[google/syzkaller] 9880b6: prog: prune recursion by type pointers
0 views
Skip to first unread message
Aleksandr Nogikh
Apr 1, 2026, 4:12:22 AM (9 days ago) Apr 1
to syzk...@googlegroups.com
Branch: refs/heads/gh-readonly-queue/master/pr-7026-fb8b2c26b05b4a51d0e03288ba6ec54a8231726d
Home: https://github.com/google/syzkaller
Commit: 9880b6b1ca0af1ac369aa75a22a856ae1b1fe52f
https://github.com/google/syzkaller/commit/9880b6b1ca0af1ac369aa75a22a856ae1b1fe52f
Author: Aleksandr Nogikh <nog...@google.com>
Date: 2026-04-01 (Wed, 01 Apr 2026)
Changed paths:
M prog/rand.go
Log Message:
-----------
prog: prune recursion by type pointers
Names are less reliable, e.g. for pointer types there will just be a
generic "ptr" name.
Type object pointer should be a more reliable key which is also less
expensive to store/compute.
Commit: 1127d3fa1c776f084c7436cbc152fbfe86c696c8
https://github.com/google/syzkaller/commit/1127d3fa1c776f084c7436cbc152fbfe86c696c8
Author: Aleksandr Nogikh <nog...@google.com>
Date: 2026-04-01 (Wed, 01 Apr 2026)
Changed paths:
M prog/rand.go
Log Message:
-----------
prog: improve pruning logic
Determine the leaf created type by following pointers and arrays.
Also prune nested pointers as it's possible to achieve object explosion
by having sufficient number of optional pointers in a struct.
Commit: 012f85da69cdcea877d6d525621c60a5df1ca35a
https://github.com/google/syzkaller/commit/012f85da69cdcea877d6d525621c60a5df1ca35a
Author: Aleksandr Nogikh <nog...@google.com>
Date: 2026-04-01 (Wed, 01 Apr 2026)
Changed paths:
M prog/prog_test.go
M sys/test/test.txt
Log Message:
-----------
prog: add a pointer recursion test
Without the previous fixes, the test quickly ends up with a stack
overflow.
Commit: 7cf7c5ad54ad2f6b5dea382365821934397d6497
https://github.com/google/syzkaller/commit/7cf7c5ad54ad2f6b5dea382365821934397d6497
Author: Aleksandr Nogikh <nog...@google.com>
Date: 2026-04-01 (Wed, 01 Apr 2026)
Changed paths:
M pkg/corpus/corpus_test.go
Log Message:
-----------
pkg/corpus: accelerate TestChooseProgram
We don't need to generate particularly diverse programs in this test, so
let's restrict the set of enabled syscalls.
Commit: 9a1f7828d289417293675ad37286c9b7a9c3ab7c
https://github.com/google/syzkaller/commit/9a1f7828d289417293675ad37286c9b7a9c3ab7c
Author: Aleksandr Nogikh <nog...@google.com>
Date: 2026-04-01 (Wed, 01 Apr 2026)
Changed paths:
M prog/alloc.go
Log Message:
-----------
prog: optimize allocation performance
In benchmarks under -race, the vast majority of time is spent in
alloc.go. And, indeed, if the amount of "allocated" memory is
significant, we end up traversing a pretty big array on each new prog
argument allocation.
Let's optimize it a bit. Since we never free objects (we can only
declare a bankruptcy), it's okay to just remember the position up to
which we know there's no free space anymore.
But it must per done per alignment since big alignment allocations may
leave large gaps.
Compare: https://github.com/google/syzkaller/compare/9880b6b1ca0a%5E...9a1f7828d289
To unsubscribe from these emails, change your notification settings at https://github.com/google/syzkaller/settings/notifications
Home: https://github.com/google/syzkaller
Commit: 9880b6b1ca0af1ac369aa75a22a856ae1b1fe52f
https://github.com/google/syzkaller/commit/9880b6b1ca0af1ac369aa75a22a856ae1b1fe52f
Author: Aleksandr Nogikh <nog...@google.com>
Date: 2026-04-01 (Wed, 01 Apr 2026)
Changed paths:
M prog/rand.go
Log Message:
-----------
prog: prune recursion by type pointers
Names are less reliable, e.g. for pointer types there will just be a
generic "ptr" name.
Type object pointer should be a more reliable key which is also less
expensive to store/compute.
Commit: 1127d3fa1c776f084c7436cbc152fbfe86c696c8
https://github.com/google/syzkaller/commit/1127d3fa1c776f084c7436cbc152fbfe86c696c8
Author: Aleksandr Nogikh <nog...@google.com>
Date: 2026-04-01 (Wed, 01 Apr 2026)
Changed paths:
M prog/rand.go
Log Message:
-----------
prog: improve pruning logic
Determine the leaf created type by following pointers and arrays.
Also prune nested pointers as it's possible to achieve object explosion
by having sufficient number of optional pointers in a struct.
Commit: 012f85da69cdcea877d6d525621c60a5df1ca35a
https://github.com/google/syzkaller/commit/012f85da69cdcea877d6d525621c60a5df1ca35a
Author: Aleksandr Nogikh <nog...@google.com>
Date: 2026-04-01 (Wed, 01 Apr 2026)
Changed paths:
M prog/prog_test.go
M sys/test/test.txt
Log Message:
-----------
prog: add a pointer recursion test
Without the previous fixes, the test quickly ends up with a stack
overflow.
Commit: 7cf7c5ad54ad2f6b5dea382365821934397d6497
https://github.com/google/syzkaller/commit/7cf7c5ad54ad2f6b5dea382365821934397d6497
Author: Aleksandr Nogikh <nog...@google.com>
Date: 2026-04-01 (Wed, 01 Apr 2026)
Changed paths:
M pkg/corpus/corpus_test.go
Log Message:
-----------
pkg/corpus: accelerate TestChooseProgram
We don't need to generate particularly diverse programs in this test, so
let's restrict the set of enabled syscalls.
Commit: 9a1f7828d289417293675ad37286c9b7a9c3ab7c
https://github.com/google/syzkaller/commit/9a1f7828d289417293675ad37286c9b7a9c3ab7c
Author: Aleksandr Nogikh <nog...@google.com>
Date: 2026-04-01 (Wed, 01 Apr 2026)
Changed paths:
M prog/alloc.go
Log Message:
-----------
prog: optimize allocation performance
In benchmarks under -race, the vast majority of time is spent in
alloc.go. And, indeed, if the amount of "allocated" memory is
significant, we end up traversing a pretty big array on each new prog
argument allocation.
Let's optimize it a bit. Since we never free objects (we can only
declare a bankruptcy), it's okay to just remember the position up to
which we know there's no free space anymore.
But it must per done per alignment since big alignment allocations may
leave large gaps.
Compare: https://github.com/google/syzkaller/compare/9880b6b1ca0a%5E...9a1f7828d289
To unsubscribe from these emails, change your notification settings at https://github.com/google/syzkaller/settings/notifications
Aleksandr Nogikh
Apr 1, 2026, 4:24:23 AM (9 days ago) Apr 1
to syzk...@googlegroups.com
Branch: refs/heads/master
Compare: https://github.com/google/syzkaller/compare/fb8b2c26b05b...9a1f7828d289
Reply all
Reply to author
Forward
0 new messages