shithub: fuzz

ref: 4b0b0a23de87e0805ce5bc64f8a09af1685c7d04
dir: /input.c/

View raw version
#include "fuzz.h"

// Procedurally generate input to syscall
void
fuzz(caller *sc)
{
	// TODO
	switch(sc->c) {
		case sc_exits :			//	_exits(char*);
		case sc_abort :			//	abort(void);
		case sc_access :		//	access(char* : int);
		case sc_alarm :			//	alarm(ulong);
		case sc_await :			//	await(char* : int);
		case sc_bind :			//	bind(char* : char* : int);
		case sc_brk :			//	brk(void*);
		case sc_chdir :			//	chdir(char*);
		case sc_close :			//	close(int);
			// increment the round counter
			(sc->round)++;

			// mutate the input
			int fd;

			// log the variables
			log_call(sc);

			// sync the disk
			hjsync();
			
			// execute the call
			close(fd);

			break;
		case sc_create :		//	create(char* : int : ulong);
		case sc_dup :			//	dup(int : int);
		case sc_errstr :		//	errstr(char* : uint);
		case sc_exec :			//	exec(char* : char*[]);
		case sc_execl :			//	execl(char* : ...);
		case sc_fork :			//	fork(void);
		case sc_rfork :			//	rfork(int);
		case sc_fauth :			//	fauth(int : char*);
		case sc_fstat :			//	fstat(int : uchar* : int);
		case sc_fwstat :		//	fwstat(int : uchar* : int);
		case sc_fversion :		//	fversion(int : int : char* : int);
		case sc_mount :			//	mount(int : int : char* : int : char*);
		case sc_unmount :		//	unmount(char* : char*);
		case sc_noted :			//	noted(int);
		case sc_notify :		//	notify(void(*)(void* : char*));
		case sc_open :			//	open(char* : int);
		case sc_fd2path :		//	fd2path(int : char* : int);
		case sc_pipe :			//	pipe(int*);
		case sc_pread :			//	pread(int : void* : long : vlong);
		case sc_preadv :		//	preadv(int : IOchunk* : int : vlong);
		case sc_pwrite :		//	pwrite(int : void* : long : vlong);
		case sc_pwritev :		//	pwritev(int : IOchunk* : int : vlong);
		case sc_read :			//	read(int : void* : long);
		case sc_readn :			//	readn(int : void* : long);
		case sc_readv :			//	readv(int : IOchunk* : int);
		case sc_remove :		//	remove(char*);
		case sc_sbrk :			//	sbrk(ulong);
		case sc_oseek :			//	oseek(int : long : int);
		case sc_seek :			//	seek(int : vlong : int);
		case sc_segattach :		//	segattach(int : char* : void* : ulong);
		case sc_segbrk	 :		//	segbrk(void* : void*);
		case sc_segdetach :		//	segdetach(void*);
		case sc_segflush :		//	segflush(void* : ulong);
		case sc_segfree :		//	segfree(void* : ulong);
		case sc_semacquire :		//	semacquire(long* : int);
		case sc_semrelease :		//	semrelease(long* : long);
		case sc_sleep :			//	sleep(long);
		case sc_stat :			//	stat(char* : uchar* : int);
		case sc_tsemacquire :		//	tsemacquire(long* : ulong);
		case sc_wait :			//	wait(void);
		case sc_waitpid :		//	waitpid(void);
		case sc_write :			//	write(int : void* : long);
		case sc_writev :		//	writev(int : IOchunk* : int);
		case sc_wstat :			//	wstat(char* : uchar* : int);
		case sc_rendezvous :		//	rendezvous(void* : void*);
		case sc_dirstat :		//	dirstat(char*);
		case sc_dirfstat :		//	dirfstat(int);
		case sc_dirwstat :		//	dirwstat(char* : Dir*);
		case sc_dirfwstat :		//	dirfwstat(int : Dir*);
		case sc_dirread :		//	dirread(int : Dir**);
		case sc_nulldir :		//	nulldir(Dir*);
		case sc_dirreadall :		//	dirreadall(int : Dir**);
		case sc_getpid :		//	getpid(void);
		case sc_getppid	:		//	getppid(void);
		case sc_rerrstr :		//	rerrstr(char* : uint);
		case sc_sysname :		//	sysname(void);
		case sc_werrstr :		//	werrstr(char* : ...);
		default :
			exits("Unknown system call!");
	}
}

// Logs the syscall arguments
void
log_call(caller *sc)
{
	fprint(logfd, "\nSystem Call: %s", sc->name);
	fprint(logfd, "\n\tRound #: %d", sc->round);
	fprint(logfd, "\n\tSeed: %d", sc->seed);

	int x;
	for (x; x < (sc->inputs.size); x++) {
		t_type* ele = lget(&(sc->inputs), x);

		fprint(logfd, "\n\t\t%s : ", callnames[ele->t]);
		
		switch(ele->t) {
			case t_int :
				fprint(logfd, "%d", (int) ele->var);
				break;
			case t_uint :
				fprint(logfd, "%d", (uint) ele->var);
			case t_long :
				fprint(logfd, "%ld", (long) ele->var);
				break;
			case t_ulong :
				fprint(logfd, "%lu", (ulong) ele->var);
				break;
			case t_DirS :
				fprint(logfd, "%s", (Dir*) ele->var);
				break;
			case t_charS :
				fprint(logfd, "%s", (char*) ele->var);
				break;
			case t_char :
				fprint(logfd, "%c", (char) ele->var);
			default :
				exits("Unknown input variable type!");
		}
	}
}

// Syncs the disk in hjfs
void
hjsync()
{
	// open file and write to sync disk
	int hjfs = open("/srv/hjfs.cmd", OWRITE);
	fprint(hjfs, "sync\n");
	close(hjfs);
}

// Init callnames here, is extern in fuzz.h
char *callnames[NCALLS]= {
"_exits",
"abort",
"access",
"alarm",
"await",
"bind",
"brk",
"chdir",
"close",
"create",
"dup",
"errstr",
"exec",
"execl",
"fork",
"rfork",
"fauth",
"fstat",
"fwstat",
"fversion",
"mount",
"unmount",
"noted",
"notify",
"open",
"fd2path",
"pipe",
"pread",
"preadv",
"pwrite",
"pwritev",
"read",
"readn",
"readv",
"remove",
"sbrk",
"oseek",
"seek",
"segattach",
"segbrk",
"segdetach",
"segflush",
"segfree",
"semacquire",
"semrelease",
"sleep",
"stat",
"tsemacquire",
"wait",
"waitpid",
"write",
"writev",
"wstat",
"rendezvous",
"dirstat",
"dirfstat",
"dirwstat",
"dirfwstat",
"dirread",
"nulldir",
"dirreadall",
"getpid",
"getppid",
"rerrstr",
"sysname",
"werrstr"
};

// Init callnames here, is extern in fuzz.h
char *typenames[NTYPES]= {
"int",
"long",
"Dir*",
"char*"
};