ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-08 16:21:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

little performance enhancements

Browse Source
This commit is contained in:
van Hauser 2020-03-22 19:06:39 +01:00
parent 5b64681867
commit d39e9ea11c
5 changed files with 84 additions and 67 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
include/common.h
View File

@ -78,7 +78,7 @@ static u64 get_cur_time_us(void) {
Will return buf for convenience. */ Will return buf for convenience. */
static u8 *stringify_int(u8 *buf, size_t len, u64 val) { static u8 *stringify_int(u8 *buf, size_t len, u64 val) {
\
#define CHK_FORMAT(_divisor, _limit_mult, _fmt, _cast) \ #define CHK_FORMAT(_divisor, _limit_mult, _fmt, _cast) \
do { \ do { \
\ \
@ -204,8 +204,7 @@ static u8 *stringify_mem_size(u8 *buf, size_t len, u64 val) {
/* Describe time delta as string. /* Describe time delta as string.
Returns a pointer to buf for convenience. */ Returns a pointer to buf for convenience. */
static u8 *stringify_time_diff(u8 *buf, size_t len, u64 cur_ms, static u8 *stringify_time_diff(u8 *buf, size_t len, u64 cur_ms, u64 event_ms) {
u64 event_ms) {
u64 delta; u64 delta;
s32 t_d, t_h, t_m, t_s; s32 t_d, t_h, t_m, t_s;

34
src/afl-fuzz-bitmap.c
View File

@ -138,7 +138,8 @@ u8 has_new_bits(afl_state_t *afl, u8 *virgin_map) {
} }
if (ret && virgin_map == afl->virgin_bits) afl->bitmap_changed = 1; if (unlikely(ret) && unlikely(virgin_map == afl->virgin_bits))
afl->bitmap_changed = 1;
return ret; return ret;
@ -419,7 +420,7 @@ u8 *describe_op(afl_state_t *afl, u8 hnb) {
u8 *ret = afl->describe_op_buf_256; u8 *ret = afl->describe_op_buf_256;
if (afl->syncing_party) { if (unlikely(afl->syncing_party)) {
sprintf(ret, "sync:%s,src:%06u", afl->syncing_party, afl->syncing_case); sprintf(ret, "sync:%s,src:%06u", afl->syncing_party, afl->syncing_case);
@ -472,11 +473,11 @@ static void write_crash_readme(afl_state_t *afl) {
/* Do not die on errors here - that would be impolite. */ /* Do not die on errors here - that would be impolite. */
if (fd < 0) return; if (unlikely(fd < 0)) return;
f = fdopen(fd, "w"); f = fdopen(fd, "w");
if (!f) { if (unlikely(!f)) {
close(fd); close(fd);
return; return;
@ -517,7 +518,7 @@ static void write_crash_readme(afl_state_t *afl) {
u8 save_if_interesting(afl_state_t *afl, void *mem, u32 len, u8 fault) { u8 save_if_interesting(afl_state_t *afl, void *mem, u32 len, u8 fault) {
if (len == 0) return 0; if (unlikely(len == 0)) return 0;
u8 *fn = ""; u8 *fn = "";
u8 hnb; u8 hnb;
@ -541,14 +542,14 @@ u8 save_if_interesting(afl_state_t *afl, void *mem, u32 len, u8 fault) {
} }
if (fault == afl->crash_mode) { if (unlikely(fault == afl->crash_mode)) {
/* Keep only if there are new bits in the map, add to queue for /* Keep only if there are new bits in the map, add to queue for
future fuzzing, etc. */ future fuzzing, etc. */
