aboutsummaryrefslogtreecommitdiffstats
path: root/prog/encodingexec_test.go
Commit message (Collapse)AuthorAgeFilesLines
* all: add the `rerun` call propertyAleksandr Nogikh2021-12-101-7/+7
| | | | | | | | | | | | | | To be able to collide specific syscalls more precisely, we need to repeat the process many times. Introduce the `rerun` call property, which instructs `syz-executor` to repeat the call the specified number of times. The intended use is: call1() (rerun: 100, async) call2() (rerun: 100) For now, assign rerun values randomly to consecutive pairs of calls, where the first one is async.
* all: replace collide mode by `async` call propertyAleksandr Nogikh2021-12-101-4/+12
| | | | | | | | | | | | | Replace the currently existing straightforward approach to race triggering (that was almost entirely implemented inside syz-executor) with a more flexible one. The `async` call property instructs syz-executor not to block until the call has completed execution and proceed immediately to the next call. The decision on what calls to mark with `async` is made by syz-fuzzer. Ultimately this should let us implement more intelligent race provoking strategies as well as make more fine-grained reproducers.
* prog/decodeexec.go: properly handle call props before no-copyin callsAleksandr Nogikh2021-10-071-1/+10
| | | | | | | | | | | If a call having non-default call props is followed by a call not having copyin instructions, the non-default call prop values will be lost. Fix this by trying to commit the call before processing the call props structure. Adjust the call-props-related decodeexec test to emulate that situation as well.
* all: refactor fault injection into call propsAleksandr Nogikh2021-09-221-225/+181
| | | | | | | | | | | | Now that call properties mechanism is implemented, we can refactor fault injection. Unfortunately, it is impossible to remove all traces of the previous apprach. In reprolist and while performing syz-ci jobs, syzkaller still needs to parse the old format. Remove the old prog options-based approach whenever possible and replace it with the use of call properties.
* all: introduce call propertiesAleksandr Nogikh2021-09-221-164/+225
| | | | | | | | | Call properties let us specify how each individual call within a program must be executed. So far the only way to enforce extra rules was to pass extra program-level properties (e.g. that is how fault injection was done). However, it entangles the logic and not flexible enough. Implement an ability to pass properties along with each individual call.
* prog: detect copyout overflowDmitry Vyukov2021-03-041-0/+67
| | | | | | Detect the case when a program requires more copyout than executor can handle. Curretnly these result in: "SYZFAIL: command refers to bad result" failures. Now syz-fuzzer should ignore them.
* ipc: fix endianness issuesAlexander Egorenkov2020-06-231-6/+17
| | | | | | | | Use native byte-order for IPC and program serialization. This way we will be able to support both little- and big-endian architectures. Signed-off-by: Alexander Egorenkov <Alexander.Egorenkov@ibm.com>
* .golangci.yml: enable funlen checkerDmitry Vyukov2020-06-051-0/+1
| | | | Checks for too long functions (based on lines and statements).
* prog: support disabled attributeDmitry Vyukov2020-05-041-1/+2
| | | | | Update #477 Update #502
* pkg/compiler: fix bitfield layout bugDmitry Vyukov2019-12-201-12/+12
| | | | | | Fixes #1542 Found thanks to syz-check. Update #590
* prog: fix checksum dependenciesAndrey Konovalov2019-02-011-0/+22
| | | | | | Make pseudo checksums depend (via csumUses) on the arg it requires for calculation. Otherwise we fail to assign addrs to those args during encoding for execution. Also add a test.
* prog: introduce strict parsing modeDmitry Vyukov2018-12-101-1/+1
| | | | | | | | | | | Over time we relaxed parsing to handle all kinds of invalid programs (excessive/missing args, wrong types, etc). This is useful when reading old programs from corpus. But this is harmful for e.g. reading test inputs as they can become arbitrary outdated. For runtests which creates additional problem of executing not what is actually written in the test (or at least what author meant). Add strict parsing mode that does not tolerate any errors. For now it just checks excessive syscall arguments.
* prog: add concept of "special pointers"Dmitry Vyukov2018-08-301-0/+24
| | | | | | | | | | | | | | | | | Currently we only generate either valid user-space pointers or NULL. Extend NULL to a set of special pointers that we will use in programs. All targets now contain 3 special values: - NULL - 0xfffffffffffffff (invalid kernel pointer) - 0x999999999999999 (non-canonical address) Each target can add additional special pointers on top of this. Also generate NULL/special pointers for non-opt ptr's. This restriction was always too restrictive. We may want to generate them with very low probability, but we do want to generate them. Also change pointers to NULL/special during mutation (but still not in the opposite direction).
* executor: overhaulDmitry Vyukov2018-07-241-50/+50
| | | | | | | | | | | | | | | | | Make as much code as possible shared between all OSes. In particular main is now common across all OSes. Make more code shared between executor and csource (in particular, loop function and threaded execution logic). Also make loop and threaded logic shared across all OSes. Make more posix/unix code shared across OSes (e.g. signal handling, pthread creation, etc). Plus other changes along similar lines. Also support test OS in executor (based on portable posix) and add 4 arches that cover all execution modes (fork server/no fork server, shmem/no shmem). This change paves way for testing of executor code and allows to preserve consistency across OSes and executor/csource.
* prog, pkg/compiler: support fmt typeDmitry Vyukov2018-07-081-1/+1
| | | | | fmt type allows to convert intergers and resources to string representation.
* executor: use proper default values for resourcesDmitry Vyukov2018-02-261-2/+0
| | | | | | | | | We currently use -1 as default value for resources when the actual value is not available. -1 is good for fd's, but is not the right default value for pointers/keys/etc. Pass from prog and use in executor proper default value for resources.
