From c35c26ec6312219507c518bae2e56c1ea46a5f36 Mon Sep 17 00:00:00 2001
From: Aleksandr Nogikh <nogikh@google.com>
Date: Fri, 16 Feb 2024 22:47:59 +0100
Subject: pkg/fuzzer: factor out the fuzzing engine

This is the first step for #1541.

Move the fuzzing engine that used to be interleaved with other syz-fuzzer
code into a separate package.

For now, the algorithm is more or less the same as it was, the only
difference is that a pkg/fuzzer instance scales to the available
computing power.

Add an executor-based test that performs real fuzzing.
---
 executor/common_test.h | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

(limited to 'executor/common_test.h')

diff --git a/executor/common_test.h b/executor/common_test.h
index 6ef6ed82d..971108df8 100644
--- a/executor/common_test.h
+++ b/executor/common_test.h
@@ -133,3 +133,23 @@ static int do_sandbox_none(void)
 	return 0;
 }
 #endif
+
+#if SYZ_EXECUTOR || __NR_syz_test_fuzzer1
+
+static void fake_crash(const char* name)
+{
+	failmsg("crash", "{{CRASH: %s}}", name);
+	doexit(1);
+}
+
+static long syz_test_fuzzer1(volatile long a, volatile long b, volatile long c)
+{
+	// We probably want something more interesting here.
+	if (a == 1 && b == 1 && c == 1)
+		fake_crash("first bug");
+	if (a == 1 && b == 2 && c == 3)
+		fake_crash("second bug");
+	return 0;
+}
+
+#endif
-- 
cgit mrf-deployment