prog

package
v0.0.0-...-17b87e8 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 29, 2020 License: Apache-2.0 Imports: 19 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	ExecArgCsumChunkData = uint64(iota)
	ExecArgCsumChunkConst
)
View Source 
const (
	ExecBufferSize = 4 << 20 // keep in sync with kMaxInput in executor.cc
	ExecNoCopyout  = ^uint64(0)
)
View Source 
const (
	// "Recommended" number of calls in programs that we try to aim at during fuzzing.
	RecommendedCalls = 20
	// "Recommended" max number of calls in programs.
	// If we receive longer programs from hub/corpus we discard them.
	MaxCalls = 40
)
View Source 
const (
	// Special reference to the outer struct used in len targets.
	ParentRef = "parent"
	// Special reference directly to syscall arguments used in len targets.
	SyscallRef = "syscall"
)
View Source 
const (
	ExecArgCsumInet = uint64(iota)
)
View Source 
const MaxArgs = 9

MaxArgs is maximum number of syscall arguments. Executor also knows about this value.

View Source 
const (
	MaxPids = 32
)

Variables

View Source 
var (
	GitRevision     string // emitted by Makefile, may contain + at the end
	GitRevisionBase string // without +

	GitRevisionDate time.Time // parsed from gitRevisionDate
)

Functions

func CallSet 

func CallSet(data []byte) (map[string]struct{}, int, error)

CallSet returns a set of all calls in the program. It does very conservative parsing and is intended to parse past/future serialization formats.

func CppName 

func CppName(name string) string

CppName transforms PascalStyleNames to cpp_style_names.

func Debug 

func Debug()

func DecodeFallbackSignal 

func DecodeFallbackSignal(s uint32) (callID, errno int)

func EncodeData 

func EncodeData(buf *bytes.Buffer, data []byte, readable bool)

func ForeachArg 

func ForeachArg(c *Call, f func(Arg, *ArgCtx))

func ForeachCallType 

func ForeachCallType(meta *Syscall, f func(t Type, ctx TypeCtx))

func ForeachSubArg 

func ForeachSubArg(arg Arg, f func(Arg, *ArgCtx))

func ForeachType 

func ForeachType(syscalls []*Syscall, f func(t Type, ctx TypeCtx))

func ForeachTypePost 

func ForeachTypePost(syscalls []*Syscall, f func(t Type, ctx TypeCtx))

func IsPad 

func IsPad(t Type) bool

func RegisterTarget 

func RegisterTarget(target *Target, types []Type, initArch func(target *Target))

func RequiredFeatures 

func RequiredFeatures(p *Prog) (bitmasks, csums bool)
func RestoreLinks(syscalls []*Syscall, resources []*ResourceDesc, types []Type)

func TestDeserializeHelper 

func TestDeserializeHelper(t *testing.T, OS, arch string, transform func(*Target, *Prog), tests []DeserializeTest)

Types

type Arg 

type Arg interface {
	Type() Type
	Dir() Dir
	Size() uint64
	// contains filtered or unexported methods
}

func InnerArg 

func InnerArg(arg Arg) Arg

Returns inner arg for pointer args.

type ArgCommon 

type ArgCommon struct {
	// contains filtered or unexported fields
}

func (*ArgCommon) Dir 

func (arg *ArgCommon) Dir() Dir

func (ArgCommon) Type 

func (arg ArgCommon) Type() Type

type ArgCtx 

type ArgCtx struct {
	Parent *[]Arg      // GroupArg.Inner (for structs) or Call.Args containing this arg
	Fields []Field     // Fields of the parent struct/syscall
	Base   *PointerArg // pointer to the base of the heap object containing this arg
	Offset uint64      // offset of this arg from the base
	Stop   bool        // if set by the callback, subargs of this arg are not visited
}

type ArrayKind 

type ArrayKind int
const (
	ArrayRandLen ArrayKind = iota
	ArrayRangeLen
)

type ArrayType 

type ArrayType struct {
	TypeCommon
	Elem       Type
	Kind       ArrayKind
	RangeBegin uint64
	RangeEnd   uint64
}

