Juice: Extend trinity fuzzer to help testing the android changes

Registered by John Stultz

As we work on creating simple unit tests for the android specific interfaces in the kernel, it might also be good to do some deeper more complex testing to ensure that the changes don't cause problems. However, these deeper tests take quite a bit of resources to create. One idea would be to use some of the interface-fuzzing technology found in trinity to do smart-fuzzing to find bugs.

For background on trinity, see: http://lwn.net/Articles/536173/

One issue: Much of the android interfaces are exposed via driver ioctls, which trinity does not support. This work would likely require extending trinity to handle ioctls and teaching trinity about the android specific ioctls.

Blueprint information

Jakub Pavelek
John Stultz
Axel Fagerstedt
Series goal:
Accepted for juice
Milestone target:
milestone icon juice-backlog
Started by
Jakub Pavelek
Completed by
Jakub Pavelek

Related branches



[04/04/2013 axelfagerstedt]
Initial findings:
- Trinity appears to have support for testing ioctls already
- We may have to do a port for arm64 if we want to run trinity on arm64. Would involve putting in info like: syscall table in right order, page offset, syscall offset, arch specific syscalls.
- Have been able to crosscompile trinity and run it on a linaro device. However I ended up linking glibc statically. Ideally should set up a build which links with bioninc.

Roadmap id: CARD-496
Headline: Fuzzy tester Trinity extended to handle android ioctl and made available for Juice
 * Trinity extended to handle ioctl
 * Trinity deployed in juice-aosp
 * code kept in private repo before decision on upstreaming is reached

[jakub-pavelek 2013-04-25] Moving all WIs from 13.04 to 13.05. This is M2.5 item, so no biggie
[jakub-pavelek 2013-05-30] As JUICE moves from Launchpad to JIRA we will not be using or updating this Blueprint and work instead with http://cards.linaro.org/browse/JUICE-30 Blueprint. Descoping from Launchpad milestones

[jakub-pavelek 2013-09-17] Team left Launchpad and moved over to JIRA - all blueprints are abandoned.


Work Items

Work items for 13.05:
Start research revewing the trinity code: INPROGRESS
Get an estimate of how hard extending trinity to support ioctls will be: INPROGRESS
Email Tommi to sort out how much of his work overlaps our plans: TODO
Enumerate which ioctls we should try to enable support for (binder, logger, ashmem, alarmdev, sync, etc): TODO

Work items for backlog:
Sort out whats required to link with bionic (does running under Android matter?): TODO

Dependency tree

* Blueprints in grey have been implemented.

This blueprint contains Public information 
Everyone can see this information.