mirror of
https://github.com/reactos/syzkaller.git
synced 2024-11-27 13:20:34 +00:00
49c11eb514
A hint is basically a tuple consisting of a pointer to an argument
in one of the syscalls of a program and a value, which should be
assigned to that argument.
A simplified version of hints workflow looks like this:
1. Fuzzer launches a program and collects all the comparisons' data
for every syscall in the program.
2. Next it tries to match the obtained comparison operands' values
vs. the input arguments' values.
3. For every such match the fuzzer mutates the program by
replacing the pointed argument with the saved value.
4. If a valid program is obtained, then fuzzer launches it and
checks if new coverage is obtained.
This commit includes:
1. All the code related to hints generation, parsing and mutations.
2. Fuzzer functions to launch the process.
3. Some new stats gathered by fuzzer and manager, related to hints.
4. An updated version of execprog to test the hints process.
|
||
|---|---|---|
| .. | ||
| kcovtrace | ||
| syz-benchcmp | ||
| syz-crush | ||
| syz-db | ||
| syz-execprog | ||
| syz-fmt | ||
| syz-headerparser | ||
| syz-mutate | ||
| syz-prog2c | ||
| syz-report | ||
| syz-repro | ||
| syz-stress | ||
| syz-symbolize | ||
| syz-tty | ||
| syz-upgrade | ||
| create-gce-image.sh | ||
| create-image.sh | ||