├── .bazelversion ├── .gitignore ├── util ├── testdata │ └── data_dependency_testdata ├── x86_64 │ ├── sve_noop_test.cc │ ├── reg_group_io_buffer_offsets.h │ ├── start.S │ └── reg_group_io.cc ├── enum_flag_types.cc ├── ucontext │ ├── aarch64 │ │ ├── save_ucontext.S │ │ ├── restore_ucontext.S │ │ ├── save_ucontext_no_syscalls.S │ │ ├── restore_ucontext_no_syscalls.S │ │ └── signal_test_widgets.S │ ├── ucontext.cc │ └── x86_64 │ │ ├── ucontext_test_widgets.S │ │ ├── signal_test_widgets.S │ │ └── ucontext_offsets.h ├── aarch64 │ ├── cpu_id.cc │ ├── sve_vector_width.S │ ├── reg_group_io_buffer_offsets.h │ ├── reg_groups.cc │ ├── platform.cc │ ├── start.S │ ├── reg_group_io.cc │ └── clear_register_groups.S ├── signals.h ├── types.h ├── signals.cc ├── data_dependency_test.cc ├── hostname.h ├── hostname_test.cc ├── strcat_test.cc ├── cpu_features_test.cc ├── testing │ ├── vsyscall.h │ ├── status_macros_test.cc │ └── vsyscall.cc ├── start_test.sh ├── libc_util.h ├── math_test.cc ├── bit_matcher.h ├── math.h ├── byte_io.h ├── reg_groups.h ├── data_dependency.h ├── reg_checksum_util.cc ├── data_dependency.cc ├── enum_flag_types.h ├── strcat.cc ├── start_test_helper.cc ├── file_util.h ├── hostname.cc ├── text_proto_printer_fuzzer.cc ├── atoi.cc ├── file_util.cc ├── enum_flag_test.cc ├── misc_util.h ├── x86_cpuid_test.cc ├── arch_mem.h ├── user_regs_util.h ├── arch_mem.cc ├── avx.h ├── path_util.h ├── atoi.h ├── cache.h ├── signals_test.cc ├── atoi_internal.h ├── atoi_internal.cc ├── strcat.h ├── cpu_id_test.cc ├── page_util.h └── reg_group_bits.h ├── paper └── silifuzz.pdf ├── CONTRIBUTING.md ├── orchestrator ├── testdata │ ├── one_mb_of_zeros.xz │ └── two_mb_of_zeros.xz └── silifuzz_orchestrator_test.cc ├── .clang-format ├── third_party ├── silifuzz_libunwind │ ├── BUILD │ ├── LICENSE │ ├── save_ucontext.S │ ├── restore_ucontext.S │ ├── save_ucontext_no_syscalls.S │ └── restore_ucontext_no_syscalls.S ├── BUILD.lss ├── BUILD.mbuild ├── BUILD.cityhash └── absl_endian_visibility.patch ├── AUTHORS ├── .kokoro └── gcp_ubuntu │ ├── continuous.cfg │ ├── presubmit.cfg │ └── kokoro_build.sh ├── BUILD ├── proto ├── corpus_metadata.proto └── binary_log_entry.proto ├── player ├── trace_options.cc ├── player_result_proto.h └── play_options.cc ├── proxies ├── util │ ├── BUILD │ ├── set_process_dumpable.cc │ └── set_process_dumpable.h └── pmu_event_proxy │ └── pmu_events.h ├── runner ├── runner_provider_test.cc ├── global_static_initializers_test.sh ├── loading_snap_corpus.cc ├── endspot.cc ├── runner_provider.h ├── snap_maker_test_util.h ├── runner_provider.cc ├── default_snap_corpus.h ├── snap_maker_test_util.cc └── endspot.h ├── .bazelrc ├── fuzzer ├── hashtest │ ├── hashtest_generator_integration_test.sh │ ├── testgeneration │ │ ├── version.h │ │ ├── prefilter.h │ │ ├── synthesize_snapshot.h │ │ ├── debugging.h │ │ └── synthesize_instruction.h │ ├── parallel_worker_pool_test.cc │ └── hashtest_result.proto └── program_batch_mutator.h ├── tools ├── fuzz_filter_tool.cc ├── fuzz_filter_tool.h ├── fuzz_filter_tool_main.cc └── snap_corpus_tool_test.sh ├── snap ├── snap_test.cc ├── testing │ ├── snap_generator_test_lib.h │ ├── snap_test_snapshots.h │ └── snap_test_types.h ├── snap_util.h ├── exit_sequence.cc ├── snap_corpus_util.h ├── gen │ ├── reserved_memory_mappings.h │ └── relocatable_data_block.cc └── snap_relocator_fuzz_test.cc ├── tool_libs ├── snapshot_summary_proto_util.h ├── corpus_partitioner_lib.h ├── corpus_partitioner_lib.cc ├── snapshot_summary_proto_util.cc └── simple_fix_tool_counters_test.cc ├── instruction ├── default_disassembler.h └── static_insn_filter.h ├── common ├── snapshot_test_enum_test.cc ├── snapshot_file_util.h └── memory_bytes_set.cc ├── tracing ├── analysis.h ├── unicorn_util.cc └── unicorn_util.h └── install_build_dependencies.sh /.bazelversion: -------------------------------------------------------------------------------- 1 | 8.2.1 2 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | *.orig 2 | *.swp 3 | /bazel-* 4 | -------------------------------------------------------------------------------- /util/testdata/data_dependency_testdata: -------------------------------------------------------------------------------- 1 | abcdefg 2 | -------------------------------------------------------------------------------- /paper/silifuzz.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/silifuzz/HEAD/paper/silifuzz.pdf -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # How to contribute 2 | 3 | We are not yet accepting external contributions at this time. Stay tuned. 4 | -------------------------------------------------------------------------------- /orchestrator/testdata/one_mb_of_zeros.xz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/silifuzz/HEAD/orchestrator/testdata/one_mb_of_zeros.xz -------------------------------------------------------------------------------- /orchestrator/testdata/two_mb_of_zeros.xz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/google/silifuzz/HEAD/orchestrator/testdata/two_mb_of_zeros.xz -------------------------------------------------------------------------------- /.clang-format: -------------------------------------------------------------------------------- 1 | BasedOnStyle: Google 2 | Language: Cpp 3 | # Force int* foo spacing style: 4 | DerivePointerAlignment: false 5 | PointerAlignment: Left 6 | -------------------------------------------------------------------------------- /third_party/silifuzz_libunwind/BUILD: -------------------------------------------------------------------------------- 1 | licenses(["notice"]) 2 | 3 | # Export all files. 4 | exports_files(["LICENSE"] + glob([ 5 | "*.S", 6 | "*.inc", 7 | ])) 8 | -------------------------------------------------------------------------------- /AUTHORS: -------------------------------------------------------------------------------- 1 | # This is the list of SiliFuzz significant contributors. 2 | # 3 | # This does not necessarily list everyone who has contributed code, 4 | # especially since many employees of one corporation may be contributing. 5 | # To see the full list of contributors, see the revision history in 6 | # source control. 7 | Google LLC 8 | -------------------------------------------------------------------------------- /third_party/BUILD.lss: -------------------------------------------------------------------------------- 1 | # Description: 2 | # Linux Syscall Support (LSS) provides a header file that can be included 3 | # into your application whenever you need to make direct system calls. 4 | 5 | package(default_visibility = ["//visibility:public"]) 6 | 7 | licenses(["notice"]) 8 | 9 | exports_files(["LICENSE"]) 10 | 11 | cc_library( 12 | name = "lss", 13 | hdrs = ["linux_syscall_support.h"], 14 | include_prefix = "third_party/lss/lss", 15 | ) 16 | -------------------------------------------------------------------------------- /third_party/BUILD.mbuild: -------------------------------------------------------------------------------- 1 | # mbuild is the build system used by Intel XED. 2 | package(default_visibility = ["//visibility:public"]) 3 | 4 | licenses(["notice"]) 5 | 6 | exports_files(["LICENSE"]) 7 | 8 | py_library( 9 | name = "mbuild", 10 | srcs = glob(["mbuild/*.py"]), 11 | srcs_version = "PY2AND3", 12 | ) 13 | 14 | py_test( 15 | name = "1", 16 | srcs = ["tests/1.py"], 17 | python_version = "PY3", 18 | srcs_version = "PY3", 19 | deps = [":mbuild"], 20 | ) 21 | -------------------------------------------------------------------------------- /.kokoro/gcp_ubuntu/continuous.cfg: -------------------------------------------------------------------------------- 1 | # -*- protobuffer -*- 2 | # proto-file: google3/devtools/kokoro/config/proto/build.proto 3 | # proto-message: BuildConfig 4 | 5 | build_file: "silifuzz/.kokoro/gcp_ubuntu/kokoro_build.sh" 6 | 7 | action { 8 | define_artifacts { 9 | regex: "**/sponge_log.xml" 10 | regex: "**/sponge_log.log" 11 | regex: "**/build_environment.log" 12 | regex: "**/full_file_list.log" 13 | regex: "**/modified_files.log" 14 | regex: "**/affected_targets.log" 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /.kokoro/gcp_ubuntu/presubmit.cfg: -------------------------------------------------------------------------------- 1 | # -*- protobuffer -*- 2 | # proto-file: google3/devtools/kokoro/config/proto/build.proto 3 | # proto-message: BuildConfig 4 | 5 | build_file: "silifuzz/.kokoro/gcp_ubuntu/kokoro_build.sh" 6 | 7 | action { 8 | define_artifacts { 9 | regex: "**/sponge_log.xml" 10 | regex: "**/sponge_log.log" 11 | regex: "**/build_environment.log" 12 | regex: "**/full_file_list.log" 13 | regex: "**/modified_files.log" 14 | regex: "**/affected_targets.log" 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /third_party/BUILD.cityhash: -------------------------------------------------------------------------------- 1 | package(default_visibility = ["//visibility:public"]) 2 | 3 | licenses(["notice"]) 4 | 5 | exports_files(["LICENSE"]) 6 | 7 | cc_library( 8 | name = "cityhash", 9 | srcs = ["src/city.cc"], 10 | hdrs = [ 11 | "src/city.h", 12 | "src/citycrc.h", 13 | "src/config.h", 14 | ], 15 | include_prefix = "third_party/cityhash", 16 | strip_include_prefix = "src", 17 | includes = ["."], 18 | copts = [ 19 | "-O3", 20 | ] + 21 | select({ 22 | "@platforms//cpu:x86_64": ["-msse4.2"], 23 | "//conditions:default": [], 24 | }) 25 | ) 26 | -------------------------------------------------------------------------------- /BUILD: -------------------------------------------------------------------------------- 1 | # Copyright 2022 The SiliFuzz Authors. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # Description: 16 | # Opensource SiliFuzz code. 17 | 18 | licenses(["notice"]) 19 | 20 | exports_files(["LICENSE"]) 21 | -------------------------------------------------------------------------------- /util/x86_64/sve_noop_test.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2024 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #include "./util/nolibc_gunit.h" 16 | 17 | NOLIBC_TEST_MAIN({ 18 | // This is a placeholder to ensure that _nolibc targets are buildable on 19 | // x86. 20 | }) 21 | -------------------------------------------------------------------------------- /proto/corpus_metadata.proto: -------------------------------------------------------------------------------- 1 | // Copyright 2022 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | syntax = "proto3"; 16 | 17 | package silifuzz.proto; 18 | 19 | // Corpus metadata. 20 | message CorpusMetadata { 21 | // Opaque version identifier. 22 | string version = 1; 23 | } 24 | -------------------------------------------------------------------------------- /player/trace_options.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2022 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #include "./player/trace_options.h" 16 | 17 | namespace silifuzz { 18 | 19 | // static 20 | const TraceOptions& TraceOptions::Default() { 21 | static const TraceOptions* value = new TraceOptions(); 22 | return *value; 23 | } 24 | 25 | } // namespace silifuzz 26 | -------------------------------------------------------------------------------- /util/enum_flag_types.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2024 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #include "./util/enum_flag_types.h" 16 | 17 | #include "./util/arch.h" 18 | #include "./util/enum_flag.h" 19 | #include "./util/platform.h" 20 | 21 | namespace silifuzz { 22 | 23 | DEFINE_ENUM_FLAG(ArchitectureId); 24 | DEFINE_ENUM_FLAG(PlatformId); 25 | 26 | } // namespace silifuzz 27 | -------------------------------------------------------------------------------- /util/ucontext/aarch64/save_ucontext.S: -------------------------------------------------------------------------------- 1 | // Copyright 2022 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | .text 16 | .p2align 2 17 | .globl SaveUContext 18 | .type SaveUContext, @function 19 | SaveUContext: 20 | #include "save_ucontext_body.inc" 21 | .size SaveUContext, .-SaveUContext 22 | .section .note.GNU-stack,"",@progbits 23 | -------------------------------------------------------------------------------- /util/aarch64/cpu_id.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2022 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #include "./util/cpu_id.h" 16 | 17 | namespace silifuzz { 18 | 19 | extern int GetCPUIdUsingSyscall(); 20 | extern int GetCPUAffinityNoSyscall(); 21 | 22 | int GetCPUId() { return GetCPUIdUsingSyscall(); } 23 | 24 | int GetCPUIdNoSyscall() { return GetCPUAffinityNoSyscall(); } 25 | 26 | } // namespace silifuzz 27 | -------------------------------------------------------------------------------- /util/signals.h: -------------------------------------------------------------------------------- 1 | // Copyright 2022 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | // Signal utilities. 16 | #ifndef THIRD_PARTY_SILIFUZZ_UTIL_SIGNALS_H_ 17 | #define THIRD_PARTY_SILIFUZZ_UTIL_SIGNALS_H_ 18 | 19 | namespace silifuzz { 20 | 21 | // Ignore `sig` in the current process. 22 | void IgnoreSignal(int sig); 23 | 24 | } // namespace silifuzz 25 | 26 | #endif // THIRD_PARTY_SILIFUZZ_UTIL_SIGNALS_H_ 27 | -------------------------------------------------------------------------------- /util/ucontext/aarch64/restore_ucontext.S: -------------------------------------------------------------------------------- 1 | // Copyright 2022 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | .text 16 | .p2align 2 17 | .globl RestoreUContextView 18 | .type RestoreUContextView, @function 19 | RestoreUContextView: 20 | #include "restore_ucontext_body.inc" 21 | .size RestoreUContextView, .-RestoreUContextView 22 | .section .note.GNU-stack,"",@progbits 23 | -------------------------------------------------------------------------------- /util/ucontext/ucontext.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2022 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #include "./util/ucontext/ucontext.h" 16 | 17 | #include 18 | 19 | #include "absl/base/attributes.h" 20 | 21 | namespace silifuzz { 22 | 23 | ABSL_ATTRIBUTE_NOINLINE int64_t CurrentInstructionPointer() { 24 | return reinterpret_cast(__builtin_return_address(0)); 25 | } 26 | 27 | } // namespace silifuzz 28 | -------------------------------------------------------------------------------- /util/aarch64/sve_vector_width.S: -------------------------------------------------------------------------------- 1 | // Copyright 2024 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | .bss 16 | // Flag to store the vector width of SVE in bytes, or 0 if SVE is not supported. 17 | .align 2 18 | .globl reg_group_io_sve_vector_width 19 | .type reg_group_io_sve_vector_width, @object 20 | .size reg_group_io_sve_vector_width, 2 21 | reg_group_io_sve_vector_width: 22 | .zero 2 23 | -------------------------------------------------------------------------------- /util/types.h: -------------------------------------------------------------------------------- 1 | // Copyright 2022 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef THIRD_PARTY_SILIFUZZ_UTIL_TYPES_H_ 16 | #define THIRD_PARTY_SILIFUZZ_UTIL_TYPES_H_ 17 | 18 | // This library defines a few common types. 19 | 20 | #include 21 | 22 | namespace silifuzz { 23 | 24 | // A checksum value - see checksum.h 25 | using CheckSum = uint64_t; 26 | 27 | } // namespace silifuzz 28 | 29 | #endif // THIRD_PARTY_SILIFUZZ_UTIL_TYPES_H_ 30 | -------------------------------------------------------------------------------- /proxies/util/BUILD: -------------------------------------------------------------------------------- 1 | # Copyright 2023 The SiliFuzz Authors. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # General utility libraries for proxies. 16 | 17 | load("@rules_cc//cc:cc_library.bzl", "cc_library") 18 | 19 | licenses(["notice"]) 20 | 21 | package(default_visibility = ["//visibility:public"]) 22 | 23 | cc_library( 24 | name = "set_process_dumpable", 25 | srcs = ["set_process_dumpable.cc"], 26 | hdrs = ["set_process_dumpable.h"], 27 | deps = ["@abseil-cpp//absl/status"], 28 | ) 29 | -------------------------------------------------------------------------------- /runner/runner_provider_test.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2022 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #include "./runner/runner_provider.h" 16 | 17 | #include 18 | 19 | #include 20 | 21 | #include "gtest/gtest.h" 22 | 23 | namespace silifuzz { 24 | namespace { 25 | 26 | TEST(RunnerProvider, BinariesExist) { 27 | struct stat s; 28 | ASSERT_EQ(stat(RunnerLocation().c_str(), &s), 0); 29 | } 30 | 31 | } // namespace 32 | } // namespace silifuzz 33 | -------------------------------------------------------------------------------- /util/ucontext/aarch64/save_ucontext_no_syscalls.S: -------------------------------------------------------------------------------- 1 | // Copyright 2022 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | .text 16 | .p2align 2 17 | .globl SaveUContextNoSyscalls 18 | .type SaveUContextNoSyscalls, @function 19 | SaveUContextNoSyscalls: 20 | #define UCONTEXT_NO_SYSCALLS 21 | #include "save_ucontext_body.inc" 22 | .size SaveUContextNoSyscalls, .-SaveUContextNoSyscalls 23 | .section .note.GNU-stack,"",@progbits 24 | -------------------------------------------------------------------------------- /util/signals.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2022 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #include 16 | 17 | #include "./util/checks.h" 18 | 19 | namespace silifuzz { 20 | 21 | void IgnoreSignal(int sig) { 22 | struct sigaction sig_action = {}; 23 | sig_action.sa_handler = SIG_IGN; 24 | sigemptyset(&sig_action.sa_mask); 25 | if (sigaction(sig, &sig_action, nullptr) < 0) { 26 | LOG_FATAL("Couldn't ignore ", strsignal(sig)); 27 | } 28 | } 29 | 30 | } // namespace silifuzz 31 | -------------------------------------------------------------------------------- /third_party/absl_endian_visibility.patch: -------------------------------------------------------------------------------- 1 | # Copyright 2025 The SiliFuzz Authors. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | --- a/absl/base/BUILD.bazel 16 | +++ b/absl/base/BUILD.bazel 17 | @@ -541,9 +541,9 @@ cc_library( 18 | ], 19 | copts = ABSL_DEFAULT_COPTS, 20 | linkopts = ABSL_DEFAULT_LINKOPTS, 21 | - visibility = [ 22 | - "//absl:__subpackages__", 23 | - ], 24 | + # visibility = [ 25 | + # "//absl:__subpackages__", 26 | + # ], 27 | deps = [ 28 | ":base", 29 | ":config", 30 | -------------------------------------------------------------------------------- /util/ucontext/aarch64/restore_ucontext_no_syscalls.S: -------------------------------------------------------------------------------- 1 | // Copyright 2022 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | .text 16 | .p2align 2 17 | .globl RestoreUContextViewNoSyscalls 18 | .type RestoreUContextViewNoSyscalls, @function 19 | RestoreUContextViewNoSyscalls: 20 | #define UCONTEXT_NO_SYSCALLS 21 | #include "restore_ucontext_body.inc" 22 | .size RestoreUContextViewNoSyscalls, .-RestoreUContextViewNoSyscalls 23 | .section .note.GNU-stack,"",@progbits 24 | -------------------------------------------------------------------------------- /.bazelrc: -------------------------------------------------------------------------------- 1 | common --enable_bzlmod 2 | 3 | build --client_env=CC=clang 4 | 5 | # Building Unicorn v2 on x86 requires a CPU that supports CX16. 6 | # This means at least core2. We chose the oldest arch we actually test on. 7 | build --copt=-march=haswell 8 | 9 | build --cxxopt=-std=c++20 --cxxopt=-fno-stack-protector --copt=-Wno-narrowing --copt=-fno-exceptions --cxxopt=-Wno-unused-private-field --cxxopt=-Wno-defaulted-function-deleted 10 | 11 | # SiliFuzz build is "selfhosted" (i.e. uses its own stack for some of the build tools). 12 | # Use the same configuration as the target above 13 | build --host_cxxopt=-std=c++20 --host_cxxopt=-fno-stack-protector --host_copt=-Wno-narrowing --host_copt=-fno-exceptions --host_cxxopt=-Wno-unused-private-field --host_cxxopt=-Wno-defaulted-function-deleted 14 | 15 | # Remove security hardening as it clashes with nolibc 16 | build --copt -U_FORTIFY_SOURCE 17 | build --host_copt -U_FORTIFY_SOURCE 18 | 19 | # We already have absl in the build, define absl=1 to tell googletest to use absl for backtrace. 