diff options
| -rw-r--r-- | pkg/ifuzz/ifuzz.go | 160 | ||||
| -rw-r--r-- | pkg/ifuzz/ifuzz_test.go | 19 | ||||
| -rw-r--r-- | pkg/ifuzz/ifuzzimpl/ifuzzimpl.go | 180 | ||||
| -rw-r--r-- | pkg/ifuzz/powerpc/powerpc.go | 62 | ||||
| -rw-r--r-- | pkg/ifuzz/powerpc/pseudo.go | 13 | ||||
| -rw-r--r-- | pkg/ifuzz/x86/decode.go | 17 | ||||
| -rw-r--r-- | pkg/ifuzz/x86/encode.go | 19 | ||||
| -rw-r--r-- | pkg/ifuzz/x86/gen/gen.go | 16 | ||||
| -rw-r--r-- | pkg/ifuzz/x86/pseudo.go | 85 | ||||
| -rw-r--r-- | pkg/ifuzz/x86/x86.go | 63 | ||||
| -rw-r--r-- | prog/rand.go | 11 |
11 files changed, 325 insertions, 320 deletions
diff --git a/pkg/ifuzz/ifuzz.go b/pkg/ifuzz/ifuzz.go index 4b51b30f3..45082834d 100644 --- a/pkg/ifuzz/ifuzz.go +++ b/pkg/ifuzz/ifuzz.go @@ -5,56 +5,134 @@ package ifuzz import ( "math/rand" -) -const ( - ModeLong64 = iota - ModeProt32 - ModeProt16 - ModeReal16 - ModeLast + "github.com/google/syzkaller/pkg/ifuzz/ifuzzimpl" + _ "github.com/google/syzkaller/pkg/ifuzz/powerpc/generated" // pull in generated instruction descriptions + _ "github.com/google/syzkaller/pkg/ifuzz/x86/generated" // pull in generated instruction descriptions ) -type Config struct { - Arch string - Len int // number of instructions to generate - Mode int // one of ModeXXX - Priv bool // generate CPL=0 instructions (x86), HV/!PR mode (PPC) - Exec bool // generate instructions sequences interesting for execution - MemRegions []MemRegion // generated instructions will reference these regions -} - -type MemRegion struct { - Start uint64 - Size uint64 -} +type ( + Config = ifuzzimpl.Config + MemRegion = ifuzzimpl.MemRegion + Mode = ifuzzimpl.Mode +) const ( - TypeExec = iota - TypePriv - TypeUser - TypeAll - TypeLast + ArchX86 = ifuzzimpl.ArchX86 + ArchPowerPC = ifuzzimpl.ArchPowerPC + ModeLong64 = ifuzzimpl.ModeLong64 + ModeProt32 = ifuzzimpl.ModeProt32 + ModeProt16 = ifuzzimpl.ModeProt16 + ModeReal16 = ifuzzimpl.ModeReal16 ) -type Insn interface { - GetName() string - GetMode() int - GetPseudo() bool - GetPriv() bool - IsCompatible(cfg *Config) bool - Encode(cfg *Config, r *rand.Rand) []byte +func Generate(cfg *Config, r *rand.Rand) []byte { + var text []byte + for i := 0; i < cfg.Len; i++ { + insn := randInsn(cfg, r) + text = append(text, insn.Encode(cfg, r)...) + } + return text } -type InsnSet interface { - GetInsns(mode, insntype int) []Insn - Decode(mode int, text []byte) (int, error) - DecodeExt(mode int, text []byte) (int, error) // XED, to keep ifuzz_test happy +func Mutate(cfg *Config, r *rand.Rand, text []byte) []byte { + insns := split(cfg, text) + retry := false + for stop := false; !stop || retry || len(insns) == 0; stop = r.Intn(2) == 0 { + retry = false + switch x := r.Intn(100); { + case x < 10 && len(insns) != 0: + // Delete instruction. + i := r.Intn(len(insns)) + copy(insns[i:], insns[i+1:]) + insns = insns[:len(insns)-1] + case x < 40 && len(insns) != 0: + // Replace instruction with another. + insn := randInsn(cfg, r) + text1 := insn.Encode(cfg, r) + i := r.Intn(len(insns)) + insns[i] = text1 + case x < 70 && len(insns) != 0: + // Mutate instruction. + i := r.Intn(len(insns)) + text1 := insns[i] + for stop := false; !stop || len(text1) == 0; stop = r.Intn(2) == 0 { + switch x := r.Intn(100); { + case x < 5 && len(text1) != 0: + // Delete byte. + pos := r.Intn(len(text1)) + copy(text1[pos:], text1[pos+1:]) + text1 = text1[:len(text1)-1] + case x < 40 && len(text1) != 0: + // Replace a byte. + pos := r.Intn(len(text1)) + text1[pos] = byte(r.Intn(256)) + case x < 70 && len(text1) != 0: + // Flip a bit. + pos := r.Intn(len(text1)) + text1[pos] ^= 1 << byte(r.Intn(8)) + default: + // Insert a byte. + pos := r.Intn(len(text1) + 1) + text1 = append(text1, 0) + copy(text1[pos+1:], text1[pos:]) + text1[pos] = byte(r.Intn(256)) + } + } + insns[i] = text1 + case len(insns) < cfg.Len: + // Insert a new instruction. + insn := randInsn(cfg, r) + text1 := insn.Encode(cfg, r) + i := r.Intn(len(insns) + 1) + insns = append(insns, nil) + copy(insns[i+1:], insns[i:]) + insns[i] = text1 + default: + retry = true + } + } + text = nil + for _, insn := range insns { + text = append(text, insn...) + } + return text } -const ( - ArchX86 = "x86" - ArchPowerPC = "powerpc" -) +func randInsn(cfg *Config, r *rand.Rand) ifuzzimpl.Insn { + insnset := ifuzzimpl.Arches[cfg.Arch] + var insns []ifuzzimpl.Insn + if cfg.Priv && cfg.Exec { + insns = insnset.GetInsns(cfg.Mode, ifuzzimpl.Type(r.Intn(3))) + } else if cfg.Priv { + insns = insnset.GetInsns(cfg.Mode, ifuzzimpl.Type(r.Intn(2))) + } else { + insns = insnset.GetInsns(cfg.Mode, ifuzzimpl.TypeUser) + } + return insns[r.Intn(len(insns))] +} -var SpecialNumbers = [...]uint64{0, 1 << 15, 1 << 16, 1 << 31, 1 << 32, 1 << 47, 1 << 47, 1 << 63} +func split(cfg *Config, text []byte) [][]byte { + insnset := ifuzzimpl.Arches[cfg.Arch] + text = append([]byte{}, text...) + var insns [][]byte + var bad []byte + for len(text) != 0 { + n, err := insnset.Decode(cfg.Mode, text) + if