aboutsummaryrefslogtreecommitdiffstats
path: root/tools
Commit message (Collapse)AuthorAgeFilesLines
* tools/syz-symbolize: allow to symbolize arbitrary kernel outputDmitry Vyukov2018-01-091-2/+1
|
* tools/syz-symbolize: assume that kernel is in the current dirDmitry Vyukov2017-12-271-2/+2
|
* syz-fuzzer: refactorDmitry Vyukov2017-12-181-2/+1
| | | | | | | | | | | syz-fuzzer organically grew from a small nice main function into a huge single-file monster with tons of global state. Start refactoring it into something more managable. This change separates 2 things: 1. Proc: a single fuzzing process (ipc.Env wrapper). 2. WorkQueue: holds global non-fuzzing work items. More work needed, but this is good first step.
* pkg/ipc: make threaded/collide per-program optionsDmitry Vyukov2017-12-172-18/+10
| | | | | | | Currently threaded/collide are global environment flags. It can be useful to turn off collider during some executions (minimization, triage, etc). Make them per-program options.
* tools: fix create-image.shDmitry Vyukov2017-12-081-3/+3
| | | | Uncomment unintentionally commented out lines from a previous commit.
* tools/syz-execprog: extend hints outputDmitry Vyukov2017-12-081-0/+3
| | | | | Print call number because one is usually interested in a particular call only.
* tools: include selinux packages when building imagesDmitry Vyukov2017-12-082-4/+4
| | | | These packages are required to actually activate selinux during boot.
* tools/syz-crush: fix for new multi-target worldDmitry Vyukov2017-11-301-3/+4
|
* pkg/report: include Maintainers into reportDmitry Vyukov2017-11-291-36/+9
| | | | | | | | | | | | | | | | | | Currently getting a complete report requires a complex, multi-step dance (including getting information that external users are not interested in -- guilty file). Simplify interface down to 2 functions: Parse and Symbolize. Parse does what it did before, Symbolize symbolizes report and fills in maintainers. This simplifies both implementations of Reporter interface and all users of the interface. Potentially we could get this down to 1 function Parse that does everything. However, (1) Symbolize can fail, while Parse cannot, (2) usually we want to ignore (log) Symbolize errors, but otherwise proceed with the report, (3) repro does not need symbolization for all but the last report.
* pkg/report: add Output to ReportDmitry Vyukov2017-11-291-2/+2
| | | | | | | | | Whole raw output is indivisble part of Report, currently we always pass Output separately along with Report. Make Output a Report field. Then, put whole Report into manager Crash and repro context and Result. There is little point in passing Report as aa bunch of separate fields.
* sys/linux: add binder descriptionsDmitry Vyukov2017-11-271-0/+4
|
* pkg/report: various corrupted report detection improvementsAndrey Konovalov2017-11-231-0/+57
|
* vm: return Report from MonitorExecutionDmitry Vyukov2017-11-211-7/+3
| | | | | | This allows callers to get access to Report.Corrupted. Better than adding 6-th return value and will allow to pipe other report properties if necessary.
* pkg/report, pkg/repro, syz-manager: name crash attributes consistentlyDmitry Vyukov2017-11-142-5/+5
| | | | | | | | | We currently have several names for crash attributes, which is disturbing. E.g. crash title is called "Title" or "Desc". Name them consistently. Title - single line bug identity. Report - whole crash text. Log - whole fuzzer/kernel output.
* vm: remove needOutput arg for MonitorExecutionDmitry Vyukov2017-11-141-1/+1
| | | | | | Always wait 10 secs for output. If anything this can only lead to missed crashes during repro. Let's unify manager and repro behavior.
* pkg/report: combine report data into a structDmitry Vyukov2017-11-141-2/+7
| | | | | Parse returns 5 variables now. Later we may want to add crash "priority". Introduce Report struct that holds all report data.
* pkg/report: add corrupted report detectionAndrey Konovalov2017-11-131-1/+1
| | | | | This change makes pkg/report try to detect corrupted reports by using some heuristics.