20 | build --define absl=1 21 | 22 | build --copt=-fPIC 23 | build --linkopt -fuse-ld=lld 24 | -------------------------------------------------------------------------------- /fuzzer/hashtest/hashtest_generator_integration_test.sh: -------------------------------------------------------------------------------- 1 | # Copyright 2024 The SiliFuzz Authors. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | #!/bin/bash 16 | 17 | set -eu 18 | set -o pipefail 19 | 20 | GENERATOR="${TEST_SRCDIR}/${TEST_WORKSPACE}/fuzzer/hashtest/hashtest_generator" 21 | readonly GENERATOR 22 | 23 | # Make sure we can generate snapshots for various x86 platforms. 24 | ${GENERATOR} --platform=intel-broadwell -n 100 --seed 1 25 | ${GENERATOR} --platform=intel-skylake -n 100 --seed 2 26 | ${GENERATOR} --platform=intel-sapphirerapids -n 100 --seed 3 27 | 28 | echo "PASS" 29 | -------------------------------------------------------------------------------- /util/data_dependency_test.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2022 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #include "./util/data_dependency.h" 16 | 17 | #include 18 | 19 | #include 20 | 21 | #include "gtest/gtest.h" 22 | 23 | namespace silifuzz { 24 | namespace { 25 | 26 | TEST(DataDependency, GetDataDependencyFilepath) { 27 | std::string filepath = 28 | GetDataDependencyFilepath("util/testdata/data_dependency_testdata"); 29 | struct stat s; 30 | ASSERT_EQ(stat(filepath.c_str(), &s), 0); 31 | } 32 | 33 | } // namespace 34 | } // namespace silifuzz 35 | -------------------------------------------------------------------------------- /fuzzer/hashtest/testgeneration/version.h: -------------------------------------------------------------------------------- 1 | // Copyright 2024 The Silifuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef THIRD_PARTY_SILIFUZZ_FUZZER_HASHTEST_TESTGENERATION_VERSION_H_ 16 | #define THIRD_PARTY_SILIFUZZ_FUZZER_HASHTEST_TESTGENERATION_VERSION_H_ 17 | 18 | namespace silifuzz { 19 | 20 | inline constexpr unsigned int kHashTestVersionMajor = 1; 21 | inline constexpr unsigned int kHashTestVersionMinor = 2; 22 | inline constexpr unsigned int kHashTestVersionPatch = 2; 23 | 24 | } // namespace silifuzz 25 | 26 | #endif // THIRD_PARTY_SILIFUZZ_FUZZER_HASHTEST_TESTGENERATION_VERSION_H_ 27 | -------------------------------------------------------------------------------- /util/hostname.h: -------------------------------------------------------------------------------- 1 | // Copyright 2022 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef THIRD_PARTY_SILIFUZZ_UTIL_HOSTNAME_H_ 16 | #define THIRD_PARTY_SILIFUZZ_UTIL_HOSTNAME_H_ 17 | 18 | #include "absl/strings/string_view.h" 19 | namespace silifuzz { 20 | 21 | // Returns the system hostname, as returned by `gethostname`. 22 | absl::string_view Hostname(); 23 | 24 | // Same as Hostname() above but always returns just the first part of the 25 | // hostname (before the first dot). 26 | absl::string_view ShortHostname(); 27 | 28 | } // namespace silifuzz 29 | #endif // THIRD_PARTY_SILIFUZZ_UTIL_HOSTNAME_H_ 30 | -------------------------------------------------------------------------------- /third_party/silifuzz_libunwind/LICENSE: -------------------------------------------------------------------------------- 1 | Copyright (c) 2002 Hewlett-Packard Co. 2 | Copyright 2022 Google LLC 3 | 4 | Permission is hereby granted, free of charge, to any person obtaining 5 | a copy of this software and associated documentation files (the 6 | "Software"), to deal in the Software without restriction, including 7 | without limitation the rights to use, copy, modify, merge, publish, 8 | distribute, sublicense, and/or sell copies of the Software, and to 9 | permit persons to whom the Software is furnished to do so, subject to 10 | the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be 13 | included in all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 16 | EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 17 | MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 18 | NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE 19 | LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 20 | OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION 21 | WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 22 | -------------------------------------------------------------------------------- /util/hostname_test.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2022 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #include "./util/hostname.h" 16 | 17 | #include "gtest/gtest.h" 18 | #include "absl/strings/string_view.h" 19 | 20 | namespace silifuzz { 21 | namespace { 22 | TEST(Hostname, Hostname) { 23 | ASSERT_NE(Hostname(), ""); 24 | ASSERT_TRUE(Hostname().data() == Hostname().data()); 25 | } 26 | 27 | TEST(Hostname, ShortHostname) { 28 | auto short_hostname = ShortHostname(); 29 | ASSERT_NE(short_hostname, ""); 30 | ASSERT_EQ(short_hostname.find('.'), short_hostname.npos); 31 | } 32 | } // namespace 33 | } // namespace silifuzz 34 | -------------------------------------------------------------------------------- /util/strcat_test.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2022 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #include "./util/strcat.h" 16 | 17 | #include 18 | 19 | #include "gtest/gtest.h" 20 | #include "./util/itoa.h" 21 | 22 | namespace silifuzz { 23 | namespace { 24 | 25 | TEST(StrCat, All) { 26 | EXPECT_EQ(StrCat({}), std::string("")); 27 | EXPECT_EQ(StrCat({"st[", IntStr(0), "] = ", HexStr(16)}), 28 | std::string("st[0] = 0x10")); 29 | EXPECT_EQ(StrCat<0>({""}), std::string("")); 30 | EXPECT_DEATH_IF_SUPPORTED(StrCat<0>({"1"}), "MaxLength too small"); 31 | } 32 | 33 | } // namespace 34 | } // namespace silifuzz 35 | -------------------------------------------------------------------------------- /tools/fuzz_filter_tool.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2022 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #include "./tools/fuzz_filter_tool.h" 16 | 17 | #include "absl/status/status.h" 18 | #include "absl/strings/string_view.h" 19 | #include "./runner/make_snapshot.h" 20 | #include "./runner/runner_provider.h" 21 | 22 | namespace silifuzz { 23 | 24 | // Kept as a separate function so that we can test this exact config. 25 | absl::Status FilterToolMain(absl::string_view raw_insns_bytes) { 26 | return MakeRawInstructions(raw_insns_bytes, 27 | MakingConfig::Quick(RunnerLocation())) 28 | .status(); 29 | } 30 | 31 | } // namespace silifuzz 32 | -------------------------------------------------------------------------------- /util/aarch64/reg_group_io_buffer_offsets.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef THIRD_PARTY_SILIFUZZ_UTIL_AARCH64_REG_GROUP_IO_BUFFER_OFFSETS_H_ 16 | #define THIRD_PARTY_SILIFUZZ_UTIL_AARCH64_REG_GROUP_IO_BUFFER_OFFSETS_H_ 17 | 18 | // Offsets of data members of RegisterGroupIOBuffer. These are used by 19 | // assembly functions. 20 | #define REGISTER_GROUP_IO_BUFFER_REGISTER_GROUPS_OFFSET 0 21 | #define REGISTER_GROUP_IO_BUFFER_FFR_OFFSET 8 22 | #define REGISTER_GROUP_IO_BUFFER_P_OFFSET 40 23 | #define REGISTER_GROUP_IO_BUFFER_Z_OFFSET 560 24 | 25 | #endif // THIRD_PARTY_SILIFUZZ_UTIL_AARCH64_REG_GROUP_IO_BUFFER_OFFSETS_H_ 26 | -------------------------------------------------------------------------------- /util/cpu_features_test.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2023 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #include "./util/cpu_features.h" 16 | 17 | #include "gtest/gtest.h" 18 | #include "./util/itoa.h" 19 | 20 | namespace silifuzz { 21 | 22 | namespace { 23 | 24 | TEST(X86CPUFeatures, EnumStr) { 25 | #define CHECK_ENUM(name) EXPECT_STREQ(EnumStr(X86CPUFeatures::k##name), #name); 26 | CHECK_ENUM(AMX_TILE); 27 | CHECK_ENUM(AVX); 28 | CHECK_ENUM(AVX512BW); 29 | CHECK_ENUM(AVX512F); 30 | CHECK_ENUM(OSXSAVE); 31 | CHECK_ENUM(SSE); 32 | CHECK_ENUM(SSE4_2); 33 | CHECK_ENUM(XSAVE); 34 | #undef CHECK_ENUM 35 | } 36 | 37 | } // namespace 38 | 39 | } // namespace silifuzz 40 | -------------------------------------------------------------------------------- /util/x86_64/reg_group_io_buffer_offsets.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef THIRD_PARTY_SILIFUZZ_UTIL_X86_64_REG_GROUP_IO_BUFFER_OFFSETS_H_ 16 | #define THIRD_PARTY_SILIFUZZ_UTIL_X86_64_REG_GROUP_IO_BUFFER_OFFSETS_H_ 17 | 18 | // Offsets of data members of RegisterGroupIOBuffer. These are used by 19 | // assembly functions. 20 | #define REGISTER_GROUP_IO_BUFFER_REGISTER_GROUPS_OFFSET 0 21 | #define REGISTER_GROUP_IO_BUFFER_YMM_OFFSET 32 22 | #define REGISTER_GROUP_IO_BUFFER_ZMM_OFFSET 576 23 | #define REGISTER_GROUP_IO_BUFFER_OPMASK_OFFSET 2624 24 | 25 | #endif // THIRD_PARTY_SILIFUZZ_UTIL_X86_64_REG_GROUP_IO_BUFFER_OFFSETS_H_ 26 | -------------------------------------------------------------------------------- /util/testing/vsyscall.h: -------------------------------------------------------------------------------- 1 | // Copyright 2024 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | #ifndef THIRD_PARTY_SILIFUZZ_UTIL_TESTING_VSYSCALL_H_ 15 | #define THIRD_PARTY_SILIFUZZ_UTIL_TESTING_VSYSCALL_H_ 16 | 17 | #include "absl/status/statusor.h" 18 | namespace silifuzz { 19 | 20 | // Returns a boolean indicating whether legacy vsyscall region is present 21 | // and readable on the host or a status if an error happened. Depending on 22 | // kernel config, the vsyscall region can be readable, executable-only or 23 | // unmapped. 24 | absl::StatusOr VSyscallRegionReadable(); 25 | 26 | } // namespace silifuzz 27 | 28 | #endif // THIRD_PARTY_SILIFUZZ_UTIL_TESTING_VSYSCALL_H_ 29 | -------------------------------------------------------------------------------- /util/start_test.sh: -------------------------------------------------------------------------------- 1 | # Copyright 2022 The SiliFuzz Authors. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | #!/bin/bash 16 | 17 | set -eu -o pipefail 18 | 19 | # Test helper 20 | START_TEST_HELPER="${TEST_SRCDIR}/${TEST_WORKSPACE}/util/start_test_helper_nolibc" 21 | 22 | die() { 23 | echo "$@" 24 | exit 1 25 | } 26 | 27 | code=0 28 | "${START_TEST_HELPER}" || code="$?" 29 | case "${code}" in 30 | 0) 31 | # no error. 32 | ;; 33 | 1) 34 | die "Stack misaligned at main()" 35 | ;; 36 | *) 37 | die "Helper failed with unknown exit code ${code}" 38 | ;; 39 | esac 40 | 41 | "${START_TEST_HELPER}" 42 || code="$?" 42 | [[ "$code" -eq 42 ]] || die "Failed to return argv[1]" 43 | 44 | echo "PASS" 45 | -------------------------------------------------------------------------------- /util/libc_util.h: -------------------------------------------------------------------------------- 1 | // Copyright 2022 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef THIRD_PARTY_SILIFUZZ_UTIL_LIBC_UTIL_H_ 16 | #define THIRD_PARTY_SILIFUZZ_UTIL_LIBC_UTIL_H_ 17 | 18 | // This library contains various simple utilities that are small enhancements 19 | // on top of some libc functionality. Move things if they grow beyond that. 20 | 21 | #include 22 | 23 | namespace silifuzz { 24 | 25 | // Wrapper around fcntl() to clear the given file status flag bits for `fd`. 26 | int fcntl_clearfl(int fd, int flags) { 27 | return fcntl(fd, F_SETFL, fcntl(fd, F_GETFL) & ~flags); 28 | } 29 | 30 | } // namespace silifuzz 31 | 32 | #endif // THIRD_PARTY_SILIFUZZ_UTIL_LIBC_UTIL_H_ 33 | -------------------------------------------------------------------------------- /util/math_test.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2023 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #include "./util/math.h" 16 | 17 | #include "./util/checks.h" 18 | #include "./util/nolibc_gunit.h" 19 | 20 | namespace silifuzz { 21 | namespace { 22 | 23 | TEST(Math, RoundUpToPowerOfTwo) { 24 | int divisor = 1 << 8; 25 | for (int i = 0; i < divisor * 10; ++i) { 26 | int rounded = RoundUpToPowerOfTwo(i, divisor); 27 | CHECK_EQ(rounded % divisor, 0); 28 | if (i % divisor == 0) { 29 | CHECK_EQ(i, rounded); 30 | } else { 31 | CHECK_LT(i, rounded); 32 | } 33 | } 34 | } 35 | 36 | } // namespace 37 | } // namespace silifuzz 38 | 39 | NOLIBC_TEST_MAIN({ RUN_TEST(Math, RoundUpToPowerOfTwo); }) 40 | -------------------------------------------------------------------------------- /runner/global_static_initializers_test.sh: -------------------------------------------------------------------------------- 1 | # Copyright 2022 The SiliFuzz Authors. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | #!/bin/bash 16 | # Test that runner_main_nolibc binary does not have any global static 17 | # initializer. This is done by checking the absence of .init_array section 18 | # in the binary. 19 | 20 | set -eu -o pipefail 21 | 22 | RUNNER_BINARY="${TEST_SRCDIR}/${TEST_WORKSPACE}/runner/reading_runner_main_nolibc" 23 | readonly RUNNER_BINARY 24 | 25 | # Make sure the file exists 26 | [[ -f "${RUNNER_BINARY}" ]] 27 | 28 | # There should not be a .init_array section. 29 | if readelf -S "${RUNNER_BINARY}" | grep -q ".init_array"; then 30 | echo "Found .init_array section in the binary" 31 | exit 1 32 | fi 33 | 34 | echo "PASS" 35 | -------------------------------------------------------------------------------- /util/bit_matcher.h: -------------------------------------------------------------------------------- 1 | // Copyright 2024 The Silifuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef THIRD_PARTY_SILIFUZZ_UTIL_BIT_MATCHER_H_ 16 | #define THIRD_PARTY_SILIFUZZ_UTIL_BIT_MATCHER_H_ 17 | 18 | namespace silifuzz { 19 | 20 | template 21 | struct BitMatcher { 22 | T mask; 23 | T bits; 24 | 25 | constexpr bool matches(T insn) const { return (insn & mask) == bits; } 26 | }; 27 | 28 | template 29 | struct RequiredBits { 30 | BitMatcher pattern; 31 | BitMatcher expect; 32 | constexpr bool violates_requirements(T insn) const { 33 | return pattern.matches(insn) && !expect.matches(insn); 34 | } 35 | }; 36 | 37 | } // namespace silifuzz 38 | 39 | #endif // THIRD_PARTY_SILIFUZZ_UTIL_BIT_MATCHER_H_ 40 | -------------------------------------------------------------------------------- /snap/snap_test.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2022 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #include "./snap/snap.h" 16 | 17 | #include "gtest/gtest.h" 18 | 19 | namespace silifuzz { 20 | namespace { 21 | 22 | TEST(Snap, ConstIterator) { 23 | SnapArray empty = {.size = 0, .elements = nullptr}; 24 | EXPECT_EQ(empty.begin(), empty.end()); 25 | 26 | constexpr int kElements[] = {1, 1, 2, 3, 5, 8}; 27 | constexpr int kNumElements = sizeof(kElements) / sizeof(kElements[0]); 28 | SnapArray array = {.size = kNumElements, .elements = kElements}; 29 | 30 | int i = 0; 31 | for (const auto& element : array) { 32 | EXPECT_EQ(element, kElements[i]); 33 | i++; 34 | } 35 | EXPECT_EQ(i, kNumElements); 36 | } 37 | 38 | } // namespace 39 | } // namespace silifuzz 40 | -------------------------------------------------------------------------------- /fuzzer/hashtest/testgeneration/prefilter.h: -------------------------------------------------------------------------------- 1 | // Copyright 2024 The Silifuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef THIRD_PARTY_SILIFUZZ_FUZZER_HASHTEST_TESTGENERATION_PREFILTER_H_ 16 | #define THIRD_PARTY_SILIFUZZ_FUZZER_HASHTEST_TESTGENERATION_PREFILTER_H_ 17 | 18 | extern "C" { 19 | #include "third_party/libxed/xed-interface.h" 20 | } 21 | 22 | namespace silifuzz { 23 | 24 | // Returns true if this instruction may be something we want to test. This 25 | // instruction may later be filtered out for other reasons. 26 | // Returns false if the instruction is obviously something we do not want to 27 | // test. 28 | bool PrefilterInstruction(const xed_inst_t* instruction); 29 | 30 | } // namespace silifuzz 31 | 32 | #endif // THIRD_PARTY_SILIFUZZ_FUZZER_HASHTEST_TESTGENERATION_PREFILTER_H_ 33 | -------------------------------------------------------------------------------- /util/math.h: -------------------------------------------------------------------------------- 1 | // Copyright 2025 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef THIRD_PARTY_SILIFUZZ_UTIL_MATH_UTIL_H_ 16 | #define THIRD_PARTY_SILIFUZZ_UTIL_MATH_UTIL_H_ 17 | 18 | #include 19 | 20 | #include "./util/checks.h" 21 | 22 | namespace silifuzz { 23 | 24 | template 25 | std::enable_if_t, T> RoundUpToPowerOfTwo(T value, 26 | T target) { 27 | CHECK_GT(target, 0); 28 | CHECK_EQ_LOG(target & (target - 1), 0, "target must be a power of two"); 29 | 30 | T tmp = 0; 31 | CHECK(!__builtin_add_overflow(value, target - 1, &tmp)); 32 | return tmp & ~(target - 1); 33 | } 34 | 35 | } // namespace silifuzz 36 | 37 | #endif // THIRD_PARTY_SILIFUZZ_UTIL_MATH_UTIL_H_ 38 | -------------------------------------------------------------------------------- /runner/loading_snap_corpus.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2022 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #include "./runner/default_snap_corpus.h" 16 | #include "./snap/snap.h" 17 | #include "./snap/snap_corpus_util.h" 18 | #include "./util/arch.h" 19 | 20 | namespace silifuzz { 21 | 22 | const SnapCorpus* LoadCorpus(const char* filename, bool verify, 23 | int* corpus_fd) { 24 | if (filename == nullptr) { 25 | if (corpus_fd != nullptr) { 26 | *corpus_fd = -1; 27 | } 28 | return nullptr; 29 | } 30 | // Release the pointer -- it is ok to leak memory since the runner always 31 | // runs to completion and then exits. 32 | return LoadCorpusFromFile(filename, true, verify, corpus_fd).release(); 33 | } 34 | 35 | } // namespace silifuzz 36 | -------------------------------------------------------------------------------- /snap/testing/snap_generator_test_lib.h: -------------------------------------------------------------------------------- 1 | // Copyright 2022 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef THIRD_PARTY_SILIFUZZ_SNAP_TESTING_SNAP_GENERATOR_TEST_LIB_H_ 16 | #define THIRD_PARTY_SILIFUZZ_SNAP_TESTING_SNAP_GENERATOR_TEST_LIB_H_ 17 | 18 | #include "./common/snapshot.h" 19 | #include "./snap/gen/snap_generator.h" 20 | #include "./snap/snap.h" 21 | 22 | namespace silifuzz { 23 | 24 | // Verifies that 'snap' is correctly generated from 'snapshot' using 25 | // 'generator_options'. Die if any error is found. 26 | template 27 | void VerifyTestSnap(const Snapshot& snapshot, const Snap& snap, 28 | const SnapifyOptions& generator_options); 29 | } // namespace silifuzz 30 | 31 | #endif // THIRD_PARTY_SILIFUZZ_SNAP_TESTING_SNAP_GENERATOR_TEST_LIB_H_ 32 | -------------------------------------------------------------------------------- /proxies/util/set_process_dumpable.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2023 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | #include "./proxies/util/set_process_dumpable.h" 15 | 16 | #include 17 | #include 18 | 19 | #include 20 | 21 | #include "absl/status/status.h" 22 | 23 | namespace silifuzz::proxies { 24 | 25 | absl::Status SetProcessDumpable() { 26 | if (prctl(PR_SET_DUMPABLE, 1 /* SUID_DUMP_USER */) != 0) { 27 | return absl::ErrnoToStatus(errno, "prctl(PR_SET_DUMPABLE) failed"); 28 | } 29 | struct rlimit core_rlimit { 30 | .rlim_cur = 0, .rlim_max = 0, 31 | }; 32 | if (setrlimit(RLIMIT_CORE, &core_rlimit) != 0) { 33 | return absl::ErrnoToStatus(errno, "setrlimit(RLIMIT_CORE) failed"); 34 | } 35 | return absl::OkStatus(); 36 | } 37 | 38 | } // namespace silifuzz::proxies 39 | -------------------------------------------------------------------------------- /tool_libs/snapshot_summary_proto_util.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef THIRD_PARTY_SILIFUZZ_TOOL_LIBS_SNAPSHOT_SUMMARY_PROTO_UTIL_H_ 16 | #define THIRD_PARTY_SILIFUZZ_TOOL_LIBS_SNAPSHOT_SUMMARY_PROTO_UTIL_H_ 17 | 18 | #include "absl/status/statusor.h" 19 | #include "./proto/snapshot.pb.h" 20 | #include "./tool_libs/snap_group.h" 21 | 22 | namespace silifuzz { 23 | 24 | class SnapshotSummaryProto final { 25 | public: 26 | static absl::StatusOr FromProto( 27 | const proto::SnapshotSummary& proto); 28 | static void ToProto(const SnapshotGroup::SnapshotSummary& summary, 29 | proto::SnapshotSummary* proto); 30 | }; 31 | 32 | } // namespace silifuzz 33 | 34 | #endif // THIRD_PARTY_SILIFUZZ_TOOL_LIBS_SNAPSHOT_SUMMARY_PROTO_UTIL_H_ 35 | -------------------------------------------------------------------------------- /util/aarch64/reg_groups.