aboutsummaryrefslogtreecommitdiff
path: root/apps/test/fuzz.c
blob: 150a5ba60f45d0c18f99ac1b59ae533cec5b5ded (plain) (blame) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54

// MIT License, Copyright (c) 2021 Marvin Borner

#include "test.h"

#include <def.h>
#include <print.h>
#include <rand.h>
#include <sys.h>

// TODO: Make syscall fuzzer actually useful
#define FUZZ_COUNT 1000

static res syscall(enum sys num, int d1, int d2, int d3, int d4, int d5)
{
	int a;
	__asm__ volatile("int $0x80"
			 : "=a"(a)
			 : "0"(num), "b"((int)d1), "c"((int)d2), "d"((int)d3), "S"((int)d4),
			   "D"((int)d5));
	return a;
}

static u8 sys_bad_call(enum sys num)
{
	return num == SYS_EXIT || num == SYS_EXEC;
}

static enum sys sys_random_call(void)
{
	u32 num;
	do {
		num = rand_range(SYS_MIN, SYS_MAX);
	} while (sys_bad_call(num));
	return num;
}

void fuzz(void)
{
	u32 cnt = FUZZ_COUNT;
	while (cnt) {
		enum sys num = sys_random_call();
		u32 d1 = rand();
		u32 d2 = rand();
		u32 d3 = rand();
		u32 d4 = rand();
		u32 d5 = rand();

		log("%d: %d\n", num, syscall(num, d1, d2, d3, d4, d5));

		cnt--;
	}

	log("Fuzzer: OK!\n");
}