diff options
| author | Aleksandr Nogikh <nogikh@google.com> | 2024-02-16 22:47:59 +0100 |
|---|---|---|
| committer | Aleksandr Nogikh <nogikh@google.com> | 2024-03-12 11:14:34 +0000 |
| commit | c35c26ec6312219507c518bae2e56c1ea46a5f36 (patch) | |
| tree | ce5b570187b5720857d7d1d38c4c399354f394bc /sys | |
| parent | 5d97b658d9c2ec0cd68e5632ce7f11bfe5d6c282 (diff) | |
pkg/fuzzer: factor out the fuzzing engine
This is the first step for #1541.
Move the fuzzing engine that used to be interleaved with other syz-fuzzer
code into a separate package.
For now, the algorithm is more or less the same as it was, the only
difference is that a pkg/fuzzer instance scales to the available
computing power.
Add an executor-based test that performs real fuzzing.
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/targets/targets.go | 13 | ||||
| -rw-r--r-- | sys/test/expressions.txt.const | 2 | ||||
| -rw-r--r-- | sys/test/fuzzer.txt | 7 |
3 files changed, 21 insertions, 1 deletions
diff --git a/sys/targets/targets.go b/sys/targets/targets.go index 40fc40991..840c1febf 100644 --- a/sys/targets/targets.go +++ b/sys/targets/targets.go @@ -141,6 +141,7 @@ const ( S390x = "s390x" RiscV64 = "riscv64" TestArch64 = "64" + TestArch64Fuzz = "64_fuzz" TestArch64Fork = "64_fork" TestArch32Shmem = "32_shmem" TestArch32ForkShmem = "32_fork_shmem" @@ -189,6 +190,18 @@ var List = map[string]map[string]*Target{ ExecutorUsesForkServer: false, }, }, + TestArch64Fuzz: { + PtrSize: 8, + PageSize: 8 << 10, + // -fsanitize=address causes SIGSEGV. + CFlags: []string{"-no-pie"}, + osCommon: osCommon{ + SyscallNumbers: true, + SyscallPrefix: "SYS_", + ExecutorUsesShmem: true, + ExecutorUsesForkServer: true, + }, + }, TestArch64Fork: { PtrSize: 8, PageSize: 8 << 10, diff --git a/sys/test/expressions.txt.const b/sys/test/expressions.txt.const index 8b3a2dae5..77e181281 100644 --- a/sys/test/expressions.txt.const +++ b/sys/test/expressions.txt.const @@ -1,3 +1,3 @@ -arches = 32_fork_shmem, 32_shmem, 64, 64_fork +arches = 32_fork_shmem, 32_shmem, 64, 64_fork, 64_fuzz FIELD_FLAG1 = 2 FIELD_FLAG2 = 4
\ No newline at end of file diff --git a/sys/test/fuzzer.txt b/sys/test/fuzzer.txt new file mode 100644 index 000000000..11e91c992 --- /dev/null +++ b/sys/test/fuzzer.txt @@ -0,0 +1,7 @@ +# Copyright 2024 syzkaller project authors. All rights reserved. +# Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file. + +# These definitions are used for pkg/fuzzer tests. +# They must be in close sync with common_test.h. + +syz_test_fuzzer1(a int64[0:16], b int64[0:16], c int64[0:16]) |