void CheckValidity(CharSetSolver css, Automaton <BDD> aut, Regex regex)
{
if (!aut.IsEmpty)
{
for (int i = 0; i < 1000; i++)
{
var str = css.GenerateMember(aut);
if (!str.Contains("\u200C") && !str.Contains("\u200D") && !str.Contains("\n"))
{
Assert.IsTrue(regex.IsMatch(str), str);
}
}
}
var aut_compl = aut.Complement().Minimize();
if (!aut_compl.IsEmpty)
{
for (int i = 0; i < 1000; i++)
{
var str = css.GenerateMember(aut_compl);
if (!str.Contains("\u200C") && !str.Contains("\u200D") && !str.Contains("\n"))
{
if (regex.IsMatch(str))
{
Assert.IsFalse(true, regex + ":" + StringUtility.Escape(str));
}
}
}
}
}
public void TestMSO_Succ()
{
var solver = new CharSetSolver(BitWidth.BV32);
var x = new Variable("x", true);
var y = new Variable("y", true);
MSOFormula <BDD> phi = new MSOForall <BDD>(x,
new MSOImplies <BDD>(
new MSOPredicate <BDD>(solver.MkCharConstraint('c'), x),
new MSOExists <BDD>(y,
new MSOAnd <BDD>(
new MSOSuccN <BDD>(x, y, 1),
new MSOPredicate <BDD>(solver.MkCharConstraint('a'), y)
)
)
)
);
var aut = phi.GetAutomaton(solver);
for (int i = 0; i < 10; i++)
{
var s = solver.GenerateMember(aut);
Assert.IsTrue(System.Text.RegularExpressions.Regex.IsMatch(s, "^(ca|[^c])*$"));
}
var aut2 = solver.RegexConverter.Convert("^(ca|[^c])*$");
Assert.IsTrue(aut2.IsEquivalentWith(aut));
}
public void AutomSample1()
{
CharSetSolver solver = new CharSetSolver(BitWidth.BV7); //new solver using ASCII encoding
string r1 = @"^[A-Za-z0-9]+@(([A-Za-z0-9\-])+\.)+([A-Za-z\-])+$"; // regex for "almost" valid emails
Automaton <BDD> A = solver.Convert(r1); //accepts strings that match the regex r1
A = A.RemoveEpsilons(); //remove epsilons, uses disjunction of character sets to combine transitions
//solver.ShowGraph(A, "A.dgml"); //save and visualize the automaton using dgml
string s = solver.GenerateMember(A); //grenerate some member
}
public void TestMSO_Neg()
{
var solver = new CharSetSolver(BitWidth.BV7);
//var phi = new MSOTrue();
MSOFormula<BDD> phi = new MSONot<BDD>(new MSOExists<BDD>(V1("x"), new MSOPredicate<BDD>(solver.MkCharConstraint( 'c'), V1("x"))));
var aut = phi.GetAutomaton(solver);
for (int i = 0; i < 10; i++)
{
var s = solver.GenerateMember(aut);
Assert.IsTrue(System.Text.RegularExpressions.Regex.IsMatch(s, "^[^c]*$"));
}
var aut2 = solver.RegexConverter.Convert("^[^c]*$");
Assert.IsTrue(aut2.IsEquivalentWith(aut));
}
public void AutomSample2()
{
CharSetSolver solver = new CharSetSolver(BitWidth.BV16); //charset solver
string a = @"^[A-Za-z0-9]+@(([A-Za-z0-9\-])+\.)+([A-Za-z\-])+$"; //.Net regex
string b = @"^\d.*$"; //.Net regex
Automaton <BDD> A = solver.Convert(a); //create the equivalent automata
Automaton <BDD> B = solver.Convert(b);
Automaton <BDD> C = A.Minus(B); //construct the difference
//solver.ShowGraph(C, "C.dgml");
var M = C.Determinize().MinimizeHopcroft(); //minimize the automaton
//solver.ShowGraph(M, "M.dgml"); //save and visualize
//var M2 = C.Determinize(solver).Minimize2(solver); //minimize the automaton
//solver.ShowGraph(M2, "M2.dgml"); //save and visualize
string s = solver.GenerateMember(M); //generate some member, e.g. "[email protected]"
}
public void TestGeneratedCssEncode()
{
CharSetSolver css = new CharSetSolver(BitWidth.BV16);
var A = css.Convert(".{50,}"); //at least 100 characters