func (*ArrayType) DefaultArg 

func (t *ArrayType) DefaultArg(dir Dir) Arg

func (*ArrayType) String 

func (t *ArrayType) String() string

type BinaryFormat 

type BinaryFormat int
const (
	FormatNative BinaryFormat = iota
	FormatBigEndian
	FormatStrDec
	FormatStrHex
	FormatStrOct
)

type BufferKind 

type BufferKind int
const (
	BufferBlobRand BufferKind = iota
	BufferBlobRange
	BufferString
	BufferFilename
	BufferText
)

type BufferType 

type BufferType struct {
	TypeCommon
	Kind       BufferKind
	RangeBegin uint64   // for BufferBlobRange kind
	RangeEnd   uint64   // for BufferBlobRange kind
	Text       TextKind // for BufferText
	SubKind    string
	Values     []string // possible values for BufferString kind
	NoZ        bool     // non-zero terminated BufferString/BufferFilename
}

func (*BufferType) DefaultArg 

func (t *BufferType) DefaultArg(dir Dir) Arg

func (*BufferType) String 

func (t *BufferType) String() string

type Builder 

type Builder struct {
	// contains filtered or unexported fields
}

func MakeProgGen 

func MakeProgGen(target *Target) *Builder

func (*Builder) Allocate 

func (pg *Builder) Allocate(size uint64) uint64

func (*Builder) AllocateVMA 

func (pg *Builder) AllocateVMA(npages uint64) uint64

func (*Builder) Append 

func (pg *Builder) Append(c *Call) error

func (*Builder) Finalize 

func (pg *Builder) Finalize() (*Prog, error)

type Call 

type Call struct {
	Meta    *Syscall
	Args    []Arg
	Ret     *ResultArg
	Comment string
}

type CallFlags 

type CallFlags int
const (
	CallExecuted CallFlags = 1 << iota // was started at all
	CallFinished                       // finished executing (rather than blocked forever)
	CallBlocked                        // finished but blocked during execution
)

type CallInfo 

type CallInfo struct {
	Flags  CallFlags
	Errno  int
	Signal []uint32
}

type ChoiceTable 

type ChoiceTable struct {
	// contains filtered or unexported fields
}

ChooseTable allows to do a weighted choice of a syscall for a given syscall based on call-to-call priorities and a set of enabled syscalls.

func (*ChoiceTable) Enabled 

func (ct *ChoiceTable) Enabled(call int) bool

type CompMap 

type CompMap map[uint64]map[uint64]bool

Example: for comparisons {(op1, op2), (op1, op3), (op1, op4), (op2, op1)} this map will store the following: 

m = {
		op1: {map[op2]: true, map[op3]: true, map[op4]: true},
		op2: {map[op1]: true}
}.

func (CompMap) AddComp 

func (m CompMap) AddComp(arg1, arg2 uint64)

func (CompMap) String 

func (m CompMap) String() string

type ConstArg 

type ConstArg struct {
	ArgCommon
	Val uint64
}

Used for ConstType, IntType, FlagsType, LenType, ProcType and CsumType.

func MakeConstArg 

func MakeConstArg(t Type, dir Dir, v uint64) *ConstArg

func (*ConstArg) Size 

func (arg *ConstArg) Size() uint64

func (*ConstArg) Value 

func (arg *ConstArg) Value() (uint64, uint64)

Value returns value and pid stride.

type ConstType 

type ConstType struct {
	IntTypeCommon
	Val   uint64
	IsPad bool
}

func (*ConstType) DefaultArg 

func (t *ConstType) DefaultArg(dir Dir) Arg

func (*ConstType) String 

func (t *ConstType) String() string

type ConstValue 

type ConstValue struct {
	Name  string
	Value uint64
}

type CsumChunk 

type CsumChunk struct {
	Kind  CsumChunkKind
	Arg   Arg    // for CsumChunkArg
	Value uint64 // for CsumChunkConst
	Size  uint64 // for CsumChunkConst
}

type CsumChunkKind 

type CsumChunkKind int
const (
	CsumChunkArg CsumChunkKind = iota
	CsumChunkConst
)

type CsumInfo 

type CsumInfo struct {
	Kind   CsumKind
	Chunks []CsumChunk
}

type CsumKind 

type CsumKind int
const (
	CsumInet CsumKind = iota
	CsumPseudo
)

type CsumType 

type CsumType struct {
	IntTypeCommon
	Kind     CsumKind
	Buf      string
	Protocol uint64 // for CsumPseudo
}

func (*CsumType) DefaultArg 

func (t *CsumType) DefaultArg(dir Dir) Arg

func (*CsumType) String 

func (t *CsumType) String() string

type DataArg 

type DataArg struct {
	ArgCommon
	// contains filtered or unexported fields
}

Used for BufferType.

