/*
|
*
|
* honggfuzz - display statistics
|
* -----------------------------------------
|
*
|
* Author: Robert Swiecki <swiecki@google.com>
|
*
|
* Copyright 2010-2018 by Google Inc. All Rights Reserved.
|
*
|
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
* not use this file except in compliance with the License. You may obtain
|
* a copy of the License at
|
*
|
* http://www.apache.org/licenses/LICENSE-2.0
|
*
|
* Unless required by applicable law or agreed to in writing, software
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
* implied. See the License for the specific language governing
|
* permissions and limitations under the License.
|
*
|
*/
|
|
#define _WITH_DPRINTF
|
|
#include "display.h"
|
|
#include <inttypes.h>
|
#include <math.h>
|
#include <stdarg.h>
|
#include <stdio.h>
|
#include <stdlib.h>
|
#include <string.h>
|
#include <unistd.h>
|
|
#include "libhfcommon/common.h"
|
#include "libhfcommon/log.h"
|
#include "libhfcommon/util.h"
|
|
#define ESC_CLEAR_ALL "\033[2J"
|
#define ESC_CLEAR_LINE "\033[2K"
|
#define ESC_CLEAR_ABOVE "\033[1J"
|
#define ESC_TERM_RESET "\033c"
|
#define ESC_NAV(x, y) "\033[" #x ";" #y "H"
|
#define ESC_BOLD "\033[1m"
|
#define ESC_RED "\033[31m"
|
#define ESC_RESET "\033[0m"
|
#define ESC_SCROLL_REGION(x, y) "\033[" #x ";" #y "r"
|
#define ESC_SCROLL_DISABLE "\033[?7h"
|
#define ESC_SCROLL_RESET "\033[r"
|
#define ESC_NAV_DOWN(x) "\033[" #x "B"
|
#define ESC_NAV_HORIZ(x) "\033[" #x "G"
|
#define ESC_RESET_SETTINGS "\033[!p"
|
|
/* printf() nonmonetary separator. According to MacOSX's man it's supported there as well */
|
#define _HF_NONMON_SEP "'"
|
|
__attribute__((format(printf, 1, 2))) static void display_put(const char* fmt, ...) {
|
va_list args;
|
va_start(args, fmt);
|
vdprintf(logFd(), fmt, args);
|
va_end(args);
|
}
|
|
static void display_printKMG(uint64_t val) {
|
if (val >= 1000000000UL) {
|
display_put(" [%.02LfG]", (long double)val / 1000000000.0L);
|
} else if (val >= 1000000UL) {
|
display_put(" [%.02LfM]", (long double)val / 1000000.0L);
|
} else if (val >= 1000UL) {
|
display_put(" [%.02Lfk]", (long double)val / 1000.0L);
|
}
|
}
|
|
static unsigned getCpuUse(int numCpus) {
|
static uint64_t prevUserT = 0UL;
|
static uint64_t prevNiceT = 0UL;
|
static uint64_t prevSystemT = 0UL;
|
static uint64_t prevIdleT = 0UL;
|
|
FILE* f = fopen("/proc/stat", "re");
|
if (f == NULL) {
|
return 0;
|
}
|
defer {
|
fclose(f);
|
};
|
uint64_t userT, niceT, systemT, idleT;
|
if (fscanf(f, "cpu %" PRIu64 "%" PRIu64 "%" PRIu64 "%" PRIu64, &userT, &niceT, &systemT,
|
&idleT) != 4) {
|
LOG_W("fscanf('/proc/stat') != 4");
|
return 0;
|
}
|
|
uint64_t userCycles = (userT - prevUserT);
