Documentation
¶
Overview ¶
Package units implements the business logic to make the fuzzer work
Index ¶
- Variables
- type Control
- type CoverageInfo
- type CoverageManager
- type FFI
- func (e *FFI) CloseFD(fd int)
- func (e *FFI) CreateMapArray(size uint64) int
- func (e *FFI) GetMapElements(fd int, mapSize uint64) (*fpb.MapElements, error)
- func (e *FFI) RunProgram(executionRequest *fpb.ExecutionRequest) (*fpb.ExecutionResult, error)
- func (e *FFI) SetMapElement(fd int, key uint32, value uint64) int
- func (e *FFI) ValidateProgram(prog []uint64) (*fpb.ValidationResult, error)
- type Metrics
- type MetricsCollection
- type MetricsServer
- type Strategy
Constants ¶
This section is empty.
Variables ¶
var (
NilStrategyError = errors.New("Strategy cannot be nil")
)
Functions ¶
This section is empty.
Types ¶
type Control ¶
type Control struct {
// contains filtered or unexported fields
}
Control directs the execution of the fuzzer.
func (*Control) Init ¶
func (cu *Control) Init(ffi *FFI, coverageManager *CoverageManager, strat Strategy) error
Init prepares the control unit to be used.
type CoverageInfo ¶
type CoverageInfo struct {
// contains filtered or unexported fields
}
type CoverageManager ¶
type CoverageManager struct {
// contains filtered or unexported fields
}
CoverageManager deals with everything coverage related.
func NewCoverageManager ¶
func NewCoverageManager(processingFunction func(string) (string, error)) *CoverageManager
func (*CoverageManager) GetCoverageInfoMap ¶
func (cm *CoverageManager) GetCoverageInfoMap() *map[string][]int
GetCoverageInfoMap returns the coverage info cache.
func (*CoverageManager) ProcessCoverageAddresses ¶
func (cm *CoverageManager) ProcessCoverageAddresses(cov []uint64) (map[uint64]string, error)
ProcessCoverageAddresses converts raw coverage hex addresses into line numbers and files, it also caches the results.
type FFI ¶
type FFI struct {
MetricsUnit *Metrics
}
FFI is the unit that will talk to ebpf and run/validate programs.
func (*FFI) CreateMapArray ¶
CreateMapArray creates an ebpf map of type array and returns its fd. -1 means error.
func (*FFI) GetMapElements ¶
GetMapElements fetches the map elements of the given fd.
func (*FFI) RunProgram ¶
func (e *FFI) RunProgram(executionRequest *fpb.ExecutionRequest) (*fpb.ExecutionResult, error)
RunProgram Runs the ebpf program and returns the execution results.
func (*FFI) SetMapElement ¶
SetMapElement sets the elemnt specified by `key` to `value` in the map described by `fd`
func (*FFI) ValidateProgram ¶
func (e *FFI) ValidateProgram(prog []uint64) (*fpb.ValidationResult, error)
ValidateProgram passes the program through the bpf verifier without executing it. Returns feedback to the generator so it can adjust the generation settings.
type Metrics ¶
type Metrics struct { // SamplingThreshold represents the number of samples that will be // skipped before detailed info is collected. // // e.g. if SamplingThreshol = 100; then every 100th sample passed through // the Metrics will collect detailed info (coverage, and verifier logs). SamplingThreshold int // KCovSize represents the size of the coverage sample that kcov will // collect, the bigger the sample the slower collecting coverage // will be (but the more precies). KCovSize uint64 // contains filtered or unexported fields }
Metrics is the central place where the fuzzer can report any metrics or statistics. It is also responsible for refining coverage in an async way. (Coverage refine is an expensive operation, so we do it async).
func NewMetricsUnit ¶
func NewMetricsUnit(threshold int, kcovSize uint64, vmLinuxPath, sourceFilesPath, metricsServerAddr string, metricsServerPort uint16, cm *CoverageManager) *Metrics
NewMetricsUnit Creates a new Central Metrics Unit.
func (*Metrics) RecordVerificationResults ¶
func (mu *Metrics) RecordVerificationResults(vr *fpb.ValidationResult)
RecordVerificationResults collects metrics from the provided verification result proto.
func (*Metrics) ShouldGetCoverage ¶
ShouldGetCoverage has two purposes: record that a program is about to be passed by the verifier and return if the metrics unit wants to collect coverage information on it.
type MetricsCollection ¶
type MetricsCollection struct {
// contains filtered or unexported fields
}
MetricsCollection Holds the actual metrics that have been collected so far and provides a way to access them in a thread safe manner.
type MetricsServer ¶
type MetricsServer struct {
// contains filtered or unexported fields
}
MetricsServer exposes an http server where information about coverage/metrics can be visualized.
type Strategy ¶
type Strategy interface { // GenerateProgram should return the instructions to feed the verifier. GenerateProgram(ffi *FFI) (*epb.Program, error) // OnVerifyDone process the results from the verifier. Here the strategy // can also tell the fuzzer to continue with execution by returning true // or start over and generate a new program. OnVerifyDone(ffi *FFI, verificationResult *fpb.ValidationResult) bool // OnExecuteDone should validate if the program behaved like the // verifier expected, if that was not the case it should return false. OnExecuteDone(ffi *FFI, executionResult *fpb.ExecutionResult) bool // OnError is used to determine if the fuzzer should continue on errors. // true represents continue, false represents halt. OnError(e error) bool // IsFuzzingDone if true, buzzer will break out of the main fuzzing loop // and return normally. IsFuzzingDone() bool // Name returns the name of the current strategy to be able // to select it with the command line flag. Name() string }
StrategyInterface contains all the methods that a fuzzing strategy should implement.