if (!(hnb = has_new_bits(afl, afl->virgin_bits))) { if (!(hnb = has_new_bits(afl, afl->virgin_bits))) {
if (afl->crash_mode) ++afl->total_crashes; if (unlikely(afl->crash_mode)) ++afl->total_crashes;
return 0; return 0;
} }
@ -580,10 +581,11 @@ u8 save_if_interesting(afl_state_t *afl, void *mem, u32 len, u8 fault) {
res = calibrate_case(afl, afl->queue_top, mem, afl->queue_cycle - 1, 0); res = calibrate_case(afl, afl->queue_top, mem, afl->queue_cycle - 1, 0);
if (res == FAULT_ERROR) FATAL("Unable to execute target application"); if (unlikely(res == FAULT_ERROR))
FATAL("Unable to execute target application");
fd = open(fn, O_WRONLY | O_CREAT | O_EXCL, 0600); fd = open(fn, O_WRONLY | O_CREAT | O_EXCL, 0600);
if (fd < 0) PFATAL("Unable to create '%s'", fn); if (unlikely(fd < 0)) PFATAL("Unable to create '%s'", fn);
ck_write(fd, mem, len, fn); ck_write(fd, mem, len, fn);
close(fd); close(fd);
@ -604,7 +606,7 @@ u8 save_if_interesting(afl_state_t *afl, void *mem, u32 len, u8 fault) {
if (afl->unique_hangs >= KEEP_UNIQUE_HANG) return keeping; if (afl->unique_hangs >= KEEP_UNIQUE_HANG) return keeping;
if (!afl->dumb_mode) { if (likely(!afl->dumb_mode)) {
#ifdef WORD_SIZE_64 #ifdef WORD_SIZE_64
simplify_trace((u64 *)afl->fsrv.trace_bits); simplify_trace((u64 *)afl->fsrv.trace_bits);
@ -667,7 +669,7 @@ u8 save_if_interesting(afl_state_t *afl, void *mem, u32 len, u8 fault) {
if (afl->unique_crashes >= KEEP_UNIQUE_CRASH) return keeping; if (afl->unique_crashes >= KEEP_UNIQUE_CRASH) return keeping;
if (!afl->dumb_mode) { if (likely(!afl->dumb_mode)) {
#ifdef WORD_SIZE_64 #ifdef WORD_SIZE_64
simplify_trace((u64 *)afl->fsrv.trace_bits); simplify_trace((u64 *)afl->fsrv.trace_bits);
@ -679,7 +681,7 @@ u8 save_if_interesting(afl_state_t *afl, void *mem, u32 len, u8 fault) {
} }
if (!afl->unique_crashes) write_crash_readme(afl); if (unlikely(!afl->unique_crashes)) write_crash_readme(afl);
#ifndef SIMPLE_FILES #ifndef SIMPLE_FILES
@ -695,10 +697,10 @@ u8 save_if_interesting(afl_state_t *afl, void *mem, u32 len, u8 fault) {
#endif /* ^!SIMPLE_FILES */ #endif /* ^!SIMPLE_FILES */
++afl->unique_crashes; ++afl->unique_crashes;
if (afl->infoexec) { // if the user wants to be informed on new crashes - if (unlikely(afl->infoexec)) {
// do
// if the user wants to be informed on new crashes - do that
#if !TARGET_OS_IPHONE #if !TARGET_OS_IPHONE
// that
if (system(afl->infoexec) == -1) if (system(afl->infoexec) == -1)
hnb += 0; // we dont care if system errors, but we dont want a hnb += 0; // we dont care if system errors, but we dont want a
// compiler warning either // compiler warning either
@ -723,7 +725,7 @@ u8 save_if_interesting(afl_state_t *afl, void *mem, u32 len, u8 fault) {
test case, too. */ test case, too. */
fd = open(fn, O_WRONLY | O_CREAT | O_EXCL, 0600); fd = open(fn, O_WRONLY | O_CREAT | O_EXCL, 0600);
if (fd < 0) PFATAL("Unable to create '%s'", fn); if (unlikely(fd < 0)) PFATAL("Unable to create '%s'", fn);
ck_write(fd, mem, len, fn); ck_write(fd, mem, len, fn);
