From 5e7b20cfc3d38b457f3282bf8227737a8ee4eecd Mon Sep 17 00:00:00 2001 From: Dmitry Vyukov Date: Fri, 8 Dec 2017 11:33:30 +0100 Subject: prog: fix a data race The race initially showed up on the new benchmark (see race report below). The race indicated a wrong call passed to replaceArg, as the result we sanitized the wrong call and left the new call un-sanitized. Fix this. Add test that exposes this. Run benchmarks in race mode during presubmit (benchmarks have higher chances of uncovering races than tests). WARNING: DATA RACE Write at 0x00c42000d3f0 by goroutine 18: github.com/google/syzkaller/sys/linux.(*arch).sanitizeCall() sys/linux/init.go:155 +0x256 github.com/google/syzkaller/sys/linux.(*arch).(github.com/google/syzkaller/sys/linux.sanitizeCall)-fm() sys/linux/init.go:42 +0x4b github.com/google/syzkaller/prog.(*Prog).replaceArg() prog/prog.go:357 +0x239 github.com/google/syzkaller/prog.generateHints.func2() prog/hints.go:105 +0x124 github.com/google/syzkaller/prog.checkConstArg() prog/hints.go:128 +0xf3 github.com/google/syzkaller/prog.generateHints() prog/hints.go:120 +0x495 github.com/google/syzkaller/prog.(*Prog).MutateWithHints.func1() prog/hints.go:72 +0x67 github.com/google/syzkaller/prog.foreachSubargImpl.func1() prog/analysis.go:86 +0x9f github.com/google/syzkaller/prog.foreachSubargImpl() prog/analysis.go:104 +0xc8 github.com/google/syzkaller/prog.foreachArgArray() prog/analysis.go:113 +0x89 github.com/google/syzkaller/prog.foreachArg() prog/analysis.go:121 +0x50 github.com/google/syzkaller/prog.(*Prog).MutateWithHints() prog/hints.go:71 +0x18e github.com/google/syzkaller/prog.BenchmarkHints.func1() prog/hints_test.go:477 +0x77 testing.(*B).RunParallel.func1() testing/benchmark.go:626 +0x156 Previous read at 0x00c42000d3f0 by goroutine 17: github.com/google/syzkaller/prog.clone() prog/clone.go:38 +0xbaa github.com/google/syzkaller/prog.(*Prog).cloneImpl() prog/clone.go:21 +0x17f github.com/google/syzkaller/prog.generateHints() prog/hints.go:95 +0xd0 github.com/google/syzkaller/prog.(*Prog).MutateWithHints.func1() prog/hints.go:72 +0x67 github.com/google/syzkaller/prog.foreachSubargImpl.func1() prog/analysis.go:86 +0x9f github.com/google/syzkaller/prog.foreachSubargImpl() prog/analysis.go:104 +0xc8 github.com/google/syzkaller/prog.foreachArgArray() prog/analysis.go:113 +0x89 github.com/google/syzkaller/prog.foreachArg() prog/analysis.go:121 +0x50 github.com/google/syzkaller/prog.(*Prog).MutateWithHints() prog/hints.go:71 +0x18e github.com/google/syzkaller/prog.BenchmarkHints.func1() prog/hints_test.go:477 +0x77 testing.(*B).RunParallel.func1() testing/benchmark.go:626 +0x156 --- prog/hints_test.go | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) (limited to 'prog/hints_test.go') diff --git a/prog/hints_test.go b/prog/hints_test.go index b5e35c9c9..b2999ad14 100644 --- a/prog/hints_test.go +++ b/prog/hints_test.go @@ -6,6 +6,7 @@ package prog import ( "encoding/hex" "fmt" + "math/rand" "reflect" "sort" "testing" @@ -450,3 +451,31 @@ func TestHintsData(t *testing.T) { } } } + +func BenchmarkHints(b *testing.B) { + target, err := GetTarget("linux", "amd64") + if err != nil { + b.Fatal(err) + } + rs := rand.NewSource(0) + r := newRand(target, rs) + p := target.Generate(rs, 30, nil) + comps := make([]CompMap, len(p.Calls)) + for i, c := range p.Calls { + vals := extractValues(c) + for j := 0; j < 5; j++ { + vals[r.randInt()] = true + } + comps[i] = make(CompMap) + for v := range vals { + comps[i].AddComp(v, r.randInt()) + } + } + b.RunParallel(func(pb *testing.PB) { + for pb.Next() { + for i := range p.Calls { + p.MutateWithHints(i, comps[i], func(p1 *Prog) {}) + } + } + }) +} -- cgit mrf-deployment