* execprog: correctly handle fault injectionsAndrey Konovalov2017-11-071-17/+26
| | | | | | syz-execprog doesn't utilize info about fault injections from a prog log. Since syz-execprog is used by the repro package to reproduce crashes, crashes caused by fault injections might not reproduce.
* tools/syz-execprog: allow to override target OSDmitry Vyukov2017-11-061-1/+2
| | | | This is currently useful for akaros, which is tested remotely.
* docs, tools: add local link checkerAndrey Konovalov2017-10-271-0/+66
| | | | | | This commit adds tools/check_links.py script, that checks that all local links from documentation files are valid; fixes some of the invalid links that we had; and makes travis buildbot check them as well.
* syz-fuzzer: generates hints only for the call that gave new coverageDmitry Vyukov2017-10-231-7/+8
| | | | | | During smashing we know what call gave new coverage, so we can concentrate just on it. This helps to reduce amount of hints generated (we have too many of them).
* tools/syz-execprog: print total number of comps/hintsDmitry Vyukov2017-10-231-2/+18
|
* pkg/report: support multiple OSesDmitry Vyukov2017-10-184-96/+56
| | | | | | Introduce report.Reporter interface. Add an implementation per-OS. Make users be explicit about OS they are testing.
* tools/syz-mutate: allow to specify targetDmitry Vyukov2017-10-171-20/+21
|
* tools/syz-prog2c: allow to specify target OSDmitry Vyukov2017-10-161-1/+2
|
* tools/syz-stress: allow to specify target OSDmitry Vyukov2017-10-161-2/+12
|
* tools/syz-prog2c: import targetsDmitry Vyukov2017-10-021-0/+1
| | | | | Currently syz-prog2c is broken as it does not import any targets. Import sys package.
* sys/windows: add more descriptionsDmitry Vyukov2017-09-271-0/+279
|
* all: more assorted fuchsia supportDmitry Vyukov2017-09-223-36/+5
|
* all: initial support for fuchsiaDmitry Vyukov2017-09-203-12/+33
| | | | | | Nothing works, but builds. Update #191
* prog: remove default target and all global stateDmitry Vyukov2017-09-157-24/+34
| | | | | | Now each prog function accepts the desired target explicitly. No global, implicit state involved. This is much cleaner and allows cross-OS/arch testing, etc.
* syz-fuzzer, syz-execprog: add -arch flagDmitry Vyukov2017-09-151-1/+2
| | | | | arch flag specifies target arch, which can be different from GOARCH. For example, 386 executor with amd64 fuzzer.
* syz-manager/mgrconfig: explicitly specify target in configDmitry Vyukov2017-09-156-2/+28
| | | | | Add target config parameter (e.g. linux/amd64) which controls target OS/arch. No more explicit assumptions about target.
* prog, sys: move types to progDmitry Vyukov2017-09-054-6/+9
| | | | | | | | | | | Large overhaul moves syscalls and arg types from sys to prog. Sys package now depends on prog and contains only generated descriptions of syscalls. Introduce prog.Target type that encapsulates all targer properties, like syscall list, ptr/page size, etc. Also moves OS-dependent pieces like mmap call generation from prog to sys. Update #191
* sys: rename Call to SyscallDmitry Vyukov2017-09-051-4/+4
| | | | | In preparation for moving sys types to prog to avoid confusion between sys.Call and prog.Call.
* ipc, prog, fuzzer, execprog: add hints generation codeVictor Chibotaru2017-08-301-0/+14
| | | | | | | | | | | | | | | | | | | | | | A hint is basically a tuple consisting of a pointer to an argument in one of the syscalls of a program and a value, which should be assigned to that argument. A simplified version of hints workflow looks like this: 1. Fuzzer launches a program and collects all the comparisons' data for every syscall in the program. 2. Next it tries to match the obtained comparison operands' values vs. the input arguments' values. 3. For every such match the fuzzer mutates the program by replacing the pointed argument with the saved value. 4. If a valid program is obtained, then fuzzer launches it and checks if new coverage is obtained. This commit includes: 1. All the code related to hints generation, parsing and mutations. 2. Fuzzer functions to launch the process. 3. Some new stats gathered by fuzzer and manager, related to hints. 4. An updated version of execprog to test the hints process.
