diff options
| author | Dmitry Vyukov <dvyukov@google.com> | 2024-06-24 11:39:39 +0200 |
|---|---|---|
| committer | Dmitry Vyukov <dvyukov@google.com> | 2024-07-02 15:07:08 +0000 |
| commit | 3d475bc56886c8183b3189b762451095985b6c84 (patch) | |
| tree | 10bac897dc3c3cb1e9e2d655a5becaff8a9d1eb3 /sys | |
| parent | 0be05f03ef149d0a149a51bf1111a5153708b1ef (diff) | |
prog: reduce amount of hint replacements
Several optimizations to reduce amount of hint replacements:
1. Don't mutate int's that are <= 8 bits.
2. Don't mutate data that is <= 3 bytes.
3. Restrict mutation of len only value >10 and < 1<<20.
Values <= 10 we can produce during normal mutation.
Values > 1<<20 are presumably not length of something
and we have logic to produce various large bogus lengths.
4. Include all small ints <= 16 into specialInts and remove 31, 32, 63
(don't remember where they come from).
5. Don't produce other known flags (and combinations) for flags.
And a larger part computes groups of related arguments
so that we don't try to produce known ioctl's from other known ioctl's,
and similarly for socket/socketpair/setsockopt/etc.
See comments in Target.initRelatedFields for details.
Update #477
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/test/related.txt | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/sys/test/related.txt b/sys/test/related.txt new file mode 100644 index 000000000..4d0dfebb1 --- /dev/null +++ b/sys/test/related.txt @@ -0,0 +1,32 @@ +# Copyright 2024 syzkaller project authors. All rights reserved. +# Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file. + +ioctl(fd fd, cmd int32, arg intptr) +ioctl$1(fd fd, cmd const[0x111], arg intptr) +ioctl$2(fd fd, cmd const[0x222], arg intptr) +ioctl$4(fd fd, cmd flags[ioctl_commands], arg intptr) + +ioctl_commands = 0x333, 0x444 + +resource sock[fd] + +socket(domain flags[socket_domain], type flags[socket_type], protocol flags[socket_protocol]) sock +socket$generic(domain int32, type int32, protocol int32) sock +socket$inet6(domain const[0x111], type flags[socket_type], protocol const[0x10000]) sock +socket$inet6_tcp(domain const[0x111], type const[0x1000], protocol const[0x10000]) sock +socket$netlink(domain const[0x211], type const[0x1000], protocol flags[socket_protocol]) sock +socket$netlink2(domain const[0x211], type const[0x1000], protocol int32) sock +socket$netlink_foo(domain const[0x211], type const[0x1000], protocol const[0x10200]) sock +socket$foo(domain const[0x311], type const[0x1000], protocol const[0x10200]) sock +socket$foo2(domain const[0x311], type flags[socket_type], protocol const[0x10200]) sock +socket$foo3(domain const[0x311], type int32, protocol const[0x10200]) sock +socket$foo4(domain const[0x411], type int32, protocol const[0x10000]) sock +socket$foo5(domain const[0x411], type int32, protocol int32) sock +socket$foo6(domain int32, type int32, protocol int32) sock +socket$foo7(domain int32, type int32, protocol int32) sock + +listen(fd sock) + +socket_domain = 0x111, 0x211, 0x311 +socket_type = 0x1000, 0x1100, 0x1200 +socket_protocol = 0x10000, 0x10100, 0x10200 |