From fc79262e5b62a97a2338b247a1c31ee1c79decc2 Mon Sep 17 00:00:00 2001
From: Aleksandr Nogikh <nogikh@google.com>
Date: Fri, 25 Mar 2022 11:15:25 +0000
Subject: syz-manager: use a separate type for corpus items

Now we use the same type for both RCP communication with syz-fuzzer and
for managing corpus. It's not convenient to add corpus-specific fields
in this case, so separate them.
---
 syz-manager/manager.go | 33 +++++++++++++++++++++++++++------
 1 file changed, 27 insertions(+), 6 deletions(-)

diff --git a/syz-manager/manager.go b/syz-manager/manager.go
index 278b5d875..18ccef497 100644
--- a/syz-manager/manager.go
+++ b/syz-manager/manager.go
@@ -72,7 +72,7 @@ type Manager struct {
 
 	candidates       []rpctype.Candidate // untriaged inputs from corpus and hub
 	disabledHashes   map[string]struct{}
-	corpus           map[string]rpctype.Input
+	corpus           map[string]CorpusItem
 	seeds            [][]byte
 	newRepros        [][]byte
 	lastMinCorpus    int
@@ -94,6 +94,22 @@ type Manager struct {
 	modulesInitialized bool
 }
 
+type CorpusItem struct {
+	Call   string
+	Prog   []byte
+	Signal signal.Serial
+	Cover  []uint32
+}
+
+func (item *CorpusItem) RPCInput() rpctype.Input {
+	return rpctype.Input{
+		Call:   item.Call,
+		Prog:   item.Prog,
+		Signal: item.Signal,
+		Cover:  item.Cover,
+	}
+}
+
 const (
 	// Just started, nothing done yet.
 	phaseInit = iota
@@ -162,7 +178,7 @@ func RunManager(cfg *mgrconfig.Config) {
 		startTime:        time.Now(),
 		stats:            &Stats{haveHub: cfg.HubClient != ""},
 		crashTypes:       make(map[string]bool),
-		corpus:           make(map[string]rpctype.Input),
+		corpus:           make(map[string]CorpusItem),
 		disabledHashes:   make(map[string]struct{}),
 		memoryLeakFrames: make(map[string]bool),
 		dataRaceFrames:   make(map[string]bool),
@@ -1012,11 +1028,11 @@ func (mgr *Manager) minimizeCorpus() {
 			Context: inp,
 		})
 	}
-	newCorpus := make(map[string]rpctype.Input)
+	newCorpus := make(map[string]CorpusItem)
 	// Note: inputs are unsorted (based on map iteration).
 	// This gives some intentional non-determinism during minimization.
 	for _, ctx := range signal.Minimize(inputs) {
-		inp := ctx.(rpctype.Input)
+		inp := ctx.(CorpusItem)
 		newCorpus[hash.String(inp.Prog)] = inp
 	}
 	log.Logf(1, "minimized corpus: %v -> %v", len(mgr.corpus), len(newCorpus))
@@ -1108,7 +1124,7 @@ func (mgr *Manager) fuzzerConnect(modules []host.KernelModule) (
 	mgr.minimizeCorpus()
 	corpus := make([]rpctype.Input, 0, len(mgr.corpus))
 	for _, inp := range mgr.corpus {
-		corpus = append(corpus, inp)
+		corpus = append(corpus, inp.RPCInput())
 	}
 	frames := BugFrames{
 		memoryLeaks: make([]string, 0, len(mgr.memoryLeakFrames)),
@@ -1159,7 +1175,12 @@ func (mgr *Manager) newInput(inp rpctype.Input, sign signal.Signal) bool {
 		old.Cover = cov.Serialize()
 		mgr.corpus[sig] = old
 	} else {
-		mgr.corpus[sig] = inp
+		mgr.corpus[sig] = CorpusItem{
+			Call:   inp.Call,
+			Prog:   inp.Prog,
+			Signal: inp.Signal,
+			Cover:  inp.Cover,
+		}
 		mgr.corpusDB.Save(sig, inp.Prog, 0)
 		if err := mgr.corpusDB.Flush(); err != nil {
 			log.Logf(0, "failed to save corpus database: %v", err)
-- 
cgit mrf-deployment