ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-14 19:08:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

moved string formatting to header

Browse Source
This commit is contained in:
Dominik Maier
2020-03-21 21:43:58 +01:00
parent f8d717d195
commit 54d01fec43
11 changed files with 307 additions and 382 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
include/afl-fuzz.h
View File

@ -804,13 +804,6 @@ u8 *describe_op(afl_state_t *, u8);
u8 save_if_interesting(afl_state_t *, void *, u32, u8); u8 save_if_interesting(afl_state_t *, void *, u32, u8);
u8 has_new_bits(afl_state_t *, u8 *); u8 has_new_bits(afl_state_t *, u8 *);
/* Misc */
u8 *DI(u8 *, size_t, u64);
u8 *DF(u8 *, size_t, double);
u8 *DMS(u8 *, size_t, u64);
u8 *DTD(u8 *, size_t, u64, u64);
/* Extras */ /* Extras */
void load_extras_file(afl_state_t *, u8 *, u32 *, u32 *, u32); void load_extras_file(afl_state_t *, u8 *, u32 *, u32 *, u32);

167
include/common.h
View File

@ -27,10 +27,16 @@
#ifndef __AFLCOMMON_H #ifndef __AFLCOMMON_H
#define __AFLCOMMON_H #define __AFLCOMMON_H
#include <stdio.h>
#include <string.h>
#include <sys/time.h> #include <sys/time.h>
#include "types.h" #include "types.h"
#include "stdbool.h" #include "stdbool.h"
/* STRINGIFY_VAL_SIZE_MAX will fit all stringify_ strings. */
#define STRINGIFY_VAL_SIZE_MAX (16)
void detect_file_args(char **argv, u8 *prog_in, u8 *use_stdin); void detect_file_args(char **argv, u8 *prog_in, u8 *use_stdin);
void check_environment_vars(char **env); void check_environment_vars(char **env);
@ -67,5 +73,166 @@ static u64 get_cur_time_us(void) {
} }
/* Describe integer. The buf should be
at least 6 bytes to fit all ints we randomly see.
Will return buf for convenience. */
static u8 *stringify_int(u8 *buf, size_t len, u64 val) {
#define CHK_FORMAT(_divisor, _limit_mult, _fmt, _cast) \
do { \
\
if (val < (_divisor) * (_limit_mult)) { \
\
snprintf(buf, len, _fmt, ((_cast)val) / (_divisor)); \
return buf; \
\
} \
\
} while (0)
/* 0-9999 */
CHK_FORMAT(1, 10000, "%llu", u64);
/* 10.0k - 99.9k */
CHK_FORMAT(1000, 99.95, "%0.01fk", double);
/* 100k - 999k */
CHK_FORMAT(1000, 1000, "%lluk", u64);
/* 1.00M - 9.99M */
CHK_FORMAT(1000 * 1000, 9.995, "%0.02fM", double);
/* 10.0M - 99.9M */
CHK_FORMAT(1000 * 1000, 99.95, "%0.01fM", double);
/* 100M - 999M */
CHK_FORMAT(1000 * 1000, 1000, "%lluM", u64);
/* 1.00G - 9.99G */
CHK_FORMAT(1000LL * 1000 * 1000, 9.995, "%0.02fG", double);
/* 10.0G - 99.9G */
CHK_FORMAT(1000LL * 1000 * 1000, 99.95, "%0.01fG", double);
/* 100G - 999G */
CHK_FORMAT(1000LL * 1000 * 1000, 1000, "%lluG", u64);
/* 1.00T - 9.99G */
CHK_FORMAT(1000LL * 1000 * 1000 * 1000, 9.995, "%0.02fT", double);
/* 10.0T - 99.9T */
CHK_FORMAT(1000LL * 1000 * 1000 * 1000, 99.95, "%0.01fT", double);
/* 100T+ */
strncpy(buf, "infty", len);
buf[len - 1] = '\0';
return buf;
}
/* Describe float. Similar as int. */
static u8 *stringify_float(u8 *buf, size_t len, double val) {
if (val < 99.995) {
snprintf(buf, len, "%0.02f", val);
} else if (val < 999.95) {
snprintf(buf, len, "%0.01f", val);
} else {
stringify_int(buf, len, (u64)val);
}
return buf;
}
/* Describe integer as memory size. */
static u8 *stringify_mem_size(u8 *buf, size_t len, u64 val) {
/* 0-9999 */
CHK_FORMAT(1, 10000, "%llu B", u64);
/* 10.0k - 99.9k */
CHK_FORMAT(1024, 99.95, "%0.01f kB", double);
/* 100k - 999k */
CHK_FORMAT(1024, 1000, "%llu kB", u64);
/* 1.00M - 9.99M */
CHK_FORMAT(1024 * 1024, 9.995, "%0.02f MB", double);
/* 10.0M - 99.9M */
CHK_FORMAT(1024 * 1024, 99.95, "%0.01f MB", double);
/* 100M - 999M */
CHK_FORMAT(1024 * 1024, 1000, "%llu MB", u64);
/* 1.00G - 9.99G */
CHK_FORMAT(1024LL * 1024 * 1024, 9.995, "%0.02f GB", double);
/* 10.0G - 99.9G */
CHK_FORMAT(1024LL * 1024 * 1024, 99.95, "%0.01f GB", double);
/* 100G - 999G */
CHK_FORMAT(1024LL * 1024 * 1024, 1000, "%llu GB", u64);
/* 1.00T - 9.99G */
CHK_FORMAT(1024LL * 1024 * 1024 * 1024, 9.995, "%0.02f TB", double);
/* 10.0T - 99.9T */
CHK_FORMAT(1024LL * 1024 * 1024 * 1024, 99.95, "%0.01f TB", double);
#undef CHK_FORMAT
/* 100T+ */
strncpy(buf, "infty", len - 1);
buf[len - 1] = '\0';
return buf;
}
/* Describe time delta as string.
Returns a pointer to buf for convenience. */
static u8 *stringify_time_diff(u8 *buf, size_t len, u64 cur_ms,
u64 event_ms) {
u64 delta;
s32 t_d, t_h, t_m, t_s;
u8 val_buf[STRINGIFY_VAL_SIZE_MAX];
if (!event_ms) {
snprintf(buf, len, "none seen yet");
} else {
delta = cur_ms - event_ms;
t_d = delta / 1000 / 60 / 60 / 24;
t_h = (delta / 1000 / 60 / 60) % 24;
t_m = (delta / 1000 / 60) % 60;
t_s = (delta / 1000) % 60;
stringify_int(val_buf, sizeof(val_buf), t_d);
snprintf(buf, len, "%s days, %d hrs, %d min, %d sec", val_buf, t_h, t_m,
t_s);
}
return buf;
}
#endif #endif

