aboutsummaryrefslogtreecommitdiffstats
path: root/prog/encodingexec.go
Commit message (Collapse)AuthorAgeFilesLines
* prog, pkg/csource: more readable serialization for stringsDmitry Vyukov2018-12-151-1/+10
| | | | | | | Always serialize strings in readable format (non-hex). Serialize binary data in readable format in more cases. Fixes #792
* prog: add concept of "special pointers"Dmitry Vyukov2018-08-301-7/+0
| | | | | | | | | | | | | | | | | Currently we only generate either valid user-space pointers or NULL. Extend NULL to a set of special pointers that we will use in programs. All targets now contain 3 special values: - NULL - 0xfffffffffffffff (invalid kernel pointer) - 0x999999999999999 (non-canonical address) Each target can add additional special pointers on top of this. Also generate NULL/special pointers for non-opt ptr's. This restriction was always too restrictive. We may want to generate them with very low probability, but we do want to generate them. Also change pointers to NULL/special during mutation (but still not in the opposite direction).
* prog: introduce debugValidateDmitry Vyukov2018-08-021-5/+1
| | | | | | Move debug validation into a separate function. Update #538
* prog: refactor SerializeForExecDmitry Vyukov2018-08-021-94/+103
| | | | | | | Factor copyin, copyout and checksums into separate functions. Also slightly tidy csum analysis. Update #538
* prog: refactor SerializeForExecDmitry Vyukov2018-07-311-113/+117
| | | | | | Reduce cyclomatic complexity. Update #538
* prog, pkg/compiler: support fmt typeDmitry Vyukov2018-07-081-11/+9
| | | | | fmt type allows to convert intergers and resources to string representation.
* prog: make c.Ret optionalDmitry Vyukov2018-05-051-1/+1
| | | | | No reason to allocate return value if there is no return type. c.Ret == nil is the reasonable indication that this is a "void" call.
* prog: simplify codeDmitry Vyukov2018-05-051-10/+4
| | | | | | Now that we don't have ReturnArg and only ResultArg's refer to other ResultArg's we can remove ArgUser/ArgUsed and devirtualize lots of code.
* prog: remove ReturnArgDmitry Vyukov2018-05-051-3/+8
| | | | It's not all that needed.
* executor: use proper default values for resourcesDmitry Vyukov2018-02-261-0/+1
| | | | | | | | | We currently use -1 as default value for resources when the actual value is not available. -1 is good for fd's, but is not the right default value for pointers/keys/etc. Pass from prog and use in executor proper default value for resources.
* pkg/compiler: allow unions as syscall argumentsDmitry Vyukov2018-02-231-0/+2
| | | | | If all union options can be syscall arguments, allow the union itself as syscall argument.
* prog: rework address allocationDmitry Vyukov2018-02-191-8/+2
| | | | | | | | | | | | 1. mmap all memory always, without explicit mmap calls in the program. This makes lots of things much easier and removes lots of code. Makes mmap not a special syscall and allows to fuzz without mmap enabled. 2. Change address assignment algorithm. Current algorithm allocates unmapped addresses too frequently and allows collisions between arguments of a single syscall. The new algorithm analyzes actual allocations in the program and places new arguments at unused locations.
* prog: fix PhysicalAddr for NULL addressesDmitry Vyukov2018-02-191-9/+8
| | | | | | Turns out we never produced NULL pointers because what's meant to be NULL pointer was actually encoded as pointer to beginning of the data region.
* prog: merge foreachSubargOffset into foreachArgImplDmitry Vyukov2018-02-191-23/+20
|
* prog: rework foreachArgDmitry Vyukov2018-02-191-5/+2
| | | | | | | | Make Foreach* callback accept the arg and a context struct that can contain lots of aux info. This (1) removes lots of unuser base/parent args, (2) provides foundation for stopping recursion, (3) allows to merge foreachSubargOffset.
* prog: unexport Args and PyPhysicalAddrDmitry Vyukov2018-02-171-20/+3
|
* prog: give special type generators access to targetDmitry Vyukov2018-02-171-3/+3
|
* pkg/csource: fix handling of proc typesDmitry Vyukov2017-12-221-20/+20
| | | | | | | | | | Generated program always uses pid=0 even when there are multiple processes. Make each process use own pid. Unfortunately required to do quite significant changes to prog, because the current format only supported fixed pid. Fixes #490
* prog: use dense indexes for copyout instructionsDmitry Vyukov2017-12-171-13/+20
| | | | Fixes #174
* prog: add DeserializeExecDmitry Vyukov2017-12-171-17/+30
| | | | | | | | | Factor out program parsing from pkg/csource. csource code that parses program and at the same time formats output is very messy and complex. New aproach also allows to understand e.g. when a call has copyout instructions which is useful for better C source output.
* prog: remove unused writeArg argumentDmitry Vyukov2017-12-171-5/+6
|
* prog: minor refactoring around argumentsDmitry Vyukov2017-12-171-4/+3
| | | | | | Introduce isUsed(arg) helper, use it in several places. Move method definitions closer to their types. Simplify presence check for ArgUsed.Used() in several places.
* prog: don't serialize output data argsDmitry Vyukov2017-12-171-5/+7
| | | | | | | | Fixes #188 We now will write just ""/1000 to denote a 1000-byte output buffer. Also we now don't store 1000-byte buffer in memory just to denote size. Old format is still parsed.
* pkg/ipc: don't send program padding to executorDmitry Vyukov2017-10-121-3/+4
| | | | | | Currently we always send 2MB of data to executor in ipc_simple.go. Send only what's consumed by the program, and don't send the trailing zeros. Serialized programs usually take only few KBs.
* prog: remove default target and all global stateDmitry Vyukov2017-09-151-12/+14
| | | | | | Now each prog function accepts the desired target explicitly. No global, implicit state involved. This is much cleaner and allows cross-OS/arch testing, etc.
