syzkaller

mirror of https://github.com/reactos/syzkaller.git synced 2024-11-23 19:39:40 +00:00

Author	SHA1	Message	Date
Andrey Konovalov	96ee88d82d	prog: fix buffer type with value 0x0 in tests	2017-05-26 16:35:11 +02:00
Andrey Konovalov	1813bf304a	prog: remove unexpected resource generation calls whitelist I think resource being a part of a variable length array or a union option is an acceptable usecase. I've started hitting this panic with some SCTP setsockopts after making SCTP assoc_id a resource.	2017-05-26 16:24:32 +02:00
Andrey Konovalov	209dba0111	prog: better validate int and buffer types	2017-05-26 16:24:13 +02:00
Andrey Konovalov	f919224c44	sys, executor: extract tcp sequence numbers from /dev/net/tun This commit adds a new pseudo syscall syz_extract_tcp_res, that reads a packet from /dev/net/tun and extracts tcp sequence numbers to be used in subsequent packets. As a result this syzkaller program: mmap(&(0x7f0000000000/0x10000)=nil, (0x10000), 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty=0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10) listen(r0, 0x5) syz_emit_ethernet(0x36, &(0x7f0000002000)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0x0}, @random="4c6112cc15d8", [], {{0x800, @ipv4={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @remote={0xac, 0x14, 0x0, 0xbb}, @local={0xac, 0x14, 0x0, 0xaa}, {[]}}, @tcp={{0x1, 0x0, 0x42424242, 0x42424242, 0x0, 0x0, 0x5, 0x2, 0x0, 0x0, 0x0, {[]}}, {""}}}}}}) syz_extract_tcp_res(&(0x7f0000003000)={<r1=>0x42424242, <r2=>0x42424242}, 0x1, 0x0) syz_emit_ethernet(0x38, &(0x7f0000004000)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0x0}, @remote={[0xbb, 0xbb, 0xbb, 0xbb, 0xbb], 0x0}, [], {{0x800, @ipv4={{0x5, 0x4, 0x0, 0x0, 0x2a, 0x0, 0x0, 0x0, 0x6, 0x0, @remote={0xac, 0x14, 0x0, 0xbb}, @local={0xac, 0x14, 0x0, 0xaa}, {[]}}, @tcp={{0x1, 0x0, r2, r1, 0x0, 0x0, 0x5, 0x10, 0x0, 0x0, 0x0, {[]}}, {"0c10"}}}}}}) r3 = accept$inet(r0, &(0x7f0000005000)={0x0, 0x0, @multicast1=0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, &(0x7f0000006000)=0x10) established a TCP connection: Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:20000 0.0.0.0:* LISTEN 5477/a.out tcp 2 0 172.20.0.170:20000 172.20.0.187:20001 ESTABLISHED 5477/a.out Similar program for IPv6: mmap(&(0x7f0000000000/0x10000)=nil, (0x10000), 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x1, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x0}, 0x1c) listen(r0, 0x5) syz_emit_ethernet(0x4a, &(0x7f0000001000)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0x0}, @random="de895db1468d", [], {{0x86dd, @ipv6={0x0, 0x6, "a228af", 0x14, 0x6, 0x0, @remote={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xbb}, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xaa}, {[], @tcp={{0x0, 0x1, 0x42424242, 0x42424242, 0x0, 0x0, 0x5, 0x2, 0x0, 0x0, 0x0, {[]}}, {""}}}}}}}) syz_extract_tcp_res(&(0x7f0000002000)={<r1=>0x42424242, <r2=>0x42424242}, 0x1, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000003000)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0x0}, @random="de895db1468d", [], {{0x86dd, @ipv6={0x0, 0x6, "a228af", 0x14, 0x6, 0x0, @remote={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xbb}, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xaa}, {[], @tcp={{0x0, 0x1, r2, r1, 0x0, 0x0, 0x5, 0x10, 0x0, 0x0, 0x0, {[]}}, {""}}}}}}}) r3 = accept$inet6(r0, &(0x7f0000004000)={0x0, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x0}, &(0x7f0000005000)=0x1c) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp6 0 0 :::20001 :::* LISTEN 5527/a.out tcp6 0 0 fe80::aa:20001 fe80::bb:20000 ESTABLISHED 5527/a.out	2017-05-26 14:28:09 +02:00
Andrey Konovalov	ac0c70f74a	prog, executor: move checksum computation to executor This commit moves checksum computation to executor. This will allow to embed dynamically generated values (like TCP sequence numbers) into packets.	2017-05-12 15:47:59 +02:00