73
src/afl-forkserver.c
View File

@ -51,65 +51,6 @@
extern u8 *doc_path; extern u8 *doc_path;
static void forkserver_stringify_int(u8 *buf, size_t len, u64 val) {
u8 cur = 0;
#define CHK_FORMAT(_divisor, _limit_mult, _fmt, _cast) \
do { \
\
if (val < (_divisor) * (_limit_mult)) { \
\
snprintf(buf, len, _fmt, ((_cast)val) / (_divisor)); \
return; \
\
} \
\
} while (0)
cur = (cur + 1) % 12;
/* 0-9999 */
CHK_FORMAT(1, 10000, "%llu B", u64);
/* 10.0k - 99.9k */
CHK_FORMAT(1024, 99.95, "%0.01f kB", double);
/* 100k - 999k */
CHK_FORMAT(1024, 1000, "%llu kB", u64);
/* 1.00M - 9.99M */
CHK_FORMAT(1024 * 1024, 9.995, "%0.02f MB", double);
/* 10.0M - 99.9M */
CHK_FORMAT(1024 * 1024, 99.95, "%0.01f MB", double);
/* 100M - 999M */
CHK_FORMAT(1024 * 1024, 1000, "%llu MB", u64);
/* 1.00G - 9.99G */
CHK_FORMAT(1024LL * 1024 * 1024, 9.995, "%0.02f GB", double);
/* 10.0G - 99.9G */
CHK_FORMAT(1024LL * 1024 * 1024, 99.95, "%0.01f GB", double);
/* 100G - 999G */
CHK_FORMAT(1024LL * 1024 * 1024, 1000, "%llu GB", u64);
/* 1.00T - 9.99G */
CHK_FORMAT(1024LL * 1024 * 1024 * 1024, 9.995, "%0.02f TB", double);
/* 10.0T - 99.9T */
CHK_FORMAT(1024LL * 1024 * 1024 * 1024, 99.95, "%0.01f TB", double);
#undef CHK_FORMAT
/* 100T+ */
strncpy(buf, "infty", len - 1);
buf[len - 1] = '\0';
}
list_t fsrv_list = {.element_prealloc_count = 0}; list_t fsrv_list = {.element_prealloc_count = 0};
/* Initializes the struct */ /* Initializes the struct */
@ -453,9 +394,7 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv) {
} else { } else {
u8 mem_limit_buf[16]; u8 val_buf[STRINGIFY_VAL_SIZE_MAX];
forkserver_stringify_int(mem_limit_buf, sizeof(mem_limit_buf),
fsrv->mem_limit << 20);
SAYF("\n" cLRD "[-] " cRST SAYF("\n" cLRD "[-] " cRST
"Whoops, the target binary crashed suddenly, " "Whoops, the target binary crashed suddenly, "
@ -489,7 +428,8 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv) {
"options\n" "options\n"
" fail, poke <afl-users@googlegroups.com> for troubleshooting " " fail, poke <afl-users@googlegroups.com> for troubleshooting "
"tips.\n", "tips.\n",
mem_limit_buf, fsrv->mem_limit - 1); stringify_mem_size(val_buf, sizeof(val_buf), fsrv->mem_limit << 20),
fsrv->mem_limit - 1);
} }
@ -524,9 +464,7 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv) {
} else { } else {
u8 mem_limit_buf[16]; u8 val_buf[STRINGIFY_VAL_SIZE_MAX];
forkserver_stringify_int(mem_limit_buf, sizeof(mem_limit_buf),
fsrv->mem_limit << 20);
SAYF( SAYF(
"\n" cLRD "[-] " cRST "\n" cLRD "[-] " cRST
@ -559,7 +497,8 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv) {
"never\n" "never\n"
" reached before the program terminates.\n\n" " reached before the program terminates.\n\n"
: "", : "",
mem_limit_buf, fsrv->mem_limit - 1); stringify_int(val_buf, sizeof(val_buf), fsrv->mem_limit << 20),
fsrv->mem_limit - 1);
} }

4
src/afl-fuzz-bitmap.c
View File

@ -465,7 +465,7 @@ static void write_crash_readme(afl_state_t *afl) {
s32 fd; s32 fd;
FILE *f; FILE *f;
u8 int_buf[16]; u8 val_buf[STRINGIFY_VAL_SIZE_MAX];
fd = open(fn, O_WRONLY | O_CREAT | O_EXCL, 0600); fd = open(fn, O_WRONLY | O_CREAT | O_EXCL, 0600);
ck_free(fn); ck_free(fn);
@ -504,7 +504,7 @@ static void write_crash_readme(afl_state_t *afl) {
" https://github.com/AFLplusplus/AFLplusplus\n\n", " https://github.com/AFLplusplus/AFLplusplus\n\n",
afl->orig_cmdline, afl->orig_cmdline,
DMS(int_buf, sizeof(int_buf), stringify_mem_size(val_buf, sizeof(val_buf),
afl->fsrv.mem_limit << 20)); /* ignore errors */ afl->fsrv.mem_limit << 20)); /* ignore errors */
fclose(f); fclose(f);

9
src/afl-fuzz-cmplog.c
View File

@ -264,7 +264,7 @@ void init_cmplog_forkserver(afl_state_t *afl) {
} else { } else {
u8 int_buf[16]; u8 val_buf[STRINGIFY_VAL_SIZE_MAX];
SAYF("\n" cLRD "[-] " cRST SAYF("\n" cLRD "[-] " cRST
"Whoops, the target binary crashed suddenly, " "Whoops, the target binary crashed suddenly, "
@ -298,7 +298,8 @@ void init_cmplog_forkserver(afl_state_t *afl) {
"options\n" "options\n"
" fail, poke <afl-users@googlegroups.com> for troubleshooting " " fail, poke <afl-users@googlegroups.com> for troubleshooting "
"tips.\n", "tips.\n",
DMS(int_buf, sizeof(int_buf), afl->fsrv.mem_limit << 20), stringify_mem_size(val_buf, sizeof(val_buf),
afl->fsrv.mem_limit << 20),
afl->fsrv.mem_limit - 1); afl->fsrv.mem_limit - 1);
} }
@ -334,7 +335,7 @@ void init_cmplog_forkserver(afl_state_t *afl) {
} else { } else {
u8 int_buf[16]; u8 val_buf[STRINGIFY_VAL_SIZE_MAX];
SAYF( SAYF(
"\n" cLRD "[-] " cRST "\n" cLRD "[-] " cRST
@ -367,7 +368,7 @@ void init_cmplog_forkserver(afl_state_t *afl) {
"never\n" "never\n"
" reached before the program terminates.\n\n" " reached before the program terminates.\n\n"
: "", : "",
DMS(int_buf, sizeof(int_buf), afl->fsrv.mem_limit << 20), stringify_mem_size(val_buf, sizeof(val_buf), afl->fsrv.mem_limit << 20),
afl->fsrv.mem_limit - 1); afl->fsrv.mem_limit - 1);
} }

