executor: prevent non-null expected warnings

The added test triggers warnings like these:

<stdin>: In function ‘syz_mount_image.constprop’:
<stdin>:298:3: error: argument 1 null where non-null expected [-Werror=nonnull]
In file included from <stdin>:26:0:
/usr/include/x86_64-linux-gnu/sys/stat.h:320:12: note: in a call to function ‘mkdir’ declared here
 extern int mkdir (const char *__path, __mode_t __mode)
            ^~~~~
cc1: all warnings being treated as errors

<stdin>: In function ‘syz_open_procfs.constprop’:
<stdin>:530:41: error: ‘%s’ directive argument is null [-Werror=format-truncation=]
<stdin>:85:110: note: in definition of macro ‘NONFAILING’
<stdin>:532:41: error: ‘%s’ directive argument is null [-Werror=format-truncation=]
<stdin>:85:110: note: in definition of macro ‘NONFAILING’
<stdin>:534:41: error: ‘%s’ directive argument is null [-Werror=format-truncation=]
<stdin>:85:110: note: in definition of macro ‘NONFAILING’

Use volatile for all arguments of syz_ functions to prevent
compiler from treating the arguments as constants in reproducers.

Popped up during bisection that used a repro that previously worked.
Update #501

executor/common.h

@@ -381,7 +381,7 @@ static uint16 csum_inet_digest(struct csum_inet* csum)
 
 #if SYZ_EXECUTOR || __NR_syz_execute_func
 // syz_execute_func(text ptr[in, text[taget]])
-static long syz_execute_func(long text)
+static long syz_execute_func(volatile long text)
 {
 	((void (*)(void))(text))();
 	return 0;

executor/common_bsd.h

@@ -161,7 +161,7 @@ static void initialize_tun(int tun_id)
 #include <stdbool.h>
 #include <sys/uio.h>
 
-static long syz_emit_ethernet(long a0, long a1)
+static long syz_emit_ethernet(volatile long a0, volatile long a1)
 {
 	// syz_emit_ethernet(len len[packet], packet ptr[in, array[int8]])
 	if (tunfd < 0)
@@ -216,7 +216,7 @@ struct tcp_resources {
 // pkg/csource hoistIncludes.
 #include <netinet/if_ether.h>
 
-static long syz_extract_tcp_res(long a0, long a1, long a2)
+static long syz_extract_tcp_res(volatile long a0, volatile long a1, volatile long a2)
 {
 	// syz_extract_tcp_res(res ptr[out, tcp_resources], seq_inc int32, ack_inc int32)
 

executor/common_fuchsia.h

@@ -220,7 +220,7 @@ static long syz_job_default(void)
 #endif
 
 #if SYZ_EXECUTOR || __NR_syz_future_time
-static long syz_future_time(long when)
+static long syz_future_time(volatile long when)
 {
 	zx_time_t delta_ms;
 	switch (when) {

executor/common_kvm_amd64.h

@@ -269,7 +269,7 @@ struct kvm_opt {
 #define KVM_SETUP_VM (1 << 6)
 
 // syz_kvm_setup_cpu(fd fd_kvmvm, cpufd fd_kvmcpu, usermem vma[24], text ptr[in, array[kvm_text, 1]], ntext len[text], flags flags[kvm_setup_flags], opts ptr[in, array[kvm_setup_opt, 0:2]], nopt len[opts])
-static uintptr_t syz_kvm_setup_cpu(uintptr_t a0, uintptr_t a1, uintptr_t a2, uintptr_t a3, uintptr_t a4, uintptr_t a5, uintptr_t a6, uintptr_t a7)
+static long syz_kvm_setup_cpu(volatile long a0, volatile long a1, volatile long a2, volatile long a3, volatile long a4, volatile long a5, volatile long a6, volatile long a7)
 {
 	const int vmfd = a0;
 	const int cpufd = a1;

executor/common_kvm_arm64.h

@@ -17,7 +17,7 @@ struct kvm_opt {
 };
 
 // syz_kvm_setup_cpu(fd fd_kvmvm, cpufd fd_kvmcpu, usermem vma[24], text ptr[in, array[kvm_text, 1]], ntext len[text], flags flags[kvm_setup_flags], opts ptr[in, array[kvm_setup_opt, 0:2]], nopt len[opts])
-static uintptr_t syz_kvm_setup_cpu(uintptr_t a0, uintptr_t a1, uintptr_t a2, uintptr_t a3, uintptr_t a4, uintptr_t a5, uintptr_t a6, uintptr_t a7)
+static long syz_kvm_setup_cpu(volatile long a0, volatile long a1, volatile long a2, volatile long a3, volatile long a4, volatile long a5, volatile long a6, volatile long a7)
 {
 	const int vmfd = a0;
 	const int cpufd = a1;

executor/common_linux.h

@@ -660,7 +660,7 @@ struct vnet_fragmentation {
 	uint32 frags[MAX_FRAGS];
 };
 