Dmitry Vyukov	0036885d53	prog: fix dynamic prio calculation Dynamic prio is meant to prioritize calls that are already used together in existing programs. The calculation used call index in the program instead of call ID, which does not make any sense and is a plain bug. It prioritized calls starting from 'a' (as syscalls are sorted). Use call ID for dynamic prio calculation. Static prios for add_key: 1.0000 keyctl$search 1.0000 request_key 1.0000 add_key 0.5411 keyctl$assume_authority 0.5411 keyctl$setperm 0.5411 keyctl$set_timeout 0.5411 keyctl$unlink 0.5411 keyctl$revoke 0.5411 keyctl$reject 0.5411 keyctl$read 0.5411 keyctl$negate 0.5411 keyctl$link 0.5411 keyctl$join 0.5411 keyctl$invalidate 0.5411 keyctl$instantiate_iov 0.5411 keyctl$instantiate 0.5411 keyctl$get_security 0.5411 keyctl$get_persistent 0.5411 keyctl$update Dynamic prios before fix: 0.1000 accept 0.1000 accept$alg 0.1000 accept$ax25 0.1000 accept$inet 0.1000 accept$inet6 0.1000 accept$inet_sctp 0.1000 accept$ipx 0.1000 accept$netrom 0.1000 accept$nfc_llcp 0.1000 accept$unix 0.1000 accept4 0.1000 accept4$ax25 0.1000 accept4$inet 0.1000 accept4$inet6 0.1000 accept4$inet_sctp 0.1000 accept4$ipx 0.1000 accept4$unix 0.1000 acct Dynamic prios after fix: 0.2465 request_key 0.1142 keyctl$search 0.1000 add_key 0.1000 perf_event_open 0.0766 keyctl$invalidate 0.0717 keyctl$setperm 0.0717 keyctl$unlink 0.0717 keyctl$instantiate_iov 0.0681 keyctl$read 0.0649 keyctl$update 0.0649 keyctl$chown 0.0645 keyctl$link 0.0645 keyctl$get_security 0.0631 keyctl$revoke 0.0622 keyctl$clear 0.0622 keyctl$reject 0.0618 keyctl$set_timeout 0.0618 keyctl$negate 0.0613 keyctl$instantiate Fixes #164	2017-05-02 12:28:48 +02:00
Dmitry Vyukov	bba1519958	prog: fix mknod sanitization mknod mode also includes ownership flags, so filter out the node type. Also allow creation of loop nodes. Remove mount$fs as it does not seem to make any sense.	2017-02-14 11:56:41 +01:00
Andrey Konovalov	9989eadf77	prog: fix cheking nonoptional nil pointers in validation Also update validation code to use arg.Type instead of passing typ recusively.	2017-02-09 21:33:14 +01:00
Andrey Konovalov	0130c7b34e	prog, sys: add icmpv6 packet descriptions and checksums Also generalize checksums into the two kinds: inet and pseudo. Inet checksums is just the Internet checksum of a packet. Pseudo checksum is the Internet checksum of a packet with a pseudo header.	2017-02-08 17:11:54 +01:00
Andrey Konovalov	b4bdefbe9b	prog, sys: add icmp descriptions and checksum	2017-02-06 20:24:49 +01:00
Dmitry Vyukov	df41f80177	prog: reformat code	2017-02-02 20:26:43 +01:00
Andrey Konovalov	13266cc0b6	prog, sys: add udp description and checksum	2017-02-02 19:19:32 +01:00
Andrey Konovalov	97ebf05eb9	prog, sys: add ipv6 description and checksum	2017-02-02 16:30:47 +01:00
Andrey Konovalov	9e6516d4e9	prog: limit prog size when splicing	2017-02-01 16:47:44 +01:00
Andrey Konovalov	d875900eb8	prog: format checksum_test.go	2017-01-31 18:41:17 +01:00
Andrey Konovalov	1f7f5daef8	prog, sys: add tcp packets descriptions Also embed tcp checksums into packets.	2017-01-30 21:00:45 +01:00
Andrey Konovalov	63b16a5d5c	prog, sys: add csum type, embed checksums for ipv4 packets This change adds a `csum[kind, type]` type. The only available kind right now is `ipv4`. Using `csum[ipv4, int16be]` in `ipv4_header` makes syzkaller calculate and embed correct checksums into ipv4 packets.	2017-01-25 20:31:13 +01:00
Andrey Konovalov	c8d03a05f3	prog: move size-related functions to size.go	2017-01-25 16:33:37 +01:00
Dmitry Vyukov	40723a067e	prog: validate deserialized programs The optimization change removed validation too aggressively. We do need program validation during deserialization, because we can get bad programs from corpus or hub. Restore program validation after deserialization.	2017-01-24 10:53:21 +01:00
