Message ID | 20190725032321.12721-1-alxndr@bu.edu (mailing list archive) |
---|---|
Headers | show |
Series | Add virtual device fuzzing support | expand |
Patchew URL: https://patchew.org/QEMU/20190725032321.12721-1-alxndr@bu.edu/ Hi, This series seems to have some coding style problems. See output below for more information: Type: series Subject: [Qemu-devel] [RFC 00/19] Add virtual device fuzzing support Message-id: 20190725032321.12721-1-alxndr@bu.edu === TEST SCRIPT BEGIN === #!/bin/bash git rev-parse base > /dev/null || exit 0 git config --local diff.renamelimit 0 git config --local diff.renames True git config --local diff.algorithm histogram ./scripts/checkpatch.pl --mailback base.. === TEST SCRIPT END === Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384 From https://github.com/patchew-project/qemu * [new tag] patchew/20190725032321.12721-1-alxndr@bu.edu -> patchew/20190725032321.12721-1-alxndr@bu.edu * [new tag] patchew/20190725032722.32271-1-richardw.yang@linux.intel.com -> patchew/20190725032722.32271-1-richardw.yang@linux.intel.com Submodule 'capstone' (https://git.qemu.org/git/capstone.git) registered for path 'capstone' Submodule 'dtc' (https://git.qemu.org/git/dtc.git) registered for path 'dtc' Submodule 'roms/QemuMacDrivers' (https://git.qemu.org/git/QemuMacDrivers.git) registered for path 'roms/QemuMacDrivers' Submodule 'roms/SLOF' (https://git.qemu.org/git/SLOF.git) registered for path 'roms/SLOF' Submodule 'roms/edk2' (https://git.qemu.org/git/edk2.git) registered for path 'roms/edk2' Submodule 'roms/ipxe' (https://git.qemu.org/git/ipxe.git) registered for path 'roms/ipxe' Submodule 'roms/openbios' (https://git.qemu.org/git/openbios.git) registered for path 'roms/openbios' Submodule 'roms/openhackware' (https://git.qemu.org/git/openhackware.git) registered for path 'roms/openhackware' Submodule 'roms/opensbi' (https://git.qemu.org/git/opensbi.git) registered for path 'roms/opensbi' Submodule 'roms/qemu-palcode' (https://git.qemu.org/git/qemu-palcode.git) registered for path 'roms/qemu-palcode' Submodule 'roms/seabios' (https://git.qemu.org/git/seabios.git/) registered for path 'roms/seabios' Submodule 'roms/seabios-hppa' (https://git.qemu.org/git/seabios-hppa.git) registered for path 'roms/seabios-hppa' Submodule 'roms/sgabios' (https://git.qemu.org/git/sgabios.git) registered for path 'roms/sgabios' Submodule 'roms/skiboot' (https://git.qemu.org/git/skiboot.git) registered for path 'roms/skiboot' Submodule 'roms/u-boot' (https://git.qemu.org/git/u-boot.git) registered for path 'roms/u-boot' Submodule 'roms/u-boot-sam460ex' (https://git.qemu.org/git/u-boot-sam460ex.git) registered for path 'roms/u-boot-sam460ex' Submodule 'slirp' (https://git.qemu.org/git/libslirp.git) registered for path 'slirp' Submodule 'tests/fp/berkeley-softfloat-3' (https://git.qemu.org/git/berkeley-softfloat-3.git) registered for path 'tests/fp/berkeley-softfloat-3' Submodule 'tests/fp/berkeley-testfloat-3' (https://git.qemu.org/git/berkeley-testfloat-3.git) registered for path 'tests/fp/berkeley-testfloat-3' Submodule 'ui/keycodemapdb' (https://git.qemu.org/git/keycodemapdb.git) registered for path 'ui/keycodemapdb' Cloning into 'capstone'... Submodule path 'capstone': checked out '22ead3e0bfdb87516656453336160e0a37b066bf' Cloning into 'dtc'... Submodule path 'dtc': checked out '88f18909db731a627456f26d779445f84e449536' Cloning into 'roms/QemuMacDrivers'... Submodule path 'roms/QemuMacDrivers': checked out '90c488d5f4a407342247b9ea869df1c2d9c8e266' Cloning into 'roms/SLOF'... Submodule path 'roms/SLOF': checked out 'ba1ab360eebe6338bb8d7d83a9220ccf7e213af3' Cloning into 'roms/edk2'... Submodule path 'roms/edk2': checked out '20d2e5a125e34fc8501026613a71549b2a1a3e54' Submodule 'SoftFloat' (https://github.com/ucb-bar/berkeley-softfloat-3.git) registered for path 'ArmPkg/Library/ArmSoftFloatLib/berkeley-softfloat-3' Submodule 'CryptoPkg/Library/OpensslLib/openssl' (https://github.com/openssl/openssl) registered for path 'CryptoPkg/Library/OpensslLib/openssl' Cloning into 'ArmPkg/Library/ArmSoftFloatLib/berkeley-softfloat-3'... Submodule path 'roms/edk2/ArmPkg/Library/ArmSoftFloatLib/berkeley-softfloat-3': checked out 'b64af41c3276f97f0e181920400ee056b9c88037' Cloning into 'CryptoPkg/Library/OpensslLib/openssl'... Submodule path 'roms/edk2/CryptoPkg/Library/OpensslLib/openssl': checked out '50eaac9f3337667259de725451f201e784599687' Submodule 'boringssl' (https://boringssl.googlesource.com/boringssl) registered for path 'boringssl' Submodule 'krb5' (https://github.com/krb5/krb5) registered for path 'krb5' Submodule 'pyca.cryptography' (https://github.com/pyca/cryptography.git) registered for path 'pyca-cryptography' Cloning into 'boringssl'... Submodule path 'roms/edk2/CryptoPkg/Library/OpensslLib/openssl/boringssl': checked out '2070f8ad9151dc8f3a73bffaa146b5e6937a583f' Cloning into 'krb5'... Submodule path 'roms/edk2/CryptoPkg/Library/OpensslLib/openssl/krb5': checked out 'b9ad6c49505c96a088326b62a52568e3484f2168' Cloning into 'pyca-cryptography'... Submodule path 'roms/edk2/CryptoPkg/Library/OpensslLib/openssl/pyca-cryptography': checked out '09403100de2f6f1cdd0d484dcb8e620f1c335c8f' Cloning into 'roms/ipxe'... Submodule path 'roms/ipxe': checked out 'de4565cbe76ea9f7913a01f331be3ee901bb6e17' Cloning into 'roms/openbios'... Submodule path 'roms/openbios': checked out 'c79e0ecb84f4f1ee3f73f521622e264edd1bf174' Cloning into 'roms/openhackware'... Submodule path 'roms/openhackware': checked out 'c559da7c8eec5e45ef1f67978827af6f0b9546f5' Cloning into 'roms/opensbi'... Submodule path 'roms/opensbi': checked out 'ce228ee0919deb9957192d723eecc8aaae2697c6' Cloning into 'roms/qemu-palcode'... Submodule path 'roms/qemu-palcode': checked out 'bf0e13698872450164fa7040da36a95d2d4b326f' Cloning into 'roms/seabios'... Submodule path 'roms/seabios': checked out 'a5cab58e9a3fb6e168aba919c5669bea406573b4' Cloning into 'roms/seabios-hppa'... Submodule path 'roms/seabios-hppa': checked out '0f4fe84658165e96ce35870fd19fc634e182e77b' Cloning into 'roms/sgabios'... Submodule path 'roms/sgabios': checked out 'cbaee52287e5f32373181cff50a00b6c4ac9015a' Cloning into 'roms/skiboot'... Submodule path 'roms/skiboot': checked out '261ca8e779e5138869a45f174caa49be6a274501' Cloning into 'roms/u-boot'... Submodule path 'roms/u-boot': checked out 'd3689267f92c5956e09cc7d1baa4700141662bff' Cloning into 'roms/u-boot-sam460ex'... Submodule path 'roms/u-boot-sam460ex': checked out '60b3916f33e617a815973c5a6df77055b2e3a588' Cloning into 'slirp'... Submodule path 'slirp': checked out 'f0da6726207b740f6101028b2992f918477a4b08' Cloning into 'tests/fp/berkeley-softfloat-3'... Submodule path 'tests/fp/berkeley-softfloat-3': checked out 'b64af41c3276f97f0e181920400ee056b9c88037' Cloning into 'tests/fp/berkeley-testfloat-3'... Submodule path 'tests/fp/berkeley-testfloat-3': checked out '5a59dcec19327396a011a17fd924aed4fec416b3' Cloning into 'ui/keycodemapdb'... Submodule path 'ui/keycodemapdb': checked out '6b3d716e2b6472eb7189d3220552280ef3d832ce' Switched to a new branch 'test' 4c6f68c fuzz: Add documentation about the fuzzer to docs/ 0c31cb1 fuzz: Add virtio-net tx and ctrl fuzz targets 01a57b5 fuzz: add general qtest fuzz target 213ed5a fuzz: add general fuzzer entrypoints 7022925 fuzz: add fuzz accelerator type 2ce2166 fuzz: hard-code a main-loop timeout 6c53625 fuzz: add ctrl vq support to virtio-net in libqos 7022ef2 fuzz: hard-code all of the needed files for build 4963c01 fuzz: add direct send/receive in qtest client ee10a51 fuzz: expose real_main (aka regular vl.c:main) e1ccf13 fuzz: use mtree_info to find mapped addresses 7bb630b fuzz: add shims to intercept libfuzzer init a6a24b4 fuzz: Modify libqtest to directly invoke qtest.c 8ffe410 fuzz: Add ramfile for fast vmstate/vmload abdb33d fuzz: expose qemu_savevm_state & skip state header 5dedcc7 fuzz: Add qos support to fuzz targets b2fb746 fuzz: add fuzz accelerator 04e48ac fuzz: add FUZZ_TARGET type to qemu module system c7cb281 fuzz: add configure option and linker objects === OUTPUT BEGIN === 1/19 Checking commit c7cb2811d47f (fuzz: add configure option and linker objects) ERROR: trailing whitespace #69: FILE: target/i386/Makefile.objs:27: +obj-$(CONFIG_FUZZ) += ../../tests/fuzz/virtio-net-fuzz.o $ ERROR: trailing whitespace #72: FILE: target/i386/Makefile.objs:30: +obj-$(CONFIG_FUZZ) += ../../tests/libqos/qgraph.o ../../tests/libqos/libqos.o $ total: 2 errors, 0 warnings, 59 lines checked Patch 1/19 has style problems, please review. If any of these errors are false positives report them to the maintainer, see CHECKPATCH in MAINTAINERS. 2/19 Checking commit 04e48acd61bb (fuzz: add FUZZ_TARGET type to qemu module system) WARNING: line over 80 characters #30: FILE: include/qemu/module.h:63: +#define fuzz_target_init(function) module_init(function, MODULE_INIT_FUZZ_TARGET) total: 0 errors, 1 warnings, 19 lines checked Patch 2/19 has style problems, please review. If any of these errors are false positives report them to the maintainer, see CHECKPATCH in MAINTAINERS. 3/19 Checking commit b2fb746fe6ca (fuzz: add fuzz accelerator) WARNING: line over 80 characters #24: FILE: include/sysemu/qtest.h:28: +void qtest_init_server(const char *qtest_chrdev, const char *qtest_log, Error **errp); total: 0 errors, 1 warnings, 13 lines checked Patch 3/19 has style problems, please review. If any of these errors are false positives report them to the maintainer, see CHECKPATCH in MAINTAINERS. 