* pkg/compiler: fix alignment corner caseDmitry Vyukov2018-02-251-0/+15
| | | | | Fix alignemnt calculation for packed structs with alignment and bitfields. Amusingly this affected only a single real struct -- ipv6_fragment_ext_header.
* prog: fix PhysicalAddr for NULL addressesDmitry Vyukov2018-02-191-0/+9
| | | | | | Turns out we never produced NULL pointers because what's meant to be NULL pointer was actually encoded as pointer to beginning of the data region.
* prog: support opt for proc typesDmitry Vyukov2018-01-061-0/+17
|
* pkg/csource: fix handling of proc typesDmitry Vyukov2017-12-221-85/+170
| | | | | | | | | | Generated program always uses pid=0 even when there are multiple processes. Make each process use own pid. Unfortunately required to do quite significant changes to prog, because the current format only supported fixed pid. Fixes #490
* prog: use dense indexes for copyout instructionsDmitry Vyukov2017-12-171-22/+22
| | | | Fixes #174
* prog: add DeserializeExecDmitry Vyukov2017-12-171-127/+153
| | | | | | | | | Factor out program parsing from pkg/csource. csource code that parses program and at the same time formats output is very messy and complex. New aproach also allows to understand e.g. when a call has copyout instructions which is useful for better C source output.
* sys: move test syscalls to a separate targetDmitry Vyukov2017-12-171-1/+1
| | | | | | We have them in linux solely for historical reasons. Fixes #462
* pkg/ipc: don't send program padding to executorDmitry Vyukov2017-10-121-2/+2
| | | | | | Currently we always send 2MB of data to executor in ipc_simple.go. Send only what's consumed by the program, and don't send the trailing zeros. Serialized programs usually take only few KBs.
* prog: remove default target and all global stateDmitry Vyukov2017-09-151-10/+8
| | | | | | Now each prog function accepts the desired target explicitly. No global, implicit state involved. This is much cleaner and allows cross-OS/arch testing, etc.
* prog, sys: move types to progDmitry Vyukov2017-09-051-5/+8
| | | | | | | | | | | Large overhaul moves syscalls and arg types from sys to prog. Sys package now depends on prog and contains only generated descriptions of syscalls. Introduce prog.Target type that encapsulates all targer properties, like syscall list, ptr/page size, etc. Also moves OS-dependent pieces like mmap call generation from prog to sys. Update #191
* prog: dot-import sysDmitry Vyukov2017-09-051-2/+2
| | | | In preparation for moving sys types to prog to reduce later diffs.
* sys: rename Call to SyscallDmitry Vyukov2017-09-051-1/+1
| | | | | In preparation for moving sys types to prog to avoid confusion between sys.Call and prog.Call.
* sys, pkg/compiler: move padding computation to compilerDmitry Vyukov2017-09-041-1/+1
| | | | This makes types constant during execution, everything is precomputed.
* prog: move ptrSize const to testDmitry Vyukov2017-09-041-0/+2
| | | | It is used only by a single test. Remove it from non-test code.
* pkg/compiler: check and generate typesDmitry Vyukov2017-09-021-7/+7
| | | | | | Move most of the logic from sysgen to pkg/compiler. Update #217
* prog: fix encoding for exec of result argsAndrey Konovalov2017-08-011-0/+7
| | | | | | ResultArg might have const value. Also add a test.
* all: spot optimizationsDmitry Vyukov2017-01-201-2/+12
| | | | | | | | | | | | | A bunch of spot optmizations after cpu/memory profiling: 1. Optimize hot-path coverage comparison in fuzzer. 2. Don't allocate and copy serialized program, serialize directly into shmem. 3. Reduce allocations during parsing of output shmem (encoding/binary sucks). 4. Don't allocate and copy coverage arrays, refer directly to the shmem region (we are not going to mutate them). 5. Don't validate programs outside of tests, validation allocates tons of memory. 6. Replace the choose primitive with simpler switches. Choose allocates fullload of memory (for int, func, and everything the func refers). 7. Other minor optimizations.
* prog, sys: fix padding varlen structsAndrey Konovalov2017-01-191-0/+9
|
* prog: add tests for alignment and offsetsAndrey Konovalov2017-01-181-2/+74
|
* prog: add bitfields to templatesAndrey Konovalov2017-01-171-36/+51
| | | | | | Now it's possible to use `int32:18` to denote a bitfield of size 18 as a struct field. This fixes #72.
* sys: add proc type to denote per proccess integersAndrey Konovalov2016-11-251-2/+2
|
* Add tests for big-endian intsAndrey Konovalov2016-10-131-0/+22
|
* Add exec serialize tests for array[int8]Andrey Konovalov2016-10-041-0/+19
|
* sys: add padding to structs againDmitry Vyukov2016-09-291-2/+24
| | | | | | | | Struct padding was accidentially lost after: 852e3d2eae98a913b7ec91822ba4dc61059a6955 Restore it. Now with tests. Fixes #78
* prog: add a test for union layoutDmitry Vyukov2016-09-291-0/+10
| | | | | This is a retrospect tests for the union bug fixed in: 91eb1b922fd95bfaa5d8b0aad16902a73f3fe3d1
* sys, prog: add tests for description parsing and serializationDmitry Vyukov2016-09-281-3/+57
| | | | | | | | | | Add sys/test.txt file with description of syscalls for tests. These descriptions can be used to ensure that we can parse everything we clain we can parse. Use these descriptions to write several tests for exec serialization (one test shows that alignment handling is currently incorrect). These test descriptions can also be used to write e.g. mutation tests. Update #78
* prog: add a simple test for exec encodingDmitry Vyukov2016-09-241-0/+48
generated by ggit (джигит) mrf-deployment (git 2.46.0) at 2026-03-12 07:03:38 +0000