|
uint64_t niceCycles = (niceT - prevNiceT);
|
uint64_t systemCycles = (systemT - prevSystemT);
|
uint64_t idleCycles = (idleT - prevIdleT);
|
|
prevUserT = userT;
|
prevNiceT = niceT;
|
prevSystemT = systemT;
|
prevIdleT = idleT;
|
|
uint64_t allCycles = userCycles + niceCycles + systemCycles + idleCycles;
|
if (allCycles == 0) {
|
return 0;
|
}
|
|
return ((userCycles + niceCycles + systemCycles) * numCpus * 100) / (allCycles);
|
}
|
|
static void getDuration(time_t elapsed_second, char* buf, size_t bufSz) {
|
if (elapsed_second < 0) {
|
snprintf(buf, bufSz, "----");
|
return;
|
}
|
|
unsigned int day, hour, min, second;
|
day = elapsed_second / 24 / 3600;
|
elapsed_second = elapsed_second - day * 24 * 3600;
|
hour = elapsed_second / 3600;
|
min = (elapsed_second - 3600 * hour) / 60;
|
second = elapsed_second - hour * 3600 - min * 60;
|
snprintf(buf, bufSz, "%u days %02u hrs %02u mins %02u secs", day, hour, min, second);
|
}
|
|
static void display_displayLocked(honggfuzz_t* hfuzz) {
|
const time_t curr_sec = time(NULL);
|
const time_t elapsed_sec = curr_sec - hfuzz->timing.timeStart;
|
const int64_t curr_time_millis = util_timeNowMillis();
|
const int64_t elapsed_millis = curr_time_millis - hfuzz->display.lastDisplayMillis;
|
hfuzz->display.lastDisplayMillis = curr_time_millis;
|
|
char lastCovStr[64];
|
getDuration(curr_sec - ATOMIC_GET(hfuzz->timing.lastCovUpdate), lastCovStr, sizeof(lastCovStr));
|
char timeStr[64];
|
if (ATOMIC_GET(hfuzz->timing.runEndTime)) {
|
getDuration(ATOMIC_GET(hfuzz->timing.runEndTime) - curr_sec, timeStr, sizeof(timeStr));
|
} else {
|
getDuration(elapsed_sec, timeStr, sizeof(timeStr));
|
}
|
|
size_t curr_exec_cnt = ATOMIC_GET(hfuzz->cnts.mutationsCnt);
|
/*
|
* We increase the mutation counter unconditionally in threads, but if it's
|
* above hfuzz->mutationsMax we don't really execute the fuzzing loop.
|
* Therefore at the end of fuzzing, the mutation counter might be higher
|
* than hfuzz->mutationsMax
|
*/
|
if (hfuzz->mutate.mutationsMax > 0 && curr_exec_cnt > hfuzz->mutate.mutationsMax) {
|
curr_exec_cnt = hfuzz->mutate.mutationsMax;
|
}
|
int exeProgress = 0;
|
if (hfuzz->mutate.mutationsMax > 0) {
|
exeProgress = (curr_exec_cnt * 100) / hfuzz->mutate.mutationsMax;
|
}
|
|
static size_t prev_exec_cnt = 0UL;
|
size_t exec_per_millis =
|
elapsed_millis ? ((curr_exec_cnt - prev_exec_cnt) * 1000) / elapsed_millis : 0;
|
prev_exec_cnt = curr_exec_cnt;
|
|
display_put(ESC_NAV(13, 1) ESC_CLEAR_ABOVE ESC_NAV(1, 1));
|
display_put("------------------------[" ESC_BOLD "%31s " ESC_RESET "]----------------------\n",
|
timeStr);
|
display_put(" Iterations : " ESC_BOLD "%" _HF_NONMON_SEP "zu" ESC_RESET, curr_exec_cnt);