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2023 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #include "./util/reg_groups.h" 16 | 17 | #include "./util/aarch64/sve.h" 18 | #include "./util/arch.h" 19 | #include "./util/reg_group_set.h" 20 | 21 | namespace silifuzz { 22 | 23 | RegisterGroupSet GetCurrentPlatformRegisterGroups() { 24 | RegisterGroupSet groups; 25 | groups.SetGPR(true).SetFPR(true).SetSVEVectorWidth(GetSVEVectorWidthGlobal()); 26 | return groups; 27 | } 28 | 29 | RegisterGroupSet GetCurrentPlatformChecksumRegisterGroups() { 30 | RegisterGroupSet groups = GetCurrentPlatformRegisterGroups(); 31 | 32 | // These are always recorded in snapshots and are not included in checksum. 33 | groups.SetGPR(false).SetFPR(false); 34 | return groups; 35 | } 36 | 37 | } // namespace silifuzz 38 | -------------------------------------------------------------------------------- /snap/testing/snap_test_snapshots.h: -------------------------------------------------------------------------------- 1 | // Copyright 2022 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef THIRD_PARTY_SILIFUZZ_SNAP_TESTING_SNAP_TEST_SNAPSHOTS_H_ 16 | #define THIRD_PARTY_SILIFUZZ_SNAP_TESTING_SNAP_TEST_SNAPSHOTS_H_ 17 | #include "./common/snapshot.h" 18 | #include "./common/snapshot_test_enum.h" 19 | #include "./snap/testing/snap_test_types.h" 20 | 21 | namespace silifuzz { 22 | 23 | // Returns a silifuzz::Snapshot of the given Snap generator test type. 24 | template 25 | Snapshot MakeSnapGeneratorTestSnapshot(SnapGeneratorTestType type); 26 | 27 | // Returns a silifuzz::Snapshot of the given Snap runner test type. 28 | template 29 | Snapshot MakeSnapRunnerTestSnapshot(TestSnapshot type); 30 | 31 | } // namespace silifuzz 32 | 33 | #endif // THIRD_PARTY_SILIFUZZ_SNAP_TESTING_SNAP_TEST_SNAPSHOTS_H_ 34 | -------------------------------------------------------------------------------- /util/byte_io.h: -------------------------------------------------------------------------------- 1 | // Copyright 2022 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef THIRD_PARTY_SILIFUZZ_UTIL_BYTE_IO_H_ 16 | #define THIRD_PARTY_SILIFUZZ_UTIL_BYTE_IO_H_ 17 | // Byte I/O utility 18 | 19 | #include 20 | #include // ssize_t 21 | 22 | namespace silifuzz { 23 | 24 | // A simple nolibc-compatible file reading helper. Reads up-to `space` bytes 25 | // from `fd` into '*buffer`. Returns number of bytes read or -1 on any failure. 26 | ssize_t Read(int fd, void* buffer, size_t space); 27 | 28 | // A simple nolibc-compatible file writing helper. Writes up-to `space` bytes 29 | // from '*buffer` into `fd`. Returns number of bytes written or -1 on any 30 | // failure. 31 | ssize_t Write(int fd, const void* buffer, size_t space); 32 | 33 | } // namespace silifuzz 34 | 35 | #endif // THIRD_PARTY_SILIFUZZ_UTIL_BYTE_IO_H_ 36 | -------------------------------------------------------------------------------- /.kokoro/gcp_ubuntu/kokoro_build.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Copyright 2022 SiliFuzz Authors 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # https://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | 17 | # Fail on any error. 18 | set -eu 19 | 20 | # Code under repo is checked out to ${KOKORO_ARTIFACTS_DIR}/github. 21 | # The final directory name in this path is determined by the scm name specified 22 | # in the job configuration. 23 | cd "${KOKORO_ARTIFACTS_DIR}/github/silifuzz/.kokoro/gcp_ubuntu" 24 | 25 | # Pin Ubuntu Docker image to noble for updated clang and better hermeticity. 26 | # See https://github.com/google/silifuzz/issues/9. 27 | DOCKER_IMAGE=ubuntu:noble 28 | 29 | docker run \ 30 | --security-opt seccomp=unconfined \ 31 | -v ${KOKORO_ARTIFACTS_DIR}/github/silifuzz:/app \ 32 | -v ${KOKORO_ARTIFACTS_DIR}:/kokoro \ 33 | --env KOKORO_ARTIFACTS_DIR=/kokoro \ 34 | -w /app \ 35 | "${DOCKER_IMAGE}" \ 36 | /app/.kokoro/gcp_ubuntu/run_tests_inside_docker.sh 37 | -------------------------------------------------------------------------------- /runner/endspot.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2023 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #include "./runner/endspot.h" 16 | 17 | #include "./util/checks.h" 18 | #include "./util/itoa.h" 19 | #include "./util/logging_util.h" 20 | #include "./util/ucontext/signal.h" 21 | 22 | namespace silifuzz { 23 | 24 | void EndSpot::Log() const { 25 | LOG_INFO("Signal: ", IntStr(signum)); 26 | LOG_INFO("sig_code: ", IntStr(sig_code)); 27 | LOG_INFO("sig_address: ", HexStr(sig_address)); 28 | SignalRegSet base = {}; 29 | LogSignalRegs(sigregs, &base); 30 | if (VLOG_IS_ON(0)) { 31 | LOG_INFO("CPU registers (non-0 only):"); 32 | gregs_t base = {}; 33 | LogGRegs(*gregs, &base); 34 | } 35 | if (VLOG_IS_ON(1)) { 36 | LOG_INFO("FP registers (non-0 only):"); 37 | fpregs_t base = {}; 38 | LogFPRegs(*fpregs, true, &base); 39 | } 40 | } 41 | 42 | } // namespace silifuzz 43 | -------------------------------------------------------------------------------- /util/reg_groups.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef THIRD_PARTY_SILIFUZZ_UTIL_REG_GROUPS_H_ 16 | #define THIRD_PARTY_SILIFUZZ_UTIL_REG_GROUPS_H_ 17 | #include 18 | 19 | #include "./util/arch.h" 20 | #include "./util/reg_group_set.h" 21 | 22 | namespace silifuzz { 23 | 24 | // Returns a register group set of the current platform. 25 | RegisterGroupSet GetCurrentPlatformRegisterGroups(); 26 | 27 | // Returns a registers group set of the current platform for groups that 28 | // are included in a checksum at the end of snapshot execution. These registers 29 | // are not fully recorded after snapshot execution and thus only summary 30 | // information is available. 31 | RegisterGroupSet GetCurrentPlatformChecksumRegisterGroups(); 32 | 33 | } // namespace silifuzz 34 | 35 | #endif // THIRD_PARTY_SILIFUZZ_UTIL_REG_GROUPS_H_ 36 | -------------------------------------------------------------------------------- /runner/runner_provider.h: -------------------------------------------------------------------------------- 1 | // Copyright 2022 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef THIRD_PARTY_SILIFUZZ_RUNNER_RUNNER_PROVIDER_H_ 16 | #define THIRD_PARTY_SILIFUZZ_RUNNER_RUNNER_PROVIDER_H_ 17 | 18 | #include 19 | 20 | // This library defines a bunch of methods to obtain path(s) to the runner 21 | // binary. 22 | 23 | namespace silifuzz { 24 | 25 | // Returns the one runner binary location. 26 | // Checks the data dependencies first and falls back to $CWD/runner if needed. 27 | std::string RunnerLocation(); 28 | 29 | // Returns location of the runner_test_helper_nolibc binary. 30 | // NOTE: The caller must ensure that the runner/runner_test_helper_nolibc is a 31 | // data dependency of the corresponding build target. 32 | std::string RunnerTestHelperLocation(); 33 | 34 | } // namespace silifuzz 35 | 36 | #endif // THIRD_PARTY_SILIFUZZ_RUNNER_RUNNER_PROVIDER_H_ 37 | -------------------------------------------------------------------------------- /util/data_dependency.h: -------------------------------------------------------------------------------- 1 | // Copyright 2022 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef THIRD_PARTY_SILIFUZZ_UTIL_DATA_DEPENDENCY_H_ 16 | #define THIRD_PARTY_SILIFUZZ_UTIL_DATA_DEPENDENCY_H_ 17 | 18 | #include 19 | 20 | #include "absl/strings/string_view.h" 21 | 22 | namespace silifuzz { 23 | 24 | // Get the silifuzz-relative filepath for a data dependency. 25 | std::string GetDataDependencyFilepath(absl::string_view relative_path); 26 | 27 | // Same as above but specifically targeting Bazel environment. 28 | // CHECKs if the path does not exist. 29 | // 30 | // See https://bazel.build/concepts/dependencies#data-dependencies and 31 | // https://bazel.build/reference/test-encyclopedia for details. 32 | std::string GetDataDependencyFilepathBazel(absl::string_view relative_path); 33 | 34 | } // namespace silifuzz 35 | 36 | #endif // THIRD_PARTY_SILIFUZZ_UTIL_DATA_DEPENDENCY_H_ 37 | -------------------------------------------------------------------------------- /fuzzer/hashtest/testgeneration/synthesize_snapshot.h: -------------------------------------------------------------------------------- 1 | // Copyright 2024 The Silifuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef THIRD_PARTY_SILIFUZZ_FUZZER_HASHTEST_TESTGENERATION_SYNTHESIZE_SNAPSHOT_H_ 16 | #define THIRD_PARTY_SILIFUZZ_FUZZER_HASHTEST_TESTGENERATION_SYNTHESIZE_SNAPSHOT_H_ 17 | 18 | #include 19 | 20 | #include "absl/status/statusor.h" 21 | #include "./common/snapshot.h" 22 | #include "./fuzzer/hashtest/testgeneration/synthesize_test.h" 23 | 24 | namespace silifuzz { 25 | 26 | absl::StatusOr SynthesizeTestSnapshot(std::mt19937_64& rng, 27 | xed_chip_enum_t chip, 28 | const SynthesisConfig& config, 29 | bool make); 30 | 31 | } // namespace silifuzz 32 | 33 | #endif // THIRD_PARTY_SILIFUZZ_FUZZER_HASHTES_TESTGENERATIONT_SYNTHESIZE_SNAPSHOT_H_ 34 | -------------------------------------------------------------------------------- /util/reg_checksum_util.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2023 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #include "./util/reg_checksum_util.h" 16 | 17 | #include 18 | 19 | #include "absl/status/statusor.h" 20 | #include "./util/arch.h" 21 | #include "./util/reg_checksum.h" 22 | 23 | namespace silifuzz { 24 | 25 | namespace { 26 | 27 | // Returns true iff 'data' is a valid RegisterChecksum of 'Arch' 28 | template 29 | bool IsValidRegisterChecksumImpl(const std::string& data) { 30 | absl::StatusOr> register_checksum_or = 31 | DeserializeRegisterChecksum(data); 32 | return register_checksum_or.ok(); 33 | } 34 | 35 | } // namespace 36 | 37 | bool IsValidRegisterChecksumForArch(ArchitectureId arch, 38 | const std::string& data) { 39 | return ARCH_DISPATCH(IsValidRegisterChecksumImpl, arch, data); 40 | } 41 | 42 | } // namespace silifuzz 43 | -------------------------------------------------------------------------------- /util/data_dependency.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2022 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #include "./util/data_dependency.h" 16 | 17 | #include 18 | #include // NOLINT(build/c++17) 19 | #include 20 | 21 | #include "absl/strings/string_view.h" 22 | #include "./util/checks.h" 23 | 24 | namespace silifuzz { 25 | 26 | std::string GetDataDependencyFilepath(absl::string_view relative_path) { 27 | return GetDataDependencyFilepathBazel(relative_path); 28 | } 29 | 30 | std::string GetDataDependencyFilepathBazel(absl::string_view relative_path) { 31 | std::filesystem::path p; 32 | if (auto test_dir = std::getenv("TEST_SRCDIR"); test_dir == nullptr) { 33 | p = std::filesystem::current_path() / relative_path; 34 | } else { 35 | p = std::filesystem::path(test_dir) / std::getenv("TEST_WORKSPACE") / 36 | relative_path; 37 | } 38 | return p; 39 | } 40 | 41 | } // namespace silifuzz 42 | -------------------------------------------------------------------------------- /util/ucontext/x86_64/ucontext_test_widgets.S: -------------------------------------------------------------------------------- 1 | // Copyright 2022 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifdef UCONTEXT_NO_SYSCALLS 16 | #define SAVE_UCONTEXT SaveUContextNoSyscalls 17 | #define RESTORE_UCONTEXT_VIEW RestoreUContextViewNoSyscalls 18 | #else 19 | #define SAVE_UCONTEXT SaveUContext 20 | #define RESTORE_UCONTEXT_VIEW RestoreUContextView 21 | #endif 22 | 23 | .text 24 | 25 | 26 | // Swap stacks and the restore the context. This lets us see the effects of 27 | // RestoreUContext() both on the stack we're restoring in to and the stack 28 | // we're restoring out on. 29 | .p2align 2 30 | .globl CaptureStack 31 | .type CaptureStack, @function 32 | CaptureStack: 33 | // rdi is the context view we will restore. 34 | // rsi is the alternate stack. 35 | 36 | movq %rsi, %rsp 37 | jmp RESTORE_UCONTEXT_VIEW 38 | 39 | .size CaptureStack, .-CaptureStack 40 | 41 | .section .note.GNU-stack,"",@progbits 42 | -------------------------------------------------------------------------------- /util/enum_flag_types.h: -------------------------------------------------------------------------------- 1 | // Copyright 2024 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef THIRD_PARTY_SILIFUZZ_UTIL_ENUM_FLAG_TYPES_H_ 16 | #define THIRD_PARTY_SILIFUZZ_UTIL_ENUM_FLAG_TYPES_H_ 17 | 18 | #include "./util/arch.h" 19 | #include "./util/enum_flag.h" 20 | #include "./util/platform.h" 21 | 22 | // ClangTidy cannot see the declaration inside DECLARE_ENUM_FLAG being consumed 23 | // by ABSL_FLAG. Hack around this by marking the header always keep. 24 | // IWYU pragma: always_keep 25 | 26 | namespace silifuzz { 27 | 28 | // These are all the enum flags used by more than one command-line tool. 29 | // Enum flag parsing is incompatible with nolibc, so we keep the flag parsers 30 | // in a separate file. The main concern is ArchitectureId, since it pervades 31 | // the codebase. 32 | 33 | DECLARE_ENUM_FLAG(ArchitectureId); 34 | DECLARE_ENUM_FLAG(PlatformId); 35 | 36 | } // namespace silifuzz 37 | 38 | #endif // THIRD_PARTY_SILIFUZZ_UTIL_ENUM_FLAG_TYPES_H_ 39 | -------------------------------------------------------------------------------- /fuzzer/hashtest/parallel_worker_pool_test.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2024 The Silifuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #include "./fuzzer/hashtest/parallel_worker_pool.h" 16 | 17 | #include 18 | #include 19 | 20 | #include "gtest/gtest.h" 21 | 22 | namespace silifuzz { 23 | 24 | namespace { 25 | 26 | TEST(ParallelWorkerPool, SmokeTest) { 27 | constexpr int kNumThreads = 32; 28 | ParallelWorkerPool workers(kNumThreads); 29 | std::vector scratch(kNumThreads); 30 | 31 | // Initialize the data to [0, 1, ..., kNumThreads-1] 32 | std::iota(std::begin(scratch), std::end(scratch), 0); 33 | 34 | // Double each element 8 times. 35 | for (int iteration = 0; iteration < 8; ++iteration) { 36 | workers.DoWork(scratch, [](int& data) { data *= 2; }); 37 | } 38 | 39 | // Check the result. 40 | for (int i = 0; i < kNumThreads; ++i) { 41 | EXPECT_EQ(scratch[i], i * 256) << i; 42 | } 43 | } 44 | 45 | } // namespace 46 | 47 | } // namespace silifuzz 48 | -------------------------------------------------------------------------------- /runner/snap_maker_test_util.h: -------------------------------------------------------------------------------- 1 | // Copyright 2022 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | // Utilities for snap maker test. 16 | 17 | #ifndef THIRD_PARTY_SILIFUZZ_RUNNER_SNAP_MAKER_TEST_UTIL_H_ 18 | #define THIRD_PARTY_SILIFUZZ_RUNNER_SNAP_MAKER_TEST_UTIL_H_ 19 | 20 | #include "absl/status/statusor.h" 21 | #include "./common/snapshot.h" 22 | #include "./player/trace_options.h" 23 | #include "./runner/snap_maker.h" 24 | 25 | namespace silifuzz { 26 | 27 | // Default snap maker options for snap maker tests. 28 | SnapMaker::Options DefaultSnapMakerOptionsForTest(); 29 | 30 | // Applies Make(), Record() and Verify() to the snapshot and returns either 31 | // the fixed Snapshot or an error. 32 | absl::StatusOr FixSnapshotInTest( 33 | const Snapshot& snapshot, 34 | const SnapMaker::Options& options = DefaultSnapMakerOptionsForTest(), 35 | const TraceOptions& trace_options = TraceOptions::Default()); 36 | 37 | } // namespace silifuzz 38 | 39 | #endif // THIRD_PARTY_SILIFUZZ_RUNNER_SNAP_MAKER_TEST_UTIL_H_ 40 | -------------------------------------------------------------------------------- /tool_libs/corpus_partitioner_lib.h: -------------------------------------------------------------------------------- 1 | // Copyright 2022 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | // Library for corpus partitioner. 16 | #ifndef THIRD_PARTY_SILIFUZZ_TOOL_LIBS_CORPUS_PARTITIONER_LIB_H_ 17 | #define THIRD_PARTY_SILIFUZZ_TOOL_LIBS_CORPUS_PARTITIONER_LIB_H_ 18 | #include 19 | 20 | #include "./tool_libs/snap_group.h" 21 | 22 | namespace silifuzz { 23 | 24 | // Creates a corpus partition of `num_groups` groups using summary information 25 | // in `ungrouped`. Partitioning is done iteratively using a heuristic that 26 | // removes entries in `ungrouped` until `ungrouped` is empty or `num_iterations` 27 | // attempts has been made. When partitioning finishes, `ungrouped` contains any 28 | // remaining Snaps that cannot be placed due to conflicts. 29 | SnapshotPartition PartitionCorpus( 30 | int32_t num_groups, int32_t num_iterations, 31 | SnapshotGroup::SnapshotSummaryList& ungrouped); 32 | 33 | } // namespace silifuzz 34 | 35 | #endif // THIRD_PARTY_SILIFUZZ_TOOL_LIBS_CORPUS_PARTITIONER_LIB_H_ 36 | -------------------------------------------------------------------------------- /util/strcat.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2022 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #include "./util/strcat.h" 16 | 17 | #include 18 | #include 19 | 20 | #include "absl/strings/string_view.h" 21 | #include "./util/checks.h" 22 | 23 | namespace silifuzz { 24 | 25 | namespace strcat_internal { 26 | 27 | // Based on absl::strings_internal::CatPieces. 28 | void CatPieces(std::initializer_list pieces, char* out, 29 | int max_string_length) { 30 | size_t total_size = 0; 31 | for (const absl::string_view& piece : pieces) total_size += piece.size(); 32 | if (total_size > max_string_length) { 33 | LOG_FATAL("MaxLength too small"); 34 | } 35 | 36 | for (const absl::string_view& piece : pieces) { 37 | const size_t this_size = piece.size(); 38 | if (this_size != 0) { 39 | memcpy(out, piece.data(), this_size); 40 | out += this_size; 41 | } 42 | } 43 | *out = '\0'; 44 | } 45 | 46 | } // namespace strcat_internal 47 | } // namespace silifuzz 48 | -------------------------------------------------------------------------------- /snap/snap_util.h: -------------------------------------------------------------------------------- 1 | // Copyright 2022 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef THIRD_PARTY_SILIFUZZ_SNAP_SNAP_UTIL_H_ 16 | #define THIRD_PARTY_SILIFUZZ_SNAP_SNAP_UTIL_H_ 17 | 18 | // Utilities for Snap. 19 | // These are not parts of Snap classes to reduce dependencies of snap.h, 20 | // which is used in the nolibc environment by the runner. 21 | 22 | #include "absl/status/statusor.h" 23 | #include "./common/snapshot.h" 24 | #include "./snap/snap.h" 25 | #include "./util/platform.h" 26 | 27 | namespace silifuzz { 28 | 29 | // Converts Snap into Snapshot with `platform` representing the platform for the 30 | // only expected end state in `snap`. 31 | // TODO(ksteuck): [impl] There should be metadata in the corpus file or the Snap 32 | // to describe the target platform. 33 | template 34 | absl::StatusOr SnapToSnapshot(const Snap& snap, 35 | PlatformId platform); 36 | 37 | } // namespace silifuzz 38 | 39 | #endif // THIRD_PARTY_SILIFUZZ_SNAP_SNAP_UTIL_H_ 40 | -------------------------------------------------------------------------------- /util/start_test_helper.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2022 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | // Helper for start_test.sh 16 | // This returns the last argument as an unsigned value to start_test.sh. 17 | #include 18 | 19 | // Convert string *s into an unsigned decimal integer. 20 | uint32_t atou32(const char* s) { 21 | uint32_t u = 0; 22 | for (; *s >= '0' && *s <= '9'; ++s) { 23 | u = u * 10 + (*s - '0'); 24 | } 25 | return u; 26 | } 27 | 28 | int main(int argc, char* argv[]) { 29 | #ifdef __x86_64__ 30 | // Check that frame pointer is 16-byte aligned on x86_64. 31 | // The stack pointer before main() is called should be 16-byte aligned. 