From 6b36d33868a01cea153c3a9cca05aef3548e4aea Mon Sep 17 00:00:00 2001
From: Dmitry Vyukov <dvyukov@google.com>
Date: Mon, 30 Dec 2019 11:41:20 +0100
Subject: syz-manager: corpus rotation

Use a random subset of syscalls/corpus/coverage for each individual VM run.
Hypothesis is that this should allow fuzzer to get more coverage
find more bugs in saturated state (stuck in local optimum).
See the issue and comments for details.

Update #1348
---
 sys/linux/init.go | 20 ++++++++++++++------
 1 file changed, 14 insertions(+), 6 deletions(-)

(limited to 'sys/linux')

diff --git a/sys/linux/init.go b/sys/linux/init.go
index fe214156e..aea6a6957 100644
--- a/sys/linux/init.go
+++ b/sys/linux/init.go
@@ -67,6 +67,7 @@ func InitTarget(target *prog.Target) {
 		"usb_device_descriptor":     arch.generateUsbDeviceDescriptor,
 		"usb_device_descriptor_hid": arch.generateUsbHidDeviceDescriptor,
 	}
+
 	// TODO(dvyukov): get rid of this, this must be in descriptions.
 	target.StringDictionary = []string{
 		"user", "keyring", "trusted", "system", "security", "selinux",
@@ -75,17 +76,24 @@ func InitTarget(target *prog.Target) {
 		"lo", "eth0", "eth1", "em0", "em1", "wlan0", "wlan1", "ppp0", "ppp1",
 		"vboxnet0", "vboxnet1", "vmnet0", "vmnet1", "GPL",
 	}
-	switch target.Arch {
 
+	target.AuxResources = map[string]bool{
+		"uid":       true,
+		"pid":       true,
+		"gid":       true,
+		"timespec":  true,
+		"timeval":   true,
+		"time_sec":  true,
+		"time_usec": true,
+		"time_nsec": true,
+	}
+
+	switch target.Arch {
 	case "amd64":
 		target.SpecialPointers = []uint64{
 			0xffffffff81000000, // kernel text
 		}
-	case "386":
-	case "arm64":
-	case "arm":
-	case "ppc64le":
-	case "mips64le":
+	case "386", "arm64", "arm", "ppc64le", "mips64le":
 	default:
 		panic("unknown arch")
 	}
-- 
cgit mrf-deployment