time_wo_finds in fuzzer_stats

2025-06-11 01:31:37 +00:00 · 2023-03-27 17:51:53 +02:00 · 2023-03-27 17:51:53 +02:00 · b1bfc1ae76
commit b1bfc1ae76
parent 0faa323f12
5 changed files with 27 additions and 1 deletions
--- a/docs/Changelog.md
+++ b/docs/Changelog.md
@ -8,6 +8,7 @@
    - ensure temporary file descriptor is closed when not used
    - added `AFL_NO_WARN_INSTABILITY`
    - added `AFL_FRIDA_STATS_INTERVAL`
+    - added time_wo_finds to fuzzer_stats
  - afl-cc:
    - add CFI sanitizer variant to gcc targets
    - llvm 16 support (thanks to @devnexen!)
--- a/docs/afl-fuzz_approach.md
+++ b/docs/afl-fuzz_approach.md
@ -483,6 +483,7 @@ directory. This includes:
 - `fuzzer_pid`        - PID of the fuzzer process
 - `cycles_done`       - queue cycles completed so far
 - `cycles_wo_finds`   - number of cycles without any new paths found
+- `time_wo_finds`     - longest time in seconds no new path was found
 - `execs_done`        - number of execve() calls attempted
 - `execs_per_sec`     - overall number of execs per second
 - `corpus_count`      - total number of entries in the queue
--- a/include/afl-fuzz.h
+++ b/include/afl-fuzz.h
@ -591,6 +591,7 @@ typedef struct afl_state {
      last_find_time,                   /* Time for most recent path (ms)   */
      last_crash_time,                  /* Time for most recent crash (ms)  */
      last_hang_time,                   /* Time for most recent hang (ms)   */
+      longest_find_time,                /* Longest time taken for a find    */
      exit_on_time,                     /* Delay to exit if no new paths    */
      sync_time;                        /* Sync time (ms)                   */

--- a/src/afl-fuzz-queue.c
+++ b/src/afl-fuzz-queue.c
@ -577,7 +577,24 @@ void add_to_queue(afl_state_t *afl, u8 *fname, u32 len, u8 passed_det) {
  queue_buf[afl->queued_items - 1] = q;
  q->id = afl->queued_items - 1;

-  afl->last_find_time = get_cur_time();
+  u64 cur_time = get_cur_time();
+
+  if (likely(afl->start_time) &&
+      unlikely(afl->longest_find_time < cur_time - afl->last_find_time)) {
+
+    if (unlikely(!afl->last_find_time)) {
+
+      afl->longest_find_time = cur_time - afl->start_time;
+
+    } else {
+
+      afl->longest_find_time = cur_time - afl->last_find_time;
+
+    }
+
+  }
+
+  afl->last_find_time = cur_time;

  if (afl->custom_mutators_count) {

--- a/src/afl-fuzz-stats.c
+++ b/src/afl-fuzz-stats.c
@ -251,6 +251,7 @@ void write_stats_file(afl_state_t *afl, u32 t_bytes, double bitmap_cvg,
      "fuzzer_pid        : %u\n"
      "cycles_done       : %llu\n"
      "cycles_wo_finds   : %llu\n"
+      "time_wo_finds     : %llu\n"
      "execs_done        : %llu\n"
      "execs_per_sec     : %0.02f\n"
      "execs_ps_last_min : %0.02f\n"
@ -291,6 +292,11 @@ void write_stats_file(afl_state_t *afl, u32 t_bytes, double bitmap_cvg,
      (afl->start_time - afl->prev_run_time) / 1000, cur_time / 1000,
      (afl->prev_run_time + cur_time - afl->start_time) / 1000, (u32)getpid(),
      afl->queue_cycle ? (afl->queue_cycle - 1) : 0, afl->cycles_wo_finds,
+      afl->longest_find_time > cur_time - afl->last_find_time
+          ? afl->longest_find_time / 1000
+          : ((afl->start_time == 0 || afl->last_find_time == 0)
+                 ? 0
+                 : (cur_time - afl->last_find_time) / 1000),
      afl->fsrv.total_execs,
      afl->fsrv.total_execs /
          ((double)(afl->prev_run_time + get_cur_time() - afl->start_time) /