fix -V, code format

docs/Changelog.md

@@ -25,6 +25,8 @@
     - fix for `-t xxx+` feature
     - -e extension option now saves the queue items, crashes, etc. with the
       extension too
+    - fixes for trimmming, correct -V time and reading stats on resume by eqv
+      thanks a lot!
   - afl-cc:
     - added collision free caller instrumentation to LTO mode. activate with
       `AFL_LLVM_LTO_CALLER=1`. You can set a max depth to go through single

include/afl-fuzz.h

@@ -5,9 +5,9 @@
    Originally written by Michal Zalewski
 
    Now maintained by Marc Heuse <mh@mh-sec.de>,
-                     Heiko Eißfeldt <heiko.eissfeldt@hexco.de>,
+                     Dominik Maier <mail@dmnk.co>,
-                     Andrea Fioraldi <andreafioraldi@gmail.com>,
+                     Andrea Fioraldi <andreafioraldi@gmail.com>, and
-                     Dominik Maier <mail@dmnk.co>
+                     Heiko Eissfeldt <heiko.eissfeldt@hexco.de>
 
    Copyright 2016, 2017 Google Inc. All rights reserved.
    Copyright 2019-2024 AFLplusplus Project. All rights reserved.
@@ -1409,3 +1409,4 @@ void queue_testcase_store_mem(afl_state_t *afl, struct queue_entry *q, u8 *mem);
 #endif
 
 #endif
+

src/afl-fuzz-run.c

@@ -505,7 +505,8 @@ u8 calibrate_case(afl_state_t *afl, struct queue_entry *q, u8 *use_mem,
 
     fault = fuzz_run_target(afl, &afl->fsrv, use_tmout);
 
-    // update the time spend in calibration after each execution, as those may be slow
+    // update the time spend in calibration after each execution, as those may
+    // be slow
     update_calibration_time(afl, &calibration_start_us);
 
     /* afl->stop_soon is set by the handler for Ctrl+C. When it's pressed,
@@ -680,7 +681,8 @@ void sync_fuzzers(afl_state_t *afl) {
 
   while ((sd_ent = readdir(sd))) {
 
-    // since sync can take substantial amounts of time, update time spend every iteration
+    // since sync can take substantial amounts of time, update time spend every
+    // iteration
     update_sync_time(afl, &sync_start_us);
 
     u8  qd_synced_path[PATH_MAX], qd_path[PATH_MAX];
@@ -910,7 +912,12 @@ u8 trim_case(afl_state_t *afl, struct queue_entry *q, u8 *in_buf) {
 
     }
 
-    if (custom_trimmed) { fault = trimmed_case; goto abort_trimming; }
+    if (custom_trimmed) {
+
+      fault = trimmed_case;
+      goto abort_trimming;
+
+    }
 
   }
 
@@ -924,7 +931,12 @@ u8 trim_case(afl_state_t *afl, struct queue_entry *q, u8 *in_buf) {
      detected, it will still work to some extent, so we don't check for
      this. */
 
-  if (unlikely(q->len < 5)) { fault = 0; goto abort_trimming; }
+  if (unlikely(q->len < 5)) {
+
+    fault = 0;
+    goto abort_trimming;
+
+  }
 
   afl->stage_name = afl->stage_name_buf;
   afl->bytes_trim_in += q->len;
@@ -986,7 +998,6 @@ u8 trim_case(afl_state_t *afl, struct queue_entry *q, u8 *in_buf) {
 
         /* Let's save a clean trace, which will be needed by
            update_bitmap_score once we're done with the trimming stuff. */
-
         if (!needs_write) {
 
           needs_write = 1;
@@ -1001,7 +1012,6 @@ u8 trim_case(afl_state_t *afl, struct queue_entry *q, u8 *in_buf) {
       }
 
       /* Since this can be slow, update the screen every now and then. */
-
       if (!(trim_exec++ % afl->stats_update_freq)) { show_stats(afl); }
       ++afl->stage_cur;
 
@@ -1119,3 +1129,4 @@ common_fuzz_stuff(afl_state_t *afl, u8 *out_buf, u32 len) {
   return 0;
 