var utf16 = css.Convert(@"^([\0-\uD7FF\uE000-\uFFFD]|([\uD800-\uDBFF][\uDC00-\uDFFF]))*$");
A = A.Intersect(utf16);
//css.Chooser.RandomSeed = 123;
int okCnt = 0;
int error1Cnt = 0;
int error2Cnt = 0;
int diffErrors = 0;
for (int i = 0; i < 1000; i++)
{
string input = css.GenerateMember(A);
string out_expected;
string out_CssEncode;
string out_CssEncode_B;
string out_CssEncode_F;
int stat_expected = TryActualCssEncode(input, out out_expected);
int stat_CssEncode = TryGeneratedCssEncode(input, out out_CssEncode);
int stat_CssEncode_B = TryGeneratedCssEncode_B(input, out out_CssEncode_B);
int stat_CssEncode_F = TryGeneratedCssEncode_F(input, out out_CssEncode_F);
Assert.AreEqual <string>(out_expected, out_CssEncode);
Assert.AreEqual <string>(out_expected, out_CssEncode_B);
Assert.AreEqual <string>(out_expected, out_CssEncode_F);
Assert.AreEqual <int>(stat_CssEncode, stat_CssEncode_B);
Assert.AreEqual <int>(stat_CssEncode, stat_CssEncode_F);
if (stat_expected != stat_CssEncode)
{
diffErrors += 1;
}
if (stat_expected == 0)
{
okCnt += 1;
}
else if (stat_expected == 1)
{
error1Cnt += 1;
}
else
{
error2Cnt += 1;
}
}
Console.WriteLine("okCnt={0}, error1Cnt={1}, error2Cnt={2}, diffErrors={3}", okCnt, error1Cnt, error2Cnt, diffErrors);
}
public void TestMSO_Forall()
{
var solver = new CharSetSolver(BitWidth.BV16);
var x = new Variable("x", true);
MSOFormula<BDD> phi = new MSOForall<BDD>(x, new MSOPredicate<BDD>(solver.MkCharConstraint('c',true), x));
var aut = phi.GetAutomaton(solver);
//aut.ShowGraph("aut");
for (int i = 0; i < 10; i++)
{
TestContext.WriteLine(solver.GenerateMember(aut));
}
var aut2 = solver.RegexConverter.Convert("^(c|C)*$");
//aut2.ShowGraph("aut2");
Assert.IsTrue(aut2.IsEquivalentWith(aut));
}
public void TestMSO_Or()
{
var solver = new CharSetSolver(BitWidth.BV32);
MSOFormula <BDD> phi = new MSOForallFo <BDD>("x",
new MSOOr <BDD>(
new MSOPredicate <BDD>(solver.MkCharConstraint('c'), "x"),
new MSOPredicate <BDD>(solver.MkCharConstraint('a'), "x")
)
);
var aut = phi.GetAutomaton(solver);
for (int i = 0; i < 10; i++)
{
var s = solver.GenerateMember(aut);
Assert.IsTrue(System.Text.RegularExpressions.Regex.IsMatch(s, "^[ac]*$"));
}
var aut2 = solver.RegexConverter.Convert("^[ac]*$");
Assert.IsTrue(aut2.IsEquivalentWith(aut, solver));
}
public void TestMSO_Pred()
{
var solver = new CharSetSolver(BitWidth.BV16);
var x = new Variable("x", true);
var pred = new MSOPredicate<BDD>(solver.MkCharConstraint( 'c'), x);
MSOFormula<BDD> phi = new MSOExists<BDD>(x, pred);
var ca = new CartesianAlgebraBDD<BDD>(solver);
var pred_aut = pred.GetAutomaton(ca);
//pred_aut.ShowGraph("pred_aut");
var aut = phi.GetAutomaton(solver);
for (int i = 0; i < 10; i++)
{
var s = solver.GenerateMember(aut);
Assert.IsTrue(System.Text.RegularExpressions.Regex.IsMatch(s, "c"), "regex mismatch");
}
var aut2 = solver.RegexConverter.Convert("c", System.Text.RegularExpressions.RegexOptions.Singleline);
//aut2.ShowGraph("aut2");
//aut.ShowGraph("aut");
Assert.IsTrue(aut2.IsEquivalentWith(aut), "automata not equialent");
}
/*
* IsYieldTypeSafe :
* 2.1 Input parameters :
* 2.1.1 Automaton<BvSet> implTypeCheckAutomaton : This input Automaton is generated for a phase of YTS checking of an impl.
