diff options
| author | Dmitry Vyukov <dvyukov@google.com> | 2017-01-18 16:24:07 +0100 |
|---|---|---|
| committer | Dmitry Vyukov <dvyukov@google.com> | 2017-01-18 19:58:12 +0100 |
| commit | b8cb4435c41161328335f7d07e3a714e1fceacc4 (patch) | |
| tree | f8153bb109803edeb3c515d813d2ee1296a8eec1 | |
| parent | ffe327412b008a8673e41cd6cbf08f3e98a14af9 (diff) | |
syz-fuzzer: check for new coverage during minimization
There is no reason to not check for new coverage during minimization.
We execute new programs, and can well get new interesting programs with new coverage.
So do that. Since execute updates maxCover synchronously, we should not get any
kind of positive feedback loop due to that.
| -rw-r--r-- | syz-fuzzer/fuzzer.go | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/syz-fuzzer/fuzzer.go b/syz-fuzzer/fuzzer.go index 814986316..65916ce55 100644 --- a/syz-fuzzer/fuzzer.go +++ b/syz-fuzzer/fuzzer.go @@ -436,7 +436,7 @@ func triageInput(pid int, env *ipc.Env, inp Input) { if !inp.minimized { inp.p, inp.call = prog.Minimize(inp.p, inp.call, func(p1 *prog.Prog, call1 int) bool { - allCover := execute1(pid, env, p1, &statExecMinimize) + allCover := execute(pid, env, p1, false, &statExecMinimize) coverMu.RLock() defer coverMu.RUnlock() @@ -471,7 +471,7 @@ func triageInput(pid int, env *ipc.Env, inp Input) { corpusHashes[hash(data)] = struct{}{} } -func execute(pid int, env *ipc.Env, p *prog.Prog, minimized bool, stat *uint64) { +func execute(pid int, env *ipc.Env, p *prog.Prog, minimized bool, stat *uint64) []cover.Cover { allCover := execute1(pid, env, p, stat) coverMu.RLock() defer coverMu.RUnlock() @@ -500,6 +500,7 @@ func execute(pid int, env *ipc.Env, p *prog.Prog, minimized bool, stat *uint64) triageMu.Unlock() } } + return allCover } var logMu sync.Mutex |