-static long syz_emit_ethernet(long a0, long a1, long a2)
+static long syz_emit_ethernet(volatile long a0, volatile long a1, volatile long a2)
 {
 	// syz_emit_ethernet(len len[packet], packet ptr[in, eth_packet], frags ptr[in, vnet_fragmentation, opt])
 	// vnet_fragmentation {
@@ -746,7 +746,7 @@ struct tcp_resources {
 	uint32 ack;
 };
 
-static long syz_extract_tcp_res(long a0, long a1, long a2)
+static long syz_extract_tcp_res(volatile long a0, volatile long a1, volatile long a2)
 {
 	// syz_extract_tcp_res(res ptr[out, tcp_resources], seq_inc int32, ack_inc int32)
 
@@ -804,7 +804,7 @@ static long syz_extract_tcp_res(long a0, long a1, long a2)
 #include <sys/stat.h>
 #include <sys/types.h>
 
-static long syz_open_dev(long a0, long a1, long a2)
+static long syz_open_dev(volatile long a0, volatile long a1, volatile long a2)
 {
 	if (a0 == 0xc || a0 == 0xb) {
 		// syz_open_dev$char(dev const[0xc], major intptr, minor intptr) fd
@@ -833,7 +833,7 @@ static long syz_open_dev(long a0, long a1, long a2)
 #include <sys/stat.h>
 #include <sys/types.h>
 
-static long syz_open_procfs(long a0, long a1)
+static long syz_open_procfs(volatile long a0, volatile long a1)
 {
 	// syz_open_procfs(pid pid, file ptr[in, string[procfs_file]]) fd
 
@@ -859,7 +859,7 @@ static long syz_open_procfs(long a0, long a1)
 #include <sys/stat.h>
 #include <sys/types.h>
 
-static long syz_open_pts(long a0, long a1)
+static long syz_open_pts(volatile long a0, volatile long a1)
 {
 	// syz_openpts(fd fd[tty], flags flags[open_flags]) fd[tty]
 	int ptyno = 0;
@@ -882,7 +882,7 @@ static long syz_open_pts(long a0, long a1)
 const int kInitNetNsFd = 239; // see kMaxFd
 // syz_init_net_socket opens a socket in init net namespace.
 // Used for families that can only be created in init net namespace.
-static long syz_init_net_socket(long domain, long type, long proto)
+static long syz_init_net_socket(volatile long domain, volatile long type, volatile long proto)
 {
 	int netns = open("/proc/self/ns/net", O_RDONLY);
 	if (netns == -1)
@@ -898,7 +898,7 @@ static long syz_init_net_socket(long domain, long type, long proto)
 	return sock;
 }
 #else
-static long syz_init_net_socket(long domain, long type, long proto)
+static long syz_init_net_socket(volatile long domain, volatile long type, volatile long proto)
 {
 	return syscall(__NR_socket, domain, type, proto);
 }
@@ -912,7 +912,7 @@ static long syz_init_net_socket(long domain, long type, long proto)
 #include <sys/socket.h>
 #include <sys/types.h>
 
-static long syz_genetlink_get_family_id(long name)
+static long syz_genetlink_get_family_id(volatile long name)
 {
 	char buf[512] = {0};
 	struct nlmsghdr* hdr = (struct nlmsghdr*)buf;
@@ -991,7 +991,7 @@ struct fs_image_segment {
 
