syz - Unnamed repository; edit this file 'description' to name the repository.

	Commit message (Collapse)	Author	Age	Files	Lines
*	pkg/clangtool: make more generic	Dmitry Vyukov	2025-11-17	1	-1/+2
\| \| \| \|	Make it possible to use pkg/clangtool with other types than declextract.Output.
*	tools/syz-declextract: ignore files with non US-ASCII chars	Dmitry Vyukov	2025-04-15	1	-0/+7
\|
*	pkg/declextract: add open fileops callback to interface list	Dmitry Vyukov	2025-04-15	1	-1/+5
\| \| \| \| \| \|	Add open callback if there are no other unique callbacks. This happens for e.g. seq files which only have unique open, while read is a common seq_read callback.
*	pkg/declextract: more precise fileops callback resolution	Dmitry Vyukov	2025-04-15	1	-47/+53
\| \| \| \| \| \|	Use resolved Function references instead of string names for fileops callback resolution. Function names are not unique, a number of callbacks have the same names.
*	tools/syz-declextract: extract function references more precisely	Dmitry Vyukov	2025-04-15	1	-8/+2
\| \| \| \| \| \|	Currently we misparse some function references, e.g. for: .write = (foo) ? bar : baz, we extract "foo". Extract first function reference from such expressions.
*	tools/syz-declextract: export info about file ops interfaces	Dmitry Vyukov	2025-04-11	1	-14/+59
\|
*	tools/syz-declextract: refine arg types for syscall variants	Dmitry Vyukov	2025-04-09	1	-6/+16
\| \| \| \| \| \|	Use scope-based dataflow analysis for syscall variants (including ioctls). As the result we only consider code that relates to a partiuclar command/ioctl, and can infer arguments/return types for each command/ioctl independently.
*	tools/syz-declextract: support function scopes	Dmitry Vyukov	2025-01-22	1	-15/+32
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Extract info about function scopes formed by switch'es on function arguments. For example if we have: void foo(..., int cmd, ...) { ... switch (cmd) { case FOO: ... block 1 ... case BAR: ... block 2 ... } ... } We record that any data flow within block 1 is only relevant when foo's arg cmd has value FOO, similarly for block 2 and BAR. This allows to do 3 things: 1. Locate ioctl commands that are switched on within transitively called functions. 2. Infer return value for each ioctl command. 3. Infer argument type when it's not specified in _IO macro. This will also allow to infer other multiplexed syscalls. Descriptions generated on Linux commit c4b9570cfb63501.
*	pkg/ifaceprobe: optimize cache	Dmitry Vyukov	2024-12-12	1	-5/+1
\| \| \| \| \| \| \|	Instead of storing real PC values store indexes into the PCs table. This significantly reduces size of the cache (in my case from 1823 MB to 473 MB) and actually makes use of the cache simpler (don't need separate map).
*	pkg/declextract: reduce cyclomatic complexity	Dmitry Vyukov	2024-12-11	1	-96/+108
\| \| \| \| \|	Linter points to very large cyclomatic complexity/length of some functions. Fix that.
*	pkg/declextract: generated single openat for all related files	Dmitry Vyukov	2024-12-11	1	-26/+9
\|
*	tools/syz-declextract: generate file_operations descriptions	Dmitry Vyukov	2024-12-11	1	-0/+256
	Emit descriptions for special files in /dev, /sys, /proc, and ./. pkg/declextract combines file_operations info produced by the clang tool with the dynamic probing info produced by pkg/ifaceprobe in order to produce complete descriptions for special files.