32 | // The frame pointer should have the value of old stack pointer + 16 here. 33 | const uintptr_t frame_ptr = 34 | reinterpret_cast(__builtin_frame_address(0)); 35 | if (frame_ptr % 16 != 0) { 36 | return 1; 37 | } 38 | #endif 39 | 40 | // Just use the last command line argument as exit code. 41 | return argc > 1 ? atou32(argv[argc - 1]) : 0; 42 | } 43 | -------------------------------------------------------------------------------- /util/file_util.h: -------------------------------------------------------------------------------- 1 | // Copyright 2022 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef THIRD_PARTY_SILIFUZZ_UTIL_FILE_UTIL_H_ 16 | #define THIRD_PARTY_SILIFUZZ_UTIL_FILE_UTIL_H_ 17 | 18 | #include "absl/base/attributes.h" 19 | #include "absl/strings/string_view.h" 20 | 21 | namespace silifuzz { 22 | 23 | // Writes the data provided in `contents` to the file descriptor `fd`. 24 | ABSL_MUST_USE_RESULT bool WriteToFileDescriptor(int fd, 25 | absl::string_view contents); 26 | 27 | // Writes the data provided in `contents` to the file `file_name`, overwriting 28 | // any existing content. Fails if directory does not exist. 29 | // 30 | // NOTE: Will return true iff all of the data in `content` was written. 31 | // May write some of the data and return an error. 32 | ABSL_MUST_USE_RESULT bool SetContents(absl::string_view file_name, 33 | absl::string_view contents); 34 | 35 | } // namespace silifuzz 36 | 37 | #endif // THIRD_PARTY_SILIFUZZ_UTIL_FILE_UTIL_H_ 38 | -------------------------------------------------------------------------------- /instruction/default_disassembler.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef THIRD_PARTY_SILIFUZZ_INSTRUCTION_DEFAULT_DISASSEMBLER_H_ 16 | #define THIRD_PARTY_SILIFUZZ_INSTRUCTION_DEFAULT_DISASSEMBLER_H_ 17 | 18 | #include "./instruction/capstone_disassembler.h" 19 | #include "./instruction/xed_disassembler.h" 20 | #include "./util/arch.h" 21 | 22 | namespace silifuzz { 23 | namespace disassembler_internal { 24 | 25 | // A helper type since we cannot specialize a using statement directly. 26 | template 27 | struct Default; 28 | 29 | template <> 30 | struct Default { 31 | using Type = XedDisassembler; 32 | }; 33 | 34 | template <> 35 | struct Default { 36 | using Type = CapstoneDisassembler; 37 | }; 38 | 39 | } // namespace disassembler_internal 40 | 41 | template 42 | using DefaultDisassembler = typename disassembler_internal::Default::Type; 43 | 44 | } // namespace silifuzz 45 | 46 | #endif // THIRD_PARTY_SILIFUZZ_INSTRUCTION_DEFAULT_DISASSEMBLER_H_ 47 | -------------------------------------------------------------------------------- /util/hostname.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2022 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #include "./util/hostname.h" 16 | 17 | #include 18 | 19 | #include 20 | #include 21 | 22 | #include "absl/strings/string_view.h" 23 | #include "./util/checks.h" 24 | #include "./util/itoa.h" 25 | 26 | namespace silifuzz { 27 | 28 | absl::string_view Hostname() { 29 | static const std::string* hostname = [] { 30 | std::string* hostname = new std::string(256, '\0'); 31 | if (gethostname(hostname->data(), hostname->size()) != 0) { 32 | LOG_FATAL("gethostname() failed with ", ErrnoStr(errno)); 33 | } 34 | DCHECK_NE(hostname->find('\0'), hostname->npos); 35 | return hostname; 36 | }(); 37 | return hostname->c_str(); 38 | } 39 | 40 | absl::string_view ShortHostname() { 41 | absl::string_view hostname = Hostname(); 42 | auto dot_pos = hostname.find('.'); 43 | if (dot_pos != hostname.npos) { 44 | return absl::ClippedSubstr(hostname, 0, dot_pos); 45 | } 46 | return hostname; 47 | } 48 | 49 | } // namespace silifuzz 50 | -------------------------------------------------------------------------------- /fuzzer/hashtest/testgeneration/debugging.h: -------------------------------------------------------------------------------- 1 | // Copyright 2024 The Silifuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef THIRD_PARTY_SILIFUZZ_FUZZER_HASHTEST_TESTGENERATION_DEBUGGING_H_ 16 | #define THIRD_PARTY_SILIFUZZ_FUZZER_HASHTEST_TESTGENERATION_DEBUGGING_H_ 17 | 18 | #include "absl/base/attributes.h" 19 | 20 | extern "C" { 21 | #include "third_party/libxed/xed-interface.h" 22 | } 23 | 24 | namespace silifuzz { 25 | 26 | // Print human-readable information about the instruction. 27 | // Helps visualize the information that XED associates with each instruction. 28 | void DumpInstruction(const xed_inst_t* instruction); 29 | 30 | // Print information about the instruction and operand, then kill the process. 31 | // Intended to mark places where we do not support a certain type of operand. 32 | ABSL_ATTRIBUTE_NORETURN void DieBecauseOperand(const xed_inst_t* instruction, 33 | const xed_operand_t* operand); 34 | 35 | } // namespace silifuzz 36 | 37 | #endif // THIRD_PARTY_SILIFUZZ_FUZZER_HASHTEST_TESTGENERATION_DEBUGGING_H_ 38 | -------------------------------------------------------------------------------- /snap/exit_sequence.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2022 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #include "./snap/exit_sequence.h" 16 | 17 | #include 18 | #include 19 | #include 20 | 21 | #include "./util/arch.h" 22 | #include "./util/checks.h" 23 | 24 | namespace silifuzz { 25 | 26 | void InitSnapExit(void (*reentry_address)()) { 27 | const size_t kPageSize = getpagesize(); 28 | // Map a page at kSnapExitAddress containing a branch to SnapExitImpl(). 29 | void* snap_exit_page = mmap(reinterpret_cast(kSnapExitAddress), 30 | kPageSize, PROT_READ | PROT_WRITE, 31 | MAP_ANONYMOUS | MAP_PRIVATE | MAP_FIXED, -1, 0); 32 | CHECK_NE(snap_exit_page, MAP_FAILED); 33 | WriteSnapExitThunk(reentry_address, snap_exit_page); 34 | // mprotect should sync the data cache and invalidate the instruction cache as 35 | // needed. No need to do it explicitly. 36 | CHECK_EQ(mprotect(snap_exit_page, kPageSize, PROT_EXEC | PROT_READ), 0); 37 | } 38 | 39 | } // namespace silifuzz 40 | -------------------------------------------------------------------------------- /proto/binary_log_entry.proto: -------------------------------------------------------------------------------- 1 | // Copyright 2022 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | syntax = "proto3"; 16 | 17 | package silifuzz.proto; 18 | 19 | import "google/protobuf/any.proto"; 20 | import "google/protobuf/timestamp.proto"; 21 | import "proto/session_summary.proto"; 22 | import "proto/snapshot_execution_result.proto"; 23 | 24 | // A union of all message types that can be sent via a binary log channel. 25 | // NextID: 8 26 | message BinaryLogEntry { 27 | // ID of the session this entry belongs to. 28 | string session_id = 5; 29 | 30 | // Event timestamp. 31 | google.protobuf.Timestamp timestamp = 6; 32 | 33 | oneof kind { 34 | // Session start event. 35 | silifuzz.proto.logging.SessionStart session_start = 7; 36 | 37 | // Result of executing a snapshot 38 | SnapshotExecutionResult snapshot_execution_result = 1; 39 | 40 | // Build information of the producer binary. 41 | google.protobuf.Any build_info = 3; 42 | 43 | // Session summary. 44 | silifuzz.proto.logging.SessionSummary session_summary = 4; 45 | } 46 | } 47 | -------------------------------------------------------------------------------- /tools/fuzz_filter_tool.h: -------------------------------------------------------------------------------- 1 | // Copyright 2022 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | // A SimpleFixTool is a tool the integrates the fixer pipeline, the corpus 16 | // partitioner and relocatable corpus building. Currently, it takes a corpus 17 | // consisting of raw instruction sequences from Centipede, converts these into 18 | // snapshots with undefined end states, runs the Snap maker to make Snapshots 19 | // complete, partitions snapshots into shards and creates a relocatable corpus. 20 | // As everything is done in memory, there is a limit on of corpus size. The 21 | // limit may change in the future if we implement streaming for intermediate 22 | // results in and out of a file system. 23 | 24 | #ifndef THIRD_PARTY_SILIFUZZ_TOOLS_FUZZ_FILTER_TOOL_H_ 25 | #define THIRD_PARTY_SILIFUZZ_TOOLS_FUZZ_FILTER_TOOL_H_ 26 | 27 | #include "absl/status/status.h" 28 | #include "absl/strings/string_view.h" 29 | 30 | namespace silifuzz { 31 | 32 | absl::Status FilterToolMain(absl::string_view raw_insns_bytes); 33 | } 34 | 35 | #endif // THIRD_PARTY_SILIFUZZ_TOOLS_FUZZ_FILTER_TOOL_H_ 36 | -------------------------------------------------------------------------------- /util/text_proto_printer_fuzzer.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2022 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #include 16 | 17 | #include "fuzztest/fuzztest.h" 18 | #include "absl/strings/string_view.h" 19 | #include "google/protobuf/text_format.h" 20 | #include "./proto/player_result.pb.h" 21 | #include "./proto/snapshot.pb.h" 22 | #include "./util/checks.h" 23 | #include "./util/text_proto_printer.h" 24 | 25 | using fuzztest::String; 26 | using silifuzz::proto::PlayerResult; 27 | 28 | void Bytes(const std::string& str) { 29 | google::protobuf::TextFormat::Parser parser; 30 | PlayerResult result; 31 | 32 | silifuzz::TextProtoPrinter printer; 33 | { 34 | auto es = printer.Message("actual_end_state"); 35 | auto ep = es->Message("endpoint"); 36 | es->Message("registers")->Bytes("gregs", str.data(), str.size()); 37 | } 38 | 39 | CHECK(parser.ParseFromString(printer.c_str(), &result)); 40 | CHECK_EQ(result.actual_end_state().registers().gregs(), str); 41 | } 42 | 43 | FUZZ_TEST(TextProtoPrinterFuzzTest, Bytes) 44 | .WithDomains(String().WithMaxSize(1023)); 45 | -------------------------------------------------------------------------------- /util/aarch64/platform.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2022 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #include "./util/platform.h" 16 | 17 | #include 18 | 19 | namespace silifuzz { 20 | 21 | namespace { 22 | 23 | uint64_t GetMidr() { 24 | uint64_t midr; 25 | // The kernel will trap and emulate access to MIDR_EL1. 26 | // https://www.kernel.org/doc/Documentation/arm64/cpu-feature-registers.txt 27 | asm("mrs %0, MIDR_EL1" : "=r"(midr)); 28 | return midr; 29 | } 30 | 31 | PlatformId DoCurrentPlatformId() { 32 | uint64_t midr = GetMidr(); 33 | 34 | uint32_t implementer = (midr >> 24) & 0xff; 35 | // uint32_t variant = (midr >> 20) & 0xf; 36 | uint32_t part_number = (midr >> 4) & 0xfff; 37 | // uint32_t revision = midr & 0xf; 38 | return internal::ArmPlatformIdFromMainId(implementer, part_number); 39 | } 40 | 41 | } // namespace 42 | 43 | uint32_t PlatformIdRegister() { return static_cast(GetMidr()); } 44 | 45 | PlatformId CurrentPlatformId() { 46 | static const PlatformId x = DoCurrentPlatformId(); 47 | return x; 48 | } 49 | 50 | } // namespace silifuzz 51 | -------------------------------------------------------------------------------- /common/snapshot_test_enum_test.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2022 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #include "./common/snapshot_test_enum.h" 16 | 17 | #include 18 | 19 | #include 20 | 21 | #include "gtest/gtest.h" 22 | #include "./util/itoa.h" 23 | 24 | namespace silifuzz { 25 | 26 | namespace { 27 | 28 | TEST(SnapshotTestEnum, Complete) { 29 | // Array initializers will initialize missing elements to nullptr. 30 | // It's easy to overlook that you need to update the EnumNameMap when you 31 | // modify the TestSnapshot enum. Look for any nullptr. 32 | for (size_t i = 0; i < std::size(EnumNameMap); ++i) { 33 | EXPECT_NE(EnumNameMap[i], nullptr) << i; 34 | } 35 | } 36 | 37 | TEST(SnapshotTestEnum, EnumStr) { 38 | // Spot checks to ensure there's no obvious off-by-ones. 39 | EXPECT_STREQ(EnumStr(TestSnapshot::kEmpty), "kEmpty"); 40 | EXPECT_STREQ(EnumStr(TestSnapshot::kSigIll), "kSigIll"); 41 | EXPECT_STREQ(EnumStr(TestSnapshot::kSplitLock), "kSplitLock"); 42 | } 43 | 44 | } // namespace 45 | 46 | } // namespace silifuzz 47 | -------------------------------------------------------------------------------- /third_party/silifuzz_libunwind/save_ucontext.S: -------------------------------------------------------------------------------- 1 | /* Copyright 2008-2022 Google LLC 2 | Contributed by Paul Pluzhnikov 3 | Copyright (C) 2010 Konstantin Belousov 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining 6 | a copy of this software and associated documentation files (the 7 | "Software"), to deal in the Software without restriction, including 8 | without limitation the rights to use, copy, modify, merge, publish, 9 | distribute, sublicense, and/or sell copies of the Software, and to 10 | permit persons to whom the Software is furnished to do so, subject to 11 | the following conditions: 12 | 13 | The above copyright notice and this permission notice shall be 14 | included in all copies or substantial portions of the Software. 15 | 16 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 17 | EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 18 | MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 19 | NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE 20 | LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 21 | OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION 22 | WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ 23 | 24 | .text 25 | 26 | /* void SaveUContext(silifuzz::UContext* ucontext); -- see ucontext.h */ 27 | .global SaveUContext 28 | .type SaveUContext, @function 29 | SaveUContext: 30 | 31 | #include "save_ucontext_body.inc" 32 | 33 | .size SaveUContext, . - SaveUContext 34 | 35 | /* We do not need executable stack. */ 36 | .section .note.GNU-stack,"",@progbits 37 | -------------------------------------------------------------------------------- /common/snapshot_file_util.h: -------------------------------------------------------------------------------- 1 | // Copyright 2022 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef THIRD_PARTY_SILIFUZZ_COMMON_SNAPSHOT_FILE_UTIL_H_ 16 | #define THIRD_PARTY_SILIFUZZ_COMMON_SNAPSHOT_FILE_UTIL_H_ 17 | 18 | #include "absl/base/attributes.h" 19 | #include "absl/status/status.h" 20 | #include "absl/status/statusor.h" 21 | #include "absl/strings/string_view.h" 22 | #include "./common/snapshot.h" 23 | 24 | namespace silifuzz { 25 | 26 | // Writes `snapshot` to `filename` as a binary proto.Snapshot. 27 | absl::Status WriteSnapshotToFile( 28 | const Snapshot& snapshot, absl::string_view filename) ABSL_MUST_USE_RESULT; 29 | void WriteSnapshotToFileOrDie(const Snapshot& snapshot, 30 | absl::string_view filename); 31 | 32 | // Reads Snapshot from `filename` (must be a binary proto.Snapshot). 33 | absl::StatusOr ReadSnapshotFromFile(absl::string_view filename) 34 | ABSL_MUST_USE_RESULT; 35 | Snapshot ReadSnapshotFromFileOrDie(absl::string_view filename); 36 | 37 | } // namespace silifuzz 38 | 39 | #endif // THIRD_PARTY_SILIFUZZ_COMMON_SNAPSHOT_FILE_UTIL_H_ 40 | -------------------------------------------------------------------------------- /util/atoi.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2022 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #include "./util/atoi.h" 16 | 17 | #include 18 | #include 19 | 20 | #include 21 | 22 | #include "./util/atoi_internal.h" 23 | 24 | namespace silifuzz { 25 | 26 | bool DecToU64(const char* str, size_t len, uint64_t* result) { 27 | return atoi_internal::StrToU64(10, str, len, result); 28 | } 29 | 30 | bool DecToU64(const char* str, uint64_t* result) { 31 | return DecToU64(str, std::numeric_limits::max(), result); 32 | } 33 | 34 | // Like DecToU64() above but for hexadecimal numbers. 35 | bool HexToU64(const char* str, size_t len, uint64_t* result) { 36 | // Skip optional prefix. 0x/0X 37 | if (str[0] == '0' && (str[1] == 'x' || str[1] == 'X')) { 38 | str += 2; 39 | len -= 2; 40 | } 41 | return atoi_internal::StrToU64(16, str, len, result); 42 | } 43 | 44 | // Like DecToU64() above but for hexadecimal numbers. 45 | bool HexToU64(const char* str, uint64_t* result) { 46 | return HexToU64(str, std::numeric_limits::max(), result); 47 | } 48 | 49 | } // namespace silifuzz 50 | -------------------------------------------------------------------------------- /util/file_util.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2022 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #include "./util/file_util.h" 16 | 17 | #include 18 | #include 19 | #include 20 | #include 21 | 22 | #include 23 | 24 | #include "absl/strings/string_view.h" 25 | #include "./util/byte_io.h" 26 | #include "./util/checks.h" 27 | #include "./util/itoa.h" 28 | 29 | namespace silifuzz { 30 | 31 | bool WriteToFileDescriptor(int fd, absl::string_view contents) { 32 | return Write(fd, contents.data(), contents.size()) == contents.size(); 33 | } 34 | 35 | bool SetContents(absl::string_view file_name, absl::string_view contents) { 36 | int fd = open(std::string(file_name).c_str(), O_WRONLY | O_CREAT | O_TRUNC, 37 | S_IRUSR | S_IWUSR); 38 | if (fd == -1) { 39 | LOG_ERROR("open: ", ErrnoStr(errno)); 40 | return false; 41 | } 42 | bool write_status = WriteToFileDescriptor(fd, contents); 43 | if (close(fd) != 0) { 44 | LOG_ERROR("close: ", ErrnoStr(errno)); 45 | return false; 46 | } 47 | return write_status; 48 | } 49 | 50 | } // namespace silifuzz 51 | -------------------------------------------------------------------------------- /util/enum_flag_test.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2022 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #include "./util/enum_flag.h" 16 | 17 | #include "gmock/gmock.h" 18 | #include "gtest/gtest.h" 19 | #include "absl/status/status.h" 20 | #include "./util/itoa.h" 21 | #include "./util/testing/status_matchers.h" 22 | 23 | namespace silifuzz { 24 | 25 | enum TestEnum { kFirst, kSecond }; 26 | 27 | template <> 28 | constexpr const char* EnumNameMap[2] = {"first-option", 29 | "second-option"}; 30 | 31 | namespace { 32 | 33 | using silifuzz::testing::IsOkAndHolds; 34 | using silifuzz::testing::StatusIs; 35 | using ::testing::HasSubstr; 36 | 37 | TEST(EnumFlag, ParseEnum) { 38 | ASSERT_THAT(ParseEnum("first-option"), IsOkAndHolds(kFirst)); 39 | ASSERT_THAT(ParseEnum("second-option"), IsOkAndHolds(kSecond)); 40 | ASSERT_THAT(ParseEnum("no-option"), 41 | StatusIs(absl::StatusCode::kInvalidArgument, 42 | HasSubstr("Want one of: first-option, second-option"))); 43 | } 44 | 45 | } // namespace 46 | } // namespace silifuzz 47 | -------------------------------------------------------------------------------- /util/ucontext/x86_64/signal_test_widgets.S: -------------------------------------------------------------------------------- 1 | // Copyright 2022 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | .text 16 | 17 | .p2align 2 18 | .globl UnmappedRead 19 | .type UnmappedRead, @function 20 | UnmappedRead: 21 | movq (%rdi), %rdi 22 | ret 23 | .size UnmappedRead, .-UnmappedRead 24 | 25 | .p2align 2 26 | .globl UnmappedWrite 27 | .type UnmappedWrite, @function 28 | UnmappedWrite: 29 | movq %rdi, (%rdi) 30 | ret 31 | .size UnmappedWrite, .-UnmappedWrite 32 | 33 | .p2align 2 34 | .globl IllegalInstruction 35 | .type IllegalInstruction, @function 36 | IllegalInstruction: 37 | ud2 38 | ret 39 | .size IllegalInstruction, .-IllegalInstruction 40 | 41 | .p2align 2 42 | .globl PrivilegedInstruction 43 | .type PrivilegedInstruction, @function 44 | PrivilegedInstruction: 45 | mov $0xC0000080, %ecx 46 | rdmsr 47 | ret 48 | .size PrivilegedInstruction, .-PrivilegedInstruction 49 | 50 | .p2align 2 51 | .globl DebugInstruction 52 | .type DebugInstruction, @function 53 | DebugInstruction: 54 | int3 55 | ret 56 | .size DebugInstruction, .-DebugInstruction 57 | -------------------------------------------------------------------------------- /util/misc_util.h: -------------------------------------------------------------------------------- 1 | // Copyright 2022 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef THIRD_PARTY_SILIFUZZ_UTIL_MISC_UTIL_H_ 16 | #define THIRD_PARTY_SILIFUZZ_UTIL_MISC_UTIL_H_ 17 | 18 | // This library contains various simple utilities that do not yet deserve 19 | // a bigger library with a proper name. Move things if that happens. 20 | 21 | #include // for uintptr_t 22 | #include // for std::enable_if_t, std::is_enum 23 | 24 | namespace silifuzz { 25 | 26 | // A convenient enum->int converter. Useful for "enum class" enums that 27 | // do not auto-convert to int, e.g. for CHECK_EQ() and logging. 