func MakeDataArg 

func MakeDataArg(t Type, dir Dir, data []byte) *DataArg

func MakeOutDataArg 

func MakeOutDataArg(t Type, dir Dir, size uint64) *DataArg

func (*DataArg) Data 

func (arg *DataArg) Data() []byte

func (*DataArg) SetData 

func (arg *DataArg) SetData(data []byte)

func (*DataArg) Size 

func (arg *DataArg) Size() uint64

type DeserializeMode 

type DeserializeMode int
const (
	Strict    DeserializeMode = iota
	NonStrict DeserializeMode = iota
)

type DeserializeTest 

type DeserializeTest struct {
	In        string
	Out       string // if not set, equals to In
	Err       string
	StrictErr string // if not set, equals to Err
}

type Dir 

type Dir uint8
const (
	DirIn Dir = iota
	DirOut
	DirInOut
)

func (Dir) String 

func (dir Dir) String() string

type ExecArg 

type ExecArg interface{} // one of ExecArg*

type ExecArgConst 

type ExecArgConst struct {
	Size           uint64
	Format         BinaryFormat
	Value          uint64
	BitfieldOffset uint64
	BitfieldLength uint64
	PidStride      uint64
}

type ExecArgCsum 

type ExecArgCsum struct {
	Size   uint64
	Kind   uint64
	Chunks []ExecCsumChunk
}

type ExecArgData 

type ExecArgData struct {
	Data     []byte
	Readable bool
}

type ExecArgResult 

type ExecArgResult struct {
	Size    uint64
	Format  BinaryFormat
	Index   uint64
	DivOp   uint64
	AddOp   uint64
	Default uint64
}

type ExecCall 

type ExecCall struct {
	Meta    *Syscall
	Index   uint64
	Args    []ExecArg
	Copyin  []ExecCopyin
	Copyout []ExecCopyout
}

type ExecCopyin 

type ExecCopyin struct {
	Addr uint64
	Arg  ExecArg
}

type ExecCopyout 

type ExecCopyout struct {
	Index uint64
	Addr  uint64
	Size  uint64
}

type ExecCsumChunk 

type ExecCsumChunk struct {
	Kind  uint64
	Value uint64
	Size  uint64
}

type ExecProg 

type ExecProg struct {
	Calls []ExecCall
	Vars  []uint64
}

type Field 

type Field struct {
	Name string
	Type
}

type FlagsType 

type FlagsType struct {
	IntTypeCommon
	Vals    []uint64 // compiler ensures that it's not empty
	BitMask bool
}

func (*FlagsType) DefaultArg 

func (t *FlagsType) DefaultArg(dir Dir) Arg

type Gen 

type Gen struct {
	// contains filtered or unexported fields
}

func (*Gen) Alloc 

func (g *Gen) Alloc(ptrType Type, dir Dir, data Arg) (Arg, []*Call)

func (*Gen) GenerateArg 

func (g *Gen) GenerateArg(typ Type, dir Dir, pcalls *[]*Call) Arg

func (*Gen) GenerateSpecialArg 

func (g *Gen) GenerateSpecialArg(typ Type, dir Dir, pcalls *[]*Call) Arg

func (*Gen) MutateArg 

func (g *Gen) MutateArg(arg0 Arg) (calls []*Call)

func (*Gen) NOutOf 

func (g *Gen) NOutOf(n, outOf int) bool

func (*Gen) Rand 

func (g *Gen) Rand() *rand.Rand

func (*Gen) Target 

func (g *Gen) Target() *Target

type GroupArg 

type GroupArg struct {
	ArgCommon
	Inner []Arg
}

Used for StructType and ArrayType. Logical group of args (struct or array).

