On Thu, Jun 28, 2018 at 1:22 PM, Tetsuo Handa
<
penguin...@i-love.sakura.ne.jp> wrote:
> Hello.
>
> In my slides for newbie engineers who started learning programming, I'd like to
> refer to syzkaller/syzbot as one of projects for help debugging Linux kernels.
> Therefore, I want to know the difference between syzkaller and syzbot.
> Currently, I'm describing them as below.
>
> syzkaller is a program for finding bugs by generating/testing various
> testcases regarding system calls (a method for calling functionality
> provided by kernels).
>
> syzbot is a program for executing testcases syzkaller has generated
> on a platform called Google Compute Engine and for trying to generate
> programs for reproducing bugs (in other words, identify conditions for
> triggering problematic events).
>
> Since this description is for newbie engineers, I want to avoid using
> difficult terminology/concept (e.g. "coverage-guided", "fuzzer").
> Am I describing them correctly? Or, am I misunderstanding something?
+syzkaller mailing list
Hi Tetsuo,
This is not completely precise. syzkaller generates reproducers and
can run on GCE too.
Besides what you said about syzkaller, it also:
- generates reproducers
- analyzes kernel output, creates reports and deduplicates them
- supports multiple target OSes and VM types (qemu, android phones,
arm boards, GCE)
But all resulting artifacts are just files on your local disk. Also
single syzkaller instance tests a single kernel.
syzbot is higher-level automation on top of syzkaller and it handles:
- continuous kernel/syzkaller builds
- multiple syzkaller instances testing different kernels
- crash deduplication across all these instances
- bug reporting and automatic bug status tracking
- and also provides the web ui