pkg/fuzzer: remove signal rotation

Signal rotation is intended to make the fuzzer re-discover flaky coverage
in non flaky way. However, taking into accout that we get effectively
the same effect after each manager restart, and that the fuzzer is overloaded
with triage/smash jobs, it does not look to be worth it.

4 files changed, 7 insertions, 97 deletions

diff --git a/pkg/fuzzer/cover.go b/pkg/fuzzer/cover.go
index c34a3b219..4421693b1 100644
--- a/pkg/fuzzer/cover.go
+++ b/pkg/fuzzer/cover.go
@@ -12,10 +12,9 @@ import (
 
 // Cover keeps track of the signal known to the fuzzer.
 type Cover struct {
-	mu         sync.RWMutex
-	maxSignal  signal.Signal // max signal ever observed (including flakes)
-	newSignal  signal.Signal // newly identified max signal
-	dropSignal signal.Signal // the newly dropped max signal
+	mu        sync.RWMutex
+	maxSignal signal.Signal // max signal ever observed (including flakes)
+	newSignal signal.Signal // newly identified max signal
 }
 
 func newCover() *Cover {
@@ -31,7 +30,6 @@ func (cover *Cover) AddMaxSignal(sign signal.Signal) {
 	cover.mu.Lock()
 	defer cover.mu.Unlock()
 	cover.maxSignal.Merge(sign)
-	cover.dropSignal.Subtract(sign)
 }
 
 func (cover *Cover) addRawMaxSignal(signal []uint64, prio uint8) signal.Signal {
@@ -43,36 +41,19 @@ func (cover *Cover) addRawMaxSignal(signal []uint64, prio uint8) signal.Signal {
 	}
 	cover.maxSignal.Merge(diff)
 	cover.newSignal.Merge(diff)
-	cover.dropSignal.Subtract(diff)
 	return diff
 }
 
-func (cover *Cover) pureMaxSignal(corpus signal.Signal) signal.Signal {
-	cover.mu.RLock()
-	defer cover.mu.RUnlock()
-	return corpus.Diff(cover.maxSignal)
-}
-
 func (cover *Cover) CopyMaxSignal() signal.Signal {
 	cover.mu.RLock()
 	defer cover.mu.RUnlock()
 	return cover.maxSignal.Copy()
 }
 
-func (cover *Cover) GrabSignalDelta() (plus, minus signal.Signal) {
+func (cover *Cover) GrabSignalDelta() signal.Signal {
 	cover.mu.Lock()
 	defer cover.mu.Unlock()
-	plus = cover.newSignal
+	plus := cover.newSignal
 	cover.newSignal = nil
-	minus = cover.dropSignal
-	cover.dropSignal = nil
-	return
-}
-
-func (cover *Cover) subtract(delta signal.Signal) {
-	cover.mu.Lock()
-	defer cover.mu.Unlock()
-	cover.maxSignal.Subtract(delta)
-	cover.newSignal.Subtract(delta)
-	cover.dropSignal.Merge(delta)
+	return plus
 }
diff --git a/pkg/fuzzer/fuzzer.go b/pkg/fuzzer/fuzzer.go
index 09ce69c00..a2b2ef475 100644
--- a/pkg/fuzzer/fuzzer.go
+++ b/pkg/fuzzer/fuzzer.go
@@ -363,18 +363,6 @@ func (fuzzer *Fuzzer) logCurrentStats() {
 	}
 }
 
