[google/syzkaller] 3d475b: prog: reduce amount of hint replacements
1 view
Skip to first unread message
Dmitry Vyukov
Jul 2, 2024, 11:07:48 AM (13 hours ago) Jul 2
to syzk...@googlegroups.com
Branch: refs/heads/gh-readonly-queue/master/pr-4969-0be05f03ef149d0a149a51bf1111a5153708b1ef
Home: https://github.com/google/syzkaller
Commit: 3d475bc56886c8183b3189b762451095985b6c84
https://github.com/google/syzkaller/commit/3d475bc56886c8183b3189b762451095985b6c84
Author: Dmitry Vyukov <dvy...@google.com>
Date: 2024-07-02 (Tue, 02 Jul 2024)
Changed paths:
M pkg/hash/hash.go
M prog/analysis.go
M prog/hints.go
M prog/hints_test.go
M prog/rand.go
M prog/target.go
M prog/types.go
A sys/test/related.txt
Log Message:
-----------
prog: reduce amount of hint replacements
Several optimizations to reduce amount of hint replacements:
1. Don't mutate int's that are <= 8 bits.
2. Don't mutate data that is <= 3 bytes.
3. Restrict mutation of len only value >10 and < 1<<20.
Values <= 10 we can produce during normal mutation.
Values > 1<<20 are presumably not length of something
and we have logic to produce various large bogus lengths.
4. Include all small ints <= 16 into specialInts and remove 31, 32, 63
(don't remember where they come from).
5. Don't produce other known flags (and combinations) for flags.
And a larger part computes groups of related arguments
so that we don't try to produce known ioctl's from other known ioctl's,
and similarly for socket/socketpair/setsockopt/etc.
See comments in Target.initRelatedFields for details.
Update #477
Commit: 6a2ff1acbd95b320444a729d9d281835be88ec66
https://github.com/google/syzkaller/commit/6a2ff1acbd95b320444a729d9d281835be88ec66
Author: Dmitry Vyukov <dvy...@google.com>
Date: 2024-07-02 (Tue, 02 Jul 2024)
Changed paths:
M pkg/fuzzer/fuzzer.go
M pkg/fuzzer/job.go
M pkg/fuzzer/stats.go
Log Message:
-----------
pkg/fuzzer: optimize smash jobs
1. Run only 25 mutations during smash.
2. Run collide during normal fuzzing rather than during smashing.
3. Run hints and fault injection before random mutations
and order hints/fault injection jobs.
4. Random mutations still run round-robin w/o ordering
to give better diversity.
Commit: 07dedd50ee8834dbca4da7667e69e72b7d0565b9
https://github.com/google/syzkaller/commit/07dedd50ee8834dbca4da7667e69e72b7d0565b9
Author: Dmitry Vyukov <dvy...@google.com>
Date: 2024-07-02 (Tue, 02 Jul 2024)
Changed paths:
M executor/cover_filter.h
M executor/executor_runner.h
M executor/test.h
M pkg/flatrpc/flatrpc.fbs
M pkg/flatrpc/flatrpc.go
M pkg/flatrpc/flatrpc.h
M pkg/fuzzer/cover.go
M pkg/fuzzer/fuzzer.go
M pkg/fuzzer/fuzzer_test.go
M pkg/fuzzer/job_test.go
M pkg/rpcserver/rpcserver.go
M pkg/rpcserver/runner.go
M pkg/signal/signal.go
M pkg/signal/signal_test.go
M syz-manager/manager.go
Log Message:
-----------
pkg/fuzzer: remove signal rotation
Signal rotation is intended to make the fuzzer re-discover flaky coverage
in non flaky way. However, taking into accout that we get effectively
the same effect after each manager restart, and that the fuzzer is overloaded
with triage/smash jobs, it does not look to be worth it.