err != nil || n == 0 { + bad = append(bad, text[0]) + text = text[1:] + continue + } + if bad != nil { + insns = append(insns, bad) + bad = nil + } + insns = append(insns, text[:n]) + text = text[n:] + } + if bad != nil { + insns = append(insns, bad) + } + return insns +} diff --git a/pkg/ifuzz/ifuzz_test.go b/pkg/ifuzz/ifuzz_test.go index 5d02f8d1e..70177b5ef 100644 --- a/pkg/ifuzz/ifuzz_test.go +++ b/pkg/ifuzz/ifuzz_test.go @@ -1,7 +1,7 @@ // Copyright 2017 syzkaller project authors. All rights reserved. // Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file. -package ifuzz_test +package ifuzz import ( "encoding/hex" @@ -10,13 +10,10 @@ import ( "testing" "time" - "github.com/google/syzkaller/pkg/ifuzz" "github.com/google/syzkaller/pkg/ifuzz/ifuzzimpl" - _ "github.com/google/syzkaller/pkg/ifuzz/powerpc/generated" - _ "github.com/google/syzkaller/pkg/ifuzz/x86/generated" ) -var allArches = []string{ifuzz.ArchX86, ifuzz.ArchPowerPC} +var allArches = []string{ArchX86, ArchPowerPC} func TestMode(t *testing.T) { for _, arch := range allArches { @@ -27,11 +24,11 @@ func TestMode(t *testing.T) { } func testMode(t *testing.T, arch string) { - all := make(map[ifuzz.Insn]bool) - for mode := 0; mode < ifuzz.ModeLast; mode++ { + all := make(map[ifuzzimpl.Insn]bool) + for mode := ifuzzimpl.Mode(0); mode < ifuzzimpl.ModeLast; mode++ { for priv := 0; priv < 2; priv++ { for exec := 0; exec < 2; exec++ { - cfg := &ifuzz.Config{ + cfg := &Config{ Arch: arch, Mode: mode, Priv: priv != 0, @@ -57,7 +54,7 @@ func TestDecode(t *testing.T) { } func testDecode(t *testing.T, arch string) { - insnset := ifuzzimpl.Types[arch] + insnset := ifuzzimpl.Arches[arch] xedEnabled := false if _, err := insnset.DecodeExt(0, nil); err == nil { xedEnabled = true @@ -70,8 +67,8 @@ func testDecode(t *testing.T, arch string) { r := rand.New(rand.NewSource(seed)) for repeat := 0; repeat < 10; repeat++ { - for mode := 0; mode < ifuzz.ModeLast; mode++ { - cfg := &ifuzz.Config{ + for mode := ifuzzimpl.Mode(0); mode < ifuzzimpl.ModeLast; mode++ { + cfg := &Config{ Arch: arch, Mode: mode, Priv: true, diff --git a/pkg/ifuzz/ifuzzimpl/ifuzzimpl.go b/pkg/ifuzz/ifuzzimpl/ifuzzimpl.go index f1ea64f37..71485172c 100644 --- a/pkg/ifuzz/ifuzzimpl/ifuzzimpl.go +++ b/pkg/ifuzz/ifuzzimpl/ifuzzimpl.go @@ -4,142 +4,80 @@ package ifuzzimpl import ( - "github.com/google/syzkaller/pkg/ifuzz" "math/rand" ) -var ( - Types = make(map[string]ifuzz.InsnSet) +const ( + ArchX86 = "x86" + ArchPowerPC = "powerpc" ) -func Register(arch string, insns ifuzz.InsnSet) { - Types[arch] = insns -} +var Arches = make(map[string]InsnSet) -// ModeInsns returns list of all instructions for the given mode. -func ModeInsns(cfg *ifuzz.Config) []ifuzz.Insn { - insnset := Types[cfg.Arch] - if cfg.Mode < 0 || cfg.Mode >= ifuzz.ModeLast { - panic("bad mode") - } - var insns []ifuzz.Insn - insns = append(insns, insnset.GetInsns(cfg.Mode, ifuzz.TypeUser)...) - if cfg.Priv { - insns = append(insns, insnset.GetInsns(cfg.Mode, ifuzz.TypePriv)...) - if cfg.Exec { - insns = append(insns, insnset.GetInsns(cfg.Mode, ifuzz.TypeExec)...) - } - } - return insns +type ( + Mode int + Type int +) + +type Insn interface { + GetName() string + GetMode() int + GetPseudo() bool + GetPriv() bool + IsCompatible(cfg *Config) bool + Encode(cfg *Config, r *rand.Rand) []byte } -func Generate(cfg *ifuzz.Config, r *rand.Rand) []byte { - var text []byte - for i := 0; i < cfg.Len; i++ { - insn := randInsn(cfg, r) - text = append(text, insn.Encode(cfg, r)...) - } - return text +type InsnSet interface { + GetInsns(mode Mode, typ Type) []Insn + Decode(mode Mode, text []byte) (int, error) + DecodeExt(mode Mode, text []byte) (int, error) // XED, to keep ifuzz_test happy } -func Mutate(cfg *ifuzz.Config, r *rand.Rand, text []byte) []byte { - insns := split(cfg, text) - retry := false - for stop := false; !stop || retry || len(insns) == 0; stop = r.Intn(2) == 0 { - retry = false - switch x := r.Intn(100); { - case x < 10 && len(insns) != 0: - // Delete instruction. - i := r.Intn(len(insns)) - copy(insns[i:], insns[i+1:]) - insns = insns[:len(insns)-1] - case x < 40 && len(insns) != 0: - // Replace instruction with another. - insn := randInsn(cfg, r) - text1 := insn.Encode(cfg, r) - i := r.Intn(len(insns)) - insns[i] = text1 - case x < 70 && len(insns) != 0: - // Mutate instruction. - i := r.Intn(len(insns)) - text1 := insns[i] - for stop := false; !stop || len(text1) == 0; stop = r.Intn(2) == 0 { - switch x := r.Intn(100); { - case x < 5 && len(text1) != 0: - // Delete byte. - pos := r.Intn(len(text1)) - copy(text1[pos:], text1[pos+1:]) - text1 = text1[:len(text1)-1] - case x < 40 && len(text1) != 0: - // Replace a byte. - pos := r.Intn(len(text1)) - text1[pos] = byte(r.Intn(256)) - case x < 70 && len(text1) != 0: - // Flip a bit. - pos := r.Intn(len(text1)) - text1[pos] ^= 1 << byte(r.Intn(8)) - default: - // Insert a byte. - pos := r.Intn(len(text1) + 1) - text1 = append(text1, 