From df655b64ffc2879b80e652329fb7a11508e50310 Mon Sep 17 00:00:00 2001 From: Dmitry Vyukov Date: Mon, 1 Jul 2024 14:26:07 +0200 Subject: prog: restricts hints to at most 10 attempts per single kernel PC We are getting too many generated candidates, the fuzzer may not keep up with them at all (hints jobs keep growing infinitely). If a hint indeed came from the input w/o transformation, then we should guess it on the first attempt (or at least after few attempts). If it did not come from the input, or came with a non-trivial transformation, then any number of attempts won't help. So limit the total number of attempts (until the next restart). --- tools/syz-execprog/execprog.go | 2 +- tools/syz-mutate/mutate.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'tools') diff --git a/tools/syz-execprog/execprog.go b/tools/syz-execprog/execprog.go index 8fce0d961..e86d09053 100644 --- a/tools/syz-execprog/execprog.go +++ b/tools/syz-execprog/execprog.go @@ -288,7 +288,7 @@ func (ctx *Context) printHints(p *prog.Prog, info *flatrpc.ProgInfo) { } comps := make(prog.CompMap) for _, cmp := range info.Calls[i].Comps { - comps.AddComp(cmp.Op1, cmp.Op2) + comps.Add(cmp.Pc, cmp.Op1, cmp.Op2, cmp.IsConst) if ctx.output { fmt.Printf("comp 0x%x ? 0x%x\n", cmp.Op1, cmp.Op2) } diff --git a/tools/syz-mutate/mutate.go b/tools/syz-mutate/mutate.go index 101ce0739..351d0ae6a 100644 --- a/tools/syz-mutate/mutate.go +++ b/tools/syz-mutate/mutate.go @@ -88,7 +88,7 @@ func main() { } if *flagHintCall != -1 { comps := make(prog.CompMap) - comps.AddComp(*flagHintSrc, *flagHintCmp) + comps.Add(0, *flagHintSrc, *flagHintCmp, true) p.MutateWithHints(*flagHintCall, comps, func(p *prog.Prog) bool { fmt.Printf("%s\n\n", p.Serialize()) return true -- cgit mrf-deployment