ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-14 11:08:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix runtime underflow & -V exiting before syncing

Browse Source 
print_stats sets exit_soon even while syncing, this leaves -V 0 still broken, as we don't finish syncing.

Additionally, the change that introduced the previous -V fix also broke the runtime tracking, as runtime needs to include all time including sync, splice etc. This caused an underflow in the reported runtime.
This commit is contained in:
Cornelius Aschermann
2024-05-15 17:09:05 -07:00
parent 1db3b81d2e
commit 6dd5e931fc
3 changed files with 13 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/afl-fuzz-run.c
View File

@ -1193,4 +1193,3 @@ common_fuzz_stuff(afl_state_t *afl, u8 *out_buf, u32 len) {
return 0; return 0;
} }

27
src/afl-fuzz-stats.c
View File

@ -321,8 +321,9 @@ void write_stats_file(afl_state_t *afl, u32 t_bytes, double bitmap_cvg,
#ifndef __HAIKU__ #ifndef __HAIKU__
if (getrusage(RUSAGE_CHILDREN, &rus)) { rus.ru_maxrss = 0; } if (getrusage(RUSAGE_CHILDREN, &rus)) { rus.ru_maxrss = 0; }
#endif #endif
u64 runtime = afl->prev_run_time + cur_time - afl->start_time; u64 runtime_ms = afl->prev_run_time + cur_time - afl->start_time;
if (!runtime) { runtime = 1; } u64 overhead_ms = (afl->calibration_time_us + afl->sync_time_us + afl->trim_time_us) / 1000;
if (!runtime_ms) { runtime_ms = 1; }
fprintf( fprintf(
f, f,
@ -375,20 +376,17 @@ void write_stats_file(afl_state_t *afl, u32 t_bytes, double bitmap_cvg,
"target_mode : %s%s%s%s%s%s%s%s%s%s\n" "target_mode : %s%s%s%s%s%s%s%s%s%s\n"
"command_line : %s\n", "command_line : %s\n",
(afl->start_time /*- afl->prev_run_time*/) / 1000, cur_time / 1000, (afl->start_time /*- afl->prev_run_time*/) / 1000, cur_time / 1000,
runtime / 1000, (u32)getpid(), runtime_ms / 1000, (u32)getpid(),
afl->queue_cycle ? (afl->queue_cycle - 1) : 0, afl->cycles_wo_finds, afl->queue_cycle ? (afl->queue_cycle - 1) : 0, afl->cycles_wo_finds,
afl->longest_find_time > cur_time - afl->last_find_time afl->longest_find_time > cur_time - afl->last_find_time
? afl->longest_find_time / 1000 ? afl->longest_find_time / 1000
: ((afl->start_time == 0 || afl->last_find_time == 0) : ((afl->start_time == 0 || afl->last_find_time == 0)
? 0 ? 0
: (cur_time - afl->last_find_time) / 1000), : (cur_time - afl->last_find_time) / 1000),
(runtime - (runtime_ms - MIN(runtime_ms, overhead_ms)) / 1000,
((afl->calibration_time_us + afl->sync_time_us + afl->trim_time_us) /
1000)) /
1000,
afl->calibration_time_us / 1000000, afl->sync_time_us / 1000000, afl->calibration_time_us / 1000000, afl->sync_time_us / 1000000,
afl->trim_time_us / 1000000, afl->fsrv.total_execs, afl->trim_time_us / 1000000, afl->fsrv.total_execs,
afl->fsrv.total_execs / ((double)(runtime) / 1000), afl->fsrv.total_execs / ((double)(runtime_ms) / 1000),
afl->last_avg_execs_saved, afl->queued_items, afl->queued_favored, afl->last_avg_execs_saved, afl->queued_items, afl->queued_favored,
afl->queued_discovered, afl->queued_imported, afl->queued_variable, afl->queued_discovered, afl->queued_imported, afl->queued_variable,
afl->max_depth, afl->current_entry, afl->pending_favored, afl->max_depth, afl->current_entry, afl->pending_favored,
@ -632,9 +630,9 @@ void show_stats_normal(afl_state_t *afl) {
cur_ms = get_cur_time(); cur_ms = get_cur_time();
if (afl->most_time_key) { if (afl->most_time_key && afl->queue_cycle) {
if (afl->most_time * 1000 < cur_ms - afl->start_time) { if (afl->most_time * 1000 + afl->sync_time_us / 1000 < cur_ms - afl->start_time) {
afl->most_time_key = 2; afl->most_time_key = 2;
afl->stop_soon = 2; afl->stop_soon = 2;
@ -643,7 +641,7 @@ void show_stats_normal(afl_state_t *afl) {
} }
if (afl->most_execs_key == 1) { if (afl->most_execs_key == 1 && afl->queue_cycle) {
if (afl->most_execs <= afl->fsrv.total_execs) { if (afl->most_execs <= afl->fsrv.total_execs) {
@ -1462,9 +1460,9 @@ void show_stats_pizza(afl_state_t *afl) {
cur_ms = get_cur_time(); cur_ms = get_cur_time();
if (afl->most_time_key) { if (afl->most_time_key && afl->queue_cycle) {
if (afl->most_time * 1000 < cur_ms - afl->start_time) { if (afl->most_time * 1000 + afl->sync_time_us / 1000 < cur_ms - afl->start_time) {
afl->most_time_key = 2; afl->most_time_key = 2;
afl->stop_soon = 2; afl->stop_soon = 2;
@ -1473,7 +1471,7 @@ void show_stats_pizza(afl_state_t *afl) {
} }
if (afl->most_execs_key == 1) { if (afl->most_execs_key == 1 && afl->queue_cycle) {
if (afl->most_execs <= afl->fsrv.total_execs) { if (afl->most_execs <= afl->fsrv.total_execs) {
@ -2505,4 +2503,3 @@ void update_sync_time(afl_state_t *afl, u64 *time) {
*time = cur; *time = cur;
} }

11
src/afl-fuzz.c
View File

@ -1806,7 +1806,7 @@ int main(int argc, char **argv_orig, char **envp) {
afl->fsrv.use_fauxsrv = afl->non_instrumented_mode == 1 || afl->no_forkserver; afl->fsrv.use_fauxsrv = afl->non_instrumented_mode == 1 || afl->no_forkserver;
afl->fsrv.max_length = afl->max_length; afl->fsrv.max_length = afl->max_length;
#ifdef __linux__ #ifdef __linux__
if (!afl->fsrv.nyx_mode) { if (!afl->fsrv.nyx_mode) {
@ -2593,14 +2593,6 @@ int main(int argc, char **argv_orig, char **envp) {
} }
sync_fuzzers(afl); sync_fuzzers(afl);
if (!afl->queue_cycle && afl->afl_env.afl_import_first) {
// real start time, we reset, so this works correctly with -V
afl->start_time = get_cur_time();
}
} }
++afl->queue_cycle; ++afl->queue_cycle;
@ -3115,4 +3107,3 @@ stop_fuzzing:
} }
#endif /* !AFL_LIB */ #endif /* !AFL_LIB */