diff options
| author | Cornelius Aschermann <eqv@fb.com> | 2024-05-15 17:09:05 -0700 |
|---|---|---|
| committer | Cornelius Aschermann <eqv@fb.com> | 2024-05-17 14:33:32 -0700 |
| commit | 6dd5e931fcd50908ff3c02f31e49f8cd751eaff3 (patch) | |
| tree | 8a0aca06702fd8cac1ca78ebe0148709740184cf /src | |
| parent | 1db3b81d2eb855167dcf65734f8833a2329609da (diff) | |
| download | afl++-6dd5e931fcd50908ff3c02f31e49f8cd751eaff3.tar.gz | |
Fix runtime underflow & -V exiting before syncing
print_stats sets exit_soon even while syncing, this leaves -V 0 still broken, as we don't finish syncing. Additionally, the change that introduced the previous -V fix also broke the runtime tracking, as runtime needs to include all time including sync, splice etc. This caused an underflow in the reported runtime.
Diffstat (limited to 'src')
| -rw-r--r-- | src/afl-fuzz-run.c | 1 | ||||
| -rw-r--r-- | src/afl-fuzz-stats.c | 27 | ||||
| -rw-r--r-- | src/afl-fuzz.c | 11 |
3 files changed, 13 insertions, 26 deletions
diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c index 2a55da00..bfd35e5c 100644 --- a/src/afl-fuzz-run.c +++ b/src/afl-fuzz-run.c @@ -1193,4 +1193,3 @@ common_fuzz_stuff(afl_state_t *afl, u8 *out_buf, u32 len) { return 0; } - diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c index 755e1c50..ffe56cde 100644 --- a/src/afl-fuzz-stats.c +++ b/src/afl-fuzz-stats.c @@ -321,8 +321,9 @@ void write_stats_file(afl_state_t *afl, u32 t_bytes, double bitmap_cvg, #ifndef __HAIKU__ if (getrusage(RUSAGE_CHILDREN, &rus)) { rus.ru_maxrss = 0; } #endif - u64 runtime = afl->prev_run_time + cur_time - afl->start_time; - if (!runtime) { runtime = 1; } + u64 runtime_ms = afl->prev_run_time + cur_time - afl->start_time; + u64 overhead_ms = (afl->calibration_time_us + afl->sync_time_us + afl->trim_time_us) / 1000; + if (!runtime_ms) { runtime_ms = 1; } fprintf( f, @@ -375,20 +376,17 @@ void write_stats_file(afl_state_t *afl, u32 t_bytes, double bitmap_cvg, "target_mode : %s%s%s%s%s%s%s%s%s%s\n" "command_line : %s\n", (afl->start_time /*- afl->prev_run_time*/) / 1000, cur_time / 1000, - runtime / 1000, (u32)getpid(), + runtime_ms / 1000, (u32)getpid(), afl->queue_cycle ? (afl->queue_cycle - 1) : 0, afl->cycles_wo_finds, afl->longest_find_time > cur_time - afl->last_find_time ? afl->longest_find_time / 1000 : ((afl->start_time == 0 || afl->last_find_time == 0) ? 0 : (cur_time - afl->last_find_time) / 1000), - (runtime - - ((afl->calibration_time_us + afl->sync_time_us + afl->trim_time_us) / - 1000)) / - 1000, + (runtime_ms - MIN(runtime_ms, overhead_ms)) / 1000, afl->calibration_time_us / 1000000, afl->sync_time_us / 1000000, afl->trim_time_us / 1000000, afl->fsrv.total_execs, - afl->fsrv.total_execs / ((double)(runtime) / 1000), + afl->fsrv.total_execs / ((double)(runtime_ms) / 1000), afl->last_avg_execs_saved, afl->queued_items, afl->queued_favored, afl->queued_discovered, afl->queued_imported, afl->queued_variable, afl->max_depth, afl->current_entry, afl->pending_favored, @@ -632,9 +630,9 @@ void show_stats_normal(afl_state_t *afl) { cur_ms = get_cur_time(); - if (afl->most_time_key) { + if (afl->most_time_key && afl->queue_cycle) { - if (afl->most_time * 1000 < cur_ms - afl->start_time) { + if (afl->most_time * 1000 + afl->sync_time_us / 1000 < cur_ms - afl->start_time) { afl->most_time_key = 2; afl->stop_soon = 2; @@ -643,7 +641,7 @@ void show_stats_normal(afl_state_t *afl) { } - if (afl->most_execs_key == 1) { + if (afl->most_execs_key == 1 && afl->queue_cycle) { if (afl->most_execs <= afl->fsrv.total_execs) { @@ -1462,9 +1460,9 @@ void show_stats_pizza(afl_state_t *afl) { cur_ms = get_cur_time(); - if (afl->most_time_key) { + if (afl->most_time_key && afl->queue_cycle) { - if (afl->most_time * 1000 < cur_ms - afl->start_time) { + if (afl->most_time * 1000 + afl->sync_time_us / 1000 < cur_ms - afl->start_time) { afl->most_time_key = 2; afl->stop_soon = 2; @@ -1473,7 +1471,7 @@ void show_stats_pizza(afl_state_t *afl) { } - if (afl->most_execs_key == 1) { + if (afl->most_execs_key == 1 && afl->queue_cycle) { if (afl->most_execs <= afl->fsrv.total_execs) { @@ -2505,4 +2503,3 @@ void update_sync_time(afl_state_t *afl, u64 *time) { *time = cur; } - diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 1f0037ba..cf3940f1 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -1806,7 +1806,7 @@ int main(int argc, char **argv_orig, char **envp) { afl->fsrv.use_fauxsrv = afl->non_instrumented_mode == 1 || afl->no_forkserver; afl->fsrv.max_length = afl->max_length; - + #ifdef __linux__ if (!afl->fsrv.nyx_mode) { @@ -2593,14 +2593,6 @@ int main(int argc, char **argv_orig, char **envp) { } sync_fuzzers(afl); - - if (!afl->queue_cycle && afl->afl_env.afl_import_first) { - - // real start time, we reset, so this works correctly with -V - afl->start_time = get_cur_time(); - - } - } ++afl->queue_cycle; @@ -3115,4 +3107,3 @@ stop_fuzzing: } #endif /* !AFL_LIB */ - |