From 8365c3838dd442ef23f3b622710963382f73f4df Mon Sep 17 00:00:00 2001
From: Dmitry Vyukov <dvyukov@google.com>
Date: Wed, 25 Jan 2017 22:18:42 +0100
Subject: all: implement edge coverage

Currently syzkaller uses per-call basic block (BB) coverage.
This change implements edge (not-per-call) coverage.
Edge coverage is more detailed than BB coverage as it captures
not-taken branches, looping, etc. So it provides better feedback signal.
This coverage is now called "signal" throughout the code.
BB code coverage is also collected as it is required for visualisation.
Not doing per-call coverage reduces corpus ~6-7x (from ~35K to ~5K),
this has profound effect on fuzzing efficiency.
---
 sys/decl.go | 14 ++------------
 1 file changed, 2 insertions(+), 12 deletions(-)

(limited to 'sys')

diff --git a/sys/decl.go b/sys/decl.go
index 14f1105de..57d788576 100644
--- a/sys/decl.go
+++ b/sys/decl.go
@@ -12,7 +12,6 @@ const ptrSize = 8
 type Call struct {
 	ID       int
 	NR       int // kernel syscall number
-	CallID   int
 	Name     string
 	CallName string
 	Args     []Type
@@ -598,10 +597,8 @@ func ForeachType(meta *Call, f func(Type)) {
 }
 
 var (
-	Calls     []*Call
-	CallCount int
-	CallMap   = make(map[string]*Call)
-	CallID    = make(map[string]int)
+	Calls   []*Call
+	CallMap = make(map[string]*Call)
 )
 
 func init() {
@@ -616,13 +613,6 @@ func init() {
 			println(c.Name)
 			panic("duplicate syscall")
 		}
-		id, ok := CallID[c.CallName]
-		if !ok {
-			id = len(CallID)
-			CallID[c.CallName] = id
-		}
-		c.CallID = id
 		CallMap[c.Name] = c
 	}
-	CallCount = len(CallID)
 }
-- 
cgit mrf-deployment