ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-11 17:51:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

add last 60s exec/s stat

Browse Source
This commit is contained in:
van Hauser
2020-07-26 15:55:03 +02:00
parent 23da490f26
commit 16e362d2b9
4 changed files with 93 additions and 76 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
include/afl-fuzz.h
View File

@ -581,6 +581,10 @@ typedef struct afl_state {
u8 describe_op_buf_256[256]; /* describe_op will use this to return a string
up to 256 */
unsigned long long int last_avg_exec_update;
u32 last_avg_execs;
float last_avg_execs_saved;
/* foreign sync */
#define FOREIGN_SYNCS_MAX 32
u8 foreign_sync_cnt;

3
src/afl-fuzz-mutators.c
View File

@ -168,7 +168,8 @@ struct custom_mutator *load_custom_mutator(afl_state_t *afl, const char *fn) {
/* "afl_custom_deinit", optional for backward compatibility */
mutator->afl_custom_deinit = dlsym(dh, "afl_custom_deinit");
if (!mutator->afl_custom_deinit) FATAL("Symbol 'afl_custom_deinit' not found.");
if (!mutator->afl_custom_deinit)
FATAL("Symbol 'afl_custom_deinit' not found.");
/* "afl_custom_post_process", optional */
mutator->afl_custom_post_process = dlsym(dh, "afl_custom_post_process");