24
src/afl-fuzz-extras.c
View File

@ -55,7 +55,7 @@ void load_extras_file(afl_state_t *afl, u8 *fname, u32 *min_len, u32 *max_len,
u8 * lptr; u8 * lptr;
u32 cur_line = 0; u32 cur_line = 0;
u8 int_bufs[2][16]; u8 val_bufs[2][STRINGIFY_VAL_SIZE_MAX];
f = fopen(fname, "r"); f = fopen(fname, "r");
@ -172,9 +172,10 @@ void load_extras_file(afl_state_t *afl, u8 *fname, u32 *min_len, u32 *max_len,
afl->extras[afl->extras_cnt].len = klen; afl->extras[afl->extras_cnt].len = klen;
if (afl->extras[afl->extras_cnt].len > MAX_DICT_FILE) if (afl->extras[afl->extras_cnt].len > MAX_DICT_FILE)
FATAL("Keyword too big in line %u (%s, limit is %s)", cur_line, FATAL(
DMS(int_bufs[0], sizeof(int_bufs[0]), klen), "Keyword too big in line %u (%s, limit is %s)", cur_line,
DMS(int_bufs[1], sizeof(int_bufs[1]), MAX_DICT_FILE)); stringify_mem_size(val_bufs[0], sizeof(val_bufs[0]), klen),
stringify_mem_size(val_bufs[1], sizeof(val_bufs[1]), MAX_DICT_FILE));
if (*min_len > klen) *min_len = klen; if (*min_len > klen) *min_len = klen;
if (*max_len < klen) *max_len = klen; if (*max_len < klen) *max_len = klen;
@ -196,7 +197,7 @@ void load_extras(afl_state_t *afl, u8 *dir) {
u32 min_len = MAX_DICT_FILE, max_len = 0, dict_level = 0; u32 min_len = MAX_DICT_FILE, max_len = 0, dict_level = 0;
u8 * x; u8 * x;
u8 int_bufs[2][16]; u8 val_bufs[2][STRINGIFY_VAL_SIZE_MAX];
/* If the name ends with @, extract level and continue. */ /* If the name ends with @, extract level and continue. */
@ -243,9 +244,10 @@ void load_extras(afl_state_t *afl, u8 *dir) {
} }
if (st.st_size > MAX_DICT_FILE) if (st.st_size > MAX_DICT_FILE)
FATAL("Extra '%s' is too big (%s, limit is %s)", fn, FATAL(
DMS(int_bufs[0], sizeof(int_bufs[0]), st.st_size), "Extra '%s' is too big (%s, limit is %s)", fn,
DMS(int_bufs[1], sizeof(int_bufs[1]), MAX_DICT_FILE)); stringify_mem_size(val_bufs[0], sizeof(val_bufs[0]), st.st_size),
stringify_mem_size(val_bufs[1], sizeof(val_bufs[1]), MAX_DICT_FILE));
if (min_len > st.st_size) min_len = st.st_size; if (min_len > st.st_size) min_len = st.st_size;
if (max_len < st.st_size) max_len = st.st_size; if (max_len < st.st_size) max_len = st.st_size;
@ -279,12 +281,12 @@ check_and_sort:
compare_extras_len); compare_extras_len);
OKF("Loaded %u extra tokens, size range %s to %s.", afl->extras_cnt, OKF("Loaded %u extra tokens, size range %s to %s.", afl->extras_cnt,
DMS(int_bufs[0], sizeof(int_bufs[0]), min_len), stringify_mem_size(val_bufs[0], sizeof(val_bufs[0]), min_len),
DMS(int_bufs[1], sizeof(int_bufs[1]), max_len)); stringify_mem_size(val_bufs[1], sizeof(val_bufs[1]), max_len));
if (max_len > 32) if (max_len > 32)
WARNF("Some tokens are relatively large (%s) - consider trimming.", WARNF("Some tokens are relatively large (%s) - consider trimming.",
DMS(int_bufs[0], sizeof(int_bufs[0]), max_len)); stringify_mem_size(val_bufs[0], sizeof(val_bufs[0]), max_len));
if (afl->extras_cnt > MAX_DET_EXTRAS) if (afl->extras_cnt > MAX_DET_EXTRAS)
WARNF("More than %d tokens - will use them probabilistically.", WARNF("More than %d tokens - will use them probabilistically.",

11
src/afl-fuzz-init.c
View File

@ -323,7 +323,7 @@ void read_testcases(afl_state_t *afl) {
u32 i; u32 i;
u8 * fn1; u8 * fn1;
u8 int_buf[2][16]; u8 val_buf[2][STRINGIFY_VAL_SIZE_MAX];
/* Auto-detect non-in-place resumption attempts. */ /* Auto-detect non-in-place resumption attempts. */
@ -392,8 +392,8 @@ void read_testcases(afl_state_t *afl) {
if (st.st_size > MAX_FILE) if (st.st_size > MAX_FILE)
FATAL("Test case '%s' is too big (%s, limit is %s)", fn2, FATAL("Test case '%s' is too big (%s, limit is %s)", fn2,
DMS(int_buf[0], sizeof(int_buf[0]), st.st_size), stringify_mem_size(val_buf[0], sizeof(val_buf[0]), st.st_size),
DMS(int_buf[1], sizeof(int_buf[1]), MAX_FILE)); stringify_mem_size(val_buf[1], sizeof(val_buf[1]), MAX_FILE));
/* Check for metadata that indicates that deterministic fuzzing /* Check for metadata that indicates that deterministic fuzzing
is complete for this entry. We don't want to repeat deterministic is complete for this entry. We don't want to repeat deterministic
@ -557,7 +557,7 @@ void perform_dry_run(afl_state_t *afl) {
if (afl->fsrv.mem_limit) { if (afl->fsrv.mem_limit) {
u8 int_buf[16]; u8 val_buf[STRINGIFY_VAL_SIZE_MAX];
SAYF("\n" cLRD "[-] " cRST SAYF("\n" cLRD "[-] " cRST
"Oops, the program crashed with one of the test cases provided. " "Oops, the program crashed with one of the test cases provided. "
@ -599,7 +599,8 @@ void perform_dry_run(afl_state_t *afl) {
"other options\n" "other options\n"
" fail, poke <afl-users@googlegroups.com> for " " fail, poke <afl-users@googlegroups.com> for "
"troubleshooting tips.\n", "troubleshooting tips.\n",
DMS(int_buf, sizeof(int_buf), afl->fsrv.mem_limit << 20), stringify_mem_size(val_buf, sizeof(val_buf),
afl->fsrv.mem_limit << 20),
afl->fsrv.mem_limit - 1, doc_path); afl->fsrv.mem_limit - 1, doc_path);
} else { } else {

