aboutsummaryrefslogtreecommitdiffstats
path: root/pkg
Commit message (Collapse)AuthorAgeFilesLines
* syz-manager: add comment explaining why we don't set corrupted for reprosDmitry Vyukov2018-01-101-0/+24
|
* syz-fuzzer: improve kmemleak supportDmitry Vyukov2018-01-097-7/+60
| | | | | | | | Don't print object size (can change from kernel to kernel and from config to config). Fix function extraction regexp (must be non-eager). Account for MSECS_MIN_AGE. Ignore some known false positives.
* pkg/report: ignore kernel/workqueue.c as guilty fileDmitry Vyukov2018-01-082-2/+2
|
* pkg/compiler: add builtin bool type aliasesDmitry Vyukov2018-01-085-12/+37
| | | | | | | | | | | | | | | | This adds builtin: type bool8 int8[0:1] type bool16 int16[0:1] type bool32 int32[0:1] type bool64 int64[0:1] type boolptr intptr[0:1] We used to use just int's for bools. But bool types provide several advantages: - make true/false probability equal - improve description expressiveness - reduce search space (we will take advantage of this later)
* pkg/compiler: make signalno a type aliasDmitry Vyukov2018-01-081-19/+0
| | | | | | | We don't need compiler support for such things anymore, now we simply can do: type signalno int32[0:65]
* sys: support type aliases (aka typedefs)Dmitry Vyukov2018-01-0812-116/+302
| | | | | | | | | | | | | | | | | | | | | | Complex types that are often repeated can be given short type aliases using the following syntax: ``` type identifier underlying_type ``` For example: ``` type signalno int32[0:65] type net_port proc[20000, 4, int16be] ``` Then, type alias can be used instead of the underlying type in any contexts. Underlying type needs to be described as if it's a struct field, that is, with the base type if it's required. However, type alias can be used as syscall arguments as well. Underlying types are currently restricted to integer types, `ptr`, `ptr64`, `const`, `flags` and `proc` types.
* pkg/report: add few more test cases where we failDmitry Vyukov2018-01-083-0/+297
|
* pkg/report: add tests where we produce bad titleDmitry Vyukov2018-01-063-0/+245
|
* prog: support opt for proc typesDmitry Vyukov2018-01-062-5/+5
|
* pkg/compiler: add bitsize typeDmitry Vyukov2018-01-062-5/+9
| | | | This is need for few crypto/xfrm descriptions.
* pkg/ipc: always prepend handshake errors with executor pidDmitry Vyukov2018-01-061-6/+4
| | | | Helps to understand what program caused it.
* pkg/csource: fix build of generated filesDmitry Vyukov2018-01-061-1/+1
| | | | | | | | | On another machine both clang and gcc produce: test.c:163:32: error: invalid suffix "+procid" on integer constant *(uint32_t*)0x20001004 = 0x25dfdbfe+procid*4; Not sure why this wasn't caught on buildbot.
* pkg/report: add few tests where we mis-detect title/guilty fileDmitry Vyukov2018-01-064-0/+439
|
* pkg/report: don't treat CONFIG_DEBUG_OBJECTS debug output as bugsDmitry Vyukov2018-01-062-0/+4
|
* sys/linux: fix some copy-paste errorsDmitry Vyukov2017-12-281-0/+59
|
* pkg/email: don't add <> to email when name is emptyDmitry Vyukov2017-12-282-2/+24
| | | | Just unnecessary clutter.
* pkg/csource: tidy up generated code a bitDmitry Vyukov2017-12-272-16/+26
| | | | | | | Remove dup newlines around includes. Makes int values shorter if not hurting readability. Increase line len to 80. Remove {} when not needed during copyout.
* executor: introduce uint64/32/16/8 typesDmitry Vyukov2017-12-275-165/+187
| | | | | | | | | | | | | | | The "define uint64_t unsigned long long" were too good to work. With a different toolchain I am getting: cstdint:69:11: error: expected unqualified-id using ::uint64_t; ^ executor/common.h:34:18: note: expanded from macro 'uint64_t' Do it the proper way: introduce uint64/32/16/8 types and use them. pkg/csource then does s/uint64/uint64_t/ to not clutter code with additional typedefs.
* executor: fix another format bugDmitry Vyukov2017-12-271-1/+1
| | | | Detected only by clang.
* pkg/report: add more cases where we fail to parse reportsDmitry Vyukov2017-12-274-0/+354
|
* pkg/csource: add top-level repeat loopDmitry Vyukov2017-12-271-16/+28
| | | | | | | | Even if all 3 levels of processes in executor exit, execprog will still recreate them. Model the same in csource. This matters when the inner process kills loop and then everything stops.
* pkg/csource: simplify generated codeDmitry Vyukov2017-12-271-5/+3
| | | | We already have procid variable, no need to introduce i.
* executor: check format stringsDmitry Vyukov2017-12-275-35/+40
| | | | | | | | | | | | | | | | | | | I see a crash which says: #0: too much cover 0 (errno 0) while the code is: uint64_t n = ...; if (n >= kCoverSize) fail("#%d: too much cover %u", th->id, n); It seems that the high part of n is set, but we don't see it. Add printf format attribute to fail and friends and fix all similar cases. Caught a bunch of similar cases and a missing argument in: exitf("opendir(%s) failed due to NOFILE, exiting");
* dashboard/app: extract fixing tags from commitsDmitry Vyukov2017-12-274-6/+149
| | | | | | | | | | | | | Support the new scheme of associating fixing commits with bugs. Now we provide a tag along the lines of: Reported-by: <syzbot+a4a91f6fc35e102@syzkaller.appspotmail.com> The tag is supposed to be added to the commit. Then we parse commit logs and extract these tags. The final part on the dashboard is not ready yet, but syz-ci should already parse and send the tags.
