pkg/aflow: repro from crash generation workflow (prototype)#6851
pkg/aflow: repro from crash generation workflow (prototype)#6851tarasmadan wants to merge 1 commit intogoogle:masterfrom
Conversation
tarasmadan
force-pushed
the
crash-repro-workflow
branch
from
6db5d9d to
bce4f8a
Compare
tarasmadan
force-pushed
the
crash-repro-workflow
branch
6 times, most recently
from
80fc471 to
d6aa434
Compare
tarasmadan
force-pushed
the
crash-repro-workflow
branch
2 times, most recently
from
d9b886a to
4d636df
Compare
tarasmadan
force-pushed
the
crash-repro-workflow
branch
11 times, most recently
from
9488053 to
4290adf
Compare
tarasmadan
force-pushed
the
crash-repro-workflow
branch
2 times, most recently
from
34a2c16 to
3faeb35
Compare
tarasmadan
force-pushed
the
crash-repro-workflow
branch
from
3faeb35 to
60cf379
Compare
tarasmadan
force-pushed
the
crash-repro-workflow
branch
8 times, most recently
from
3c70578 to
aa24b85
Compare
tarasmadan
force-pushed
the
crash-repro-workflow
branch
from
aa24b85 to
46153a7
Compare
tarasmadan
changed the title
tarasmadan
changed the title
|
@ramosian-glider @dvyukov ptal. |
| args.KernelCommit, hash.String(args.KernelConfig), hash.String(imageData), | ||
| args.Type, hash.String(args.VM), hash.String(args.ReproC)) | ||
| args.Type, hash.String(args.VM), hash.String(args.ReproC), | ||
| hash.String([]byte(args.ReproSyz)), hash.String([]byte(args.ReproOpts))) |
There was a problem hiding this comment.
Doesn't hash.String accept strings?
| You are an expert in linux kernel fuzzing. Your goal is to write a syzkaller program to trigger | ||
| a specific bug. | ||
|
|
||
| First, search for the relevant syzlang definitions using the syzlang-search tool. |
There was a problem hiding this comment.
syzlang-search tool does not seem to exist now.
| "github.com/google/syzkaller/pkg/aflow/action/crash" | ||
| "github.com/google/syzkaller/pkg/aflow/action/kernel" | ||
| "github.com/google/syzkaller/pkg/aflow/ai" | ||
| toolcrash "github.com/google/syzkaller/pkg/aflow/tool/crash" |
There was a problem hiding this comment.
Let's call the package toolcrash. Renaming is rarely used, and is more of an exception. Let's say when you import 2 packages from different projects, and they happen to be named the same. But here we create both package next to each other, and they are supposed to be imported together. renaming them each time does not make sense.
Prefixing is a semi-common technique, e.g. io/ioutil, testing/iotest.
| VM json.RawMessage | ||
|
|
||
| // We don't use them. Needed to use crash.Reproduce. | ||
| ReproOpts string |
There was a problem hiding this comment.
This is nasty. This means we will need create these as inputs to the workflow, and permanently store in the database as inputs. And having ReproC as input to a repro workflow looks wrong.
Moreover, these are internal implementation artifacts leaking to the public interface. Later we may have more of these, or find a way to remove these, and we will need to change the public interface, what inputs we create/store for workflows.
I am not sure what's the best way to remove this from the workflow inputs... perhaps some action that produces given variables with fixed values?
// This is needed b/c ...
aflow.Produce("ReproC", ""),
aflow.Produce("ReproOpts", ""),
| } | ||
|
|
||
| // CompareAction performs the comparison. It is exported so tools can use its Run method. | ||
| type CompareAction struct { |
| Syzkaller string | ||
| } | ||
|
|
||
| type listFilesArgs struct { |
There was a problem hiding this comment.
Is the tool does not have args, LLM must always call it, and it must call it once, it suggests we should just give it the list in the prompt.
|
|
||
| func listFiles(ctx *aflow.Context, state descriptionsToolState, args listFilesArgs) (listFilesResult, error) { | ||
| var files []string | ||
| dir := filepath.Join(state.Syzkaller, "sys", "linux") |
There was a problem hiding this comment.
I don't think we have descriptions in the syzkaller dir (as implied by syz-ci and syz-agent). IIRC we only have few binaries there, and test seeds.
| return nil | ||
| }) | ||
| if err != nil { | ||
| return listFilesResult{}, aflow.BadCallError("failed to access sys/linux: %v", err) |
There was a problem hiding this comment.
Also hard error. LLM can't fix/.work around this.
| func getFile(ctx *aflow.Context, state descriptionsToolState, args getFileArgs) (getFileResult, error) { | ||
| data, err := os.ReadFile(filepath.Join(state.Syzkaller, "sys", "linux", args.File)) | ||
| if err != nil { | ||
| return getFileResult{}, aflow.BadCallError("failed to access %s: %v", args.File, err) |
| return getFileResult{}, aflow.BadCallError("failed to access %s: %v", args.File, err) | ||
| } | ||
| if len(data) == 0 { | ||
| return getFileResult{}, aflow.BadCallError("failed to access %s: empty file", args.File) |
There was a problem hiding this comment.
When can this happen? What does it mean?
|
@gemini-cli take the design doc and create the new PR to discuss and integrate it. Don't modify the doc itself. |
|
🤖 Hi @tarasmadan, I've received your request, and I'm working on it now! You can track my progress in the logs for more details. |
🤖 AI Assistant: Plan of ActionI have analyzed the request and propose the following plan. This plan will not be executed until it is approved by a maintainer. Resource Estimate:
Proposed Steps:
Please review this plan. To approve, comment |
|
@gemini-cli /approve |
|
🤖 Hi @tarasmadan, I've received your request, and I'm working on it now! You can track my progress in the logs for more details. |
✅ Task CompleteI have successfully executed the approved plan. Summary of Changes:
Pull Request:
My work on this issue is now complete. |
4 participants
Integration testing may take some time thus I think it is better to be postponed.