0) - copy(text1[pos+1:], text1[pos:]) - text1[pos] = byte(r.Intn(256)) - } - } - insns[i] = text1 - case len(insns) < cfg.Len: - // Insert a new instruction. - insn := randInsn(cfg, r) - text1 := insn.Encode(cfg, r) - i := r.Intn(len(insns) + 1) - insns = append(insns, nil) - copy(insns[i+1:], insns[i:]) - insns[i] = text1 - default: - retry = true - } - } - text = nil - for _, insn := range insns { - text = append(text, insn...) - } - return text +type Config struct { + Arch string + Len int // number of instructions to generate + Mode Mode // one of ModeXXX + Priv bool // generate CPL=0 instructions (x86), HV/!PR mode (PPC) + Exec bool // generate instructions sequences interesting for execution + MemRegions []MemRegion // generated instructions will reference these regions } -func randInsn(cfg *ifuzz.Config, r *rand.Rand) ifuzz.Insn { - insnset := Types[cfg.Arch] - var insns []ifuzz.Insn - if cfg.Priv && cfg.Exec { - insns = insnset.GetInsns(cfg.Mode, r.Intn(3)) - } else if cfg.Priv { - insns = insnset.GetInsns(cfg.Mode, r.Intn(2)) - } else { - insns = insnset.GetInsns(cfg.Mode, ifuzz.TypeUser) - } - return insns[r.Intn(len(insns))] +type MemRegion struct { + Start uint64 + Size uint64 } -func split(cfg *ifuzz.Config, text []byte) [][]byte { - insnset := Types[cfg.Arch] - text = append([]byte{}, text...) - var insns [][]byte - var bad []byte - for len(text) != 0 { - n, err := insnset.Decode(cfg.Mode, text) - if err != nil || n == 0 { - bad = append(bad, text[0]) - text = text[1:] - continue - } - if bad != nil { - insns = append(insns, bad) - bad = nil - } - insns = append(insns, text[:n]) - text = text[n:] +const ( + ModeLong64 Mode = iota + ModeProt32 + ModeProt16 + ModeReal16 + ModeLast +) + +const ( + TypeExec Type = iota + TypePriv + TypeUser + TypeAll + TypeLast +) + +// ModeInsns returns list of all instructions for the given mode. +func ModeInsns(cfg *Config) []Insn { + insnset := Arches[cfg.Arch] + if cfg.Mode < 0 || cfg.Mode >= ModeLast { + panic("bad mode") } - if bad != nil { - insns = append(insns, bad) + insns := insnset.GetInsns(cfg.Mode, TypeUser) + if cfg.Priv { + insns = append(insns, insnset.GetInsns(cfg.Mode, TypePriv)...) + if cfg.Exec { + insns = append(insns, insnset.GetInsns(cfg.Mode, TypeExec)...) + } } return insns } + +var SpecialNumbers = [...]uint64{0, 1 << 15, 1 << 16, 1 << 31, 1 << 32, 1 << 47, 1 << 47, 1 << 63} diff --git a/pkg/ifuzz/powerpc/powerpc.go b/pkg/ifuzz/powerpc/powerpc.go index 0dd3a57d6..5559c491c 100644 --- a/pkg/ifuzz/powerpc/powerpc.go +++ b/pkg/ifuzz/powerpc/powerpc.go @@ -16,9 +16,9 @@ import ( "encoding/binary" "errors" "fmt" - "github.com/google/syzkaller/pkg/ifuzz" - "github.com/google/syzkaller/pkg/ifuzz/ifuzzimpl" "math/rand" + + "github.com/google/syzkaller/pkg/ifuzz/ifuzzimpl" ) type InsnBits struct { @@ -35,20 +35,20 @@ type Insn struct { Opcode uint32 Mask uint32 - generator func(cfg *ifuzz.Config, r *rand.Rand) []byte + generator func(cfg *ifuzzimpl.Config, r *rand.Rand) []byte } type InsnSetPowerPC struct { Insns []*Insn - modeInsns [ifuzz.ModeLast][ifuzz.TypeLast][]ifuzz.Insn + modeInsns [ifuzzimpl.ModeLast][ifuzzimpl.TypeLast][]ifuzzimpl.Insn insnMap map[string]*Insn } -func (insnset *InsnSetPowerPC) GetInsns(mode, insntype int) []ifuzz.Insn { - return insnset.modeInsns[mode][insntype] +func (insnset *InsnSetPowerPC) GetInsns(mode ifuzzimpl.Mode, typ ifuzzimpl.Type) []ifuzzimpl.Insn { + return insnset.modeInsns[mode][typ] } -func (insnset *InsnSetPowerPC) Decode(mode int, text []byte) (int, error) { +func (insnset *InsnSetPowerPC) Decode(mode ifuzzimpl.Mode, text []byte) (int, error) { if len(text) < 4 { return 0, errors.New("must be at least 4 bytes") } @@ -61,7 +61,7 @@ func (insnset *InsnSetPowerPC) Decode(mode int, text []byte) (int, error) { return 0, fmt.Errorf("unrecognised instruction %08x", insn32) } -func (insnset *InsnSetPowerPC) DecodeExt(mode int, text []byte) (int, error) { +func (insnset *InsnSetPowerPC) DecodeExt(mode ifuzzimpl.Mode, text []byte) (int, error) { return 0, fmt.Errorf("no external decoder") } @@ -85,7 +85,7 @@ func (insn *Insn) EncodeParam(v map[string]uint, r *rand.Rand) []byte { return ret } -func (insn Insn) Encode(cfg *ifuzz.Config, r *rand.Rand) []byte { +func (insn Insn) Encode(cfg *ifuzzimpl.Config, r *rand.Rand) []byte { if insn.Pseudo { return insn.generator(cfg, r) } @@ -94,39 +94,39 @@ func (insn Insn) Encode(cfg *ifuzz.Config, r *rand.Rand) []byte { } func Register(insns []*Insn) { - var insnset InsnSetPowerPC - - insnset.Insns = insns - if len(insnset.Insns) == 0 { + if len(insns) == 0 { panic("no instructions") } - insnset.insnMap = make(map[string]*Insn) + insnset := &InsnSetPowerPC{ + Insns: insns, + insnMap: make(map[string]*Insn), + } for _, insn := range insnset.Insns { insnset.insnMap[insn.GetName()] = insn } insnset.initPseudo() - for mode := 0; mode < ifuzz.ModeLast; mode++ { + for mode := ifuzzimpl.Mode(0); mode < ifuzzimpl.ModeLast; mode++ { for _, insn := range insnset.Insns { if insn.GetMode()&(1<<uint(mode)) == 0 { continue } if insn.GetPseudo() { - insnset.modeInsns[mode][ifuzz.TypeExec] = - append(insnset.modeInsns[mode][ifuzz.TypeExec], ifuzz.Insn(insn)) + insnset.modeInsns[mode][ifuzzimpl.TypeExec] = + append(insnset.modeInsns[mode][ifuzzimpl.TypeExec], insn) } else if insn.GetPriv() { - insnset.modeInsns[mode][ifuzz.TypePriv] = - append(insnset.modeInsns[mode][ifuzz.TypePriv], ifuzz.Insn(insn)) - insnset.modeInsns[mode][ifuzz.TypeAll] = - append(insnset.modeInsns[mode][ifuzz.TypeAll], ifuzz.Insn(insn)) + insnset.modeInsns[mode][ifuzzimpl.TypePriv] = + append(insnset.modeInsns[mode][ifuzzimpl.TypePriv], insn) + insnset.modeInsns[mode][ifuzzimpl.TypeAll] = + append(insnset.modeInsns[mode][ifuzzimpl.TypeAll], insn) } else { - insnset.modeInsns[mode][ifuzz.TypeUser] = - append(insnset.modeInsns[mode][ifuzz.TypeUser], ifuzz.Insn(insn)) - insnset.modeInsns[mode][ifuzz.TypeAll] = - append(insnset.modeInsns[mode][ifuzz.TypeAll], ifuzz.Insn(insn)) + insnset.modeInsns[mode][ifuzzimpl.TypeUser] = + append(insnset.modeInsns[mode][ifuzzimpl.TypeUser], insn) + insnset.modeInsns[mode][ifuzzimpl.TypeAll] = + append(insnset.modeInsns[mode][ifuzzimpl.TypeAll], insn) } } } - ifuzzimpl.Register(ifuzz.ArchPowerPC, ifuzz.InsnSet(&insnset)) + ifuzzimpl.Arches[ifuzzimpl.ArchPowerPC] = insnset } func (insn Insn) GetName() string { @@ -135,9 +135,9 @@ func (insn Insn) GetName() string { func (insn Insn) GetMode() int { if insn.M64 { - return (1 << ifuzz.ModeLong64) + return (1 << ifuzzimpl.ModeLong64) } - return (1 << ifuzz.ModeLong64) | (1 << ifuzz.ModeProt32) + return (1 << ifuzzimpl.ModeLong64) | (1 << ifuzzimpl.ModeProt32) } func (insn Insn) GetPriv() bool { @@ -148,8 +148,8 @@ func (insn Insn) GetPseudo() bool { return insn.Pseudo } -func (insn Insn) IsCompatible(cfg *ifuzz.Config) bool { - if cfg.Mode < 0 || cfg.Mode >= ifuzz.ModeLast { +func (insn Insn) IsCompatible(cfg *ifuzzimpl.Config) bool { + if cfg.Mode < 0 || cfg.Mode >= ifuzzimpl.ModeLast { panic("bad mode") } if insn.Priv && !cfg.Priv { @@ -158,7 +158,7 @@ func (insn Insn) IsCompatible(cfg *ifuzz.Config) bool { if insn.Pseudo && !cfg.Exec { return false } - if insn.M64 && ((1 << uint(cfg.Mode)) != ifuzz.ModeLong64) { + if insn.M64 && ((1 << uint(cfg.Mode)) != ifuzzimpl.ModeLong64) { return false } return true diff --git a/pkg/ifuzz/powerpc/pseudo.go b/pkg/ifuzz/powerpc/pseudo.go index e39863b32..d9d1a0039 100644 --- a/pkg/ifuzz/powerpc/pseudo.go +++ b/pkg/ifuzz/powerpc/pseudo.go @@ -4,8 +4,9 @@ package powerpc import ( - "github.com/google/syzkaller/pkg/ifuzz" "math/rand" + + "github.com/google/syzkaller/pkg/ifuzz/ifuzzimpl" ) // nolint:dupl @@ -14,7 +15,7 @@ func (insnset *InsnSetPowerPC) initPseudo() { Name: "PSEUDO_hypercall", Priv: true, Pseudo: true, - generator: func(cfg *ifuzz.Config, r *rand.Rand) []byte { + generator: func(cfg *ifuzzimpl.Config, r *rand.Rand) []byte { gen := makeGen(insnset, cfg, r) gen.sc(1) return gen.text @@ -24,7 +25,7 @@ func (insnset *InsnSetPowerPC) initPseudo() { Name: "PSEUDO_syscall", Priv: true, Pseudo: true, - generator: func(cfg *ifuzz.Config, r *rand.Rand) []byte { + generator: func(cfg *ifuzzimpl.Config, r *rand.Rand) []byte { gen := makeGen(insnset, cfg, r) gen.sc(0) return gen.text @@ -34,7 +35,7 @@ func (insnset *InsnSetPowerPC) initPseudo() { Name: "PSEUDO_ultracall", Priv: true, Pseudo: true, - generator: func(cfg *ifuzz.Config, r *rand.Rand) []byte { + generator: func(cfg *ifuzzimpl.Config, r *rand.Rand) []byte { gen := makeGen(insnset, cfg, r) gen.sc(2) return gen.text @@ -44,12 +45,12 @@ func (insnset *InsnSetPowerPC) initPseudo() { type generator struct { imap map[string]*Insn - mode int + mode ifuzzimpl.Mode r *rand.Rand text []byte } -func makeGen(insnset *InsnSetPowerPC, cfg *ifuzz.Config, r *rand.Rand) *generator { +func makeGen(insnset *InsnSetPowerPC, cfg *ifuzzimpl.Config, r *rand.Rand) *generator { return &generator{ imap: insnset.insnMap, mode: cfg.Mode, diff --git a/pkg/ifuzz/x86/decode.go b/pkg/ifuzz/x86/decode.go index ca611ac69..e02a3a63f 100644 --- a/pkg/ifuzz/x86/decode.go +++ b/pkg/ifuzz/x86/decode.go @@ -5,26 +5,27 @@ package x86 import ( "fmt" - "github.com/google/syzkaller/pkg/ifuzz" + + "github.com/google/syzkaller/pkg/ifuzz/ifuzzimpl" ) // Decode decodes instruction length for the given mode. // It can have falsely decode incorrect instructions, // but should not fail to decode correct instructions. // nolint: gocyclo, nestif, gocognit, funlen -func (insnset *InsnSetX86) Decode(mode int, text []byte) (int, error) { +func (insnset *InsnSetX86) Decode(mode ifuzzimpl.Mode, text []byte) (int, error) { if len(text) == 0 { return 0, fmt.Errorf("zero-length instruction") } prefixes := prefixes32 var operSize, immSize, dispSize, addrSize int switch mode { - case ifuzz.ModeLong64: + case ifuzzimpl.ModeLong64: operSize, immSize, dispSize, addrSize = 4, 4, 4, 8 prefixes = prefixes64 - case ifuzz.ModeProt32: + case ifuzzimpl.ModeProt32: operSize, immSize, dispSize, addrSize = 4, 4, 4, 4 - case ifuzz.ModeProt16, ifuzz.ModeReal16: + case ifuzzimpl.ModeProt16, ifuzzimpl.ModeReal16: operSize, immSize, dispSize, addrSize = 2, 2, 2, 2 default: panic("bad mode") @@ -35,7 +36,7 @@ func (insnset *InsnSetX86) Decode(mode int, text []byte) (int, error) { if len(text) > 1 { // There are only 2 32-bit instructions that look like VEX-prefixed but are actually not: LDS, LES. // They always reference memory (mod!