diff options
| author | Dmitry Vyukov <dvyukov@google.com> | 2024-08-07 15:16:35 +0200 |
|---|---|---|
| committer | Aleksandr Nogikh <nogikh@google.com> | 2024-08-07 18:47:26 +0000 |
| commit | 7013cb0d7d7b78bb0160c45d13a8d7d472835513 (patch) | |
| tree | 8955241dedf178b338a673f4254d652a0b615f01 /pkg/fuzzer | |
| parent | 58a20e60bf226392db3d88eb36503b9cc711a153 (diff) | |
prog: replace MinimizeParams with MinimizeMode
All callers shouldn't control lots of internal details of minimization
(if we have more params, that's just more variations to test,
and we don't have more, params is just a more convoluted way to say
if we minimize for corpus or a crash).
2 bools also allow to express 4 options, but only 3 make sense.
Also when I see MinimizeParams{} in the code, it's unclear what it means.
Replace params with mode.
And potentially "crash" minimization is not "light", it's just different.
E.g. we can simplify int arguments for reproducers (esp in snapshot mode),
but we don't need that for corpus.
Diffstat (limited to 'pkg/fuzzer')
| -rw-r--r-- | pkg/fuzzer/job.go | 59 |
1 files changed, 29 insertions, 30 deletions
diff --git a/pkg/fuzzer/job.go b/pkg/fuzzer/job.go index 85d2dcfe6..7a89006f1 100644 --- a/pkg/fuzzer/job.go +++ b/pkg/fuzzer/job.go @@ -301,39 +301,38 @@ func (job *triageJob) minimize(call int, info *triageCall) (*prog.Prog, int) { minimizeAttempts = 2 } stop := false - p, call := prog.Minimize(job.p, call, prog.MinimizeParams{}, - func(p1 *prog.Prog, call1 int) bool { - if stop { + p, call := prog.Minimize(job.p, call, prog.MinimizeCorpus, func(p1 *prog.Prog, call1 int) bool { + if stop { + return false + } + var mergedSignal signal.Signal + for i := 0; i < minimizeAttempts; i++ { + result := job.execute(&queue.Request{ + Prog: p1, + ExecOpts: setFlags(flatrpc.ExecFlagCollectSignal), + ReturnAllSignal: []int{call1}, + Stat: job.fuzzer.statExecMinimize, + }, 0) + if result.Stop() { + stop = true return false } - var mergedSignal signal.Signal - for i := 0; i < minimizeAttempts; i++ { - result := job.execute(&queue.Request{ - Prog: p1, - ExecOpts: setFlags(flatrpc.ExecFlagCollectSignal), - ReturnAllSignal: []int{call1}, - Stat: job.fuzzer.statExecMinimize, - }, 0) - if result.Stop() { - stop = true - return false - } - if !reexecutionSuccess(result.Info, info.errno, call1) { - // The call was not executed or failed. - continue - } - thisSignal := getSignalAndCover(p1, result.Info, call1) - if mergedSignal.Len() == 0 { - mergedSignal = thisSignal - } else { - mergedSignal.Merge(thisSignal) - } - if info.newStableSignal.Intersection(mergedSignal).Len() == info.newStableSignal.Len() { - return true - } + if !reexecutionSuccess(result.Info, info.errno, call1) { + // The call was not executed or failed. + continue } - return false - }) + thisSignal := getSignalAndCover(p1, result.Info, call1) + if mergedSignal.Len() == 0 { + mergedSignal = thisSignal + } else { + mergedSignal.Merge(thisSignal) + } + if info.newStableSignal.Intersection(mergedSignal).Len() == info.newStableSignal.Len() { + return true + } + } + return false + }) if stop { return nil, 0 } |