ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-13 02:28:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

add last 60s exec/s stat

Browse Source
This commit is contained in:
van Hauser
2020-07-26 15:55:03 +02:00
parent 23da490f26
commit 16e362d2b9
4 changed files with 93 additions and 76 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
include/afl-fuzz.h
View File

@ -581,6 +581,10 @@ typedef struct afl_state {
u8 describe_op_buf_256[256]; /* describe_op will use this to return a string u8 describe_op_buf_256[256]; /* describe_op will use this to return a string
up to 256 */ up to 256 */
unsigned long long int last_avg_exec_update;
u32 last_avg_execs;
float last_avg_execs_saved;
/* foreign sync */ /* foreign sync */
#define FOREIGN_SYNCS_MAX 32 #define FOREIGN_SYNCS_MAX 32
u8 foreign_sync_cnt; u8 foreign_sync_cnt;

3
src/afl-fuzz-mutators.c
View File

@ -168,7 +168,8 @@ struct custom_mutator *load_custom_mutator(afl_state_t *afl, const char *fn) {
/* "afl_custom_deinit", optional for backward compatibility */ /* "afl_custom_deinit", optional for backward compatibility */
mutator->afl_custom_deinit = dlsym(dh, "afl_custom_deinit"); mutator->afl_custom_deinit = dlsym(dh, "afl_custom_deinit");
if (!mutator->afl_custom_deinit) FATAL("Symbol 'afl_custom_deinit' not found."); if (!mutator->afl_custom_deinit)
FATAL("Symbol 'afl_custom_deinit' not found.");
/* "afl_custom_post_process", optional */ /* "afl_custom_post_process", optional */
mutator->afl_custom_post_process = dlsym(dh, "afl_custom_post_process"); mutator->afl_custom_post_process = dlsym(dh, "afl_custom_post_process");

