From c8c15bb214509bafc8fe1a1e3abb8ccf90b3306e Mon Sep 17 00:00:00 2001 From: Dmitry Vyukov Date: Fri, 13 Dec 2024 15:15:49 +0100 Subject: tools/syz-declextract: infer argument/field types Use data flow analysis to infer syscall argument, return value, and struct field types. See the comment in pkg/declextract/typing.go for more details. --- pkg/declextract/entity.go | 49 ++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 44 insertions(+), 5 deletions(-) (limited to 'pkg/declextract/entity.go') diff --git a/pkg/declextract/entity.go b/pkg/declextract/entity.go index ba45cc51c..266647ed8 100644 --- a/pkg/declextract/entity.go +++ b/pkg/declextract/entity.go @@ -24,14 +24,16 @@ type Output struct { } type Function struct { - Name string `json:"name,omitempty"` - File string `json:"file,omitempty"` - IsStatic bool `json:"is_static,omitempty"` - LOC int `json:"loc,omitempty"` - Calls []string `json:"calls,omitempty"` + Name string `json:"name,omitempty"` + File string `json:"file,omitempty"` + IsStatic bool `json:"is_static,omitempty"` + LOC int `json:"loc,omitempty"` + Calls []string `json:"calls,omitempty"` + Facts []*TypingFact `json:"facts,omitempty"` callers int calls []*Function + facts map[string]*typingNode } type Define struct { @@ -53,6 +55,8 @@ type Syscall struct { Func string `json:"func,omitempty"` Args []*Field `json:"args,omitempty"` SourceFile string `json:"source_file,omitempty"` + + returnType string } // FileOps describes one file_operations variable. @@ -158,6 +162,41 @@ type BufferType struct { IsNonTerminated bool `json:"is_non_terminated,omitempty"` } +type TypingFact struct { + Src *TypingEntity `json:"src,omitempty"` + Dst *TypingEntity `json:"dst,omitempty"` +} + +type TypingEntity struct { + Return *EntityReturn `json:"return,omitempty"` + Argument *EntityArgument `json:"argument,omitempty"` + Field *EntityField `json:"field,omitempty"` + Local *EntityLocal `json:"local,omitempty"` + GlobalAddr *EntityGlobalAddr `json:"global_addr,omitempty"` +} + +type EntityReturn struct { + Func string `json:"func,omitempty"` +} + +type EntityArgument struct { + Func string `json:"func,omitempty"` + Arg int `json:"arg"` +} + +type EntityField struct { + Struct string `json:"struct"` + Field string `json:"field"` +} + +type EntityLocal struct { + Name string `json:"name"` +} + +type EntityGlobalAddr struct { + Name string +} + func (out *Output) Merge(other *Output) { out.Functions = append(out.Functions, other.Functions...) out.Includes = append(out.Includes, other.Includes...) -- cgit mrf-deployment