close(fd); close(fd);

94
src/afl-fuzz-one.c
View File

@ -67,7 +67,7 @@ static u32 choose_block_len(afl_state_t *afl, u32 limit) {
u32 min_value, max_value; u32 min_value, max_value;
u32 rlim = MIN(afl->queue_cycle, 3); u32 rlim = MIN(afl->queue_cycle, 3);
if (!afl->run_over10m) rlim = 1; if (unlikely(!afl->run_over10m)) rlim = 1;
switch (rand_below(afl, rlim)) { switch (rand_below(afl, rlim)) {
@ -356,7 +356,7 @@ u8 fuzz_one_original(afl_state_t *afl) {
#else #else
if (afl->mutator && afl->mutator->afl_custom_queue_get) { if (unlikely(afl->mutator) && unlikely(afl->mutator->afl_custom_queue_get)) {
/* The custom mutator will decide to skip this test case or not. */ /* The custom mutator will decide to skip this test case or not. */
@ -365,7 +365,7 @@ u8 fuzz_one_original(afl_state_t *afl) {
} }
if (afl->pending_favored) { if (likely(afl->pending_favored)) {
/* If we have any favored, non-fuzzed new arrivals in the queue, /* If we have any favored, non-fuzzed new arrivals in the queue,
possibly skip to them at the expense of already-fuzzed or non-favored possibly skip to them at the expense of already-fuzzed or non-favored
@ -399,7 +399,7 @@ u8 fuzz_one_original(afl_state_t *afl) {
#endif /* ^IGNORE_FINDS */ #endif /* ^IGNORE_FINDS */
if (afl->not_on_tty) { if (unlikely(afl->not_on_tty)) {
ACTF("Fuzzing test case #%u (%u total, %llu uniq crashes found)...", ACTF("Fuzzing test case #%u (%u total, %llu uniq crashes found)...",
afl->current_entry, afl->queued_paths, afl->unique_crashes); afl->current_entry, afl->queued_paths, afl->unique_crashes);
@ -411,13 +411,13 @@ u8 fuzz_one_original(afl_state_t *afl) {
fd = open(afl->queue_cur->fname, O_RDONLY); fd = open(afl->queue_cur->fname, O_RDONLY);
if (fd < 0) PFATAL("Unable to open '%s'", afl->queue_cur->fname); if (unlikely(fd < 0)) PFATAL("Unable to open '%s'", afl->queue_cur->fname);
len = afl->queue_cur->len; len = afl->queue_cur->len;
orig_in = in_buf = mmap(0, len, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0); orig_in = in_buf = mmap(0, len, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
if (orig_in == MAP_FAILED) if (unlikely(orig_in == MAP_FAILED))
PFATAL("Unable to mmap '%s' with len %d", afl->queue_cur->fname, len); PFATAL("Unable to mmap '%s' with len %d", afl->queue_cur->fname, len);
close(fd); close(fd);
@ -436,7 +436,7 @@ u8 fuzz_one_original(afl_state_t *afl) {
* CALIBRATION (only if failed earlier on) * * CALIBRATION (only if failed earlier on) *
*******************************************/ *******************************************/
if (afl->queue_cur->cal_failed) { if (unlikely(afl->queue_cur->cal_failed)) {
u8 res = FAULT_TMOUT; u8 res = FAULT_TMOUT;
@ -445,11 +445,12 @@ u8 fuzz_one_original(afl_state_t *afl) {
res = res =
calibrate_case(afl, afl->queue_cur, in_buf, afl->queue_cycle - 1, 0); calibrate_case(afl, afl->queue_cur, in_buf, afl->queue_cycle - 1, 0);