4/19 Checking commit 5dedcc715012 (fuzz: Add qos support to fuzz targets) WARNING: added, moved or deleted file(s), does MAINTAINERS need updating? #13: new file mode 100644 ERROR: do not initialise globals to 0 or NULL #46: FILE: tests/fuzz/qos_fuzz.c:29: +uint64_t total_io_mem = 0; ERROR: do not initialise globals to 0 or NULL #47: FILE: tests/fuzz/qos_fuzz.c:30: +uint64_t total_ram_mem = 0; ERROR: do not use C99 // comments #50: FILE: tests/fuzz/qos_fuzz.c:33: +//TODO: Put arguments in a neater struct ERROR: "foo* bar" should be "foo *bar" #51: FILE: tests/fuzz/qos_fuzz.c:34: +void fuzz_add_qos_target(const char* name, ERROR: code indent should never use tabs #52: FILE: tests/fuzz/qos_fuzz.c:35: +^I^Iconst char* description,$ ERROR: "foo* bar" should be "foo *bar" #52: FILE: tests/fuzz/qos_fuzz.c:35: + const char* description, ERROR: code indent should never use tabs #53: FILE: tests/fuzz/qos_fuzz.c:36: +^I^Iconst char* interface,$ ERROR: "foo* bar" should be "foo *bar" #53: FILE: tests/fuzz/qos_fuzz.c:36: + const char* interface, ERROR: code indent should never use tabs #54: FILE: tests/fuzz/qos_fuzz.c:37: +^I^IQOSGraphTestOptions* opts,$ ERROR: "foo* bar" should be "foo *bar" #54: FILE: tests/fuzz/qos_fuzz.c:37: + QOSGraphTestOptions* opts, ERROR: code indent should never use tabs #55: FILE: tests/fuzz/qos_fuzz.c:38: +^I^Ivoid(*init_pre_main)(void),$ ERROR: code indent should never use tabs #56: FILE: tests/fuzz/qos_fuzz.c:39: +^I^Ivoid(*init_pre_save)(void),$ ERROR: code indent should never use tabs #57: FILE: tests/fuzz/qos_fuzz.c:40: +^I^Ivoid(*save_state)(void),$ ERROR: code indent should never use tabs #58: FILE: tests/fuzz/qos_fuzz.c:41: +^I^Ivoid(*reset)(void),$ ERROR: code indent should never use tabs #59: FILE: tests/fuzz/qos_fuzz.c:42: +^I^Ivoid(*pre_fuzz)(void),$ ERROR: code indent should never use tabs #60: FILE: tests/fuzz/qos_fuzz.c:43: +^I^Ivoid(*fuzz)(const unsigned char*, size_t),$ ERROR: code indent should never use tabs #61: FILE: tests/fuzz/qos_fuzz.c:44: +^I^Ivoid(*post_fuzz)(void))$ ERROR: code indent should never use tabs #63: FILE: tests/fuzz/qos_fuzz.c:46: +^Iqos_add_test(name, interface, NULL, opts);$ ERROR: code indent should never use tabs #64: FILE: tests/fuzz/qos_fuzz.c:47: +^Ifuzz_add_target(name, description, init_pre_main, init_pre_save,$ ERROR: line over 90 characters #65: FILE: tests/fuzz/qos_fuzz.c:48: + save_state, reset, pre_fuzz, fuzz, post_fuzz, &qos_argc, &qos_argv); ERROR: code indent should never use tabs #65: FILE: tests/fuzz/qos_fuzz.c:48: +^I^I^Isave_state, reset, pre_fuzz, fuzz, post_fuzz, &qos_argc, &qos_argv);$ ERROR: do not use C99 // comments #69: FILE: tests/fuzz/qos_fuzz.c:52: +// Do what is normally done in qos_test.c:main ERROR: code indent should never use tabs #71: FILE: tests/fuzz/qos_fuzz.c:54: +^Iqtest_setup();$ ERROR: code indent should never use tabs #72: FILE: tests/fuzz/qos_fuzz.c:55: +^Iqos_set_machines_devices_available();$ ERROR: code indent should never use tabs #73: FILE: tests/fuzz/qos_fuzz.c:56: +^Iqos_graph_foreach_test_path(walk_path);$ ERROR: code indent should never use tabs #74: FILE: tests/fuzz/qos_fuzz.c:57: +^Iqos_build_main_args();$ ERROR: code indent should never use tabs #79: FILE: tests/fuzz/qos_fuzz.c:62: +^Iqos_obj = qos_allocate_objects(global_qtest, &qos_alloc);$ ERROR: "foo* bar" should be "foo *bar" #98: FILE: tests/fuzz/qos_fuzz.h:12: +extern void* qos_obj; ERROR: "foo* bar" should be "foo *bar" #102: FILE: tests/fuzz/qos_fuzz.h:16: +void fuzz_add_qos_target(const char* name, ERROR: code indent should never use tabs #103: FILE: tests/fuzz/qos_fuzz.h:17: +^I^Iconst char* description,$ ERROR: "foo* bar" should be "foo *bar" #103: FILE: tests/fuzz/qos_fuzz.h:17: + const char* description, ERROR: code indent should never use tabs #104: FILE: tests/fuzz/qos_fuzz.h:18: +^I^Iconst char* interface,$ ERROR: "foo* bar" should be "foo *bar" #104: FILE: tests/fuzz/qos_fuzz.h:18: + const char* interface, ERROR: code indent should never use tabs #105: FILE: tests/fuzz/qos_fuzz.h:19: +^I^IQOSGraphTestOptions* opts,$ ERROR: "foo* bar" should be "foo *bar" #105: FILE: tests/fuzz/qos_fuzz.h:19: + QOSGraphTestOptions* opts, ERROR: code indent should never use tabs #106: FILE: tests/fuzz/qos_fuzz.h:20: +^I^Ivoid(*init_pre_main)(void),$ ERROR: code indent should never use tabs #107: FILE: tests/fuzz/qos_fuzz.h:21: +^I^Ivoid(*init_pre_save)(void),$ ERROR: code indent should never use tabs #108: FILE: tests/fuzz/qos_fuzz.h:22: +^I^Ivoid(*save_state)(void),$ ERROR: code indent should never use tabs #109: FILE: tests/fuzz/qos_fuzz.h:23: +^I^Ivoid(*reset)(void),$ ERROR: code indent should never use tabs #110: FILE: tests/fuzz/qos_fuzz.h:24: +^I^Ivoid(*pre_fuzz)(void),$ ERROR: code indent should never use tabs #111: FILE: tests/fuzz/qos_fuzz.h:25: +^I^Ivoid(*fuzz)(const unsigned char*, size_t),$ ERROR: code indent should never use tabs #112: FILE: tests/fuzz/qos_fuzz.h:26: +^I^Ivoid(*post_fuzz)(void));$ ERROR: trailing whitespace #139: FILE: tests/fuzz/qos_helpers.c:18: +/* $ ERROR: trailing whitespace #204: FILE: tests/fuzz/qos_helpers.c:83: + Error *err =NULL; $ ERROR: spaces required around that '=' (ctx:WxV) #204: FILE: tests/fuzz/qos_helpers.c:83: + Error *err =NULL; ^ ERROR: space required after that ',' (ctx:VxO) #206: FILE: tests/fuzz/qos_helpers.c:85: + qmp_marshal_query_machines(NULL,&response, &err); ^ ERROR: space required before that '&' (ctx:OxV) #206: FILE: tests/fuzz/qos_helpers.c:85: + qmp_marshal_query_machines(NULL,&response, &err); ^ ERROR: space prohibited before that close parenthesis ')' #214: FILE: tests/fuzz/qos_helpers.c:93: + qdict_put_str(req, "execute", "qom-list-types" ); ERROR: space prohibited before that close parenthesis ')' #215: FILE: tests/fuzz/qos_helpers.c:94: + qdict_put_str(args, "implements", "device" ); ERROR: "(foo*)" should be "(foo *)" #217: FILE: tests/fuzz/qos_helpers.c:96: + qdict_put_obj(req, "arguments", (QObject*) args); ERROR: switch and case should be at the same indent #276: FILE: tests/fuzz/qos_helpers.c:155: + switch (qos_graph_edge_get_type(edge)) { + case QEDGE_PRODUCES: [...] + case QEDGE_CONSUMED_BY: [...] + case QEDGE_CONTAINS: ERROR: "foo* bar" should be "foo *bar" #295: FILE: tests/fuzz/qos_helpers.c:174: +void* qos_obj; ERROR: line over 90 characters #317: FILE: tests/fuzz/qos_helpers.c:196: + g_string_prepend(cmd_line, "qemu-system-i386 -display none -machine accel=fuzz -m 3 "); ERROR: space prohibited between function name and open parenthesis '(' #319: FILE: tests/fuzz/qos_helpers.c:198: + wordexp (cmd_line->str, &result, 0); WARNING: line over 80 characters #332: FILE: tests/fuzz/qos_helpers.c:211: + /* etype set to QEDGE_CONSUMED_BY so that machine can add to the command line */ WARNING: Block comments use a leading /* on a separate line #393: FILE: tests/fuzz/qos_helpers.c:272: + /* here position 0 has <arch>/<machine>, position 1 has <machine>. ERROR: do not use C99 // comments #398: FILE: tests/fuzz/qos_helpers.c:277: + // Check that this is the test we care about: ERROR: spaces required around that '+' (ctx:VxV) #399: FILE: tests/fuzz/qos_helpers.c:278: + char *test_name = strrchr(path_str, '/')+1; ^ ERROR: that open brace { should be on the previous line #400: FILE: tests/fuzz/qos_helpers.c:279: + if(strcmp(test_name, fuzz_target->name->str) == 0) + { ERROR: space required before the open parenthesis '(' #400: FILE: tests/fuzz/qos_helpers.c:279: + if(strcmp(test_name, fuzz_target->name->str) == 0) WARNING: Block comments use a leading /* on a separate line #402: FILE: tests/fuzz/qos_helpers.c:281: + /* put arch/machine in position 1 so run_one_test can do its work ERROR: line over 90 characters #407: FILE: tests/fuzz/qos_helpers.c:286: + printf("path_str: %s path_vec[0]: %s [1]: %s\n", path_str, path_vec[0], path_vec[1]); ERROR: trailing whitespace #410: FILE: tests/fuzz/qos_helpers.c:289: + } $ ERROR: else should follow close brace '}' #411: FILE: tests/fuzz/qos_helpers.c:290: + } + else { total: 61 errors, 4 warnings, 404 lines checked Patch 4/19 has style problems, please review. If any of these errors are false positives report them to the maintainer, see CHECKPATCH in MAINTAINERS. 5/19 Checking commit abdb33d4e984 (fuzz: expose qemu_savevm_state & skip state header) 6/19 Checking commit 8ffe41081f28 (fuzz: Add ramfile for fast vmstate/vmload) WARNING: added, moved or deleted file(s), does MAINTAINERS need updating? #14: new file mode 100644 WARNING: line over 80 characters #20: FILE: tests/fuzz/ramfile.c:2: + * ===================================================================================== WARNING: line over 80 characters #24: FILE: tests/fuzz/ramfile.c:6: + * Description: QEMUFile stored in dynamically allocated RAM for fast VMRestore ERROR: trailing whitespace #27: FILE: tests/fuzz/ramfile.c:9: + * Organization: $ WARNING: line over 80 characters #29: FILE: tests/fuzz/ramfile.c:11: + * ===================================================================================== WARNING: Block comments use a leading /* on a separate line #52: FILE: tests/fuzz/ramfile.c:34: + int64_t pos; /* start of buffer when writing, end of buffer WARNING: Block comments use * on subsequent lines #53: FILE: tests/fuzz/ramfile.c:35: + int64_t pos; /* start of buffer when writing, end of buffer + when reading */ WARNING: Block comments use a trailing */ on a separate line #53: FILE: tests/fuzz/ramfile.c:35: + when reading */ ERROR: code indent should never use tabs #68: FILE: tests/fuzz/ramfile.c:50: +^Iram_disk *rd = (ram_disk*)opaque;$ ERROR: "(foo*)" should be "(foo *)" #68: FILE: tests/fuzz/ramfile.c:50: + ram_disk *rd = (ram_disk*)opaque; ERROR: code indent should never use tabs #69: FILE: tests/fuzz/ramfile.c:51: +^Igsize newsize;$ ERROR: code indent should never use tabs #70: FILE: tests/fuzz/ramfile.c:52: +^Issize_t total_size = 0;$ ERROR: code indent should never use tabs #71: FILE: tests/fuzz/ramfile.c:53: +^Iint i;$ ERROR: code indent should never use tabs #72: FILE: tests/fuzz/ramfile.c:54: +^Iif(!rd->base) {$ ERROR: space required before the open parenthesis '(' #72: FILE: tests/fuzz/ramfile.c:54: + if(!rd->base) { ERROR: code indent should never use tabs #73: FILE: tests/fuzz/ramfile.c:55: +^I^Ird->base = g_malloc(INCREMENT);$ ERROR: code indent should never use tabs #74: FILE: tests/fuzz/ramfile.c:56: +^I^Ird->len = INCREMENT;$ ERROR: code indent should never use tabs #75: FILE: tests/fuzz/ramfile.c:57: +^I}$ ERROR: code indent should never use tabs #76: FILE: tests/fuzz/ramfile.c:58: +^Ifor(i = 0; i< iovcnt; i++)$ ERROR: that open brace { should be on the previous line #76: FILE: tests/fuzz/ramfile.c:58: + for(i = 0; i< iovcnt; i++) + { ERROR: spaces required around that '<' (ctx:VxW) #76: FILE: tests/fuzz/ramfile.c:58: + for(i = 0; i< iovcnt; i++) ^ ERROR: space required before the open parenthesis '(' #76: FILE: tests/fuzz/ramfile.c:58: + for(i = 0; i< iovcnt; i++) ERROR: code indent should never use tabs #77: FILE: tests/fuzz/ramfile.c:59: +^I{$ ERROR: code indent should never use tabs #78: FILE: tests/fuzz/ramfile.c:60: +^I^Iif(pos+iov[i].iov_len >= rd->len ){$ ERROR: spaces required around that '+' (ctx:VxV) #78: FILE: tests/fuzz/ramfile.c:60: + if(pos+iov[i].iov_len >= rd->len ){ ^ ERROR: space required before the open brace '{' #78: FILE: tests/fuzz/ramfile.c:60: + if(pos+iov[i].iov_len >= rd->len ){ ERROR: space prohibited before that close parenthesis ')' #78: FILE: tests/fuzz/ramfile.c:60: + if(pos+iov[i].iov_len >= rd->len ){ ERROR: space required before the open parenthesis '(' #78: FILE: tests/fuzz/ramfile.c:60: + if(pos+iov[i].iov_len >= rd->len ){ WARNING: line over 80 characters #79: FILE: tests/fuzz/ramfile.c:61: + newsize = ((pos + iov[i].iov_len)/INCREMENT + 1) * INCREMENT; ERROR: code indent should never use tabs #79: FILE: tests/fuzz/ramfile.c:61: +^I^I^Inewsize = ((pos + iov[i].iov_len)/INCREMENT + 1) * INCREMENT;$ ERROR: spaces required around that '/' (ctx:VxV) #79: FILE: tests/fuzz/ramfile.c:61: + newsize = ((pos + iov[i].iov_len)/INCREMENT + 1) * INCREMENT; ^ ERROR: code indent should never use tabs #80: FILE: tests/fuzz/ramfile.c:62: +^I^I^Ird->base = g_realloc(rd->base, newsize);$ ERROR: code indent should never use tabs #81: FILE: tests/fuzz/ramfile.c:63: +^I^I^Ird->len = newsize;$ ERROR: code indent should never use tabs #82: FILE: tests/fuzz/ramfile.c:64: +^I^I}$ ERROR: code indent should never use tabs #83: FILE: tests/fuzz/ramfile.c:65: +^I^I/* for(int j =0; j<iov[i].iov_len; j++){ */$ ERROR: code indent should never use tabs #84: FILE: tests/fuzz/ramfile.c:66: +^I^I/* ^Iprintf("%hhx",*((char*)iov[i].iov_base+j)); */$ ERROR: code indent should never use tabs #85: FILE: tests/fuzz/ramfile.c:67: +^I^I/* } */$ ERROR: code indent should never use tabs #86: FILE: tests/fuzz/ramfile.c:68: +^I^Imemcpy(rd->base + pos, iov[i].iov_base, iov[i].iov_len);$ ERROR: code indent should never use tabs #87: FILE: tests/fuzz/ramfile.c:69: +^I^Ipos += iov[i].iov_len;$ ERROR: code indent should never use tabs #88: FILE: tests/fuzz/ramfile.c:70: +^I^Itotal_size += iov[i].iov_len;$ ERROR: code indent should never use tabs #89: FILE: tests/fuzz/ramfile.c:71: +^I}$ ERROR: code indent should never use tabs #90: FILE: tests/fuzz/ramfile.c:72: +^Ireturn total_size;$ ERROR: code indent should never use tabs #96: FILE: tests/fuzz/ramfile.c:78: +^Iram_disk *rd = (ram_disk*)opaque;$ ERROR: "(foo*)" should be "(foo *)" #96: FILE: tests/fuzz/ramfile.c:78: + ram_disk *rd = (ram_disk*)opaque; ERROR: code indent should never use tabs #97: FILE: tests/fuzz/ramfile.c:79: +^Iif(pos+size>rd->len){$ ERROR: spaces required around that '+' (ctx:VxV) #97: FILE: tests/fuzz/ramfile.c:79: + if(pos+size>rd->len){ ^ ERROR: spaces required around that '>' (ctx:VxV) #97: FILE: tests/fuzz/ramfile.c:79: + if(pos+size>rd->len){ ^ ERROR: space required before the open brace '{' #97: FILE: tests/fuzz/ramfile.c:79: + if(pos+size>rd->len){ ERROR: space required before the open parenthesis '(' #97: FILE: tests/fuzz/ramfile.c:79: + if(pos+size>rd->len){ ERROR: code indent should never use tabs #98: FILE: tests/fuzz/ramfile.c:80: +^I^Iif(rd->len-pos>=0){$ ERROR: spaces required around that '-' (ctx:VxV) #98: FILE: tests/fuzz/ramfile.c:80: + if(rd->len-pos>=0){ ^ ERROR: spaces required around that '>=' (ctx:VxV) #98: FILE: tests/fuzz/ramfile.c:80: + if(rd->len-pos>=0){ ^ ERROR: space required before the open brace '{' #98: FILE: tests/fuzz/ramfile.c:80: + if(rd->len-pos>=0){ ERROR: space required before the open parenthesis '(' #98: FILE: tests/fuzz/ramfile.c:80: + if(rd->len-pos>=0){ ERROR: code indent should never use tabs #99: FILE: tests/fuzz/ramfile.c:81: +^I^I^Imemcpy(buf, rd->base + pos, rd->len-pos);$ ERROR: spaces required around that '-' (ctx:VxV) #99: FILE: tests/fuzz/ramfile.c:81: + memcpy(buf, rd->base + pos, rd->len-pos); ^ ERROR: code indent should never use tabs #100: FILE: tests/fuzz/ramfile.c:82: +^I^I^Isize = rd->len-pos;$ ERROR: spaces required around that '-' (ctx:VxV) #100: FILE: tests/fuzz/ramfile.c:82: + size = rd->len-pos; ^ ERROR: code indent should never use tabs #101: FILE: tests/fuzz/ramfile.c:83: +^I^I}$ ERROR: code indent should never use tabs #102: FILE: tests/fuzz/ramfile.c:84: +^I}$ ERROR: code indent should never use tabs #103: FILE: tests/fuzz/ramfile.c:85: +^Ielse$ ERROR: else should follow close brace '}' #103: FILE: tests/fuzz/ramfile.c:85: + } + else ERROR: code indent should never use tabs #104: FILE: tests/fuzz/ramfile.c:86: +^I^Imemcpy(buf, rd->base + pos, size);$ ERROR: code indent should never use tabs #105: FILE: tests/fuzz/ramfile.c:87: +^Ireturn size;$ ERROR: code indent should never use tabs #110: FILE: tests/fuzz/ramfile.c:92: +^Ireturn 0;$ ERROR: open brace '{' following function declarations go on the next line #123: FILE: tests/fuzz/ramfile.c:105: +QEMUFile *qemu_fopen_ram(ram_disk **return_rd) { ERROR: code indent should never use tabs #124: FILE: tests/fuzz/ramfile.c:106: +^Iram_disk *rd = g_new0(ram_disk, 1);$ ERROR: code indent should never use tabs #125: FILE: tests/fuzz/ramfile.c:107: +^I*return_rd=rd;$ ERROR: spaces required around that '=' (ctx:VxV) #125: FILE: tests/fuzz/ramfile.c:107: + *return_rd=rd; ^ ERROR: code indent should never use tabs #126: FILE: tests/fuzz/ramfile.c:108: +^Ireturn qemu_fopen_ops(rd, &ram_write_ops);$ ERROR: open brace '{' following function declarations go on the next line #129: FILE: tests/fuzz/ramfile.c:111: +QEMUFile *qemu_fopen_ro_ram(ram_disk* rd) { ERROR: "foo* bar" should be "foo *bar" #133: FILE: tests/fuzz/ramfile.c:115: +void qemu_freopen_ro_ram(QEMUFile* f) { ERROR: open brace '{' following function declarations go on the next line #133: FILE: tests/fuzz/ramfile.c:115: +void qemu_freopen_ro_ram(QEMUFile* f) { ERROR: code indent should never use tabs #134: FILE: tests/fuzz/ramfile.c:116: +^Ivoid *rd = f->opaque;$ ERROR: code indent should never use tabs #135: FILE: tests/fuzz/ramfile.c:117: +^If->bytes_xfer=0;$ ERROR: spaces required around that '=' (ctx:VxV) #135: FILE: tests/fuzz/ramfile.c:117: + f->bytes_xfer=0; ^ ERROR: code indent should never use tabs #136: FILE: tests/fuzz/ramfile.c:118: +^If->xfer_limit=0;$ ERROR: spaces required around that '=' (ctx:VxV) #136: FILE: tests/fuzz/ramfile.c:118: + f->xfer_limit=0; ^ ERROR: code indent should never use tabs #137: FILE: tests/fuzz/ramfile.c:119: +^If->last_error=0;$ ERROR: spaces required around that '=' (ctx:VxV) #137: FILE: tests/fuzz/ramfile.c:119: + f->last_error=0; ^ ERROR: code indent should never use tabs #138: FILE: tests/fuzz/ramfile.c:120: +^If->iovcnt=0;$ ERROR: spaces required around that '=' (ctx:VxV) #138: FILE: tests/fuzz/ramfile.c:120: + f->iovcnt=0; ^ ERROR: code indent should never use tabs #139: FILE: tests/fuzz/ramfile.c:121: +^If->buf_index=0;$ ERROR: spaces required around that '=' (ctx:VxV) #139: FILE: tests/fuzz/ramfile.c:121: + f->buf_index=0; ^ ERROR: code indent should never use tabs #140: FILE: tests/fuzz/ramfile.c:122: +^If->buf_size=0;$ ERROR: spaces required around that '=' (ctx:VxV) #140: FILE: tests/fuzz/ramfile.c:122: + f->buf_size=0; ^ ERROR: code indent should never use tabs #141: FILE: tests/fuzz/ramfile.c:123: +^If->pos=0;$ ERROR: spaces required around that '=' (ctx:VxV) #141: FILE: tests/fuzz/ramfile.c:123: + f->pos=0; ^ ERROR: code indent should never use tabs #142: FILE: tests/fuzz/ramfile.c:124: +^If->ops = &ram_read_ops;$ ERROR: code indent should never use tabs #143: FILE: tests/fuzz/ramfile.c:125: +^If->opaque = rd;$ ERROR: code indent should never use tabs #144: FILE: tests/fuzz/ramfile.c:126: +^Ireturn;$ ERROR: code indent should never use tabs #163: FILE: tests/fuzz/ramfile.h:12: +^Ivoid *base;$ ERROR: code indent should never use tabs #164: FILE: tests/fuzz/ramfile.h:13: +^Igsize len;$ ERROR: "foo* bar" should be "foo *bar" #169: FILE: tests/fuzz/ramfile.h:18: +void qemu_freopen_ro_ram(QEMUFile* f); total: 86 errors, 8 warnings, 147 lines checked Patch 6/19 has style problems, please review. If any of these errors are false positives report them to the maintainer, see CHECKPATCH in MAINTAINERS. 7/19 Checking commit a6a24b4ea5d9 (fuzz: Modify libqtest to directly invoke qtest.c) ERROR: do not use C99 // comments #62: FILE: tests/libqtest.c:403: + // Directly call qtest_process_inbuf in the qtest server ERROR: code indent should never use tabs #64: FILE: tests/libqtest.c:405: +^I/* printf(">>> %s",gstr->str); */$ ERROR: space required before the open brace '{' #113: FILE: tests/libqtest.c:1381: +void qtest_clear_rxbuf(QTestState *s){ ERROR: space required after that ',' (ctx:VxV) #114: FILE: tests/libqtest.c:1382: + g_string_set_size(recv_str,0); ^ ERROR: space required before the open parenthesis '(' #119: FILE: tests/libqtest.c:1387: + if(!recv_str) ERROR: braces {} are necessary for all arms of this statement #119: FILE: tests/libqtest.c:1387: + if(!recv_str) [...] total: 6 errors, 0 warnings, 111 lines checked Patch 7/19 has style problems, please review. If any of these errors are false positives report them to the maintainer, see CHECKPATCH in MAINTAINERS. 8/19 Checking commit 7bb630b8ab1d (fuzz: add shims to intercept libfuzzer init) WARNING: added, moved or deleted file(s), does MAINTAINERS need updating? #15: new file mode 100644 ERROR: "foo* bar" should be "foo *bar" #30: FILE: tests/fuzz/fuzzer_hooks.c:11: +extern void* _ZN6fuzzer3TPCE; ERROR: externs should be avoided in .c files #30: FILE: tests/fuzz/fuzzer_hooks.c:11: +extern void* _ZN6fuzzer3TPCE; ERROR: do not use C99 // comments #31: FILE: tests/fuzz/fuzzer_hooks.c:12: +// The libfuzzer handlers ERROR: externs should be avoided in .c files #32: FILE: tests/fuzz/fuzzer_hooks.c:13: +void __real___sanitizer_cov_8bit_counters_init(uint8_t*, uint8_t*); ERROR: externs should be avoided in .c files #33: FILE: tests/fuzz/fuzzer_hooks.c:14: +void __real___sanitizer_cov_trace_pc_guard_init(uint8_t*, uint8_t*); ERROR: externs should be avoided in .c files #35: FILE: tests/fuzz/fuzzer_hooks.c:16: +void __wrap___sanitizer_cov_8bit_counters_init(uint8_t *Start, uint8_t *Stop); ERROR: externs should be avoided in .c files #36: FILE: tests/fuzz/fuzzer_hooks.c:17: +void __wrap___sanitizer_cov_trace_pc_guard_init(uint8_t *Start, uint8_t *Stop); ERROR: "foo* bar" should be "foo *bar" #39: FILE: tests/fuzz/fuzzer_hooks.c:20: +void* counter_shm; ERROR: "foo* bar" should be "foo *bar" #42: FILE: tests/fuzz/fuzzer_hooks.c:23: + uint8_t* start; ERROR: do not initialise globals to 0 or NULL #48: FILE: tests/fuzz/fuzzer_hooks.c:29: +int region_index = 0; ERROR: spaces required around that '-' (ctx:VxV) #53: FILE: tests/fuzz/fuzzer_hooks.c:34: + regions[region_index].length = Stop-Start; ^ ERROR: spaces required around that '-' (ctx:VxV) #62: FILE: tests/fuzz/fuzzer_hooks.c:43: + regions[region_index++].length = Stop-Start; ^ ERROR: "(foo*)" should be "(foo *)" #71: FILE: tests/fuzz/fuzzer_hooks.c:52: + regions[region_index].start = (uint8_t*)(&_ZN6fuzzer3TPCE); ERROR: trailing whitespace #72: FILE: tests/fuzz/fuzzer_hooks.c:53: + regions[region_index].length = 0x443c00; $ ERROR: trailing whitespace #83: FILE: tests/fuzz/fuzzer_hooks.c:64: + add_tpc_region(); $ ERROR: spaces required around that '=' (ctx:VxV) #86: FILE: tests/fuzz/fuzzer_hooks.c:67: + for(int i=0; i<region_index; i++){ ^ ERROR: spaces required around that '<' (ctx:VxV) #86: FILE: tests/fuzz/fuzzer_hooks.c:67: + for(int i=0; i<region_index; i++){ ^ ERROR: space required before the open brace '{' #86: FILE: tests/fuzz/fuzzer_hooks.c:67: + for(int i=0; i<region_index; i++){ ERROR: space required before the open parenthesis '(' #86: FILE: tests/fuzz/fuzzer_hooks.c:67: + for(int i=0; i<region_index; i++){ ERROR: trailing whitespace #91: FILE: tests/fuzz/fuzzer_hooks.c:72: + /* $ WARNING: Block comments use a trailing */ on a separate line #94: FILE: tests/fuzz/fuzzer_hooks.c:75: + * */ ERROR: trailing whitespace #95: FILE: tests/fuzz/fuzzer_hooks.c:76: + counter_shm = mmap(NULL, length, PROT_READ | PROT_WRITE, $ ERROR: space required before the open parenthesis '(' #97: FILE: tests/fuzz/fuzzer_hooks.c:78: + if(counter_shm == MAP_FAILED) { ERROR: suspicious ; after while (0) #99: FILE: tests/fuzz/fuzzer_hooks.c:80: + do { perror("error:"); exit(EXIT_FAILURE); } while (0); ERROR: spaces required around that '=' (ctx:VxV) #107: FILE: tests/fuzz/fuzzer_hooks.c:88: + for(int i=0; i<region_index; i++) { ^ ERROR: spaces required around that '<' (ctx:VxV) #107: FILE: tests/fuzz/fuzzer_hooks.c:88: + for(int i=0; i<region_index; i++) { ^ ERROR: space required before the open parenthesis '(' #107: FILE: tests/fuzz/fuzzer_hooks.c:88: + for(int i=0; i<region_index; i++) { ERROR: space required before the open parenthesis '(' #108: FILE: tests/fuzz/fuzzer_hooks.c:89: + if(regions[i].store) { ERROR: spaces required around that '+=' (ctx:VxV) #111: FILE: tests/fuzz/fuzzer_hooks.c:92: + offset+=regions[i].length; ^ ERROR: spaces required around that '=' (ctx:VxV) #118: FILE: tests/fuzz/fuzzer_hooks.c:99: + for(int i=0; i<region_index; i++) { ^ ERROR: spaces required around that '<' (ctx:VxV) #118: FILE: tests/fuzz/fuzzer_hooks.c:99: + for(int i=0; i<region_index; i++) { ^ ERROR: space required before the open parenthesis '(' #118: FILE: tests/fuzz/fuzzer_hooks.c:99: + for(int i=0; i<region_index; i++) { ERROR: space required before the open parenthesis '(' #119: FILE: tests/fuzz/fuzzer_hooks.c:100: + if(regions[i].store) { ERROR: spaces required around that '+=' (ctx:VxV) #122: FILE: tests/fuzz/fuzzer_hooks.c:103: + offset+=regions[i].length; ^ total: 33 errors, 2 warnings, 115 lines checked Patch 8/19 has style problems, please review. If any of these errors are false positives report them to the maintainer, see CHECKPATCH in MAINTAINERS. 