New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Tool Trace2Syz #767
Merged
Merged
Add Tool Trace2Syz #767
Changes from all commits
Commits
Show all changes
22 commits
Select commit
Hold shift + click to select a range
4521e88
fixing weird merge error
shankarapailoor 1899543
fixing presubmit
shankarapailoor 1525a32
fixing presubmit
shankarapailoor a2a40c4
removing parsing code because of -Xraw option
shankarapailoor c30e678
fix presubmit
shankarapailoor 947a5e0
update
shankarapailoor 0a3522c
deleting vma_call_handlers as we are currently skipping most vma call…
shankarapailoor 859d97c
removing custom handling of bpf_instruction union
shankarapailoor 05ef592
removing ifconf parsing
shankarapailoor ba14439
update
shankarapailoor facd622
removed all expression types and replaced them with constant types. r…
shankarapailoor e4e1a79
removing ipv6 parsing
shankarapailoor 854b348
presubmit
shankarapailoor ba32e5c
moving direction check from ipv4_addr out to genUnion
shankarapailoor e047ac4
removing code that parses kcov
shankarapailoor 6b2d61b
removing redundant test
shankarapailoor aa74ed3
removing custom code in generate unions to fill ipv4_addr
shankarapailoor 7546bb8
proggen: changing order of imports to make external packages import f…
shankarapailoor 82eb8a3
changing log messages to lower case to be consistent with other packa…
shankarapailoor 662c27c
removing pointer type and simplifying memory_tracker
shankarapailoor 30968ce
moving context and return_cache to seaparate files
shankarapailoor a82337a
deleting default argument generation when we should probably throw an…
shankarapailoor File filter
Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
// Copyright 2018 syzkaller project authors. All rights reserved. | ||
// Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file. | ||
|
||
package config | ||
|
||
var ( | ||
// ShouldSkip lists system calls that we should skip when parsing | ||
// Some of these are unsupported or not worth executing | ||
ShouldSkip = map[string]bool{ | ||
// While we have system call descriptions for execve it is not worth adding | ||
// the ones in traces. Every trace has an execve at the beginning which means | ||
// all the system calls afterwards will not execute | ||
"execve": true, | ||
// Unsafe to set the addr argument to some random argument. Needs more care | ||
"arch_prctl": true, | ||
// Don't produce multithreaded programs. | ||
"wait4": true, | ||
"wait": true, | ||
"futex": true, | ||
// Cannot obtain coverage from the forks. | ||
"clone": true, | ||
// Can support these calls but need to identify the ones in the trace that are worth keeping | ||
"mmap": true, | ||
"msync": true, | ||
"mremap": true, | ||
"mprotect": true, | ||
"madvise": true, | ||
"munmap": true, | ||
// Not interesting coverage | ||
"getcwd": true, | ||
"getcpu": true, | ||
// Cannot evaluate sigset | ||
"rt_sigprocmask": true, | ||
"rt_sigtimedwait": true, | ||
"rt_sigreturn": true, | ||
"rt_sigqueueinfo": true, | ||
"rt_sigsuspend": true, | ||
// Require function pointers which are not recovered by strace | ||
"rt_sigaction": true, | ||
} | ||
) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,155 @@ | ||
// Copyright 2018 syzkaller project authors. All rights reserved. | ||
// Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file. | ||
|
||
package parser | ||
|
||
import ( | ||
"bytes" | ||
"fmt" | ||
) | ||
|
||
// TraceTree struct contains intermediate representation of trace | ||
// If a trace is multiprocess it constructs a trace for each type | ||
type TraceTree struct { | ||
TraceMap map[int64]*Trace | ||
Ptree map[int64][]int64 | ||
RootPid int64 | ||
Filename string | ||
} | ||
|
||
// NewTraceTree initializes a TraceTree | ||
