| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Don't consider syscalls that return resources in unions/arrays as constructors.
Unions and arrays are problematic because we don't have directed generation
in prog.randGen.createResource() and can fail to generate a syscall that
returns a particular resource (generate a wrong union option that does not
contain the necessary resource). This leads to the following panics:
panic: failed to create a resource ifindex with ioctl$sock_SIOCGIFCONF
Require each resource to have a constructor syscall that returns the resource
outside of unions/arrays.
|
| |
|
|
|
|
| |
Direction attributes on unions work in a confusing way and don't do
what users may think they do. Now we have out_overlay attribute
for structs that allows to have overlapping input and output fields.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* all: add new typename dirname
The current way to check files under sysfs or proc is:
- define a string to represent each file
- open the file
- pass the fd to write / read / close
The issues above are:
- Need to know what file present on target device
- Need to write openat for each file
With dirname added, which will open one file
in the directory randomly and then pass the fd to
write/read/close.
* all: use typename glob to match filename
Fixes #481
|
| |
|
|
|
|
| |
File types that we don't format automatically can end up
with such basic untidiness as trailing whitespaces.
Check for these. Remove all existing precedents.
|
| | |
|
| |
|
|
|
| |
* docs: add explanation of flags type
* Apply suggestions from code review
Co-authored-by: Marco Elver <marco.elver@gmail.com>
|
| | |
|
| |
|
|
| |
https://github.com/google/syzkaller/pull/1797
|
| |
|
|
|
|
|
| |
- Give some extra clarifications and examples about resources in syscall
descriptions.
- More details about how to use the "enable_syscalls" option.
- Mention pseudo-syscalls in the general syscall description doc file.
|
| | |
|
| |
|
|
|
| |
We had these hard-coded for fuchsia and linux accordingly.
Replace with call attributes.
|
| |
|
|
|
|
|
| |
Move additional call/prog timeouts to descriptions.
Due to this logic duplication executor used 50ms
for syz_mount_image, while pkg/csource used 100ms.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Introduce common infrastructure for describing and parsing attribute
instead of custom per-attribute code scattered across several locations.
Change align attribute syntax from the weird align_N to align[N].
This also allows to use literal constants as N.
Introduce notion of builtin constants.
Currently we have only PTR_SIZE, which is needed to replace
align_ptr with align[PTR_SIZE].
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The stringnozescapes does not make sense with filename,
also we may need similar escaping for string flags.
Handle escaped strings on ast level instead.
This avoids introducing new type and works seamleassly with flags.
As alternative I've also tried using strconv.Quote/Unquote
but it leads to ugly half-escaped strings:
"\xb0\x80s\xe8\xd4N\x91\xe3ڒ,\"C\x82D\xbb\x88\\i\xe2i\xc8\xe9\xd85\xb1\x14):M\xdcn"
Make hex-encoded strings a separate string format instead.
|
| |
|
|
|
| |
This adds stringnozescapes to allow parsing of escape sequences in
strings.
|
| |
|
|
| |
On popular request...
|
| |
|
|
|
|
| |
It is a real language. We have a real compiler. It deserves a name.
Also useful for shorter references.
I hereby give it a name: syzlang.
|
| |
|
|
| |
Signed-off-by: Paul Chaignon <paul.chaignon@orange.com>
|
| |
|
|
|
|
|
|
|
| |
Enables the syntax intN[start:end, alignment] for integer ranges. For
instance, int32[0:10, 2] represents even 32-bit numbers between 0 and 10
included. With this change, two NEED tags in syscall descriptions can be
addressed.
Signed-off-by: Paul Chaignon <paul.chaignon@orange.com>
|
| |
|
|
| |
ptr has direction as the first argument.
|
| |
|
|
|
|
| |
Similar to C offsetof gives offset of a field
from the beginning of the parent struct.
