thatjiaozi
commented
1 year ago That is a very interesting idea!
Different types of programs follow different paths in the verifier's code, so I think there is value in pursuing this idea.
We haven't implemented a way to specify a specific test of ebpf, all the programs we generate right now get attached to sockets (i.e loaded as network programs).
My first thought on how to implement this would be to specify the program type here (https://github.com/google/buzzer/blob/main/pkg/ebpf/program.go#L51) and then somehow pipe the information of program type through the protos: https://github.com/google/buzzer/blob/main/proto/ebpf_fuzzer.proto
and into the FFI layer https://github.com/google/buzzer/blob/main/ebpf_ffi/ffi.cc
Feel free to play around with those places and if you find a nice way to integrate this idea feel free to submit a pull request and I could review it.
If I want to test a specific type of ebpf, such as socket-related or map-related, how should I do it?