9/19 Checking commit e1ccf1346499 (fuzz: use mtree_info to find mapped addresses) ERROR: spaces required around that '=' (ctx:VxV) #35: FILE: memory.c:3025: + bool io=false; ^ ERROR: space required after that ',' (ctx:VxV) #45: FILE: memory.c:3035: + if(strcmp("I/O",as->name) == 0) ^ ERROR: space required before the open parenthesis '(' #45: FILE: memory.c:3035: + if(strcmp("I/O",as->name) == 0) ERROR: braces {} are necessary for all arms of this statement #45: FILE: memory.c:3035: + if(strcmp("I/O",as->name) == 0) [...] ERROR: line over 90 characters #56: FILE: memory.c:3079: + if(strcmp("i/o", memory_region_type(mr))==0 && strcmp("io", memory_region_name(mr))){ ERROR: spaces required around that '==' (ctx:VxV) #56: FILE: memory.c:3079: + if(strcmp("i/o", memory_region_type(mr))==0 && strcmp("io", memory_region_name(mr))){ ^ ERROR: space required before the open brace '{' #56: FILE: memory.c:3079: + if(strcmp("i/o", memory_region_type(mr))==0 && strcmp("io", memory_region_name(mr))){ ERROR: space required before the open parenthesis '(' #56: FILE: memory.c:3079: + if(strcmp("i/o", memory_region_type(mr))==0 && strcmp("io", memory_region_name(mr))){ ERROR: that open brace { should be on the previous line #58: FILE: memory.c:3081: + if(!fuzz_memory_region_head) + { ERROR: space required before the open parenthesis '(' #58: FILE: memory.c:3081: + if(!fuzz_memory_region_head) ERROR: space required before the open brace '{' #69: FILE: memory.c:3092: + if(io == true){ ERROR: space required before the open parenthesis '(' #69: FILE: memory.c:3092: + if(io == true){ ERROR: spaces required around that '+' (ctx:VxV) #70: FILE: memory.c:3093: + total_io_mem += MR_SIZE(range->addr.size)+1; ^ ERROR: spaces required around that '+' (ctx:VxV) #72: FILE: memory.c:3095: + total_ram_mem += MR_SIZE(range->addr.size)+1; ^ total: 14 errors, 0 warnings, 58 lines checked Patch 9/19 has style problems, please review. If any of these errors are false positives report them to the maintainer, see CHECKPATCH in MAINTAINERS. 10/19 Checking commit ee10a51fdc62 (fuzz: expose real_main (aka regular vl.c:main)) ERROR: do not use C99 // comments #59: FILE: vl.c:2913: +#ifndef CONFIG_FUZZ // QOM is already set up by the fuzzer. ERROR: do not use C99 // comments #69: FILE: vl.c:4208: +#ifndef CONFIG_FUZZ // Already set up by the fuzzer WARNING: Block comments should align the * on each line #84: FILE: vl.c:4487: + * main_loop +*/ total: 2 errors, 1 warnings, 66 lines checked Patch 10/19 has style problems, please review. If any of these errors are false positives report them to the maintainer, see CHECKPATCH in MAINTAINERS. 11/19 Checking commit 4963c0131266 (fuzz: add direct send/receive in qtest client) WARNING: line over 80 characters #47: FILE: qtest.c:759: +void qtest_init_server(const char *qtest_chrdev, const char *qtest_log, Error **errp) total: 0 errors, 1 warnings, 45 lines checked Patch 11/19 has style problems, please review. If any of these errors are false positives report them to the maintainer, see CHECKPATCH in MAINTAINERS. 12/19 Checking commit 7022ef279174 (fuzz: hard-code all of the needed files for build) 13/19 Checking commit 6c53625dd9b9 (fuzz: add ctrl vq support to virtio-net in libqos) 14/19 Checking commit 2ce2166577b7 (fuzz: hard-code a main-loop timeout) 15/19 Checking commit 70229253c8a4 (fuzz: add fuzz accelerator type) WARNING: added, moved or deleted file(s), does MAINTAINERS need updating? #11: new file mode 100644 ERROR: open brace '{' following function declarations go on the next line #26: FILE: accel/fuzz.c:11: +static void fuzz_setup_post(MachineState *ms, AccelState *accel) { ERROR: code indent should never use tabs #44: FILE: accel/fuzz.c:29: +^Iac->setup_post = fuzz_setup_post;$ total: 2 errors, 1 warnings, 62 lines checked Patch 15/19 has style problems, please review. If any of these errors are false positives report them to the maintainer, see CHECKPATCH in MAINTAINERS. 16/19 Checking commit 213ed5ab99a4 (fuzz: add general fuzzer entrypoints) WARNING: added, moved or deleted file(s), does MAINTAINERS need updating? #13: new file mode 100644 ERROR: trailing whitespace #41: FILE: tests/fuzz/fuzz.c:24: +ram_disk *rd; $ ERROR: "foo* bar" should be "foo *bar" #44: FILE: tests/fuzz/fuzz.c:27: +FuzzTargetList* fuzz_target_list; ERROR: do not initialise globals to 0 or NULL #46: FILE: tests/fuzz/fuzz.c:29: +uint64_t total_mr_size = 0; ERROR: do not initialise globals to 0 or NULL #47: FILE: tests/fuzz/fuzz.c:30: +uint64_t mr_index = 0; ERROR: "foo* bar" should be "foo *bar" #49: FILE: tests/fuzz/fuzz.c:32: +const MemoryRegion* mrs[1000]; ERROR: do not use C99 // comments #52: FILE: tests/fuzz/fuzz.c:35: +// Save just the VMStateDescriptors ERROR: do not use C99 // comments #62: FILE: tests/fuzz/fuzz.c:45: +// Save the entire vm state including RAM ERROR: trailing whitespace #63: FILE: tests/fuzz/fuzz.c:46: +void save_vm_state(void) $ ERROR: space required before the open brace '{' #85: FILE: tests/fuzz/fuzz.c:68: + if (ret < 0){ ERROR: space required before the open brace '{' #100: FILE: tests/fuzz/fuzz.c:83: + if (ret < 0){ ERROR: "foo* bar" should be "foo *bar" #114: FILE: tests/fuzz/fuzz.c:97: +void fuzz_add_target(const char* name, ERROR: "foo* bar" should be "foo *bar" #115: FILE: tests/fuzz/fuzz.c:98: + const char* description, ERROR: "foo* bar" should be "foo *bar" #123: FILE: tests/fuzz/fuzz.c:106: + int* main_argc, ERROR: "foo*** bar" should be "foo ***bar" #124: FILE: tests/fuzz/fuzz.c:107: + char*** main_argv) ERROR: space required before the open parenthesis '(' #129: FILE: tests/fuzz/fuzz.c:112: + if(!fuzz_target_list) ERROR: braces {} are necessary for all arms of this statement #129: FILE: tests/fuzz/fuzz.c:112: + if(!fuzz_target_list) [...] WARNING: line over 80 characters #134: FILE: tests/fuzz/fuzz.c:117: + fprintf(stderr, "Error: Fuzz target name %s already in use\n", name); ERROR: "foo* bar" should be "foo *bar" #154: FILE: tests/fuzz/fuzz.c:137: +FuzzTarget* fuzz_get_target(char* name) ERROR: "foo* bar" should be "foo *bar" #156: FILE: tests/fuzz/fuzz.c:139: + FuzzTarget* tmp; ERROR: space required before the open brace '{' #157: FILE: tests/fuzz/fuzz.c:140: + if(!fuzz_target_list){ ERROR: space required before the open parenthesis '(' #157: FILE: tests/fuzz/fuzz.c:140: + if(!fuzz_target_list){ ERROR: "foo* bar" should be "foo *bar" #170: FILE: tests/fuzz/fuzz.c:153: +FuzzTarget* fuzz_target; ERROR: "foo* bar" should be "foo *bar" #178: FILE: tests/fuzz/fuzz.c:161: + FuzzTarget* tmp; ERROR: space required before the open brace '{' #179: FILE: tests/fuzz/fuzz.c:162: + if(!fuzz_target_list){ ERROR: space required before the open parenthesis '(' #179: FILE: tests/fuzz/fuzz.c:162: + if(!fuzz_target_list){ ERROR: do not use C99 // comments #191: FILE: tests/fuzz/fuzz.c:174: +// TODO: Replace this with QEMU's built-in linked list ERROR: space required before the open brace '{' #205: FILE: tests/fuzz/fuzz.c:188: + while(true){ ERROR: space required before the open parenthesis '(' #205: FILE: tests/fuzz/fuzz.c:188: + while(true){ ERROR: space required before the open parenthesis '(' #207: FILE: tests/fuzz/fuzz.c:190: + if(fmr == fuzz_memory_region_head) ERROR: braces {} are necessary for all arms of this statement #207: FILE: tests/fuzz/fuzz.c:190: + if(fmr == fuzz_memory_region_head) [...] ERROR: space required before the open parenthesis '(' #216: FILE: tests/fuzz/fuzz.c:199: + if(fuzz_target->pre_fuzz) ERROR: braces {} are necessary for all arms of this statement #216: FILE: tests/fuzz/fuzz.c:199: + if(fuzz_target->pre_fuzz) [...] ERROR: space required before the open parenthesis '(' #219: FILE: tests/fuzz/fuzz.c:202: + if(fuzz_target->fuzz) ERROR: braces {} are necessary for all arms of this statement #219: FILE: tests/fuzz/fuzz.c:202: + if(fuzz_target->fuzz) [...] ERROR: space required before the open parenthesis '(' #223: FILE: tests/fuzz/fuzz.c:206: + if(fuzz_target->post_fuzz) ERROR: braces {} are necessary for all arms of this statement #223: FILE: tests/fuzz/fuzz.c:206: + if(fuzz_target->post_fuzz) [...] ERROR: space required before the open parenthesis '(' #227: FILE: tests/fuzz/fuzz.c:210: + if(fuzz_target->reset) ERROR: braces {} are necessary for all arms of this statement #227: FILE: tests/fuzz/fuzz.c:210: + if(fuzz_target->reset) [...] ERROR: do not use C99 // comments #239: FILE: tests/fuzz/fuzz.c:222: + // Initialize qgraph and modules ERROR: space required before the open parenthesis '(' #245: FILE: tests/fuzz/fuzz.c:228: + if(*argc <= 1) ERROR: braces {} are necessary for all arms of this statement #245: FILE: tests/fuzz/fuzz.c:228: + if(*argc <= 1) [...] ERROR: spaces required around that '+=' (ctx:VxV) #251: FILE: tests/fuzz/fuzz.c:234: + target_name+=2; ^ ERROR: that open brace { should be on the previous line #254: FILE: tests/fuzz/fuzz.c:237: + if(!fuzz_target) + { ERROR: space required before the open parenthesis '(' #254: FILE: tests/fuzz/fuzz.c:237: + if(!fuzz_target) WARNING: line over 80 characters #256: FILE: tests/fuzz/fuzz.c:239: + fprintf(stderr, "Error: Fuzz fuzz_target name %s not found\n", target_name); ERROR: space required before the open parenthesis '(' #260: FILE: tests/fuzz/fuzz.c:243: + if(fuzz_target->init_pre_main) ERROR: braces {} are necessary for all arms of this statement #260: FILE: tests/fuzz/fuzz.c:243: + if(fuzz_target->init_pre_main) [...] ERROR: space required before the open parenthesis '(' #271: FILE: tests/fuzz/fuzz.c:254: + if(fuzz_target->init_pre_save) ERROR: braces {} are necessary for all arms of this statement #271: FILE: tests/fuzz/fuzz.c:254: + if(fuzz_target->init_pre_save) [...] ERROR: space required before the open parenthesis '(' #275: FILE: tests/fuzz/fuzz.c:258: + if(fuzz_target->save_state) ERROR: braces {} are necessary for all arms of this statement #275: FILE: tests/fuzz/fuzz.c:258: + if(fuzz_target->save_state) [...] ERROR: code indent should never use tabs #306: FILE: tests/fuzz/fuzz.h:21: +^IGString* name;$ ERROR: "foo* bar" should be "foo *bar" #306: FILE: tests/fuzz/fuzz.h:21: + GString* name; ERROR: code indent should never use tabs #307: FILE: tests/fuzz/fuzz.h:22: +^IGString* description;$ ERROR: "foo* bar" should be "foo *bar" #307: FILE: tests/fuzz/fuzz.h:22: + GString* description; ERROR: code indent should never use tabs #308: FILE: tests/fuzz/fuzz.h:23: +^Ivoid(*init_pre_main)(void);$ ERROR: code indent should never use tabs #309: FILE: tests/fuzz/fuzz.h:24: +^Ivoid(*init_pre_save)(void);$ ERROR: code indent should never use tabs #310: FILE: tests/fuzz/fuzz.h:25: +^Ivoid(*save_state)(void);$ ERROR: code indent should never use tabs #311: FILE: tests/fuzz/fuzz.h:26: +^Ivoid(*reset)(void);$ ERROR: code indent should never use tabs #312: FILE: tests/fuzz/fuzz.h:27: +^Ivoid(*pre_fuzz)(void);$ ERROR: code indent should never use tabs #313: FILE: tests/fuzz/fuzz.h:28: +^Ivoid(*fuzz)(const unsigned char*, size_t);$ ERROR: code indent should never use tabs #314: FILE: tests/fuzz/fuzz.h:29: +^Ivoid(*post_fuzz)(void);$ ERROR: code indent should never use tabs #315: FILE: tests/fuzz/fuzz.h:30: +^Iint* main_argc;$ ERROR: "foo* bar" should be "foo *bar" #315: FILE: tests/fuzz/fuzz.h:30: + int* main_argc; ERROR: code indent should never use tabs #316: FILE: tests/fuzz/fuzz.h:31: +^Ichar*** main_argv;$ ERROR: "foo*** bar" should be "foo ***bar" #316: FILE: tests/fuzz/fuzz.h:31: + char*** main_argv; ERROR: code indent should never use tabs #317: FILE: tests/fuzz/fuzz.h:32: +^IQSLIST_ENTRY(FuzzTarget) target_list;$ ERROR: "foo* bar" should be "foo *bar" #321: FILE: tests/fuzz/fuzz.h:36: +extern void* _ZN6fuzzer3TPCE; ERROR: "foo* bar" should be "foo *bar" #324: FILE: tests/fuzz/fuzz.h:39: +extern void* __prof_nms_sect_data; ERROR: "foo* bar" should be "foo *bar" #325: FILE: tests/fuzz/fuzz.h:40: +extern void* __prof_vnodes_sect_data; ERROR: space prohibited after that open parenthesis '(' #328: FILE: tests/fuzz/fuzz.h:43: +#define PROFILE_SIZE ( &__prof_vnodes_sect_data - &__prof_nms_sect_data) ERROR: "foo* bar" should be "foo *bar" #348: FILE: tests/fuzz/fuzz.h:63: +FuzzTarget* fuzz_get_target(char* name); ERROR: "foo* bar" should be "foo *bar" #350: FILE: tests/fuzz/fuzz.h:65: +extern FuzzTarget* fuzz_target; ERROR: code indent should never use tabs #353: FILE: tests/fuzz/fuzz.h:68: +^Ibool io;$ ERROR: code indent should never use tabs #354: FILE: tests/fuzz/fuzz.h:69: +^Iuint64_t start;$ ERROR: code indent should never use tabs #355: FILE: tests/fuzz/fuzz.h:70: +^Iuint64_t length;$ ERROR: code indent should never use tabs #356: FILE: tests/fuzz/fuzz.h:71: +^Istruct fuzz_memory_region* next;$ ERROR: "foo* bar" should be "foo *bar" #356: FILE: tests/fuzz/fuzz.h:71: + struct fuzz_memory_region* next; ERROR: "foo* bar" should be "foo *bar" #365: FILE: tests/fuzz/fuzz.h:80: +void fuzz_add_target(const char* name, ERROR: code indent should never use tabs #366: FILE: tests/fuzz/fuzz.h:81: +^Iconst char* description,$ ERROR: "foo* bar" should be "foo *bar" #366: FILE: tests/fuzz/fuzz.h:81: + const char* description, ERROR: code indent should never use tabs #367: FILE: tests/fuzz/fuzz.h:82: +^Ivoid(*init_pre_main)(void),$ ERROR: code indent should never use tabs #368: FILE: tests/fuzz/fuzz.h:83: +^Ivoid(*init_pre_save)(void),$ ERROR: code indent should never use tabs #369: FILE: tests/fuzz/fuzz.h:84: +^Ivoid(*save_state)(void),$ ERROR: code indent should never use tabs #370: FILE: tests/fuzz/fuzz.h:85: +^Ivoid(*reset)(void),$ ERROR: code indent should never use tabs #371: FILE: tests/fuzz/fuzz.h:86: +^Ivoid(*pre_fuzz)(void),$ ERROR: code indent should never use tabs #372: FILE: tests/fuzz/fuzz.h:87: +^Ivoid(*fuzz)(const unsigned char*, size_t),$ ERROR: code indent should never use tabs #373: FILE: tests/fuzz/fuzz.h:88: +^Ivoid(*post_fuzz)(void),$ ERROR: code indent should never use tabs #374: FILE: tests/fuzz/fuzz.h:89: +^Iint* main_argc,$ ERROR: "foo* bar" should be "foo *bar" #374: FILE: tests/fuzz/fuzz.h:89: + int* main_argc, ERROR: code indent should never use tabs #375: FILE: tests/fuzz/fuzz.h:90: +^Ichar*** main_argv);$ ERROR: "foo*** bar" should be "foo ***bar" #375: FILE: tests/fuzz/fuzz.h:90: + char*** main_argv); total: 90 errors, 3 warnings, 358 lines checked Patch 16/19 has style problems, please review. If any of these errors are false positives report them to the maintainer, see CHECKPATCH in MAINTAINERS. 17/19 Checking commit 01a57b549156 (fuzz: add general qtest fuzz target) WARNING: added, moved or deleted file(s), does MAINTAINERS need updating? #14: new file mode 100644 ERROR: open brace '{' following function declarations go on the next line #39: FILE: tests/fuzz/qtest_fuzz.c:21: +static uint16_t normalize_io_port(uint64_t addr) { ERROR: spaces required around that '%' (ctx:VxV) #40: FILE: tests/fuzz/qtest_fuzz.c:22: + addr = addr%total_io_mem; ^ ERROR: spaces required around that '!=' (ctx:VxV) #42: FILE: tests/fuzz/qtest_fuzz.c:24: + while(addr!=0) { ^ ERROR: space required before the open parenthesis '(' #42: FILE: tests/fuzz/qtest_fuzz.c:24: + while(addr!=0) { ERROR: space required before the open brace '{' #43: FILE: tests/fuzz/qtest_fuzz.c:25: + if(!fmr->io){ ERROR: space required before the open parenthesis '(' #43: FILE: tests/fuzz/qtest_fuzz.c:25: + if(!fmr->io){ ERROR: that open brace { should be on the previous line #47: FILE: tests/fuzz/qtest_fuzz.c:29: + if(addr <= fmr->length) + { ERROR: space required before the open parenthesis '(' #47: FILE: tests/fuzz/qtest_fuzz.c:29: + if(addr <= fmr->length) ERROR: spaces required around that '=' (ctx:VxW) #49: FILE: tests/fuzz/qtest_fuzz.c:31: + addr= fmr->start + addr; ^ ERROR: spaces required around that '+' (ctx:WxV) #52: FILE: tests/fuzz/qtest_fuzz.c:34: + addr -= fmr->length +1; ^ ERROR: spaces required around that '>=' (ctx:VxV) #56: FILE: tests/fuzz/qtest_fuzz.c:38: + if(addr>=0x5655 && addr<=0x565b) ^ ERROR: spaces required around that '<=' (ctx:VxV) #56: FILE: tests/fuzz/qtest_fuzz.c:38: + if(addr>=0x5655 && addr<=0x565b) ^ ERROR: space required before the open parenthesis '(' #56: FILE: tests/fuzz/qtest_fuzz.c:38: + if(addr>=0x5655 && addr<=0x565b) ERROR: braces {} are necessary for all arms of this statement #56: FILE: tests/fuzz/qtest_fuzz.c:38: + if(addr>=0x5655 && addr<=0x565b) [...] ERROR: spaces required around that '>=' (ctx:VxV) #58: FILE: tests/fuzz/qtest_fuzz.c:40: + if(addr>=0x510 && addr<=0x518) ^ ERROR: spaces required around that '<=' (ctx:VxV) #58: FILE: tests/fuzz/qtest_fuzz.c:40: + if(addr>=0x510 && addr<=0x518) ^ ERROR: space required before the open parenthesis '(' #58: FILE: tests/fuzz/qtest_fuzz.c:40: + if(addr>=0x510 && addr<=0x518) ERROR: braces {} are necessary for all arms of this statement #58: FILE: tests/fuzz/qtest_fuzz.c:40: + if(addr>=0x510 && addr<=0x518) [...] ERROR: do not use C99 // comments #60: FILE: tests/fuzz/qtest_fuzz.c:42: + if(addr>=0xae00 && addr<=0xae13) // PCI Hotplug ERROR: spaces required around that '>=' (ctx:VxV) #60: FILE: tests/fuzz/qtest_fuzz.c:42: + if(addr>=0xae00 && addr<=0xae13) // PCI Hotplug ^ ERROR: spaces required around that '<=' (ctx:VxV) #60: FILE: tests/fuzz/qtest_fuzz.c:42: + if(addr>=0xae00 && addr<=0xae13) // PCI Hotplug ^ ERROR: space required before the open parenthesis '(' #60: FILE: tests/fuzz/qtest_fuzz.c:42: + if(addr>=0xae00 && addr<=0xae13) // PCI Hotplug ERROR: trailing statements should be on next line #60: FILE: tests/fuzz/qtest_fuzz.c:42: + if(addr>=0xae00 && addr<=0xae13) // PCI Hotplug ERROR: braces {} are necessary for all arms of this statement #60: FILE: tests/fuzz/qtest_fuzz.c:42: + if(addr>=0xae00 && addr<=0xae13) // PCI Hotplug [...] ERROR: do not use C99 // comments #62: FILE: tests/fuzz/qtest_fuzz.c:44: + if(addr>=0xaf00 && addr<=0xaf1f) // CPU Hotplug ERROR: spaces required around that '>=' (ctx:VxV) #62: FILE: tests/fuzz/qtest_fuzz.c:44: + if(addr>=0xaf00 && addr<=0xaf1f) // CPU Hotplug ^ ERROR: spaces required around that '<=' (ctx:VxV) #62: FILE: tests/fuzz/qtest_fuzz.c:44: + if(addr>=0xaf00 && addr<=0xaf1f) // CPU Hotplug ^ ERROR: space required before the open parenthesis '(' #62: FILE: tests/fuzz/qtest_fuzz.c:44: + if(addr>=0xaf00 && addr<=0xaf1f) // CPU Hotplug ERROR: trailing statements should be on next line #62: FILE: tests/fuzz/qtest_fuzz.c:44: + if(addr>=0xaf00 && addr<=0xaf1f) // CPU Hotplug ERROR: braces {} are necessary for all arms of this statement #62: FILE: tests/fuzz/qtest_fuzz.c:44: + if(addr>=0xaf00 && addr<=0xaf1f) // CPU Hotplug [...] ERROR: open brace '{' following function declarations go on the next line #68: FILE: tests/fuzz/qtest_fuzz.c:50: +static uint16_t normalize_mem_addr(uint64_t addr) { ERROR: spaces required around that '%' (ctx:VxV) #69: FILE: tests/fuzz/qtest_fuzz.c:51: + addr = addr%total_ram_mem; ^ ERROR: spaces required around that '!=' (ctx:VxV) #71: FILE: tests/fuzz/qtest_fuzz.c:53: + while(addr!=0) { ^ ERROR: space required before the open parenthesis '(' #71: FILE: tests/fuzz/qtest_fuzz.c:53: + while(addr!