func MakeGroupArg 

func MakeGroupArg(t Type, dir Dir, inner []Arg) *GroupArg

func (*GroupArg) Size 

func (arg *GroupArg) Size() uint64

type IntKind 

type IntKind int
const (
	IntPlain IntKind = iota
	IntRange
)

type IntType 

type IntType struct {
	IntTypeCommon
	Kind       IntKind
	RangeBegin uint64
	RangeEnd   uint64
	Align      uint64
}

func (*IntType) DefaultArg 

func (t *IntType) DefaultArg(dir Dir) Arg

type IntTypeCommon 

type IntTypeCommon struct {
	TypeCommon
	ArgFormat       BinaryFormat
	BitfieldOff     uint64
	BitfieldLen     uint64
	BitfieldUnit    uint64
	BitfieldUnitOff uint64
}

func (*IntTypeCommon) BitfieldLength 

func (t *IntTypeCommon) BitfieldLength() uint64

func (*IntTypeCommon) BitfieldOffset 

func (t *IntTypeCommon) BitfieldOffset() uint64

func (*IntTypeCommon) Format 

func (t *IntTypeCommon) Format() BinaryFormat

func (*IntTypeCommon) IsBitfield 

func (t *IntTypeCommon) IsBitfield() bool

func (*IntTypeCommon) String 

func (t *IntTypeCommon) String() string

func (*IntTypeCommon) TypeBitSize 

func (t *IntTypeCommon) TypeBitSize() uint64

Returns the size in bits for integers in binary format or 64 for string-formatted integers. The return value is used in computing limits and truncating other values.

func (*IntTypeCommon) UnitOffset 

func (t *IntTypeCommon) UnitOffset() uint64

func (*IntTypeCommon) UnitSize 

func (t *IntTypeCommon) UnitSize() uint64

type LenType 

type LenType struct {
	IntTypeCommon
	BitSize uint64 // want size in multiple of bits instead of array size
	Offset  bool   // offset from the beginning of the parent struct or base object
	Path    []string
}

func (*LenType) DefaultArg 

func (t *LenType) DefaultArg(dir Dir) Arg

type LogEntry 

type LogEntry struct {
	P         *Prog
	Proc      int  // index of parallel proc
	Start     int  // start offset in log
	End       int  // end offset in log
	Fault     bool // program was executed with fault injection in FaultCall/FaultNth
	FaultCall int
	FaultNth  int
}

LogEntry describes one program in execution log.

type PointerArg 

type PointerArg struct {
	ArgCommon
	Address uint64
	VmaSize uint64 // size of the referenced region for vma args
	Res     Arg    // pointee (nil for vma)
}

Used for PtrType and VmaType.

func MakePointerArg 

func MakePointerArg(t Type, dir Dir, addr uint64, data Arg) *PointerArg

func MakeSpecialPointerArg 

func MakeSpecialPointerArg(t Type, dir Dir, index uint64) *PointerArg

func MakeVmaPointerArg 

func MakeVmaPointerArg(t Type, dir Dir, addr, size uint64) *PointerArg

func (*PointerArg) IsSpecial 

func (arg *PointerArg) IsSpecial() bool

func (*PointerArg) Size 

func (arg *PointerArg) Size() uint64

type ProcType 

type ProcType struct {
	IntTypeCommon
	ValuesStart   uint64
	ValuesPerProc uint64
}

func (*ProcType) DefaultArg 

func (t *ProcType) DefaultArg(dir Dir) Arg

type Prog 

type Prog struct {
	Target   *Target
	Calls    []*Call
	Comments []string

	Source       int // Gen: 0, Mut: 1, Tri: 2
	CorpusReward mab.CorpusReward
}

func Minimize 

func Minimize(p0 *Prog, callIndex0 int, crash bool, pred0 func(*Prog, int) bool) (*Prog, int)

Minimize minimizes program p into an equivalent program using the equivalence predicate pred. It iteratively generates simpler programs and asks pred whether it is equal to the original program or not. If it is equivalent then the simplification attempt is committed and the process continues.

func (*Prog) Clone 

func (p *Prog) Clone() *Prog

func (*Prog) FallbackSignal 

func (p *Prog) FallbackSignal(info []CallInfo)

func (*Prog) Mutate 

func (p *Prog) Mutate(rs rand.Source, ncalls int, ct *ChoiceTable, corpus []*Prog)

Mutate program p.

p: The program to mutate. rs: Random source. ncalls: The allowed maximum calls in mutated program. ct: ChoiceTable for syscalls. corpus: The entire corpus, including original program p.

