1 /*
2  *
3  * honggfuzz - display statistics
4  * -----------------------------------------
5  *
6  * Author: Robert Swiecki <swiecki@google.com>
7  *
8  * Copyright 2010-2015 by Google Inc. All Rights Reserved.
9  *
10  * Licensed under the Apache License, Version 2.0 (the "License"); you may
11  * not use this file except in compliance with the License. You may obtain
12  * a copy of the License at
13  *
14  * http://www.apache.org/licenses/LICENSE-2.0
15  *
16  * Unless required by applicable law or agreed to in writing, software
17  * distributed under the License is distributed on an "AS IS" BASIS,
18  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
19  * implied. See the License for the specific language governing
20  * permissions and limitations under the License.
21  *
22  */
23 
24 #define _WITH_DPRINTF
25 
26 #include "common.h"
27 #include "display.h"
28 
29 #include <string.h>
30 #include <stdarg.h>
31 #include <stdio.h>
32 #include <unistd.h>
33 #include <inttypes.h>
34 
35 #include "log.h"
36 #include "util.h"
37 
38 #define ESC_CLEAR "\033[H\033[2J"
39 #define ESC_NAV(x,y) "\033["#x";"#y"H"
40 #define ESC_BOLD "\033[1m"
41 #define ESC_RESET "\033[0m"
42 
display_put(const char * fmt,...)43 static void display_put(const char *fmt, ...)
44 {
45     char buf[1024 * 4];
46 
47     va_list args;
48     va_start(args, fmt);
49     int ret = vsnprintf(buf, sizeof(buf), fmt, args);
50     va_end(args);
51 
52     if (ret <= 0) {
53         return;
54     }
55     if (write(STDOUT_FILENO, buf, ret) == -1) {
56         return;
57     }
58 }
59 
display_displayLocked(honggfuzz_t * hfuzz)60 static void display_displayLocked(honggfuzz_t * hfuzz)
61 {
62     unsigned long elapsed = (unsigned long)(time(NULL) - hfuzz->timeStart);
63 
64     size_t curr_exec_cnt = __sync_fetch_and_add(&hfuzz->mutationsCnt, 0UL);
65     /*
66      * We increase the mutation counter unconditionally in threads, but if it's
67      * above hfuzz->mutationsMax we don't really execute the fuzzing loop.
68      * Therefore at the end of fuzzing, the mutation counter might be higher
69      * than hfuzz->mutationsMax
70      */
71     if (hfuzz->mutationsMax > 0 && curr_exec_cnt > hfuzz->mutationsMax) {
72         curr_exec_cnt = hfuzz->mutationsMax;
73     }
74     static size_t prev_exec_cnt = 0UL;
75     uintptr_t exec_per_sec = curr_exec_cnt - prev_exec_cnt;
76     prev_exec_cnt = curr_exec_cnt;
77 
78     display_put("%s", ESC_CLEAR);
79     display_put("============================== STAT ==============================\n");
80 
81     display_put("Iterations: " ESC_BOLD "%zu" ESC_RESET, curr_exec_cnt);
82     if (hfuzz->mutationsMax) {
83         display_put(" (out of: " ESC_BOLD "%zu" ESC_RESET ")", hfuzz->mutationsMax);
84     }
85     display_put("\n");
86 
87     char start_time_str[128];
88     util_getLocalTime("%F %T", start_time_str, sizeof(start_time_str), hfuzz->timeStart);
89     display_put("Start time: " ESC_BOLD "%s" ESC_RESET " (" ESC_BOLD "%lu"
90                 ESC_RESET " seconds elapsed)\n", start_time_str, elapsed);
91 
92     display_put("Input file/dir: '" ESC_BOLD "%s" ESC_RESET "'\n", hfuzz->inputFile);
93     display_put("Fuzzed cmd: '" ESC_BOLD "%s" ESC_RESET "'\n", hfuzz->cmdline_txt);
94     if (hfuzz->pid > 0) {
95         display_put("Remote cmd [" ESC_BOLD "%d" ESC_RESET "]: '" ESC_BOLD "%s" ESC_RESET "'\n",
96                     hfuzz->pid, hfuzz->pidCmd);
97     }
98 
99     display_put("Fuzzing threads: " ESC_BOLD "%zu" ESC_RESET "\n", hfuzz->threadsMax);
100     display_put("Execs per second: " ESC_BOLD "%zu" ESC_RESET " (avg: " ESC_BOLD "%zu" ESC_RESET
101                 ")\n", exec_per_sec, elapsed ? (curr_exec_cnt / elapsed) : 0);
102 
103     /* If dry run, print also the input file count */
