show fuzzing state

2025-06-10 17:21:33 +00:00 · 2023-06-08 12:32:51 +02:00 · 2023-06-08 12:32:51 +02:00 · c28779adc5
commit c28779adc5
parent c7c6ad1a94
3 changed files with 47 additions and 5 deletions
--- a/include/afl-fuzz.h
+++ b/include/afl-fuzz.h
@ -1202,6 +1202,7 @@ u8     check_if_text_buf(u8 *buf, u32 len);
 #ifndef AFL_SHOWMAP
 void setup_signal_handlers(void);
 #endif
+char *get_fuzzing_state(afl_state_t *afl);

 /* CmpLog */

--- a/src/afl-fuzz-one.c
+++ b/src/afl-fuzz-one.c
@ -402,11 +402,12 @@ u8 fuzz_one_original(afl_state_t *afl) {
  if (unlikely(afl->not_on_tty)) {

    ACTF(
-        "Fuzzing test case #%u (%u total, %llu crashes saved, mode=%s, "
+        "Fuzzing test case #%u (%u total, %llu crashes saved, state: %s, "
+        "mode=%s, "
        "perf_score=%0.0f, weight=%0.0f, favorite=%u, was_fuzzed=%u, "
        "exec_us=%llu, hits=%u, map=%u, ascii=%u)...",
        afl->current_entry, afl->queued_items, afl->saved_crashes,
-        afl->fuzz_mode ? "exploit" : "explore",
+        get_fuzzing_state(afl), afl->fuzz_mode ? "exploit" : "explore",
        afl->queue_cur->perf_score, afl->queue_cur->weight,
        afl->queue_cur->favored, afl->queue_cur->was_fuzzed,
        afl->queue_cur->exec_us,
--- a/src/afl-fuzz-stats.c
+++ b/src/afl-fuzz-stats.c
@ -27,6 +27,45 @@
 #include "envs.h"
 #include <limits.h>

+static char fuzzing_state[4][12] = {"started :-)", "in progress", "final phase",
+                                    "finished..."};
+
+char *get_fuzzing_state(afl_state_t *afl) {
+
+  u64 cur_ms = get_cur_time();
+  u64 last_find = cur_ms - afl->last_find_time;
+  u64 cur_run_time = cur_ms - afl->start_time;
+  u64 cur_total_run_time = afl->prev_run_time + cur_run_time;
+
+  if (unlikely(cur_run_time < 60 * 3 * 1000 ||
+               cur_total_run_time < 60 * 5 * 1000)) {
+
+    return fuzzing_state[0];
+
+  } else {
+
+    u64 last_find_100 = 100 * last_find;
+    u64 percent_cur = last_find_100 / cur_run_time;
+    u64 percent_total = last_find_100 / cur_total_run_time;
+
+    if (unlikely(percent_cur >= 90 && percent_total >= 90)) {
+
+      return fuzzing_state[3];
+
+    } else if (unlikely(percent_cur >= 75 && percent_total >= 75)) {
+
+      return fuzzing_state[2];
+
+    } else {
+
+      return fuzzing_state[1];
+
+    }
+
+  }
+
+}
+
 /* Write fuzzer setup file */

 void write_setup_file(afl_state_t *afl, u32 argc, char **argv) {
@ -1283,9 +1322,10 @@ void show_stats_normal(afl_state_t *afl) {

  /* Last line */

-  SAYF(SET_G1 "\n" bSTG bLB bH cCYA                                bSTOP
-              " strategy:%s %s " bSTG bH20 bH10 bH2 bRB bSTOP cRST RESET_G1,
-       cPIN, afl->fuzz_mode == 0 ? "explore" : "exploit");
+  SAYF(SET_G1 "\n" bSTG bLB bH cCYA          bSTOP " strategy:" cPIN
+              " %s " bSTG bH10 cCYA          bSTOP " state:" cPIN
+              " %s " bSTG bH2 bRB bSTOP cRST RESET_G1,
+       afl->fuzz_mode == 0 ? "explore" : "exploit", get_fuzzing_state(afl));

 #undef IB