prog: pkg/compiler: docs: introduce the `no_squash` attribute

The `no_squash` per-syscall attribute prevents the fuzzer from generating
squashed arguments to a particular syscall.

This is particularly helpful for pseudo-syscalls with elaborate
arguments that are hard to reason about when they are squashed - e.g.
for syz_kvm_add_vcpu() that takes a SYZOS program as an input.

I've considered an alternative solution that prohibits ANY for all
pseudo-syscalls. But there is a bunch of existing programs (both
the tests and the repros) for syscalls like syz_mount_image() for which
the benefit of not passing ANY is not immediately obvious.

I therefore decided to go with an explicit attribute that can later
be enforced for every pseudo-syscall at compile time.

1 files changed, 3 insertions, 0 deletions

diff --git a/docs/syscall_descriptions_syntax.md b/docs/syscall_descriptions_syntax.md
index 33dcd3cc6..3abb8fd19 100644
--- a/docs/syscall_descriptions_syntax.md
+++ b/docs/syscall_descriptions_syntax.md
@@ -103,6 +103,9 @@ Call attributes are:
 "breaks_returns": ignore return values of all subsequent calls in the program in fallback feedback (can't be trusted).
 "no_generate": do not try to generate this syscall, i.e. use only seed descriptions to produce it.
 "no_minimize": do not modify instances of this syscall when trying to minimize a crashing program.
+"no_squash": do not attempt to pass squashed arguments to this syscall.
+	Without that, the fuzzer will sometimes attempt to replace complex structures with arrays of bytes,
+	possibly triggering interesting mutations, but also making programs hard to reason about.
 "fsck": the content of the compressed buffer argument for this syscall is a file system and the
     string argument is a fsck-like command that will be called to verify the filesystem
 "remote_cover": wait longer to collect remote coverage for this call.