From 18f846ca807cfc6df9c3da3c0ab08251277dfefb Mon Sep 17 00:00:00 2001 From: Aleksandr Nogikh Date: Wed, 1 Dec 2021 17:25:40 +0000 Subject: all: add the `rerun` call property To be able to collide specific syscalls more precisely, we need to repeat the process many times. Introduce the `rerun` call property, which instructs `syz-executor` to repeat the call the specified number of times. The intended use is: call1() (rerun: 100, async) call2() (rerun: 100) For now, assign rerun values randomly to consecutive pairs of calls, where the first one is async. --- executor/executor.cc | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'executor/executor.cc') diff --git a/executor/executor.cc b/executor/executor.cc index 01b19b81e..feb47c814 100644 --- a/executor/executor.cc +++ b/executor/executor.cc @@ -1244,6 +1244,8 @@ void execute_call(thread_t* th) int fail_fd = -1; th->soft_fail_state = false; if (th->call_props.fail_nth > 0) { + if (th->call_props.rerun > 0) + fail("both fault injection and rerun are enabled for the same call"); fail_fd = inject_fault(th->call_props.fail_nth); th->soft_fail_state = true; } @@ -1272,12 +1274,19 @@ void execute_call(thread_t* th) if (th->call_props.fail_nth > 0) th->fault_injected = fault_injected(fail_fd); + // If required, run the syscall some more times. + // But let's still return res, errno and coverage from the first execution. + for (int i = 0; i < th->call_props.rerun; i++) + NONFAILING(execute_syscall(call, th->args)); + debug("#%d [%llums] <- %s=0x%llx errno=%d ", th->id, current_time_ms() - start_time_ms, call->name, (uint64)th->res, th->reserrno); if (flag_coverage) debug("cover=%u ", th->cov.size); if (th->call_props.fail_nth > 0) debug("fault=%d ", th->fault_injected); + if (th->call_props.rerun > 0) + debug("rerun=%d ", th->call_props.rerun); debug("\n"); } -- cgit mrf-deployment