Andrey Konovalov	1cf6a05e0e	sys, prog: add length of parent of parent to templates Example: ``` struct s1 { f0 len[s2] # length of s2 } struct s2 { f0 s1 f1 array[int32] } ```	2017-01-23 18:13:11 +01:00
Andrey Konovalov	b323c5aaa9	prog: add FieldName to Type FieldName() is the name of the struct field or union option with this type. TypeName() is now always the name of the type.	2017-01-23 18:13:06 +01:00
Dmitry Vyukov	a7e4a49fae	all: spot optimizations A bunch of spot optmizations after cpu/memory profiling: 1. Optimize hot-path coverage comparison in fuzzer. 2. Don't allocate and copy serialized program, serialize directly into shmem. 3. Reduce allocations during parsing of output shmem (encoding/binary sucks). 4. Don't allocate and copy coverage arrays, refer directly to the shmem region (we are not going to mutate them). 5. Don't validate programs outside of tests, validation allocates tons of memory. 6. Replace the choose primitive with simpler switches. Choose allocates fullload of memory (for int, func, and everything the func refers). 7. Other minor optimizations.	2017-01-20 23:55:25 +01:00
Dmitry Vyukov	758a06c51f	prog: generate larger arrays Currently we generate arrays of size [0,5] with equal probability. Generate [0,10] with bias towards smaller arrays. But 0 has the lowest probability. I've benchmark a slightly different change with max array size of 20, results are somewhat inconclusive: it was better than baseline almost all way, but baseline suddenly caught up at the end. It also considerably reduced executions per second (by ~20%). So increasing array size to 10 should be a win...	2017-01-20 14:56:20 +01:00
Dmitry Vyukov	c4901df5c3	prog: mutate programs more aggressively Currently we stop mutating with 50% probability. Stop mutating with 33% probability instead. Benchmark shows both coverage increase and corpus reduction: baseline oneof3 diff coverage 65467 65604 137 corpus 35423 35354 -69 exec total 5474879 5023268 -451611	2017-01-20 14:56:20 +01:00
Dmitry Vyukov	b218a25ecb	prog: mutate int arguments Mutate int arguments instead of regenerating. Benchmark shows strong increase of coverage: baseline mutateconst diff coverage 65467 65744 +277 corpus 35423 35638 +215 exec total 5474879 5197932 -276947	2017-01-20 14:56:20 +01:00
Andrey Konovalov	243c4bf89c	prog: fix bytesizeN for nonarray fields	2017-01-19 20:46:26 +01:00
Andrey Konovalov	8625843eeb	prog: fix calculating parent length in struct with bitfields	2017-01-19 20:46:26 +01:00
Andrey Konovalov	872e436375	prog, sys: fix padding varlen structs	2017-01-19 15:22:04 +01:00
Dmitry Vyukov	4f62bc36e5	sys: improve sockaddr_un description 1. Embed real filename. 2. Use proc type for unique identifiers.	2017-01-18 19:58:12 +01:00
Dmitry Vyukov	10d2014b72	sys: drop kdbus description kdbus haven't been merged into mainline, unmaintained and seems to be replaced by bus1.	2017-01-18 19:58:12 +01:00
Andrey Konovalov	a370347640	prog: add tests for alignment and offsets	2017-01-18 19:23:01 +01:00
Andrey Konovalov	8ff4256eb0	prog: fix union and struct offsets in SerializeForExec	2017-01-18 19:22:56 +01:00
Andrey Konovalov	023345d694	prog, sys: correctly calculate size of varlen structs	2017-01-18 19:16:11 +01:00
Andrey Konovalov	109c58ef68	prog: mutate sized strings with respect to size	2017-01-18 19:16:07 +01:00
Andrey Konovalov	11fa77cbbe	prog, sys: fix struct with bitfields size calculation	2017-01-18 13:07:53 +01:00
Andrey Konovalov	9d963ea599	prog: fix Size() for unions args	2017-01-18 13:07:53 +01:00
Andrey Konovalov	54e0cede43	prog: add bitfields to templates Now it's possible to use `int32:18` to denote a bitfield of size 18 as a struct field. This fixes #72.	2017-01-17 13:25:33 +01:00
