| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We used to assume that the default value was the last, yet when it was
not specified in the serialized program, the first union option whose
condition is satisfied was chosen. Let's be consistent and use the last
value in both cases.
Also, remember that there's a case when there's no valid default value -
this happens when pkg/compiler wraps a conditional field into a union
with two conditional fields. Explicitly check for this case and assume
that, whatever value is set, is the correct default because in this
particular case the conditions of the two union options must be
mutually exclusive.
Fixes #6105.
|
| |
|
|
|
|
|
|
|
|
|
| |
ex. f3 field has logic or operator in if condition:
conditional_struct {
mask int32
f1 field1 (if[value[mask] & FIELD_FLAG1])
f2 int64 (if[value[mask] & FIELD_FLAG2])
f3 int64 (if[value[mask] == FIELD_FLAG1 || value[mask] == FIELD_FLAG2])
} [packed]
|
| |
|
|
|
|
|
|
|
|
|
|
| |
There is a totally valid situation when we could be recursively patching
conditional fields: if by changing a field's value we insert new
resource constructor calls. It's a bug to skip conditional field
patching for them.
Allow up to 2 nested patchConditionalFields() calls and panic if there
happen to be more.
Add a test that reproduces the situation described above.
|
| |
|
|
|
|
|
|
|
| |
It makes little sense to minimize int's for corpus.
Also replacing resource with a default value does not make sense as well.
For corpus we are only interesting in reducing total number of args
that will be considered for mutation.
Add CrashSnapshot mode, mainly to keep the minimization code "alive" for now.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
All callers shouldn't control lots of internal details of minimization
(if we have more params, that's just more variations to test,
and we don't have more, params is just a more convoluted way to say
if we minimize for corpus or a crash).
2 bools also allow to express 4 options, but only 3 make sense.
Also when I see MinimizeParams{} in the code, it's unclear what it means.
Replace params with mode.
And potentially "crash" minimization is not "light", it's just different.
E.g. we can simplify int arguments for reproducers (esp in snapshot mode),
but we don't need that for corpus.
|
| |
|
|
| |
Add an explicit parameter to only run call removal.
|
| |
|
|
|
| |
Fix checking of Logf, it has string in 0-th arg.
Add checking of t.Errorf/Fatalf.
|
| |
|
|
|
|
|
|
|
|
|
| |
The replaced union field may contain resource references that must also
be cleaned up.
The bug was triggered via methods that patch conditional fields, so
let's add stress tests for the conditional fields + resources
combination.
Reported-by: Paul Chaignon <paul.chaignon@gmail.com>
|
| |
|
|
| |
This reverts commit 6387f6b7d487e2a77d753ad28c1074e39c17c3ca.
|
| |
|
|
|
|
|
|
|
|
|
| |
The replaced union field may contain resource references that must also
be cleaned up.
The bug was triggered via methods that patch conditional fields, so
let's add stress tests for the conditional fields + resources
combination.
Reported-by: Paul Chaignon <paul.chaignon@gmail.com>
|
| |
|
|
|
|
|
|
| |
If conditions of several union fields are satisfied, select one
randomly. This would be a more logical semantics.
When conditional struct fields are translated to unions, negate the
condition for the union alternative.
|
|
|
pkg/compiler restructures conditional fields in structures into unions,
so we only have to implement the support for unions.
Semantics is as follows:
If a union has conditions, syzkaller picks the first field whose
condition matches. Since we require the last union field to have no
conditions, we can always construct an object.
Changes from this commit aim at ensuring that the selected union fields
always follow the rule above.
|