* 2.2 Return value : returns true if input automaton is subset of YTS property autoamaton.
* 2.3 Action : Subset checking for a phase of an implementation. f L(YTSI) is subset of L(YTSP) {TRUE} else {FALSE}
*/
public static bool IsYieldTypeSafe(Automaton <BvSet> implTypeCheckAutomaton, Implementation impl, MoverTypeChecker moverTypeChecker, int phaseNum)
{
List <BvSet> witnessSet;
var isNonEmpty = Automaton <BvSet> .CheckDifference(
implTypeCheckAutomaton,
yieldTypeCheckerAutomaton,
0,
yieldTypeCheckerAutomatonSolver,
out witnessSet);
#if DEBUG && !DEBUG_DETAIL
var diffAutomaton = implTypeCheckAutomaton.Minus(yieldTypeCheckerAutomaton, yieldTypeCheckerAutomatonSolver);
string diffAutomatonGraphName = "diffAutomaton" + impl.Proc.Name + phaseNum.ToString();
yieldTypeCheckerAutomatonSolver.ShowGraph(diffAutomaton, diffAutomatonGraphName + ".dgml");
#endif
#if DEBUG && !DEBUG_DETAIL
string s = yieldTypeCheckerAutomatonSolver.GenerateMember(implTypeCheckAutomaton);
Console.WriteLine("\n member " + s + " \n");
if (!yieldTypeCheckerAutomatonSolver.Accepts(yieldTypeCheckerAutomaton, s))
{
Console.WriteLine("Property Automaton accepts a random member of impl_automaton " + s);
}
else
{
Console.WriteLine("Property Automaton does not accept a random member of impl_automaton " + s);
}
#endif
if (isNonEmpty)
{
var witness = new String(Array.ConvertAll(witnessSet.ToArray(), bvset => (char)yieldTypeCheckerAutomatonSolver.Choose(bvset)));
moverTypeChecker.Error(impl, "\n Body of " + impl.Proc.Name + " has invalid trace of actions " + witness + "\n");
return(false);
}
return(true);
}
public void MkDifferenceTest()
{
var solver = new CharSetSolver(BitWidth.BV7);
string regexA = "^[abc]c{3}$";
string regexB = "^(a|b)+[abc]{3}$";
var A = solver.Convert(regexA, System.Text.RegularExpressions.RegexOptions.None);
//solver.ShowGraph(A, "A.dgml");
var B = solver.Convert(regexB, System.Text.RegularExpressions.RegexOptions.None);
//solver.ShowGraph(B, "B.dgml");
var C = Automaton <BDD> .MkDifference(A, B, 0);
//solver.ShowGraph(C, "C.dgml");
string s = solver.GenerateMember(C);
Assert.IsTrue(System.Text.RegularExpressions.Regex.IsMatch(s, regexA), "must be a member of " + regexA);
Assert.IsFalse(System.Text.RegularExpressions.Regex.IsMatch(s, regexB), "must not be a member of " + regexB);
Assert.AreEqual <string>("cccc", s);
}
public void TestGeneratedUtf8EncodeFlat()
{
int K = 100; //number of strings
int L = 10000; //length of each string
string _1;
string _2;
string _3;
TryGeneratedUtf8EncodeFlat("\uDAE1\uDCA5", out _1);
TryGeneratedUtf8Encode_F("\uDAE1\uDCA5", out _2);
TryActualUtf8Encode("\uDAE1\uDCA5", out _3);
Assert.AreEqual<string>(_1, _2);
Assert.AreEqual<string>(_1, _3);
CharSetSolver css = new CharSetSolver(BitWidth.BV16);
var A = css.Convert("^.{" + L + "}$");
//var utf16 = css.Convert(@"^([\0-\uD7FF\uE000-\uFFFD]|([\uD800-\uDBFF][\uDC00-\uDFFF]))*$");
//var utf16 = css.Convert(@"^([\uD800-\uDBFF][\uDC00-\uDFFF])*$");
var utf16 = css.Convert(@"^([\0-\uD7FF\uE000-\uFFFD])*$");