 #if SYZ_EXECUTOR || __NR_syz_read_part_table
 // syz_read_part_table(size intptr, nsegs len[segments], segments ptr[in, array[fs_image_segment]])
-static long syz_read_part_table(unsigned long size, unsigned long nsegs, long segments)
+static long syz_read_part_table(volatile unsigned long size, volatile unsigned long nsegs, volatile long segments)
 {
 	char loopname[64], linkname[64];
 	int loopfd, err = 0, res = -1;
@@ -1091,7 +1091,7 @@ error:
 //	size	len[data, intptr]
 //	offset	intptr
 //}
-static long syz_mount_image(long fsarg, long dir, unsigned long size, unsigned long nsegs, long segments, long flags, long optsarg)
+static long syz_mount_image(volatile long fsarg, volatile long dir, volatile unsigned long size, volatile unsigned long nsegs, volatile long segments, volatile long flags, volatile long optsarg)
 {
 	char loopname[64], fs[32], opts[256];
 	int loopfd, err = 0, res = -1;
@@ -1200,7 +1200,7 @@ error:
 #elif GOARCH_arm64
 #include "common_kvm_arm64.h"
 #else
-static long syz_kvm_setup_cpu(long a0, long a1, long a2, long a3, long a4, long a5, long a6, long a7)
+static long syz_kvm_setup_cpu(volatile long a0, volatile long a1, volatile long a2, volatile long a3, volatile long a4, volatile long a5, volatile long a6, volatile long a7)
 {
 	return 0;
 }

executor/common_test.h

@@ -10,7 +10,7 @@
 #include <sys/mman.h>
 
 // syz_mmap(addr vma, len len[addr])
-static long syz_mmap(long a0, long a1)
+static long syz_mmap(volatile long a0, volatile long a1)
 {
 	return (long)mmap((void*)a0, a1, PROT_READ | PROT_WRITE, MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0);
 }
@@ -20,7 +20,7 @@ static long syz_mmap(long a0, long a1)
 #include <errno.h>
 
 // syz_errno(v int32)
-static long syz_errno(long v)
+static long syz_errno(volatile long v)
 {
 	errno = v;
 	return v == 0 ? 0 : -1;
@@ -29,7 +29,7 @@ static long syz_errno(long v)
 
 #if SYZ_EXECUTOR || __NR_syz_exit
 // syz_exit(status int32)
-static long syz_exit(long status)
+static long syz_exit(volatile long status)
 {
 	_exit(status);
 	return 0;
@@ -41,7 +41,7 @@ static long syz_exit(long status)
 #include <string.h>
 
 // syz_compare(want ptr[in, string], want_len len[want], got ptr[in, compare_data], got_len len[got])
-static long syz_compare(long want, long want_len, long got, long got_len)
+static long syz_compare(volatile long want, volatile long want_len, volatile long got, volatile long got_len)
 {
 	if (want_len != got_len) {
 		debug("syz_compare: want_len=%lu got_len=%lu\n", want_len, got_len);
@@ -65,7 +65,7 @@ static long syz_compare(long want, long want_len, long got, long got_len)
 #include <stdarg.h>
 
 // syz_compare_int$4(n const[2], v0 intptr, v1 intptr, v2 intptr, v3 intptr)
-static long syz_compare_int(long n, ...)
+static long syz_compare_int(volatile long n, ...)
 {
 	va_list args;
 	va_start(args, n);

pkg/csource/csource_test.go

@@ -67,9 +67,16 @@ func testTarget(t *testing.T, target *prog.Target, full bool) {
 	rs := rand.NewSource(seed)
 	t.Logf("seed=%v", seed)
 	p := target.Generate(rs, 10, nil)
-	p.Calls = append(p.Calls, target.GenerateAllSyzProg(rs).Calls...)
+	// Turns out that fully minimized program can trigger new interesting warnings,
+	// e.g. about NULL arguments for functions that require non-NULL arguments in syz_ functions.
+	// We could append both AllSyzProg as-is and a minimized version of it,
+	// but this makes the NULL argument warnings go away (they showed up in ".constprop" versions).
+	// Testing 2 programs takes too long since we have lots of options permutations and OS/arch.
+	// So we use the as-is in short tests and minimized version in full tests.
+	syzProg := target.GenerateAllSyzProg(rs)
 	var opts []Options
 	if !full || testing.Short() {
+		p.Calls = append(p.Calls, syzProg.Calls...)
 		opts = allOptionsSingle(target.OS)
 		// This is the main configuration used by executor,
 		// so we want to test it as well.
@@ -83,6 +90,10 @@ func testTarget(t *testing.T, target *prog.Target, full bool) {
 			UseTmpDir: true,
 		})
 	} else {
+		minimized, _ := prog.Minimize(syzProg, -1, false, func(p *prog.Prog, call int) bool {
+			return len(p.Calls) == len(syzProg.Calls)
+		})
+		p.Calls = append(p.Calls, minimized.Calls...)
 		opts = allOptionsPermutations(target.OS)
 	}
 	for opti, opts := range opts {

pkg/csource/generated.go

@@ -362,7 +362,7 @@ static uint16 csum_inet_digest(struct csum_inet* csum)
 #endif
 