187
src/afl-fuzz-misc.c
View File

@ -1,187 +0,0 @@
/*
american fuzzy lop++ - misc stuffs from Mordor
----------------------------------------------
Originally written by Michal Zalewski
Now maintained by Marc Heuse <mh@mh-sec.de>,
Heiko Eißfeldt <heiko.eissfeldt@hexco.de> and
Andrea Fioraldi <andreafioraldi@gmail.com>
Copyright 2016, 2017 Google Inc. All rights reserved.
Copyright 2019-2020 AFLplusplus Project. All rights reserved.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at:
http://www.apache.org/licenses/LICENSE-2.0
This is the real deal: the program takes an instrumented binary and
attempts a variety of basic fuzzing tricks, paying close attention to
how they affect the execution path.
*/
#include "afl-fuzz.h"
/* Describe integer. The buf should be
at least 6 bytes to fit all ints we randomly see.
Will return buf for convenience. */
u8 *DI(u8 *buf, size_t len, u64 val) {
\
#define CHK_FORMAT(_divisor, _limit_mult, _fmt, _cast) \
do { \
\
if (val < (_divisor) * (_limit_mult)) { \
\
snprintf(buf, len, _fmt, ((_cast)val) / (_divisor)); \
return buf; \
\
} \
\
} while (0)
/* 0-9999 */
CHK_FORMAT(1, 10000, "%llu", u64);
/* 10.0k - 99.9k */
CHK_FORMAT(1000, 99.95, "%0.01fk", double);
/* 100k - 999k */
CHK_FORMAT(1000, 1000, "%lluk", u64);
/* 1.00M - 9.99M */
CHK_FORMAT(1000 * 1000, 9.995, "%0.02fM", double);
/* 10.0M - 99.9M */
CHK_FORMAT(1000 * 1000, 99.95, "%0.01fM", double);
/* 100M - 999M */
CHK_FORMAT(1000 * 1000, 1000, "%lluM", u64);
/* 1.00G - 9.99G */
CHK_FORMAT(1000LL * 1000 * 1000, 9.995, "%0.02fG", double);
/* 10.0G - 99.9G */
CHK_FORMAT(1000LL * 1000 * 1000, 99.95, "%0.01fG", double);
/* 100G - 999G */
CHK_FORMAT(1000LL * 1000 * 1000, 1000, "%lluG", u64);
/* 1.00T - 9.99G */
CHK_FORMAT(1000LL * 1000 * 1000 * 1000, 9.995, "%0.02fT", double);
/* 10.0T - 99.9T */
CHK_FORMAT(1000LL * 1000 * 1000 * 1000, 99.95, "%0.01fT", double);
/* 100T+ */
strncpy(buf, "infty", len);
buf[len - 1] = '\0';
return buf;
}
/* Describe float. Similar as int. */
u8 *DF(u8 *buf, size_t len, double val) {
if (val < 99.995) {
snprintf(buf, len, "%0.02f", val);
} else if (val < 999.95) {
snprintf(buf, len, "%0.01f", val);
} else {
DI(buf, len, (u64)val);
}
return buf;
}
/* Describe integer as memory size. */
u8 *DMS(u8 *buf, size_t len, u64 val) {
/* 0-9999 */
CHK_FORMAT(1, 10000, "%llu B", u64);
/* 10.0k - 99.9k */
CHK_FORMAT(1024, 99.95, "%0.01f kB", double);
/* 100k - 999k */
CHK_FORMAT(1024, 1000, "%llu kB", u64);
/* 1.00M - 9.99M */
CHK_FORMAT(1024 * 1024, 9.995, "%0.02f MB", double);
/* 10.0M - 99.9M */
CHK_FORMAT(1024 * 1024, 99.95, "%0.01f MB", double);
/* 100M - 999M */
CHK_FORMAT(1024 * 1024, 1000, "%llu MB", u64);
/* 1.00G - 9.99G */
CHK_FORMAT(1024LL * 1024 * 1024, 9.995, "%0.02f GB", double);
/* 10.0G - 99.9G */
CHK_FORMAT(1024LL * 1024 * 1024, 99.95, "%0.01f GB", double);
/* 100G - 999G */
CHK_FORMAT(1024LL * 1024 * 1024, 1000, "%llu GB", u64);
/* 1.00T - 9.99G */
CHK_FORMAT(1024LL * 1024 * 1024 * 1024, 9.995, "%0.02f TB", double);
/* 10.0T - 99.9T */
CHK_FORMAT(1024LL * 1024 * 1024 * 1024, 99.95, "%0.01f TB", double);
#undef CHK_FORMAT
/* 100T+ */
strncpy(buf, "infty", len - 1);
buf[len - 1] = '\0';
return buf;
}
/* Describe time delta as string.
Returns a pointer to buf for convenience. */
u8 *DTD(u8 *buf, size_t len, u64 cur_ms, u64 event_ms) {
u64 delta;
s32 t_d, t_h, t_m, t_s;
u8 int_buf[16];
if (!event_ms) {
snprintf(buf, len, "none seen yet");
} else {
delta = cur_ms - event_ms;
t_d = delta / 1000 / 60 / 60 / 24;
t_h = (delta / 1000 / 60 / 60) % 24;
t_m = (delta / 1000 / 60) % 60;
t_s = (delta / 1000) % 60;
DI(int_buf, sizeof(int_buf), t_d);
snprintf(buf, len, "%s days, %d hrs, %d min, %d sec", int_buf, t_h, t_m,
t_s);
}
return buf;
}

4
src/afl-fuzz-mutators.c
View File

@ -196,7 +196,7 @@ u8 trim_case_custom(afl_state_t *afl, struct queue_entry *q, u8 *in_buf) {
u32 trim_exec = 0; u32 trim_exec = 0;
u32 orig_len = q->len; u32 orig_len = q->len;
u8 int_buf[16]; u8 val_buf[STRINGIFY_VAL_SIZE_MAX];
if (afl->stage_name != afl->stage_name_buf) if (afl->stage_name != afl->stage_name_buf)
afl->stage_name = afl->stage_name_buf; afl->stage_name = afl->stage_name_buf;
@ -213,7 +213,7 @@ u8 trim_case_custom(afl_state_t *afl, struct queue_entry *q, u8 *in_buf) {
while (afl->stage_cur < afl->stage_max) { while (afl->stage_cur < afl->stage_max) {
snprintf(afl->stage_name_buf, STAGE_BUF_SIZE, "ptrim %s", snprintf(afl->stage_name_buf, STAGE_BUF_SIZE, "ptrim %s",
DI(int_buf, sizeof(int_buf), trim_exec)); stringify_int(val_buf, sizeof(val_buf), trim_exec));
u32 cksum; u32 cksum;

6
src/afl-fuzz-run.c
View File

@ -605,7 +605,7 @@ u8 trim_case(afl_state_t *afl, struct queue_entry *q, u8 *in_buf) {
u32 remove_len; u32 remove_len;
u32 len_p2; u32 len_p2;
u8 int_bufs[2][16]; u8 val_bufs[2][STRINGIFY_VAL_SIZE_MAX];
/* Although the trimmer will be less useful when variable behavior is /* Although the trimmer will be less useful when variable behavior is
detected, it will still work to some extent, so we don't check for detected, it will still work to some extent, so we don't check for
@ -631,8 +631,8 @@ u8 trim_case(afl_state_t *afl, struct queue_entry *q, u8 *in_buf) {
u32 remove_pos = remove_len; u32 remove_pos = remove_len;
snprintf(afl->stage_name_buf, STAGE_BUF_SIZE, "trim %s/%s", snprintf(afl->stage_name_buf, STAGE_BUF_SIZE, "trim %s/%s",
DI(int_bufs[0], sizeof(int_bufs[0]), remove_len), stringify_int(val_bufs[0], sizeof(val_bufs[0]), remove_len),
DI(int_bufs[1], sizeof(int_bufs[1]), remove_len)); stringify_int(val_bufs[1], sizeof(val_bufs[1]), remove_len));
afl->stage_cur = 0; afl->stage_cur = 0;
afl->stage_max = q->len / remove_len; afl->stage_max = q->len / remove_len;