* pkg/csource: mimic the way syscalls are scheduled in executorDmitry Vyukov2017-12-222-22/+70
| | | | | | | | Currently csource uses completely different, simpler way of scheduling syscalls onto threads (thread per call with random sleeps). Mimic the way calls are scheduled in executor. Fixes #312
* executor: remove dead codeDmitry Vyukov2017-12-221-2/+0
| | | | doexit already contains an infinite loop.
* pkg/csource: fix handling of proc typesDmitry Vyukov2017-12-223-19/+38
| | | | | | | | | | Generated program always uses pid=0 even when there are multiple processes. Make each process use own pid. Unfortunately required to do quite significant changes to prog, because the current format only supported fixed pid. Fixes #490
* pkg/csource: limit thread stacksDmitry Vyukov2017-12-221-2/+5
| | | | | | | | | We always set RLIMIT_AS to 128MB. I've debugged a program with 21 syscalls. With collide it creates 42 threads. With default stack size of 8MB this requires: 42*8 = 336MB. Thread creation fails and nothing works. Limit thread stacks the same way executor does. Fixes #488
* pkg/csource: fix string escaping bugDmitry Vyukov2017-12-221-0/+2
|
* pkg/report: add test where we fail to detect guilty functionDmitry Vyukov2017-12-191-0/+58
|
* pkg/report: add test where we fail to detect corrupted reportDmitry Vyukov2017-12-191-0/+14
|
* pkg/email: improve parsing of splitted linesDmitry Vyukov2017-12-192-29/+80
| | | | | | | | | | Allow: full-commit-title-on-next-line This allows commit titles between 70 and 80 cols with gmail. Also be more permissive wrt spaces and tabs.
* pkg/report: add test for a bug in report parsingDmitry Vyukov2017-12-181-0/+42
|
* syz-manager, syz-fuzzer: allow re-minimizing/re-smashing inputsDmitry Vyukov2017-12-182-9/+26
| | | | | | | | | | By default we don't re-minimize/re-smash programs from corpus, it takes lots of time on start and is unnecessary. However, when we improve/fix minimization/smashing, we may want to. Introduce corpus database versions and allow to re-minimize/re-smash on version bumps.
* syz-fuzzer: refactorDmitry Vyukov2017-12-181-8/+0
| | | | | | | | | | | syz-fuzzer organically grew from a small nice main function into a huge single-file monster with tons of global state. Start refactoring it into something more managable. This change separates 2 things: 1. Proc: a single fuzzing process (ipc.Env wrapper). 2. WorkQueue: holds global non-fuzzing work items. More work needed, but this is good first step.
* pkg/csource: make strings more readableDmitry Vyukov2017-12-171-11/+56
| | | | | If string contains a file name or a crypto alg name, don't escape it all to hex.
* prog: use dense indexes for copyout instructionsDmitry Vyukov2017-12-171-13/+42
| | | | Fixes #174
* prog: add DeserializeExecDmitry Vyukov2017-12-171-124/+77
| | | | | | | | | Factor out program parsing from pkg/csource. csource code that parses program and at the same time formats output is very messy and complex. New aproach also allows to understand e.g. when a call has copyout instructions which is useful for better C source output.
* pkg/csource: refactorDmitry Vyukov2017-12-174-179/+230
| | | | | | | csource.go is too large and messy. Move Build/Format into buid.go. Move generation of common header into common.go. Split generation of common header into smaller managable functions.
* pkg/ipc: make threaded/collide per-program optionsDmitry Vyukov2017-12-172-53/+71
| | | | | | | Currently threaded/collide are global environment flags. It can be useful to turn off collider during some executions (minimization, triage, etc). Make them per-program options.
* pkg/report: add another testDmitry Vyukov2017-12-171-0/+17
|
* sys: move test syscalls to a separate targetDmitry Vyukov2017-12-173-9/+3
| | | | | | We have them in linux solely for historical reasons. Fixes #462
* executor: fix macros in common.hAndrey Konovalov2017-12-144-12/+16
|
* pkg/report: fix __this_cpu_* report header call trace captureAndrey Konovalov2017-12-133-4/+34
|
* pkg/report: add another corruped report formatDmitry Vyukov2017-12-122-0/+87
|
* pkg/report: add another guilty file testDmitry Vyukov2017-12-121-0/+30
|
* pkg/report: properly infer kernel location if kcov is not enabledDmitry Vyukov2017-12-121-18/+28
| | | | | | We used to infer kernel source location based on __sanitizer_cov_trace_pc symbol. But it's not present if KCOV is not enabled. Look at more symbols.
* pkg/report: add few more corrupted reportsDmitry Vyukov2017-12-122-0/+127
|
* pkg/report: improve using __this_cpu_add() in preemptible code reportDmitry Vyukov2017-12-123-5/+20
|
* pkg/report: handle syzkaller binariesDmitry Vyukov2017-12-123-2/+54
| | | | syzkallerNNN binaries are coming from pkg/repro.
generated by ggit (джигит) mrf-deployment (git 2.46.0) at 2026-03-17 15:02:39 +0000