104     if (hfuzz->origFlipRate == 0.0L && hfuzz->useVerifier) {
105         display_put("Input Files: '" ESC_BOLD "%zu" ESC_RESET "'\n", hfuzz->fileCnt);
106     }
107 
108     display_put("Crashes: " ESC_BOLD "%zu" ESC_RESET " (unique: " ESC_BOLD "%zu" ESC_RESET
109                 ", blacklist: " ESC_BOLD "%zu" ESC_RESET ", verified: " ESC_BOLD "%zu" ESC_RESET
110                 ") \n", __sync_fetch_and_add(&hfuzz->crashesCnt, 0UL),
111                 __sync_fetch_and_add(&hfuzz->uniqueCrashesCnt, 0UL),
112                 __sync_fetch_and_add(&hfuzz->blCrashesCnt, 0UL),
113                 __sync_fetch_and_add(&hfuzz->verifiedCrashesCnt, 0UL));
114     display_put("Timeouts: " ESC_BOLD "%zu" ESC_RESET "\n",
115                 __sync_fetch_and_add(&hfuzz->timeoutedCnt, 0UL));
116 
117     /* Feedback data sources are enabled. Start with common headers. */
118     if (hfuzz->dynFileMethod != _HF_DYNFILE_NONE || hfuzz->useSanCov) {
119         display_put("Number of dynamic files: " ESC_BOLD "%zu" ESC_RESET "\n", hfuzz->dynfileqCnt);
120         display_put("Coverage (max):\n");
121     }
122 
123     /* HW perf specific counters */
124     if (hfuzz->dynFileMethod & _HF_DYNFILE_INSTR_COUNT) {
125         display_put("  - cpu instructions:      " ESC_BOLD "%" PRIu64 ESC_RESET "\n",
126                     __sync_fetch_and_add(&hfuzz->hwCnts.cpuInstrCnt, 0UL));
127     }
128     if (hfuzz->dynFileMethod & _HF_DYNFILE_BRANCH_COUNT) {
129         display_put("  - cpu branches:          " ESC_BOLD "%" PRIu64 ESC_RESET "\n",
130                     __sync_fetch_and_add(&hfuzz->hwCnts.cpuBranchCnt, 0UL));
131     }
132     if (hfuzz->dynFileMethod & _HF_DYNFILE_BTS_BLOCK) {
133         display_put("  - BTS unique blocks: " ESC_BOLD "%" PRIu64 ESC_RESET "\n",
134                     __sync_fetch_and_add(&hfuzz->hwCnts.bbCnt, 0UL));
135     }
136     if (hfuzz->dynFileMethod & _HF_DYNFILE_BTS_EDGE) {
137         display_put("  - BTS unique edges:   " ESC_BOLD "%" PRIu64 ESC_RESET "\n",
138                     __sync_fetch_and_add(&hfuzz->hwCnts.bbCnt, 0UL));
139     }
140     if (hfuzz->dynFileMethod & _HF_DYNFILE_IPT_BLOCK) {
141         display_put("  - PT unique blocks: " ESC_BOLD "%" PRIu64 ESC_RESET "\n",
142                     __sync_fetch_and_add(&hfuzz->hwCnts.bbCnt, 0UL));
143     }
144     if (hfuzz->dynFileMethod & _HF_DYNFILE_CUSTOM) {
145         display_put("  - custom counter:        " ESC_BOLD "%" PRIu64 ESC_RESET "\n",
146                     __sync_fetch_and_add(&hfuzz->hwCnts.customCnt, 0UL));
147     }
148 
149     /* Sanitizer coverage specific counters */
150     if (hfuzz->useSanCov) {
151         uint64_t hitBB = __sync_fetch_and_add(&hfuzz->sanCovCnts.hitBBCnt, 0UL);
152         uint64_t totalBB = __sync_fetch_and_add(&hfuzz->sanCovCnts.totalBBCnt, 0UL);
153         uint8_t covPer = totalBB ? ((hitBB * 100) / totalBB) : 0;
154         display_put("  - total hit #bb:  " ESC_BOLD "%" PRIu64 ESC_RESET " (coverage %d%%)\n",
155                     hitBB, covPer);
156         display_put("  - total #dso:     " ESC_BOLD "%" PRIu64 ESC_RESET " (instrumented only)\n",
157                     __sync_fetch_and_add(&hfuzz->sanCovCnts.iDsoCnt, 0UL));
158         display_put("  - discovered #bb: " ESC_BOLD "%" PRIu64 ESC_RESET " (new from input seed)\n",
159                     __sync_fetch_and_add(&hfuzz->sanCovCnts.newBBCnt, 0UL));
160         display_put("  - crashes:        " ESC_BOLD "%" PRIu64 ESC_RESET "\n",
161                     __sync_fetch_and_add(&hfuzz->sanCovCnts.crashesCnt, 0UL));
162     }
163     display_put("============================== LOGS ==============================\n");
164 }
165 
display_display(honggfuzz_t * hfuzz)166 extern void display_display(honggfuzz_t * hfuzz)
167 {
168     display_displayLocked(hfuzz);
169 }
170