Dmitry Vyukov	ff8c0180ab	sys, executor: more kvm improvements 1. Basic support for arm64 kvm testing. 2. Fix compiler warnings in x86 kvm code. 3. Test all pseudo syz calls in csource. 4. Fix handling of real code in x86.	2017-01-12 11:57:17 +01:00
Dmitry Vyukov	b8e1000d66	ifuzz: add package for generation/mutation of machine code Add ifuzz package that can generate/mutate machine code. It is based on Intel XED and for now supports only x86 code (all of real, protected 16/32 and long modes). This considerably increases KVM coverage.	2017-01-09 20:28:27 +01:00
Dmitry Vyukov	bbd4840872	sys: extend kvm support Add new pseudo syscall syz_kvm_setup_cpu that setups VCPU into interesting states for execution. KVM is too difficult to setup otherwise. Lots of improvements possible, but this is a starting point.	2017-01-09 20:28:10 +01:00
Dmitry Vyukov	c377a6514d	prog: reformat source	2017-01-09 20:26:34 +01:00
Dmitry Vyukov	244c5f60fd	prog: spoof resources less frequently Passing -1 as file descriptors and passing wrong types proved to be not very intersting.	2017-01-09 20:20:49 +01:00
Dmitry Vyukov	94b38efc1d	sys: allow to specify number of pages for vma type Allows to write vma[4] or vma[5-10] to specify desired number of pages.	2017-01-09 20:20:48 +01:00
Dmitry Vyukov	b5aa8b4506	prog: test that Deserialize does not return nil prog That happened when parser did not check scanning errors and a program contains too long line.	2017-01-09 20:19:44 +01:00
Dmitry Vyukov	0913359f79	prog: increase line length limit when deserializing programs bufio.Scanner has a default limit of 4K per line, if a program contains longer line, it fails. Extend the limit to 64K. Also check scanning errors. Turns out even scanning of bytes.Buffer can fail due to the line limit.	2017-01-09 20:19:44 +01:00
Andrey Konovalov	df98b6bde5	prog: add bytesizeN types	2016-12-20 18:12:07 +01:00
Andrey Konovalov	55e1e51c1c	prog: remove unused inport() and inaddr()	2016-11-29 17:46:02 +01:00
Andrey Konovalov	2429a7b034	sys: move sockaddr description to templates	2016-11-29 16:39:02 +01:00
Andrey Konovalov	86917cc3a7	sys: move in_addr description to templates	2016-11-29 16:39:02 +01:00
Dmitry Vyukov	5d94283455	ipc, prog, sysgen: format code	2016-11-25 20:17:32 +01:00
Andrey Konovalov	253a40f30d	sys: add proc type to denote per proccess integers	2016-11-25 17:51:41 +01:00
Andrey Konovalov	fa9c44b568	prog: minimize based on individual args	2016-11-25 17:22:42 +01:00
Andrey Konovalov	1107daa8e7	Merge pull request #90 from xairy/combine-progs Combine progs from corpus	2016-11-25 09:59:30 +01:00
Andrey Konovalov	a5df734b8d	fuzzer: combine progs from corpus	2016-11-25 09:58:17 +01:00
Dmitry Vyukov	4de5c7eb20	prog: fix pointer direction validation Currently the added test description leads to crashes: --- FAIL: TestMinimizeRandom (0.12s) prog_test.go:20: seed=1480014002950172453 panic: syscall syz_test$regression0: pointer arg 'f0' has output direction [recovered] panic: syscall syz_test$regression0: pointer arg 'f0' has output direction The description is OK. Fix that.	2016-11-24 20:20:05 +01:00
Andrey Konovalov	557cc42a1f	prog: better validate arg data	2016-11-22 16:06:45 +01:00
Andrey Konovalov	c1c3a73cd9	prog: fix checks for max and min len when mutating a bin blob	2016-11-22 15:56:24 +01:00
Dmitry Vyukov	578ee4fa8d	prog: sanitize mknodat the same way as mknod	2016-11-18 10:24:13 +01:00
Dmitry Vyukov	cd74cc9cf4	syz-hub: add program syz-hub is used to exchange programs between syz-managers.	2016-11-17 18:38:10 +01:00
Dmitry Vyukov	07cfd16167	prog: fix validation of len arguments We generate output len arguments, so don't crash on that.	2016-11-12 12:00:38 -08:00
