mirror of
https://github.com/AFLplusplus/AFLplusplus.git
synced 2025-06-15 03:18:07 +00:00
add cmplog_time measurement
This commit is contained in:
vanhauser-thc
@ -656,6 +656,7 @@ typedef struct afl_state {
|
|||||||
switch_fuzz_mode, /* auto or fixed fuzz mode */
|
switch_fuzz_mode, /* auto or fixed fuzz mode */
|
||||||
calibration_time_us, /* Time spend on calibration */
|
calibration_time_us, /* Time spend on calibration */
|
||||||
sync_time_us, /* Time spend on sync */
|
sync_time_us, /* Time spend on sync */
|
||||||
|
cmplog_time_us, /* Time spend on cmplog */
|
||||||
trim_time_us; /* Time spend on trimming */
|
trim_time_us; /* Time spend on trimming */
|
||||||
|
|
||||||
u32 slowest_exec_ms, /* Slowest testcase non hang in ms */
|
u32 slowest_exec_ms, /* Slowest testcase non hang in ms */
|
||||||
|
|||||||
@ -2938,7 +2938,8 @@ static u8 rtn_fuzz(afl_state_t *afl, u32 key, u8 *orig_buf, u8 *buf, u8 *cbuf,
|
|||||||
// afl->queue_cur->exec_cksum
|
// afl->queue_cur->exec_cksum
|
||||||
u8 input_to_state_stage(afl_state_t *afl, u8 *orig_buf, u8 *buf, u32 len) {
|
u8 input_to_state_stage(afl_state_t *afl, u8 *orig_buf, u8 *buf, u32 len) {
|
||||||
|
|
||||||
u8 r = 1;
|
u64 cmplog_start_us = get_cur_time_us();
|
||||||
|
u8 r = 1;
|
||||||
if (unlikely(!afl->pass_stats)) {
|
if (unlikely(!afl->pass_stats)) {
|
||||||
|
|
||||||
afl->pass_stats = ck_alloc(sizeof(struct afl_pass_stat) * CMP_MAP_W);
|
afl->pass_stats = ck_alloc(sizeof(struct afl_pass_stat) * CMP_MAP_W);
|
||||||
@ -2966,7 +2967,12 @@ u8 input_to_state_stage(afl_state_t *afl, u8 *orig_buf, u8 *buf, u32 len) {
|
|||||||
|
|
||||||
if (!afl->queue_cur->taint || !afl->queue_cur->cmplog_colorinput) {
|
if (!afl->queue_cur->taint || !afl->queue_cur->cmplog_colorinput) {
|
||||||
|
|
||||||
if (unlikely(colorization(afl, buf, len, &taint))) { return 1; }
|
if (unlikely(colorization(afl, buf, len, &taint))) {
|
||||||
|
|
||||||
|
update_cmplog_time(afl, &cmplog_start_us);
|
||||||
|
return 1;
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
// no taint? still try, create a dummy to prevent again colorization
|
// no taint? still try, create a dummy to prevent again colorization
|
||||||
if (!taint) {
|
if (!taint) {
|
||||||
@ -2975,6 +2981,7 @@ u8 input_to_state_stage(afl_state_t *afl, u8 *orig_buf, u8 *buf, u32 len) {
|
|||||||
fprintf(stderr, "TAINT FAILED\n");
|
fprintf(stderr, "TAINT FAILED\n");
|
||||||
#endif
|
#endif
|
||||||
afl->queue_cur->colorized = CMPLOG_LVL_MAX;
|
afl->queue_cur->colorized = CMPLOG_LVL_MAX;
|
||||||
|
update_cmplog_time(afl, &cmplog_start_us);
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
}
|
}
|
||||||
@ -2995,6 +3002,8 @@ u8 input_to_state_stage(afl_state_t *afl, u8 *orig_buf, u8 *buf, u32 len) {
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
update_cmplog_time(afl, &cmplog_start_us);
|
||||||
|
|
||||||
struct tainted *t = taint;
|
struct tainted *t = taint;
|
||||||
|
|
||||||
#ifdef _DEBUG
|
#ifdef _DEBUG
|
||||||
@ -3027,6 +3036,7 @@ u8 input_to_state_stage(afl_state_t *afl, u8 *orig_buf, u8 *buf, u32 len) {
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
update_cmplog_time(afl, &cmplog_start_us);
|
||||||
return 1;
|
return 1;
|
||||||
|
|
||||||
}
|
}
|
||||||
@ -3050,6 +3060,7 @@ u8 input_to_state_stage(afl_state_t *afl, u8 *orig_buf, u8 *buf, u32 len) {
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
update_cmplog_time(afl, &cmplog_start_us);
|
||||||
return 1;
|
return 1;
|
||||||
|
|
||||||
}
|
}
|
||||||
@ -3068,6 +3079,7 @@ u8 input_to_state_stage(afl_state_t *afl, u8 *orig_buf, u8 *buf, u32 len) {
|
|||||||
u64 orig_hit_cnt, new_hit_cnt;
|
u64 orig_hit_cnt, new_hit_cnt;
|
||||||
u64 orig_execs = afl->fsrv.total_execs;
|
u64 orig_execs = afl->fsrv.total_execs;
|
||||||
orig_hit_cnt = afl->queued_items + afl->saved_crashes;
|
orig_hit_cnt = afl->queued_items + afl->saved_crashes;