* pkg/compiler: more static error checkingDmitry Vyukov2017-08-271-4/+1
| | | | Update #217
* pkg/compiler, sys/syz-sysgen: move const handling to pkg/compilerDmitry Vyukov2017-08-271-3/+3
| | | | Now pkg/compiler deals with consts.
* tools: add headerparser as a tool to assist in writing system call descriptionsZubin Mithra2017-08-257-0/+731
| | | | | The tool can be found inside tools/syz-headerparser. Details on how to use headerparser can be found inside docs/headerparser_usage.md.
* Makefile: enforce formatting of sys files in presubmitDmitry Vyukov2017-08-181-0/+1
|
* pkg/ast: new parser for sys descriptionsDmitry Vyukov2017-08-181-0/+72
| | | | | | | | The old parser in sys/sysparser is too hacky, difficult to extend and drops debug info too early, so that we can't produce proper error messages. Add a new parser that is build like a proper language parser and preserves full debug info for every token.
* tools/create-gce-image.sh: explicitly specify target for grubDmitry Vyukov2017-08-111-1/+1
| | | | | | | | | On most distributions default grub target is i386-pc, which works. However, on some default is x86_64-efi, which fails with: grub-install: error: cannot find EFI directory. Explicitly specify i386-pc target.
* tools/syz-benchcmp: add execution speedDmitry Vyukov2017-08-101-0/+16
| | | | | | | | | Exec total is affected by initial triage/minimize phase, so two experiments can have the same execution speed in the stable mode, but have constant diff due to the initial phase. The one that is higher looks better, but that's not very important. Provide execution speed characteristic that is not affected by initial phase. It is not displayed by default.
* syz-dash, syz-gce: removeDmitry Vyukov2017-08-021-194/+0
| | | | This is now superseded by dashboard/app and syz-ci.
* tools/create-gce-image.sh: ignore SIGINTDmitry Vyukov2017-07-171-0/+5
| | | | | | If the script is aborted at an unfortunate point, it leaves the whole system broken. E.g. we've seen that fdisk cannot update partition table until the next reboot. If you really need to kill it, use a different signal. But better wait.
* pkg/kernel: actually pass cmdline/sysctl files to the build scriptDmitry Vyukov2017-07-171-2/+4
|
* syz-ci: allow to specify cmdline/sysctlsDmitry Vyukov2017-07-171-5/+20
| | | | | Allow to specify per-kernel command line and sysctl values to more closely mimic the target kernel.
* tools/create-image.sh: create 2G imagesDmitry Vyukov2017-07-171-1/+1
| | | | | 1G does not seem to be enough. Create 2G images as we do in create-gce-image.sh.
* all: use consistent file permissionsDmitry Vyukov2017-07-033-4/+7
| | | | | | | | | | | | | | | | Currently we have unix permissions for new files/dirs hardcoded throughout the code base. Some places use 0644, some - 0640, some - 0600 and a variety of other constants. Introduce osutil.MkdirAll/WriteFile that use the default permissions and use them throughout the code base. This makes permissions consistent and also allows to easily change the permissions later if we change our minds. Also merge pkg/fileutil into pkg/osutil as they become dependent on each other. The line between them was poorly defined anyway as both operate on files.
* tools/syz-symbolize: add report modeDmitry Vyukov2017-06-301-9/+36
| | | | | | Currently syz-symbolize symbolizes whole input file. Add a new mode (controlled with -report flag) when it prints report as would be extracted by syz-manager.
generated by ggit (джигит) mrf-deployment (git 2.46.0) at 2026-03-24 12:34:00 +0000