28 | template ::value, int> = 0> 29 | inline constexpr int ToInt(const T& x) { 30 | return static_cast(x); 31 | } 32 | 33 | // Maps uintptr_t to void*. 34 | inline void* AsPtr(uintptr_t addr) { return reinterpret_cast(addr); } 35 | 36 | // Maps void* to uintptr_t. 37 | inline uintptr_t AsInt(const void* ptr) { 38 | return reinterpret_cast(ptr); 39 | } 40 | 41 | } // namespace silifuzz 42 | 43 | #endif // THIRD_PARTY_SILIFUZZ_UTIL_MISC_UTIL_H_ 44 | -------------------------------------------------------------------------------- /runner/runner_provider.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2022 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #include "./runner/runner_provider.h" 16 | 17 | #include 18 | 19 | #include 20 | 21 | #include "absl/flags/flag.h" 22 | #include "./util/checks.h" 23 | #include "./util/data_dependency.h" 24 | 25 | ABSL_FLAG(std::string, runner, "", "Path to the runner binary."); 26 | 27 | namespace silifuzz { 28 | 29 | std::string RunnerLocation() { 30 | // Allow a command-line override. 31 | std::string runner = absl::GetFlag(FLAGS_runner); 32 | if (!runner.empty()) { 33 | return runner; 34 | } 35 | 36 | std::string loc = 37 | GetDataDependencyFilepath("runner/reading_runner_main_nolibc"); 38 | struct stat s; 39 | if (stat(loc.c_str(), &s) < 0) { 40 | loc = "./reading_runner_main_nolibc"; 41 | } 42 | if (stat(loc.c_str(), &s) < 0) { 43 | LOG(ERROR) 44 | << "Could not find runner binary. Try passing --runner=PATH/TO/RUNNER."; 45 | } 46 | return loc; 47 | } 48 | 49 | std::string RunnerTestHelperLocation() { 50 | return GetDataDependencyFilepath("runner/runner_test_helper_nolibc"); 51 | } 52 | 53 | } // namespace silifuzz 54 | -------------------------------------------------------------------------------- /runner/default_snap_corpus.h: -------------------------------------------------------------------------------- 1 | // Copyright 2022 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef THIRD_PARTY_SILIFUZZ_RUNNER_DEFAULT_SNAP_CORPUS_H_ 16 | #define THIRD_PARTY_SILIFUZZ_RUNNER_DEFAULT_SNAP_CORPUS_H_ 17 | #include "./snap/snap.h" 18 | #include "./util/arch.h" 19 | 20 | namespace silifuzz { 21 | 22 | // Returns a pointer to the Snap array. 23 | // The `filename` is the first non-flag command line argument passed to the 24 | // binary or nullptr if there wasn't any. 25 | // If `verify` is true, perform additional integrity checks when loading the 26 | // coprus. 27 | // On successful load, `*corpus_fd` will be set to the descriptor of the file 28 | // object that backs the corpus, if such an object exists. The caller takes 29 | // ownership of this descriptor and is responsible for closing it. If the 30 | // backing file object does not exist, `*corpus_fd` will be -1. If `corpus_fd` 31 | // is NULL, no descriptor is returned. 32 | const SnapCorpus* LoadCorpus(const char* filename, bool verify, 33 | int* corpus_fd); 34 | 35 | } // namespace silifuzz 36 | 37 | #endif // THIRD_PARTY_SILIFUZZ_RUNNER_DEFAULT_SNAP_CORPUS_H_ 38 | -------------------------------------------------------------------------------- /runner/snap_maker_test_util.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2022 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #include "./runner/snap_maker_test_util.h" 16 | 17 | #include "absl/status/statusor.h" 18 | #include "./common/snapshot.h" 19 | #include "./runner/runner_provider.h" 20 | #include "./runner/snap_maker.h" 21 | 22 | namespace silifuzz { 23 | 24 | SnapMaker::Options DefaultSnapMakerOptionsForTest() { 25 | SnapMaker::Options opts; 26 | opts.runner_path = RunnerLocation(); 27 | return opts; 28 | } 29 | 30 | absl::StatusOr FixSnapshotInTest(const Snapshot& snapshot, 31 | const SnapMaker::Options& options, 32 | const TraceOptions& trace_options) { 33 | SnapMaker snap_maker(options); 34 | ASSIGN_OR_RETURN_IF_NOT_OK(Snapshot made_snapshot, snap_maker.Make(snapshot)); 35 | ASSIGN_OR_RETURN_IF_NOT_OK(Snapshot recorded_snap, 36 | snap_maker.RecordEndState(made_snapshot)); 37 | RETURN_IF_NOT_OK(snap_maker.VerifyPlaysDeterministically(recorded_snap)); 38 | return snap_maker.CheckTrace(recorded_snap, trace_options); 39 | } 40 | 41 | } // namespace silifuzz 42 | -------------------------------------------------------------------------------- /third_party/silifuzz_libunwind/restore_ucontext.S: -------------------------------------------------------------------------------- 1 | /* Copyright 2007-2024 Google LLC 2 | Contributed by Arun Sharma 3 | Copyright (C) 2010 Konstantin Belousov 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining 6 | a copy of this software and associated documentation files (the 7 | "Software"), to deal in the Software without restriction, including 8 | without limitation the rights to use, copy, modify, merge, publish, 9 | distribute, sublicense, and/or sell copies of the Software, and to 10 | permit persons to whom the Software is furnished to do so, subject to 11 | the following conditions: 12 | 13 | The above copyright notice and this permission notice shall be 14 | included in all copies or substantial portions of the Software. 15 | 16 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 17 | EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 18 | MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 19 | NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE 20 | LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 21 | OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION 22 | WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ 23 | 24 | .text 25 | 26 | /* void RestoreUContextView( 27 | const silifuzz::ConstUContextView& view); 28 | -- see ucontext.h */ 29 | .global RestoreUContextView 30 | .type RestoreUContextView, @function 31 | RestoreUContextView: 32 | 33 | #include "restore_ucontext_body.inc" 34 | 35 | .size RestoreUContextView, . - RestoreUContextView 36 | 37 | /* We do not need executable stack. */ 38 | .section .note.GNU-stack,"",@progbits 39 | -------------------------------------------------------------------------------- /tool_libs/corpus_partitioner_lib.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2022 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #include "./tool_libs/corpus_partitioner_lib.h" 16 | 17 | #include 18 | 19 | #include "absl/algorithm/container.h" 20 | #include "./tool_libs/snap_group.h" 21 | #include "./util/checks.h" 22 | 23 | namespace silifuzz { 24 | 25 | SnapshotPartition PartitionCorpus( 26 | int32_t num_groups, int32_t num_iterations, 27 | SnapshotGroup::SnapshotSummaryList& ungrouped) { 28 | // Sort summaries to make output deterministic. 29 | absl::c_sort(ungrouped); 30 | 31 | VLOG_INFO(1, "Partitioning ", ungrouped.size(), " snapshots into ", 32 | num_groups); 33 | SnapshotPartition partition(num_groups, 34 | SnapshotGroup::kAllowWriteConflictsWithSamePerm); 35 | for (int32_t i = 0; i < num_iterations && !ungrouped.empty(); ++i) { 36 | partition.PartitionSnapshots(ungrouped); 37 | } 38 | 39 | if (!ungrouped.empty()) { 40 | LOG_INFO(ungrouped.size(), " snapshots are still ungrouped after ", 41 | num_iterations, " iterations."); 42 | } 43 | return partition; 44 | } 45 | 46 | } // namespace silifuzz 47 | 48 | -------------------------------------------------------------------------------- /util/aarch64/start.S: -------------------------------------------------------------------------------- 1 | // Copyright 2022 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | /* A simple implementation of _start on aarch64. */ 16 | 17 | .text 18 | .p2align 4 19 | .globl _start 20 | .type _start, @function 21 | 22 | _start: 23 | .cfi_startproc 24 | 25 | /* Clear frame pointer and link register to terminate stack chain. */ 26 | mov x29, #0 27 | mov x30, #0 28 | 29 | /* Pass the raw stack pointer as an argument to _start_1. */ 30 | mov x0, sp 31 | 32 | /* 33 | * Jump into higher-level code. 34 | * Unlike x86_64 we use a normal branch that does not save the return address. 35 | * There's no point is saving the return address and this allows the stack chain 36 | * to cleanly terminate with null frame and link registers, rather than having a 37 | * link register that points back to a frame-less call site. On aarch64 jumps 38 | * and calls also behave more similarly than on x86_64 since they do not modify 39 | * the stack pointer. 40 | */ 41 | b _start_1@PLT 42 | 43 | .cfi_endproc 44 | .size _start, .-_start 45 | .section .note.GNU-stack,"",@progbits 46 | -------------------------------------------------------------------------------- /fuzzer/hashtest/testgeneration/synthesize_instruction.h: -------------------------------------------------------------------------------- 1 | // Copyright 2024 The Silifuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef THIRD_PARTY_SILIFUZZ_FUZZER_HASHTEST_TESTGENERATION_SYNTHESIZE_INSTRUCTION_H_ 16 | #define THIRD_PARTY_SILIFUZZ_FUZZER_HASHTEST_TESTGENERATION_SYNTHESIZE_INSTRUCTION_H_ 17 | 18 | #include 19 | #include 20 | #include 21 | #include 22 | 23 | #include "./fuzzer/hashtest/testgeneration/candidate.h" 24 | #include "./fuzzer/hashtest/testgeneration/register_info.h" 25 | #include "./fuzzer/hashtest/testgeneration/synthesize_base.h" 26 | 27 | namespace silifuzz { 28 | 29 | // Synthesize a randomized instruction based on `candidate`. 30 | // Used temp and entropy registers will be removed from `rpool`. 31 | [[nodiscard]] bool SynthesizeTestInstruction( 32 | const InstructionCandidate& candidate, RegisterPool& rpool, 33 | std::mt19937_64& rng, unsigned int effective_op_width, 34 | std::vector& needs_init, std::vector& is_written, 35 | uint8_t* ibuf, size_t& ibuf_len); 36 | 37 | } // namespace silifuzz 38 | 39 | #endif // THIRD_PARTY_SILIFUZZ_FUZZER_HASHTEST_TESTGENERATION_SYNTHESIZE_INSTRUCTION_H_ 40 | -------------------------------------------------------------------------------- /util/aarch64/reg_group_io.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2023 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #include "./util/reg_group_io.h" 16 | 17 | #include 18 | 19 | #include "./util/aarch64/reg_group_io_buffer_offsets.h" 20 | #include "./util/aarch64/sve.h" 21 | #include "./util/arch.h" 22 | 23 | namespace silifuzz { 24 | 25 | // RegisterGroupIOBuffer is used by assembly code, which needs to know struct 26 | // member offsets of the host architecture, which are defined in 27 | // reg_group_io_buffer_offsets.h. Check here that offsets are correct. 28 | static_assert(REGISTER_GROUP_IO_BUFFER_REGISTER_GROUPS_OFFSET == 29 | offsetof(RegisterGroupIOBuffer, register_groups)); 30 | static_assert(REGISTER_GROUP_IO_BUFFER_FFR_OFFSET == 31 | offsetof(RegisterGroupIOBuffer, ffr)); 32 | static_assert(REGISTER_GROUP_IO_BUFFER_P_OFFSET == 33 | offsetof(RegisterGroupIOBuffer, p)); 34 | static_assert(REGISTER_GROUP_IO_BUFFER_Z_OFFSET == 35 | offsetof(RegisterGroupIOBuffer, z)); 36 | 37 | void InitRegisterGroupIO() { 38 | SetSVEVectorWidthGlobal(SveGetCurrentVectorLength()); 39 | } 40 | 41 | } // namespace silifuzz 42 | -------------------------------------------------------------------------------- /util/x86_cpuid_test.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2022 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #if defined(__x86_64__) 16 | #include "./util/x86_cpuid.h" 17 | 18 | #include 19 | 20 | #include "./util/checks.h" 21 | #include "./util/nolibc_gunit.h" 22 | 23 | // ========================================================================= // 24 | 25 | namespace silifuzz { 26 | namespace { 27 | 28 | TEST(X86CPUID, BasicTest) { 29 | X86CPUIDResult result; 30 | 31 | // Get highest extended function parameter. We expect this to be higher 32 | // than 0x80000000 on all platforms we use. 33 | X86CPUID(0x80000000, &result); 34 | const uint32_t highest_function_parameter = result.eax; 35 | CHECK_GT(highest_function_parameter, 0x80000000U); 36 | 37 | // Get vendor string 38 | X86CPUVendorID vendor_id_string; 39 | LOG_INFO("vendor ID: ", vendor_id_string.get()); 40 | CHECK(vendor_id_string.IsAMD() || vendor_id_string.IsIntel()); 41 | } 42 | 43 | } // namespace 44 | } // namespace silifuzz 45 | 46 | // ========================================================================= // 47 | 48 | NOLIBC_TEST_MAIN({ RUN_TEST(X86CPUID, BasicTest); }) 49 | 50 | #endif // defined(__x86_64__) 51 | -------------------------------------------------------------------------------- /third_party/silifuzz_libunwind/save_ucontext_no_syscalls.S: -------------------------------------------------------------------------------- 1 | /* Copyright 2008-2022 Google LLC 2 | Contributed by Paul Pluzhnikov 3 | Copyright (C) 2010 Konstantin Belousov 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining 6 | a copy of this software and associated documentation files (the 7 | "Software"), to deal in the Software without restriction, including 8 | without limitation the rights to use, copy, modify, merge, publish, 9 | distribute, sublicense, and/or sell copies of the Software, and to 10 | permit persons to whom the Software is furnished to do so, subject to 11 | the following conditions: 12 | 13 | The above copyright notice and this permission notice shall be 14 | included in all copies or substantial portions of the Software. 15 | 16 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 17 | EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 18 | MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 19 | NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE 20 | LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 21 | OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION 22 | WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ 23 | 24 | .text 25 | 26 | /* void SaveUContextNoSyscalls(silifuzz::UContext* ucontext); -- see ucontext.h */ 27 | .global SaveUContextNoSyscalls 28 | .type SaveUContextNoSyscalls, @function 29 | SaveUContextNoSyscalls: 30 | 31 | #define UCONTEXT_NO_SYSCALLS 32 | #include "save_ucontext_body.inc" 33 | 34 | .size SaveUContextNoSyscalls, . - SaveUContextNoSyscalls 35 | 36 | /* We do not need executable stack. */ 37 | .section .note.GNU-stack,"",@progbits 38 | -------------------------------------------------------------------------------- /util/arch_mem.h: -------------------------------------------------------------------------------- 1 | // Copyright 2022 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef THIRD_PARTY_SILIFUZZ_UTIL_ARCH_MEM_H_ 16 | #define THIRD_PARTY_SILIFUZZ_UTIL_ARCH_MEM_H_ 17 | 18 | #include 19 | 20 | #include 21 | 22 | #include "./util/arch.h" 23 | #include "./util/ucontext/ucontext_types.h" 24 | 25 | namespace silifuzz { 26 | 27 | // Pad `code` with architecture-specific trap instructions until `code` is 28 | // exactly `target_size` bytes long. 29 | // `target_size` - `code`.size() must not be negative and must also be a 30 | // multiple of the trap instruction size. 31 | template 32 | void PadToSizeWithTraps(std::string& code, size_t target_size); 33 | 34 | // Returns the bytes that RestoreUContext() writes on the stack of the context 35 | // it is jumping into. These bytes may depend on the GRegSet of the context it 36 | // is jumping into. These bytes are immediately below the stack pointer and 37 | // will be overwritten by any subsequent "push" instructions. 38 | template 39 | std::string RestoreUContextStackBytes(const GRegSet& gregs); 40 | 41 | } // namespace silifuzz 42 | 43 | #endif // THIRD_PARTY_SILIFUZZ_UTIL_ARCH_MEM_H_ 44 | -------------------------------------------------------------------------------- /util/testing/status_macros_test.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2022 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #include "./util/testing/status_macros.h" 16 | 17 | #include 18 | 19 | #include "gtest/gtest.h" 20 | #include "absl/status/status.h" 21 | #include "absl/status/statusor.h" 22 | 23 | namespace silifuzz::testing { 24 | namespace { 25 | 26 | TEST(StatusMacrosTest, AssertOkAndAssign) { 27 | absl::StatusOr sor_message("Hello, world"); 28 | ASSERT_OK_AND_ASSIGN(std::string message, sor_message); 29 | EXPECT_EQ(message, "Hello, world"); 30 | 31 | absl::StatusOr sor_value(777); 32 | ASSERT_OK_AND_ASSIGN(int value, sor_value); 33 | EXPECT_EQ(value, 777); 34 | } 35 | 36 | TEST(StatusMacrosTest, AssertOk) { 37 | absl::Status status = absl::OkStatus(); 38 | ASSERT_OK(status); 39 | 40 | absl::StatusOr sor_message("Hello, world"); 41 | ASSERT_OK(sor_message); 42 | } 43 | 44 | TEST(StatusMacrosTest, ExpectOk) { 45 | absl::Status status = absl::OkStatus(); 46 | EXPECT_OK(status); 47 | 48 | absl::StatusOr sor_message("Hello, world"); 49 | EXPECT_OK(sor_message); 50 | } 51 | 52 | } // namespace 53 | } // namespace silifuzz::testing 54 | -------------------------------------------------------------------------------- /player/player_result_proto.h: -------------------------------------------------------------------------------- 1 | // Copyright 2022 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef THIRD_PARTY_SILIFUZZ_PLAYER_PLAYER_RESULT_PROTO_H_ 16 | #define THIRD_PARTY_SILIFUZZ_PLAYER_PLAYER_RESULT_PROTO_H_ 17 | 18 | #include "absl/status/status.h" 19 | #include "absl/status/statusor.h" 20 | #include "./common/snapshot_enums.h" 21 | #include "./common/snapshot_types.h" 22 | #include "./proto/player_result.pb.h" 23 | 24 | namespace silifuzz { 25 | 26 | // A collection of utilities to convert between the Player::Result class 27 | // and its proto representation, proto::PlayerResult. 28 | class PlayerResultProto : private SnapshotTypeNames { 29 | public: 30 | using PlayerResult = snapshot_types::PlaybackResult; 31 | // Attempts to build a PlayerResult from proto. 32 | // Returns an error status if unsuccessful. 33 | static absl::StatusOr FromProto( 34 | const proto::PlayerResult& proto); 35 | 36 | // Dumps Player::Result into proto representation. 37 | static absl::Status ToProto(const PlayerResult& result, 38 | proto::PlayerResult& proto); 39 | }; 40 | 41 | } // namespace silifuzz 42 | #endif // THIRD_PARTY_SILIFUZZ_PLAYER_PLAYER_RESULT_PROTO_H_ 43 | -------------------------------------------------------------------------------- /util/user_regs_util.h: -------------------------------------------------------------------------------- 1 | // Copyright 2025 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef THIRD_PARTY_SILIFUZZ_UTIL_USER_REGS_UTIL_H_ 16 | #define THIRD_PARTY_SILIFUZZ_UTIL_USER_REGS_UTIL_H_ 17 | 18 | #include 19 | 20 | #include 21 | 22 | namespace silifuzz { 23 | 24 | #if defined(__x86_64__) 25 | inline uint64_t GetIPFromUserRegs(const user_regs_struct& regs) { 26 | return regs.rip; 27 | } 28 | 29 | inline uint64_t GetSPFromUserRegs(const user_regs_struct& regs) { 30 | return regs.rsp; 31 | } 32 | 33 | inline uint64_t GetSyscallNumberFromUserRegs(const user_regs_struct& regs) { 34 | // Some syscalls clobber rax but orig_rax preserves the value. 35 | return regs.orig_rax; 36 | } 37 | 38 | #elif defined(__aarch64__) 39 | inline uint64_t GetIPFromUserRegs(const user_regs_struct& regs) { 40 | return regs.pc; 41 | } 42 | 43 | inline uint64_t GetSPFromUserRegs(const user_regs_struct& regs) { 44 | return regs.sp; 45 | } 46 | 47 | inline uint64_t GetSyscallNumberFromUserRegs(const user_regs_struct& regs) { 48 | return regs.regs[8]; 49 | } 50 | #else 51 | #error "Unsupported architecture" 52 | #endif 53 | } // namespace silifuzz 54 | 55 | #endif // THIRD_PARTY_SILIFUZZ_UTIL_USER_REGS_UTIL_H_ 56 | -------------------------------------------------------------------------------- /snap/snap_corpus_util.h: -------------------------------------------------------------------------------- 1 | // Copyright 2022 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef THIRD_PARTY_SILIFUZZ_SNAP_SNAP_CORPUS_UTIL_H_ 16 | #define THIRD_PARTY_SILIFUZZ_SNAP_SNAP_CORPUS_UTIL_H_ 17 | 18 | #include "./snap/snap.h" 19 | #include "./util/arch.h" 20 | #include "./util/mmapped_memory_ptr.h" 21 | 22 | // Library for handling relocatable snap corpus. 23 | // See relocatable_snap_generator.h for details on the file format. 24 | namespace silifuzz { 25 | 26 | // Loads relocatable Snap corpus from `filename`. CHECK-fails on any error. 