Dmitry Vyukov	3a65453870	sys: allow to specify buffer size for strings This allows to write: string[salg_type, 14] which will give a string buffer of size 14 regardless of actual string size. Convert salg_type/salg_name to this.	2016-11-11 14:34:41 -08:00
Dmitry Vyukov	588a542b2a	sys: add string flags Allow to define string flags in txt descriptions. E.g.: filesystem = "ext2", "ext3", "ext4" and then use it in string type: ptr[in, string[filesystem]]	2016-11-11 14:33:37 -08:00
Dmitry Vyukov	f085c198ba	sys: replace FileoffType with IntType{Kind: IntFileoff} FileoffType is effectively an int, no need for a separate type. Also remove fd option from fileoff as it is unused and use story is unclear.	2016-11-11 14:32:38 -08:00
Dmitry Vyukov	8b731ed4b7	sys: replace FilenameType with BufferType{Kind: BufferFilename} FilenameType is effectively a buffer, there is no need for a separate type.	2016-11-11 14:32:19 -08:00
Dmitry Vyukov	b40d502736	prog: remote Type argument from Arg.Size/Value They are not necessary since we now always have types attached to args. Also remove sys.Type.InnerType as it is not necessary now as well.	2016-11-11 14:31:55 -08:00
Dmitry Vyukov	1838728cc1	prog: simplify assignSizes Now that we always have types attached to args, assignSizes can be considerably simplified.	2016-11-11 14:30:20 -08:00
Dmitry Vyukov	1a85811d68	prog: assign types to args during construction Eliminate assignTypeAndDir function and instead assign types to all args during construction. This will allow considerable simplifation of assignSizes.	2016-11-11 14:29:52 -08:00
Dmitry Vyukov	d3a93e8370	sys: attach Dir to all types Dir is a static info, so we don't need to compute, propagate and attach it in prog whenever we generate/change programs. Attach Dir to all types.	2016-11-11 14:27:54 -08:00
Dmitry Vyukov	959ec07095	sys: always use pointers to types Currently we store most types by value in sys.Type. This is somewhat counter-intuitive for C++ programmers, because one can't easily update the type object. Store pointers to type objects for all types. It also makes it easier to update types, e.g. adding paddings.	2016-11-11 14:25:13 -08:00
Dmitry Vyukov	be566e352b	prog: go fmt	2016-10-16 08:15:24 +02:00
Andrey Konovalov	e4edb0e20b	Add tests for big-endian ints	2016-10-13 15:38:58 +02:00
Andrey Konovalov	7686d19aff	Add big-endian ints	2016-10-13 15:38:53 +02:00
Andrey Konovalov	55cd443931	Fix validate, detect nil non-optional pointer	2016-10-11 20:54:28 +02:00
Andrey Konovalov	d7ba1b8f86	Add assign len fields tests	2016-10-11 20:09:25 +02:00
Andrey Konovalov	78f79fee93	Refactor & improve len type handling	2016-10-11 20:09:19 +02:00
Dmitry Vyukov	afb08bdd3c	prog: fix serialized program in a test Also test at least deserialization of these programs in short mode.	2016-10-07 13:43:43 +02:00
Andrey Konovalov	f2d77726c8	Add exec serialize tests for array[int8]	2016-10-04 18:50:02 +02:00
Andrey Konovalov	c99cbdbe58	Emit BufferBlob for array[int8]	2016-10-04 18:49:57 +02:00
Dmitry Vyukov	3ca39dfc4d	sys: add padding to structs again Struct padding was accidentially lost after: `852e3d2eae` Restore it. Now with tests. Fixes #78	2016-09-29 13:30:08 +02:00
Dmitry Vyukov	bf21057e7c	prog: add a test for union layout This is a retrospect tests for the union bug fixed in: `91eb1b922f`	2016-09-29 12:21:26 +02:00
Dmitry Vyukov	11a690d275	sys, prog: add tests for description parsing and serialization Add sys/test.txt file with description of syscalls for tests. These descriptions can be used to ensure that we can parse everything we clain we can parse. Use these descriptions to write several tests for exec serialization (one test shows that alignment handling is currently incorrect). These test descriptions can also be used to write e.g. mutation tests. Update #78	2016-09-28 20:06:42 +02:00
Dmitry Vyukov	8904ff96b5	prog: add a simple test for exec encoding	2016-09-24 11:46:43 +02:00