=3), but all VEX instructions have "mod=3" where LDS/LES would have mod. - if (text[0] == 0xc4 || text[0] == 0xc5) && (mode == ifuzz.ModeLong64 || text[1]&0xc0 == 0xc0) { + if (text[0] == 0xc4 || text[0] == 0xc5) && (mode == ifuzzimpl.ModeLong64 || text[1]&0xc0 == 0xc0) { vex = true } // There is only one instruction that looks like XOP-prefixed but is actually not: POP. @@ -207,7 +208,7 @@ nextInsn: return 0, fmt.Errorf("unknown instruction") } -var XedDecode func(mode int, text []byte) (int, error) +var XedDecode func(mode ifuzzimpl.Mode, text []byte) (int, error) var ( prefixes32 = map[byte]bool{ @@ -225,7 +226,7 @@ var ( } ) -func (insnset *InsnSetX86) DecodeExt(mode int, text []byte) (int, error) { +func (insnset *InsnSetX86) DecodeExt(mode ifuzzimpl.Mode, text []byte) (int, error) { if XedDecode != nil && text != nil && len(text) > 0 { return XedDecode(mode, text) } diff --git a/pkg/ifuzz/x86/encode.go b/pkg/ifuzz/x86/encode.go index b73a22c14..9258bc41c 100644 --- a/pkg/ifuzz/x86/encode.go +++ b/pkg/ifuzz/x86/encode.go @@ -8,12 +8,13 @@ package x86 import ( - "github.com/google/syzkaller/pkg/ifuzz" "math/rand" + + "github.com/google/syzkaller/pkg/ifuzz/ifuzzimpl" ) // nolint: gocyclo, nestif, gocognit, funlen -func (insn *Insn) Encode(cfg *ifuzz.Config, r *rand.Rand) []byte { +func (insn *Insn) Encode(cfg *ifuzzimpl.Config, r *rand.Rand) []byte { if !insn.IsCompatible(cfg) { panic("instruction is not suitable for this mode") } @@ -23,11 +24,11 @@ func (insn *Insn) Encode(cfg *ifuzz.Config, r *rand.Rand) []byte { var operSize, immSize, dispSize, addrSize int switch cfg.Mode { - case ifuzz.ModeLong64: + case ifuzzimpl.ModeLong64: operSize, immSize, dispSize, addrSize = 4, 4, 4, 8 - case ifuzz.ModeProt32: + case ifuzzimpl.ModeProt32: operSize, immSize, dispSize, addrSize = 4, 4, 4, 4 - case ifuzz.ModeProt16, ifuzz.ModeReal16: + case ifuzzimpl.ModeProt16, ifuzzimpl.ModeReal16: operSize, immSize, dispSize, addrSize = 2, 2, 2, 2 default: panic("bad mode") @@ -53,7 +54,7 @@ func (insn *Insn) Encode(cfg *ifuzz.Config, r *rand.Rand) []byte { if !insn.No66Prefix { prefixes = append(prefixes, 0x66) // operand size } - if cfg.Mode == ifuzz.ModeLong64 || !insn.Mem32 { + if cfg.Mode == ifuzzimpl.ModeLong64 || !insn.Mem32 { prefixes = append(prefixes, 0x67) // address size } if !insn.NoRepPrefix { @@ -70,7 +71,7 @@ func (insn *Insn) Encode(cfg *ifuzz.Config, r *rand.Rand) []byte { // REX var rex byte - if cfg.Mode == ifuzz.ModeLong64 && r.Intn(2) == 0 { + if cfg.Mode == ifuzzimpl.ModeLong64 && r.Intn(2) == 0 { // bit 0 - B // bit 1 - X // bit 2 - R @@ -118,7 +119,7 @@ func (insn *Insn) Encode(cfg *ifuzz.Config, r *rand.Rand) []byte { code = append(code, insn.Vex) vexR = byte(1) vexX = byte(1) - if cfg.Mode == ifuzz.ModeLong64 { + if cfg.Mode == ifuzzimpl.ModeLong64 { vexR = byte(r.Intn(2)) vexX = byte(r.Intn(2)) } @@ -146,7 +147,7 @@ func (insn *Insn) Encode(cfg *ifuzz.Config, r *rand.Rand) []byte { code = append(code, vexR<<7|vexX<<6|vexB<<5|insn.VexMap) code = append(code, W<<7|vvvv<<3|L<<2|pp) // TODO: short encoding - if cfg.Mode != ifuzz.ModeLong64 { + if cfg.Mode != ifuzzimpl.ModeLong64 { vvvv |= 8 } } diff --git a/pkg/ifuzz/x86/gen/gen.go b/pkg/ifuzz/x86/gen/gen.go index d1a490625..3622ba248 100644 --- a/pkg/ifuzz/x86/gen/gen.go +++ b/pkg/ifuzz/x86/gen/gen.go @@ -13,7 +13,7 @@ import ( "strconv" "strings" - "github.com/google/syzkaller/pkg/ifuzz" + "github.com/google/syzkaller/pkg/ifuzz/ifuzzimpl" "github.com/google/syzkaller/pkg/ifuzz/x86" "github.com/google/syzkaller/pkg/serializer" ) @@ -102,7 +102,7 @@ func main() { insn.Extension = vals[0] switch insn.Extension { case "FMA", "AVX2", "AVX", "F16C", "BMI2", "BMI", "XOP", "FMA4", "AVXAES", "BMI1", "AVX2GATHER": - insn.Mode = 1<<ifuzz.ModeLong64 | 1<<ifuzz.ModeProt32 + insn.Mode = 1<<ifuzzimpl.ModeLong64 | 1<<ifuzzimpl.ModeProt32 } insn.Avx2Gather = insn.Extension == "AVX2GATHER" case "PATTERN": @@ -201,7 +201,7 @@ func parsePattern(insn *x86.Insn, vals []string) error { return errSkip("") } if insn.Mode == 0 { - insn.Mode = 1<<ifuzz.ModeLast - 1 + insn.Mode = 1<<ifuzzimpl.ModeLast - 1 } insn.Mod = -100 insn.Reg = -100 @@ -314,7 +314,7 @@ func parsePattern(insn *x86.Insn, vals []string) error { // VOP/VEX case v == "XOPV": insn.Vex = 0x8f - insn.Mode &^= 1 << ifuzz.ModeReal16 + insn.Mode &^= 1 << ifuzzimpl.ModeReal16 case v == "EVV": insn.Vex = 0xc4 case v == "VV1": @@ -355,13 +355,13 @@ func parsePattern(insn *x86.Insn, vals []string) error { // Modes. case v == "mode64": - insn.Mode &= 1 << ifuzz.ModeLong64 + insn.Mode &= 1 << ifuzzimpl.ModeLong64 case v == "not64": - insn.Mode &^= 1 << ifuzz.ModeLong64 + insn.Mode &^= 1 << ifuzzimpl.ModeLong64 case v == "mode32": - insn.Mode &= 1 << ifuzz.ModeProt32 + insn.Mode &= 1 << ifuzzimpl.ModeProt32 case v == "mode16": - insn.Mode &= 1<<ifuzz.ModeProt16 | 1<<ifuzz.ModeReal16 + insn.Mode &= 1<<ifuzzimpl.ModeProt16 | 1<<ifuzzimpl.ModeReal16 case v == "eamode64", v == "eamode32", v == "eamode16", diff --git a/pkg/ifuzz/x86/pseudo.go b/pkg/ifuzz/x86/pseudo.go index 1efbcfbcc..412b5813f 100644 --- a/pkg/ifuzz/x86/pseudo.go +++ b/pkg/ifuzz/x86/pseudo.go @@ -4,18 +4,19 @@ package x86 import ( - "github.com/google/syzkaller/pkg/ifuzz" "math/rand" + + "github.com/google/syzkaller/pkg/ifuzz/ifuzzimpl" ) // nolint: funlen func (insnset *InsnSetX86) initPseudo() { insnset.Insns = append(insnset.Insns, &Insn{ Name: "PSEUDO_RDMSR", - Mode: 1<<ifuzz.ModeLast - 1, + Mode: 1<<ifuzzimpl.ModeLast - 1, Priv: true, Pseudo: true, - generator: func(cfg *ifuzz.Config, r *rand.Rand) []byte { + generator: func(cfg *ifuzzimpl.Config, r *rand.Rand) []byte { gen := makeGen(cfg, r) msr := msrs[r.Intn(len(msrs))] gen.mov32(regECX, msr) @@ -25,10 +26,10 @@ func (insnset *InsnSetX86) initPseudo() { }) insnset.Insns = append(insnset.Insns, &Insn{ Name: "PSEUDO_WRMSR", - Mode: 1<<ifuzz.ModeLast - 1, + Mode: 1<<ifuzzimpl.ModeLast - 1, Priv: true, Pseudo: true, - generator: func(cfg *ifuzz.Config, r *rand.Rand) []byte { + generator: func(cfg *ifuzzimpl.Config, r *rand.Rand) []byte { gen := makeGen(cfg, r) msr := msrs[r.Intn(len(msrs))] v := generateInt(cfg, r, 8) @@ -41,10 +42,10 @@ func (insnset *InsnSetX86) initPseudo() { }) insnset.Insns = append(insnset.Insns, &Insn{ Name: "PSEUDO_PCI_READ", - Mode: 1<<ifuzz.ModeLast - 1, + Mode: 1<<ifuzzimpl.ModeLast - 1, Priv: true, Pseudo: true, - generator: func(cfg *ifuzz.Config, r *rand.Rand) []byte { + generator: func(cfg *ifuzzimpl.Config, r *rand.Rand) []byte { gen := makeGen(cfg, r) addr, port, size := pciAddrPort(r) gen.out32(0xcf8, addr) @@ -54,10 +55,10 @@ func (insnset *InsnSetX86) initPseudo() { }) insnset.Insns = append(insnset.Insns, &Insn{ Name: "PSEUDO_PCI_WRITE", - Mode: 1<<ifuzz.ModeLast - 1, + Mode: 1<<ifuzzimpl.ModeLast - 1, Priv: true, Pseudo: true, - generator: func(cfg *ifuzz.Config, r *rand.Rand) []byte { + generator: func(cfg *ifuzzimpl.Config, r *rand.Rand) []byte { gen := makeGen(cfg, r) addr, port, size := pciAddrPort(r) val := generateInt(cfg, r, 4) @@ -68,10 +69,10 @@ func (insnset *InsnSetX86) initPseudo() { }) insnset.Insns = append(insnset.Insns, &Insn{ Name: "PSEUDO_PORT_READ", - Mode: 1<<ifuzz.ModeLast - 1, + Mode: 1<<ifuzzimpl.ModeLast - 1, Priv: true, Pseudo: true, - generator: func(cfg *ifuzz.Config, r *rand.Rand) []byte { + generator: func(cfg *ifuzzimpl.Config, r *rand.Rand) []byte { gen := makeGen(cfg, r) port := ports[r.Intn(len(ports))] gen.in(port, r.Intn(3)) @@ -80,10 +81,10 @@ func (insnset *InsnSetX86) initPseudo() { }) insnset.Insns = append(insnset.Insns, &Insn{ Name: "PSEUDO_PORT_WRITE", - Mode: 1<<ifuzz.ModeLast - 1, + Mode: 1<<ifuzzimpl.ModeLast - 1, Priv: true, Pseudo: true, - generator: func(cfg *ifuzz.Config, r *rand.Rand) []byte { + generator: func(cfg *ifuzzimpl.Config, r *rand.Rand) []byte { gen := makeGen(cfg, r) port := ports[r.Intn(len(ports))] val := generateInt(cfg, r, 4) @@ -93,10 +94,10 @@ func (insnset *InsnSetX86) initPseudo() { }) insnset.Insns = append(insnset.Insns, &Insn{ Name: "PSEUDO_XOR_CR", - Mode: 1<<ifuzz.ModeLast - 1, + Mode: 1<<ifuzzimpl.ModeLast - 1, Priv: true, Pseudo: true, - generator: func(cfg *ifuzz.Config, r *rand.Rand) []byte { + generator: func(cfg *ifuzzimpl.Config, r *rand.Rand) []byte { gen := makeGen(cfg, r) cr := controlRegisters[r.Intn(len(controlRegisters))] var v uint32 @@ -114,10 +115,10 @@ func (insnset *InsnSetX86) initPseudo() { }) insnset.Insns = append(insnset.Insns, &Insn{ Name: "PSEUDO_XOR_EFER", - Mode: 1<<ifuzz.ModeLast - 1, + Mode: 1<<ifuzzimpl.ModeLast - 1, Priv: true, Pseudo: true, - generator: func(cfg *ifuzz.Config, r *rand.Rand) []byte { + generator: func(cfg *ifuzzimpl.Config, r *rand.Rand) []byte { gen := makeGen(cfg, r) gen.mov32(regECX, eferMSR) gen.byte(0x0f, 0x32) // rdmsr @@ -129,16 +130,16 @@ func (insnset *InsnSetX86) initPseudo() { }) insnset.Insns = append(insnset.Insns, &Insn{ Name: "PSEUDO_SET_BREAK", - Mode: 1<<ifuzz.ModeLast - 1, + Mode: 1<<ifuzzimpl.ModeLast - 1, Priv: true, Pseudo: true, - generator: func(cfg *ifuzz.Config, r *rand.Rand) []byte { + generator: func(cfg *ifuzzimpl.Config, r *rand.Rand) []byte { gen := makeGen(cfg, r) br := uint8(r.Intn(4)) loc := uint32(r.Intn(4)) typ := uint32(r.Intn(16)) addr := generateInt(cfg, r, 8) - if cfg.Mode == ifuzz.ModeLong64 { + if cfg.Mode == ifuzzimpl.ModeLong64 { gen.mov64(regRAX, addr) } else { gen.mov32(regEAX, uint32(addr)) @@ -152,13 +153,13 @@ func (insnset *InsnSetX86) initPseudo() { }) insnset.Insns = append(insnset.Insns, &Insn{ Name: "PSEUDO_LOAD_SEG", - Mode: 1<<ifuzz.ModeLast - 1, + Mode: 1<<ifuzzimpl.ModeLast - 1, Priv: true, Pseudo: true, - generator: func(cfg *ifuzz.Config, r *rand.Rand) []byte { + generator: func(cfg *ifuzzimpl.Config, r *rand.Rand) []byte { gen := makeGen(cfg, r) sel := randSelector(r) - if cfg.Mode == ifuzz.ModeReal16 { + if cfg.Mode == ifuzzimpl.ModeReal16 { sel = uint16(generateInt(cfg, r, 8)) >> 4 } reg := uint8(r.Intn(6)) @@ -169,14 +170,14 @@ func (insnset *InsnSetX86) initPseudo() { }) insnset.Insns = append(insnset.Insns, &Insn{ Name: "PSEUDO_FAR_JMP", - Mode: 1<<ifuzz.ModeLong64 | 1<<ifuzz.ModeProt32 | 1<<ifuzz.ModeProt16, + Mode: 1<<ifuzzimpl.ModeLong64 | 1<<ifuzzimpl.ModeProt32 | 1<<ifuzzimpl.ModeProt16, Priv: true, Pseudo: true, - generator: func(cfg *ifuzz.Config, r *rand.Rand) []byte { + generator: func(cfg *ifuzzimpl.Config, r *rand.Rand) []byte { gen := makeGen(cfg, r) sel := randSelector(r) off := generateInt(cfg, r, 4) - if cfg.Mode == ifuzz.ModeLong64 { + if cfg.Mode == ifuzzimpl.ModeLong64 { gen.mov32toSPaddr(uint32(sel), 0) gen.mov32toSPaddr(uint32(off), 2) if r.Intn(2) == 0 { @@ -190,7 +191,7 @@ func (insnset *InsnSetX86) initPseudo() { } else { gen.byte(0x9a) // lcall $imm16, $imm16/32 } - if cfg.Mode == ifuzz.ModeProt16 { + if cfg.Mode == ifuzzimpl.ModeProt16 { gen.imm16(uint16(off)) } else { gen.imm32(uint32(off)) @@ -202,10 +203,10 @@ func (insnset *InsnSetX86) initPseudo() { }) insnset.Insns = append(insnset.Insns, &Insn{ Name: "PSEUDO_LTR_LLDT", - Mode: 1<<ifuzz.ModeLong64 | 1<<ifuzz.ModeProt32 | 1<<ifuzz.ModeProt16, + Mode: 1<<ifuzzimpl.ModeLong64 | 1<<ifuzzimpl.ModeProt32 | 1<<ifuzzimpl.ModeProt16, Priv: true, Pseudo: true, - generator: func(cfg *ifuzz.Config, r *rand.Rand) []byte { + generator: func(cfg *ifuzzimpl.Config, r *rand.Rand) []byte { gen := makeGen(cfg, r) sel := randSelector(r) gen.mov16(regAX, sel) @@ -219,10 +220,10 @@ func (insnset *InsnSetX86) initPseudo() { }) insnset.Insns = append(insnset.Insns, &Insn{ Name: "PSEUDO_LGIDT", - Mode: 1<<ifuzz.ModeLong64 | 1<<ifuzz.ModeProt32 | 1<<ifuzz.ModeProt16, + Mode: 1<<ifuzzimpl.ModeLong64 | 1<<ifuzzimpl.ModeProt32 | 1<<ifuzzimpl.ModeProt16, Priv: true, Pseudo: true, - generator: func(cfg *ifuzz.Config, r *rand.Rand) []byte { + generator: func(cfg *ifuzzimpl.Config, r *rand.Rand) []byte { gen := makeGen(cfg, r) limit := uint32(generateInt(cfg, r, 2)) base := uint32(generateInt(cfg, r, 4)) @@ -240,10 +241,10 @@ func (insnset *InsnSetX86) initPseudo() { }) insnset.Insns = append(insnset.Insns, &Insn{ Name: "PSEUDO_HYPERCALL", - Mode: 1<<ifuzz.ModeLong64 | 1<<ifuzz.ModeProt32 | 1<<ifuzz.ModeProt16, + Mode: 1<<ifuzzimpl.ModeLong64 | 1<<ifuzzimpl.ModeProt32 | 1<<ifuzzimpl.ModeProt16, Priv: true, Pseudo: true, - generator: func(cfg *ifuzz.Config, r *rand.Rand) []byte { + generator: func(cfg *ifuzzimpl.Config, r *rand.Rand) []byte { gen := makeGen(cfg, r) switch r.Intn(2) { case 0: @@ -280,12 +281,12 @@ const ( ) type generator struct { - mode int + mode ifuzzimpl.Mode r *rand.Rand text []byte } -func makeGen(cfg *ifuzz.Config, r *rand.Rand) *generator { +func makeGen(cfg *ifuzzimpl.Config, r *rand.Rand) *generator { return &generator{ mode: cfg.Mode, r: r, @@ -311,9 +312,9 @@ func (gen *generator) imm64(v uint64) { func (gen *generator) operand16() { switch gen.mode { - case ifuzz.ModeLong64, ifuzz.ModeProt32: + case ifuzzimpl.ModeLong64, ifuzzimpl.ModeProt32: gen.byte(0x66) - case ifuzz.ModeProt16, ifuzz.ModeReal16: + case ifuzzimpl.ModeProt16, ifuzzimpl.ModeReal16: default: panic("bad mode") } @@ -321,8 +322,8 @@ func (gen *generator) operand16() { func (gen *generator) operand32() { switch gen.mode { - case ifuzz.ModeLong64, ifuzz.ModeProt32: - case ifuzz.ModeProt16, ifuzz.ModeReal16: + case ifuzzimpl.ModeLong64, ifuzzimpl.ModeProt32: + case ifuzzimpl.ModeProt16, ifuzzimpl.ModeReal16: gen.byte(0x66) default: panic("bad mode") @@ -331,8 +332,8 @@ func (gen *generator) operand32() { func (gen *generator) addr32() { switch gen.mode { - case ifuzz.ModeLong64, ifuzz.ModeProt32: - case ifuzz.ModeProt16, ifuzz.ModeReal16: + case ifuzzimpl.ModeLong64, ifuzzimpl.ModeProt32: + case ifuzzimpl.ModeProt16, ifuzzimpl.ModeReal16: gen.byte(0x67) default: panic("bad mode") @@ -384,7 +385,7 @@ func (gen *generator) mov32(reg int, v uint32) { } func (gen *generator) mov64(reg int, v uint64) { - if gen.mode != ifuzz.ModeLong64 { + if gen.mode != ifuzzimpl.ModeLong64 { panic("bad mode") } gen.byte(0x48) diff --git a/pkg/ifuzz/x86/x86.go b/pkg/ifuzz/x86/x86.go index 1583040ad..3e3ae845d 100644 --- a/pkg/ifuzz/x86/x86.go +++ b/pkg/ifuzz/x86/x86.go @@ -7,9 +7,9 @@ package x86 import ( - "github.com/google/syzkaller/pkg/ifuzz" - "github.com/google/syzkaller/pkg/ifuzz/ifuzzimpl" "math/rand" + + "github.com/google/syzkaller/pkg/ifuzz/ifuzzimpl" ) type Insn struct { @@ -44,57 +44,48 @@ type Insn struct { VexP int8 Avx2Gather bool - generator func(cfg *ifuzz.Config, r *rand.Rand) []byte // for pseudo