 #if SYZ_EXECUTOR || __NR_syz_execute_func
-static long syz_execute_func(long text)
+static long syz_execute_func(volatile long text)
 {
 	((void (*)(void))(text))();
 	return 0;
@@ -548,7 +548,7 @@ static void initialize_tun(int tun_id)
 #include <stdbool.h>
 #include <sys/uio.h>
 
-static long syz_emit_ethernet(long a0, long a1)
+static long syz_emit_ethernet(volatile long a0, volatile long a1)
 {
 	if (tunfd < 0)
 		return (uintptr_t)-1;
@@ -599,7 +599,7 @@ struct tcp_resources {
 #include <netinet/tcp.h>
 #include <netinet/if_ether.h>
 
-static long syz_extract_tcp_res(long a0, long a1, long a2)
+static long syz_extract_tcp_res(volatile long a0, volatile long a1, volatile long a2)
 {
 
 	if (tunfd < 0)
@@ -957,7 +957,7 @@ static long syz_job_default(void)
 #endif
 
 #if SYZ_EXECUTOR || __NR_syz_future_time
-static long syz_future_time(long when)
+static long syz_future_time(volatile long when)
 {
 	zx_time_t delta_ms;
 	switch (when) {
@@ -1579,7 +1579,7 @@ struct vnet_fragmentation {
 	uint32 frags[MAX_FRAGS];
 };
 
-static long syz_emit_ethernet(long a0, long a1, long a2)
+static long syz_emit_ethernet(volatile long a0, volatile long a1, volatile long a2)
 {
 	if (tunfd < 0)
 		return (uintptr_t)-1;
@@ -1657,7 +1657,7 @@ struct tcp_resources {
 	uint32 ack;
 };
 
-static long syz_extract_tcp_res(long a0, long a1, long a2)
+static long syz_extract_tcp_res(volatile long a0, volatile long a1, volatile long a2)
 {
 
 	if (tunfd < 0)
@@ -1713,7 +1713,7 @@ static long syz_extract_tcp_res(long a0, long a1, long a2)
 #include <sys/stat.h>
 #include <sys/types.h>
 
-static long syz_open_dev(long a0, long a1, long a2)
+static long syz_open_dev(volatile long a0, volatile long a1, volatile long a2)
 {
 	if (a0 == 0xc || a0 == 0xb) {
 		char buf[128];
@@ -1739,7 +1739,7 @@ static long syz_open_dev(long a0, long a1, long a2)
 #include <sys/stat.h>
 #include <sys/types.h>
 
-static long syz_open_procfs(long a0, long a1)
+static long syz_open_procfs(volatile long a0, volatile long a1)
 {
 
 	char buf[128];
@@ -1764,7 +1764,7 @@ static long syz_open_procfs(long a0, long a1)
 #include <sys/stat.h>
 #include <sys/types.h>
 
-static long syz_open_pts(long a0, long a1)
+static long syz_open_pts(volatile long a0, volatile long a1)
 {
 	int ptyno = 0;
 	if (ioctl(a0, TIOCGPTN, &ptyno))
@@ -1784,7 +1784,7 @@ static long syz_open_pts(long a0, long a1)
 #include <unistd.h>
 
 const int kInitNetNsFd = 239;
-static long syz_init_net_socket(long domain, long type, long proto)
+static long syz_init_net_socket(volatile long domain, volatile long type, volatile long proto)
 {
 	int netns = open("/proc/self/ns/net", O_RDONLY);
 	if (netns == -1)
@@ -1800,7 +1800,7 @@ static long syz_init_net_socket(long domain, long type, long proto)
 	return sock;
 }
 #else
-static long syz_init_net_socket(long domain, long type, long proto)
+static long syz_init_net_socket(volatile long domain, volatile long type, volatile long proto)
 {
 	return syscall(__NR_socket, domain, type, proto);
 }
@@ -1814,7 +1814,7 @@ static long syz_init_net_socket(long domain, long type, long proto)
 #include <sys/socket.h>
 #include <sys/types.h>
 
-static long syz_genetlink_get_family_id(long name)
+static long syz_genetlink_get_family_id(volatile long name)
 {
 	char buf[512] = {0};
 	struct nlmsghdr* hdr = (struct nlmsghdr*)buf;
@@ -1892,7 +1892,7 @@ struct fs_image_segment {
 #endif
 