We have several TODOs in descriptions asking for this.
|
| |
|
|
| |
This allows to use len[syscall:arg] expressions.
|
| |
|
|
|
|
|
|
|
|
| |
This change adds compiler support for complex path
expressions in len targets. E.g. it allows to refer
to a sibling field as len[parent_struct:field:another_field].
See the docs change for details.
This is just a compiler change.
The feature is not yet supported by the prog package.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
Ptr type has special handling of direction (pointers are always input).
But buffer type missed this special case all the time.
Make buffer less special by aliasing to the ptr[array[int8]] type.
As the result buffer type can't have optional trailing "opt" attribute
because we don't have such support for templates yet.
Change such cases to use ptr type directly.
Fixes #1097
|
| |
|
|
|
|
|
|
| |
* Update syscall_descriptions_syntax.md
* Update syscall_descriptions_syntax.md
* Update syscall_descriptions_syntax.md
|
| | |
|
| |
|
|
| |
8-byte vma is needed in several places in linux descriptions.
|
| |
|
|
|
|
| |
Currently we have to use 0xffffffffffffffff to represent -1,
and we can't express e.g. -20:20 int range.
Support negative consts to fix both problems.
|
| |
|
|
|
| |
fmt type allows to convert intergers and resources
to string representation.
|
| |
|
| |
extend resource description
|
| |
|
| |
clarify size of intptr
|
| |
|
|
|
|
|
| |
type optional[T] [
val T
void void
] [varlen]
|
| |
|
|
|
|
|
| |
Frequently it's useful to do something like:
int8['a':'z']
punctuation = ',', '-', ':'
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Now file names become:
string[filename]
with a possibility of using other string features:
stringnoz[filename]
string[filename, CONST_SIZE]
and filename is left as type alias as it is commonly used:
type filename string[filename]
|
| |
|
|
| |
Sometimes filenames are embed into structs and need to take fixed space.
|
| |
|
|
| |
The size attribute allows to pad a struct up to the specified size.
|
| |
|
|
| |
Add stringnoz type.
|
| |
|
|
|
|
| |
"void": type with static size 0
mostly useful inside of templates and varlen unions
can't be syscall argument
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Netlink descriptions contain tons of code duplication,
and need much more for proper descriptions. Introduce
type templates to simplify writing such descriptions
and remove code duplication.
Note: type templates are experimental, have poor error handling
and are subject to change.
Type templates can be declared as follows:
```
type buffer[DIR] ptr[DIR, array[int8]]
type fileoff[BASE] BASE
type nlattr[TYPE, PAYLOAD] {
nla_len len[parent, int16]
nla_type const[TYPE, int16]
payload PAYLOAD
} [align_4]
```
and later used as follows:
```
syscall(a buffer[in], b fileoff[int64], c ptr[in, nlattr[FOO, int32]])
```
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds builtin:
type bool8 int8[0:1]
type bool16 int16[0:1]
type bool32 int32[0:1]
type bool64 int64[0:1]
type boolptr intptr[0:1]
We used to use just int's for bools.
But bool types provide several advantages:
- make true/false probability equal
- improve description expressiveness
- reduce search space (we will take advantage of this later)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Complex types that are often repeated can be given short type aliases using the
following syntax:
```
type identifier underlying_type
```
For example:
```
type signalno int32[0:65]
type net_port proc[20000, 4, int16be]
```
Then, type alias can be used instead of the underlying type in any contexts.
Underlying type needs to be described as if it's a struct field, that is,
with the base type if it's required. However, type alias can be used as syscall
arguments as well. Underlying types are currently restricted to integer types,
`ptr`, `ptr64`, `const`, `flags` and `proc` types.
|
| |
|
|
| |
This is need for few crypto/xfrm descriptions.
|
| | |
|
| |
|
|
|
|
| |
ptr64 is like ptr, but always takes 8 bytes of space.
Needed for some APIs. Unfortunately, most of these APIs
use buffer type, so we can't use ptr64 immidiately.
|
| |
|
|
|
|
| |
Move most of the logic from sysgen to pkg/compiler.
Update #217
|