154
src/afl-fuzz-stats.c
View File

@ -39,7 +39,7 @@ void write_stats_file(afl_state_t *afl, double bitmap_cvg, double stability,
u8 fn[PATH_MAX];
s32 fd;
FILE * f;
uint32_t t_bytes = count_non_255_bytes(afl, afl->virgin_bits);
u32 t_bytes = count_non_255_bytes(afl, afl->virgin_bits);
snprintf(fn, PATH_MAX, "%s/fuzzer_stats", afl->out_dir);
@ -67,89 +67,101 @@ void write_stats_file(afl_state_t *afl, double bitmap_cvg, double stability,
}
if ((unlikely(!afl->last_avg_exec_update ||
cur_time - afl->last_avg_exec_update >= 60000))) {
afl->last_avg_execs_saved =
(float)(1000*(afl->fsrv.total_execs - afl->last_avg_execs)) /
(float)(cur_time - afl->last_avg_exec_update);
afl->last_avg_execs = afl->fsrv.total_execs;
afl->last_avg_exec_update = cur_time;
}
#ifndef __HAIKU__
if (getrusage(RUSAGE_CHILDREN, &rus)) { rus.ru_maxrss = 0; }
#endif
fprintf(
f,
"start_time : %llu\n"
"last_update : %llu\n"
"run_time : %llu\n"
"fuzzer_pid : %u\n"
"cycles_done : %llu\n"
"cycles_wo_finds : %llu\n"
"execs_done : %llu\n"
"execs_per_sec : %0.02f\n"
// "real_execs_per_sec: %0.02f\n" // damn the name is too long
"paths_total : %u\n"
"paths_favored : %u\n"
"paths_found : %u\n"
"paths_imported : %u\n"
"max_depth : %u\n"
"cur_path : %u\n" /* Must match find_start_position() */
"pending_favs : %u\n"
"pending_total : %u\n"
"variable_paths : %u\n"
"stability : %0.02f%%\n"
"bitmap_cvg : %0.02f%%\n"
"unique_crashes : %llu\n"
"unique_hangs : %llu\n"
"last_path : %llu\n"
"last_crash : %llu\n"
"last_hang : %llu\n"
"execs_since_crash : %llu\n"
"exec_timeout : %u\n"
"slowest_exec_ms : %u\n"
"peak_rss_mb : %lu\n"
"cpu_affinity : %d\n"
"edges_found : %u\n"
"var_byte_count : %u\n"
"afl_banner : %s\n"
"afl_version : " VERSION
"\n"
"target_mode : %s%s%s%s%s%s%s%s%s\n"
"command_line : %s\n",
afl->start_time / 1000, cur_time / 1000,
(cur_time - afl->start_time) / 1000, (u32)getpid(),
afl->queue_cycle ? (afl->queue_cycle - 1) : 0, afl->cycles_wo_finds,
afl->fsrv.total_execs,
afl->fsrv.total_execs /
((double)(get_cur_time() - afl->start_time) / 1000),
afl->queued_paths, afl->queued_favored, afl->queued_discovered,
afl->queued_imported, afl->max_depth, afl->current_entry,
afl->pending_favored, afl->pending_not_fuzzed, afl->queued_variable,
stability, bitmap_cvg, afl->unique_crashes, afl->unique_hangs,
afl->last_path_time / 1000, afl->last_crash_time / 1000,
afl->last_hang_time / 1000, afl->fsrv.total_execs - afl->last_crash_execs,
afl->fsrv.exec_tmout, afl->slowest_exec_ms,
fprintf(f,
"start_time : %llu\n"
"last_update : %llu\n"
"run_time : %llu\n"
"fuzzer_pid : %u\n"
"cycles_done : %llu\n"
"cycles_wo_finds : %llu\n"
"execs_done : %llu\n"
"execs_per_sec : %0.02f\n"
"execs_ps_last_min : %0.02f\n"
"paths_total : %u\n"
"paths_favored : %u\n"
"paths_found : %u\n"
"paths_imported : %u\n"
"max_depth : %u\n"
"cur_path : %u\n" /* Must match find_start_position() */
"pending_favs : %u\n"
"pending_total : %u\n"
"variable_paths : %u\n"
"stability : %0.02f%%\n"
"bitmap_cvg : %0.02f%%\n"
"unique_crashes : %llu\n"
"unique_hangs : %llu\n"
"last_path : %llu\n"
"last_crash : %llu\n"
"last_hang : %llu\n"
"execs_since_crash : %llu\n"
"exec_timeout : %u\n"
"slowest_exec_ms : %u\n"
"peak_rss_mb : %lu\n"
"cpu_affinity : %d\n"
"edges_found : %u\n"
"var_byte_count : %u\n"
"afl_banner : %s\n"
"afl_version : " VERSION
"\n"
"target_mode : %s%s%s%s%s%s%s%s%s\n"
"command_line : %s\n",
afl->start_time / 1000, cur_time / 1000,
(cur_time - afl->start_time) / 1000, (u32)getpid(),
afl->queue_cycle ? (afl->queue_cycle - 1) : 0, afl->cycles_wo_finds,
afl->fsrv.total_execs,
afl->fsrv.total_execs /
((double)(get_cur_time() - afl->start_time) / 1000),
afl->last_avg_execs_saved, afl->queued_paths, afl->queued_favored,
afl->queued_discovered, afl->queued_imported, afl->max_depth,
afl->current_entry, afl->pending_favored, afl->pending_not_fuzzed,
afl->queued_variable, stability, bitmap_cvg, afl->unique_crashes,
afl->unique_hangs, afl->last_path_time / 1000,
afl->last_crash_time / 1000, afl->last_hang_time / 1000,
afl->fsrv.total_execs - afl->last_crash_execs, afl->fsrv.exec_tmout,
afl->slowest_exec_ms,
#ifndef __HAIKU__
#ifdef __APPLE__
(unsigned long int)(rus.ru_maxrss >> 20),
(unsigned long int)(rus.ru_maxrss >> 20),
#else
(unsigned long int)(rus.ru_maxrss >> 10),
(unsigned long int)(rus.ru_maxrss >> 10),
#endif
#else
-1UL,
-1UL,
#endif
#ifdef HAVE_AFFINITY
afl->cpu_aff,
afl->cpu_aff,
#else
-1,
-1,
#endif
t_bytes, afl->var_byte_count, afl->use_banner,
afl->unicorn_mode ? "unicorn" : "", afl->fsrv.qemu_mode ? "qemu " : "",
afl->non_instrumented_mode ? " non_instrumented " : "",
afl->no_forkserver ? "no_fsrv " : "", afl->crash_mode ? "crash " : "",
afl->persistent_mode ? "persistent " : "",
afl->shmem_testcase_mode ? "shmem_testcase " : "",
afl->deferred_mode ? "deferred " : "",
(afl->unicorn_mode || afl->fsrv.qemu_mode || afl->non_instrumented_mode ||
afl->no_forkserver || afl->crash_mode || afl->persistent_mode ||
afl->deferred_mode)
? ""
: "default",
afl->orig_cmdline);
t_bytes, afl->var_byte_count, afl->use_banner,
afl->unicorn_mode ? "unicorn" : "",
afl->fsrv.qemu_mode ? "qemu " : "",
afl->non_instrumented_mode ? " non_instrumented " : "",
afl->no_forkserver ? "no_fsrv " : "", afl->crash_mode ? "crash " : "",
afl->persistent_mode ? "persistent " : "",
afl->shmem_testcase_mode ? "shmem_testcase " : "",
afl->deferred_mode ? "deferred " : "",
(afl->unicorn_mode || afl->fsrv.qemu_mode ||
afl->non_instrumented_mode || afl->no_forkserver ||
afl->crash_mode || afl->persistent_mode || afl->deferred_mode)
? ""
: "default",
afl->orig_cmdline);
/* ignore errors */
if (afl->debug) {

8
test/test-floatingpoint.c
View File

@ -8,16 +8,16 @@ __AFL_FUZZ_INIT();
int main(void) {
ssize_t bytes_read;
__AFL_INIT();
float *magic = (float*)__AFL_FUZZ_TESTCASE_BUF;
float *magic = (float *)__AFL_FUZZ_TESTCASE_BUF;
while (__AFL_LOOP(INT_MAX)) {
if (__AFL_FUZZ_TESTCASE_LEN != sizeof(float)) return 1;
/* 15 + 1/2 + 1/8 + 1/32 + 1/128 */
if ((-*magic == 15.0 + 0.5 + 0.125 + 0.03125 + 0.0078125)) abort();
}
return 0;