diff options
Diffstat (limited to 'executor/executor.cc')
| -rw-r--r-- | executor/executor.cc | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/executor/executor.cc b/executor/executor.cc index 2f90e4092..7c31f9cc2 100644 --- a/executor/executor.cc +++ b/executor/executor.cc @@ -141,6 +141,7 @@ static bool flag_collect_cover; static bool flag_dedup_cover; static bool flag_threaded; static bool flag_collide; +static bool flag_coverage_filter; // If true, then executor should write the comparisons data to fuzzer. static bool flag_comparisons; @@ -350,6 +351,8 @@ static void setup_features(char** enable, int n); #error "unknown OS" #endif +#include "cov_filter.h" + #include "test.h" int main(int argc, char** argv) @@ -428,6 +431,7 @@ int main(int argc, char** argv) // Don't enable comps because we don't use them in the fuzzer yet. cover_enable(&extra_cov, false, true); } + init_coverage_filter(); } int status = 0; @@ -547,14 +551,15 @@ void receive_execute() flag_comparisons = req.exec_flags & (1 << 3); flag_threaded = req.exec_flags & (1 << 4); flag_collide = req.exec_flags & (1 << 5); + flag_coverage_filter = req.exec_flags & (1 << 6); flag_fault_call = req.fault_call; flag_fault_nth = req.fault_nth; if (!flag_threaded) flag_collide = false; - debug("[%llums] exec opts: procid=%llu threaded=%d collide=%d cover=%d comps=%d dedup=%d fault=%d/%d/%d prog=%llu\n", + debug("[%llums] exec opts: procid=%llu threaded=%d collide=%d cover=%d comps=%d dedup=%d fault=%d/%d/%d prog=%llu filter=%d\n", current_time_ms() - start_time_ms, procid, flag_threaded, flag_collide, flag_collect_cover, flag_comparisons, flag_dedup_cover, flag_fault, - flag_fault_call, flag_fault_nth, req.prog_size); + flag_fault_call, flag_fault_nth, req.prog_size, flag_coverage_filter); if (SYZ_EXECUTOR_USES_SHMEM) { if (req.prog_size) fail("need_prog: no program"); @@ -873,6 +878,8 @@ void write_coverage_signal(cover_t* cov, uint32* signal_count_pos, uint32* cover } cover_data_t sig = pc ^ prev; prev = hash(pc); + if (flag_coverage_filter && !coverage_filter((uint64)pc)) + continue; if (dedup(sig)) continue; write_output(sig); |