154
src/afl-fuzz-stats.c
View File

@ -39,7 +39,7 @@ void write_stats_file(afl_state_t *afl, double bitmap_cvg, double stability,
u8 fn[PATH_MAX]; u8 fn[PATH_MAX];
s32 fd; s32 fd;
FILE * f; FILE * f;
uint32_t t_bytes = count_non_255_bytes(afl, afl->virgin_bits); u32 t_bytes = count_non_255_bytes(afl, afl->virgin_bits);
snprintf(fn, PATH_MAX, "%s/fuzzer_stats", afl->out_dir); snprintf(fn, PATH_MAX, "%s/fuzzer_stats", afl->out_dir);
@ -67,89 +67,101 @@ void write_stats_file(afl_state_t *afl, double bitmap_cvg, double stability,
} }
if ((unlikely(!afl->last_avg_exec_update ||
cur_time - afl->last_avg_exec_update >= 60000))) {
afl->last_avg_execs_saved =
(float)(1000*(afl->fsrv.total_execs - afl->last_avg_execs)) /
(float)(cur_time - afl->last_avg_exec_update);
afl->last_avg_execs = afl->fsrv.total_execs;
afl->last_avg_exec_update = cur_time;
}
#ifndef __HAIKU__ #ifndef __HAIKU__
if (getrusage(RUSAGE_CHILDREN, &rus)) { rus.ru_maxrss = 0; } if (getrusage(RUSAGE_CHILDREN, &rus)) { rus.ru_maxrss = 0; }
#endif #endif
fprintf( fprintf(f,
f, "start_time : %llu\n"
"start_time : %llu\n" "last_update : %llu\n"
"last_update : %llu\n" "run_time : %llu\n"
"run_time : %llu\n" "fuzzer_pid : %u\n"
"fuzzer_pid : %u\n" "cycles_done : %llu\n"
"cycles_done : %llu\n" "cycles_wo_finds : %llu\n"
"cycles_wo_finds : %llu\n" "execs_done : %llu\n"
"execs_done : %llu\n" "execs_per_sec : %0.02f\n"
"execs_per_sec : %0.02f\n" "execs_ps_last_min : %0.02f\n"
// "real_execs_per_sec: %0.02f\n" // damn the name is too long "paths_total : %u\n"
"paths_total : %u\n" "paths_favored : %u\n"
"paths_favored : %u\n" "paths_found : %u\n"
"paths_found : %u\n" "paths_imported : %u\n"
"paths_imported : %u\n" "max_depth : %u\n"
"max_depth : %u\n" "cur_path : %u\n" /* Must match find_start_position() */
"cur_path : %u\n" /* Must match find_start_position() */ "pending_favs : %u\n"
"pending_favs : %u\n" "pending_total : %u\n"
"pending_total : %u\n" "variable_paths : %u\n"
"variable_paths : %u\n" "stability : %0.02f%%\n"
"stability : %0.02f%%\n" "bitmap_cvg : %0.02f%%\n"
"bitmap_cvg : %0.02f%%\n" "unique_crashes : %llu\n"
"unique_crashes : %llu\n" "unique_hangs : %llu\n"
"unique_hangs : %llu\n" "last_path : %llu\n"
"last_path : %llu\n" "last_crash : %llu\n"
"last_crash : %llu\n" "last_hang : %llu\n"
"last_hang : %llu\n" "execs_since_crash : %llu\n"
"execs_since_crash : %llu\n" "exec_timeout : %u\n"
"exec_timeout : %u\n" "slowest_exec_ms : %u\n"
"slowest_exec_ms : %u\n" "peak_rss_mb : %lu\n"
"peak_rss_mb : %lu\n" "cpu_affinity : %d\n"
"cpu_affinity : %d\n" "edges_found : %u\n"
"edges_found : %u\n" "var_byte_count : %u\n"
"var_byte_count : %u\n" "afl_banner : %s\n"
"afl_banner : %s\n" "afl_version : " VERSION
"afl_version : " VERSION "\n"
"\n" "target_mode : %s%s%s%s%s%s%s%s%s\n"
"target_mode : %s%s%s%s%s%s%s%s%s\n" "command_line : %s\n",
"command_line : %s\n", afl->start_time / 1000, cur_time / 1000,
afl->start_time / 1000, cur_time / 1000, (cur_time - afl->start_time) / 1000, (u32)getpid(),
(cur_time - afl->start_time) / 1000, (u32)getpid(), afl->queue_cycle ? (afl->queue_cycle - 1) : 0, afl->cycles_wo_finds,
afl->queue_cycle ? (afl->queue_cycle - 1) : 0, afl->cycles_wo_finds, afl->fsrv.total_execs,
afl->fsrv.total_execs, afl->fsrv.total_execs /
afl->fsrv.total_execs / ((double)(get_cur_time() - afl->start_time) / 1000),
((double)(get_cur_time() - afl->start_time) / 1000), afl->last_avg_execs_saved, afl->queued_paths, afl->queued_favored,
afl->queued_paths, afl->queued_favored, afl->queued_discovered, afl->queued_discovered, afl->queued_imported, afl->max_depth,
afl->queued_imported, afl->max_depth, afl->current_entry, afl->current_entry, afl->pending_favored, afl->pending_not_fuzzed,
afl->pending_favored, afl->pending_not_fuzzed, afl->queued_variable, afl->queued_variable, stability, bitmap_cvg, afl->unique_crashes,
stability, bitmap_cvg, afl->unique_crashes, afl->unique_hangs, afl->unique_hangs, afl->last_path_time / 1000,
afl->last_path_time / 1000, afl->last_crash_time / 1000, afl->last_crash_time / 1000, afl->last_hang_time / 1000,
afl->last_hang_time / 1000, afl->fsrv.total_execs - afl->last_crash_execs, afl->fsrv.total_execs - afl->last_crash_execs, afl->fsrv.exec_tmout,
afl->fsrv.exec_tmout, afl->slowest_exec_ms, afl->slowest_exec_ms,
#ifndef __HAIKU__ #ifndef __HAIKU__
#ifdef __APPLE__ #ifdef __APPLE__
(unsigned long int)(rus.ru_maxrss >> 20), (unsigned long int)(rus.ru_maxrss >> 20),
#else #else
(unsigned long int)(rus.ru_maxrss >> 10), (unsigned long int)(rus.ru_maxrss >> 10),
#endif #endif
#else #else
-1UL, -1UL,
#endif #endif
#ifdef HAVE_AFFINITY #ifdef HAVE_AFFINITY
afl->cpu_aff, afl->cpu_aff,
#else #else
-1, -1,
#endif #endif
t_bytes, afl->var_byte_count, afl->use_banner, t_bytes, afl->var_byte_count, afl->use_banner,
afl->unicorn_mode ? "unicorn" : "", afl->fsrv.qemu_mode ? "qemu " : "", afl->unicorn_mode ? "unicorn" : "",
afl->non_instrumented_mode ? " non_instrumented " : "", afl->fsrv.qemu_mode ? "qemu " : "",
afl->no_forkserver ? "no_fsrv " : "", afl->crash_mode ? "crash " : "", afl->non_instrumented_mode ? " non_instrumented " : "",
afl->persistent_mode ? "persistent " : "", afl->no_forkserver ? "no_fsrv " : "", afl->crash_mode ? "crash " : "",
afl->shmem_testcase_mode ? "shmem_testcase " : "", afl->persistent_mode ? "persistent " : "",
afl->deferred_mode ? "deferred " : "", afl->shmem_testcase_mode ? "shmem_testcase " : "",
(afl->unicorn_mode || afl->fsrv.qemu_mode || afl->non_instrumented_mode || afl->deferred_mode ? "deferred " : "",
afl->no_forkserver || afl->crash_mode || afl->persistent_mode || (afl->unicorn_mode || afl->fsrv.qemu_mode ||
afl->deferred_mode) afl->non_instrumented_mode || afl->no_forkserver ||
? "" afl->crash_mode || afl->persistent_mode || afl->deferred_mode)
: "default", ? ""
afl->orig_cmdline); : "default",
afl->orig_cmdline);
/* ignore errors */ /* ignore errors */
if (afl->debug) { if (afl->debug) {

8
test/test-floatingpoint.c
View File

@ -8,16 +8,16 @@ __AFL_FUZZ_INIT();
int main(void) { int main(void) {
ssize_t bytes_read; ssize_t bytes_read;
__AFL_INIT(); __AFL_INIT();
float *magic = (float*)__AFL_FUZZ_TESTCASE_BUF; float *magic = (float *)__AFL_FUZZ_TESTCASE_BUF;
while (__AFL_LOOP(INT_MAX)) { while (__AFL_LOOP(INT_MAX)) {
if (__AFL_FUZZ_TESTCASE_LEN != sizeof(float)) return 1; if (__AFL_FUZZ_TESTCASE_LEN != sizeof(float)) return 1;
/* 15 + 1/2 + 1/8 + 1/32 + 1/128 */ /* 15 + 1/2 + 1/8 + 1/32 + 1/128 */
if ((-*magic == 15.0 + 0.5 + 0.125 + 0.03125 + 0.0078125)) abort(); if ((-*magic == 15.0 + 0.5 + 0.125 + 0.03125 + 0.0078125)) abort();
} }
return 0; return 0;