diff options
| -rw-r--r-- | GNUmakefile | 50 | ||||
| -rw-r--r-- | src/afl-fuzz-run.c | 24 | ||||
| -rw-r--r-- | src/afl-fuzz.c | 11 |
3 files changed, 60 insertions, 25 deletions
diff --git a/GNUmakefile b/GNUmakefile index de89c836..785aacd8 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -52,12 +52,28 @@ endif ifneq "$(shell uname)" "Darwin" ifeq "$(shell echo 'int main() {return 0; }' | $(CC) $(CFLAGS) -Werror -x c - -march=native -o .test 2>/dev/null && echo 1 || echo 0 ; rm -f .test )" "1" - CFLAGS_OPT = -march=native + CFLAGS_OPT += -march=native endif # OS X does not like _FORTIFY_SOURCE=2 CFLAGS_OPT += -D_FORTIFY_SOURCE=2 endif +ifdef STATIC + $(info Compiling static version of binaries) + # Disable python for static compilation to simplify things + PYTHON_OK=0 + PYFLAGS= + + CFLAGS_OPT += -static + LDFLAGS += -lm -lpthread -lz -lutil +endif + +ifdef PROFILING + $(info Compiling with profiling information, for analysis: gprof ./afl-fuzz gmon.out > prof.txt) + CFLAGS_OPT += -pg -DPROFILING=1 + LDFLAGS += -pg +endif + ifneq "$(shell uname -m)" "x86_64" ifneq "$(patsubst i%86,i386,$(shell uname -m))" "i386" ifneq "$(shell uname -m)" "amd64" @@ -142,23 +158,23 @@ else endif ifneq "$(filter Linux GNU%,$(shell uname))" "" - LDFLAGS += -ldl + LDFLAGS += -ldl endif ifneq "$(findstring FreeBSD, $(shell uname))" "" - CFLAGS += -pthread - LDFLAGS += -lpthread + CFLAGS += -pthread + LDFLAGS += -lpthread endif ifneq "$(findstring NetBSD, $(shell uname))" "" - CFLAGS += -pthread - LDFLAGS += -lpthread + CFLAGS += -pthread + LDFLAGS += -lpthread endif ifeq "$(findstring clang, $(shell $(CC) --version 2>/dev/null))" "" - TEST_CC = afl-gcc + TEST_CC = afl-gcc else - TEST_CC = afl-clang + TEST_CC = afl-clang endif COMM_HDR = include/alloc-inl.h include/config.h include/debug.h include/types.h @@ -184,18 +200,8 @@ ifeq "$(shell svn proplist . 2>/dev/null && echo 1 || echo 0)" "1" IN_REPO=1 endif -ifdef STATIC - $(info Compiling static version of binaries) - # Disable python for static compilation to simplify things - PYTHON_OK=0 - PYFLAGS= - - CFLAGS += -static - LDFLAGS += -lm -lpthread -lz -lutil -endif - ASAN_CFLAGS=-fsanitize=address -fstack-protector-all -fno-omit-frame-pointer -ASAN_LDFLAGS+=-fsanitize=address -fstack-protector-all -fno-omit-frame-pointer +ASAN_LDFLAGS=-fsanitize=address -fstack-protector-all -fno-omit-frame-pointer ifdef ASAN_BUILD $(info Compiling ASAN version of binaries) @@ -203,12 +209,6 @@ ifdef ASAN_BUILD LDFLAGS+=$(ASAN_LDFLAGS) endif -ifdef PROFILING - $(info Compiling with profiling information, for analysis: gprof ./afl-fuzz gmon.out > prof.txt) - CFLAGS+=-pg - LDFLAGS+=-pg -endif - ifeq "$(shell echo '$(HASH)include <sys/ipc.h>@$(HASH)include <sys/shm.h>@int main() { int _id = shmget(IPC_PRIVATE, 65536, IPC_CREAT | IPC_EXCL | 0600); shmctl(_id, IPC_RMID, 0); return 0;}' | tr @ '\n' | $(CC) $(CFLAGS) -x c - -o .test2 2>/dev/null && echo 1 || echo 0 ; rm -f .test2 )" "1" SHMAT_OK=1 else diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c index 692026d4..b7f7f29c 100644 --- a/src/afl-fuzz-run.c +++ b/src/afl-fuzz-run.c @@ -30,13 +30,37 @@ #include "cmplog.h" +#ifdef PROFILING +u64 time_spent_working = 0; +#endif + /* Execute target application, monitoring for timeouts. Return status information. The called program will update afl->fsrv->trace_bits. */ fsrv_run_result_t fuzz_run_target(afl_state_t *afl, afl_forkserver_t *fsrv, u32 timeout) { +#ifdef PROFILING + static u64 time_spent_start = 0; + struct timespec spec; + if (time_spent_start) { + + u64 current; + clock_gettime(CLOCK_REALTIME, &spec); + current = (spec.tv_sec * 1000000000) + spec.tv_nsec; + time_spent_working += (current - time_spent_start); + + } + +#endif + fsrv_run_result_t res = afl_fsrv_run_target(fsrv, timeout, &afl->stop_soon); + +#ifdef PROFILING + clock_gettime(CLOCK_REALTIME, &spec); + time_spent_start = (spec.tv_sec * 1000000000) + spec.tv_nsec; +#endif + // TODO: Don't classify for faults? classify_counts(fsrv); return res; diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 5920f5c0..64973260 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -27,6 +27,10 @@ #include "cmplog.h" #include <limits.h> +#ifdef PROFILING +extern u64 time_spent_working; +#endif + static u8 *get_libradamsa_path(u8 *own_loc) { u8 *tmp, *cp, *rsl, *own_copy; @@ -1351,6 +1355,13 @@ stop_fuzzing: } +#ifdef PROFILING + SAYF(cYEL "[!] " cRST + "Profiling information: %llu ms total work, %llu ns/run\n", + time_spent_working / 1000000, + time_spent_working / afl->fsrv.total_execs); +#endif + fclose(afl->fsrv.plot_file); destroy_queue(afl); destroy_extras(afl); |