prog

package
v0.0.0-...-4e6bda9 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 20, 2018 License: Apache-2.0 Imports: 14 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	ExecInstrEOF = ^uint64(iota)
	ExecInstrCopyin
	ExecInstrCopyout
)
View Source 
const (
	ExecArgConst = uint64(iota)
	ExecArgResult
	ExecArgData
	ExecArgCsum
)
View Source 
const (
	ExecArgCsumChunkData = uint64(iota)
	ExecArgCsumChunkConst
)
View Source 
const (
	ExecArgCsumInet = uint64(iota)
)
View Source 
const (
	ExecBufferSize = 2 << 20
)

Variables

This section is empty.

Functions

func CallSet 

func CallSet(data []byte) (map[string]struct{}, error)

CallSet returns a set of all calls in the program. It does very conservative parsing and is intended to parse paste/future serialization formats.

func ForeachArgArray 

func ForeachArgArray(args *[]Arg, ret Arg, f func(arg, base Arg, parent *[]Arg))

func ForeachType 

func ForeachType(meta *Syscall, f func(Type))

func IsPad 

func IsPad(t Type) bool

func RegisterTarget 

func RegisterTarget(target *Target, initArch func(target *Target))

func RequiresBitmasks 

func RequiresBitmasks(p *Prog) bool

func RequiresChecksums 

func RequiresChecksums(p *Prog) bool

Types

type Arg 

type Arg interface {
	Type() Type
	Size() uint64
}

func DefaultArg 

func DefaultArg(t Type) Arg

func InnerArg 

func InnerArg(arg Arg) Arg

Returns inner arg for pointer args.

func MakeConstArg 

func MakeConstArg(t Type, v uint64) Arg

func MakeGroupArg 

func MakeGroupArg(t Type, inner []Arg) Arg

func MakePointerArg 

func MakePointerArg(t Type, page uint64, off int, npages uint64, obj Arg) Arg

func MakeResultArg 

func MakeResultArg(t Type, r Arg, v uint64) Arg

func MakeReturnArg 

func MakeReturnArg(t Type) Arg

type ArgCommon 

type ArgCommon struct {
	// contains filtered or unexported fields
}

func (*ArgCommon) AddType 

func (arg *ArgCommon) AddType(typ_ Type)

func (*ArgCommon) Type 

func (arg *ArgCommon) Type() Type

type ArgUsed 

type ArgUsed interface {
	Used() *map[Arg]bool
	Set(map[Arg]bool)
}

type ArgUser 

type ArgUser interface {
	Uses() *Arg
}

type Args 

type Args []Arg

func (Args) Len 

func (s Args) Len() int

func (Args) Swap 

func (s Args) Swap(i, j int)

type ArrayKind 

type ArrayKind int
const (
	ArrayRandLen ArrayKind = iota
	ArrayRangeLen
)

type ArrayType 

type ArrayType struct {
	TypeCommon
	Type       Type
	Kind       ArrayKind
	RangeBegin uint64
	RangeEnd   uint64
}

type BufferKind 

type BufferKind int
const (
	BufferBlobRand BufferKind = iota
	BufferBlobRange
	BufferString
	BufferFilename
	BufferText
)

type BufferType 

type BufferType struct {
	TypeCommon
	Kind       BufferKind
	RangeBegin uint64   // for BufferBlobRange kind
	RangeEnd   uint64   // for BufferBlobRange kind
	Text       TextKind // for BufferText
	SubKind    string
	Values     []string // possible values for BufferString kind
}

type ByPhysicalAddr 

type ByPhysicalAddr struct {
	Args
	Context *execContext
}

func (ByPhysicalAddr) Less 

func (s ByPhysicalAddr) Less(i, j int) bool

type Call 

type Call struct {
	Meta *Syscall
	Args []Arg
	Ret  Arg
}

type ChoiceTable 

type ChoiceTable struct {
	// contains filtered or unexported fields
}

ChooseTable allows to do a weighted choice of a syscall for a given syscall based on call-to-call priorities and a set of enabled syscalls.

func (*ChoiceTable) Choose 

func (ct *ChoiceTable) Choose(r *rand.Rand, call int) int

type CompMap 

type CompMap map[uint64]uint64Set

Example: for comparisons {(op1, op2), (op1, op3), (op1, op4), (op2, op1)} this map will store the following: 

m = {
		op1: {map[op2]: true, map[op3]: true, map[op4]: true},
		op2: {map[op1]: true}
}.