|
||||||
|
update_cmplog_time(afl, &cmplog_start_us);
|
||||||
|
|
||||||
afl->stage_name = "input-to-state";
|
afl->stage_name = "input-to-state";
|
||||||
afl->stage_short = "its";
|
afl->stage_short = "its";
|
||||||
@ -3144,6 +3156,8 @@ u8 input_to_state_stage(afl_state_t *afl, u8 *orig_buf, u8 *buf, u32 len) {
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
update_cmplog_time(afl, &cmplog_start_us);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
r = 0;
|
r = 0;
|
||||||
@ -3272,6 +3286,7 @@ exit_its:
|
|||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
update_cmplog_time(afl, &cmplog_start_us);
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
@ -207,6 +207,12 @@ void load_stats_file(afl_state_t *afl) {
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (starts_with("cmplog_time", keystring)) {
|
||||||
|
|
||||||
|
afl->cmplog_time_us = strtoull(lptr, &nptr, 10) * 1000000;
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
if (starts_with("trim_time", keystring)) {
|
if (starts_with("trim_time", keystring)) {
|
||||||
|
|
||||||
afl->trim_time_us = strtoull(lptr, &nptr, 10) * 1000000;
|
afl->trim_time_us = strtoull(lptr, &nptr, 10) * 1000000;
|
||||||
@ -322,8 +328,9 @@ void write_stats_file(afl_state_t *afl, u32 t_bytes, double bitmap_cvg,
|
|||||||
if (getrusage(RUSAGE_CHILDREN, &rus)) { rus.ru_maxrss = 0; }
|
if (getrusage(RUSAGE_CHILDREN, &rus)) { rus.ru_maxrss = 0; }
|
||||||
#endif
|
#endif
|
||||||
u64 runtime_ms = afl->prev_run_time + cur_time - afl->start_time;
|
u64 runtime_ms = afl->prev_run_time + cur_time - afl->start_time;
|
||||||
u64 overhead_ms =
|
u64 overhead_ms = (afl->calibration_time_us + afl->sync_time_us +
|
||||||
(afl->calibration_time_us + afl->sync_time_us + afl->trim_time_us) / 1000;
|
afl->trim_time_us + afl->cmplog_time_us) /
|
||||||
|
1000;
|
||||||
if (!runtime_ms) { runtime_ms = 1; }
|
if (!runtime_ms) { runtime_ms = 1; }
|
||||||
|
|
||||||
fprintf(
|
fprintf(
|
||||||
@ -337,6 +344,7 @@ void write_stats_file(afl_state_t *afl, u32 t_bytes, double bitmap_cvg,
|
|||||||
"time_wo_finds : %llu\n"
|
"time_wo_finds : %llu\n"
|
||||||
"fuzz_time : %llu\n"
|
"fuzz_time : %llu\n"
|
||||||
"calibration_time : %llu\n"
|
"calibration_time : %llu\n"
|
||||||
|
"cmplog_time : %llu\n"
|
||||||
"sync_time : %llu\n"
|
"sync_time : %llu\n"
|
||||||
"trim_time : %llu\n"
|
"trim_time : %llu\n"
|
||||||
"execs_done : %llu\n"
|
"execs_done : %llu\n"
|
||||||
@ -385,8 +393,9 @@ void write_stats_file(afl_state_t *afl, u32 t_bytes, double bitmap_cvg,
|
|||||||
? 0
|
? 0
|
||||||
: (cur_time - afl->last_find_time) / 1000),
|
: (cur_time - afl->last_find_time) / 1000),
|
||||||
(runtime_ms - MIN(runtime_ms, overhead_ms)) / 1000,
|
(runtime_ms - MIN(runtime_ms, overhead_ms)) / 1000,
|
||||||
afl->calibration_time_us / 1000000, afl->sync_time_us / 1000000,
|
afl->calibration_time_us / 1000000, afl->cmplog_time_us / 1000000,
|
||||||
afl->trim_time_us / 1000000, afl->fsrv.total_execs,
|
afl->sync_time_us / 1000000, afl->trim_time_us / 1000000,
|
||||||
|
afl->fsrv.total_execs,
|
||||||
afl->fsrv.total_execs / ((double)(runtime_ms) / 1000),
|
afl->fsrv.total_execs / ((double)(runtime_ms) / 1000),
|
||||||
afl->last_avg_execs_saved, afl->queued_items, afl->queued_favored,
|
afl->last_avg_execs_saved, afl->queued_items, afl->queued_favored,
|
||||||
afl->queued_discovered, afl->queued_imported, afl->queued_variable,
|
afl->queued_discovered, afl->queued_imported, afl->queued_variable,
|
||||||
@ -2511,3 +2520,11 @@ inline void update_sync_time(afl_state_t *afl, u64 *time) {
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
inline void update_cmplog_time(afl_state_t *afl, u64 *time) {
|
||||||
|
|
||||||
|
u64 cur = get_cur_time_us();
|
||||||
|
afl->cmplog_time_us += cur - *time;
|
||||||
|
*time = cur;
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user