| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Helps to understand what program caused it.
|
| |
|
|
|
|
|
|
|
|
| |
Generated program always uses pid=0 even when there are multiple processes.
Make each process use own pid.
Unfortunately required to do quite significant changes to prog,
because the current format only supported fixed pid.
Fixes #490
|
| |
|
|
|
|
|
|
|
|
|
| |
syz-fuzzer organically grew from a small nice main function
into a huge single-file monster with tons of global state.
Start refactoring it into something more managable.
This change separates 2 things:
1. Proc: a single fuzzing process (ipc.Env wrapper).
2. WorkQueue: holds global non-fuzzing work items.
More work needed, but this is good first step.
|
| |
|
|
|
|
|
| |
Currently threaded/collide are global environment flags.
It can be useful to turn off collider during some executions
(minimization, triage, etc).
Make them per-program options.
|
| |
|
|
|
|
|
| |
Boot and minimally test images before declaring them as good
and switching to using them.
If image build/boot/test fails, upload report about this to dashboard.
|
| |
|
|
|
|
| |
When manager is stopped there are sometimes runaway qemu
processes still running. Set PDEATHSIG for all subprocesses.
We never need child processes outliving parents.
|
| |
|
|
| |
if/else branches are intermixed
|
| |
|
|
|
| |
It seems to explode linux corpus.
So make it freebsd-specific.
|
| |
|
|
|
|
|
| |
Use forkserver and shmem for freebsd.
This greatly improves speed.
Also introduce fallback coverage signal based
on unique (syscall+errno) pairs.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We currently use more complex and functional protocol on linux,
and a simple ad-hoc protocol on other OSes.
This leads to code duplication in both ipc and executor.
Linux supports coverage, shared memory communication and fork server,
which would also be useful for most other OSes.
Unify communication protocol and parametrize it by
(1) use of shmem or only pipes, (2) use of fork server.
This reduces duplication in ipc and executor and will
allow to support the useful features for other OSes easily.
Finally, this fixes akaros support as it currently uses
syz-stress running on host (linux) and executor running on akaros.
|
| |
|
|
|
|
| |
Currently we always send 2MB of data to executor in ipc_simple.go.
Send only what's consumed by the program, and don't send the trailing zeros.
Serialized programs usually take only few KBs.
|
| |
|
|
|
| |
This claimed to be fixed:
https://fuchsia.atlassian.net/browse/DNO-158
|
| |
|
|
|
|
| |
We currently return raw error, so sometimes it's hard to tell
even what call produced the error (e.g. just "invalid argument").
Extend the error so that it's clear that it comes from cmd.Start.
|
| |
|
|
| |
For now we just make Go part build for freebsd.
|
| |
|
|
|
| |
Abs does not work on fuchsia only, use it on windows.
Also maintain stats.
|
| | |
|
| | |
|
| |
|
|
|
|
| |
Nothing works, but builds.
Update #191
|
| |
|
|
| |
Update #191
|
| | |
|
| |
|
|
|
|
| |
Now each prog function accepts the desired target explicitly.
No global, implicit state involved.
This is much cleaner and allows cross-OS/arch testing, etc.
|
| |
|
|
|
| |
Add target config parameter (e.g. linux/amd64) which controls target OS/arch.
No more explicit assumptions about target.
|
| |
|
|
|
|
|
|
|
|
|
| |
Large overhaul moves syscalls and arg types from sys to prog.
Sys package now depends on prog and contains only generated
descriptions of syscalls.
Introduce prog.Target type that encapsulates all targer properties,
like syscall list, ptr/page size, etc. Also moves OS-dependent pieces
like mmap call generation from prog to sys.
Update #191
|
| |
|
|
|
| |
Now executor is able to read comparisons data from KCOV and write them
to fuzzer.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We have implemented a new version of KCOV, which is able to dump
comparison operands' data, obtained from Clang's instrumentation hooks
__sanitizer_cov_trace_cmp[1248], __sanitizer_cov_trace_const_cmp[1248]
and __sanitizer_cov_trace_switch.
Current KCOV implementation can work in two modes: "Dump only the PCs"
or "Dump only comparisons' data". Mode selection is done by the
following series of calls:
fd = open(KCOV_PATH, ...); // works as previous
ioctl(fd, KCOV_INIT_TRACE, ...); // works as previous
mmap(fd, ...); // works as previous
ioctl(fd, KCOV_ENABLE, mode);
// mode = KCOV_MODE_TRACE_CMP or mode = KCOV_MODE_TRACE_PC
Note that this new interface is backwards compatible, as old KCOV
devices will just return -EINVAL for the last ioctl. This way we can
distinguish if the KCOV device is able to dump the comparisons.
Main changes in this commit:
1. Fuzzer now checks at startup which type (new/old) of KCOV device
is running.
2. Executor now receives an additional flag, which indicates if
executor should read the comparisons data from KCOV. The flag works on
per-call basis, so executor can collect PCs or Comps for each
individual syscall.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently we have unix permissions for new files/dirs
hardcoded throughout the code base. Some places use 0644,
some - 0640, some - 0600 and a variety of other constants.
Introduce osutil.MkdirAll/WriteFile that use the default
permissions and use them throughout the code base.
This makes permissions consistent and also allows to easily
change the permissions later if we change our minds.
Also merge pkg/fileutil into pkg/osutil as they become
dependent on each other. The line between them was poorly
defined anyway as both operate on files.
|
| |
|
