shithub: fuzz

Download patch

ref: 4cd7e0154ebe47590f9b33b1d6c4d7ac3d957afa
parent: da9afc109ea7da7c0d4053bf837ae0ccad04c9f7
author: seh <seh@localhost>
date: Fri Oct 26 17:32:35 EDT 2018 

Add infrastructure for fuzzing, totally volatile


--- a/fuzz.h
+++ b/fuzz.h
@@ -1,6 +1,82 @@
 #ifndef FUZZ_H
 #define FUZZ_H
 
+/* 
+For full list of syscalls:
 
+/sys/src/9/port/systab.h
+/sys/src/libc/9syscall/sys.h
+ */
+
+// List of all system calls with sc_ prefix added
+typedef int call;
+enum call {
+	sc__errstr,
+	sc__exits,
+	sc__fsession,
+	sc__fstat,
+	sc__fwstat,
+	sc__mount,
+	sc__nsec,
+	sc__read,
+	sc__stat,
+	sc__wait,
+	sc__write,
+	sc__wstat,
+	sc_alarm,
+	sc_await,
+	sc_bind,
+	sc_brk_,
+	sc_chdir,
+	sc_close,
+	sc_create,
+	sc_dup,
+	sc_errstr,
+	sc_exec,
+	sc_fauth,
+	sc_fd2path,
+	sc_fstat,
+	sc_fversion,
+	sc_fwstat,
+	sc_mount,
+	sc_noted,
+	sc_notify,
+	sc_open,
+	sc_oseek,
+	sc_pipe,
+	sc_pread,
+	sc_pwrite,
+	sc_remove,
+	sc_rendezvous,
+	sc_rfork,
+	sc_seek,
+	sc_segattach,
+	sc_segbrk,
+	sc_segdetach,
+	sc_segflush,
+	sc_segfree,
+	sc_semacquire,
+	sc_semrelease,
+	sc_sleep,
+	sc_stat,
+	sc_sysr1,
+	sc_tsemacquire,
+	sc_unmount,
+	sc_wstat
+};
+
+// Structure to track state of system calling
+typedef struct caller caller;
+struct caller
+{
+	call		c;			// System call in use
+	char*		name;		// Real name of syscall
+	int			round;	// Last run executed
+};
+
+/* == Function prototypes == */
+
+// input.c
+void* mkinput(caller);
 
 #endif
--- /dev/null
+++ b/input.c
@@ -1,0 +1,11 @@
+#include <u.h>
+#include <libc.h>
+#include "fuzz.h"
+
+// Procedurally generate input to syscall
+void*
+mkinput(caller sc)
+{
+	// TODO
+	return nil;
+}
--- a/main.c
+++ b/main.c
@@ -5,7 +5,7 @@
 void
 usage(void)
 {
-	fprint(2, "usage: %s [-k kernel name]\n", argv0);
+	fprint(2, "usage: %s [-n rounds] calls\n", argv0);
 	exits("usage");
 }
 
@@ -12,17 +12,24 @@
 void
 main(int argc, char *argv[])
 {
-	char *kname;
+	int nrounds = 1;
+	int i;
 
 	ARGBEGIN{
-		case 'k':
-			kname = ARGF();
+		case 'n':
+			// Number of rounds to iterate fuzzing for
+			nrounds = atoi(ARGF());
 			break;
 		default:
 			usage();
 	}ARGEND
 
+	// Acquire a list of calls specified by spaces (fuzz -n 1 read write seek)
 	
+	
+	for(i = 0; i < nrounds; i++){
+		
+	}
 
 	exits(nil);
 }
--- a/mkfile
+++ b/mkfile
@@ -4,7 +4,8 @@
 
 BIN = /$objtype/bin
 
-OFILES = main.$O
+OFILES = main.$O \
+					input.$O
 
 HFILES = fuzz.h