func (*Prog) MutateWithHints 

func (p *Prog) MutateWithHints(callIndex int, comps CompMap, exec func(p *Prog))

Mutates the program using the comparison operands stored in compMaps. For each of the mutants executes the exec callback.

func (*Prog) ResetReward 

func (p *Prog) ResetReward()

func (*Prog) Serialize 

func (p *Prog) Serialize() []byte

func (*Prog) SerializeForExec 

func (p *Prog) SerializeForExec(buffer []byte) (int, error)

SerializeForExec serializes program p for execution by process pid into the provided buffer. Returns number of bytes written to the buffer. If the provided buffer is too small for the program an error is returned.

func (*Prog) SerializeVerbose 

func (p *Prog) SerializeVerbose() []byte

func (*Prog) String 

func (p *Prog) String() string

String generates a very compact program description (mostly for debug output).

type PtrType 

type PtrType struct {
	TypeCommon
	Elem    Type
	ElemDir Dir
}

func (*PtrType) DefaultArg 

func (t *PtrType) DefaultArg(dir Dir) Arg

func (*PtrType) String 

func (t *PtrType) String() string

type Ref 

type Ref uint32

func (Ref) BitfieldLength 

func (ti Ref) BitfieldLength() uint64

func (Ref) BitfieldOffset 

func (ti Ref) BitfieldOffset() uint64

func (Ref) Clone 

func (ti Ref) Clone() Type

func (Ref) DefaultArg 

func (ti Ref) DefaultArg(dir Dir) Arg

func (Ref) Format 

func (ti Ref) Format() BinaryFormat

func (Ref) IsBitfield 

func (ti Ref) IsBitfield() bool

func (Ref) Name 

func (ti Ref) Name() string

func (Ref) Optional 

func (ti Ref) Optional() bool

func (Ref) Size 

func (ti Ref) Size() uint64

func (Ref) String 

func (ti Ref) String() string

func (Ref) TemplateName 

func (ti Ref) TemplateName() string

func (Ref) TypeBitSize 

func (ti Ref) TypeBitSize() uint64

func (Ref) UnitOffset 

func (ti Ref) UnitOffset() uint64

func (Ref) UnitSize 

func (ti Ref) UnitSize() uint64

func (Ref) Varlen 

func (ti Ref) Varlen() bool

type ResourceCtor 

type ResourceCtor struct {
	Call    int // Index in Target.Syscalls
	Precise bool
}

type ResourceDesc 

type ResourceDesc struct {
	Name   string
	Kind   []string
	Values []uint64
	Ctors  []ResourceCtor
}

type ResourceType 

type ResourceType struct {
	TypeCommon
	ArgFormat BinaryFormat
	Desc      *ResourceDesc
}

func (*ResourceType) Default 

func (t *ResourceType) Default() uint64

func (*ResourceType) DefaultArg 

func (t *ResourceType) DefaultArg(dir Dir) Arg

func (*ResourceType) Format 

func (t *ResourceType) Format() BinaryFormat

func (*ResourceType) SpecialValues 

func (t *ResourceType) SpecialValues() []uint64

func (*ResourceType) String 

func (t *ResourceType) String() string

type ResultArg 

type ResultArg struct {
	ArgCommon
	Res   *ResultArg // reference to arg which we use
	OpDiv uint64     // divide result (executed before OpAdd)
	OpAdd uint64     // add to result
	Val   uint64     // value used if Res is nil
	// contains filtered or unexported fields
}

Used for ResourceType. This is the only argument that can be used as syscall return value. Either holds constant value or reference another ResultArg.

func MakeResultArg 

func MakeResultArg(t Type, dir Dir, r *ResultArg, v uint64) *ResultArg

func MakeReturnArg 

func MakeReturnArg(t Type) *ResultArg

func (*ResultArg) Size 

func (arg *ResultArg) Size() uint64

type Rotator 

type Rotator struct {
	// contains filtered or unexported fields
}

Rotator selects a random subset of syscalls for corpus rotation.