if (res == FAULT_ERROR) FATAL("Unable to execute target application"); if (unlikely(res == FAULT_ERROR))
FATAL("Unable to execute target application");
} }
if (afl->stop_soon || res != afl->crash_mode) { if (unlikely(afl->stop_soon) || res != afl->crash_mode) {
++afl->cur_skipped_paths; ++afl->cur_skipped_paths;
goto abandon_entry; goto abandon_entry;
@ -466,9 +467,10 @@ u8 fuzz_one_original(afl_state_t *afl) {
u8 res = trim_case(afl, afl->queue_cur, in_buf); u8 res = trim_case(afl, afl->queue_cur, in_buf);
if (res == FAULT_ERROR) FATAL("Unable to execute target application"); if (unlikely(res == FAULT_ERROR))
FATAL("Unable to execute target application");
if (afl->stop_soon) { if (unlikely(afl->stop_soon)) {
++afl->cur_skipped_paths; ++afl->cur_skipped_paths;
goto abandon_entry; goto abandon_entry;
@ -491,9 +493,9 @@ u8 fuzz_one_original(afl_state_t *afl) {
orig_perf = perf_score = calculate_score(afl, afl->queue_cur); orig_perf = perf_score = calculate_score(afl, afl->queue_cur);
if (perf_score == 0) goto abandon_entry; if (unlikely(perf_score == 0)) goto abandon_entry;
if (afl->use_radamsa > 1) goto radamsa_stage; if (unlikely(afl->use_radamsa > 1)) goto radamsa_stage;
if (afl->shm.cmplog_mode) { if (afl->shm.cmplog_mode) {
@ -1549,8 +1551,8 @@ custom_mutator_stage:
* CUSTOM MUTATORS * * CUSTOM MUTATORS *
*******************/ *******************/
if (!afl->mutator) goto havoc_stage; if (likely(!afl->mutator)) goto havoc_stage;
if (!afl->mutator->afl_custom_fuzz) goto havoc_stage; if (likely(!afl->mutator->afl_custom_fuzz)) goto havoc_stage;
afl->stage_name = "custom mutator"; afl->stage_name = "custom mutator";
afl->stage_short = "custom"; afl->stage_short = "custom";
@ -1603,7 +1605,7 @@ custom_mutator_stage:
/* Read the additional testcase into a new buffer. */ /* Read the additional testcase into a new buffer. */
fd = open(target->fname, O_RDONLY); fd = open(target->fname, O_RDONLY);
if (fd < 0) PFATAL("Unable to open '%s'", target->fname); if (unlikely(fd < 0)) PFATAL("Unable to open '%s'", target->fname);
new_buf = ck_alloc_nozero(target->len); new_buf = ck_alloc_nozero(target->len);
ck_read(fd, new_buf, target->len, target->fname); ck_read(fd, new_buf, target->len, target->fname);
close(fd); close(fd);
@ -1649,7 +1651,7 @@ custom_mutator_stage:
afl->stage_finds[STAGE_CUSTOM_MUTATOR] += new_hit_cnt - orig_hit_cnt; afl->stage_finds[STAGE_CUSTOM_MUTATOR] += new_hit_cnt - orig_hit_cnt;
afl->stage_cycles[STAGE_CUSTOM_MUTATOR] += afl->stage_max; afl->stage_cycles[STAGE_CUSTOM_MUTATOR] += afl->stage_max;
if (afl->custom_only) { if (likely(afl->custom_only)) {
/* Skip other stages */ /* Skip other stages */
ret_val = 0; ret_val = 0;
@ -1680,7 +1682,7 @@ havoc_stage:
perf_score = orig_perf; perf_score = orig_perf;
snprintf(afl->stage_name_buf, STAGE_BUF_SIZE, "splice %u", splice_cycle); snprintf(afl->stage_name_buf, STAGE_BUF_SIZE, "splice %u", splice_cycle);