-func (fuzzer *Fuzzer) RotateMaxSignal(items int) {
-	corpusSignal := fuzzer.Config.Corpus.Signal()
-	pureMaxSignal := fuzzer.Cover.pureMaxSignal(corpusSignal)
-	if pureMaxSignal.Len() < items {
-		items = pureMaxSignal.Len()
-	}
-	fuzzer.Logf(1, "rotate %d max signal elements", items)
-
-	delta := pureMaxSignal.RandomSubset(fuzzer.rand(), items)
-	fuzzer.Cover.subtract(delta)
-}
-
 func setFlags(execFlags flatrpc.ExecFlag) flatrpc.ExecOpts {
 	return flatrpc.ExecOpts{
 		ExecFlags: execFlags,
diff --git a/pkg/fuzzer/fuzzer_test.go b/pkg/fuzzer/fuzzer_test.go
index 55ec09666..d8c532e1a 100644
--- a/pkg/fuzzer/fuzzer_test.go
+++ b/pkg/fuzzer/fuzzer_test.go
@@ -22,7 +22,6 @@ import (
 	"github.com/google/syzkaller/pkg/flatrpc"
 	"github.com/google/syzkaller/pkg/fuzzer/queue"
 	"github.com/google/syzkaller/pkg/rpcserver"
-	"github.com/google/syzkaller/pkg/signal"
 	"github.com/google/syzkaller/pkg/testutil"
 	"github.com/google/syzkaller/pkg/vminfo"
 	"github.com/google/syzkaller/prog"
@@ -121,65 +120,6 @@ func BenchmarkFuzzer(b *testing.B) {
 	})
 }
 
-const anyTestProg = `syz_compare(&AUTO="00000000", 0x4, &AUTO=@conditional={0x0, @void, @void}, AUTO)`
-
-func TestRotate(t *testing.T) {
-	target, err := prog.GetTarget(targets.TestOS, targets.TestArch64Fuzz)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	ctx, cancel := context.WithCancel(context.Background())
-	defer cancel()
-
-	corpusObj := corpus.NewCorpus(ctx)
-	fuzzer := NewFuzzer(ctx, &Config{
-		Debug:    true,
-		Corpus:   corpusObj,
-		Coverage: true,
-		EnabledCalls: map[*prog.Syscall]bool{
-			target.SyscallMap["syz_compare"]: true,
-		},
-	}, rand.New(testutil.RandSource(t)), target)
-
-	fakeSignal := func(size int) signal.Signal {
-		var pc []uint64
-		for i := 0; i < size; i++ {
-			pc = append(pc, uint64(i))
-		}
-		return signal.FromRaw(pc, 0)
-	}
-
-	prog, err := target.Deserialize([]byte(anyTestProg), prog.NonStrict)
-	assert.NoError(t, err)
-	corpusObj.Save(corpus.NewInput{
-		Prog:   prog,
-		Call:   0,
-		Signal: fakeSignal(100),
-	})
-	fuzzer.Cover.AddMaxSignal(fakeSignal(1000))
-
-	assert.Equal(t, 1000, len(fuzzer.Cover.maxSignal))
-	assert.Equal(t, 100, corpusObj.StatSignal.Val())
-
-	// Rotate some of the signal.
-	fuzzer.RotateMaxSignal(200)
-	assert.Equal(t, 800, len(fuzzer.Cover.maxSignal))
-	assert.Equal(t, 100, corpusObj.StatSignal.Val())
-
-	plus, minus := fuzzer.Cover.GrabSignalDelta()
-	assert.Equal(t, 0, plus.Len())
-	assert.Equal(t, 200, minus.Len())
-
-	// Rotate the rest.
-	fuzzer.RotateMaxSignal(1000)
-	assert.Equal(t, 100, len(fuzzer.Cover.maxSignal))
-	assert.Equal(t, 100, corpusObj.StatSignal.Val())
-	plus, minus = fuzzer.Cover.GrabSignalDelta()
-	assert.Equal(t, 0, plus.Len())
-	assert.Equal(t, 700, minus.Len())
-}
-
 // Based on the example from Go documentation.
 var crc32q = crc32.MakeTable(0xD5828281)
 
diff --git a/pkg/fuzzer/job_test.go b/pkg/fuzzer/job_test.go
index 8441c4142..122a50577 100644
--- a/pkg/fuzzer/job_test.go
+++ b/pkg/fuzzer/job_test.go
@@ -77,6 +77,7 @@ func TestDeflake(t *testing.T) {
 
 	target, err := prog.GetTarget(targets.TestOS, targets.TestArch64Fuzz)
 	assert.NoError(t, err)
+	const anyTestProg = `syz_compare(&AUTO="00000000", 0x4, &AUTO=@conditional={0x0, @void, @void}, AUTO)`
 	prog, err := target.Deserialize([]byte(anyTestProg), prog.NonStrict)
 	assert.NoError(t, err)