Compare: https://github.com/google/syzkaller/compare/3d475bc56886%5E...07dedd50ee88
To unsubscribe from these emails, change your notification settings at https://github.com/google/syzkaller/settings/notifications
Home: https://github.com/google/syzkaller
Commit: 3d475bc56886c8183b3189b762451095985b6c84
https://github.com/google/syzkaller/commit/3d475bc56886c8183b3189b762451095985b6c84
Author: Dmitry Vyukov <dvy...@google.com>
Date: 2024-07-02 (Tue, 02 Jul 2024)
Changed paths:
M pkg/hash/hash.go
M prog/analysis.go
M prog/hints.go
M prog/hints_test.go
M prog/rand.go
M prog/target.go
M prog/types.go
A sys/test/related.txt
Log Message:
-----------
prog: reduce amount of hint replacements
Several optimizations to reduce amount of hint replacements:
1. Don't mutate int's that are <= 8 bits.
2. Don't mutate data that is <= 3 bytes.
3. Restrict mutation of len only value >10 and < 1<<20.
Values <= 10 we can produce during normal mutation.
Values > 1<<20 are presumably not length of something
and we have logic to produce various large bogus lengths.
4. Include all small ints <= 16 into specialInts and remove 31, 32, 63
(don't remember where they come from).
5. Don't produce other known flags (and combinations) for flags.
And a larger part computes groups of related arguments
so that we don't try to produce known ioctl's from other known ioctl's,
and similarly for socket/socketpair/setsockopt/etc.
See comments in Target.initRelatedFields for details.
Update #477
Commit: 6a2ff1acbd95b320444a729d9d281835be88ec66
https://github.com/google/syzkaller/commit/6a2ff1acbd95b320444a729d9d281835be88ec66
Author: Dmitry Vyukov <dvy...@google.com>
Date: 2024-07-02 (Tue, 02 Jul 2024)
Changed paths:
M pkg/fuzzer/fuzzer.go
M pkg/fuzzer/job.go
M pkg/fuzzer/stats.go
Log Message:
-----------
pkg/fuzzer: optimize smash jobs
1. Run only 25 mutations during smash.
2. Run collide during normal fuzzing rather than during smashing.
3. Run hints and fault injection before random mutations
and order hints/fault injection jobs.
4. Random mutations still run round-robin w/o ordering
to give better diversity.
Commit: 07dedd50ee8834dbca4da7667e69e72b7d0565b9
https://github.com/google/syzkaller/commit/07dedd50ee8834dbca4da7667e69e72b7d0565b9
Author: Dmitry Vyukov <dvy...@google.com>
Date: 2024-07-02 (Tue, 02 Jul 2024)
Changed paths:
M executor/cover_filter.h
M executor/executor_runner.h
M executor/test.h
M pkg/flatrpc/flatrpc.fbs
M pkg/flatrpc/flatrpc.go
M pkg/flatrpc/flatrpc.h
M pkg/fuzzer/cover.go
M pkg/fuzzer/fuzzer.go
M pkg/fuzzer/fuzzer_test.go
M pkg/fuzzer/job_test.go
M pkg/rpcserver/rpcserver.go
M pkg/rpcserver/runner.go
M pkg/signal/signal.go
M pkg/signal/signal_test.go
M syz-manager/manager.go
Log Message:
-----------
pkg/fuzzer: remove signal rotation
Signal rotation is intended to make the fuzzer re-discover flaky coverage
in non flaky way. However, taking into accout that we get effectively
the same effect after each manager restart, and that the fuzzer is overloaded
with triage/smash jobs, it does not look to be worth it.
Compare: https://github.com/google/syzkaller/compare/3d475bc56886%5E...07dedd50ee88
To unsubscribe from these emails, change your notification settings at https://github.com/google/syzkaller/settings/notifications
Dmitry Vyukov
Jul 2, 2024, 11:16:37 AM (13 hours ago) Jul 2
to syzk...@googlegroups.com
Branch: refs/heads/master
Compare: https://github.com/google/syzkaller/compare/0be05f03ef14...07dedd50ee88
Reply all
Reply to author
Forward
0 new messages