func MakeRotator 

func MakeRotator(target *Target, calls map[*Syscall]bool, rnd *rand.Rand) *Rotator

func (*Rotator) Select 

func (r *Rotator) Select() map[*Syscall]bool

type StructType 

type StructType struct {
	TypeCommon
	Fields    []Field
	AlignAttr uint64
}

func (*StructType) DefaultArg 

func (t *StructType) DefaultArg(dir Dir) Arg

func (*StructType) String 

func (t *StructType) String() string

type Syscall 

type Syscall struct {
	ID          int
	NR          uint64 // kernel syscall number
	Name        string
	CallName    string
	MissingArgs int // number of trailing args that should be zero-filled
	Args        []Field
	Ret         Type
	Attrs       SyscallAttrs
	// contains filtered or unexported fields
}

type SyscallAttrs 

type SyscallAttrs struct {
	Disabled      bool
	Timeout       uint64
	ProgTimeout   uint64
	IgnoreReturn  bool
	BreaksReturns bool
}

SyscallAttrs represents call attributes in syzlang.

This structure is the source of truth for the all other parts of the system. pkg/compiler uses this structure to parse descriptions. syz-sysgen uses this structure to generate code for executor.

Only bool's and uint64's are currently supported.

See docs/syscall_descriptions_syntax.md for description of individual attributes.

type Target 

type Target struct {
	OS         string
	Arch       string
	Revision   string // unique hash representing revision of the descriptions
	PtrSize    uint64
	PageSize   uint64
	NumPages   uint64
	DataOffset uint64

	Syscalls  []*Syscall
	Resources []*ResourceDesc
	Consts    []ConstValue

	// MakeDataMmap creates calls that mmaps target data memory range.
	MakeDataMmap func() []*Call

	// Neutralize neutralizes harmful calls by transforming them into non-harmful ones
	// (e.g. an ioctl that turns off console output is turned into ioctl that turns on output).
	Neutralize func(c *Call)

	// AnnotateCall annotates a syscall invocation in C reproducers.
	// The returned string will be placed inside a comment except for the
	// empty string which will omit the comment.
	AnnotateCall func(c ExecCall) string

	// SpecialTypes allows target to do custom generation/mutation for some struct's and union's.
	// Map key is struct/union name for which custom generation/mutation is required.
	// Map value is custom generation/mutation function that will be called
	// for the corresponding type. g is helper object that allows generate random numbers,
	// allocate memory, etc. typ is the struct/union type. old is the old value of the struct/union
	// for mutation, or nil for generation. The function returns a new value of the struct/union,
	// and optionally any calls that need to be inserted before the arg reference.
	SpecialTypes map[string]func(g *Gen, typ Type, dir Dir, old Arg) (Arg, []*Call)

	// Special strings that can matter for the target.
	// Used as fallback when string type does not have own dictionary.
	StringDictionary []string

	// Resources that play auxiliary role, but widely used throughout all syscalls (e.g. pid/uid).
	AuxResources map[string]bool

	// Additional special invalid pointer values besides NULL to use.
	SpecialPointers []uint64

	// Filled by prog package:
	SyscallMap map[string]*Syscall
	ConstMap   map[string]uint64
	// contains filtered or unexported fields
}

Target describes target OS/arch pair.

func AllTargets 

func AllTargets() []*Target

func GetTarget 

func GetTarget(OS, arch string) (*Target, error)

func InitTargetTest 

func InitTargetTest(t *testing.T, os, arch string) *Target

func (*Target) ArgContainsAny 

func (target *Target) ArgContainsAny(arg0 Arg) (res bool)

func (*Target) BuildChoiceTable 

func (target *Target) BuildChoiceTable(corpus []*Prog, enabled map[*Syscall]bool) *ChoiceTable

func (*Target) CalculatePriorities 

func (target *Target) CalculatePriorities(corpus []*Prog) [][]float32

func (*Target) CallContainsAny 

func (target *Target) CallContainsAny(c *Call) (res bool)

func (*Target) DataMmapProg 

func (target *Target) DataMmapProg() *Prog

DataMmapProg creates program that maps data segment. Also used for testing as the simplest program.

func (*Target) DefaultChoiceTable 

func (target *Target) DefaultChoiceTable() *ChoiceTable

func (*Target) Deserialize 

func (target *Target) Deserialize(data []byte, mode DeserializeMode) (*Prog, error)

func (*Target) DeserializeExec 

func (target *Target) DeserializeExec(exec []byte) (ExecProg, error)

func (*Target) Generate 

func (target *Target) Generate(rs rand.Source, ncalls int, ct *ChoiceTable) *Prog