27 | // When `preload` is true, preloads the file into memory using MAP_POPULATE 28 | // except for files in /proc and /dev/shm. 29 | // When `corpus_fd` is not NULL, passes ownership of the corpus FD to the caller 30 | // rather than closing it. 31 | template 32 | MmappedMemoryPtr> LoadCorpusFromFile( 33 | const char* filename, bool preload = true, bool verify = true, 34 | int* corpus_fd = nullptr); 35 | 36 | // Snoop the file on disk to determine which architecture it is for. 37 | ArchitectureId CorpusFileArchitecture(const char* filename); 38 | 39 | } // namespace silifuzz 40 | 41 | #endif // THIRD_PARTY_SILIFUZZ_SNAP_SNAP_CORPUS_UTIL_H_ 42 | -------------------------------------------------------------------------------- /snap/gen/reserved_memory_mappings.h: -------------------------------------------------------------------------------- 1 | // Copyright 2022 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef THIRD_PARTY_SILIFUZZ_SNAP_GEN_RESERVED_MEMORY_MAPPINGS_H_ 16 | #define THIRD_PARTY_SILIFUZZ_SNAP_GEN_RESERVED_MEMORY_MAPPINGS_H_ 17 | 18 | #include "./common/mapped_memory_map.h" 19 | #include "./common/snapshot.h" 20 | 21 | // Memory mappings for regions not usable by any Snaps. 22 | // This information is used by different tools like generator and maker. 23 | 24 | namespace silifuzz { 25 | 26 | // Returns a MappedMemoryMap for all memory ranges that a Snap should not 27 | // include, with the exception of the very last byte at 0xffffffffffffffff due 28 | // to limitation of MappedMemoryMap. Callers should only check for address 29 | // containment using the returned map. Memory permissions in the returned 30 | // map are all of the same value MemoryPerm::All(). 31 | const MappedMemoryMap& ReservedMemoryMappings(); 32 | 33 | // Returns true iff any of `memory_mappings` overlaps with reserved memory 34 | // mappings. 35 | bool OverlapReservedMemoryMappings( 36 | const Snapshot::MemoryMappingList& memory_mappings); 37 | 38 | } // namespace silifuzz 39 | 40 | #endif // THIRD_PARTY_SILIFUZZ_SNAP_GEN_RESERVED_MEMORY_MAPPINGS_H_ 41 | -------------------------------------------------------------------------------- /proxies/util/set_process_dumpable.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef THIRD_PARTY_SILIFUZZ_PROXIES_UTIL_SET_PROCESS_DUMPABLE_H_ 16 | #define THIRD_PARTY_SILIFUZZ_PROXIES_UTIL_SET_PROCESS_DUMPABLE_H_ 17 | 18 | #include "absl/status/status.h" 19 | 20 | namespace silifuzz::proxies { 21 | 22 | // Proxies are linked with the centipede runner library, which uses 23 | // PR_SET_DUMPABLE to disable core dumps. Unfortunately that also makes most of 24 | // /proc/self to be owned by root and generally inaccessible. That breaks 25 | // passing mem file paths /proc/XX/fd/YY. 26 | // 27 | // For proxies that need to use mem files in /proc, this function sets 28 | // PR_SET_DUMPALBE to 1 but limits core dump size to be 0 instead. It is better 29 | // to generate empty core files than to have snap maker not working. In theory, 30 | // this can still be a problem if for some reason, the proxy crashes extremely 31 | // frequently such that too many core files can pose a problem. Empirically this 32 | // has not be observed in a limited-time test run. Core dumping is rare. 33 | absl::Status SetProcessDumpable(); 34 | 35 | } // namespace silifuzz::proxies 36 | 37 | #endif // THIRD_PARTY_SILIFUZZ_PROXIES_UTIL_SET_PROCESS_DUMPABLE_H_ 38 | -------------------------------------------------------------------------------- /snap/snap_relocator_fuzz_test.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2022 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #include 16 | #include 17 | 18 | #include "fuzztest/fuzztest.h" 19 | #include "./snap/snap_relocator.h" 20 | #include "./util/arch.h" 21 | #include "./util/mmapped_memory_ptr.h" 22 | 23 | namespace silifuzz { 24 | namespace { 25 | using ::fuzztest::Arbitrary; 26 | 27 | void RelocateRandomBytes(const std::string& bytes) { 28 | MmappedMemoryPtr relocatable; 29 | if (bytes.empty()) { 30 | relocatable = MakeMmappedMemoryPtr(nullptr, 0); 31 | } else { 32 | relocatable = AllocateMmappedBuffer(bytes.size()); 33 | memcpy(relocatable.get(), bytes.data(), bytes.size()); 34 | } 35 | 36 | // This should not crash. 37 | SnapRelocatorError error; 38 | // Skip validation since the corpus is random data. 39 | auto corpus = SnapRelocator::RelocateCorpus(std::move(relocatable), 40 | false, &error); 41 | } 42 | 43 | constexpr size_t kMaxRandomCorpusSize = 1 << 16; 44 | 45 | FUZZ_TEST(SnapRelocatorTest, RelocateRandomBytes) 46 | .WithDomains(Arbitrary().WithMaxSize(kMaxRandomCorpusSize)); 47 | 48 | } // namespace 49 | } // namespace silifuzz 50 | -------------------------------------------------------------------------------- /snap/gen/relocatable_data_block.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2022 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #include "./snap/gen/relocatable_data_block.h" 16 | 17 | #include 18 | #include 19 | 20 | #include "./util/checks.h" 21 | 22 | namespace silifuzz { 23 | 24 | RelocatableDataBlock::Ref RelocatableDataBlock::Allocate(size_t size, 25 | size_t alignment) { 26 | CHECK_EQ((alignment & (alignment - 1)), 0); // a power of 2. 27 | 28 | // Widen this block's alignment as necessary. This keeps the current 29 | // and all allocations contained in the block properly aligned when the block 30 | // itself is aligned to this. 31 | required_alignment_ = std::max(required_alignment_, alignment); 32 | 33 | // Align the allocated offset using requested alignment. 34 | const size_t alignment_mask = alignment - 1; 35 | const size_t aligned_offset = ((size_ + alignment_mask) & ~alignment_mask); 36 | 37 | // If contents buffer is set, check that buffer can hold this allocation. 38 | if (contents_ != nullptr) { 39 | CHECK_LE(aligned_offset + size, max_contents_size_); 40 | } 41 | 42 | size_ = aligned_offset + size; 43 | return {this, aligned_offset}; 44 | } 45 | 46 | } // namespace silifuzz 47 | -------------------------------------------------------------------------------- /third_party/silifuzz_libunwind/restore_ucontext_no_syscalls.S: -------------------------------------------------------------------------------- 1 | /* Copyright 2007-2022 Google LLC 2 | Contributed by Arun Sharma 3 | Copyright (C) 2010 Konstantin Belousov 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining 6 | a copy of this software and associated documentation files (the 7 | "Software"), to deal in the Software without restriction, including 8 | without limitation the rights to use, copy, modify, merge, publish, 9 | distribute, sublicense, and/or sell copies of the Software, and to 10 | permit persons to whom the Software is furnished to do so, subject to 11 | the following conditions: 12 | 13 | The above copyright notice and this permission notice shall be 14 | included in all copies or substantial portions of the Software. 15 | 16 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 17 | EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 18 | MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 19 | NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE 20 | LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 21 | OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION 22 | WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ 23 | 24 | .text 25 | 26 | /* void RestoreUContextViewNoSyscalls( 27 | const silifuzz::ConstUContextView& ucontext); 28 | -- see ucontext.h */ 29 | .global RestoreUContextViewNoSyscalls 30 | .type RestoreUContextViewNoSyscalls, @function 31 | RestoreUContextViewNoSyscalls: 32 | 33 | #define UCONTEXT_NO_SYSCALLS 34 | #include "restore_ucontext_body.inc" 35 | 36 | .size RestoreUContextViewNoSyscalls, . - RestoreUContextViewNoSyscalls 37 | 38 | /* We do not need executable stack. */ 39 | .section .note.GNU-stack,"",@progbits 40 | -------------------------------------------------------------------------------- /tools/fuzz_filter_tool_main.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2022 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | // This tool reads an instruction sequence as bytes from the input file and 16 | // returns 0 exit code iff the sequence can be converted into a Snap-compatible 17 | // SiliFuzz Snapshot. 18 | // The bytes are converted into Snapshot using InstructionsToSnapshot() which 19 | // is the same as what our fuzzers and the fix pipeline use. 20 | 21 | #include 22 | #include 23 | 24 | #include "absl/flags/parse.h" 25 | #include "absl/status/status.h" 26 | #include "absl/status/statusor.h" 27 | #include "./tools/fuzz_filter_tool.h" 28 | #include "./util/checks.h" 29 | #include "./util/tool_util.h" 30 | 31 | int main(int argc, char** argv) { 32 | std::vector non_flag_args = absl::ParseCommandLine(argc, argv); 33 | if (non_flag_args.size() != 2) { 34 | LOG_ERROR("Expected exactly 1 input file"); 35 | return 1; 36 | } 37 | absl::StatusOr bytes = 38 | silifuzz::GetFileContents(non_flag_args[1]); 39 | if (!bytes.ok()) { 40 | LOG_ERROR(bytes.status().message()); 41 | return 1; 42 | } 43 | absl::Status s = silifuzz::FilterToolMain(*bytes); 44 | if (!s.ok()) LOG_ERROR(s.message()); 45 | return silifuzz::ToExitCode(s.ok()); 46 | } 47 | -------------------------------------------------------------------------------- /util/arch_mem.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2022 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #include "./util/arch_mem.h" 16 | 17 | #include 18 | 19 | #include 20 | 21 | #include "./util/checks.h" 22 | 23 | namespace silifuzz { 24 | 25 | template <> 26 | void PadToSizeWithTraps(std::string& code, size_t target_size) { 27 | CHECK_LE(code.size(), target_size); 28 | code.resize(target_size, 0xcc); 29 | } 30 | 31 | template <> 32 | void PadToSizeWithTraps(std::string& code, size_t target_size) { 33 | CHECK_LE(code.size(), target_size); 34 | CHECK_EQ(code.size() % 4, 0); 35 | CHECK_EQ(target_size % 4, 0); 36 | code.resize(target_size, 0); 37 | } 38 | 39 | template <> 40 | std::string RestoreUContextStackBytes(const GRegSet& gregs) { 41 | std::string stack_bytes; 42 | stack_bytes.append(reinterpret_cast(&gregs.eflags), 8); 43 | stack_bytes.append(reinterpret_cast(&gregs.rip), 8); 44 | return stack_bytes; 45 | } 46 | 47 | template <> 48 | std::string RestoreUContextStackBytes(const GRegSet& gregs) { 49 | std::string stack_bytes; 50 | // aarch64 RestoreUContext currently zeros out the memory it uses 51 | stack_bytes.append(8, 0); 52 | return stack_bytes; 53 | } 54 | 55 | } // namespace silifuzz 56 | -------------------------------------------------------------------------------- /orchestrator/silifuzz_orchestrator_test.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2022 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #include "./orchestrator/silifuzz_orchestrator.h" 16 | 17 | #include 18 | #include 19 | 20 | #include "gmock/gmock.h" 21 | #include "gtest/gtest.h" 22 | 23 | namespace silifuzz { 24 | namespace { 25 | using testing::ElementsAre; 26 | using testing::IsSupersetOf; 27 | 28 | TEST(NextCorpusGenerator, Sequential) { 29 | NextCorpusGenerator gen(3, true, 0); 30 | std::vector actual; 31 | for (int i = 0; i < 5; ++i) { 32 | actual.push_back(gen()); 33 | } 34 | ASSERT_THAT(actual, ElementsAre(0, 1, 2, -1, -1)); 35 | } 36 | 37 | TEST(NextCorpusGenerator, Random) { 38 | std::vector src = {"1", "2", "3"}; 39 | std::vector result; 40 | NextCorpusGenerator gen(src.size(), false, 0); 41 | std::vector actual; 42 | for (int i = 0; i < 100; ++i) { 43 | int idx = gen(); 44 | ASSERT_GE(idx, 0); 45 | ASSERT_LT(idx, src.size()); 46 | result.push_back(src[idx]); 47 | } 48 | ASSERT_THAT(result, IsSupersetOf(src)) 49 | << "Expected a sequence of a 100 random elements to contain each element " 50 | "of the source at least once"; 51 | } 52 | 53 | } // namespace 54 | 55 | } // namespace silifuzz 56 | -------------------------------------------------------------------------------- /tools/snap_corpus_tool_test.sh: -------------------------------------------------------------------------------- 1 | # Copyright 2022 The SiliFuzz Authors. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | #!/bin/bash 16 | 17 | set -eu -o pipefail 18 | 19 | function die() { 20 | echo "$@" 21 | exit 1 22 | } 23 | 24 | readonly TOOL="${TEST_SRCDIR}/${TEST_WORKSPACE}/tools/snap_corpus_tool" 25 | readonly CORPUS="${TEST_SRCDIR}/${TEST_WORKSPACE}/snap/testing/test_corpus" 26 | 27 | function snap_corpus_tool_test() { 28 | # The exact number of Snaps in the corpus can change between arches, so be 29 | # forgiving on the exact number. 30 | "${TOOL}" list_snaps "${CORPUS}" 2>&1 | grep -q -e 'Total [1-3][0-9]$' \ 31 | || die "snap_corpus_tool test failed" 32 | } 33 | 34 | function extract_test() { 35 | OUTPUT="$(mktemp)" 36 | ID=kEndsAsExpected 37 | "${TOOL}" extract "${CORPUS}" ${ID} "${OUTPUT}" 2>&1 \ 38 | | grep -q 'Wrote snap to' \ 39 | || die "extract test failed" 40 | rm -f "${OUTPUT}" 41 | } 42 | 43 | function extract_code_address_test() { 44 | OUTPUT="$(mktemp)" 45 | CODE_ADDRESS=0x32355000 46 | "${TOOL}" extract_code_address "${CORPUS}" ${CODE_ADDRESS} \ 47 | "${OUTPUT}" 2>&1 | grep -q 'Wrote snap to' \ 48 | || die "extract_code_address test failed" 49 | rm -f "${OUTPUT}" 50 | } 51 | 52 | snap_corpus_tool_test 53 | extract_test 54 | extract_code_address_test 55 | 56 | echo "PASS" 57 | -------------------------------------------------------------------------------- /tracing/analysis.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef THIRD_PARTY_SILIFUZZ_TRACING_ANALYSIS_H_ 16 | #define THIRD_PARTY_SILIFUZZ_TRACING_ANALYSIS_H_ 17 | 18 | #include 19 | #include 20 | #include 21 | 22 | #include "absl/status/statusor.h" 23 | #include "./tracing/execution_trace.h" 24 | #include "./tracing/tracer_factory.h" 25 | 26 | namespace silifuzz { 27 | 28 | struct FaultInjectionResult { 29 | size_t instruction_count; 30 | size_t fault_injection_count; 31 | size_t fault_detection_count; 32 | float sensitivity; 33 | }; 34 | 35 | // Perform fault analysis with a tracer of `tracer_type` on the snippet 36 | // `instructions`. `execution_trace` must contain a valid trace. If this 37 | // function is successful, the trace is annotated with which instructions were 38 | // critical in detecting faults. If successful, this function returns aggregate 39 | // statistics about the fault injection. 40 | template 41 | absl::StatusOr AnalyzeSnippetWithFaultInjection( 42 | TracerType tracer_type, const std::string& instructions, 43 | ExecutionTrace& execution_trace, uint32_t expected_memory_checksum); 44 | 45 | } // namespace silifuzz 46 | 47 | #endif // THIRD_PARTY_SILIFUZZ_TRACING_ANALYSIS_H_ 48 | -------------------------------------------------------------------------------- /common/memory_bytes_set.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2022 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #include "./common/memory_bytes_set.h" 16 | 17 | #include 18 | 19 | namespace silifuzz { 20 | 21 | MemoryBytesSet::ByteSize MemoryBytesSet::byte_size() const { 22 | ByteSize size = 0; 23 | for (auto i = rep_.begin(); i != rep_.end(); ++i) { 24 | size += i.limit() - i.start(); 25 | } 26 | return size; 27 | } 28 | 29 | void MemoryBytesSet::Add(Address start_address, Address limit_address) { 30 | rep_.Add(start_address, limit_address, kDummyMappedValue); 31 | } 32 | 33 | void MemoryBytesSet::Add(const MemoryBytesSet& y) { rep_.AddRangeMap(y.rep_); } 34 | 35 | void MemoryBytesSet::Remove(Address start_address, Address limit_address) { 36 | rep_.Remove(start_address, limit_address, false /* value does not matter */); 37 | } 38 | 39 | void MemoryBytesSet::Intersect(const MemoryBytesSet& y) { 40 | Rep intersection; 41 | intersection.AddIntersectionOf(rep_, y.rep_); 42 | rep_ = std::move(intersection); 43 | } 44 | 45 | bool MemoryBytesSet::IsDisjoint(Address start_address, 46 | Address limit_address) const { 47 | auto range = rep_.Find(start_address, limit_address); 48 | return range.first == range.second; // empty overlap 49 | } 50 | 51 | } // namespace silifuzz 52 | -------------------------------------------------------------------------------- /util/ucontext/aarch64/signal_test_widgets.S: -------------------------------------------------------------------------------- 1 | // Copyright 2022 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | .text 16 | 17 | .p2align 2 18 | .globl UnmappedRead 19 | .type UnmappedRead, @function 20 | UnmappedRead: 21 | ldr x0, [x0] 22 | ret 23 | .size UnmappedRead, .-UnmappedRead 24 | 25 | .p2align 2 26 | .globl UnmappedWrite 27 | .type UnmappedWrite, @function 28 | UnmappedWrite: 29 | str x0, [x0] 30 | ret 31 | .size UnmappedWrite, .-UnmappedWrite 32 | 33 | .p2align 2 34 | .globl IllegalInstruction 35 | .type IllegalInstruction, @function 36 | IllegalInstruction: 37 | udf 0 38 | ret 39 | .size IllegalInstruction, .-IllegalInstruction 40 | 41 | .p2align 2 42 | .globl PrivilegedInstruction 43 | .type PrivilegedInstruction, @function 44 | PrivilegedInstruction: 45 | mrs x0, esr_el1 46 | ret 47 | .size PrivilegedInstruction, .-PrivilegedInstruction 48 | 49 | .p2align 2 50 | .globl DebugInstruction 51 | .type DebugInstruction, @function 52 | DebugInstruction: 53 | brk #7 54 | ret 55 | .size DebugInstruction, .-DebugInstruction 56 | 57 | .p2align 2 58 | .globl UnalignedStack 59 | .type UnalignedStack, @function 60 | UnalignedStack: 61 | str x0, [sp, #-8]! 62 | ldr x0, [sp], #8 63 | ret 64 | .size UnalignedStack, .-UnalignedStack 65 | -------------------------------------------------------------------------------- /util/avx.h: -------------------------------------------------------------------------------- 1 | // Copyright 2022 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef THIRD_PARTY_SILIFUZZ_UTIL_AVX_H_ 16 | #define THIRD_PARTY_SILIFUZZ_UTIL_AVX_H_ 17 | // Utilities dealing with AVX/AVX2/AVX-512 extension 18 | #ifdef __x86_64__ 19 | 20 | namespace silifuzz { 21 | 22 | // Returns true iff AVX-512 foundation instruction set is supported and 23 | // registers zmm0-zmm31 and k0-k7 are accessible. 24 | // 25 | // This is in "C" namespace as this is called from assembly and it is easier to 26 | // do so without function name mangling. 27 | extern "C" bool HasAVX512Registers(); 28 | 29 | // Clears AVX-512 registers zmm16 to zmm31 and also opmask registers k0 to k7. 30 | // This is part of AVX-512 state that can only be cleared using AVX-512F. The 31 | // lower 16 AVX registers can be cleared using AVX instruction vzeroupper. 32 | // 33 | // REQUIRES: HasAVX512Registers() returns true. 34 | // 35 | // This cannot be called from C++ code. The x86_64 ABI specifies all AVX 36 | // registers as caller-saved. A C++ caller saves all live AVX registers before 37 | // calling this and restores those registers after call. 38 | // 39 | // This is in "C" namespace like HasAVX512Registers() above. 40 | extern "C" void ClearAVX512OnlyState(); 41 | 42 | } // namespace silifuzz 43 | 44 | #endif // __x86_64__ 45 | #endif // THIRD_PARTY_SILIFUZZ_UTIL_AVX_H_ 46 | -------------------------------------------------------------------------------- /util/path_util.h: -------------------------------------------------------------------------------- 1 | // Copyright 2022 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef THIRD_PARTY_SILIFUZZ_UTIL_PATH_UTIL_H_ 16 | #define THIRD_PARTY_SILIFUZZ_UTIL_PATH_UTIL_H_ 17 | 18 | #include 19 | 20 | #include "absl/status/statusor.h" 21 | #include "absl/strings/string_view.h" 22 | 23 | namespace silifuzz { 24 | 25 | // Creates a unique temporary file with the given prefix and an optional 26 | // suffix. See man mkstemps for details. 27 | // The file is guaranteed to exist if this function returns a value. 28 | // RETURNS file name or status if there was an error. 29 | absl::StatusOr CreateTempFile(absl::string_view prefix, 30 | absl::string_view suffix = ""); 31 | 32 | // Returns the part of the path after the final "/". If there is no 33 | // "/" in the path, the result is the same as the input. 34 | absl::string_view Basename(absl::string_view path); 35 | 36 | // Returns the part of the path before the final "/", EXCEPT: 37 | // * If there is a single leading "/" in the path, the result will be the 38 | // leading "/". 39 | // * If there is no "/" in the path, the result is the empty prefix of the 40 | // input string. 