prog: add concept of "special pointers"

Currently we only generate either valid user-space pointers or NULL.
Extend NULL to a set of special pointers that we will use in programs.
All targets now contain 3 special values:
 - NULL
 - 0xfffffffffffffff (invalid kernel pointer)
 - 0x999999999999999 (non-canonical address)
Each target can add additional special pointers on top of this.

Also generate NULL/special pointers for non-opt ptr's.
This restriction was always too restrictive. We may want to generate
them with very low probability, but we do want to generate them.

Also change pointers to NULL/special during mutation
(but still not in the opposite direction).

1 files changed, 8 insertions, 1 deletions

diff --git a/prog/mutation.go b/prog/mutation.go
index ee25fb14a..86cf487aa 100644
--- a/prog/mutation.go
+++ b/prog/mutation.go
@@ -308,6 +308,13 @@ func (t *ArrayType) mutate(r *randGen, s *state, arg Arg, ctx ArgCtx) (calls []*
 
 func (t *PtrType) mutate(r *randGen, s *state, arg Arg, ctx ArgCtx) (calls []*Call, retry, preserve bool) {
 	a := arg.(*PointerArg)
+	if r.oneOf(1000) {
+		removeArg(a.Res)
+		index := r.rand(len(r.target.SpecialPointers))
+		newArg := MakeSpecialPointerArg(t, index)
+		replaceArg(arg, newArg)
+		return
+	}
 	newArg := r.allocAddr(s, t, a.Res.Size(), a.Res)
 	replaceArg(arg, newArg)
 	return
@@ -401,7 +408,7 @@ func (ma *mutationArgs) collectArg(arg Arg, ctx *ArgCtx) {
 			return // string const
 		}
 	case *PtrType:
-		if arg.(*PointerArg).IsNull() {
+		if arg.(*PointerArg).IsSpecial() {
 			// TODO: we ought to mutate this, but we don't have code for this yet.
 			return
 		}