diff options
Diffstat (limited to 'pkg')
| -rw-r--r-- | pkg/fuzzer/fuzzer.go | 8 | ||||
| -rw-r--r-- | pkg/fuzzer/job.go | 9 | ||||
| -rw-r--r-- | pkg/rpctype/rpctype.go | 15 | ||||
| -rw-r--r-- | pkg/signal/signal.go | 9 |
4 files changed, 26 insertions, 15 deletions
diff --git a/pkg/fuzzer/fuzzer.go b/pkg/fuzzer/fuzzer.go index 2663d7b60..a5b338b13 100644 --- a/pkg/fuzzer/fuzzer.go +++ b/pkg/fuzzer/fuzzer.go @@ -89,7 +89,10 @@ type Request struct { NeedRawCover bool NeedSignal rpctype.SignalType NeedHints bool - SignalFilter signal.Signal // If specified, the resulting signal MAY be a subset of it. + // If specified, the resulting signal for call SignalFilterCall + // will include subset of it even if it's not new. + SignalFilter signal.Signal + SignalFilterCall int // Fields that are only relevant within pkg/fuzzer. flags ProgTypes stat *stats.Val @@ -249,6 +252,9 @@ func (fuzzer *Fuzzer) pushExec(req *Request, prio priority) { if req.NeedHints && (req.NeedCover || req.NeedSignal != rpctype.NoSignal) { panic("Request.NeedHints is mutually exclusive with other fields") } + if req.SignalFilter != nil && req.NeedSignal != rpctype.NewSignal { + panic("SignalFilter must be used with NewSignal") + } fuzzer.nextExec.push(&priorityQueueItem[*Request]{ value: req, prio: prio, }) diff --git a/pkg/fuzzer/job.go b/pkg/fuzzer/job.go index ede1f1a57..b5bb2aab1 100644 --- a/pkg/fuzzer/job.go +++ b/pkg/fuzzer/job.go @@ -237,10 +237,11 @@ func (job *triageJob) minimize(fuzzer *Fuzzer, newSignal signal.Signal) (stop bo } for i := 0; i < minimizeAttempts; i++ { result := fuzzer.exec(job, &Request{ - Prog: p1, - NeedSignal: rpctype.AllSignal, - SignalFilter: newSignal, - stat: fuzzer.statExecMinimize, + Prog: p1, + NeedSignal: rpctype.NewSignal, + SignalFilter: newSignal, + SignalFilterCall: call1, + stat: fuzzer.statExecMinimize, }) if result.Stop { stop = true diff --git a/pkg/rpctype/rpctype.go b/pkg/rpctype/rpctype.go index 1130d11b7..7e15ba69c 100644 --- a/pkg/rpctype/rpctype.go +++ b/pkg/rpctype/rpctype.go @@ -25,13 +25,14 @@ const ( // ExecutionRequest describes the task of executing a particular program. // Corresponds to Fuzzer.Request. type ExecutionRequest struct { - ID int64 - ProgData []byte - NeedCover bool - NeedRawCover bool - NeedHints bool - NeedSignal SignalType - SignalFilter signal.Signal + ID int64 + ProgData []byte + NeedCover bool + NeedRawCover bool + NeedHints bool + NeedSignal SignalType + SignalFilter signal.Signal + SignalFilterCall int } // ExecutionResult is sent after ExecutionRequest is completed. diff --git a/pkg/signal/signal.go b/pkg/signal/signal.go index 48686de54..10a1ef0cb 100644 --- a/pkg/signal/signal.go +++ b/pkg/signal/signal.go @@ -159,11 +159,14 @@ func (s Signal) RandomSubset(r *rand.Rand, size int) Signal { return ret } -// FilterRaw returns a subset of original raw elements that coincides with the one in Signal. -func (s Signal) FilterRaw(raw []uint32) []uint32 { +// FilterRaw returns a subset of original raw elements that either are not present in ignore, +// or coincides with the one in alwaysTake. +func FilterRaw(raw []uint32, ignore, alwaysTake Signal) []uint32 { var ret []uint32 for _, e := range raw { - if _, ok := s[elemType(e)]; ok { + if _, ok := alwaysTake[elemType(e)]; ok { + ret = append(ret, e) + } else if _, ok := ignore[elemType(e)]; !ok { ret = append(ret, e) } } |