From 3d475bc56886c8183b3189b762451095985b6c84 Mon Sep 17 00:00:00 2001 From: Dmitry Vyukov Date: Mon, 24 Jun 2024 11:39:39 +0200 Subject: prog: reduce amount of hint replacements Several optimizations to reduce amount of hint replacements: 1. Don't mutate int's that are <= 8 bits. 2. Don't mutate data that is <= 3 bytes. 3. Restrict mutation of len only value >10 and < 1<<20. Values <= 10 we can produce during normal mutation. Values > 1<<20 are presumably not length of something and we have logic to produce various large bogus lengths. 4. Include all small ints <= 16 into specialInts and remove 31, 32, 63 (don't remember where they come from). 5. Don't produce other known flags (and combinations) for flags. And a larger part computes groups of related arguments so that we don't try to produce known ioctl's from other known ioctl's, and similarly for socket/socketpair/setsockopt/etc. See comments in Target.initRelatedFields for details. Update #477 --- sys/test/related.txt | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 sys/test/related.txt (limited to 'sys') diff --git a/sys/test/related.txt b/sys/test/related.txt new file mode 100644 index 000000000..4d0dfebb1 --- /dev/null +++ b/sys/test/related.txt @@ -0,0 +1,32 @@ +# Copyright 2024 syzkaller project authors. All rights reserved. +# Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file. + +ioctl(fd fd, cmd int32, arg intptr) +ioctl$1(fd fd, cmd const[0x111], arg intptr) +ioctl$2(fd fd, cmd const[0x222], arg intptr) +ioctl$4(fd fd, cmd flags[ioctl_commands], arg intptr) + +ioctl_commands = 0x333, 0x444 + +resource sock[fd] + +socket(domain flags[socket_domain], type flags[socket_type], protocol flags[socket_protocol]) sock +socket$generic(domain int32, type int32, protocol int32) sock +socket$inet6(domain const[0x111], type flags[socket_type], protocol const[0x10000]) sock +socket$inet6_tcp(domain const[0x111], type const[0x1000], protocol const[0x10000]) sock +socket$netlink(domain const[0x211], type const[0x1000], protocol flags[socket_protocol]) sock +socket$netlink2(domain const[0x211], type const[0x1000], protocol int32) sock +socket$netlink_foo(domain const[0x211], type const[0x1000], protocol const[0x10200]) sock +socket$foo(domain const[0x311], type const[0x1000], protocol const[0x10200]) sock +socket$foo2(domain const[0x311], type flags[socket_type], protocol const[0x10200]) sock +socket$foo3(domain const[0x311], type int32, protocol const[0x10200]) sock +socket$foo4(domain const[0x411], type int32, protocol const[0x10000]) sock +socket$foo5(domain const[0x411], type int32, protocol int32) sock +socket$foo6(domain int32, type int32, protocol int32) sock +socket$foo7(domain int32, type int32, protocol int32) sock + +listen(fd sock) + +socket_domain = 0x111, 0x211, 0x311 +socket_type = 0x1000, 0x1100, 0x1200 +socket_protocol = 0x10000, 0x10100, 0x10200 -- cgit mrf-deployment