Dmitry Vyukov	8f1cbd29ba	Merge pull request #71 from xairy/blob_mutation Better blob mutation	2016-09-19 19:43:53 +02:00
Dmitry Vyukov	d18f8aa366	Merge pull request #73 from xairy/ranged_arrays Allow range sized arrays	2016-09-19 19:42:00 +02:00
Andrey Konovalov	36d9371a19	prog: return struct size when generating args	2016-09-19 16:33:32 +02:00
Andrey Konovalov	91eb1b922f	prog: skip union when calculating field offset	2016-09-19 16:27:40 +02:00
Andrey Konovalov	f41935d53f	Allow range sized arrays	2016-09-19 16:16:24 +02:00
Andrey Konovalov	705a657fbe	Better blob mutation	2016-09-19 15:55:28 +02:00
Dmitry Vyukov	77f435b4f7	prog: more checks during program validation	2016-09-05 12:49:47 +02:00
Dmitry Vyukov	852e3d2eae	sys: support recursive structs A struct can have a pointer to itself directly or indirectly. Currently it leads to inifinite recursion when generating descriptions. Fix this.	2016-09-05 12:49:47 +02:00
Dmitry Vyukov	27b03f4ba3	prog: generate shifted integers with some probability Useful for bitfield-like integers.	2016-09-01 17:17:37 +02:00
Dmitry Vyukov	7690667267	sys: specify resources in text descriptions Currently to add a new resource one needs to modify multiple source files, which complicates descirption of new system calls. Move resource descriptions from source code to text desciptions.	2016-08-27 18:27:50 +02:00
Dmitry Vyukov	0d0fbbe73f	overhaul syscall description generation process This splits generation process into two phases: 1. Extract values of constants from linux kernel sources. 2. Generate Go code. Constant values are checked in. The advantage is that the second phase is now completely independent from linux source files, kernel version, presence of headers for particular drivers, etc. This allows to change what Go code we generate any time without access to all kernel headers (which in future won't be limited to only upstream headers). Constant extraction process does require proper kernel sources, but this can be done only once by the person who added the driver and has access to the required sources. Then the constant values are checked in for others to use. Consant extraction process is per-file/per-arch. That is, if I am adding a driver that is not present upstream and that works only on a single arch, I will check in constants only for that driver and for that arch.	2016-08-26 07:09:25 +02:00
Dmitry Vyukov	e7021ac638	prog: don't try to execute ioctl(FIFREEZE) and mknod ioctl(FIFREEZE) renders machine dead. FIFREEZE is an interesting thing, and we could test it in namespace (?) or on manually mounted file systems (?). But that will require more complex handling. Disable it until we have that logic. mknod of char/block devices can do all kinds of nasty stuff (read/write to IO ports, kernel memory, etc). Disable it for now.	2016-08-21 18:07:55 -07:00
Dmitry Vyukov	08e664c044	prog: generate SIGSEGVs with lower probability Addresses that trigger SIGSEGV does not seem to uncover any bugs. But they crash executor preventing programs from being executed. Lower probability of generating addresses that lead to SIGSEGVs.	2016-08-13 15:28:07 -07:00
Dmitry Vyukov	7460de4a28	prog: generate ints outside of the specified range once in a while	2016-08-13 09:04:19 -07:00
Dmitry Vyukov	3b9fe41fe3	reformat sources	2016-08-13 09:02:44 -07:00
Dmitry Vyukov	ae9d77a96b	sys: regenerate syscall descriptions with latest linux sources	2016-08-13 09:01:42 -07:00
Baozeng Ding	7db2edcb33	sys/sysgen/prog: support ranged int This commit supports inclusive ranged int, like foo int32[-10~10], which will generate random integer between -10 and 10. In future we will support more than one range, like int32[0, -5~10, 50, 100~200]	2016-08-10 13:43:15 +08:00
Dmitry Vyukov	da7529ea51	sys: update generated files	2016-06-13 12:50:32 +02:00

1 2 3 4 5

208 Commits