diff options
| author | Aleksandr Nogikh <nogikh@google.com> | 2024-01-23 14:02:44 +0100 |
|---|---|---|
| committer | Aleksandr Nogikh <nogikh@google.com> | 2024-01-23 14:01:18 +0000 |
| commit | 1e153dc8b31e685ca8495576db4f8c077585e39c (patch) | |
| tree | 1359fe137fe5e1c51c28f8474d114bd24c68d03f /pkg/instance | |
| parent | 9165e30a670440929dd65fccccd7888524812009 (diff) | |
all: experiment with an option to reset accumulated state
In the cases where we do not / cannot sandbox individual prog executions
well enough, some share of progs end up being dependent on the
previously accumulated state of the whole VM.
As the result,
* We lose 5-10% of coverage/signal on every instance restart.
* A share of our corpus programs do not actually trigger the coverage
they were thought to reliably trigger.
This significantly affects fuzzing efficiency and prevents syzkaller
from accumulating bigger and better corpus over multiple runs.
Let's see if the situation becomes better if we restart syz-executor
before most of prog executions.
Diffstat (limited to 'pkg/instance')
| -rw-r--r-- | pkg/instance/instance.go | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/pkg/instance/instance.go b/pkg/instance/instance.go index 2f48cdbc7..7b4ca5c71 100644 --- a/pkg/instance/instance.go +++ b/pkg/instance/instance.go @@ -456,10 +456,11 @@ func (inst *inst) testRepro() ([]byte, error) { } type OptionalFuzzerArgs struct { - Slowdown int - RawCover bool - SandboxArg int - PprofPort int + Slowdown int + RawCover bool + SandboxArg int + PprofPort int + ResetAccState bool } type FuzzerCmdArgs struct { @@ -502,6 +503,7 @@ func FuzzerCmd(args *FuzzerCmdArgs) string { {Name: "raw_cover", Value: fmt.Sprint(args.Optional.RawCover)}, {Name: "sandbox_arg", Value: fmt.Sprint(args.Optional.SandboxArg)}, {Name: "pprof_port", Value: fmt.Sprint(args.Optional.PprofPort)}, + {Name: "reset_acc_state", Value: fmt.Sprint(args.Optional.ResetAccState)}, } optionalArg = " " + tool.OptionalFlags(flags) } |