From 1e153dc8b31e685ca8495576db4f8c077585e39c Mon Sep 17 00:00:00 2001 From: Aleksandr Nogikh Date: Tue, 23 Jan 2024 14:02:44 +0100 Subject: all: experiment with an option to reset accumulated state In the cases where we do not / cannot sandbox individual prog executions well enough, some share of progs end up being dependent on the previously accumulated state of the whole VM. As the result, * We lose 5-10% of coverage/signal on every instance restart. * A share of our corpus programs do not actually trigger the coverage they were thought to reliably trigger. This significantly affects fuzzing efficiency and prevents syzkaller from accumulating bigger and better corpus over multiple runs. Let's see if the situation becomes better if we restart syz-executor before most of prog executions. --- pkg/instance/instance.go | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'pkg/instance/instance.go') diff --git a/pkg/instance/instance.go b/pkg/instance/instance.go index 2f48cdbc7..7b4ca5c71 100644 --- a/pkg/instance/instance.go +++ b/pkg/instance/instance.go @@ -456,10 +456,11 @@ func (inst *inst) testRepro() ([]byte, error) { } type OptionalFuzzerArgs struct { - Slowdown int - RawCover bool - SandboxArg int - PprofPort int + Slowdown int + RawCover bool + SandboxArg int + PprofPort int + ResetAccState bool } type FuzzerCmdArgs struct { @@ -502,6 +503,7 @@ func FuzzerCmd(args *FuzzerCmdArgs) string { {Name: "raw_cover", Value: fmt.Sprint(args.Optional.RawCover)}, {Name: "sandbox_arg", Value: fmt.Sprint(args.Optional.SandboxArg)}, {Name: "pprof_port", Value: fmt.Sprint(args.Optional.PprofPort)}, + {Name: "reset_acc_state", Value: fmt.Sprint(args.Optional.ResetAccState)}, } optionalArg = " " + tool.OptionalFlags(flags) } -- cgit mrf-deployment