A = Automaton<BDD>.MkProduct(A, utf16);
//css.Chooser.RandomSeed = 123;
string[] inputs = new string[K];
for (int i = 0; i < K; i++)
{
inputs[i] = css.GenerateMember(A);
}
for (int i = 0; i < K; i++)
{
string out_expected;
string out_bek;
string out_bek_stream;
string out_bek_orig;
int stat_expected = TryActualUtf8Encode(inputs[i], out out_expected);
int stat_actual = TryGeneratedUtf8EncodeFlat(inputs[i], out out_bek);
int stat_actual_stream = TryGeneratedUtf8EncodeStream(inputs[i], out out_bek_stream);
int stat_actual_orig = TryGeneratedUtf8Encode_F(inputs[i], out out_bek_orig);
Assert.AreEqual<string>(out_expected, out_bek_orig);
Assert.AreEqual<string>(out_expected, out_bek);
Assert.AreEqual<string>(out_expected, out_bek_stream);
}
int timeOur = System.Environment.TickCount;
for (int i = 0; i < K; i++)
{
string tmp;
TryGeneratedUtf8EncodeFlat(inputs[i], out tmp);
}
timeOur = System.Environment.TickCount - timeOur;
int timeOurStream = System.Environment.TickCount;
for (int i = 0; i < K; i++)
{
string tmp;
TryGeneratedUtf8EncodeStream(inputs[i], out tmp);
}
timeOurStream = System.Environment.TickCount - timeOurStream;
int timeOurOrig = System.Environment.TickCount;
for (int i = 0; i < K; i++)
{
string tmp;
TryGeneratedUtf8Encode(inputs[i], out tmp);
}
timeOurOrig = System.Environment.TickCount - timeOurOrig;
int timeSys = System.Environment.TickCount;
for (int i = 0; i < K; i++)
{
string tmp;
TryActualUtf8Encode(inputs[i], out tmp);
}
timeSys = System.Environment.TickCount - timeSys;
Console.WriteLine("timeOurStream:{3}ms, timeOur:{0}ms, timeOurOrig:{1}ms, timeSys:{2}ms", timeOur, timeOurOrig, timeSys, timeOurStream);
}
static void TestRegex(Regex regex)
{
var solver = new CharSetSolver();
string myregex = regex.ToString();
//Regex.CompileToAssembly(new RegexCompilationInfo[] { new RegexCompilationInfo(myregex, RegexOptions.None, "EvilRegex", "RegexTransfomer", true) },
// new System.Reflection.AssemblyName("EvilRegex"));
var sfa = solver.Convert(myregex, regex.Options).RemoveEpsilons();
var sfaDet = sfa.Determinize();
var sfaMin = sfaDet.Minimize();
//solver.ShowGraph(sfa, "sfa");
//solver.ShowGraph(sfaDet, "sfaDet");
//solver.ShowGraph(sfaMin, "sfaMin");
var cs = solver.ToCS(sfaMin, true, "MyRegex", "RegexTransfomer");
var regexMin = solver.ConvertToRegex(sfaMin);
Console.WriteLine("------- given regex --------");
Console.WriteLine(myregex);
Console.WriteLine("----------------------------");
Console.WriteLine("-------- regexMin ----------");
Console.WriteLine(regexMin);
Console.WriteLine("----------------------------");
Console.WriteLine("-------- cs ----------------");
// Console.WriteLine(cs.SourceCode);
Console.WriteLine("----------------------------");
string sIn = solver.GenerateMember(sfaMin);
string sOut = solver.GenerateMember(sfaMin.Complement());
string s = sIn;
int t1;
//int t2;
int t3;
for (int i = 0; i < 2; i++)
{
//original regex
t1 = System.Environment.TickCount;
bool res1 = false;
for (int j = 0; j < 100000; j++)
{
res1 = Regex.IsMatch(s, regex.ToString(), regex.Options);
}
