| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
Add package with RaceEnabled const that can be used in test
to skip long tests in race mode.
Switch existing tests to use the new package.
Update #2886
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
To be able to collide specific syscalls more precisely, we need to
repeat the process many times.
Introduce the `rerun` call property, which instructs `syz-executor` to
repeat the call the specified number of times. The intended use is:
call1() (rerun: 100, async)
call2() (rerun: 100)
For now, assign rerun values randomly to consecutive pairs of calls,
where the first one is async.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Replace the currently existing straightforward approach to race triggering
(that was almost entirely implemented inside syz-executor) with a more
flexible one.
The `async` call property instructs syz-executor not to block until the
call has completed execution and proceed immediately to the next call.
The decision on what calls to mark with `async` is made by syz-fuzzer.
Ultimately this should let us implement more intelligent race provoking
strategies as well as make more fine-grained reproducers.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently csource skips calls at the very last moment, which has an
unpleasant consequence - if we make choice of enabled defines depend on
the individual calls or call properties, we may end up with defined yet
unused functions.
The perfect solution would be to untie
syz_emit_ethernet/syz_extract_tcp_res and NetInjection, and also to
untie VhciInjection and syz_emit_vhci.
For the time being, move these checks to the very beginning of csource
processing, so that these calls could be removed before we construct our
defines.
Adjust pkg/csource/csource_test.go to better cover fault injection
generation problems.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Now that call properties mechanism is implemented, we can refactor
fault injection.
Unfortunately, it is impossible to remove all traces of the previous apprach.
In reprolist and while performing syz-ci jobs, syzkaller still needs to
parse the old format.
Remove the old prog options-based approach whenever possible and replace
it with the use of call properties.
|
| |
|
|
|
|
|
|
| |
HandleSegv can radically increase compilation time/memory consumption on large programs.
For example, for one program captured from this test enabling HandleSegv increases
compilation time from 1.94s to 104.73s and memory consumption from 136MB to 8116MB.
This leads to CI failures on #2688.
Don't enable HandleSegv in short tests.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Represent array[const[X, int8], N] as string["XX...X"].
This replaces potentially huge number of:
NONFAILING(*(uint8_t*)0x2000126c = 0);
NONFAILING(*(uint8_t*)0x2000126d = 0);
NONFAILING(*(uint8_t*)0x2000126e = 0);
with a single memcpy. In one reproducer we had 3991 such lines.
Also replace memcpy's with memset's when possible.
Update #1070
|
| |
|
|
|
|
| |
Add some tests that verify source we get for various programs.
Update #1070
|
| |
|
|
|
|
|
| |
Need to check arch requirement early as some programs
may fail to deserialize on some arches due to missing syscalls.
See discussion on #2380.
Also support negative arch requirements (-arch=amd64).
|
| |
|
|
|
|
| |
Add sys/targets.Timeouts struct that parametrizes timeouts throughout the system.
The struct allows to control syscall/program/no output timeouts for OS/arch/VM/etc.
See comment on the struct for more details.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
We use strings to identify OS/Arch.
These strings are duplicated throughout the code base massively.
golangci-lint points to possiblity of typos and duplication.
We already had to define these names in pkg/csource
and disable checking for prog package. A future change triggers
such warnings in another package.
Add OS/Arch name consts to sys/targets so that they can be used
to refer to OS/Arch. Use the consts everywhere.
|
| |
|
|
|
|
| |
syz_mount_image tests are very large and TestSysTests takes too long.
syz-imagegen that generates them does some of this testing
(Deserialize/SerializeForExec).
|
| |
|
|
|
|
|
| |
Move the test from pkg/csource to executor/
in order to be able to (1) run it on *.cc files,
(2) run on unprocessed *.h files, (3) produce line numbers.
Add a check for missed space after //.
|
| |
|
|
|
|
|
|
|
| |
1. We don't generally use /* */ block comments,
few precedents we have are inconsistent with the rest of the code.
2. pkg/csource does not strip them from the resulting code.
Remove the cases we have and add a test to prevent new ones being added.
|
| |
|
|
| |
Points to bad empty lines very precisely.
|
| |
|
|
|
|
| |
Tests run for too long.
1. Check only 1 arch per OS in short mode.
2. Dedup options. Turns out we generated 2x duplicates in allOptionsSingle.
|
| |
|
|
|
|
|
|
|
| |
Renamed Target.BrokenCrossCompiler to Target.BrokenCompiler and
Target.CrossCFlags to Target.CFlags
"Everything in Target is about Cross now."
Signed-off-by: Alexander Potapenko <glider@google.com>
|
| | |
|
| |
|
|
|
|
|
|
| |
In preparation to running some tests as github actions.
Both Travis and Github define CI env var, while TRAVIS is, well,
too Travis-specific.
Update #1699
|
| |
|
|
|
| |
Update #477
Update #502
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
1. Detect when compiler is present, but is not functioning
(can't build a simple program, common for Linux distros).
2. Be more strict with skipping tests due to missing/broken compilers on CI
(on CI they should work, so fail loudly if not).
3. Dedup this logic across syz-env and pkg/csource tests.
4. Add better error reporting for syz-env.
Fixes #1606
|
| |
|
|
|
|
|
| |
We print whole reproducer programs on failure,
if lots of programs fail, this results in thousands
of lines of output, which is esp bad on travis.