 }
+

src/afl-fuzz-stats.c

@@ -134,7 +134,9 @@ void write_setup_file(afl_state_t *afl, u32 argc, char **argv) {
 }
 
 static bool starts_with(char *key, char *line) {
+
   return strncmp(key, line, strlen(key)) == 0;
+
 }
 
 /* load some of the existing stats file when resuming.*/
@@ -180,24 +182,42 @@ void load_stats_file(afl_state_t *afl) {
       lptr++;
       char *nptr;
       if (starts_with("run_time", keystring)) {
+
         afl->prev_run_time = 1000 * strtoull(lptr, &nptr, 10);
+
       }
+
       if (starts_with("cycles_done", keystring)) {
+
         afl->queue_cycle =
             strtoull(lptr, &nptr, 10) ? strtoull(lptr, &nptr, 10) + 1 : 0;
+
       }
+
       if (starts_with("calibration_time", keystring)) {
+
         afl->calibration_time_us = strtoull(lptr, &nptr, 10) * 1000000;
+
       }
+
       if (starts_with("sync_time", keystring)) {
+
         afl->sync_time_us = strtoull(lptr, &nptr, 10) * 1000000;
+
       }
+
       if (starts_with("trim_time", keystring)) {
+
         afl->trim_time_us = strtoull(lptr, &nptr, 10) * 1000000;
+
       }
+
       if (starts_with("execs_done", keystring)) {
+
         afl->fsrv.total_execs = strtoull(lptr, &nptr, 10);
+
       }
+
       if (starts_with("corpus_count", keystring)) {
 
         u32 corpus_count = strtoul(lptr, &nptr, 10);
@@ -206,27 +226,46 @@ void load_stats_file(afl_state_t *afl) {
           WARNF(
               "queue/ has been modified -- things might not work, you're "
               "on your own!");
+          sleep(3);
 
         }
 
       }
+
       if (starts_with("corpus_found", keystring)) {
+
         afl->queued_discovered = strtoul(lptr, &nptr, 10);
+
       }
+
       if (starts_with("corpus_imported", keystring)) {
+
         afl->queued_imported = strtoul(lptr, &nptr, 10);
+
       }
+
       if (starts_with("max_depth", keystring)) {
+
         afl->max_depth = strtoul(lptr, &nptr, 10);
+
       }
+
       if (starts_with("saved_crashes", keystring)) {
+
         afl->saved_crashes = strtoull(lptr, &nptr, 10);
+
       }
+
       if (starts_with("saved_hangs", keystring)) {
+
         afl->saved_hangs = strtoull(lptr, &nptr, 10);
+
       }
+
     }
+
   }
+
   if (afl->saved_crashes) { write_crash_readme(afl); }
 
   return;
@@ -334,7 +373,7 @@ void write_stats_file(afl_state_t *afl, u32 t_bytes, double bitmap_cvg,
       "\n"
       "target_mode       : %s%s%s%s%s%s%s%s%s%s\n"
       "command_line      : %s\n",
-      (afl->start_time - afl->prev_run_time) / 1000, cur_time / 1000,
+      (afl->start_time /*- afl->prev_run_time*/) / 1000, cur_time / 1000,
       runtime / 1000, (u32)getpid(),
       afl->queue_cycle ? (afl->queue_cycle - 1) : 0, afl->cycles_wo_finds,
       afl->longest_find_time > cur_time - afl->last_find_time
@@ -342,11 +381,13 @@ void write_stats_file(afl_state_t *afl, u32 t_bytes, double bitmap_cvg,
           : ((afl->start_time == 0 || afl->last_find_time == 0)
                  ? 0
                  : (cur_time - afl->last_find_time) / 1000),
-      (runtime - (afl->calibration_time_us + afl->sync_time_us + afl->trim_time_us) / 1000) / 1000,
+      (runtime -
-      afl->calibration_time_us / 1000000,
+       (afl->calibration_time_us + afl->sync_time_us + afl->trim_time_us) /
-      afl->sync_time_us / 1000000,
+           1000) /
-      afl->trim_time_us / 1000000,
+          1000,
-      afl->fsrv.total_execs, afl->fsrv.total_execs / ((double)(runtime) / 1000),
+      afl->calibration_time_us / 1000000, afl->sync_time_us / 1000000,
+      afl->trim_time_us / 1000000, afl->fsrv.total_execs,
+      afl->fsrv.total_execs / ((double)(runtime) / 1000),
       afl->last_avg_execs_saved, afl->queued_items, afl->queued_favored,
       afl->queued_discovered, afl->queued_imported, afl->queued_variable,
       afl->max_depth, afl->current_entry, afl->pending_favored,
@@ -415,6 +456,7 @@ void write_stats_file(afl_state_t *afl, u32 t_bytes, double bitmap_cvg,
 
