| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
Copy everything that might be important during execution on other
kernels/VM pools. Add a test to verify it.
The functionality is actively used to clone requests in the diff fuzzer.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We query globs for 2 reasons:
1. Expand glob types in syscall descriptions.
2. Dynamic file probing for automatic descriptions generation.
In both of these contexts are are interested in files
that will be present during test program execution
(rather than normal unsandboxed execution).
For example, some files may not be accessible to test programs
after pivot root. On the other hand, we create and link
some additional files for the test program that don't
normally exist.
Add a new request type for querying of globs that are
executed in the test program context.
|
| |
|
|
|
|
|
|
| |
Add corpus triage mode and support it in testbed.
This is useful to benchmark just the triage phase
w/o any subsequent fuzzing. First, fuzzing is more random.
Second, if triage duration is different in different versions,
then they will do different amount of fuzzing in fixed testbed time.
|
| |
|
|
|
|
| |
We don't need the full priority queue functionality anymore. For our
purposes it's enough to only enforce the order between the elements of
different sub-queues.
|
|
|
Instead of relying on a fuzzer-internal priority queue, utilize
stackable layers of request-generating steps.
Move the functionality to a separate pkg/fuzzer/queue package.
The pkg/fuzzer/queue package can be reused to add extra processing
layers on top of the fuzzing and to combine machine checking and fuzzing
execution pipelines.
|
