diff options
| -rw-r--r-- | prog/hints.go | 15 | ||||
| -rw-r--r-- | prog/hints_test.go | 7 | ||||
| -rw-r--r-- | syz-fuzzer/fuzzer.go | 6 | ||||
| -rw-r--r-- | tools/syz-execprog/execprog.go | 15 |
4 files changed, 21 insertions, 22 deletions
diff --git a/prog/hints.go b/prog/hints.go index 5a05d7f56..87b92229d 100644 --- a/prog/hints.go +++ b/prog/hints.go @@ -47,15 +47,14 @@ func (m CompMap) AddComp(arg1, arg2 uint64) { // Mutates the program using the comparison operands stored in compMaps. // For each of the mutants executes the exec callback. -func (p *Prog) MutateWithHints(compMaps []CompMap, exec func(newP *Prog)) { - for i, c := range p.Calls { - if c.Meta == p.Target.MmapSyscall { - continue - } - foreachArg(c, func(arg, _ Arg, _ *[]Arg) { - generateHints(p, compMaps[i], c, arg, exec) - }) +func (p *Prog) MutateWithHints(callIndex int, comps CompMap, exec func(newP *Prog)) { + c := p.Calls[callIndex] + if c.Meta == p.Target.MmapSyscall { + return } + foreachArg(c, func(arg, _ Arg, _ *[]Arg) { + generateHints(p, comps, c, arg, exec) + }) } func generateHints(p *Prog, compMap CompMap, c *Call, arg Arg, exec func(p *Prog)) { diff --git a/prog/hints_test.go b/prog/hints_test.go index 31cc13889..9e5c88343 100644 --- a/prog/hints_test.go +++ b/prog/hints_test.go @@ -343,18 +343,17 @@ func TestHintsRandom(t *testing.T) { r := newRand(target, rs) for i := 0; i < iters; i++ { p := target.Generate(rs, 5, nil) - comps := make([]CompMap, len(p.Calls)) for i, c := range p.Calls { vals := extractValues(c) for j := 0; j < 5; j++ { vals[r.randInt()] = true } - comps[i] = make(CompMap) + comps := make(CompMap) for v := range vals { - comps[i].AddComp(v, r.randInt()) + comps.AddComp(v, r.randInt()) } + p.MutateWithHints(i, comps, func(p1 *Prog) {}) } - p.MutateWithHints(comps, func(p1 *Prog) {}) } } diff --git a/syz-fuzzer/fuzzer.go b/syz-fuzzer/fuzzer.go index b336dea52..ea7b1fcff 100644 --- a/syz-fuzzer/fuzzer.go +++ b/syz-fuzzer/fuzzer.go @@ -502,7 +502,7 @@ func smashInput(pid int, env *ipc.Env, ct *prog.ChoiceTable, rs rand.Source, inp execute(pid, env, p, false, false, false, false, &statExecSmash) } if compsSupported { - executeHintSeed(pid, env, inp.p) + executeHintSeed(pid, env, inp.p, inp.call) } } @@ -627,7 +627,7 @@ func triageInput(pid int, env *ipc.Env, inp Input) { } } -func executeHintSeed(pid int, env *ipc.Env, p *prog.Prog) { +func executeHintSeed(pid int, env *ipc.Env, p *prog.Prog, call int) { Logf(1, "#%v: collecting comparisons", pid) // First execute the original program to dump comparisons from KCOV. info := execute(pid, env, p, false, true, false, false, &statExecHintSeeds) @@ -641,7 +641,7 @@ func executeHintSeed(pid int, env *ipc.Env, p *prog.Prog) { // Then mutate the initial program for every match between // a syscall argument and a comparison operand. // Execute each of such mutants to check if it gives new coverage. - p.MutateWithHints(compMaps, func(p *prog.Prog) { + p.MutateWithHints(call, compMaps[call], func(p *prog.Prog) { Logf(1, "#%v: executing comparison hint", pid) execute(pid, env, p, false, false, false, false, &statExecHints) }) diff --git a/tools/syz-execprog/execprog.go b/tools/syz-execprog/execprog.go index 9a9a1b48a..6c5df9ffd 100644 --- a/tools/syz-execprog/execprog.go +++ b/tools/syz-execprog/execprog.go @@ -179,7 +179,8 @@ func main() { if *flagHints { compMaps := ipc.GetCompMaps(info) ncomps, ncandidates := 0, 0 - for _, comps := range compMaps { + for i := range p.Calls { + comps := compMaps[i] for v, args := range comps { ncomps += len(args) if *flagOutput == "stdout" { @@ -190,13 +191,13 @@ func main() { fmt.Printf("\n") } } + p.MutateWithHints(i, comps, func(p *prog.Prog) { + ncandidates++ + if *flagOutput == "stdout" { + fmt.Printf("PROGRAM:\n%s\n", p.Serialize()) + } + }) } - p.MutateWithHints(compMaps, func(p *prog.Prog) { - ncandidates++ - if *flagOutput == "stdout" { - fmt.Printf("PROGRAM:\n%s\n", p.Serialize()) - } - }) fmt.Printf("ncomps=%v ncandidates=%v\n", ncomps, ncandidates) } return true |