181
src/afl-fuzz-stats.c
View File

@ -205,8 +205,8 @@ void show_stats(afl_state_t *afl) {
u8 tmp[256]; u8 tmp[256];
u8 time_tmp[64]; u8 time_tmp[64];
u8 int_buf[8][16]; u8 val_buf[8][STRINGIFY_VAL_SIZE_MAX];
#define IB(i) int_buf[(i)], sizeof(int_buf[(i)]) #define IB(i) val_buf[(i)], sizeof(val_buf[(i)])
cur_ms = get_cur_time(); cur_ms = get_cur_time();
@ -394,10 +394,10 @@ void show_stats(afl_state_t *afl) {
} }
DTD(time_tmp, sizeof(time_tmp), cur_ms, afl->start_time); stringify_time_diff(time_tmp, sizeof(time_tmp), cur_ms, afl->start_time);
SAYF(bV bSTOP " run time : " cRST "%-33s " bSTG bV bSTOP SAYF(bV bSTOP " run time : " cRST "%-33s " bSTG bV bSTOP
" cycles done : %s%-5s " bSTG bV "\n", " cycles done : %s%-5s " bSTG bV "\n",
time_tmp, tmp, DI(IB(0), afl->queue_cycle - 1)); time_tmp, tmp, stringify_int(IB(0), afl->queue_cycle - 1));
/* We want to warn people about not seeing new paths after a full cycle, /* We want to warn people about not seeing new paths after a full cycle,
except when resuming fuzzing or running in non-instrumented mode. */ except when resuming fuzzing or running in non-instrumented mode. */
@ -406,7 +406,8 @@ void show_stats(afl_state_t *afl) {
(afl->last_path_time || afl->resuming_fuzz || afl->queue_cycle == 1 || (afl->last_path_time || afl->resuming_fuzz || afl->queue_cycle == 1 ||
afl->in_bitmap || afl->crash_mode)) { afl->in_bitmap || afl->crash_mode)) {
DTD(time_tmp, sizeof(time_tmp), cur_ms, afl->last_path_time); stringify_time_diff(time_tmp, sizeof(time_tmp), cur_ms,
afl->last_path_time);
SAYF(bV bSTOP " last new path : " cRST "%-33s ", time_tmp); SAYF(bV bSTOP " last new path : " cRST "%-33s ", time_tmp);
} else { } else {
@ -424,23 +425,23 @@ void show_stats(afl_state_t *afl) {
} }
SAYF(bSTG bV bSTOP " total paths : " cRST "%-5s " bSTG bV "\n", SAYF(bSTG bV bSTOP " total paths : " cRST "%-5s " bSTG bV "\n",
DI(IB(0), afl->queued_paths)); stringify_int(IB(0), afl->queued_paths));
/* Highlight crashes in red if found, denote going over the KEEP_UNIQUE_CRASH /* Highlight crashes in red if found, denote going over the KEEP_UNIQUE_CRASH
limit with a '+' appended to the count. */ limit with a '+' appended to the count. */
sprintf(tmp, "%s%s", DI(IB(0), afl->unique_crashes), sprintf(tmp, "%s%s", stringify_int(IB(0), afl->unique_crashes),
(afl->unique_crashes >= KEEP_UNIQUE_CRASH) ? "+" : ""); (afl->unique_crashes >= KEEP_UNIQUE_CRASH) ? "+" : "");
DTD(time_tmp, sizeof(time_tmp), cur_ms, afl->last_crash_time); stringify_time_diff(time_tmp, sizeof(time_tmp), cur_ms, afl->last_crash_time);
SAYF(bV bSTOP " last uniq crash : " cRST "%-33s " bSTG bV bSTOP SAYF(bV bSTOP " last uniq crash : " cRST "%-33s " bSTG bV bSTOP
" uniq crashes : %s%-6s" bSTG bV "\n", " uniq crashes : %s%-6s" bSTG bV "\n",
time_tmp, afl->unique_crashes ? cLRD : cRST, tmp); time_tmp, afl->unique_crashes ? cLRD : cRST, tmp);
sprintf(tmp, "%s%s", DI(IB(0), afl->unique_hangs), sprintf(tmp, "%s%s", stringify_int(IB(0), afl->unique_hangs),
(afl->unique_hangs >= KEEP_UNIQUE_HANG) ? "+" : ""); (afl->unique_hangs >= KEEP_UNIQUE_HANG) ? "+" : "");
DTD(time_tmp, sizeof(time_tmp), cur_ms, afl->last_hang_time); stringify_time_diff(time_tmp, sizeof(time_tmp), cur_ms, afl->last_hang_time);
SAYF(bV bSTOP " last uniq hang : " cRST "%-33s " bSTG bV bSTOP SAYF(bV bSTOP " last uniq hang : " cRST "%-33s " bSTG bV bSTOP
" uniq hangs : " cRST "%-6s" bSTG bV "\n", " uniq hangs : " cRST "%-6s" bSTG bV "\n",
time_tmp, tmp); time_tmp, tmp);
@ -453,7 +454,7 @@ void show_stats(afl_state_t *afl) {
together, but then cram them into a fixed-width field - so we need to together, but then cram them into a fixed-width field - so we need to
put them in a temporary buffer first. */ put them in a temporary buffer first. */
sprintf(tmp, "%s%s%u (%0.01f%%)", DI(IB(0), afl->current_entry), sprintf(tmp, "%s%s%u (%0.01f%%)", stringify_int(IB(0), afl->current_entry),
afl->queue_cur->favored ? "." : "*", afl->queue_cur->fuzz_level, afl->queue_cur->favored ? "." : "*", afl->queue_cur->fuzz_level,
((double)afl->current_entry * 100) / afl->queued_paths); ((double)afl->current_entry * 100) / afl->queued_paths);
@ -467,7 +468,7 @@ void show_stats(afl_state_t *afl) {
: ((t_bytes < 200 && !afl->dumb_mode) ? cPIN : cRST), : ((t_bytes < 200 && !afl->dumb_mode) ? cPIN : cRST),
tmp); tmp);
sprintf(tmp, "%s (%0.02f%%)", DI(IB(0), afl->cur_skipped_paths), sprintf(tmp, "%s (%0.02f%%)", stringify_int(IB(0), afl->cur_skipped_paths),
((double)afl->cur_skipped_paths * 100) / afl->queued_paths); ((double)afl->cur_skipped_paths * 100) / afl->queued_paths);
SAYF(bV bSTOP " paths timed out : " cRST "%-16s " bSTG bV, tmp); SAYF(bV bSTOP " paths timed out : " cRST "%-16s " bSTG bV, tmp);
@ -480,7 +481,7 @@ void show_stats(afl_state_t *afl) {
" stage progress " bSTG bH10 bH5 bH2 bH2 bX bH bSTOP cCYA " stage progress " bSTG bH10 bH5 bH2 bH2 bX bH bSTOP cCYA