41 | absl::string_view Dirname(absl::string_view path); 42 | 43 | } // namespace silifuzz 44 | 45 | #endif // THIRD_PARTY_SILIFUZZ_UTIL_PATH_UTIL_H_ 46 | -------------------------------------------------------------------------------- /install_build_dependencies.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Copyright 2022 The SiliFuzz Authors. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # https://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | # Tested on Ubuntu 24.04 (Noble Numbat). 17 | # 18 | # * git: to get the SiliFuzz sources. 19 | # * bazel, clang, lld, python: to build SiliFuzz 20 | # * libssl-dev: silifuzz uses SHA1. 21 | # Clang 18 or newer will work. 22 | # To get all of the functionality you may need to install fresh clang from 23 | # source: https://llvm.org/. 24 | 25 | set -eu 26 | 27 | apt update 28 | apt install -y curl gnupg apt-transport-https ca-certificates 29 | 30 | # Add Bazel distribution URI as a package source following: 31 | # https://docs.bazel.build/versions/main/install-ubuntu.html 32 | curl -fsSL https://bazel.build/bazel-release.pub.gpg \ 33 | | gpg --dearmor > /etc/apt/trusted.gpg.d/bazel.gpg 34 | echo "deb [arch=amd64] https://storage.googleapis.com/bazel-apt stable jdk1.8" \ 35 | | tee /etc/apt/sources.list.d/bazel.list 36 | apt update 37 | 38 | # Install dependencies. 39 | # `DEBIAN_FRONTEND=noninteractive` avoids interactive prompts that interrupt the 40 | # script while installing a transitive dependency: `tzdata`. 41 | # Note that this is a debconf-specific env var that is required by both Debian 42 | # and Ubuntu. 43 | DEBIAN_FRONTEND=noninteractive apt install --no-install-recommends -y git bazel bazel-8.2.1 libssl-dev libzstd-dev clang libclang-rt-dev lld python3 libpython3-stdlib 44 | -------------------------------------------------------------------------------- /tracing/unicorn_util.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2023 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #include "./tracing/unicorn_util.h" 16 | 17 | #include 18 | 19 | #include 20 | 21 | #include "./common/memory_perms.h" 22 | #include "./common/snapshot.h" 23 | #include "./util/checks.h" 24 | #include "third_party/unicorn/unicorn.h" 25 | 26 | namespace silifuzz { 27 | 28 | uint32_t MemoryPermsToUnicorn(const MemoryPerms& perms) { 29 | uint32_t prot = 0; 30 | if (perms.Has(MemoryPerms::kReadable)) { 31 | prot |= UC_PROT_READ; 32 | } 33 | if (perms.Has(MemoryPerms::kWritable)) { 34 | prot |= UC_PROT_WRITE; 35 | } 36 | if (perms.Has(MemoryPerms::kExecutable)) { 37 | prot |= UC_PROT_EXEC; 38 | } 39 | return prot; 40 | } 41 | 42 | uint64_t GetExitPoint(const Snapshot& snapshot) { 43 | const Snapshot::EndStateList& end_states = snapshot.expected_end_states(); 44 | CHECK(!end_states.empty()); 45 | uint64_t exit_point = end_states[0].endpoint().instruction_address(); 46 | for (const Snapshot::EndState& end_state : end_states) { 47 | // Note: this should never happen for Snapshots produced with 48 | // InstructionsToSnapshot, but in theory it could happen for old x86_64 49 | // Snapshots. 50 | CHECK_EQ(end_state.endpoint().instruction_address(), exit_point); 51 | } 52 | return exit_point; 53 | } 54 | 55 | } // namespace silifuzz 56 | -------------------------------------------------------------------------------- /tracing/unicorn_util.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef THIRD_PARTY_SILIFUZZ_TRACING_UNICORN_UTIL_H_ 16 | #define THIRD_PARTY_SILIFUZZ_TRACING_UNICORN_UTIL_H_ 17 | 18 | #include 19 | 20 | #include "./common/memory_perms.h" 21 | #include "./common/snapshot.h" 22 | #include "./util/checks.h" 23 | #include "./util/itoa.h" 24 | #include "third_party/unicorn/unicorn.h" 25 | 26 | namespace silifuzz { 27 | 28 | // Assert that a call to the Unicorn API completed successfully. 29 | #define UNICORN_CHECK(...) \ 30 | do { \ 31 | uc_err __uc_check_err = __VA_ARGS__; \ 32 | if ((__uc_check_err != UC_ERR_OK)) { \ 33 | LOG_FATAL(#__VA_ARGS__ " failed with ", \ 34 | silifuzz::IntStr(__uc_check_err), ": ", \ 35 | uc_strerror(__uc_check_err)); \ 36 | } \ 37 | } while (0); 38 | 39 | // Translate Silifuzz's MemoryPerms into Unicorn's protection flags. 40 | uint32_t MemoryPermsToUnicorn(const MemoryPerms& perms); 41 | 42 | // Determine where the Snapshot will stop executing. 43 | uint64_t GetExitPoint(const Snapshot& snapshot); 44 | 45 | } // namespace silifuzz 46 | 47 | #endif // THIRD_PARTY_SILIFUZZ_TRACING_UNICORN_UTIL_H_ 48 | -------------------------------------------------------------------------------- /player/play_options.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2022 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #include "./player/play_options.h" 16 | 17 | #include // CPU_SETSIZE 18 | #include 19 | 20 | #include "absl/time/time.h" 21 | #include "./util/cpu_id.h" 22 | 23 | namespace silifuzz { 24 | 25 | // static 26 | const PlayOptions& PlayOptions::Default() { 27 | static constexpr PlayOptions x = PlayOptions(); 28 | return x; 29 | } 30 | 31 | bool PlayOptions::IsValid() const { 32 | return run_time_budget >= absl::ZeroDuration() && 33 | cpu_usage_baseline >= absl::ZeroDuration() && 34 | // The upperbound should be number of CPUs but there is 35 | // no simple way to get this without libc. 36 | (preferred_cpu_id == kAnyCPUId || 37 | (preferred_cpu_id >= 0 && preferred_cpu_id < CPU_SETSIZE)); 38 | } 39 | 40 | absl::Duration PlayOptions::CorrectedCpuUsage(int64_t cpu_usage_nsec) const { 41 | // We correct a failed measurement to be the baseline: We assume that a 42 | // snapshot for which cpu_usage measurement failed was equivalent to an 43 | // empty snapshot. Ideally we should instead use a recent average of 44 | // CorrectedCpuUsage() values. 45 | return cpu_usage_nsec == 0 46 | ? absl::ZeroDuration() 47 | : absl::Nanoseconds(cpu_usage_nsec) - cpu_usage_baseline; 48 | } 49 | 50 | } // namespace silifuzz 51 | -------------------------------------------------------------------------------- /util/atoi.h: -------------------------------------------------------------------------------- 1 | // Copyright 2022 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef THIRD_PARTY_SILIFUZZ_UTIL_ATOI_H_ 16 | #define THIRD_PARTY_SILIFUZZ_UTIL_ATOI_H_ 17 | 18 | #include 19 | #include 20 | 21 | namespace silifuzz { 22 | 23 | // Converts a decimal number represented by 'str' and stores converted value 24 | // in *'result'. 'str' must be a non-empty C string consisting only of decimal 25 | // digits. The converted value must also be representable by uint64_t type. 26 | // Returns true iff conversion is successful. 27 | bool DecToU64(const char* str, uint64_t* result); 28 | 29 | // Like the above but converts up to the first 'len' characters of 'str'. 30 | // If str terminates before 'len', the conversion is up the string length. 31 | // This works similar to strncpy() and strncmp(). 32 | bool DecToU64(const char* str, size_t len, uint64_t* result); 33 | 34 | // Like DecToU64() above but for hexadecimal numbers. 'str' may have an prefix 35 | // '0x' or '0X'. Except for the prefix, it must consist entirely of hexadecimal 36 | // digits in either upper or lower case. 37 | bool HexToU64(const char* str, uint64_t* result); 38 | 39 | // Like the above but converts up to the first 'len' characters of 'str'. 40 | bool HexToU64(const char* str, size_t len, uint64_t* result); 41 | 42 | } // namespace silifuzz 43 | 44 | #endif // THIRD_PARTY_SILIFUZZ_UTIL_ATOI_H_ 45 | -------------------------------------------------------------------------------- /tool_libs/snapshot_summary_proto_util.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2023 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #include "./tool_libs/snapshot_summary_proto_util.h" 16 | 17 | #include "absl/status/statusor.h" 18 | #include "./common/memory_mapping.h" 19 | #include "./common/snapshot_proto.h" 20 | #include "./proto/snapshot.pb.h" 21 | #include "./tool_libs/snap_group.h" 22 | #include "./util/checks.h" 23 | 24 | namespace silifuzz { 25 | 26 | absl::StatusOr SnapshotSummaryProto::FromProto( 27 | const proto::SnapshotSummary& proto) { 28 | SnapshotGroup::SnapshotSummary::MemoryMappingList memory_mappings; 29 | for (const proto::MemoryMapping& mp : proto.memory_mappings()) { 30 | ASSIGN_OR_RETURN_IF_NOT_OK(auto m, SnapshotProto::FromProto(mp)); 31 | memory_mappings.emplace_back(m); 32 | } 33 | return SnapshotGroup::SnapshotSummary(proto.id(), memory_mappings, 34 | proto.sort_key()); 35 | } 36 | 37 | void SnapshotSummaryProto::ToProto( 38 | const SnapshotGroup::SnapshotSummary& summary, 39 | proto::SnapshotSummary* summary_proto) { 40 | summary_proto->set_id(summary.id()); 41 | summary_proto->set_sort_key(summary.sort_key()); 42 | for (const MemoryMapping& m : summary.memory_mappings()) { 43 | SnapshotProto::ToProto(m, summary_proto->add_memory_mappings()); 44 | } 45 | } 46 | 47 | } // namespace silifuzz 48 | -------------------------------------------------------------------------------- /util/cache.h: -------------------------------------------------------------------------------- 1 | // Copyright 2022 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef THIRD_PARTY_SILIFUZZ_UTIL_CACHE_H_ 16 | #define THIRD_PARTY_SILIFUZZ_UTIL_CACHE_H_ 17 | 18 | #include 19 | 20 | namespace silifuzz { 21 | 22 | // Ensure memory in the range [begin, end) has been flushed from the dcache 23 | // and invalidated in the icache. This ensures any attempt to execute 24 | // instructions in this range will see the latest version of the data. 25 | // This is required if code is dynamically loaded or generated on aarch64. 26 | // x86_64 automatically maintains coherency between the dcache and the icache so 27 | // this operation should be a no-op. 28 | // 'begin' and 'end' do not need to be aligned to cache line granularity. This 29 | // function will sync all the cache lines that cover the range, effectively 30 | // rounding 'begin' down and 'end' up as needed. 31 | template 32 | inline void sync_instruction_cache(T* begin, T* end) { 33 | __builtin___clear_cache(reinterpret_cast(begin), 34 | reinterpret_cast(end)); 35 | } 36 | 37 | template 38 | inline void sync_instruction_cache(T* begin, size_t size) { 39 | sync_instruction_cache(reinterpret_cast(begin), 40 | reinterpret_cast(begin) + size); 41 | } 42 | 43 | } // namespace silifuzz 44 | 45 | #endif // THIRD_PARTY_SILIFUZZ_UTIL_CACHE_H_ 46 | -------------------------------------------------------------------------------- /util/signals_test.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2022 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | // signal utilities. 16 | 17 | #include "./util/signals.h" 18 | 19 | #include 20 | 21 | #include 22 | #include 23 | #include 24 | #include 25 | 26 | #include "gtest/gtest.h" 27 | #include "./util/checks.h" 28 | 29 | namespace silifuzz { 30 | namespace { 31 | 32 | TEST(Signals, IgnoreSignal) { 33 | int pipefd[2]; 34 | ASSERT_EQ(pipe(pipefd), 0); 35 | 36 | // Close the read end. Child should get a EPIPE on write. 37 | close(pipefd[0]); 38 | 39 | EXPECT_EXIT( 40 | { 41 | // Revert SIGPIPE to default to ensure IgnoreSignal() works. 42 | signal(SIGPIPE, SIG_DFL); 43 | 44 | IgnoreSignal(SIGPIPE); 45 | char dummy = 0; 46 | ssize_t result; 47 | do { 48 | result = write(pipefd[1], &dummy, sizeof(dummy)); 49 | } while (result == -1 && errno == EINTR); 50 | if (result != -1) { 51 | LOG_ERROR("write succeeded unexpectedly"); 52 | exit(1); 53 | } 54 | if (errno != EPIPE) { 55 | LOG_ERROR("unexpected errno ", strerror(errno)); 56 | exit(2); 57 | } 58 | LOG_INFO("Success"); 59 | exit(0); 60 | }, 61 | testing::ExitedWithCode(0), "Success"); 62 | 63 | close(pipefd[1]); 64 | } 65 | 66 | } // namespace 67 | } // namespace silifuzz 68 | -------------------------------------------------------------------------------- /util/ucontext/x86_64/ucontext_offsets.h: -------------------------------------------------------------------------------- 1 | // Copyright 2024 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | // Automatically generated by ucontext_offsets_gen.cc, do not change 16 | #ifndef THIRD_PARTY_SILIFUZZ_UTIL_UCONTEXT_X86_64_UCONTEXT_OFFSETS_H_ 17 | #define THIRD_PARTY_SILIFUZZ_UTIL_UCONTEXT_X86_64_UCONTEXT_OFFSETS_H_ 18 | #define UCONTEXT_VIEW_FPREGS_OFFSET 0x0 19 | #define UCONTEXT_VIEW_GREGS_OFFSET 0x8 20 | #define UCONTEXT_FPREGS_OFFSET 0x0 21 | #define UCONTEXT_GREGS_OFFSET 0x200 22 | #define GREGS_R8_OFFSET 0x0 23 | #define GREGS_R9_OFFSET 0x8 24 | #define GREGS_R10_OFFSET 0x10 25 | #define GREGS_R11_OFFSET 0x18 26 | #define GREGS_R12_OFFSET 0x20 27 | #define GREGS_R13_OFFSET 0x28 28 | #define GREGS_R14_OFFSET 0x30 29 | #define GREGS_R15_OFFSET 0x38 30 | #define GREGS_RAX_OFFSET 0x68 31 | #define GREGS_RBX_OFFSET 0x58 32 | #define GREGS_RCX_OFFSET 0x70 33 | #define GREGS_RDX_OFFSET 0x60 34 | #define GREGS_RBP_OFFSET 0x50 35 | #define GREGS_RSP_OFFSET 0x78 36 | #define GREGS_RSI_OFFSET 0x48 37 | #define GREGS_RDI_OFFSET 0x40 38 | #define GREGS_RIP_OFFSET 0x80 39 | #define GREGS_EFLAGS_OFFSET 0x88 40 | #define GREGS_FS_BASE_OFFSET 0xa0 41 | #define GREGS_GS_BASE_OFFSET 0xa8 42 | #define GREGS_CS_OFFSET 0x90 43 | #define GREGS_SS_OFFSET 0x96 44 | #define GREGS_FS_OFFSET 0x94 45 | #define GREGS_GS_OFFSET 0x92 46 | #define GREGS_ES_OFFSET 0x9a 47 | #define GREGS_DS_OFFSET 0x98 48 | #endif // THIRD_PARTY_SILIFUZZ_UTIL_UCONTEXT_X86_64_UCONTEXT_OFFSETS_H_ 49 | -------------------------------------------------------------------------------- /util/x86_64/start.S: -------------------------------------------------------------------------------- 1 | // Copyright 2022 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | /* A simple implementation of _start on x86-64. */ 16 | 17 | .text 18 | .p2align 4 19 | .globl _start 20 | .type _start, @function 21 | 22 | /* 23 | * According to x86-64 ABI. A Linux process starts with the following 24 | * register values: 25 | * 26 | * %rbp is unspecified at process initialization time, but the user code should 27 | * mark the deepest stack frame by setting the frame pointer to zero. 28 | * %rsp holds the address of the byte with lowest address which is part of the 29 | * stack. It is guaranteed to be 16-byte aligned at process entry. 30 | * %rdx a function pointer that the application should register with atexit 31 | * (BA_OS). 32 | */ 33 | 34 | _start: 35 | .cfi_startproc 36 | 37 | /* Clear frame pointer to terminate stack chain. */ 38 | xorq %rbp, %rbp 39 | 40 | /* Pass the raw stack pointer as an argument to _start_1. */ 41 | movq %rsp, %rdi 42 | 43 | /* 44 | * Handle rest of initialization in C++. This is actually a tail-call 45 | * but we use a call instruction here to keep %rsp properly aligned 46 | * for the callee. 47 | */ 48 | call _start_1@PLT 49 | 50 | /* Unreachable. Loop forever in case _start_1() returns. */ 51 | jmp . 52 | .cfi_endproc 53 | .size _start, .-_start 54 | .section .note.GNU-stack,"",@progbits 55 | -------------------------------------------------------------------------------- /snap/testing/snap_test_types.h: -------------------------------------------------------------------------------- 1 | // Copyright 2022 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef THIRD_PARTY_SILIFUZZ_SNAP_TESTING_SNAP_TEST_TYPES_H_ 16 | #define THIRD_PARTY_SILIFUZZ_SNAP_TESTING_SNAP_TEST_TYPES_H_ 17 | 18 | #include "./util/itoa.h" 19 | 20 | namespace silifuzz { 21 | 22 | // For each type of generator and runner tests below, a Snapshot is defined. 23 | // The snapshot is snapified using SnapGenerator::Snapified() and passed to 24 | // SnapGenerator::DefineSnap() get a Snap corresponding to the Snapshot. 25 | 26 | // Types of Snap generator tests. These tests are meant for testing code 27 | // generation. The associated Snapshot and Snaps need not to be runnable. 28 | enum class SnapGeneratorTestType { 29 | kBasicSnapGeneratorTest = 0, 30 | kFirstSnapGeneratorTest = kBasicSnapGeneratorTest, 31 | // Code for memory bytes permissions test is generated without forcing all 32 | // mapping writable. See snap_test_snaps_gen.cc. 33 | kMemoryBytesPermsTest = 1, 34 | // TODO(dougkwan): [as-needed] Add more test types when we expend the 35 | // capability of Snap or when we need regression tests. 36 | kLastSnapGeneratorTest = kMemoryBytesPermsTest, 37 | }; 38 | 39 | template <> 40 | inline constexpr const char* EnumNameMap[2] = { 41 | "kBasicSnapGeneratorTest", 42 | "kMemoryBytesPermsTest", 43 | }; 44 | 45 | } // namespace silifuzz 46 | 47 | #endif // THIRD_PARTY_SILIFUZZ_SNAP_TESTING_SNAP_TEST_TYPES_H_ 48 | -------------------------------------------------------------------------------- /runner/endspot.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef THIRD_PARTY_SILIFUZZ_RUNNER_ENDSPOT_H_ 16 | #define THIRD_PARTY_SILIFUZZ_RUNNER_ENDSPOT_H_ 17 | 18 | #include 19 | 20 | #include "./util/arch.h" 21 | #include "./util/reg_checksum.h" 22 | #include "./util/ucontext/signal.h" 23 | #include "./util/ucontext/ucontext_types.h" 24 | 25 | namespace silifuzz { 26 | 27 | // Description of an execution endpoint plus the associated CPU and signal 28 | // state. 29 | struct EndSpot { 30 | using gregs_t = GRegSet; 31 | using fpregs_t = FPRegSet; 32 | 33 | // The signal that was triggered. 0 if none. 34 | int signum; 35 | 36 | // The value of siginfo_t::si_code. 37 | int sig_code; 38 | 39 | // The siginfo_t::si_addr value if relevant for `signum`: 40 | // the address that causes the signal. 41 | uintptr_t sig_address; 42 | 43 | // Arch-specific regs related to the signal. 44 | SignalRegSet sigregs; 45 | 46 | // Values for all the registers. 47 | gregs_t* gregs; 48 | fpregs_t* fpregs; 49 | 50 | // Summary information of registers that are not completely recorded 51 | // at end of snapshot execution. 52 | RegisterChecksum register_checksum; 53 | 54 | // Logs this EndSpot via LOG_INFO(). 55 | // Not a DebugString() so that we can use this in nolibc mode. 56 | void Log() const; 57 | }; 58 | 59 | } // namespace silifuzz 60 | 61 | #endif // THIRD_PARTY_SILIFUZZ_RUNNER_ENDSPOT_H_ 62 | -------------------------------------------------------------------------------- /tool_libs/simple_fix_tool_counters_test.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2022 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #include "./tool_libs/simple_fix_tool_counters.h" 16 | 17 | #include "gmock/gmock.h" 18 | #include "gtest/gtest.h" 19 | 20 | namespace silifuzz { 21 | namespace fix_tool_internal { 22 | namespace { 23 | 24 | TEST(SimpleFixToolCounters, Value) { 25 | SimpleFixToolCounters counters; 26 | EXPECT_EQ(counters.GetValue("foo"), 0); 27 | counters.Increment("foo"); 28 | EXPECT_EQ(counters.GetValue("foo"), 1); 29 | counters.IncrementBy("foo", 41); 30 | EXPECT_EQ(counters.GetValue("foo"), 42); 31 | } 32 | 33 | TEST(SimpleFixToolCounters, Merge) { 34 | SimpleFixToolCounters counters1; 35 | counters1.Increment("foo"); 36 | counters1.Increment("bar"); 37 | SimpleFixToolCounters counters2; 38 | counters2.Increment("bar"); 39 | counters2.IncrementBy("buz", 3); 40 | 41 | counters1.Merge(counters2); 42 | EXPECT_EQ(counters1.GetValue("foo"), 1); 43 | EXPECT_EQ(counters1.GetValue("bar"), 2); 44 | EXPECT_EQ(counters1.GetValue("buz"), 3); 45 | } 46 | 47 | TEST(SimpleFixToolCounters, GetCounterNames) { 48 | SimpleFixToolCounters counters; 49 | counters.Increment("foo"); 50 | counters.Increment("bar"); 51 | counters.Increment("baz"); 52 | EXPECT_THAT(counters.GetCounterNames(), 53 | ::testing::UnorderedElementsAre("foo", "bar", "baz")); 54 | } 55 | 56 | } // namespace 57 | } // namespace fix_tool_internal 58 | } // namespace silifuzz 59 | -------------------------------------------------------------------------------- /util/atoi_internal.h: -------------------------------------------------------------------------------- 1 | // Copyright 2022 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef THIRD_PARTY_SILIFUZZ_UTIL_ATOI_INTERNAL_H_ 16 | #define THIRD_PARTY_SILIFUZZ_UTIL_ATOI_INTERNAL_H_ 17 | 18 | // Internal header for atoi.cc. 19 | // This should only be included by atoi.cc and atoi_test.cc. 20 | 21 | #include 22 | 23 | #include 24 | 25 | #include "./util/checks.h" 26 | 27 | namespace silifuzz { 28 | namespace atoi_internal { 29 | 30 | // Interprets character 'c' as a digit of the given 'base'. 