Skip to content

Introduce a fuzzer for x86 instruction emulator #6895

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
liuw merged 5 commits into from
Jan 2, 2025
Merged

Introduce a fuzzer for x86 instruction emulator #6895

liuw merged 5 commits into from
Jan 2, 2025

Conversation

@liuw
Copy link
Member

@liuw liuw commented Jan 2, 2025
edited
Loading

Instruction decoding and emulation is complex. Introduce a fuzzer for it.

The fuzzer has found some issues in integer arithmetic. They are fixed in the same PR.

@liuw liuw requested a review from a team as a code owner January 2, 2025 05:24
@liuw liuw force-pushed the fuzz-x86-insn-emulator branch from 39037ee to 04e6ffc Compare January 2, 2025 05:39
likebreath
likebreath reviewed Jan 2, 2025
View reviewed changes
Copy link
Member

@likebreath likebreath left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great addition to the fuzzer set we have. Only two nits below.

@liuw liuw force-pushed the fuzz-x86-insn-emulator branch from 04e6ffc to 798dbd9 Compare January 2, 2025 20:03
liuw added 4 commits January 2, 2025 20:10
@liuw
hypervisor: emulator: adjust iced-x86 feature flags
795aeb6 
The fastfmt feature and VEX support use techniques that appear to leak
memory in the eye of LLVM's address sanitizer.

While at it, disable a bunch of instruction set decoding support we
never intend to support.

Signed-off-by: Wei Liu <[email protected]>
@liuw
hypervisor: emulator: use wrapping arithmetic
fbb2528 
Signed-off-by: Wei Liu <[email protected]>
@liuw
hypervisor: introduce an mshv_emulator feature
b9844b6 
This will become useful when we build the fuzzing target for the
instruction emulator, because there is no need to pull in the rest of
the hypervisor crate in that situation.

Signed-off-by: Wei Liu <[email protected]>
@liuw
fuzz: introduce an x86 instruction emulator fuzzer
e81251d 
Signed-off-by: Wei Liu <[email protected]>
@liuw liuw force-pushed the fuzz-x86-insn-emulator branch from 798dbd9 to e81251d Compare January 2, 2025 20:11
@likebreath likebreath added this pull request to the merge queue Jan 2, 2025
@liuw liuw mentioned this pull request Jan 2, 2025
Closed
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Jan 2, 2025
@liuw liuw added this pull request to the merge queue Jan 2, 2025
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Jan 2, 2025
@likebreath likebreath mentioned this pull request Jan 2, 2025
Closed
@liuw liuw added this pull request to the merge queue Jan 2, 2025
Merged via the queue into cloud-hypervisor:main with commit 7c39f37 Jan 2, 2025
40 checks passed
@liuw liuw deleted the fuzz-x86-insn-emulator branch January 2, 2025 23:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rbradford rbradford rbradford approved these changes

@likebreath likebreath likebreath approved these changes

Assignees

No one assigned

Labels

None yet

Projects

Cloud Hypervisor Roadmap
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@liuw @rbradford @likebreath