if (afl->stage_name != afl->stage_name_buf) if (unlikely(afl->stage_name != afl->stage_name_buf))
afl->stage_name = afl->stage_name_buf; afl->stage_name = afl->stage_name_buf;
afl->stage_short = "splice"; afl->stage_short = "splice";
afl->stage_max = SPLICE_HAVOC * perf_score / afl->havoc_div / 100; afl->stage_max = SPLICE_HAVOC * perf_score / afl->havoc_div / 100;
@ -1727,7 +1729,8 @@ havoc_stage:
} }
switch (rand_below(afl, 15 + ((afl->extras_cnt + afl->a_extras_cnt) ? 2 : 0))) { switch (rand_below(
afl, 15 + ((afl->extras_cnt + afl->a_extras_cnt) ? 2 : 0))) {
case 0: case 0:
@ -1757,8 +1760,8 @@ havoc_stage:
} else { } else {
*(u16 *)(out_buf + rand_below(afl, temp_len - 1)) = *(u16 *)(out_buf + rand_below(afl, temp_len - 1)) = SWAP16(
SWAP16(interesting_16[rand_below(afl, sizeof(interesting_16) >> 1)]); interesting_16[rand_below(afl, sizeof(interesting_16) >> 1)]);
} }
@ -1777,8 +1780,8 @@ havoc_stage:
} else { } else {
*(u32 *)(out_buf + rand_below(afl, temp_len - 3)) = *(u32 *)(out_buf + rand_below(afl, temp_len - 3)) = SWAP32(
SWAP32(interesting_32[rand_below(afl, sizeof(interesting_32) >> 2)]); interesting_32[rand_below(afl, sizeof(interesting_32) >> 2)]);
} }
@ -1964,7 +1967,8 @@ havoc_stage:
memcpy(new_buf + clone_to, out_buf + clone_from, clone_len); memcpy(new_buf + clone_to, out_buf + clone_from, clone_len);
else else
memset(new_buf + clone_to, memset(new_buf + clone_to,
rand_below(afl, 2) ? rand_below(afl, 256) : out_buf[rand_below(afl, temp_len)], rand_below(afl, 2) ? rand_below(afl, 256)
: out_buf[rand_below(afl, temp_len)],
clone_len); clone_len);
/* Tail */ /* Tail */
@ -2001,7 +2005,8 @@ havoc_stage:
} else } else
memset(out_buf + copy_to, memset(out_buf + copy_to,
rand_below(afl, 2) ? rand_below(afl, 256) : out_buf[rand_below(afl, temp_len)], rand_below(afl, 2) ? rand_below(afl, 256)
: out_buf[rand_below(afl, temp_len)],
copy_len); copy_len);
break; break;
@ -2215,7 +2220,7 @@ retry_splicing:
fd = open(target->fname, O_RDONLY); fd = open(target->fname, O_RDONLY);
if (fd < 0) PFATAL("Unable to open '%s'", target->fname); if (unlikely(fd < 0)) PFATAL("Unable to open '%s'", target->fname);
new_buf = ck_alloc_nozero(target->len); new_buf = ck_alloc_nozero(target->len);
@ -2264,7 +2269,7 @@ retry_splicing:
radamsa_stage: radamsa_stage:
if (!afl->use_radamsa || !afl->radamsa_mutate_ptr) goto abandon_entry; if (likely(!afl->use_radamsa || !afl->radamsa_mutate_ptr)) goto abandon_entry;
afl->stage_name = "radamsa"; afl->stage_name = "radamsa";
afl->stage_short = "radamsa"; afl->stage_short = "radamsa";
@ -3596,7 +3601,8 @@ pacemaker_fuzzing:
afl->orig_hit_cnt_puppet = afl->queued_paths + afl->unique_crashes; afl->orig_hit_cnt_puppet = afl->queued_paths + afl->unique_crashes;
afl->last_limit_time_start = get_cur_time(); afl->last_limit_time_start = get_cur_time();
afl->SPLICE_CYCLES_puppet = afl->SPLICE_CYCLES_puppet =
(rand_below(afl, SPLICE_CYCLES_puppet_up - SPLICE_CYCLES_puppet_low + 1) + (rand_below(