//res1 = evilregex.IsMatch(s);
t1 = System.Environment.TickCount - t1;
////minimized regex
//t2 = System.Environment.TickCount;
//bool res2 = false;
//for (int j = 0; j < 100000; j++)
// res2 = Regex.IsMatch(s, regexMin, regex.Options);
//t2 = System.Environment.TickCount - t2;
//code from minimized regex
t3 = System.Environment.TickCount;
bool res3 = false;
for (int j = 0; j < 100000; j++)
{
res3 = cs.IsMatch(s);
}
t3 = System.Environment.TickCount - t3;
Console.WriteLine(String.Format("{0}ms({1}), {2}ms({3})", t1, res1, t3, res3));
s = sOut;
}
Console.WriteLine("done...(press any key)");
Console.ReadKey();
}
public void TestGeneratedCssEncode()
{
CharSetSolver css = new CharSetSolver(BitWidth.BV16);
var A = css.Convert(".{50,}"); //at least 100 characters
var utf16 = css.Convert(@"^([\0-\uD7FF\uE000-\uFFFD]|([\uD800-\uDBFF][\uDC00-\uDFFF]))*$");
A = A.Intersect(utf16);
//css.Chooser.RandomSeed = 123;
int okCnt = 0;
int error1Cnt = 0;
int error2Cnt = 0;
int diffErrors = 0;
for (int i = 0; i < 1000; i++)
{
string input = css.GenerateMember(A);
string out_expected;
string out_CssEncode;
string out_CssEncode_B;
string out_CssEncode_F;
int stat_expected = TryActualCssEncode(input, out out_expected);
int stat_CssEncode = TryGeneratedCssEncode(input, out out_CssEncode);
int stat_CssEncode_B = TryGeneratedCssEncode_B(input, out out_CssEncode_B);
int stat_CssEncode_F = TryGeneratedCssEncode_F(input, out out_CssEncode_F);
Assert.AreEqual<string>(out_expected, out_CssEncode);
Assert.AreEqual<string>(out_expected, out_CssEncode_B);
Assert.AreEqual<string>(out_expected, out_CssEncode_F);
Assert.AreEqual<int>(stat_CssEncode, stat_CssEncode_B);
Assert.AreEqual<int>(stat_CssEncode, stat_CssEncode_F);
if (stat_expected != stat_CssEncode)
diffErrors += 1;
if (stat_expected == 0)
okCnt += 1;
else if (stat_expected == 1)
error1Cnt += 1;
else
error2Cnt += 1;
}
Console.WriteLine("okCnt={0}, error1Cnt={1}, error2Cnt={2}, diffErrors={3}", okCnt, error1Cnt, error2Cnt, diffErrors);
}
static void TestRegex(Regex regex)
{
var solver = new CharSetSolver();
string myregex = regex.ToString();
//Regex.CompileToAssembly(new RegexCompilationInfo[] { new RegexCompilationInfo(myregex, RegexOptions.None, "EvilRegex", "RegexTransfomer", true) },
// new System.Reflection.AssemblyName("EvilRegex"));
var sfa = solver.Convert(myregex, regex.Options).RemoveEpsilons();
var sfaDet = sfa.Determinize();
var sfaMin = sfaDet.Minimize();
//solver.ShowGraph(sfa, "sfa");
//solver.ShowGraph(sfaDet, "sfaDet");
//solver.ShowGraph(sfaMin, "sfaMin");
var cs = solver.ToCS(sfaMin, true, "MyRegex", "RegexTransfomer");
var regexMin = solver.ConvertToRegex(sfaMin);
Console.WriteLine("------- given regex --------");
Console.WriteLine(myregex);
Console.WriteLine("----------------------------");
Console.WriteLine("-------- regexMin ----------");
Console.WriteLine(regexMin);
Console.WriteLine("----------------------------");
Console.WriteLine("-------- cs ----------------");
Console.WriteLine(cs.SourceCode);
Console.WriteLine("----------------------------");