" findings in depth " bSTG bH10 bH5 bH2 bH2 bVL "\n"); " findings in depth " bSTG bH10 bH5 bH2 bH2 bVL "\n");
sprintf(tmp, "%s (%0.02f%%)", DI(IB(0), afl->queued_favored), sprintf(tmp, "%s (%0.02f%%)", stringify_int(IB(0), afl->queued_favored),
((double)afl->queued_favored) * 100 / afl->queued_paths); ((double)afl->queued_favored) * 100 / afl->queued_paths);
/* Yeah... it's still going on... halp? */ /* Yeah... it's still going on... halp? */
@ -491,38 +492,40 @@ void show_stats(afl_state_t *afl) {
if (!afl->stage_max) { if (!afl->stage_max) {
sprintf(tmp, "%s/-", DI(IB(0), afl->stage_cur)); sprintf(tmp, "%s/-", stringify_int(IB(0), afl->stage_cur));
} else { } else {
sprintf(tmp, "%s/%s (%0.02f%%)", DI(IB(0), afl->stage_cur), sprintf(tmp, "%s/%s (%0.02f%%)", stringify_int(IB(0), afl->stage_cur),
DI(IB(1), afl->stage_max), stringify_int(IB(1), afl->stage_max),
((double)afl->stage_cur) * 100 / afl->stage_max); ((double)afl->stage_cur) * 100 / afl->stage_max);
} }
SAYF(bV bSTOP " stage execs : " cRST "%-21s" bSTG bV bSTOP, tmp); SAYF(bV bSTOP " stage execs : " cRST "%-21s" bSTG bV bSTOP, tmp);
sprintf(tmp, "%s (%0.02f%%)", DI(IB(0), afl->queued_with_cov), sprintf(tmp, "%s (%0.02f%%)", stringify_int(IB(0), afl->queued_with_cov),
((double)afl->queued_with_cov) * 100 / afl->queued_paths); ((double)afl->queued_with_cov) * 100 / afl->queued_paths);
SAYF(" new edges on : " cRST "%-22s" bSTG bV "\n", tmp); SAYF(" new edges on : " cRST "%-22s" bSTG bV "\n", tmp);
sprintf(tmp, "%s (%s%s unique)", DI(IB(0), afl->total_crashes), sprintf(tmp, "%s (%s%s unique)", stringify_int(IB(0), afl->total_crashes),
DI(IB(1), afl->unique_crashes), stringify_int(IB(1), afl->unique_crashes),
(afl->unique_crashes >= KEEP_UNIQUE_CRASH) ? "+" : ""); (afl->unique_crashes >= KEEP_UNIQUE_CRASH) ? "+" : "");
if (afl->crash_mode) { if (afl->crash_mode) {
SAYF(bV bSTOP " total execs : " cRST "%-20s " bSTG bV bSTOP SAYF(bV bSTOP " total execs : " cRST "%-20s " bSTG bV bSTOP
" new crashes : %s%-22s" bSTG bV "\n", " new crashes : %s%-22s" bSTG bV "\n",
DI(IB(0), afl->total_execs), afl->unique_crashes ? cLRD : cRST, tmp); stringify_int(IB(0), afl->total_execs),
afl->unique_crashes ? cLRD : cRST, tmp);
} else { } else {
SAYF(bV bSTOP " total execs : " cRST "%-20s " bSTG bV bSTOP SAYF(bV bSTOP " total execs : " cRST "%-20s " bSTG bV bSTOP
" total crashes : %s%-22s" bSTG bV "\n", " total crashes : %s%-22s" bSTG bV "\n",
DI(IB(0), afl->total_execs), afl->unique_crashes ? cLRD : cRST, tmp); stringify_int(IB(0), afl->total_execs),
afl->unique_crashes ? cLRD : cRST, tmp);
} }
@ -530,20 +533,23 @@ void show_stats(afl_state_t *afl) {
if (afl->stats_avg_exec < 100) { if (afl->stats_avg_exec < 100) {
snprintf(tmp, sizeof(tmp), "%s/sec (%s)", DF(IB(0), afl->stats_avg_exec), snprintf(tmp, sizeof(tmp), "%s/sec (%s)",
stringify_float(IB(0), afl->stats_avg_exec),
afl->stats_avg_exec < 20 ? "zzzz..." : "slow!"); afl->stats_avg_exec < 20 ? "zzzz..." : "slow!");
SAYF(bV bSTOP " exec speed : " cLRD "%-20s ", tmp); SAYF(bV bSTOP " exec speed : " cLRD "%-20s ", tmp);
} else { } else {
snprintf(tmp, sizeof(tmp), "%s/sec", DF(IB(0), afl->stats_avg_exec)); snprintf(tmp, sizeof(tmp), "%s/sec",
stringify_float(IB(0), afl->stats_avg_exec));
SAYF(bV bSTOP " exec speed : " cRST "%-20s ", tmp); SAYF(bV bSTOP " exec speed : " cRST "%-20s ", tmp);
} }
snprintf(tmp, sizeof(tmp), "%s (%s%s unique)", DI(IB(0), afl->total_tmouts), snprintf(tmp, sizeof(tmp), "%s (%s%s unique)",
DI(IB(1), afl->unique_tmouts), stringify_int(IB(0), afl->total_tmouts),
stringify_int(IB(1), afl->unique_tmouts),
(afl->unique_hangs >= KEEP_UNIQUE_HANG) ? "+" : ""); (afl->unique_hangs >= KEEP_UNIQUE_HANG) ? "+" : "");
SAYF(bSTG bV bSTOP " total tmouts : " cRST "%-22s" bSTG bV "\n", tmp); SAYF(bSTG bV bSTOP " total tmouts : " cRST "%-22s" bSTG bV "\n", tmp);
@ -562,78 +568,79 @@ void show_stats(afl_state_t *afl) {
} else { } else {
snprintf(tmp, sizeof(tmp), "%s/%s, %s/%s, %s/%s", snprintf(tmp, sizeof(tmp), "%s/%s, %s/%s, %s/%s",
DI(IB(0), afl->stage_finds[STAGE_FLIP1]), stringify_int(IB(0), afl->stage_finds[STAGE_FLIP1]),
DI(IB(1), afl->stage_cycles[STAGE_FLIP1]), stringify_int(IB(1), afl->stage_cycles[STAGE_FLIP1]),
DI(IB(2), afl->stage_finds[STAGE_FLIP2]), stringify_int(IB(2), afl->stage_finds[STAGE_FLIP2]),
DI(IB(3), afl->stage_cycles[STAGE_FLIP2]), stringify_int(IB(3), afl->stage_cycles[STAGE_FLIP2]),
DI(IB(3), afl->stage_finds[STAGE_FLIP4]), stringify_int(IB(3), afl->stage_finds[STAGE_FLIP4]),
DI(IB(5), afl->stage_cycles[STAGE_FLIP4])); stringify_int(IB(5), afl->stage_cycles[STAGE_FLIP4]));
} }
SAYF(bV bSTOP " bit flips : " cRST "%-36s " bSTG bV bSTOP SAYF(bV bSTOP " bit flips : " cRST "%-36s " bSTG bV bSTOP
" levels : " cRST "%-10s" bSTG bV "\n", " levels : " cRST "%-10s" bSTG bV "\n",
tmp, DI(IB(0), afl->max_depth)); tmp, stringify_int(IB(0), afl->max_depth));