=0) { ERROR: space required before the open brace '{' #72: FILE: tests/fuzz/qtest_fuzz.c:54: + if(fmr->io){ ERROR: space required before the open parenthesis '(' #72: FILE: tests/fuzz/qtest_fuzz.c:54: + if(fmr->io){ ERROR: that open brace { should be on the previous line #76: FILE: tests/fuzz/qtest_fuzz.c:58: + if(addr <= fmr->length) + { ERROR: space required before the open parenthesis '(' #76: FILE: tests/fuzz/qtest_fuzz.c:58: + if(addr <= fmr->length) ERROR: spaces required around that '+' (ctx:WxV) #80: FILE: tests/fuzz/qtest_fuzz.c:62: + addr -= fmr->length +1; ^ ERROR: space required before the open brace '{' #86: FILE: tests/fuzz/qtest_fuzz.c:68: +static void qtest_fuzz(const unsigned char *Data, size_t Size){ ERROR: that open brace { should be on the previous line #92: FILE: tests/fuzz/qtest_fuzz.c:74: + while(pos < Data+Size) + { ERROR: spaces required around that '+' (ctx:VxV) #92: FILE: tests/fuzz/qtest_fuzz.c:74: + while(pos < Data+Size) ^ ERROR: space required before the open parenthesis '(' #92: FILE: tests/fuzz/qtest_fuzz.c:74: + while(pos < Data+Size) ERROR: spaces required around that '%' (ctx:VxV) #95: FILE: tests/fuzz/qtest_fuzz.c:77: + cmd = &commands[(*pos)%(sizeof(commands)/sizeof(qtest_cmd))]; ^ ERROR: spaces required around that '/' (ctx:VxV) #95: FILE: tests/fuzz/qtest_fuzz.c:77: + cmd = &commands[(*pos)%(sizeof(commands)/sizeof(qtest_cmd))]; ^ ERROR: space required before the open brace '{' #98: FILE: tests/fuzz/qtest_fuzz.c:80: + if(strcmp(cmd->name, "clock_step") == 0){ ERROR: space required before the open parenthesis '(' #98: FILE: tests/fuzz/qtest_fuzz.c:80: + if(strcmp(cmd->name, "clock_step") == 0){ ERROR: do not use C99 // comments #99: FILE: tests/fuzz/qtest_fuzz.c:81: + // TODO: This times out ERROR: trailing whitespace #101: FILE: tests/fuzz/qtest_fuzz.c:83: + } $ ERROR: space required before the open parenthesis '(' #102: FILE: tests/fuzz/qtest_fuzz.c:84: + else if(strcmp(cmd->name, "outb") == 0) { ERROR: else should follow close brace '}' #102: FILE: tests/fuzz/qtest_fuzz.c:84: + } + else if(strcmp(cmd->name, "outb") == 0) { ERROR: space required before the open parenthesis '(' #103: FILE: tests/fuzz/qtest_fuzz.c:85: + if(pos + sizeof(uint16_t) + sizeof(uint8_t) < End) { ERROR: "(foo*)" should be "(foo *)" #104: FILE: tests/fuzz/qtest_fuzz.c:86: + uint16_t addr = *(int16_t*)(pos); ERROR: "(foo*)" should be "(foo *)" #106: FILE: tests/fuzz/qtest_fuzz.c:88: + uint8_t val = *(uint16_t*)(pos); ERROR: space required before the open parenthesis '(' #112: FILE: tests/fuzz/qtest_fuzz.c:94: + else if(strcmp(cmd->name, "outw") == 0) { ERROR: else should follow close brace '}' #112: FILE: tests/fuzz/qtest_fuzz.c:94: + } + else if(strcmp(cmd->name, "outw") == 0) { ERROR: space required before the open parenthesis '(' #113: FILE: tests/fuzz/qtest_fuzz.c:95: + if(pos + sizeof(uint16_t) + sizeof(uint16_t) < End) { ERROR: "(foo*)" should be "(foo *)" #114: FILE: tests/fuzz/qtest_fuzz.c:96: + uint16_t addr = *(int16_t*)(pos); ERROR: "(foo*)" should be "(foo *)" #116: FILE: tests/fuzz/qtest_fuzz.c:98: + uint16_t val = *(uint16_t*)(pos); ERROR: space required before the open parenthesis '(' #122: FILE: tests/fuzz/qtest_fuzz.c:104: + else if(strcmp(cmd->name, "outl") == 0) { ERROR: else should follow close brace '}' #122: FILE: tests/fuzz/qtest_fuzz.c:104: + } + else if(strcmp(cmd->name, "outl") == 0) { ERROR: space required before the open parenthesis '(' #123: FILE: tests/fuzz/qtest_fuzz.c:105: + if(pos + sizeof(uint16_t) + sizeof(uint32_t) < End) { ERROR: "(foo*)" should be "(foo *)" #124: FILE: tests/fuzz/qtest_fuzz.c:106: + uint16_t addr = *(int16_t*)(pos); ERROR: "(foo*)" should be "(foo *)" #126: FILE: tests/fuzz/qtest_fuzz.c:108: + uint32_t val = *(uint32_t*)(pos); ERROR: space required before the open parenthesis '(' #132: FILE: tests/fuzz/qtest_fuzz.c:114: + else if(strcmp(cmd->name, "inb") == 0) { ERROR: else should follow close brace '}' #132: FILE: tests/fuzz/qtest_fuzz.c:114: + } + else if(strcmp(cmd->name, "inb") == 0) { ERROR: space required before the open parenthesis '(' #133: FILE: tests/fuzz/qtest_fuzz.c:115: + if(pos + sizeof(uint16_t) < End) { ERROR: "(foo*)" should be "(foo *)" #134: FILE: tests/fuzz/qtest_fuzz.c:116: + uint16_t addr = *(int16_t*)(pos); ERROR: space required before the open parenthesis '(' #140: FILE: tests/fuzz/qtest_fuzz.c:122: + else if(strcmp(cmd->name, "inw") == 0) { ERROR: else should follow close brace '}' #140: FILE: tests/fuzz/qtest_fuzz.c:122: + } + else if(strcmp(cmd->name, "inw") == 0) { ERROR: space required before the open parenthesis '(' #141: FILE: tests/fuzz/qtest_fuzz.c:123: + if(pos + sizeof(uint16_t) < End) { ERROR: "(foo*)" should be "(foo *)" #142: FILE: tests/fuzz/qtest_fuzz.c:124: + uint16_t addr = *(int16_t*)(pos); ERROR: space required before the open parenthesis '(' #148: FILE: tests/fuzz/qtest_fuzz.c:130: + else if(strcmp(cmd->name, "inl") == 0) { ERROR: else should follow close brace '}' #148: FILE: tests/fuzz/qtest_fuzz.c:130: + } + else if(strcmp(cmd->name, "inl") == 0) { ERROR: space required before the open parenthesis '(' #149: FILE: tests/fuzz/qtest_fuzz.c:131: + if(pos + sizeof(uint16_t) < End) { ERROR: "(foo*)" should be "(foo *)" #150: FILE: tests/fuzz/qtest_fuzz.c:132: + uint16_t addr = *(int16_t*)(pos); ERROR: space required before the open parenthesis '(' #156: FILE: tests/fuzz/qtest_fuzz.c:138: + else if(strcmp(cmd->name, "writeb") == 0) { ERROR: else should follow close brace '}' #156: FILE: tests/fuzz/qtest_fuzz.c:138: + } + else if(strcmp(cmd->name, "writeb") == 0) { ERROR: space required before the open parenthesis '(' #157: FILE: tests/fuzz/qtest_fuzz.c:139: + if(pos + sizeof(uint32_t) + sizeof(uint8_t) < End) { ERROR: "(foo*)" should be "(foo *)" #158: FILE: tests/fuzz/qtest_fuzz.c:140: + uint32_t addr = *(int32_t*)(pos); ERROR: "(foo*)" should be "(foo *)" #160: FILE: tests/fuzz/qtest_fuzz.c:142: + uint8_t val = *(uint8_t*)(pos); ERROR: space required before the open parenthesis '(' #166: FILE: tests/fuzz/qtest_fuzz.c:148: + else if(strcmp(cmd->name, "writew") == 0) { ERROR: else should follow close brace '}' #166: FILE: tests/fuzz/qtest_fuzz.c:148: + } + else if(strcmp(cmd->name, "writew") == 0) { ERROR: space required before the open parenthesis '(' #167: FILE: tests/fuzz/qtest_fuzz.c:149: + if(pos + sizeof(uint32_t) + sizeof(uint16_t) < End) { ERROR: "(foo*)" should be "(foo *)" #168: FILE: tests/fuzz/qtest_fuzz.c:150: + uint32_t addr = *(int32_t*)(pos); ERROR: "(foo*)" should be "(foo *)" #170: FILE: tests/fuzz/qtest_fuzz.c:152: + uint16_t val = *(uint16_t*)(pos); ERROR: space required before the open parenthesis '(' #176: FILE: tests/fuzz/qtest_fuzz.c:158: + else if(strcmp(cmd->name, "writel") == 0) { ERROR: else should follow close brace '}' #176: FILE: tests/fuzz/qtest_fuzz.c:158: + } + else if(strcmp(cmd->name, "writel") == 0) { ERROR: space required before the open parenthesis '(' #177: FILE: tests/fuzz/qtest_fuzz.c:159: + if(pos + sizeof(uint32_t) + sizeof(uint32_t) < End) { ERROR: "(foo*)" should be "(foo *)" #178: FILE: tests/fuzz/qtest_fuzz.c:160: + uint32_t addr = *(int32_t*)(pos); ERROR: "(foo*)" should be "(foo *)" #180: FILE: tests/fuzz/qtest_fuzz.c:162: + uint32_t val = *(uint32_t*)(pos); ERROR: space required before the open parenthesis '(' #186: FILE: tests/fuzz/qtest_fuzz.c:168: + else if(strcmp(cmd->name, "readb") == 0) { ERROR: else should follow close brace '}' #186: FILE: tests/fuzz/qtest_fuzz.c:168: + } + else if(strcmp(cmd->name, "readb") == 0) { ERROR: space required before the open parenthesis '(' #187: FILE: tests/fuzz/qtest_fuzz.c:169: + if(pos + sizeof(uint32_t) < End) { ERROR: "(foo*)" should be "(foo *)" #188: FILE: tests/fuzz/qtest_fuzz.c:170: + uint32_t addr = *(int32_t*)(pos); ERROR: space required before the open parenthesis '(' #194: FILE: tests/fuzz/qtest_fuzz.c:176: + else if(strcmp(cmd->name, "readw") == 0) { ERROR: else should follow close brace '}' #194: FILE: tests/fuzz/qtest_fuzz.c:176: + } + else if(strcmp(cmd->name, "readw") == 0) { ERROR: space required before the open parenthesis '(' #195: FILE: tests/fuzz/qtest_fuzz.c:177: + if(pos + sizeof(uint32_t) < End) { ERROR: "(foo*)" should be "(foo *)" #196: FILE: tests/fuzz/qtest_fuzz.c:178: + uint32_t addr = *(int32_t*)(pos); ERROR: space required before the open parenthesis '(' #200: FILE: tests/fuzz/qtest_fuzz.c:182: + else if(strcmp(cmd->name, "readl") == 0) { ERROR: space required before the open parenthesis '(' #201: FILE: tests/fuzz/qtest_fuzz.c:183: + if(pos + sizeof(uint32_t) < End) { ERROR: "(foo*)" should be "(foo *)" #202: FILE: tests/fuzz/qtest_fuzz.c:184: + uint32_t addr = *(int32_t*)(pos); ERROR: space required before the open parenthesis '(' #208: FILE: tests/fuzz/qtest_fuzz.c:190: + else if(strcmp(cmd->name, "write_dma") == 0) { ERROR: else should follow close brace '}' #208: FILE: tests/fuzz/qtest_fuzz.c:190: + } + else if(strcmp(cmd->name, "write_dma") == 0) { ERROR: space required before the open parenthesis '(' #209: FILE: tests/fuzz/qtest_fuzz.c:191: + if(pos + sizeof(uint32_t) + sizeof(uint16_t) < End) { ERROR: "(foo*)" should be "(foo *)" #210: FILE: tests/fuzz/qtest_fuzz.c:192: + uint32_t addr = *(int32_t*)(pos); ERROR: space required before the open parenthesis '(' #217: FILE: tests/fuzz/qtest_fuzz.c:199: + else if(strcmp(cmd->name, "out_dma") == 0) { ERROR: else should follow close brace '}' #217: FILE: tests/fuzz/qtest_fuzz.c:199: + } + else if(strcmp(cmd->name, "out_dma") == 0) { ERROR: space required before the open parenthesis '(' #218: FILE: tests/fuzz/qtest_fuzz.c:200: + if(pos + sizeof(uint16_t) + sizeof(uint16_t) < End) { ERROR: "(foo*)" should be "(foo *)" #219: FILE: tests/fuzz/qtest_fuzz.c:201: + uint16_t addr = *(int16_t*)(pos); ERROR: else should follow close brace '}' #243: FILE: tests/fuzz/qtest_fuzz.c:225: + } + else { ERROR: open brace '{' following function declarations go on the next line #249: FILE: tests/fuzz/qtest_fuzz.c:231: +static void init_fork(void) { ERROR: open brace '{' following function declarations go on the next line #252: FILE: tests/fuzz/qtest_fuzz.c:234: +static void fork_pre_main(void) { ERROR: line over 90 characters #264: FILE: tests/fuzz/qtest_fuzz.c:246: + fuzz_add_qos_target("qtest-fuzz", "fuzz qtest commands and a dma buffer. Reset device state for each run", WARNING: line over 80 characters #265: FILE: tests/fuzz/qtest_fuzz.c:247: + "e1000e", &opts, &qos_setup, &qos_init_path, &save_vm_state, &load_vm_state, ERROR: line over 90 characters #267: FILE: tests/fuzz/qtest_fuzz.c:249: + fuzz_add_qos_target("qtest-fork-fuzz", "fuzz qtest commands and a dma buffer. Use COW/forking to reset state", ERROR: trailing whitespace #271: FILE: tests/fuzz/qtest_fuzz.c:253: + GString *cmd_line = g_string_new("qemu-system-i386 -display none -machine accel=fuzz -m 3"); $ ERROR: line over 90 characters #271: FILE: tests/fuzz/qtest_fuzz.c:253: + GString *cmd_line = g_string_new("qemu-system-i386 -display none -machine accel=fuzz -m 3"); ERROR: space prohibited between function name and open parenthesis '(' #273: FILE: tests/fuzz/qtest_fuzz.c:255: + wordexp (cmd_line->str, &result, 0); ERROR: code indent should never use tabs #290: FILE: tests/fuzz/qtest_fuzz.h:5: +^Ichar name[32];$ ERROR: code indent should never use tabs #291: FILE: tests/fuzz/qtest_fuzz.h:6: +^Iuint8_t size;$ ERROR: trailing whitespace #296: FILE: tests/fuzz/qtest_fuzz.h:11: +static qtest_cmd commands[] = $ ERROR: that open brace { should be on the previous line #297: FILE: tests/fuzz/qtest_fuzz.h:12: +static qtest_cmd commands[] = +{ ERROR: code indent should never use tabs #298: FILE: tests/fuzz/qtest_fuzz.h:13: +^I{"clock_step", 0},$ ERROR: code indent should never use tabs #299: FILE: tests/fuzz/qtest_fuzz.h:14: +^I{"clock_step", 0},$ ERROR: code indent should never use tabs #300: FILE: tests/fuzz/qtest_fuzz.h:15: +^I{"clock_set", 1},$ ERROR: code indent should never use tabs #301: FILE: tests/fuzz/qtest_fuzz.h:16: +^I{"outb", 2},$ ERROR: code indent should never use tabs #302: FILE: tests/fuzz/qtest_fuzz.h:17: +^I{"outw", 2},$ ERROR: code indent should never use tabs #303: FILE: tests/fuzz/qtest_fuzz.h:18: +^I{"outl", 2},$ ERROR: code indent should never use tabs #304: FILE: tests/fuzz/qtest_fuzz.h:19: +^I{"inb", 1},$ ERROR: code indent should never use tabs #305: FILE: tests/fuzz/qtest_fuzz.h:20: +^I{"inw", 1},$ ERROR: code indent should never use tabs #306: FILE: tests/fuzz/qtest_fuzz.h:21: +^I{"inl", 1},$ ERROR: code indent should never use tabs #307: FILE: tests/fuzz/qtest_fuzz.h:22: +^I{"writeb", 2},$ ERROR: code indent should never use tabs #308: FILE: tests/fuzz/qtest_fuzz.h:23: +^I{"writew", 2},$ ERROR: code indent should never use tabs #309: FILE: tests/fuzz/qtest_fuzz.h:24: +^I{"writel", 2},$ ERROR: code indent should never use tabs #310: FILE: tests/fuzz/qtest_fuzz.h:25: +^I{"writeq", 2},$ ERROR: code indent should never use tabs #311: FILE: tests/fuzz/qtest_fuzz.h:26: +^I{"readb", 1},$ ERROR: code indent should never use tabs #312: FILE: tests/fuzz/qtest_fuzz.h:27: +^I{"readw", 1},$ ERROR: code indent should never use tabs #313: FILE: tests/fuzz/qtest_fuzz.h:28: +^I{"readl", 1},$ ERROR: code indent should never use tabs #314: FILE: tests/fuzz/qtest_fuzz.h:29: +^I{"readq", 1},$ ERROR: code indent should never use tabs #315: FILE: tests/fuzz/qtest_fuzz.h:30: +^I{"read", 2},$ ERROR: code indent should never use tabs #316: FILE: tests/fuzz/qtest_fuzz.h:31: +^I{"write", 3},$ ERROR: code indent should never use tabs #317: FILE: tests/fuzz/qtest_fuzz.h:32: +^I{"b64read", 2},$ ERROR: code indent should never use tabs #318: FILE: tests/fuzz/qtest_fuzz.h:33: +^I{"b64write", 10},$ ERROR: code indent should never use tabs #319: FILE: tests/fuzz/qtest_fuzz.h:34: +^I{"memset", 3},$ ERROR: code indent should never use tabs #320: FILE: tests/fuzz/qtest_fuzz.h:35: +^I{"write_dma", 2},$ ERROR: code indent should never use tabs #321: FILE: tests/fuzz/qtest_fuzz.h:36: +^I{"out_dma", 2},$ total: 146 errors, 2 warnings, 299 lines checked Patch 17/19 has style problems, please review. If any of these errors are false positives report them to the maintainer, see CHECKPATCH in MAINTAINERS. 18/19 Checking commit 0c31cb1dde8d (fuzz: Add virtio-net tx and ctrl fuzz targets) WARNING: added, moved or deleted file(s), does MAINTAINERS need updating? #14: new file mode 100644 ERROR: spaces required around that '=' (ctx:WxV) #46: FILE: tests/fuzz/virtio-net-fuzz.c:28: + int reqi =0; ^ ERROR: spaces required around that '=' (ctx:VxV) #55: FILE: tests/fuzz/virtio-net-fuzz.c:37: + int iters=0; ^ ERROR: space required before the open parenthesis '(' #56: FILE: tests/fuzz/virtio-net-fuzz.c:38: + while(true) { ERROR: space required before the open parenthesis '(' #57: FILE: tests/fuzz/virtio-net-fuzz.c:39: + if(Size < sizeof(vqa)) { ERROR: "(foo*)" should be "(foo *)" #60: FILE: tests/fuzz/virtio-net-fuzz.c:42: + vqa = *((vq_action*)Data); ERROR: space required before the open parenthesis '(' #70: FILE: tests/fuzz/virtio-net-fuzz.c:52: + if(iters == 0) ERROR: braces {} are necessary for all arms of this statement #70: FILE: tests/fuzz/virtio-net-fuzz.c:52: + if(iters == 0) [...] + else [...] ERROR: line over 90 characters #71: FILE: tests/fuzz/virtio-net-fuzz.c:53: + free_head = qvirtqueue_add(q, req_addr[reqi], vqa.length, vqa.write , vqa.next) ; WARNING: line over 80 characters #73: FILE: tests/fuzz/virtio-net-fuzz.c:55: + qvirtqueue_add(q, req_addr[reqi], vqa.length, vqa.write , vqa.next) ; ERROR: spaces required around that '==' (ctx:VxV) #76: FILE: tests/fuzz/virtio-net-fuzz.c:58: + if(iters==10) ^ ERROR: space required before the open parenthesis '(' #76: FILE: tests/fuzz/virtio-net-fuzz.c:58: + if(iters==10) ERROR: braces {} are necessary for all arms of this statement #76: FILE: tests/fuzz/virtio-net-fuzz.c:58: + if(iters==10) [...] ERROR: space required before the open brace '{' #81: FILE: tests/fuzz/virtio-net-fuzz.c:63: + if(iters){ ERROR: space required before the open parenthesis '(' #81: FILE: tests/fuzz/virtio-net-fuzz.c:63: + if(iters){ ERROR: spaces required around that '=' (ctx:WxV) #85: FILE: tests/fuzz/virtio-net-fuzz.c:67: + for(int i =0; i<reqi; i++) ^ ERROR: spaces required around that '<' (ctx:VxV) #85: FILE: tests/fuzz/virtio-net-fuzz.c:67: + for(int i =0; i<reqi; i++) ^ ERROR: space required before the open parenthesis '(' #85: FILE: tests/fuzz/virtio-net-fuzz.c:67: + for(int i =0; i<reqi; i++) ERROR: braces {} are necessary for all arms of this statement #85: FILE: tests/fuzz/virtio-net-fuzz.c:67: + for(int i =0; i<reqi; i++) [...] ERROR: spaces required around that '=' (ctx:WxV) #95: FILE: tests/fuzz/virtio-net-fuzz.c:77: + int reqi =0; ^ ERROR: spaces required around that '=' (ctx:VxV) #104: FILE: tests/fuzz/virtio-net-fuzz.c:86: + int iters=0; ^ ERROR: space required before the open parenthesis '(' #105: FILE: tests/fuzz/virtio-net-fuzz.c:87: + while(Size >= sizeof(vqa)) { ERROR: "(foo*)" should be "(foo *)" #106: FILE: tests/fuzz/virtio-net-fuzz.c:88: + vqa = *((vq_action*)Data); ERROR: that open brace { should be on the previous line #109: FILE: tests/fuzz/virtio-net-fuzz.c:91: + if(vqa.kick && free_head) + { ERROR: space required before the open parenthesis '(' #109: FILE: tests/fuzz/virtio-net-fuzz.c:91: + if(vqa.kick && free_head) ERROR: spaces required around that '=' (ctx:WxV) #114: FILE: tests/fuzz/virtio-net-fuzz.c:96: + for(int i =0; i<reqi; i++) ^ ERROR: spaces required around that '<' (ctx:VxV) #114: FILE: tests/fuzz/virtio-net-fuzz.c:96: + for(int i =0; i<reqi; i++) ^ ERROR: space required before the open parenthesis '(' #114: FILE: tests/fuzz/virtio-net-fuzz.c:96: + for(int i =0; i<reqi; i++) ERROR: braces {} are necessary for all arms of this statement #114: FILE: tests/fuzz/virtio-net-fuzz.c:96: + for(int i =0; i<reqi; i++) [...] ERROR: else should follow close brace '}' #118: FILE: tests/fuzz/virtio-net-fuzz.c:100: + } + else { ERROR: space required before the open parenthesis '(' #125: FILE: tests/fuzz/virtio-net-fuzz.c:107: + if(iters == 0) ERROR: braces {} are necessary for all arms of this statement #125: FILE: tests/fuzz/virtio-net-fuzz.c:107: + if(iters == 0) [...] + else [...] ERROR: line over 90 characters #126: FILE: tests/fuzz/virtio-net-fuzz.c:108: + free_head = qvirtqueue_add(q, req_addr[reqi], vqa.length, vqa.write , vqa.next) ; WARNING: line over 80 characters #128: FILE: tests/fuzz/virtio-net-fuzz.c:110: + qvirtqueue_add(q, req_addr[reqi], vqa.length, vqa.write , vqa.next) ; ERROR: spaces required around that '==' (ctx:VxV) #131: FILE: tests/fuzz/virtio-net-fuzz.c:113: + if(iters==10) ^ ERROR: space required before the open parenthesis '(' #131: FILE: tests/fuzz/virtio-net-fuzz.c:113: + if(iters==10) ERROR: braces {} are necessary for all arms of this statement #131: FILE: tests/fuzz/virtio-net-fuzz.c:113: + if(iters==10) [...] ERROR: spaces required around that '=' (ctx:WxV) #145: FILE: tests/fuzz/virtio-net-fuzz.c:127: + int reqi =0; ^ ERROR: spaces required around that '=' (ctx:VxV) #154: FILE: tests/fuzz/virtio-net-fuzz.c:136: + int iters=0; ^ ERROR: space required before the open parenthesis '(' #155: FILE: tests/fuzz/virtio-net-fuzz.c:137: + while(true) { ERROR: space required before the open parenthesis '(' #156: FILE: tests/fuzz/virtio-net-fuzz.c:138: + if(Size < sizeof(vqa)) { ERROR: "(foo*)" should be "(foo *)" #159: FILE: tests/fuzz/virtio-net-fuzz.c:141: + vqa = *((vq_action*)Data); ERROR: space required before the open parenthesis '(' #169: FILE: tests/fuzz/virtio-net-fuzz.c:151: + if(iters == 0) ERROR: braces {} are necessary for all arms of this statement #169: FILE: tests/fuzz/virtio-net-fuzz.c:151: + if(iters == 0) [...] + else [...] ERROR: line over 90 characters #170: FILE: tests/fuzz/virtio-net-fuzz.c:152: + free_head = qvirtqueue_add(q, req_addr[reqi], vqa.length, vqa.write , vqa.next) ; WARNING: line over 80 characters #172: FILE: tests/fuzz/virtio-net-fuzz.c:154: + qvirtqueue_add(q, req_addr[reqi], vqa.length, vqa.write , vqa.next) ; ERROR: spaces required around that '==' (ctx:VxV) #175: FILE: tests/fuzz/virtio-net-fuzz.c:157: + if(iters==10) ^ ERROR: space required before the open parenthesis '(' #175: FILE: tests/fuzz/virtio-net-fuzz.c:157: + if(iters==10) ERROR: braces {} are necessary for all arms of this statement #175: FILE: tests/fuzz/virtio-net-fuzz.c:157: + if(iters==10) [...] ERROR: space required before the open brace '{' #180: FILE: tests/fuzz/virtio-net-fuzz.c:162: + if(iters){ ERROR: space required before the open parenthesis '(' #180: FILE: tests/fuzz/virtio-net-fuzz.c:162: + if(iters){ ERROR: spaces required around that '=' (ctx:WxV) #184: FILE: tests/fuzz/virtio-net-fuzz.c:166: + for(int i =0; i<reqi; i++) ^ ERROR: spaces required around that '<' (ctx:VxV) #184: FILE: tests/fuzz/virtio-net-fuzz.c:166: + for(int i =0; i<reqi; i++) ^ ERROR: space required before the open parenthesis '(' #184: FILE: tests/fuzz/virtio-net-fuzz.c:166: + for(int i =0; i<reqi; i++) ERROR: braces {} are necessary for all arms of this statement #184: FILE: tests/fuzz/virtio-net-fuzz.c:166: + for(int i =0; i<reqi; i++) [...] ERROR: space required before the open brace '{' #193: FILE: tests/fuzz/virtio-net-fuzz.c:175: + if(!sv){ ERROR: space required before the open parenthesis '(' #193: FILE: tests/fuzz/virtio-net-fuzz.c:175: + if(!sv){ ERROR: space required before the open brace '{' #203: FILE: tests/fuzz/virtio-net-fuzz.c:185: +static void fuzz_fork(const unsigned char *Data, size_t Size){ ERROR: trailing whitespace #208: FILE: tests/fuzz/virtio-net-fuzz.c:190: + } $ ERROR: else should follow close brace '}' #209: FILE: tests/fuzz/virtio-net-fuzz.c:191: + } + else { ERROR: open brace '{' following function declarations go on the next line #215: FILE: tests/fuzz/virtio-net-fuzz.c:197: +static void fork_pre_main(void) { WARNING: line over 80 characters #225: FILE: tests/fuzz/virtio-net-fuzz.c:207: + fuzz_add_qos_target("virtio-net-ctrl-fuzz", "virtio-net ctrl virtqueue fuzzer", WARNING: line over 80 characters #229: FILE: tests/fuzz/virtio-net-fuzz.c:211: + fuzz_add_qos_target("virtio-net-ctrl-multi-fuzz", "virtio-net ctrl virtqueue \ ERROR: do not use C99 // comments #238: FILE: tests/fuzz/virtio-net-fuzz.c:220: + // TODO: This doesn't work. Possibly due to threading.. total: 58 errors, 6 warnings, 226 lines checked Patch 18/19 has style problems, please review. If any of these errors are false positives report them to the maintainer, see CHECKPATCH in MAINTAINERS. 19/19 Checking commit 4c6f68c48090 (fuzz: Add documentation about the fuzzer to docs/) WARNING: added, moved or deleted file(s), does MAINTAINERS need updating? #11: new file mode 100644 total: 0 errors, 1 warnings, 145 lines checked Patch 19/19 has style problems, please review. If any of these errors are false positives report them to the maintainer, see CHECKPATCH in MAINTAINERS. === OUTPUT END === Test command exited with code: 1 The full log is available at http://patchew.org/logs/20190725032321.12721-1-alxndr@bu.edu/testing.checkpatch/?type=message. --- Email generated automatically by Patchew [https://patchew.org/]. Please send your feedback to patchew-devel@redhat.com