func (CompMap) AddComp 

func (m CompMap) AddComp(arg1, arg2 uint64)

type ConstArg 

type ConstArg struct {
	ArgCommon
	Val uint64
}

Used for ConstType, IntType, FlagsType, LenType, ProcType and CsumType.

func (*ConstArg) Size 

func (arg *ConstArg) Size() uint64

func (*ConstArg) Value 

func (arg *ConstArg) Value(pid int) uint64

Returns value taking endianness and executor pid into consideration.

type ConstType 

type ConstType struct {
	IntTypeCommon
	Val   uint64
	IsPad bool
}

type ConstValue 

type ConstValue struct {
	Name  string
	Value uint64
}

type CsumChunk 

type CsumChunk struct {
	Kind  CsumChunkKind
	Arg   Arg    // for CsumChunkArg
	Value uint64 // for CsumChunkConst
	Size  uint64 // for CsumChunkConst
}

type CsumChunkKind 

type CsumChunkKind int
const (
	CsumChunkArg CsumChunkKind = iota
	CsumChunkConst
)

type CsumInfo 

type CsumInfo struct {
	Kind   CsumKind
	Chunks []CsumChunk
}

type CsumKind 

type CsumKind int
const (
	CsumInet CsumKind = iota
	CsumPseudo
)

type CsumType 

type CsumType struct {
	IntTypeCommon
	Kind     CsumKind
	Buf      string
	Protocol uint64 // for CsumPseudo
}

type DataArg 

type DataArg struct {
	ArgCommon
	Data []byte
}

Used for BufferType.

func (*DataArg) Size 

func (arg *DataArg) Size() uint64

type Dir 

type Dir int
const (
	DirIn Dir = iota
	DirOut
	DirInOut
)

type FlagsType 

type FlagsType struct {
	IntTypeCommon
	Vals []uint64
}

type Gen 

type Gen struct {
	// contains filtered or unexported fields
}

func (*Gen) Alloc 

func (g *Gen) Alloc(ptrType Type, data Arg) (Arg, []*Call)

func (*Gen) NOutOf 

func (g *Gen) NOutOf(n, outOf int) bool

type GroupArg 

type GroupArg struct {
	ArgCommon
	Inner []Arg
}

Used for StructType and ArrayType. Logical group of args (struct or array).

func (*GroupArg) Size 

func (arg *GroupArg) Size() uint64

type IntKind 

type IntKind int
const (
	IntPlain   IntKind = iota
	IntFileoff         // offset within a file
	IntRange
)

type IntType 

type IntType struct {
	IntTypeCommon
	Kind       IntKind
	RangeBegin uint64
	RangeEnd   uint64
}

type IntTypeCommon 

type IntTypeCommon struct {
	TypeCommon
	BitfieldOff uint64
	BitfieldLen uint64
	BigEndian   bool
	BitfieldMdl bool
}

func (*IntTypeCommon) BitfieldLength 

func (t *IntTypeCommon) BitfieldLength() uint64

func (*IntTypeCommon) BitfieldMiddle 

func (t *IntTypeCommon) BitfieldMiddle() bool

func (*IntTypeCommon) BitfieldOffset 

func (t *IntTypeCommon) BitfieldOffset() uint64

type KeyedStruct 

type KeyedStruct struct {
	Key  StructKey
	Desc *StructDesc
}

type LenType 

type LenType struct {
	IntTypeCommon
	ByteSize uint64 // want size in multiple of bytes instead of array size
	Buf      string
}

type LogEntry 

type LogEntry struct {
	P         *Prog
	Proc      int  // index of parallel proc
	Start     int  // start offset in log
	End       int  // end offset in log
	Fault     bool // program was executed with fault injection in FaultCall/FaultNth
	FaultCall int
	FaultNth  int
}

LogEntry describes one program in execution log.

type PointerArg 

type PointerArg struct {
	ArgCommon
	PageIndex  uint64
	PageOffset int    // offset within a page
	PagesNum   uint64 // number of available pages
	Res        Arg    // pointee
}

Used for PtrType and VmaType. Even if these are always constant (for reproducibility), we use a separate type because they are represented in an abstract (base+page+offset) form.

func (*PointerArg) Size 

func (arg *PointerArg) Size() uint64

type ProcType 

type ProcType struct {
	IntTypeCommon
	ValuesStart   uint64
	ValuesPerProc uint64
}

type Prog 

type Prog struct {
	Target *Target
	Calls  []*Call
}

func Minimize 

func Minimize(p0 *Prog, callIndex0 int, pred0 func(*Prog, int) bool, crash bool) (*Prog, int)