if (!afl->skip_deterministic) if (!afl->skip_deterministic)
snprintf(tmp, sizeof(tmp), "%s/%s, %s/%s, %s/%s", snprintf(tmp, sizeof(tmp), "%s/%s, %s/%s, %s/%s",
DI(IB(0), afl->stage_finds[STAGE_FLIP8]), stringify_int(IB(0), afl->stage_finds[STAGE_FLIP8]),
DI(IB(1), afl->stage_cycles[STAGE_FLIP8]), stringify_int(IB(1), afl->stage_cycles[STAGE_FLIP8]),
DI(IB(2), afl->stage_finds[STAGE_FLIP16]), stringify_int(IB(2), afl->stage_finds[STAGE_FLIP16]),
DI(IB(3), afl->stage_cycles[STAGE_FLIP16]), stringify_int(IB(3), afl->stage_cycles[STAGE_FLIP16]),
DI(IB(4), afl->stage_finds[STAGE_FLIP32]), stringify_int(IB(4), afl->stage_finds[STAGE_FLIP32]),
DI(IB(5), afl->stage_cycles[STAGE_FLIP32])); stringify_int(IB(5), afl->stage_cycles[STAGE_FLIP32]));
SAYF(bV bSTOP " byte flips : " cRST "%-36s " bSTG bV bSTOP SAYF(bV bSTOP " byte flips : " cRST "%-36s " bSTG bV bSTOP
" pending : " cRST "%-10s" bSTG bV "\n", " pending : " cRST "%-10s" bSTG bV "\n",
tmp, DI(IB(0), afl->pending_not_fuzzed)); tmp, stringify_int(IB(0), afl->pending_not_fuzzed));
if (!afl->skip_deterministic) if (!afl->skip_deterministic)
snprintf(tmp, sizeof(tmp), "%s/%s, %s/%s, %s/%s", snprintf(tmp, sizeof(tmp), "%s/%s, %s/%s, %s/%s",
DI(IB(0), afl->stage_finds[STAGE_ARITH8]), stringify_int(IB(0), afl->stage_finds[STAGE_ARITH8]),
DI(IB(1), afl->stage_cycles[STAGE_ARITH8]), stringify_int(IB(1), afl->stage_cycles[STAGE_ARITH8]),
DI(IB(2), afl->stage_finds[STAGE_ARITH16]), stringify_int(IB(2), afl->stage_finds[STAGE_ARITH16]),
DI(IB(3), afl->stage_cycles[STAGE_ARITH16]), stringify_int(IB(3), afl->stage_cycles[STAGE_ARITH16]),
DI(IB(4), afl->stage_finds[STAGE_ARITH32]), stringify_int(IB(4), afl->stage_finds[STAGE_ARITH32]),
DI(IB(5), afl->stage_cycles[STAGE_ARITH32])); stringify_int(IB(5), afl->stage_cycles[STAGE_ARITH32]));
SAYF(bV bSTOP " arithmetics : " cRST "%-36s " bSTG bV bSTOP SAYF(bV bSTOP " arithmetics : " cRST "%-36s " bSTG bV bSTOP
" pend fav : " cRST "%-10s" bSTG bV "\n", " pend fav : " cRST "%-10s" bSTG bV "\n",
tmp, DI(IB(0), afl->pending_favored)); tmp, stringify_int(IB(0), afl->pending_favored));
if (!afl->skip_deterministic) if (!afl->skip_deterministic)
sprintf(tmp, "%s/%s, %s/%s, %s/%s", sprintf(tmp, "%s/%s, %s/%s, %s/%s",
DI(IB(0), afl->stage_finds[STAGE_INTEREST8]), stringify_int(IB(0), afl->stage_finds[STAGE_INTEREST8]),
DI(IB(1), afl->stage_cycles[STAGE_INTEREST8]), stringify_int(IB(1), afl->stage_cycles[STAGE_INTEREST8]),
DI(IB(2), afl->stage_finds[STAGE_INTEREST16]), stringify_int(IB(2), afl->stage_finds[STAGE_INTEREST16]),
DI(IB(3), afl->stage_cycles[STAGE_INTEREST16]), stringify_int(IB(3), afl->stage_cycles[STAGE_INTEREST16]),
DI(IB(4), afl->stage_finds[STAGE_INTEREST32]), stringify_int(IB(4), afl->stage_finds[STAGE_INTEREST32]),
DI(IB(5), afl->stage_cycles[STAGE_INTEREST32])); stringify_int(IB(5), afl->stage_cycles[STAGE_INTEREST32]));
SAYF(bV bSTOP " known ints : " cRST "%-36s " bSTG bV bSTOP SAYF(bV bSTOP " known ints : " cRST "%-36s " bSTG bV bSTOP
" own finds : " cRST "%-10s" bSTG bV "\n", " own finds : " cRST "%-10s" bSTG bV "\n",
tmp, DI(IB(0), afl->queued_discovered)); tmp, stringify_int(IB(0), afl->queued_discovered));
if (!afl->skip_deterministic) if (!afl->skip_deterministic)
snprintf(tmp, sizeof(tmp), "%s/%s, %s/%s, %s/%s", snprintf(tmp, sizeof(tmp), "%s/%s, %s/%s, %s/%s",
DI(IB(0), afl->stage_finds[STAGE_EXTRAS_UO]), stringify_int(IB(0), afl->stage_finds[STAGE_EXTRAS_UO]),
DI(IB(1), afl->stage_cycles[STAGE_EXTRAS_UO]), stringify_int(IB(1), afl->stage_cycles[STAGE_EXTRAS_UO]),
DI(IB(2), afl->stage_finds[STAGE_EXTRAS_UI]), stringify_int(IB(2), afl->stage_finds[STAGE_EXTRAS_UI]),
DI(IB(3), afl->stage_cycles[STAGE_EXTRAS_UI]), stringify_int(IB(3), afl->stage_cycles[STAGE_EXTRAS_UI]),
DI(IB(4), afl->stage_finds[STAGE_EXTRAS_AO]), stringify_int(IB(4), afl->stage_finds[STAGE_EXTRAS_AO]),
DI(IB(5), afl->stage_cycles[STAGE_EXTRAS_AO])); stringify_int(IB(5), afl->stage_cycles[STAGE_EXTRAS_AO]));
SAYF(bV bSTOP " dictionary : " cRST "%-36s " bSTG bV bSTOP SAYF(bV bSTOP " dictionary : " cRST "%-36s " bSTG bV bSTOP
" imported : " cRST "%-10s" bSTG bV "\n", " imported : " cRST "%-10s" bSTG bV "\n",
tmp, afl->sync_id ? DI(IB(0), afl->queued_imported) : (u8 *)"n/a"); tmp,
afl->sync_id ? stringify_int(IB(0), afl->queued_imported) : (u8 *)"n/a");
snprintf(tmp, sizeof(tmp), "%s/%s, %s/%s, %s/%s", snprintf(tmp, sizeof(tmp), "%s/%s, %s/%s, %s/%s",
DI(IB(0), afl->stage_finds[STAGE_HAVOC]), stringify_int(IB(0), afl->stage_finds[STAGE_HAVOC]),
DI(IB(2), afl->stage_cycles[STAGE_HAVOC]), stringify_int(IB(2), afl->stage_cycles[STAGE_HAVOC]),
DI(IB(3), afl->stage_finds[STAGE_SPLICE]), stringify_int(IB(3), afl->stage_finds[STAGE_SPLICE]),
DI(IB(4), afl->stage_cycles[STAGE_SPLICE]), stringify_int(IB(4), afl->stage_cycles[STAGE_SPLICE]),
DI(IB(5), afl->stage_finds[STAGE_RADAMSA]), stringify_int(IB(5), afl->stage_finds[STAGE_RADAMSA]),
