| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Remove executor_pid, enable_tun and setup_tun.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
1. mmap all memory always, without explicit mmap calls in the program.
This makes lots of things much easier and removes lots of code.
Makes mmap not a special syscall and allows to fuzz without mmap enabled.
2. Change address assignment algorithm.
Current algorithm allocates unmapped addresses too frequently
and allows collisions between arguments of a single syscall.
The new algorithm analyzes actual allocations in the program
and places new arguments at unused locations.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The "define uint64_t unsigned long long" were too good to work.
With a different toolchain I am getting:
cstdint:69:11: error: expected unqualified-id
using ::uint64_t;
^
executor/common.h:34:18: note: expanded from macro 'uint64_t'
Do it the proper way: introduce uint64/32/16/8 types and use them.
pkg/csource then does s/uint64/uint64_t/ to not clutter code with
additional typedefs.
|
| |
|
|
|
|
|
| |
We use exitf on loop failures, anbd exitf is retry-able.
However, we use different status when replying to ipc,
and that different status is what ipc actually uses.
Use kRetryStatus status in case on unexpected loop failures.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I see a crash which says:
#0: too much cover 0 (errno 0)
while the code is:
uint64_t n = ...;
if (n >= kCoverSize)
fail("#%d: too much cover %u", th->id, n);
It seems that the high part of n is set, but we don't see it.
Add printf format attribute to fail and friends and fix all similar cases.
Caught a bunch of similar cases and a missing argument in:
exitf("opendir(%s) failed due to NOFILE, exiting");
|
| |
|
|
|
|
|
|
| |
Currently csource uses completely different, simpler way of scheduling
syscalls onto threads (thread per call with random sleeps).
Mimic the way calls are scheduled in executor.
Fixes #312
|
| |
|
|
|
|
|
| |
__NR_mmap is missing on arm entirely,
so we disable mmap during generate.
Patch mmap to mmap2 right in syz-extract,
so that mmap is never missing.
|
| | |
|
| | |
|
| |
|
|
|
|
| |
executor: changed kOutputDataAddr so that it works on 32-bit kernels
executor: simplified ifdefs for arm in executor_linux.cc
executor: removed empty lines that were accidentally added.
|
| |
|
|
|
|
|
|
| |
When comparisons are enabled fuzzer somehow manages to discover
the output region and corrupt it. It seems to fetch the address
from some memory operations (mmap/munmap).
Don't leak the output region address.
|
| |
|
|
|
|
|
| |
1. remove workaround for pthread attrs (was fixed in akaros)
2. remove workaround for dup2 (was fixed in akaros)
3. check that we receive a program
4. implement timeout for test processes
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We currently use more complex and functional protocol on linux,
and a simple ad-hoc protocol on other OSes.
This leads to code duplication in both ipc and executor.
Linux supports coverage, shared memory communication and fork server,
which would also be useful for most other OSes.
Unify communication protocol and parametrize it by
(1) use of shmem or only pipes, (2) use of fork server.
This reduces duplication in ipc and executor and will
allow to support the useful features for other OSes easily.
Finally, this fixes akaros support as it currently uses
syz-stress running on host (linux) and executor running on akaros.
|
| | |
|
| | |
|
| |
|
|
|
|
| |
Nothing works, but builds.
Update #191
|
|
|
Update #191
|