On Thu, Jul 25, 2019 at 03:23:43AM +0000, Oleinik, Alexander wrote: > As part of Google Summer of Code 2019, I'm working on integrating > fuzzing of virtual devices into QEMU [1]. This is a highly WIP patchset > adding this functionality. > > Fuzzers provide random data to a program and monitor its execution for > errors. Coverage-guided fuzzers also observe the parts of the program > that are exercised by each input, and use this information to > mutate/guide the inputs to reach additional parts of the program. They > are quite effective for finding bugs in a wide range of software. Good start! The overall approach is maintainable and not too invasive. Some iteration on the current patch series will be necessary to clean things up, but the fundamentals look promising to me. Stefan
it seems the code in blue in tests/fuzz/fuzz.c does not do anything, what it supposed to be? // TODO: Replace this with QEMU's built-in linked list static void enum_memory(void) { mtree_info(true, true, true); fuzz_memory_region *fmr = g_new0(fuzz_memory_region, 1); fmr->io = false; fmr->start = 0x100000; fmr->length = 0x10000; fmr->next = fuzz_memory_region_head; fuzz_memory_region_tail->next = fmr; fuzz_memory_region_tail = fmr; fmr = fuzz_memory_region_head; * while(true){ fmr = fmr->next; if(fmr == fuzz_memory_region_head) break;* } } Oleinik, Alexander <alxndr@bu.edu> 于2019年7月25日周四 上午11:23写道: > As part of Google Summer of Code 2019, I'm working on integrating > fuzzing of virtual devices into QEMU [1]. This is a highly WIP patchset > adding this functionality. > > Fuzzers provide random data to a program and monitor its execution for > errors. Coverage-guided fuzzers also observe the parts of the program > that are exercised by each input, and use this information to > mutate/guide the inputs to reach additional parts of the program. They > are quite effective for finding bugs in a wide range of software. > > Summary: > - The virtual-device fuzzers use libfuzzer [2] for coverage-guided > in-process fuzzing. > - To fuzz a device, create a new fuzz "target" - i.e. a function that > exercises QEMU based on inputs provided by the fuzzer. > - Fuzz targets rely on qtest and libqos to turn inputs into actions. > - Since libfuzzer does in-process fuzzing, the QEMU state needs to be > reset after each fuzz run. These patches provide three methods for > resetting state. > - There are currently few targets, but they have already helped > discover bugs in the console, and virtio-net, and have reproduced > previously-reported vulnerabilities. > > Here are some main implementation details: > - The fuzzing occurs within a single process. QTest and QOS are > modified so the QTest client and server coexist within the same > process. They communicate with each other through direct function > calls. Similar to qtest, the fuzzer uses a lightweight accelerator to > skip CPU emulation. The fuzzing target is responsible for manually > executing the main loop. > - Since the same process is reused for many fuzzing runs, QEMU state > needs to be reset at the end of each run. There are currently three > implemented options for resetting state: > 1. Reboot the guest between runs. > Pros: Straightforward and fast for simple fuzz targets. > Cons: Depending on the device, does not reset all device state. If > the device requires some initialization prior to being ready for > fuzzing (common for QOS-based targets), this initialization needs > to be done after each reboot. > Example target: --virtio-net-ctrl-fuzz > 2. vmsave the state to RAM, once, and restore it after each run. > Alternatively, only save the device state > (savevm.c:qemu_save_device_state) > Pros: Do not need to initialize devices prior to each run. > VMStateDescriptions often specify more state than the device > resetting functions called during reboots. > Cons: Restoring state is often slower than rebooting. There is > currently no way to save the QOS object state, so the objects > usually needs to be re-allocated, defeating the purpose of > one-time device initialization. > Example target: --qtest-fuzz > 3. Run each test case in a separate forked process and copy the > coverage information back to the parent. This is fairly similar to > AFL's "deferred" fork-server mode [3] > Pros: Relatively fast. Devices only need to be initialized once. > No need to do slow reboots or vmloads. > Cons: Not officially supported by libfuzzer and the implementation > is very flimsy. Does not work well for devices that rely on > dedicated threads. > Example target: --qtest-fork-fuzz > - Fuzz targets are registered using QEMU's module system, similar to > QOS test cases. Base qtest targets are registed with fuzz_add_target > and QOS-based targets with fuzz_add_qos_target. > - There are two entry points for the fuzzer: > LLVMFuzzerInitialize: Run once, prior to fuzzing. Here, we set up > qtest/qos, register the fuzz targets and partially execute vl.c:main. > This is also where we would take a snapshot, if using the vmsave > approach to resetting. > LLVMFuzzerTestOneInput: Run for each fuzzing input. This function is > responsible for taking care of device initialization, calling the > actual fuzz target, and resetting state at the end of each run. > Both of these functions are defined in tests/fuzz/fuzz.c > - There are many libfuzzer flags which should be used to configure the > coverage metrics and storage of interesting fuzz inputs. [2] These > flags can also be helpful in evaluating fuzzing performance through > metrics such as inputs/seconds and line-coverage. > > Here are some key issues with the current state of the code: > - The patches change vl.c, main-loop.c, qtest.c, tests/libqtest.c, > savevm.c, memory.c. I wrapped the changes with #ifdef CONFIG_FUZZ, > but many of these changes can and should be avoided. > - tests/fuzz/qos_helpers.c is largely a copy of tests/qos-test.c. > - The fuzzer is not properly integrated into the build system. > Currently I simply added all of the necessary objects to > target/i386/Makefile.objs, but there should be a simple way to build > for other arches. The binary needs to be linked against libqemuutil, > libqtest, qos and the qos objects, and the requirements for softmmu > targets. > - Some of the fuzz targets leak memory during state-resetting that need > to be tracked down and fixed. > - As mentioned already, running each test in a separate process does > not seem to be supported by libfuzzer, and the implementation > reflects this (tests/fuzz/fuzzer_hooks.c) > - The existing fuzz targets should be cleaned up as they have issues > with memory alignment and contain redundant checks. The should also > use qtest's clock_step. The fork fuzz targets are dependant on > a hard-coded section size. > > Building and running: > Libfuzzer requires clang. > $ CC=clang-7 CXX=clang++-7 ./configure --enable-fuzzing > $ make i386-softmmu/all > $ i386-softmmu/qemu-system-i386 --qtest-dma-fuzz -detect_leaks=0 > > Here "qtest-dma-fuzz" is the fuzz target name. Running qemu-system-i386 > without any arguments should print all of the available fuzz targets. > The -help=1 command prints out the available libfuzzer options. > > There are more details, including instructions for adding new fuzz > targets in docs/devel/fuzzing.txt > > In the coming weeks I would like to fix the issues listed above, more > fuzzing targets, and ideally work on getting QEMU into oss-fuzz[4], > where it can be fuzzed continuously. > > I appreciate any feedback. Thanks > -Alex > > [1] https://wiki.qemu.org/Internships/ProjectIdeas/QtestOssFuzz > [2] Trophy Case section: http://lcamtuf.coredump.cx/afl/ > [3] https://llvm.org/docs/LibFuzzer.html > [4] https://github.com/mirrorer/afl/blob/master/llvm_mode/README.llvm#L82 > [5] https://github.com/google/oss-fuzz > > > Alexander Oleinik (19): > fuzz: add configure option and linker objects > fuzz: add FUZZ_TARGET type to qemu module system > fuzz: add fuzz accelerator > fuzz: Add qos support to fuzz targets > fuzz: expose qemu_savevm_state & skip state header > fuzz: Add ramfile for fast vmstate/vmload > fuzz: Modify libqtest to directly invoke qtest.c > fuzz: add shims to intercept libfuzzer init > fuzz: use mtree_info to find mapped addresses > fuzz: expose real_main (aka regular vl.c:main) > fuzz: add direct send/receive in qtest client > fuzz: hard-code all of the needed files for build > fuzz: add ctrl vq support to virtio-net in libqos > fuzz: hard-code a main-loop timeout > fuzz: add fuzz accelerator type > fuzz: add general fuzzer entrypoints > fuzz: add general qtest fuzz target > fuzz: Add virtio-net tx and ctrl fuzz targets > fuzz: Add documentation about the fuzzer to docs/ > > accel/fuzz.c | 47 ++++++ > configure | 11 ++ > docs/devel/fuzzing.txt | 145 +++++++++++++++++ > include/qemu/module.h | 7 +- > include/sysemu/fuzz.h | 15 ++ > include/sysemu/qtest.h | 7 +- > include/sysemu/sysemu.h | 4 + > memory.c | 34 ++++ > migration/savevm.c | 8 +- > migration/savevm.h | 3 + > qtest.c | 19 ++- > target/i386/Makefile.objs | 19 +++ > tests/fuzz/fuzz.c | 262 +++++++++++++++++++++++++++++++ > tests/fuzz/fuzz.h | 96 ++++++++++++ > tests/fuzz/fuzzer_hooks.c | 106 +++++++++++++ > tests/fuzz/fuzzer_hooks.h | 9 ++ > tests/fuzz/qos_fuzz.c | 63 ++++++++ > tests/fuzz/qos_fuzz.h | 29 ++++ > tests/fuzz/qos_helpers.c | 295 +++++++++++++++++++++++++++++++++++ > tests/fuzz/qos_helpers.h | 17 ++ > tests/fuzz/qtest_fuzz.c | 261 +++++++++++++++++++++++++++++++ > tests/fuzz/qtest_fuzz.h | 38 +++++ > tests/fuzz/ramfile.c | 127 +++++++++++++++ > tests/fuzz/ramfile.h | 20 +++ > tests/fuzz/virtio-net-fuzz.c | 226 +++++++++++++++++++++++++++ > tests/libqos/virtio-net.c | 2 +- > tests/libqtest.c | 53 ++++++- > tests/libqtest.h | 6 + > util/main-loop.c | 3 + > vl.c | 21 ++- > 30 files changed, 1945 insertions(+), 8 deletions(-) > create mode 100644 accel/fuzz.c > create mode 100644 docs/devel/fuzzing.txt > create mode 100644 include/sysemu/fuzz.h > create mode 100644 tests/fuzz/fuzz.c > create mode 100644 tests/fuzz/fuzz.h > create mode 100644 tests/fuzz/fuzzer_hooks.c > create mode 100644 tests/fuzz/fuzzer_hooks.h > create mode 100644 tests/fuzz/qos_fuzz.c > create mode 100644 tests/fuzz/qos_fuzz.h > create mode 100644 tests/fuzz/qos_helpers.c > create mode 100644 tests/fuzz/qos_helpers.h > create mode 100644 tests/fuzz/qtest_fuzz.c > create mode 100644 tests/fuzz/qtest_fuzz.h > create mode 100644 tests/fuzz/ramfile.c > create mode 100644 tests/fuzz/ramfile.h > create mode 100644 tests/fuzz/virtio-net-fuzz.c > > -- > 2.20.1 > >