string sIn = solver.GenerateMember(sfaMin);
string sOut = solver.GenerateMember(sfaMin.Complement());
string s = sIn;
int t1;
int t2;
int t3;
for (int i = 0; i < 2; i++)
{
//original regex
t1 = System.Environment.TickCount;
bool res1 = false;
for (int j = 0; j < 100000; j++)
res1 = Regex.IsMatch(s, regex.ToString(), regex.Options);
//res1 = evilregex.IsMatch(s);
t1 = System.Environment.TickCount - t1;
////minimized regex
//t2 = System.Environment.TickCount;
//bool res2 = false;
//for (int j = 0; j < 100000; j++)
// res2 = Regex.IsMatch(s, regexMin, regex.Options);
//t2 = System.Environment.TickCount - t2;
//code from minimized regex
t3 = System.Environment.TickCount;
bool res3 = false;
for (int j = 0; j < 100000; j++)
res3 = cs.IsMatch(s);
t3 = System.Environment.TickCount - t3;
Console.WriteLine(String.Format("{0}ms({1}), {2}ms({3})", t1, res1, t3, res3));
s = sOut;
}
Console.WriteLine("done...(press any key)");
Console.ReadKey();
}
public void TestGeneratedCssEncodePerformance()
{
CharSetSolver css = new CharSetSolver(BitWidth.BV16);
var A = css.Convert("^.{100,}$"); //at least 50 chars
var utf16 = css.Convert(@"^([\0-\uD7FF\uE000-\uFFFD]|([\uD800-\uDBFF][\uDC00-\uDFFF]))*$");
A = A.Intersect(utf16);
//css.Chooser.RandomSeed = 123;
List<string> samples = new List<string>();
//construct a sample set of 100000 strings of length >= 50 that are valid inputs
while (samples.Count < 100)
{
string input = css.GenerateMember(A);//margus
samples.Add(input);
// if (TryActualCssEncode(input, out tmp) == 0)
// samples.Add(input);
}
//now use the sample set for performace comparison
var antiXssTimes = new List<int>();
var CssEncodeTimes = new List<int>();
var CssEncodeTimes_B = new List<int>();
var CssEncodeTimes_F = new List<int>();
int NrOfReps = 100;
for (int j = 0; j < NrOfReps; j++)
{
//the AntiXss encoder
int t_AntiXss = System.Environment.TickCount;
for (int i = 0; i < samples.Count; i++)
{
string tmp = System.Web.Security.AntiXss.AntiXssEncoder.CssEncode(samples[i]);
}
t_AntiXss = System.Environment.TickCount - t_AntiXss;
antiXssTimes.Add(t_AntiXss);
//generated encoder without exploration
int t_CssEncode = System.Environment.TickCount;
for (int i = 0; i < samples.Count; i++)
{
string tmp = CssEncode.Apply(samples[i]);
}
t_CssEncode = System.Environment.TickCount - t_CssEncode;
CssEncodeTimes.Add(t_CssEncode);
//generated encoder with Boolean exploration
int t_CssEncode_B = System.Environment.TickCount;
for (int i = 0; i < samples.Count; i++)
{
string tmp = CssEncode_B.Apply(samples[i]);
}
t_CssEncode_B = System.Environment.TickCount - t_CssEncode_B;
CssEncodeTimes_B.Add(t_CssEncode_B);
//generated encoder with Full exploration
int t_CssEncode_F = System.Environment.TickCount;
for (int i = 0; i < samples.Count; i++)
{
string tmp = CssEncode_F.Apply(samples[i]);
}
t_CssEncode_F = System.Environment.TickCount - t_CssEncode_F;
CssEncodeTimes_F.Add(t_CssEncode_F);
}
//compute the average times
int antiXssTime = ComputeAverage(antiXssTimes);