Minimize minimizes program p into an equivalent program using the equivalence predicate pred. It iteratively generates simpler programs and asks pred whether it is equal to the orginal program or not. If it is equivalent then the simplification attempt is committed and the process continues.

func (*Prog) Clone 

func (p *Prog) Clone() *Prog

func (*Prog) Mutate 

func (p *Prog) Mutate(rs rand.Source, ncalls int, ct *ChoiceTable, corpus []*Prog)

func (*Prog) MutateWithHints 

func (p *Prog) MutateWithHints(compMaps []CompMap, exec func(newP *Prog))

Mutates the program using the comparison operands stored in compMaps. For each of the mutants executes the exec callback.

func (*Prog) Serialize 

func (p *Prog) Serialize() []byte

func (*Prog) SerializeForExec 

func (p *Prog) SerializeForExec(buffer []byte, pid int) error

SerializeForExec serializes program p for execution by process pid into the provided buffer. If the provided buffer is too small for the program an error is returned.

func (*Prog) String 

func (p *Prog) String() string

String generates a very compact program description (mostly for debug output).

func (*Prog) StripDependencies 

func (p *Prog) StripDependencies()

func (*Prog) TrimAfter 

func (p *Prog) TrimAfter(idx int)

func (*Prog) Validate 

func (p *Prog) Validate() error

type PtrType 

type PtrType struct {
	TypeCommon
	Type Type
}

type ResourceDesc 

type ResourceDesc struct {
	Name   string
	Type   Type
	Kind   []string
	Values []uint64
}

type ResourceType 

type ResourceType struct {
	TypeCommon
	Desc *ResourceDesc
}

func (*ResourceType) Default 

func (t *ResourceType) Default() uint64

func (*ResourceType) SpecialValues 

func (t *ResourceType) SpecialValues() []uint64

type ResultArg 

type ResultArg struct {
	ArgCommon
	Res   Arg    // reference to arg which we use
	OpDiv uint64 // divide result (executed before OpAdd)
	OpAdd uint64 // add to result
	Val   uint64 // value used if Res is nil
	// contains filtered or unexported fields
}

Used for ResourceType. Either holds constant value or reference another ResultArg or ReturnArg.

func (*ResultArg) Set 

func (arg *ResultArg) Set(uses map[Arg]bool)

func (*ResultArg) Size 

func (arg *ResultArg) Size() uint64

func (*ResultArg) Used 

func (arg *ResultArg) Used() *map[Arg]bool

func (*ResultArg) Uses 

func (arg *ResultArg) Uses() *Arg

type ReturnArg 

type ReturnArg struct {
	ArgCommon
	// contains filtered or unexported fields
}

Used for ResourceType and VmaType. This argument denotes syscall return value.

func (*ReturnArg) Set 

func (arg *ReturnArg) Set(uses map[Arg]bool)

func (*ReturnArg) Size 

func (arg *ReturnArg) Size() uint64

func (*ReturnArg) Used 

func (arg *ReturnArg) Used() *map[Arg]bool

type StructDesc 

type StructDesc struct {
	TypeCommon
	Fields    []Type
	AlignAttr uint64
}

func (*StructDesc) FieldName 

func (t *StructDesc) FieldName() string

type StructKey 

type StructKey struct {
	Name string
	Dir  Dir
}

type StructType 

type StructType struct {
	Key     StructKey
	FldName string
	*StructDesc
}

func (*StructType) FieldName 

func (t *StructType) FieldName() string

type Syscall 

type Syscall struct {
	ID       int
	NR       uint64 // kernel syscall number
	Name     string
	CallName string
	Args     []Type
	Ret      Type
}

type Target 

type Target struct {
	OS         string
	Arch       string
	Revision   string // unique hash representing revision of the descriptions
	PtrSize    uint64
	PageSize   uint64
	DataOffset uint64

	Syscalls  []*Syscall
	Resources []*ResourceDesc
	Structs   []*KeyedStruct
	Consts    []ConstValue

	// Syscall used by MakeMmap.
	// It has some special meaning because there are usually too many of them.
	MmapSyscall *Syscall

	// MakeMmap creates call that maps [start, start+npages) page range.
	MakeMmap func(start, npages uint64) *Call

	// AnalyzeMmap analyzes the call c regarding mapping/unmapping memory.
	// If it maps/unmaps any memory returns [start, start+npages) range,
	// otherwise returns npages = 0.
	AnalyzeMmap func(c *Call) (start, npages uint64, mapped bool)