DI(IB(6), afl->stage_cycles[STAGE_RADAMSA])); stringify_int(IB(6), afl->stage_cycles[STAGE_RADAMSA]));
SAYF(bV bSTOP " havoc/rad : " cRST "%-36s " bSTG bV bSTOP, tmp); SAYF(bV bSTOP " havoc/rad : " cRST "%-36s " bSTG bV bSTOP, tmp);
@ -654,14 +661,14 @@ void show_stats(afl_state_t *afl) {
if (afl->shm.cmplog_mode) { if (afl->shm.cmplog_mode) {
snprintf(tmp, sizeof(tmp), "%s/%s, %s/%s, %s/%s, %s/%s", snprintf(tmp, sizeof(tmp), "%s/%s, %s/%s, %s/%s, %s/%s",
DI(IB(0), afl->stage_finds[STAGE_PYTHON]), stringify_int(IB(0), afl->stage_finds[STAGE_PYTHON]),
DI(IB(1), afl->stage_cycles[STAGE_PYTHON]), stringify_int(IB(1), afl->stage_cycles[STAGE_PYTHON]),
DI(IB(2), afl->stage_finds[STAGE_CUSTOM_MUTATOR]), stringify_int(IB(2), afl->stage_finds[STAGE_CUSTOM_MUTATOR]),
DI(IB(3), afl->stage_cycles[STAGE_CUSTOM_MUTATOR]), stringify_int(IB(3), afl->stage_cycles[STAGE_CUSTOM_MUTATOR]),
DI(IB(4), afl->stage_finds[STAGE_COLORIZATION]), stringify_int(IB(4), afl->stage_finds[STAGE_COLORIZATION]),
DI(IB(5), afl->stage_cycles[STAGE_COLORIZATION]), stringify_int(IB(5), afl->stage_cycles[STAGE_COLORIZATION]),
DI(IB(6), afl->stage_finds[STAGE_ITS]), stringify_int(IB(6), afl->stage_finds[STAGE_ITS]),
DI(IB(7), afl->stage_cycles[STAGE_ITS])); stringify_int(IB(7), afl->stage_cycles[STAGE_ITS]));
SAYF(bV bSTOP " custom/rq : " cRST "%-36s " bSTG bVR bH20 bH2 bH bRB "\n", SAYF(bV bSTOP " custom/rq : " cRST "%-36s " bSTG bVR bH20 bH2 bH bRB "\n",
tmp); tmp);
@ -669,10 +676,10 @@ void show_stats(afl_state_t *afl) {
} else { } else {
snprintf(tmp, sizeof(tmp), "%s/%s, %s/%s", snprintf(tmp, sizeof(tmp), "%s/%s, %s/%s",
DI(IB(0), afl->stage_finds[STAGE_PYTHON]), stringify_int(IB(0), afl->stage_finds[STAGE_PYTHON]),
DI(IB(1), afl->stage_cycles[STAGE_PYTHON]), stringify_int(IB(1), afl->stage_cycles[STAGE_PYTHON]),
DI(IB(2), afl->stage_finds[STAGE_CUSTOM_MUTATOR]), stringify_int(IB(2), afl->stage_finds[STAGE_CUSTOM_MUTATOR]),
DI(IB(3), afl->stage_cycles[STAGE_CUSTOM_MUTATOR])); stringify_int(IB(3), afl->stage_cycles[STAGE_CUSTOM_MUTATOR]));
SAYF(bV bSTOP " py/custom : " cRST "%-36s " bSTG bVR bH20 bH2 bH bRB "\n", SAYF(bV bSTOP " py/custom : " cRST "%-36s " bSTG bVR bH20 bH2 bH bRB "\n",
tmp); tmp);
@ -688,7 +695,7 @@ void show_stats(afl_state_t *afl) {
sprintf(tmp, "%0.02f%%/%s, ", sprintf(tmp, "%0.02f%%/%s, ",
((double)(afl->bytes_trim_in - afl->bytes_trim_out)) * 100 / ((double)(afl->bytes_trim_in - afl->bytes_trim_out)) * 100 /
afl->bytes_trim_in, afl->bytes_trim_in,
DI(IB(0), afl->trim_execs)); stringify_int(IB(0), afl->trim_execs));
} }
@ -713,8 +720,9 @@ void show_stats(afl_state_t *afl) {
if (afl->mutator) { if (afl->mutator) {
sprintf(tmp, "%s/%s", DI(IB(0), afl->stage_finds[STAGE_CUSTOM_MUTATOR]), sprintf(tmp, "%s/%s",
DI(IB(1), afl->stage_cycles[STAGE_CUSTOM_MUTATOR])); stringify_int(IB(0), afl->stage_finds[STAGE_CUSTOM_MUTATOR]),
stringify_int(IB(1), afl->stage_cycles[STAGE_CUSTOM_MUTATOR]));
SAYF(bV bSTOP " custom mut. : " cRST "%-36s " bSTG bV RESET_G1, tmp); SAYF(bV bSTOP " custom mut. : " cRST "%-36s " bSTG bV RESET_G1, tmp);
} else { } else {
@ -789,8 +797,8 @@ void show_init_stats(afl_state_t *afl) {
u64 avg_us = 0; u64 avg_us = 0;
u32 max_len = 0; u32 max_len = 0;
u8 int_bufs[4][16]; u8 val_bufs[4][STRINGIFY_VAL_SIZE_MAX];
#define IB(i) int_bufs[(i)], sizeof(int_bufs[(i)]) #define IB(i) val_bufs[(i)], sizeof(val_bufs[(i)])
if (afl->total_cal_cycles) avg_us = afl->total_cal_us / afl->total_cal_cycles; if (afl->total_cal_cycles) avg_us = afl->total_cal_us / afl->total_cal_cycles;
@ -827,10 +835,10 @@ void show_init_stats(afl_state_t *afl) {
if (max_len > 50 * 1024) if (max_len > 50 * 1024)
WARNF(cLRD "Some test cases are huge (%s) - see %s/perf_tips.md!", WARNF(cLRD "Some test cases are huge (%s) - see %s/perf_tips.md!",
DMS(IB(0), max_len), doc_path); stringify_mem_size(IB(0), max_len), doc_path);
else if (max_len > 10 * 1024) else if (max_len > 10 * 1024)
WARNF("Some test cases are big (%s) - see %s/perf_tips.md.", WARNF("Some test cases are big (%s) - see %s/perf_tips.md.",
DMS(IB(0), max_len), doc_path); stringify_mem_size(IB(0), max_len), doc_path);
if (afl->useless_at_start && !afl->in_bitmap) if (afl->useless_at_start && !afl->in_bitmap)
WARNF(cLRD "Some test cases look useless. Consider using a smaller set."); WARNF(cLRD "Some test cases look useless. Consider using a smaller set.");
@ -854,7 +862,8 @@ void show_init_stats(afl_state_t *afl) {
max_bits, max_bits,
((double)afl->total_bitmap_size) / ((double)afl->total_bitmap_size) /
(afl->total_bitmap_entries ? afl->total_bitmap_entries : 1), (afl->total_bitmap_entries ? afl->total_bitmap_entries : 1),
DI(IB(0), min_us), DI(IB(1), max_us), DI(IB(2), avg_us)); stringify_int(IB(0), min_us), stringify_int(IB(1), max_us),
stringify_int(IB(2), avg_us));
if (!afl->timeout_given) { if (!afl->timeout_given) {