 #if SYZ_EXECUTOR || __NR_syz_read_part_table
-static long syz_read_part_table(unsigned long size, unsigned long nsegs, long segments)
+static long syz_read_part_table(volatile unsigned long size, volatile unsigned long nsegs, volatile long segments)
 {
 	char loopname[64], linkname[64];
 	int loopfd, err = 0, res = -1;
@@ -1983,7 +1983,7 @@ error:
 #if SYZ_EXECUTOR || __NR_syz_mount_image
 #include <string.h>
 #include <sys/mount.h>
-static long syz_mount_image(long fsarg, long dir, unsigned long size, unsigned long nsegs, long segments, long flags, long optsarg)
+static long syz_mount_image(volatile long fsarg, volatile long dir, volatile unsigned long size, volatile unsigned long nsegs, volatile long segments, volatile long flags, volatile long optsarg)
 {
 	char loopname[64], fs[32], opts[256];
 	int loopfd, err = 0, res = -1;
@@ -2411,7 +2411,7 @@ struct kvm_opt {
 #define KVM_SETUP_VIRT86 (1 << 4)
 #define KVM_SETUP_SMM (1 << 5)
 #define KVM_SETUP_VM (1 << 6)
-static uintptr_t syz_kvm_setup_cpu(uintptr_t a0, uintptr_t a1, uintptr_t a2, uintptr_t a3, uintptr_t a4, uintptr_t a5, uintptr_t a6, uintptr_t a7)
+static long syz_kvm_setup_cpu(volatile long a0, volatile long a1, volatile long a2, volatile long a3, volatile long a4, volatile long a5, volatile long a6, volatile long a7)
 {
 	const int vmfd = a0;
 	const int cpufd = a1;
@@ -2961,7 +2961,7 @@ struct kvm_opt {
 	uint64 typ;
 	uint64 val;
 };
-static uintptr_t syz_kvm_setup_cpu(uintptr_t a0, uintptr_t a1, uintptr_t a2, uintptr_t a3, uintptr_t a4, uintptr_t a5, uintptr_t a6, uintptr_t a7)
+static long syz_kvm_setup_cpu(volatile long a0, volatile long a1, volatile long a2, volatile long a3, volatile long a4, volatile long a5, volatile long a6, volatile long a7)
 {
 	const int vmfd = a0;
 	const int cpufd = a1;
@@ -3028,7 +3028,7 @@ static uintptr_t syz_kvm_setup_cpu(uintptr_t a0, uintptr_t a1, uintptr_t a2, uin
 }
 
 #else
-static long syz_kvm_setup_cpu(long a0, long a1, long a2, long a3, long a4, long a5, long a6, long a7)
+static long syz_kvm_setup_cpu(volatile long a0, volatile long a1, volatile long a2, volatile long a3, volatile long a4, volatile long a5, volatile long a6, volatile long a7)
 {
 	return 0;
 }
@@ -4341,7 +4341,7 @@ static void reset_test()
 
 #if SYZ_EXECUTOR || __NR_syz_mmap
 #include <sys/mman.h>
-static long syz_mmap(long a0, long a1)
+static long syz_mmap(volatile long a0, volatile long a1)
 {
 	return (long)mmap((void*)a0, a1, PROT_READ | PROT_WRITE, MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0);
 }
@@ -4349,7 +4349,7 @@ static long syz_mmap(long a0, long a1)
 
 #if SYZ_EXECUTOR || __NR_syz_errno
 #include <errno.h>
-static long syz_errno(long v)
+static long syz_errno(volatile long v)
 {
 	errno = v;
 	return v == 0 ? 0 : -1;
@@ -4357,7 +4357,7 @@ static long syz_errno(long v)
 #endif
 
 #if SYZ_EXECUTOR || __NR_syz_exit
-static long syz_exit(long status)
+static long syz_exit(volatile long status)
 {
 	_exit(status);
 	return 0;
@@ -4367,7 +4367,7 @@ static long syz_exit(long status)
 #if SYZ_EXECUTOR || __NR_syz_compare
 #include <errno.h>
 #include <string.h>
-static long syz_compare(long want, long want_len, long got, long got_len)
+static long syz_compare(volatile long want, volatile long want_len, volatile long got, volatile long got_len)
 {
 	if (want_len != got_len) {
 		debug("syz_compare: want_len=%lu got_len=%lu\n", want_len, got_len);
@@ -4389,7 +4389,7 @@ static long syz_compare(long want, long want_len, long got, long got_len)
 #if SYZ_EXECUTOR || __NR_syz_compare_int
 #include <errno.h>
 #include <stdarg.h>
-static long syz_compare_int(long n, ...)
+static long syz_compare_int(volatile long n, ...)
 {
 	va_list args;
 	va_start(args, n);