Generate generates a random program with ncalls calls. ct contains a set of allowed syscalls, if nil all syscalls are used.

func (*Target) GenerateAllSyzProg 

func (target *Target) GenerateAllSyzProg(rs rand.Source) *Prog

GenerateAllSyzProg generates a program that contains all pseudo syz_ calls for testing.

func (*Target) GetConst 

func (target *Target) GetConst(name string) uint64

func (*Target) ParseLog 

func (target *Target) ParseLog(data []byte) []*LogEntry

func (*Target) PhysicalAddr 

func (target *Target) PhysicalAddr(arg *PointerArg) uint64

func (*Target) TransitivelyEnabledCalls 

func (target *Target) TransitivelyEnabledCalls(enabled map[*Syscall]bool) (map[*Syscall]bool, map[*Syscall]string)

type TextKind 

type TextKind int
const (
	TextTarget TextKind = iota
	TextX86Real
	TextX86bit16
	TextX86bit32
	TextX86bit64
	TextArm64
)

type Type 

type Type interface {
	String() string
	Name() string
	TemplateName() string // for template structs name without arguments
	Optional() bool
	Varlen() bool
	Size() uint64
	TypeBitSize() uint64
	Format() BinaryFormat
	BitfieldOffset() uint64
	BitfieldLength() uint64
	IsBitfield() bool
	// For most of the types UnitSize is equal to Size.
	// These are different only for all but last bitfield in the group,
	// where Size == 0 and UnitSize equals to the underlying bitfield type size.
	UnitSize() uint64
	UnitOffset() uint64

	DefaultArg(dir Dir) Arg
	// contains filtered or unexported methods
}

type TypeCommon 

type TypeCommon struct {
	TypeName string
	// Static size of the type, or 0 for variable size types and all but last bitfields in the group.
	TypeSize   uint64
	IsOptional bool
	IsVarlen   bool
	// contains filtered or unexported fields
}

func (*TypeCommon) BitfieldLength 

func (t *TypeCommon) BitfieldLength() uint64

func (*TypeCommon) BitfieldOffset 

func (t *TypeCommon) BitfieldOffset() uint64

func (*TypeCommon) Format 

func (t *TypeCommon) Format() BinaryFormat

func (*TypeCommon) IsBitfield 

func (t *TypeCommon) IsBitfield() bool

func (*TypeCommon) Name 

func (t *TypeCommon) Name() string

func (*TypeCommon) Optional 

func (t *TypeCommon) Optional() bool

func (*TypeCommon) Size 

func (t *TypeCommon) Size() uint64

func (*TypeCommon) TemplateName 

func (t *TypeCommon) TemplateName() string

func (*TypeCommon) TypeBitSize 

func (t *TypeCommon) TypeBitSize() uint64

func (*TypeCommon) UnitOffset 

func (t *TypeCommon) UnitOffset() uint64

func (*TypeCommon) UnitSize 

func (t *TypeCommon) UnitSize() uint64

func (*TypeCommon) Varlen 

func (t *TypeCommon) Varlen() bool

type TypeCtx 

type TypeCtx struct {
	Meta *Syscall
	Dir  Dir
	Ptr  *Type
}

type UnionArg 

type UnionArg struct {
	ArgCommon
	Option Arg
	Index  int // Index of the selected option in the union type.
}

Used for UnionType.

func MakeUnionArg 

func MakeUnionArg(t Type, dir Dir, opt Arg, index int) *UnionArg

func (*UnionArg) Size 

func (arg *UnionArg) Size() uint64

type UnionType 

type UnionType struct {
	TypeCommon
	Fields []Field
}

func (*UnionType) DefaultArg 

func (t *UnionType) DefaultArg(dir Dir) Arg

func (*UnionType) String 

func (t *UnionType) String() string

type VmaType 

type VmaType struct {
	TypeCommon
	RangeBegin uint64 // in pages
	RangeEnd   uint64
}

func (*VmaType) DefaultArg 

func (t *VmaType) DefaultArg(dir Dir) Arg

func (*VmaType) String 

func (t *VmaType) String() string

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.