pkg/fuzzer: factor out the fuzzing engine

This is the first step for #1541. Move the fuzzing engine that used to be interleaved with other syz-fuzzer code into a separate package. For now, the algorithm is more or less the same as it was, the only difference is that a pkg/fuzzer instance scales to the available computing power. Add an executor-based test that performs real fuzzing.
author: Aleksandr Nogikh <nogikh@google.com> 2024-02-16 22:47:59 +0100
committer: Aleksandr Nogikh <nogikh@google.com> 2024-03-12 11:14:34 +0000
commit: c35c26ec6312219507c518bae2e56c1ea46a5f36 (patch)
tree: ce5b570187b5720857d7d1d38c4c399354f394bc /sys/targets
parent: 5d97b658d9c2ec0cd68e5632ce7f11bfe5d6c282 (diff)
1 files changed, 13 insertions, 0 deletions
diff --git a/sys/targets/targets.go b/sys/targets/targets.go
index 40fc40991..840c1febf 100644
--- a/sys/targets/targets.go
+++ b/sys/targets/targets.go
@@ -141,6 +141,7 @@ const (
 	S390x               = "s390x"
 	RiscV64             = "riscv64"
 	TestArch64          = "64"
+	TestArch64Fuzz      = "64_fuzz"
 	TestArch64Fork      = "64_fork"
 	TestArch32Shmem     = "32_shmem"
 	TestArch32ForkShmem = "32_fork_shmem"
@@ -189,6 +190,18 @@ var List = map[string]map[string]*Target{
 				ExecutorUsesForkServer: false,
 			},
 		},
+		TestArch64Fuzz: {
+			PtrSize:  8,
+			PageSize: 8 << 10,
+			// -fsanitize=address causes SIGSEGV.
+			CFlags: []string{"-no-pie"},
+			osCommon: osCommon{
+				SyscallNumbers:         true,
+				SyscallPrefix:          "SYS_",
+				ExecutorUsesShmem:      true,
+				ExecutorUsesForkServer: true,
+			},
+		},
 		TestArch64Fork: {
 			PtrSize:  8,
 			PageSize: 8 << 10,
author	Aleksandr Nogikh <nogikh@google.com>	2024-02-16 22:47:59 +0100
committer	Aleksandr Nogikh <nogikh@google.com>	2024-03-12 11:14:34 +0000
commit	c35c26ec6312219507c518bae2e56c1ea46a5f36 (patch)
tree	ce5b570187b5720857d7d1d38c4c399354f394bc /sys/targets
parent	5d97b658d9c2ec0cd68e5632ce7f11bfe5d6c282 (diff)