afl, SPLICE_CYCLES_puppet_up - SPLICE_CYCLES_puppet_low + 1) +
SPLICE_CYCLES_puppet_low); SPLICE_CYCLES_puppet_low);
} }
@ -3701,8 +3707,10 @@ pacemaker_fuzzing:
break; break;
case 6: case 6:
out_buf[rand_below(afl, temp_len)] -= 1 + rand_below(afl, ARITH_MAX); out_buf[rand_below(afl, temp_len)] -=
out_buf[rand_below(afl, temp_len)] += 1 + rand_below(afl, ARITH_MAX); 1 + rand_below(afl, ARITH_MAX);
out_buf[rand_below(afl, temp_len)] +=
1 + rand_below(afl, ARITH_MAX);
MOpt_globals.cycles_v2[STAGE_ARITH8] += 1; MOpt_globals.cycles_v2[STAGE_ARITH8] += 1;
break; break;
@ -3791,12 +3799,14 @@ pacemaker_fuzzing:
if (rand_below(afl, 2)) { if (rand_below(afl, 2)) {
*(u16 *)(out_buf + rand_below(afl, temp_len - 1)) = *(u16 *)(out_buf + rand_below(afl, temp_len - 1)) =
interesting_16[rand_below(afl, sizeof(interesting_16) >> 1)]; interesting_16[rand_below(afl,
sizeof(interesting_16) >> 1)];
} else { } else {
*(u16 *)(out_buf + rand_below(afl, temp_len - 1)) = SWAP16( *(u16 *)(out_buf + rand_below(afl, temp_len - 1)) =
interesting_16[rand_below(afl, sizeof(interesting_16) >> 1)]); SWAP16(interesting_16[rand_below(
afl, sizeof(interesting_16) >> 1)]);
} }
@ -3811,12 +3821,14 @@ pacemaker_fuzzing:
if (rand_below(afl, 2)) { if (rand_below(afl, 2)) {
*(u32 *)(out_buf + rand_below(afl, temp_len - 3)) = *(u32 *)(out_buf + rand_below(afl, temp_len - 3)) =
interesting_32[rand_below(afl, sizeof(interesting_32) >> 2)]; interesting_32[rand_below(afl,
sizeof(interesting_32) >> 2)];
} else { } else {
*(u32 *)(out_buf + rand_below(afl, temp_len - 3)) = SWAP32( *(u32 *)(out_buf + rand_below(afl, temp_len - 3)) =
interesting_32[rand_below(afl, sizeof(interesting_32) >> 2)]); SWAP32(interesting_32[rand_below(
afl, sizeof(interesting_32) >> 2)]);
} }
@ -3895,7 +3907,9 @@ pacemaker_fuzzing:
memcpy(new_buf + clone_to, out_buf + clone_from, clone_len); memcpy(new_buf + clone_to, out_buf + clone_from, clone_len);
else else
memset(new_buf + clone_to, memset(new_buf + clone_to,
rand_below(afl, 2) ? rand_below(afl, 256) : out_buf[rand_below(afl, temp_len)], rand_below(afl, 2)
? rand_below(afl, 256)
: out_buf[rand_below(afl, temp_len)],
clone_len); clone_len);
/* Tail */ /* Tail */
@ -3933,7 +3947,8 @@ pacemaker_fuzzing:
} else } else
memset(out_buf + copy_to, memset(out_buf + copy_to,
rand_below(afl, 2) ? rand_below(afl, 256) : out_buf[rand_below(afl, temp_len)], rand_below(afl, 2) ? rand_below(afl, 256)
: out_buf[rand_below(afl, temp_len)],
copy_len); copy_len);
MOpt_globals.cycles_v2[STAGE_OverWrite75] += 1; MOpt_globals.cycles_v2[STAGE_OverWrite75] += 1;
break; break;
@ -4122,7 +4137,8 @@ pacemaker_fuzzing:
if (splice_cycle >= afl->SPLICE_CYCLES_puppet) if (splice_cycle >= afl->SPLICE_CYCLES_puppet)
afl->SPLICE_CYCLES_puppet = afl->SPLICE_CYCLES_puppet =
(rand_below(afl, SPLICE_CYCLES_puppet_up - SPLICE_CYCLES_puppet_low + 1) + (rand_below(
afl, SPLICE_CYCLES_puppet_up - SPLICE_CYCLES_puppet_low + 1) +
