|
| 1 | +# syzkaller - Context for Gemini |
| 2 | + |
| 3 | +## Project Overview |
| 4 | +`syzkaller` is an unsupervised, coverage-guided kernel fuzzer. It is a hybrid |
| 5 | +system consisting of a **Go-based manager** (running on a host) and a **C++ |
| 6 | +executor** (running inside the target VM). |
| 7 | + |
| 8 | +- **Primary Language:** Go (Manager, Tools), C++ (Executor). |
| 9 | +- **Architecture:** |
| 10 | + - `syz-manager`: Orchestrates the fuzzing process, manages corpus, and monitors VMs. |
| 11 | + - `syz-executor`: Runs inside the VM, executes test programs via syscalls, and collects coverage. |
| 12 | + - `syz-ci`, `syz-hub`, `dashboard`: Infrastructure for continuous fuzzing and reporting. |
| 13 | + |
| 14 | +## Building and Testing |
| 15 | + |
| 16 | +Prefer to use the `syz-env` Docker container to build the compontents and run |
| 17 | +tests. There's a `./tools/syz-env` script that will start a container and run |
| 18 | +the given command inside it. |
| 19 | + |
| 20 | +Some reference commands: |
| 21 | +* Build everything: `CI=true ./tools/syz-env make`. |
| 22 | +* Run a linter: `CI=true ./tools/syz-env make lint`. |
| 23 | +* Run a test: `CI=true ./tools/syz-env go test ./package -run TestName`. |
| 24 | +* Formatter: `CI=true ./tools/syz-env make format` (runs `gofmt`, `clang-format`, etc). |
| 25 | + |
| 26 | +Note the `CI=true` part - otherwise the commands may not run in your environment. |
| 27 | + |
| 28 | +When running tests (especially in `./prog` and `./pkg/csource`) prefer to run |
| 29 | +individual tests you have affected, otherwise it may take a lot of time. Some |
| 30 | +packages also offer a `-short` flag to run a lighter version of tests. |
| 31 | + |
| 32 | +It may be necessary to first run `CI=true ./tools/syz-env make descriptions` to |
| 33 | +pre-build descriptions for the `sys/*` targets. It may be necessary for all |
| 34 | +tests that eventually use `prog.Target` or `targets.Target`. |
| 35 | + |
| 36 | +## Key Directories |
| 37 | + |
| 38 | +- `syz-manager/`: Entry point for the main fuzzing manager. |
| 39 | +- `executor/`: C++ source code for the test program executor. |
| 40 | +- `pkg/`: Core Go libraries: |
| 41 | + - `pkg/ipc`: IPC mechanism between manager and executor. |
| 42 | + - `pkg/fuzzer`: Fuzzing logic. |
| 43 | + - `pkg/manager`: Manager logic library. |
| 44 | +- `sys/`: System call descriptions (essential for the fuzzer to know how to call the kernel). |
| 45 | + - `sys/linux/`: Linux-specific descriptions (`.txt` and `.const`). |
| 46 | +- `tools/`: Helper utilities (`syz-repro`, `syz-mutate`, etc.). |
| 47 | +- `docs/`: Extensive documentation on setup, internals, and contribution. |
| 48 | + |
| 49 | +## Development Conventions |
| 50 | + |
| 51 | +- **Commit Messages:** Strict formatting required. |
| 52 | + - Format: `dir/path: description` (e.g., `pkg/fuzzer: fix crash in minimization`). |
| 53 | + - No trailing dot in the summary. |
| 54 | +- **Testing:** New features must have tests. Run `make presubmit` before PRs. |
| 55 | +- **Formatting:** Always run `make format` before committing. |
| 56 | +- **Syscall Descriptions:** When modifying `sys/*/*.txt`, `make generate` must be run to update generated code. |
| 57 | +- **Copyright:** When you add new .go files, make sure to add the copyright header to them (use other .go files for reference and update the year to the current one). |
0 commit comments