Limit amount of output.
|
| | |
|
| | |
|
| |
|
|
|
| |
Test presence of a working compiler before running any tests for a target.
This helps to make tests pass even if some cross-compilers are not installed properly.
|
| |
|
|
|
|
|
|
|
|
|
| |
OpenBSD instance failed with:
--- FAIL: TestSysTests (12.50s)
--- FAIL: TestSysTests/linux/386 (0.16s)
csource_test.go:145: failed to generate C source for ../../sys/linux/test/binder: cpp failed: exec: "cant-build-linux-on-openbsd": executable file not found in $PATH
...
Skip unsupported cross-builds in TestSysTests.
|
| |
|
|
|
|
| |
Running sys/*/test programs requires real machines and kernels for each OS.
We can't do that in unit tests, but at least try to deserialize these programs
so that they don't get rotten.
|
| |
|
|
| |
This hacky way to install 386 packages seems to unbreak executor build.
|
| |
|
|
| |
arm build seems to work now on Travis since we switched to xenial.
|
| |
|
|
| |
Update #977
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The added test triggers warnings like these:
<stdin>: In function ‘syz_mount_image.constprop’:
<stdin>:298:3: error: argument 1 null where non-null expected [-Werror=nonnull]
In file included from <stdin>:26:0:
/usr/include/x86_64-linux-gnu/sys/stat.h:320:12: note: in a call to function ‘mkdir’ declared here
extern int mkdir (const char *__path, __mode_t __mode)
^~~~~
cc1: all warnings being treated as errors
<stdin>: In function ‘syz_open_procfs.constprop’:
<stdin>:530:41: error: ‘%s’ directive argument is null [-Werror=format-truncation=]
<stdin>:85:110: note: in definition of macro ‘NONFAILING’
<stdin>:532:41: error: ‘%s’ directive argument is null [-Werror=format-truncation=]
<stdin>:85:110: note: in definition of macro ‘NONFAILING’
<stdin>:534:41: error: ‘%s’ directive argument is null [-Werror=format-truncation=]
<stdin>:85:110: note: in definition of macro ‘NONFAILING’
Use volatile for all arguments of syz_ functions to prevent
compiler from treating the arguments as constants in reproducers.
Popped up during bisection that used a repro that previously worked.
Update #501
|
| |
|
|
|
| |
Don't use random seed on travis as it produces flaky coverage reports,
and probably generally better for CI setting.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I think I misinterpreted the error that episodically happens on ci:
collect2: error: ld terminated with signal 11 [Segmentation fault], core dumped
compiler invocation: aarch64-linux-gnu-gcc [-Wall -Werror -O1 -g -o /tmp/syz-executor570589071 -pthread -DGOOS_linux=1 -DGOARCH_arm64=1 -x c - -static]
as OOM, but they all involve aarch64-linux-gnu-gcc:
https://travis-ci.org/google/syzkaller/jobs/461827347
https://travis-ci.org/google/syzkaller/jobs/460226110
https://travis-ci.org/google/syzkaller/jobs/463564291
So I guess the problem can be with the arm64 toolchain that just crashes randomly.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
pkg/csource test gets OOM-killed on travis:
https://travis-ci.org/google/syzkaller/jobs/461827347
https://travis-ci.org/google/syzkaller/jobs/460226110
Add several measures:
- set GOMAXPROCS=1 to restrict parallel processes
- remove -g from compiler invocation
- reduce set of tests run in short mode to compensate for GOMAXPROCS=1
- also reduce set of tests in full mode as they timeout now
|
| | |
|
| |
|
|
|
|
|
|
| |
We can't cross-compile native binaries from just any OS to any other.
For most OSes we can do only native compilation.
Some can only be compiled from linux.
To date we avoided this problem completely (mostly assumed linux build OS).
Make this notion of what can build what explicit.
|
| |
|
|
| |
The tests are currently broken on openbsd.
|
| |
|
|
| |
Test OS fails the same was as linux on travis.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Make as much code as possible shared between all OSes.
In particular main is now common across all OSes.
Make more code shared between executor and csource
(in particular, loop function and threaded execution logic).
Also make loop and threaded logic shared across all OSes.
Make more posix/unix code shared across OSes
(e.g. signal handling, pthread creation, etc).
Plus other changes along similar lines.
Also support test OS in executor (based on portable posix)
and add 4 arches that cover all execution modes
(fork server/no fork server, shmem/no shmem).
This change paves way for testing of executor code
and allows to preserve consistency across OSes and executor/csource.
|
| |
|
|
| |
Lots of assorted heavylifting to support csource on fuchsia.
|
| |
|
|
|
|
| |
In most cases we have source in memory,
so provide a function to build right from memory
without creating temp files.
|
| |
|
|
|
|
|
| |
The test times out on travis:
https://travis-ci.org/google/syzkaller/jobs/375965899
https://travis-ci.org/google/syzkaller/jobs/375965900
|
| | |
|
| |
|
|
| |
Fix typos, non-canonical code, remove dead code, etc.
|
| |
|
|
|
|
| |
We have them in linux solely for historical reasons.
Fixes #462
|
| |
|
|
|
| |
Also move options and options tests into a separate file,
add serialization function.
|
| |
|
|
| |
For now we just make Go part build for freebsd.
|
| | |
|
| |
|
|
| |
Another attempt to fix travis build.
|