|
display_printKMG(curr_exec_cnt);
|
if (hfuzz->mutate.mutationsMax) {
|
display_put(" (out of: " ESC_BOLD "%" _HF_NONMON_SEP "zu" ESC_RESET " [%d%%])",
|
hfuzz->mutate.mutationsMax, exeProgress);
|
}
|
switch (ATOMIC_GET(hfuzz->feedback.state)) {
|
case _HF_STATE_STATIC:
|
display_put("\n Mode : " ESC_BOLD "Static" ESC_RESET "\n");
|
break;
|
case _HF_STATE_DYNAMIC_DRY_RUN:
|
display_put("\n Mode [1/2] : " ESC_BOLD "Feedback Driven Dry Run" ESC_RESET "\n");
|
break;
|
case _HF_STATE_DYNAMIC_MAIN:
|
display_put("\n Mode [2/2] : " ESC_BOLD "Feedback Driven Mode" ESC_RESET "\n");
|
break;
|
default:
|
display_put("\n Mode : " ESC_BOLD "Unknown" ESC_RESET "\n");
|
break;
|
}
|
display_put(" Target : " ESC_BOLD "%s" ESC_RESET "\n", hfuzz->display.cmdline_txt);
|
|
static long num_cpu = 0;
|
if (num_cpu == 0) {
|
num_cpu = sysconf(_SC_NPROCESSORS_ONLN);
|
}
|
if (num_cpu <= 0) {
|
num_cpu = 1;
|
}
|
unsigned cpuUse = getCpuUse(num_cpu);
|
display_put(" Threads : " ESC_BOLD "%zu" ESC_RESET ", CPUs: " ESC_BOLD "%ld" ESC_RESET
|
", CPU%%: " ESC_BOLD "%u" ESC_RESET "%% [" ESC_BOLD "%lu" ESC_RESET "%%/CPU]\n",
|
hfuzz->threads.threadsMax, num_cpu, cpuUse, cpuUse / num_cpu);
|
|
size_t tot_exec_per_sec = elapsed_sec ? (curr_exec_cnt / elapsed_sec) : 0;
|
display_put(" Speed : " ESC_BOLD "%" _HF_NONMON_SEP "zu" ESC_RESET "/sec [avg: " ESC_BOLD
|
"%" _HF_NONMON_SEP "zu" ESC_RESET "]\n",
|
exec_per_millis, tot_exec_per_sec);
|
|
uint64_t crashesCnt = ATOMIC_GET(hfuzz->cnts.crashesCnt);
|
/* colored the crash count as red when exist crash */
|
display_put(" Crashes : " ESC_BOLD "%s"
|
"%zu" ESC_RESET " [unique: %s" ESC_BOLD "%zu" ESC_RESET ", blacklist: " ESC_BOLD
|
"%zu" ESC_RESET ", verified: " ESC_BOLD "%zu" ESC_RESET "]\n",
|
crashesCnt > 0 ? ESC_RED : "", hfuzz->cnts.crashesCnt, crashesCnt > 0 ? ESC_RED : "",
|
ATOMIC_GET(hfuzz->cnts.uniqueCrashesCnt), ATOMIC_GET(hfuzz->cnts.blCrashesCnt),
|
ATOMIC_GET(hfuzz->cnts.verifiedCrashesCnt));
|
display_put(" Timeouts : " ESC_BOLD "%" _HF_NONMON_SEP "zu" ESC_RESET " [%lu sec]\n",
|
ATOMIC_GET(hfuzz->cnts.timeoutedCnt), (unsigned long)hfuzz->timing.tmOut);
|
/* Feedback data sources. Common headers. */
|
display_put(" Corpus Size : " ESC_BOLD "%" _HF_NONMON_SEP "zu" ESC_RESET ", max: " ESC_BOLD
|
"%" _HF_NONMON_SEP "zu" ESC_RESET " bytes, init: " ESC_BOLD "%" _HF_NONMON_SEP
|
"zu" ESC_RESET " files\n",
|
hfuzz->io.dynfileqCnt, hfuzz->mutate.maxFileSz, ATOMIC_GET(hfuzz->io.fileCnt));
|
display_put(" Cov Update : " ESC_BOLD "%s" ESC_RESET " ago\n" ESC_RESET, lastCovStr);
|
display_put(" Coverage :");
|
|
/* HW perf specific counters */
|
if (hfuzz->feedback.dynFileMethod == 0) {