int CssEncodeTime = ComputeAverage(CssEncodeTimes);
int CssEncodeTime_B = ComputeAverage(CssEncodeTimes_B);
int CssEncodeTime_F = ComputeAverage(CssEncodeTimes_F);
double[] stdevs = CombinedStandardDeviation(antiXssTimes, CssEncodeTimes, CssEncodeTimes_B, CssEncodeTimes_F);
Console.WriteLine("antiXssTime={0}, CssEncodeTime={1}, CssEncodeTime_B={2}, CssEncodeTime_F={3}, stddvAntiXSS={4}, stddvCssEncode={5}, stddvCssEncodeB={6}, stddvCssEncodeF={7}",
antiXssTime, CssEncodeTime, CssEncodeTime_B, CssEncodeTime_F, stdevs[0], stdevs[1], stdevs[2], stdevs[3]);
}
public void TestGeneratedUtf8EncodeFlat()
{
int K = 100; //number of strings
int L = 10000; //length of each string
string _1;
string _2;
string _3;
TryGeneratedUtf8EncodeFlat("\uDAE1\uDCA5", out _1);
TryGeneratedUtf8Encode_F("\uDAE1\uDCA5", out _2);
TryActualUtf8Encode("\uDAE1\uDCA5", out _3);
Assert.AreEqual<string>(_1, _2);
Assert.AreEqual<string>(_1, _3);
CharSetSolver css = new CharSetSolver(BitWidth.BV16);
var A = css.Convert("^.{" + L + "}$");
//var utf16 = css.Convert(@"^([\0-\uD7FF\uE000-\uFFFD]|([\uD800-\uDBFF][\uDC00-\uDFFF]))*$");
//var utf16 = css.Convert(@"^([\uD800-\uDBFF][\uDC00-\uDFFF])*$");
var utf16 = css.Convert(@"^([\0-\uD7FF\uE000-\uFFFD])*$");
A = Automaton<BDD>.MkProduct(A, utf16, css);
//css.Chooser.RandomSeed = 123;
string[] inputs = new string[K];
for (int i = 0; i < K; i++)
{
inputs[i] = css.GenerateMember(A);
}
for (int i = 0; i < K; i++)
{
string out_expected;
string out_bek;
string out_bek_stream;
string out_bek_orig;
int stat_expected = TryActualUtf8Encode(inputs[i], out out_expected);
int stat_actual = TryGeneratedUtf8EncodeFlat(inputs[i], out out_bek);
int stat_actual_stream = TryGeneratedUtf8EncodeStream(inputs[i], out out_bek_stream);
int stat_actual_orig = TryGeneratedUtf8Encode_F(inputs[i], out out_bek_orig);
Assert.AreEqual<string>(out_expected, out_bek_orig);
Assert.AreEqual<string>(out_expected, out_bek);
Assert.AreEqual<string>(out_expected, out_bek_stream);
}
int timeOur = System.Environment.TickCount;
for (int i = 0; i < K; i++)
{
string tmp;
TryGeneratedUtf8EncodeFlat(inputs[i], out tmp);
}
timeOur = System.Environment.TickCount - timeOur;
int timeOurStream = System.Environment.TickCount;
for (int i = 0; i < K; i++)
{
string tmp;
TryGeneratedUtf8EncodeStream(inputs[i], out tmp);
}
timeOurStream = System.Environment.TickCount - timeOurStream;
int timeOurOrig = System.Environment.TickCount;
for (int i = 0; i < K; i++)
{
string tmp;
TryGeneratedUtf8Encode(inputs[i], out tmp);
}
timeOurOrig = System.Environment.TickCount - timeOurOrig;
int timeSys = System.Environment.TickCount;
for (int i = 0; i < K; i++)
{
string tmp;
TryActualUtf8Encode(inputs[i], out tmp);
}
timeSys = System.Environment.TickCount - timeSys;
Console.WriteLine("timeOurStream:{3}ms, timeOur:{0}ms, timeOurOrig:{1}ms, timeSys:{2}ms", timeOur, timeOurOrig, timeSys, timeOurStream);
}
public void TestGeneratedCssEncodePerformance()
{
CharSetSolver css = new CharSetSolver(BitWidth.BV16);
var A = css.Convert("^.{100,}$"); //at least 50 chars
