From e72f8f11e096d36aefc41a35c718dced97c45dea Mon Sep 17 00:00:00 2001
From: Alexey Kardashevskiy <aik@linux.ibm.com>
Date: Wed, 2 Sep 2020 18:11:22 +1000
Subject: pkg/ifuzz: reorganize files to allow other architectures

At the moment ifuzz only generates x86 instructions. In order to support
instruction fuzzing for others (ARM, POWERPC), some separation of
the common and arch layers is needed.

This adds 2 packages:
1. "x86" where x86 instruction generator goes to
2. "ifuzzimpl which contains some common code.

The goal was to keep changes to the rand.go to the minimum.

The next patch will use this when adding PPC64.

This should cause no behavioural change.

Signed-off-by: Alexey Kardashevskiy <aik@linux.ibm.com>
---
 pkg/ifuzz/ifuzzimpl/ifuzzimpl.go | 145 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 145 insertions(+)
 create mode 100644 pkg/ifuzz/ifuzzimpl/ifuzzimpl.go

(limited to 'pkg/ifuzz/ifuzzimpl/ifuzzimpl.go')

diff --git a/pkg/ifuzz/ifuzzimpl/ifuzzimpl.go b/pkg/ifuzz/ifuzzimpl/ifuzzimpl.go
new file mode 100644
index 000000000..f1ea64f37
--- /dev/null
+++ b/pkg/ifuzz/ifuzzimpl/ifuzzimpl.go
@@ -0,0 +1,145 @@
+// Copyright 2017 syzkaller project authors. All rights reserved.
+// Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
+
+package ifuzzimpl
+
+import (
+	"github.com/google/syzkaller/pkg/ifuzz"
+	"math/rand"
+)
+
+var (
+	Types = make(map[string]ifuzz.InsnSet)
+)
+
+func Register(arch string, insns ifuzz.InsnSet) {
+	Types[arch] = insns
+}
+
+// ModeInsns returns list of all instructions for the given mode.
+func ModeInsns(cfg *ifuzz.Config) []ifuzz.Insn {
+	insnset := Types[cfg.Arch]
+	if cfg.Mode < 0 || cfg.Mode >= ifuzz.ModeLast {
+		panic("bad mode")
+	}
+	var insns []ifuzz.Insn
+	insns = append(insns, insnset.GetInsns(cfg.Mode, ifuzz.TypeUser)...)
+	if cfg.Priv {
+		insns = append(insns, insnset.GetInsns(cfg.Mode, ifuzz.TypePriv)...)
+		if cfg.Exec {
+			insns = append(insns, insnset.GetInsns(cfg.Mode, ifuzz.TypeExec)...)
+		}
+	}
+	return insns
+}
+
+func Generate(cfg *ifuzz.Config, r *rand.Rand) []byte {
+	var text []byte
+	for i := 0; i < cfg.Len; i++ {
+		insn := randInsn(cfg, r)
+		text = append(text, insn.Encode(cfg, r)...)
+	}
+	return text
+}
+
+func Mutate(cfg *ifuzz.Config, r *rand.Rand, text []byte) []byte {
+	insns := split(cfg, text)
+	retry := false
+	for stop := false; !stop || retry || len(insns) == 0; stop = r.Intn(2) == 0 {
+		retry = false
+		switch x := r.Intn(100); {
+		case x < 10 && len(insns) != 0:
+			// Delete instruction.
+			i := r.Intn(len(insns))
+			copy(insns[i:], insns[i+1:])
+			insns = insns[:len(insns)-1]
+		case x < 40 && len(insns) != 0:
+			// Replace instruction with another.
+			insn := randInsn(cfg, r)
+			text1 := insn.Encode(cfg, r)
+			i := r.Intn(len(insns))
+			insns[i] = text1
+		case x < 70 && len(insns) != 0:
+			// Mutate instruction.
+			i := r.Intn(len(insns))
+			text1 := insns[i]
+			for stop := false; !stop || len(text1) == 0; stop = r.Intn(2) == 0 {
+				switch x := r.Intn(100); {
+				case x < 5 && len(text1) != 0:
+					// Delete byte.
+					pos := r.Intn(len(text1))
+					copy(text1[pos:], text1[pos+1:])
+					text1 = text1[:len(text1)-1]
+				case x < 40 && len(text1) != 0:
+					// Replace a byte.
+					pos := r.Intn(len(text1))
+					text1[pos] = byte(r.Intn(256))
+				case x < 70 && len(text1) != 0:
+					// Flip a bit.
+					pos := r.Intn(len(text1))
+					text1[pos] ^= 1 << byte(r.Intn(8))
+				default:
+					// Insert a byte.
+					pos := r.Intn(len(text1) + 1)
+					text1 = append(text1, 0)
+					copy(text1[pos+1:], text1[pos:])
+					text1[pos] = byte(r.Intn(256))
+				}
+			}
+			insns[i] = text1
+		case len(insns) < cfg.Len:
+			// Insert a new instruction.
+			insn := randInsn(cfg, r)
+			text1 := insn.Encode(cfg, r)
+			i := r.Intn(len(insns) + 1)
+			insns = append(insns, nil)
+			copy(insns[i+1:], insns[i:])
+			insns[i] = text1
+		default:
+			retry = true
+		}
+	}
+	text = nil
+	for _, insn := range insns {
+		text = append(text, insn...)
+	}
+	return text
+}
+
+func randInsn(cfg *ifuzz.Config, r *rand.Rand) ifuzz.Insn {
+	insnset := Types[cfg.Arch]
+	var insns []ifuzz.Insn
+	if cfg.Priv && cfg.Exec {
+		insns = insnset.GetInsns(cfg.Mode, r.Intn(3))
+	} else if cfg.Priv {
+		insns = insnset.GetInsns(cfg.Mode, r.Intn(2))
+	} else {
+		insns = insnset.GetInsns(cfg.Mode, ifuzz.TypeUser)
+	}
+	return insns[r.Intn(len(insns))]
+}
+
+func split(cfg *ifuzz.Config, text []byte) [][]byte {
+	insnset := Types[cfg.Arch]
+	text = append([]byte{}, text...)
+	var insns [][]byte
+	var bad []byte
+	for len(text) != 0 {
+		n, err := insnset.Decode(cfg.Mode, text)
+		if err != nil || n == 0 {
+			bad = append(bad, text[0])
+			text = text[1:]
+			continue
+		}
+		if bad != nil {
+			insns = append(insns, bad)
+			bad = nil
+		}
+		insns = append(insns, text[:n])
+		text = text[n:]
+	}
+	if bad != nil {
+		insns = append(insns, bad)
+	}
+	return insns
+}
-- 
cgit mrf-deployment