From 99fa39ccb15e1c569aea2a106fd22e4d4a0063b2 Mon Sep 17 00:00:00 2001
From: Dmitry Vyukov <dvyukov@google.com>
Date: Wed, 28 Mar 2018 17:42:03 +0200
Subject: syz-fuzzer: relax triage signal conditions

Don't discard programs if signal is flaky.
We already do this for inputs from corpus,
do this for all inputs.
---
 syz-fuzzer/proc.go | 19 +++++++------------
 1 file changed, 7 insertions(+), 12 deletions(-)

diff --git a/syz-fuzzer/proc.go b/syz-fuzzer/proc.go
index 6cfd92c71..9867c787d 100644
--- a/syz-fuzzer/proc.go
+++ b/syz-fuzzer/proc.go
@@ -116,24 +116,19 @@ func (proc *Proc) triageInput(item *WorkTriage) {
 		minimizeAttempts = 3
 	)
 	// Compute input coverage and non-flaky signal for minimization.
-	notexecuted := 0
 	for i := 0; i < signalRuns; i++ {
 		info := proc.executeRaw(proc.execOptsCover, item.p, StatTriage)
-		if len(info) == 0 || len(info[item.call].Signal) == 0 {
-			// The call was not executed. Happens sometimes.
-			notexecuted++
-			if notexecuted > signalRuns/2 {
-				return // if happens too often, give up
-			}
+		if len(info) == 0 || len(info[item.call].Signal) == 0 ||
+			item.info.Errno == 0 && info[item.call].Errno != 0 {
+			// The call was not executed or failed.
 			continue
 		}
 		inf := info[item.call]
 		thisSignal := signal.FromRaw(inf.Signal, signalPrio(item.p.Target, call, &inf))
-		newSignal = newSignal.Intersection(thisSignal)
-		// Without !minimized check manager starts losing some considerable amount
-		// of coverage after each restart. Mechanics of this are not completely clear.
-		if newSignal.Empty() && item.flags&ProgMinimized == 0 {
-			return
+		newSignal1 := newSignal.Intersection(thisSignal)
+		if !newSignal1.Empty() {
+			newSignal = newSignal1
+
 		}
 		inputCover.Merge(inf.Cover)
 	}
-- 
cgit mrf-deployment