pkg/fuzzer: factor out the fuzzing engine

This is the first step for #1541. Move the fuzzing engine that used to be interleaved with other syz-fuzzer code into a separate package. For now, the algorithm is more or less the same as it was, the only difference is that a pkg/fuzzer instance scales to the available computing power. Add an executor-based test that performs real fuzzing.
author: Aleksandr Nogikh <nogikh@google.com> 2024-02-16 22:47:59 +0100
committer: Aleksandr Nogikh <nogikh@google.com> 2024-03-12 11:14:34 +0000
commit: c35c26ec6312219507c518bae2e56c1ea46a5f36 (patch)
tree: ce5b570187b5720857d7d1d38c4c399354f394bc /pkg/csource
parent: 5d97b658d9c2ec0cd68e5632ce7f11bfe5d6c282 (diff)
1 files changed, 19 insertions, 0 deletions
diff --git a/pkg/csource/generated.go b/pkg/csource/generated.go
index 7c01243ce..2c33e7a29 100644
--- a/pkg/csource/generated.go
+++ b/pkg/csource/generated.go
@@ -12330,6 +12330,25 @@ static int do_sandbox_none(void)
 }
 #endif
 
+#if SYZ_EXECUTOR || __NR_syz_test_fuzzer1
+
+static void fake_crash(const char* name)
+{
+	failmsg("crash", "{{CRASH: %s}}", name);
+	doexit(1);
+}
+
+static long syz_test_fuzzer1(volatile long a, volatile long b, volatile long c)
+{
+	if (a == 1 && b == 1 && c == 1)
+		fake_crash("first bug");
+	if (a == 1 && b == 2 && c == 3)
+		fake_crash("second bug");
+	return 0;
+}
+
+#endif
+
 #elif GOOS_windows
 
 #include <direct.h>
author	Aleksandr Nogikh <nogikh@google.com>	2024-02-16 22:47:59 +0100
committer	Aleksandr Nogikh <nogikh@google.com>	2024-03-12 11:14:34 +0000
commit	c35c26ec6312219507c518bae2e56c1ea46a5f36 (patch)
tree	ce5b570187b5720857d7d1d38c4c399354f394bc /pkg/csource
parent	5d97b658d9c2ec0cd68e5632ce7f11bfe5d6c282 (diff)