   fclose(f);
   rename(fn_tmp, fn_final);
+
 }
 
 #ifdef INTROSPECTION
@@ -2438,20 +2480,28 @@ void show_init_stats(afl_state_t *afl) {
 #undef IB
 
 }
+
 void update_calibration_time(afl_state_t *afl, u64 *time) {
+
   u64 cur = get_cur_time_us();
   afl->calibration_time_us += cur - *time;
   *time = cur;
+
 }
 
 void update_trim_time(afl_state_t *afl, u64 *time) {
+
   u64 cur = get_cur_time_us();
   afl->trim_time_us += cur - *time;
   *time = cur;
+
 }
 
 void update_sync_time(afl_state_t *afl, u64 *time) {
+
   u64 cur = get_cur_time_us();
   afl->sync_time_us += cur - *time;
   *time = cur;
+
 }
+

src/afl-fuzz.c

@@ -5,8 +5,9 @@
    Originally written by Michal Zalewski
 
    Now maintained by Marc Heuse <mh@mh-sec.de>,
-                        Heiko Eißfeldt <heiko.eissfeldt@hexco.de> and
+                     Dominik Meier <mail@dmnk.co>,
-                        Andrea Fioraldi <andreafioraldi@gmail.com>
+                     Andrea Fioraldi <andreafioraldi@gmail.com>, and
+                     Heiko Eissfeldt <heiko.eissfeldt@hexco.de>
 
    Copyright 2016, 2017 Google Inc. All rights reserved.
    Copyright 2019-2024 AFLplusplus Project. All rights reserved.
@@ -199,7 +200,8 @@ static void usage(u8 *argv0, int more_help) {
 
       "Test settings:\n"
       "  -s seed       - use a fixed seed for the RNG\n"
-      "  -V seconds    - fuzz for a specified time then terminate\n"
+      "  -V seconds    - fuzz for a specified time then terminate (fuzz time "
+      "only!)\n"
       "  -E execs      - fuzz for an approx. no. of total executions then "
       "terminate\n"
       "                  Note: not precise and can have several more "
@@ -2543,8 +2545,6 @@ int main(int argc, char **argv_orig, char **envp) {
   }
 
   // (void)nice(-20);  // does not improve the speed
-  // real start time, we reset, so this works correctly with -V
-  afl->start_time = get_cur_time();
 
   #ifdef INTROSPECTION
   u32 prev_saved_crashes = 0, prev_saved_tmouts = 0;
@@ -2565,6 +2565,9 @@ int main(int argc, char **argv_orig, char **envp) {
   OKF("Writing mutation introspection to '%s'", ifn);
   #endif
 
+  // real start time, we reset, so this works correctly with -V
+  afl->start_time = get_cur_time();
+
   while (likely(!afl->stop_soon)) {
 
     cull_queue(afl);
@@ -2585,6 +2588,13 @@ int main(int argc, char **argv_orig, char **envp) {
 
         sync_fuzzers(afl);
 
+        if (!afl->queue_cycle && afl->afl_env.afl_import_first) {
+
+          // real start time, we reset, so this works correctly with -V
+          afl->start_time = get_cur_time();
+
+        }
+
       }
 
       ++afl->queue_cycle;
@@ -3099,3 +3109,4 @@ stop_fuzzing:
 }
 
 #endif                                                          /* !AFL_LIB */
+