* prog, sys: move types to progDmitry Vyukov2017-09-051-5/+0
| | | | | | | | | | | Large overhaul moves syscalls and arg types from sys to prog. Sys package now depends on prog and contains only generated descriptions of syscalls. Introduce prog.Target type that encapsulates all targer properties, like syscall list, ptr/page size, etc. Also moves OS-dependent pieces like mmap call generation from prog to sys. Update #191
* prog: dot-import sysDmitry Vyukov2017-09-051-3/+3
| | | | In preparation for moving sys types to prog to reduce later diffs.
* prog: move ptrSize const to testDmitry Vyukov2017-09-041-1/+0
| | | | It is used only by a single test. Remove it from non-test code.
* sys, prog: switch values to to uint64Dmitry Vyukov2017-08-191-17/+17
| | | | | | | | | | We currently use uintptr for all values. This won't work for 32-bit archs. Moreover in some cases we use uintptr but assume that it is always 64-bits (e.g. in encodingexec). Switch everything to uint64. Update #324
* prog: simplify codeDmitry Vyukov2017-08-141-1/+1
| | | | Result of running gofmt -s.
* prog: fix encoding for exec of result argsAndrey Konovalov2017-08-011-5/+13
| | | | | | ResultArg might have const value. Also add a test.
* prog: split Arg into smaller structsAndrey Konovalov2017-07-171-53/+53
| | | | | | | | | | | | | | | | | | | | | | Right now Arg is a huge struct (160 bytes), which has many different fields used for different arg kinds. Since most of the args we see in a typical corpus are ArgConst, this results in a significant memory overuse. This change: - makes Arg an interface instead of a struct - adds a SomethingArg struct for each arg kind we have - converts all *Arg pointers into just Arg, since interface variable by itself contains a pointer to the actual data - removes ArgPageSize, now ConstArg is used instead - consolidates correspondence between arg kinds and types, see comments before each SomethingArg struct definition - now LenType args that denote the length of VmaType args are serialized as "0x1000" instead of "(0x1000)"; to preserve backwards compatibility syzkaller is able to parse the old format for now - multiple small changes all over to make the above work After this change syzkaller uses twice less memory after deserializing a typical corpus.
* prog, executor: move checksum computation to executorAndrey Konovalov2017-05-121-11/+94
| | | | | This commit moves checksum computation to executor. This will allow to embed dynamically generated values (like TCP sequence numbers) into packets.
* prog, sys: add csum type, embed checksums for ipv4 packetsAndrey Konovalov2017-01-251-30/+12
| | | | | | | This change adds a `csum[kind, type]` type. The only available kind right now is `ipv4`. Using `csum[ipv4, int16be]` in `ipv4_header` makes syzkaller calculate and embed correct checksums into ipv4 packets.
* prog: validate deserialized programsDmitry Vyukov2017-01-241-2/+4
| | | | | | | The optimization change removed validation too aggressively. We do need program validation during deserialization, because we can get bad programs from corpus or hub. Restore program validation after deserialization.
* all: spot optimizationsDmitry Vyukov2017-01-201-16/+45
| | | | | | | | | | | | | A bunch of spot optmizations after cpu/memory profiling: 1. Optimize hot-path coverage comparison in fuzzer. 2. Don't allocate and copy serialized program, serialize directly into shmem. 3. Reduce allocations during parsing of output shmem (encoding/binary sucks). 4. Don't allocate and copy coverage arrays, refer directly to the shmem region (we are not going to mutate them). 5. Don't validate programs outside of tests, validation allocates tons of memory. 6. Replace the choose primitive with simpler switches. Choose allocates fullload of memory (for int, func, and everything the func refers). 7. Other minor optimizations.
* prog, sys: fix padding varlen structsAndrey Konovalov2017-01-191-1/+1
|
* prog: fix union and struct offsets in SerializeForExecAndrey Konovalov2017-01-181-30/+27
|
* prog: add bitfields to templatesAndrey Konovalov2017-01-171-1/+9
| | | | | | Now it's possible to use `int32:18` to denote a bitfield of size 18 as a struct field. This fixes #72.
* sys: add proc type to denote per proccess integersAndrey Konovalov2016-11-251-5/+5
|
* prog: remote Type argument from Arg.Size/ValueDmitry Vyukov2016-11-111-7/+7
| | | | | They are not necessary since we now always have types attached to args. Also remove sys.Type.InnerType as it is not necessary now as well.
* sys: attach Dir to all typesDmitry Vyukov2016-11-111-1/+1
| | | | | | Dir is a static info, so we don't need to compute, propagate and attach it in prog whenever we generate/change programs. Attach Dir to all types.
* Add big-endian intsAndrey Konovalov2016-10-131-1/+1
|
* prog: skip union when calculating field offsetAndrey Konovalov2016-09-191-1/+1
|
* sys: add union typeDmitry Vyukov2015-12-291-5/+4
|
* prog: don't serialize paddingsDmitry Vyukov2015-12-281-1/+3
| | | | | | Paddings in serialized programs are unnecessary and confusing. Instead restore them implicitly. Also use [,,,,] for arrays.
* prog: remove padding checkingDmitry Vyukov2015-12-231-23/+8
| | | | | So far it has found only false positives. Let's leave this to KMSAN.
* csource: new packageDmitry Vyukov2015-12-231-19/+23
| | | | | Move C source generation into a separate package. Prog is too bloated already.
* sys: automatically add padding to structsDmitry Vyukov2015-12-171-6/+26
|
* initial commitDmitry Vyukov2015-10-121-0/+172
generated by ggit (джигит) mrf-deployment (git 2.46.0) at 2026-03-25 13:51:44 +0000