func NewTraceTree() (tree *TraceTree) { | ||
tree = &TraceTree{ | ||
TraceMap: make(map[int64]*Trace), | ||
Ptree: make(map[int64][]int64), | ||
RootPid: -1, | ||
} | ||
return | ||
} | ||
|
||
func (tree *TraceTree) add(call *Syscall) { | ||
if tree.RootPid < 0 { | ||
tree.RootPid = call.Pid | ||
} | ||
|
||
if !call.Resumed { | ||
if tree.TraceMap[call.Pid] == nil { | ||
tree.TraceMap[call.Pid] = new(Trace) | ||
tree.Ptree[call.Pid] = make([]int64, 0) | ||
} | ||
} | ||
c := tree.TraceMap[call.Pid].add(call) | ||
if c.CallName == "clone" && !c.Paused { | ||
tree.Ptree[c.Pid] = append(tree.Ptree[c.Pid], c.Ret) | ||
} | ||
} | ||
|
||
// Trace is just a list of system calls | ||
type Trace struct { | ||
Calls []*Syscall | ||
} | ||
|
||
func (trace *Trace) add(call *Syscall) (ret *Syscall) { | ||
if !call.Resumed { | ||
trace.Calls = append(trace.Calls, call) | ||
ret = call | ||
return | ||
} | ||
lastCall := trace.Calls[len(trace.Calls)-1] | ||
lastCall.Args = append(lastCall.Args, call.Args...) | ||
lastCall.Paused = false | ||
lastCall.Ret = call.Ret | ||
ret = lastCall | ||
return | ||
} | ||
|
||
// IrType is the intermediate representation of the strace output | ||
// Every argument of a system call should be represented in an intermediate type | ||
type IrType interface { | ||
String() string | ||
} | ||
|
||
// Syscall struct is the IR type for any system call | ||
type Syscall struct { | ||
CallName string | ||
Args []IrType | ||
Pid int64 | ||
Ret int64 | ||
Paused bool | ||
Resumed bool | ||
} | ||
|
||
// NewSyscall - constructor | ||
func NewSyscall(pid int64, name string, args []IrType, ret int64, paused, resumed bool) (sys *Syscall) { | ||
return &Syscall{ | ||
CallName: name, | ||
Args: args, | ||
Pid: pid, | ||
Ret: ret, | ||
Paused: paused, | ||
Resumed: resumed, | ||
} | ||
} | ||
|
||
// String | ||
func (s *Syscall) String() string { | ||
buf := new(bytes.Buffer) | ||
|
||
fmt.Fprintf(buf, "Pid: -%v-", s.Pid) | ||
fmt.Fprintf(buf, "Name: -%v-", s.CallName) | ||
for _, typ := range s.Args { | ||
buf.WriteString("-") | ||
buf.WriteString(typ.String()) | ||
buf.WriteString("-") | ||
} | ||
buf.WriteString(fmt.Sprintf("-Ret: %d\n", s.Ret)) | ||
return buf.String() | ||
} | ||
|
||
// GroupType contains arrays and structs | ||
type GroupType struct { | ||
Elems []IrType | ||
} | ||
|
||
func newGroupType(elems []IrType) (typ *GroupType) { | ||
return &GroupType{Elems: elems} | ||
} | ||
|
||
// String implements IrType String() | ||
func (a *GroupType) String() string { | ||
var buf bytes.Buffer | ||
|
||
buf.WriteString("[") | ||
for _, elem := range a.Elems { | ||
buf.WriteString(elem.String()) | ||
buf.WriteString(",") | ||
} | ||
buf.WriteString("]") | ||
return buf.String() | ||
} | ||
|
||
// Constant represents all evaluated expressions produced by strace | ||
// Constant types are evaluated at parse time | ||
type Constant uint64 | ||
|
||
func (c Constant) String() string { | ||
return fmt.Sprintf("%#v", c) | ||
} | ||
|
||
func (c Constant) Val() uint64 { | ||
return uint64(c) | ||
} | ||
|
||
// BufferType contains strings | ||
type BufferType struct { | ||
Val string | ||
} | ||
|
||
func newBufferType(val string) *BufferType { | ||
return &BufferType{Val: val} | ||
} | ||
|
||
// String implements IrType String() | ||
func (b *BufferType) String() string { | ||
return fmt.Sprintf("Buffer: %s with length: %d\n", b.Val, len(b.Val)) | ||
} |
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we also need to ignore set_robust_list and set_tid_address. They are executed by glibc on process/thread start and are present in just any program in the beginning, but normal programs usually don't use them and we probably won't be able to build interesting programs with set_robust_list.