|
display_put(" [none]");
|
}
|
if (hfuzz->feedback.dynFileMethod & _HF_DYNFILE_INSTR_COUNT) {
|
display_put(" hwi: " ESC_BOLD "%" _HF_NONMON_SEP PRIu64 ESC_RESET,
|
ATOMIC_GET(hfuzz->linux.hwCnts.cpuInstrCnt));
|
}
|
if (hfuzz->feedback.dynFileMethod & _HF_DYNFILE_BRANCH_COUNT) {
|
display_put(" hwb: " ESC_BOLD "%" _HF_NONMON_SEP PRIu64 ESC_RESET,
|
ATOMIC_GET(hfuzz->linux.hwCnts.cpuBranchCnt));
|
}
|
if (hfuzz->feedback.dynFileMethod & _HF_DYNFILE_BTS_EDGE) {
|
display_put(" bts: " ESC_BOLD "%" _HF_NONMON_SEP PRIu64 ESC_RESET,
|
ATOMIC_GET(hfuzz->linux.hwCnts.bbCnt));
|
}
|
if (hfuzz->feedback.dynFileMethod & _HF_DYNFILE_IPT_BLOCK) {
|
display_put(" ipt: " ESC_BOLD "%" _HF_NONMON_SEP PRIu64 ESC_RESET,
|
ATOMIC_GET(hfuzz->linux.hwCnts.bbCnt));
|
}
|
if (hfuzz->feedback.dynFileMethod & _HF_DYNFILE_SOFT) {
|
uint64_t softCntPc = ATOMIC_GET(hfuzz->linux.hwCnts.softCntPc);
|
uint64_t softCntEdge = ATOMIC_GET(hfuzz->linux.hwCnts.softCntEdge);
|
uint64_t softCntCmp = ATOMIC_GET(hfuzz->linux.hwCnts.softCntCmp);
|
display_put(" edge: " ESC_BOLD "%" _HF_NONMON_SEP PRIu64 ESC_RESET, softCntEdge);
|
display_put(" pc: " ESC_BOLD "%" _HF_NONMON_SEP PRIu64 ESC_RESET, softCntPc);
|
display_put(" cmp: " ESC_BOLD "%" _HF_NONMON_SEP PRIu64 ESC_RESET, softCntCmp);
|
}
|
|
display_put("\n---------------------------------- [ " ESC_BOLD "LOGS" ESC_RESET
|
" ] ------------------/ " ESC_BOLD "%s %s " ESC_RESET "/-",
|
PROG_NAME, PROG_VERSION);
|
display_put(ESC_SCROLL_REGION(13, ) ESC_NAV_HORIZ(1) ESC_NAV_DOWN(500));
|
}
|
|
void display_createTargetStr(honggfuzz_t* hfuzz) {
|
if (!hfuzz->exe.cmdline[0]) {
|
LOG_W("Your fuzzed binary is not specified");
|
snprintf(hfuzz->display.cmdline_txt, sizeof(hfuzz->display.cmdline_txt), "[EMPTY]");
|
return;
|
}
|
|
static char tmpstr[1024 * 128] = {0};
|
snprintf(tmpstr, sizeof(tmpstr), "%s", hfuzz->exe.cmdline[0]);
|
for (int i = 1; i < hfuzz->exe.argc; i++) {
|
util_ssnprintf(tmpstr, sizeof(tmpstr), " %s", hfuzz->exe.cmdline[i]);
|
}
|
|
size_t len = strlen(tmpstr);
|
if (len <= (sizeof(hfuzz->display.cmdline_txt) - 1)) {
|
snprintf(hfuzz->display.cmdline_txt, sizeof(hfuzz->display.cmdline_txt), "%s", tmpstr);
|
return;
|
}
|
|
snprintf(hfuzz->display.cmdline_txt, sizeof(hfuzz->display.cmdline_txt), "%.32s.....%s", tmpstr,
|
&tmpstr[len - 27]);
|
}
|
|
void display_display(honggfuzz_t* hfuzz) {
|
if (logIsTTY() == false) {
|
return;
|
}
|
MX_SCOPED_LOCK(logMutexGet());
|
display_displayLocked(hfuzz);
|
}
|
|
void display_fini(void) {
|
display_put(ESC_SCROLL_RESET ESC_NAV_DOWN(500));
|
}
|
|
void display_init(void) {
|
atexit(display_fini);
|
display_put(ESC_CLEAR_ALL);
|
display_put(ESC_NAV_DOWN(500));
|
}
|
