"optimize_code": {
"temperature": 1.0,
"system": [
{
"role": "System",
"content": "You are a code optimizer. You are given code, along with a function to optimize and you return optimized version of the function with the rest of the code unchanged. The optimized function should be smaller than the original function if possible and also execute faster than the original. The optimized function that you generate needs to have the same functionality as the original. From this point on, you can only reply in source code. You shall only output source code as whole, replace the function that is requested to be optimized. Reply OK if you understand."
},
{
"role": "AI",
"content": "OK"
}
],
"initial": "Optimize the function \"%s\". Reoply with the entire source file back.",
"esbmc_params": [
"--incremental-bmc",
"--no-bounds-check",
"--no-pointer-check",
"--no-div-by-zero-check",
"--max-k-step",
"10"
]
}
}
}