SPLICE_CYCLES_puppet_low); SPLICE_CYCLES_puppet_low);
afl->splicing_with = -1; afl->splicing_with = -1;

14
src/afl-fuzz-stats.c
View File

@ -361,9 +361,9 @@ void show_stats(afl_state_t *afl) {
/* Lord, forgive me this. */ /* Lord, forgive me this. */
SAYF(SET_G1 bSTG bLT bH bSTOP cCYA SAYF(SET_G1 bSTG bLT bH bSTOP cCYA
" process timing " bSTG bH30 bH5 bH bHB bH bSTOP cCYA " process timing " bSTG bH30 bH5 bH bHB bH bSTOP cCYA
" overall results " bSTG bH2 bH2 bRT "\n"); " overall results " bSTG bH2 bH2 bRT "\n");
if (afl->dumb_mode) { if (afl->dumb_mode) {
@ -446,9 +446,9 @@ void show_stats(afl_state_t *afl) {
" uniq hangs : " cRST "%-6s" bSTG bV "\n", " uniq hangs : " cRST "%-6s" bSTG bV "\n",
time_tmp, tmp); time_tmp, tmp);
SAYF(bVR bH bSTOP cCYA SAYF(bVR bH bSTOP cCYA
" cycle progress " bSTG bH10 bH5 bH2 bH2 bHB bH bSTOP cCYA " cycle progress " bSTG bH10 bH5 bH2 bH2 bHB bH bSTOP cCYA
" map coverage " bSTG bH bHT bH20 bH2 bVL "\n"); " map coverage " bSTG bH bHT bH20 bH2 bVL "\n");
/* This gets funny because we want to print several variable-length variables /* This gets funny because we want to print several variable-length variables
together, but then cram them into a fixed-width field - so we need to together, but then cram them into a fixed-width field - so we need to
@ -477,9 +477,9 @@ void show_stats(afl_state_t *afl) {
SAYF(bSTOP " count coverage : " cRST "%-21s" bSTG bV "\n", tmp); SAYF(bSTOP " count coverage : " cRST "%-21s" bSTG bV "\n", tmp);
SAYF(bVR bH bSTOP cCYA SAYF(bVR bH bSTOP cCYA
" stage progress " bSTG bH10 bH5 bH2 bH2 bX bH bSTOP cCYA " stage progress " bSTG bH10 bH5 bH2 bH2 bX bH bSTOP cCYA
" findings in depth " bSTG bH10 bH5 bH2 bH2 bVL "\n"); " findings in depth " bSTG bH10 bH5 bH2 bH2 bVL "\n");
sprintf(tmp, "%s (%0.02f%%)", stringify_int(IB(0), afl->queued_favored), sprintf(tmp, "%s (%0.02f%%)", stringify_int(IB(0), afl->queued_favored),
((double)afl->queued_favored) * 100 / afl->queued_paths); ((double)afl->queued_favored) * 100 / afl->queued_paths);
@ -556,7 +556,7 @@ void show_stats(afl_state_t *afl) {
/* Aaaalmost there... hold on! */ /* Aaaalmost there... hold on! */
SAYF(bVR bH cCYA bSTOP SAYF(bVR bH cCYA bSTOP
" fuzzing strategy yields " bSTG bH10 bHT bH10 bH5 bHB bH bSTOP cCYA " fuzzing strategy yields " bSTG bH10 bHT bH10 bH5 bHB bH bSTOP cCYA
" path geometry " bSTG bH5 bH2 bVL "\n"); " path geometry " bSTG bH5 bH2 bVL "\n");

4
src/afl-fuzz.c
View File

@ -1051,7 +1051,7 @@ int main(int argc, char **argv_orig, char **envp) {
} }
//show_stats(afl); // show_stats(afl);
if (unlikely(afl->not_on_tty)) { if (unlikely(afl->not_on_tty)) {
@ -1124,7 +1124,7 @@ int main(int argc, char **argv_orig, char **envp) {
} }
//if (afl->queue_cur) show_stats(afl); // if (afl->queue_cur) show_stats(afl);
/* /*
* ATTENTION - the following 10 lines were copied from a PR to Google's afl * ATTENTION - the following 10 lines were copied from a PR to Google's afl