instructions + generator func(cfg *ifuzzimpl.Config, r *rand.Rand) []byte // for pseudo instructions } -const ( - typeExec = iota - typePriv - typeUser - typeAll - typeLast -) - type InsnSetX86 struct { - modeInsns [ifuzz.ModeLast][typeLast][]ifuzz.Insn + modeInsns [ifuzzimpl.ModeLast][ifuzzimpl.TypeLast][]ifuzzimpl.Insn Insns []*Insn } func Register(insns []*Insn) { - var insnset InsnSetX86 - - insnset.Insns = insns - if len(insnset.Insns) == 0 { + if len(insns) == 0 { panic("no instructions") } + insnset := &InsnSetX86{ + Insns: insns, + } insnset.initPseudo() - for mode := 0; mode < ifuzz.ModeLast; mode++ { + for mode := ifuzzimpl.Mode(0); mode < ifuzzimpl.ModeLast; mode++ { for _, insn := range insnset.Insns { if insn.Mode&(1<<uint(mode)) == 0 { continue } if insn.Pseudo { - insnset.modeInsns[mode][typeExec] = - append(insnset.modeInsns[mode][typeExec], ifuzz.Insn(insn)) + insnset.modeInsns[mode][ifuzzimpl.TypeExec] = + append(insnset.modeInsns[mode][ifuzzimpl.TypeExec], insn) } else if insn.Priv { - insnset.modeInsns[mode][typePriv] = - append(insnset.modeInsns[mode][typePriv], ifuzz.Insn(insn)) - insnset.modeInsns[mode][typeAll] = - append(insnset.modeInsns[mode][typeAll], ifuzz.Insn(insn)) + insnset.modeInsns[mode][ifuzzimpl.TypePriv] = + append(insnset.modeInsns[mode][ifuzzimpl.TypePriv], insn) + insnset.modeInsns[mode][ifuzzimpl.TypeAll] = + append(insnset.modeInsns[mode][ifuzzimpl.TypeAll], insn) } else { - insnset.modeInsns[mode][typeUser] = - append(insnset.modeInsns[mode][typeUser], ifuzz.Insn(insn)) - insnset.modeInsns[mode][typeAll] = - append(insnset.modeInsns[mode][typeAll], ifuzz.Insn(insn)) + insnset.modeInsns[mode][ifuzzimpl.TypeUser] = + append(insnset.modeInsns[mode][ifuzzimpl.TypeUser], insn) + insnset.modeInsns[mode][ifuzzimpl.TypeAll] = + append(insnset.modeInsns[mode][ifuzzimpl.TypeAll], insn) } } } - - ifuzzimpl.Register(ifuzz.ArchX86, ifuzz.InsnSet(&insnset)) + ifuzzimpl.Arches[ifuzzimpl.ArchX86] = insnset } -func (insnset *InsnSetX86) GetInsns(mode, insntype int) []ifuzz.Insn { - return insnset.modeInsns[mode][insntype] +func (insnset *InsnSetX86) GetInsns(mode ifuzzimpl.Mode, typ ifuzzimpl.Type) []ifuzzimpl.Insn { + return insnset.modeInsns[mode][typ] } func (insn Insn) GetName() string { @@ -113,7 +104,7 @@ func (insn Insn) GetPseudo() bool { return insn.Pseudo } -func generateArg(cfg *ifuzz.Config, r *rand.Rand, size int) []byte { +func generateArg(cfg *ifuzzimpl.Config, r *rand.Rand, size int) []byte { v := generateInt(cfg, r, size) arg := make([]byte, size) for i := 0; i < size; i++ { @@ -123,8 +114,8 @@ func generateArg(cfg *ifuzz.Config, r *rand.Rand, size int) []byte { return arg } -func (insn Insn) IsCompatible(cfg *ifuzz.Config) bool { - if cfg.Mode < 0 || cfg.Mode >= ifuzz.ModeLast { +func (insn Insn) IsCompatible(cfg *ifuzzimpl.Config) bool { + if cfg.Mode < 0 || cfg.Mode >= ifuzzimpl.ModeLast { panic("bad mode") } if insn.Priv && !cfg.Priv { @@ -139,7 +130,7 @@ func (insn Insn) IsCompatible(cfg *ifuzz.Config) bool { return true } -func generateInt(cfg *ifuzz.Config, r *rand.Rand, size int) uint64 { +func generateInt(cfg *ifuzzimpl.Config, r *rand.Rand, size int) uint64 { if size != 1 && size != 2 && size != 4 && size != 8 { panic("bad arg size") } @@ -154,7 +145,7 @@ func generateInt(cfg *ifuzz.Config, r *rand.Rand, size int) uint64 { case x < 30: v = uint64(r.Int63()) case x < 40: - v = ifuzz.SpecialNumbers[r.Intn(len(ifuzz.SpecialNumbers))] + v = ifuzzimpl.SpecialNumbers[r.Intn(len(ifuzzimpl.SpecialNumbers))] if r.Intn(5) == 0 { v += uint64(r.Intn(33)) - 16 } diff --git a/prog/rand.go b/prog/rand.go index bc23ed427..a78f7e343 100644 --- a/prog/rand.go +++ b/prog/rand.go @@ -13,9 +13,6 @@ import ( "strings" "github.com/google/syzkaller/pkg/ifuzz" - "github.com/google/syzkaller/pkg/ifuzz/ifuzzimpl" - _ "github.com/google/syzkaller/pkg/ifuzz/powerpc/generated" // pull in generated instruction descriptions - _ "github.com/google/syzkaller/pkg/ifuzz/x86/generated" // pull in generated instruction descriptions ) const ( @@ -428,7 +425,7 @@ func (r *randGen) generateText(kind TextKind) []byte { switch kind { case TextTarget: if cfg := createTargetIfuzzConfig(r.target); cfg != nil { - return ifuzzimpl.Generate(cfg, r.Rand) + return ifuzz.Generate(cfg, r.Rand) } fallthrough case TextArm64: @@ -440,7 +437,7 @@ func (r *randGen) generateText(kind TextKind) []byte { return text default: cfg := createIfuzzConfig(kind) - return ifuzzimpl.Generate(cfg, r.Rand) + return ifuzz.Generate(cfg, r.Rand) } } @@ -448,14 +445,14 @@ func (r *randGen) mutateText(kind TextKind, text []byte) []byte { switch kind { case TextTarget: if cfg := createTargetIfuzzConfig(r.target); cfg != nil { - return ifuzzimpl.Mutate(cfg, r.Rand, text) + return ifuzz.Mutate(cfg, r.Rand, text) } fallthrough case TextArm64: return mutateData(r, text, 40, 60) default: cfg := createIfuzzConfig(kind) - return ifuzzimpl.Mutate(cfg, r.Rand, text) + return ifuzz.Mutate(cfg, r.Rand, text) } } |