	// SanitizeCall neutralizes harmful calls.
	SanitizeCall func(c *Call)

	// SpecialStructs allows target to do custom generation/mutation for some struct types.
	// Map key is struct name for which custom generation/mutation is required.
	// Map value is custom generation/mutation function that will be called
	// for the corresponding structs. g is helper object that allows generate random numbers,
	// allocate memory, etc. typ is the struct type. old is the old value of the struct
	// for mutation, or nil for generation. The function returns a new value of the struct,
	// and optionally any calls that need to be inserted before the arg reference.
	SpecialStructs map[string]func(g *Gen, typ *StructType, old *GroupArg) (Arg, []*Call)

	// Special strings that can matter for the target.
	// Used as fallback when string type does not have own dictionary.
	StringDictionary []string

	// Filled by prog package:
	SyscallMap map[string]*Syscall
	ConstMap   map[string]uint64
	// contains filtered or unexported fields
}

Target describes target OS/arch pair.

func AllTargets 

func AllTargets() []*Target

func GetTarget 

func GetTarget(OS, arch string) (*Target, error)

func (*Target) BuildChoiceTable 

func (target *Target) BuildChoiceTable(prios [][]float32, enabled map[*Syscall]bool) *ChoiceTable

func (*Target) CalculatePriorities 

func (target *Target) CalculatePriorities(corpus []*Prog) [][]float32

func (*Target) Deserialize 

func (target *Target) Deserialize(data []byte) (prog *Prog, err error)

func (*Target) Generate 

func (target *Target) Generate(rs rand.Source, ncalls int, ct *ChoiceTable) *Prog

Generate generates a random program of length ~ncalls. calls is a set of allowed syscalls, if nil all syscalls are used.

func (*Target) GenerateAllSyzProg 

func (target *Target) GenerateAllSyzProg(rs rand.Source) *Prog

GenerateAllSyzProg generates a program that contains all pseudo syz_ calls for testing.

func (*Target) ParseLog 

func (target *Target) ParseLog(data []byte) []*LogEntry

func (*Target) TransitivelyEnabledCalls 

func (target *Target) TransitivelyEnabledCalls(enabled map[*Syscall]bool) map[*Syscall]bool

type TextKind 

type TextKind int
const (
	Text_x86_real TextKind = iota
	Text_x86_16
	Text_x86_32
	Text_x86_64
	Text_arm64
)

type Type 

type Type interface {
	Name() string
	FieldName() string
	Dir() Dir
	Optional() bool
	Default() uint64
	Varlen() bool
	Size() uint64
	BitfieldOffset() uint64
	BitfieldLength() uint64
	BitfieldMiddle() bool // returns true for all but last bitfield in a group
}

type TypeCommon 

type TypeCommon struct {
	TypeName   string
	FldName    string // for struct fields and named args
	TypeSize   uint64 // static size of the type, or 0 for variable size types
	ArgDir     Dir
	IsOptional bool
}

func (*TypeCommon) BitfieldLength 

func (t *TypeCommon) BitfieldLength() uint64

func (*TypeCommon) BitfieldMiddle 

func (t *TypeCommon) BitfieldMiddle() bool

func (*TypeCommon) BitfieldOffset 

func (t *TypeCommon) BitfieldOffset() uint64

func (*TypeCommon) Default 

func (t *TypeCommon) Default() uint64

func (TypeCommon) Dir 

func (t TypeCommon) Dir() Dir

func (*TypeCommon) FieldName 

func (t *TypeCommon) FieldName() string

func (*TypeCommon) Name 

func (t *TypeCommon) Name() string

func (*TypeCommon) Optional 

func (t *TypeCommon) Optional() bool

func (*TypeCommon) Size 

func (t *TypeCommon) Size() uint64

func (*TypeCommon) Varlen 

func (t *TypeCommon) Varlen() bool

type UnionArg 

type UnionArg struct {
	ArgCommon
	Option     Arg
	OptionType Type
}

Used for UnionType.

func (*UnionArg) Size 

func (arg *UnionArg) Size() uint64

type UnionType 

type UnionType struct {
	Key     StructKey
	FldName string
	*StructDesc
}

func (*UnionType) FieldName 

func (t *UnionType) FieldName() string

type VmaType 

type VmaType struct {
	TypeCommon
	RangeBegin uint64 // in pages
	RangeEnd   uint64
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.