31 | // 'base' must be in [2,36], This characters '0'..'9' encode 32 | // the numbers from 0 to 9. The characters 'a'..'z' and 'A'..'Z' 33 | // both encode the numbers 10 to 36, i.e. case does not matter. 34 | // This corresponds to the digit encoding used in strtol(). 35 | // If 'c' is a valid digit in 'base', returns converted value. 36 | // Otherwise returns -1. 37 | int DigitValue(int base, char c); 38 | 39 | // Converts 'str' into a uint64_t using 'base'. 'str' must be non-empty 40 | // and contain up to at most 'len' characters that can be interpreted as digits 41 | // in 'base'. The converted value must not overflow uint64_t. Returns true if 42 | // conversion is successful and puts value in *'result'. Otherwise returns 43 | // false. 44 | bool StrToU64(int base, const char* str, size_t len, uint64_t* result); 45 | 46 | } // namespace atoi_internal 47 | } // namespace silifuzz 48 | 49 | #endif // THIRD_PARTY_SILIFUZZ_UTIL_ATOI_INTERNAL_H_ 50 | -------------------------------------------------------------------------------- /util/testing/vsyscall.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2024 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #include "./util/testing/vsyscall.h" 16 | 17 | #include 18 | #include 19 | #include 20 | 21 | #include "absl/status/status.h" 22 | #include "absl/status/statusor.h" 23 | #include "absl/strings/match.h" 24 | #include "absl/strings/str_split.h" 25 | 26 | namespace silifuzz { 27 | 28 | namespace { 29 | 30 | // Helper of VSyscallRegionReadable() below. Called once only. 31 | absl::StatusOr CheckVSyscallRegionReadable() { 32 | std::ifstream ifs("/proc/self/maps"); 33 | if (!ifs) { 34 | return absl::InternalError("Failed to open /proc/self/maps"); 35 | } 36 | std::string line; 37 | while (std::getline(ifs, line)) { 38 | if (absl::StrContains(line, "[vsyscall]")) { 39 | std::vector parts = 40 | absl::StrSplit(line, ' ', absl::SkipEmpty()); 41 | if (parts.size() < 2) { 42 | return absl::InternalError("Failed to parse /proc/self/maps"); 43 | } 44 | const std::string& perms = parts[1]; 45 | return absl::StrContains(perms, "r"); 46 | } 47 | } 48 | if (ifs.bad()) { 49 | return absl::InternalError("Failed to read /proc/self/maps"); 50 | } 51 | return false; 52 | } 53 | 54 | } // namespace 55 | 56 | absl::StatusOr VSyscallRegionReadable() { 57 | static absl::StatusOr readable = CheckVSyscallRegionReadable(); 58 | return readable; 59 | } 60 | 61 | } // namespace silifuzz 62 | -------------------------------------------------------------------------------- /fuzzer/program_batch_mutator.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 The Silifuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef THIRD_PARTY_SILIFUZZ_FUZZER_PROGRAM_BATCH_MUTATOR_H_ 16 | #define THIRD_PARTY_SILIFUZZ_FUZZER_PROGRAM_BATCH_MUTATOR_H_ 17 | 18 | #include 19 | #include 20 | #include 21 | #include 22 | 23 | #include "./fuzzer/program.h" 24 | #include "./fuzzer/program_mutator.h" 25 | 26 | namespace silifuzz { 27 | 28 | template 29 | class ProgramBatchMutator { 30 | public: 31 | // `seed` is used to initialized the mutator's RNG. 32 | // `crossover_weight` determines how much crossover the mutator performs. 33 | // 0.0 => no crossover / 1.0 => only crossover 34 | // `max_len` is the largest size (in bytes) that the output should be. 35 | ProgramBatchMutator(uint64_t seed, double crossover_weight, 36 | size_t max_len = std::numeric_limits::max()); 37 | 38 | void Mutate(const std::vector *> &inputs, 39 | size_t num_mutants, std::vector> &mutants); 40 | 41 | private: 42 | void GenerateSingleOutput(const Program &input, 43 | const Program &other, 44 | std::vector &output); 45 | 46 | MutatorRng rng_; 47 | size_t max_len_; 48 | 49 | ProgramMutatorPtr mutator_; 50 | }; 51 | 52 | } // namespace silifuzz 53 | 54 | #endif // THIRD_PARTY_SILIFUZZ_FUZZER_PROGRAM_BATCH_MUTATOR_H_ 55 | -------------------------------------------------------------------------------- /instruction/static_insn_filter.h: -------------------------------------------------------------------------------- 1 | // Copyright 2022 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef THIRD_PARTY_SILIFUZZ_INSTRUCTION_STATIC_INSN_FILTER_H_ 16 | #define THIRD_PARTY_SILIFUZZ_INSTRUCTION_STATIC_INSN_FILTER_H_ 17 | 18 | #include "absl/strings/string_view.h" 19 | #include "./util/arch.h" 20 | 21 | namespace silifuzz { 22 | 23 | template 24 | struct InstructionFilterConfig; 25 | 26 | template <> 27 | struct InstructionFilterConfig {}; 28 | 29 | template <> 30 | struct InstructionFilterConfig { 31 | bool sve_instructions_allowed = true; 32 | bool load_store_instructions_allowed = true; 33 | }; 34 | 35 | // Accept or reject this instruction sequence using simple static analysis. 36 | // Returns true if the static analysis believes `code` is OK. 37 | // Static analysis can be imprecise, so this function is biased towards 38 | // filtering out obvious problems and letting everything else through. 39 | // Static analysis should be lightweight compared to the full making process and 40 | // works fine even with a host / target mismatch - such as fuzzing aarch64 qemu 41 | // on a x86_64 host. 42 | // Some architectures may not filter any instruction sequence at this stage and 43 | // always return true. 44 | template 45 | bool StaticInstructionFilter(absl::string_view code, 46 | const InstructionFilterConfig& config = {}); 47 | 48 | } // namespace silifuzz 49 | 50 | #endif // THIRD_PARTY_SILIFUZZ_INSTRUCTION_STATIC_INSN_FILTER_H_ 51 | -------------------------------------------------------------------------------- /util/atoi_internal.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2022 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #include "./util/atoi_internal.h" 16 | 17 | #include 18 | 19 | #include 20 | #include 21 | 22 | namespace silifuzz { 23 | namespace atoi_internal { 24 | 25 | int DigitValue(int base, char c) { 26 | int value; 27 | if (c >= '0' && c <= '9') { 28 | value = c - '0'; 29 | } else if (c >= 'a' && c <= 'z') { 30 | value = c - 'a' + 10; 31 | } else if (c >= 'A' && c <= 'Z') { 32 | value = c - 'A' + 10; 33 | } else { 34 | return -1; 35 | } 36 | return value < base ? value : -1; 37 | } 38 | 39 | bool StrToU64(int base, const char* str, size_t len, uint64_t* result) { 40 | uint64_t value = 0; 41 | if (*str == '\0') { // 'str' cannot be empty. 42 | return false; 43 | } 44 | 45 | // limit_value * base + limit_digit = max(). 46 | const uint64_t limit_value = std::numeric_limits::max() / base; 47 | const uint64_t limit_digit = std::numeric_limits::max() % base; 48 | 49 | for (size_t i = 0; i < len && str[i] != '\0'; ++i) { 50 | const int digit = DigitValue(base, str[i]); 51 | if (digit < 0) { 52 | return false; 53 | } 54 | 55 | // Check for overflow. 56 | if (value > limit_value || (value == limit_value && digit > limit_digit)) { 57 | return false; 58 | } 59 | value = value * base + digit; 60 | } 61 | 62 | *result = value; 63 | return true; 64 | } 65 | 66 | } // namespace atoi_internal 67 | } // namespace silifuzz 68 | -------------------------------------------------------------------------------- /util/strcat.h: -------------------------------------------------------------------------------- 1 | // Copyright 2022 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef THIRD_PARTY_SILIFUZZ_UTIL_STRCAT_H_ 16 | #define THIRD_PARTY_SILIFUZZ_UTIL_STRCAT_H_ 17 | 18 | #include 19 | 20 | #include "absl/strings/string_view.h" 21 | 22 | namespace silifuzz { 23 | 24 | namespace strcat_internal { 25 | 26 | // Helper for StrCat::StrCat below. 27 | void CatPieces(std::initializer_list pieces, char* output, 28 | int max_string_length); 29 | 30 | template 31 | class StrCat { 32 | static_assert(MaxLength >= 0); 33 | 34 | public: 35 | StrCat(std::initializer_list pieces) { 36 | CatPieces(pieces, buf_, MaxLength); 37 | } 38 | 39 | StrCat(const StrCat&) = delete; 40 | StrCat(StrCat&&) = delete; 41 | StrCat& operator=(const StrCat&) = delete; 42 | StrCat& operator=(StrCat&&) = delete; 43 | 44 | const char* c_str() const { return buf_; } 45 | 46 | private: 47 | char buf_[MaxLength + 1]; 48 | }; 49 | 50 | } // namespace strcat_internal 51 | 52 | // Simple absl::StrCat-like helper that works without libc dependencies and 53 | // does not perform heap allocation. 54 | // Accepts an initializer_list as parameter e.g. 55 | // 56 | // StrCat({"foo", "bar"}); 57 | // 58 | template 59 | inline const char* StrCat(const strcat_internal::StrCat& x) { 60 | return x.c_str(); 61 | } 62 | 63 | } // namespace silifuzz 64 | 65 | #endif // THIRD_PARTY_SILIFUZZ_UTIL_STRCAT_H_ 66 | -------------------------------------------------------------------------------- /util/aarch64/clear_register_groups.S: -------------------------------------------------------------------------------- 1 | // Copyright 2024 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | .text 16 | 17 | .p2align 4 18 | .globl ClearRegisterGroups 19 | .type ClearRegisterGroups, @function 20 | 21 | // This is equivalent to: 22 | // 23 | // void ClearRegisterGroups() { 24 | // if (reg_group_io_sve_vector_width) { 25 | // ClearPRegisters(); 26 | // ClearFfrRegister(); 27 | // } 28 | // } 29 | // 30 | // For simplicity, we use separate functions to clear the extension registers. 31 | // If performance turns out to be an issue, we can inline the sequences to 32 | // avoid the cost of calling and returning. 33 | // 34 | // Note: We skip clearing the Z registers as writes to V floating point 35 | // registers already clear the Z registers from [128 bits, vector_length). This 36 | // is because the V registers share the bottom 128-bits of the Z registers. 37 | // 38 | ClearRegisterGroups: 39 | // Save x30 (return address) and x9. 40 | stp x30, x9, [sp, #-16]! 41 | 42 | // Check that SVE is supported. 43 | adrp x9, reg_group_io_sve_vector_width 44 | add x9, x9, :lo12:reg_group_io_sve_vector_width 45 | ldrh w9, [x9] 46 | cbz w9, Exit 47 | 48 | ClearSve: 49 | bl ClearPRegisters 50 | bl ClearFfrRegister 51 | 52 | Exit: 53 | // Restore x30 (return address) and x9. 54 | ldp x30, x9, [sp], #16 55 | ret 56 | .size ClearRegisterGroups, .-ClearRegisterGroups 57 | -------------------------------------------------------------------------------- /fuzzer/hashtest/hashtest_result.proto: -------------------------------------------------------------------------------- 1 | // Copyright 2025 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | syntax = "proto2"; 16 | 17 | package silifuzz.proto; 18 | 19 | import "google/protobuf/timestamp.proto"; 20 | 21 | message HashTestResult { 22 | enum Status { 23 | // This should never occur, included so we absolutely notice a missing or 24 | // mangled message. 25 | UNINITIALIZED = 0; 26 | // The test completed successfully. 27 | OK = 1; 28 | // Data corruption was detected. 29 | FAILED = 2; 30 | // This particular CPU platform is currently not supported. 31 | PLATFORM_NOT_SUPPORTED = 3; 32 | } 33 | 34 | // The hostname of the machine the test ran on. 35 | optional string hostname = 1; 36 | // The platform the test generated instructions for. 37 | // This may not be the same as the actual platform of the machine. 38 | optional string platform = 2; 39 | // The version of hashtest that was run. 40 | optional string version = 3; 41 | 42 | // Is this machine good or bad, or did something go wrong trying to test it? 43 | optional Status status = 4; 44 | 45 | // The beginning and end of the testing period. 46 | optional google.protobuf.Timestamp testing_started = 5; 47 | optional google.protobuf.Timestamp testing_ended = 6; 48 | 49 | // Test statistics. 50 | optional uint64 tests_run = 7; 51 | optional uint64 tests_failed = 8; 52 | 53 | // CPU statistics. 54 | repeated uint32 tested_cpus = 9 [packed = true]; 55 | repeated uint32 suspected_cpus = 10 [packed = true]; 56 | } 57 | -------------------------------------------------------------------------------- /util/cpu_id_test.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2022 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #include "./util/cpu_id.h" 16 | 17 | #include 18 | 19 | #include "gtest/gtest.h" 20 | #include "./util/checks.h" 21 | #include "./util/itoa.h" 22 | 23 | namespace silifuzz { 24 | namespace { 25 | 26 | double RecordConsistency(int (*callback)(), int expected) { 27 | constexpr int kNumIterations = 100; 28 | int is_expected_count = 0; 29 | for (int i = 0; i < kNumIterations; i++) { 30 | sched_yield(); 31 | if (callback() == expected) { 32 | is_expected_count += 1; 33 | } 34 | } 35 | return static_cast(is_expected_count) / kNumIterations; 36 | } 37 | 38 | TEST(CPUId, BasicTest) { 39 | double normal_consistency_sum = 0; 40 | double nosys_consistency_sum = 0; 41 | int num_trials = 0; 42 | 43 | ForEachAvailableCPU([&](int cpu) { 44 | if (SetCPUAffinity(cpu) != 0) { 45 | LOG_ERROR("Cannot bind to CPU ", IntStr(cpu)); 46 | return; 47 | } 48 | normal_consistency_sum += RecordConsistency(&GetCPUId, cpu); 49 | nosys_consistency_sum += RecordConsistency(&GetCPUIdNoSyscall, cpu); 50 | num_trials += 1; 51 | }); 52 | 53 | EXPECT_GE(num_trials, 0); 54 | 55 | // This is chosen empirically to keep failure rate below 1 in 10000. 56 | constexpr double kAcceptableErrorRate = 0.10; 57 | EXPECT_GE(normal_consistency_sum, num_trials * (1.0 - kAcceptableErrorRate)); 58 | EXPECT_GE(nosys_consistency_sum, num_trials * (1.0 - kAcceptableErrorRate)); 59 | } 60 | 61 | } // namespace 62 | } // namespace silifuzz 63 | -------------------------------------------------------------------------------- /util/x86_64/reg_group_io.cc: -------------------------------------------------------------------------------- 1 | // Copyright 2023 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #include "./util/reg_group_io.h" 16 | 17 | #include 18 | #include 19 | 20 | #include 21 | 22 | #include "./util/arch.h" 23 | #include "./util/cpu_features.h" 24 | #include "./util/x86_64/reg_group_io_buffer_offsets.h" 25 | 26 | namespace silifuzz { 27 | 28 | // Flag to tell if AVX512 opmasks are 64-bit or not. This is defined in 29 | // save_registers_groups_to_buffer and set by InitRegisterGroupIO. 30 | extern "C" unsigned char reg_group_io_opmask_is_64_bit; 31 | 32 | // RegisterGroupIOBuffer is used by assembly code, which needs to know struct 33 | // member offsets of the host architecture, which are defined in 34 | // reg_group_io_buffer_offsets.h. Check here the offsets are correct. 35 | static_assert(REGISTER_GROUP_IO_BUFFER_REGISTER_GROUPS_OFFSET == 36 | offsetof(RegisterGroupIOBuffer, register_groups)); 37 | static_assert(REGISTER_GROUP_IO_BUFFER_YMM_OFFSET == 38 | offsetof(RegisterGroupIOBuffer, ymm)); 39 | static_assert(REGISTER_GROUP_IO_BUFFER_ZMM_OFFSET == 40 | offsetof(RegisterGroupIOBuffer, zmm)); 41 | static_assert(REGISTER_GROUP_IO_BUFFER_OPMASK_OFFSET == 42 | offsetof(RegisterGroupIOBuffer, opmask)); 43 | 44 | void InitRegisterGroupIO() { 45 | // SaveRegisterGroupsToBuffer() needs to tell if AVX512BW is supported. 46 | reg_group_io_opmask_is_64_bit = HasX86CPUFeature(X86CPUFeatures::kAVX512BW); 47 | } 48 | 49 | } // namespace silifuzz 50 | -------------------------------------------------------------------------------- /proxies/pmu_event_proxy/pmu_events.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef THIRD_PARTY_SILIFUZZ_PROXIES_PMU_EVENT_PROXY_PMU_EVENTS_H_ 16 | #define THIRD_PARTY_SILIFUZZ_PROXIES_PMU_EVENT_PROXY_PMU_EVENTS_H_ 17 | #include 18 | #include 19 | 20 | #include "absl/status/statusor.h" 21 | 22 | namespace silifuzz { 23 | 24 | using PMUEventList = std::vector; 25 | 26 | // Returns a list of all unique CPU core hardware performance events 27 | // and sub-events on the current platform. Event aliases are de-duped. The names 28 | // of events and sub events returned are the same in version 4 of perform2 29 | // library on Linux (libpfm4). 30 | // 31 | // Events that are not supported by the proxy are filtered out as well. For 32 | // example, events that need to be grouped together are removed since the proxy 33 | // opens counters one at a time. 34 | // 35 | // However, this filter is best-effort and non-exhaustive. Callers should not 36 | // assume that all returned events can be accessed (e.g. kernel may restrict 37 | // access). 38 | absl::StatusOr GetUniqueFilteredCPUCorePMUEvents(); 39 | 40 | // Returns a list of event groups, each of which contains events that can 41 | // be measured together based on the number of variable counters in their 42 | // PMUs. If there is any error, returns a status. 43 | absl::StatusOr> ScheduleEventsForCounters( 44 | const PMUEventList& events); 45 | 46 | } // namespace silifuzz 47 | 48 | #endif // THIRD_PARTY_SILIFUZZ_PROXIES_PMU_EVENT_PROXY_PMU_EVENTS_H_ 49 | -------------------------------------------------------------------------------- /util/page_util.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef THIRD_PARTY_SILIFUZZ_UTIL_PAGE_UTIL_H_ 16 | #define THIRD_PARTY_SILIFUZZ_UTIL_PAGE_UTIL_H_ 17 | 18 | #include 19 | #include 20 | 21 | #include "./util/math.h" 22 | 23 | namespace silifuzz { 24 | 25 | inline constexpr size_t kPageSize = 0x1000; 26 | 27 | constexpr bool IsPageAligned(uintptr_t value, uintptr_t page_size = kPageSize) { 28 | return (value & (page_size - 1)) == 0; 29 | } 30 | 31 | inline bool IsPageAligned(const void* ptr, uintptr_t page_size = kPageSize) { 32 | return IsPageAligned(reinterpret_cast(ptr), page_size); 33 | } 34 | 35 | constexpr uintptr_t RoundDownToPageAlignment(uintptr_t value, 36 | uintptr_t page_size = kPageSize) { 37 | return value & ~(page_size - 1); 38 | } 39 | 40 | template 41 | T* RoundDownToPageAlignment(T* ptr, uintptr_t page_size = kPageSize) { 42 | return reinterpret_cast( 43 | RoundDownToPageAlignment(reinterpret_cast(ptr), page_size)); 44 | } 45 | 46 | inline uintptr_t RoundUpToPageAlignment(uintptr_t value, 47 | uintptr_t page_size = kPageSize) { 48 | return RoundUpToPowerOfTwo(value, page_size); 49 | } 50 | 51 | template 52 | T* RoundUpToPageAlignment(T* ptr, uintptr_t page_size = kPageSize) { 53 | return reinterpret_cast( 54 | RoundUpToPageAlignment(reinterpret_cast(ptr), page_size)); 55 | } 56 | 57 | } // namespace silifuzz 58 | 59 | #endif // THIRD_PARTY_SILIFUZZ_UTIL_PAGE_UTIL_H_ 60 | -------------------------------------------------------------------------------- /util/reg_group_bits.h: -------------------------------------------------------------------------------- 1 | // Copyright 2023 The SiliFuzz Authors. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // https://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | #ifndef THIRD_PARTY_SILIFUZZ_UTIL_REG_GROUP_BITS_H_ 16 | #define THIRD_PARTY_SILIFUZZ_UTIL_REG_GROUP_BITS_H_ 17 | 18 | // This file defines a set of C preprocessor macros for representing register 19 | // groups in different CPU architectures supported by SiliFuzz. The definitions 20 | // are shared by C++ and assembly code. The bits are OR'ed together to form 21 | // a set representation of register groups on a particular architecture. As 22 | // we do not mix register groups of different architectures, bit positions are 23 | // reused in different architectures. 24 | 25 | // ------------------------ x86-64 register groups --------------------------- 26 | 27 | // All GPRs and integer control registers like RFLAGS. 28 | #define X86_REG_GROUP_GPR 0x1 29 | 30 | // Legacy x87 stack, special registers and SSE registers. xmm0-xmm15 and mxcsr. 31 | #define X86_REG_GROUP_FPR_AND_SSE 0x2 32 | 33 | // ymm0-ymm15 34 | #define X86_REG_GROUP_AVX 0x4 35 | 36 | // zmm0-zmm31 and k0-k7 37 | #define X86_REG_GROUP_AVX512 0x8 38 | 39 | // AMX tile configuration and tiles. 40 | #define X86_REG_GROUP_AMX 0x10 41 | 42 | // ------------------------ AArch64 register groups -------------------------- 43 | #define AARCH64_REG_GROUP_GPR 0x1 44 | #define AARCH64_REG_GROUP_FPR 0x2 45 | 46 | // SVE vector width in bytes in bits 2-10 (zero-based, from LSB). 47 | // When these bytes are all zero, SVE is not supported. 48 | #define AARCH64_SVE_VECTOR_WIDTH_OFFSET 2 49 | #define AARCH64_SVE_VECTOR_WIDTH_MASK 0x7FC 50 | 51 | #endif // THIRD_PARTY_SILIFUZZ_UTIL_REG_GROUP_BITS_H_ 52 | --------------------------------------------------------------------------------