var utf16 = css.Convert(@"^([\0-\uD7FF\uE000-\uFFFD]|([\uD800-\uDBFF][\uDC00-\uDFFF]))*$");
A = A.Intersect(utf16, css);
//css.Chooser.RandomSeed = 123;
List<string> samples = new List<string>();
//construct a sample set of 100000 strings of length >= 50 that are valid inputs
while (samples.Count < 100)
{
string input = css.GenerateMember(A);//margus
samples.Add(input);
// if (TryActualCssEncode(input, out tmp) == 0)
// samples.Add(input);
}
//now use the sample set for performace comparison
var antiXssTimes = new List<int>();
var CssEncodeTimes = new List<int>();
var CssEncodeTimes_B = new List<int>();
var CssEncodeTimes_F = new List<int>();
int NrOfReps = 100;
for (int j = 0; j < NrOfReps; j++)
{
//the AntiXss encoder
int t_AntiXss = System.Environment.TickCount;
for (int i = 0; i < samples.Count; i++)
{
string tmp = System.Web.Security.AntiXss.AntiXssEncoder.CssEncode(samples[i]);
}
t_AntiXss = System.Environment.TickCount - t_AntiXss;
antiXssTimes.Add(t_AntiXss);
//generated encoder without exploration
int t_CssEncode = System.Environment.TickCount;
for (int i = 0; i < samples.Count; i++)
{
string tmp = CssEncode.Apply(samples[i]);
}
t_CssEncode = System.Environment.TickCount - t_CssEncode;
CssEncodeTimes.Add(t_CssEncode);
//generated encoder with Boolean exploration
int t_CssEncode_B = System.Environment.TickCount;
for (int i = 0; i < samples.Count; i++)
{
string tmp = CssEncode_B.Apply(samples[i]);
}
t_CssEncode_B = System.Environment.TickCount - t_CssEncode_B;
CssEncodeTimes_B.Add(t_CssEncode_B);
//generated encoder with Full exploration
int t_CssEncode_F = System.Environment.TickCount;
for (int i = 0; i < samples.Count; i++)
{
string tmp = CssEncode_F.Apply(samples[i]);
}
t_CssEncode_F = System.Environment.TickCount - t_CssEncode_F;
CssEncodeTimes_F.Add(t_CssEncode_F);
}
//compute the average times
int antiXssTime = ComputeAverage(antiXssTimes);
int CssEncodeTime = ComputeAverage(CssEncodeTimes);
int CssEncodeTime_B = ComputeAverage(CssEncodeTimes_B);
int CssEncodeTime_F = ComputeAverage(CssEncodeTimes_F);
double[] stdevs = CombinedStandardDeviation(antiXssTimes, CssEncodeTimes, CssEncodeTimes_B, CssEncodeTimes_F);
Console.WriteLine("antiXssTime={0}, CssEncodeTime={1}, CssEncodeTime_B={2}, CssEncodeTime_F={3}, stddvAntiXSS={4}, stddvCssEncode={5}, stddvCssEncodeB={6}, stddvCssEncodeF={7}",
antiXssTime, CssEncodeTime, CssEncodeTime_B, CssEncodeTime_F, stdevs[0], stdevs[1], stdevs[2], stdevs[3]);
}
void CheckValidity(CharSetSolver css, Automaton<BDD> aut, Regex regex)
{
if (!aut.IsEmpty)
for (int i = 0; i < 1000; i++)
{
var str = css.GenerateMember(aut);
if (!str.Contains("\u200C") && !str.Contains("\u200D") && !str.Contains("\n"))
Assert.IsTrue(regex.IsMatch(str), str);
}
var aut_compl = aut.Complement().Minimize();
if (!aut_compl.IsEmpty)
for (int i = 0; i < 1000; i++)
{
var str = css.GenerateMember(aut_compl);
if (!str.Contains("\u200C") && !str.Contains("\u200D") && !str.Contains("\n"))
if (regex.IsMatch(str))
Assert.IsFalse(true, regex + ":" + StringUtility.Escape(str));
}
}
