void arch_bfdDisasm(pid_t pid, uint8_t * mem, size_t size, char *instr)
{
MX_SCOPED_LOCK(&arch_bfd_mutex);
bfd_init();
char fname[PATH_MAX];
snprintf(fname, sizeof(fname), "/proc/%d/exe", pid);
bfd *bfdh = bfd_openr(fname, NULL);
if (bfdh == NULL) {
LOG_W("bfd_openr('/proc/%d/exe') failed", pid);
return;
}
defer {
bfd_close(bfdh);
};
if (!bfd_check_format(bfdh, bfd_object)) {
LOG_W("bfd_check_format() failed");
return;
}
disassembler_ftype disassemble = disassembler(bfdh);
if (disassemble == NULL) {
LOG_W("disassembler() failed");
return;
}
struct disassemble_info info;
init_disassemble_info(&info, instr, arch_bfdFPrintF);
info.arch = bfd_get_arch(bfdh);
info.mach = bfd_get_mach(bfdh);
info.buffer = mem;
info.buffer_length = size;
info.section = NULL;
info.endian = bfd_little_endian(bfdh) ? BFD_ENDIAN_LITTLE : BFD_ENDIAN_BIG;
disassemble_init_for_target(&info);
strcpy(instr, "");
if (disassemble(0, &info) <= 0) {
snprintf(instr, _HF_INSTR_SZ, "[DIS-ASM_FAILURE]");
}
}
void arch_bfdResolveSyms(pid_t pid, funcs_t * funcs, size_t num)
{
/* Guess what? libbfd is not multi-threading safe */
MX_SCOPED_LOCK(&arch_bfd_mutex);
bfd_init();
__block bfd_t bfdParams = {
.bfdh = NULL,
.section = NULL,
.syms = NULL,
};
if (arch_bfdInit(pid, &bfdParams) == false) {
return;
}
defer {
arch_bfdDestroy(&bfdParams);
};
const char *func;
const char *file;
unsigned int line;
for (unsigned int i = 0; i < num; i++) {
snprintf(funcs[i].func, sizeof(funcs->func), "[UNKNOWN]");
if (funcs[i].pc == NULL) {
continue;
}
long offset = (long)funcs[i].pc - bfdParams.section->vma;
if ((offset < 0 || (unsigned long)offset > bfdParams.section->size)) {
continue;
}
if (bfd_find_nearest_line
(bfdParams.bfdh, bfdParams.section, bfdParams.syms, offset, &file, &func, &line)) {
snprintf(funcs[i].func, sizeof(funcs->func), "%s", func);
funcs[i].line = line;
}
}
}
void report_Report(run_t* run) {
if (run->report[0] == '\0') {
return;
}
MX_SCOPED_LOCK(&run->global->cfg.report_mutex);
if (reportFD == -1) {
char reportFName[PATH_MAX];
if (run->global->cfg.reportFile == NULL) {
snprintf(reportFName, sizeof(reportFName), "%s/%s", run->global->io.workDir,
_HF_REPORT_FILE);
} else {
snprintf(reportFName, sizeof(reportFName), "%s", run->global->cfg.reportFile);
}
reportFD =
TEMP_FAILURE_RETRY(open(reportFName, O_WRONLY | O_CREAT | O_APPEND | O_CLOEXEC, 0644));
if (reportFD == -1) {
PLOG_F("Couldn't open('%s') for writing", reportFName);
}
}
char localtmstr[PATH_MAX];
util_getLocalTime("%F.%H:%M:%S", localtmstr, sizeof(localtmstr), time(NULL));
dprintf(reportFD,
"=====================================================================\n"
"TIME: %s\n"
"=====================================================================\n"
"FUZZER ARGS:\n"
" mutationsPerRun : %u\n"
" externalCmd : %s\n"
" fuzzStdin : %s\n"
" timeout : %ld (sec)\n"
#if defined(_HF_ARCH_LINUX) || defined(_HF_ARCH_NETBSD)
" ignoreAddr : %p\n"
#endif
" ASLimit : %" PRIu64 " (MiB)\n"
" RSSLimit : %" PRIu64 " (MiB)\n"
" DATALimit : %" PRIu64 " (MiB)\n"
" wordlistFile : %s\n",
localtmstr, run->global->mutate.mutationsPerRun,
run->global->exe.externalCommand == NULL ? "NULL" : run->global->exe.externalCommand,
run->global->exe.fuzzStdin ? "TRUE" : "FALSE", run->global->timing.tmOut,
#if defined(_HF_ARCH_LINUX)
run->global->linux.ignoreAddr,
#elif defined(_HF_ARCH_NETBSD)
run->global->netbsd.ignoreAddr,
#endif
run->global->exe.asLimit, run->global->exe.rssLimit, run->global->exe.dataLimit,
run->global->mutate.dictionaryFile == NULL ? "NULL" : run->global->mutate.dictionaryFile);
#if defined(_HF_ARCH_LINUX)
report_printdynFileMethod(run);
#endif
report_printTargetCmd(run);
dprintf(reportFD,
"%s"
"=====================================================================\n",
run->report);
}
static void display_displayLocked(honggfuzz_t * hfuzz)
{
static bool firstDisplay = true;
if (firstDisplay) {
display_put(ESC_CLEAR_ALL);
firstDisplay = false;
}
char *target;
char *extern_fuzzer;
char *time_elapsed_str;
char *time_remain_str;
unsigned long elapsed_second;
unsigned long remain_second;
float speed_second;
unsigned int TITLE_LEN = 78;
unsigned int LEFT_TITLE_LEN = 41;
int remain_title_len;
elapsed_second = (unsigned long)(time(NULL) - hfuzz->timeStart);
time_elapsed_str = get_time_elapsed(hfuzz->timeStart);
size_t curr_exec_cnt = ATOMIC_GET(hfuzz->mutationsCnt);
/*
* We increase the mutation counter unconditionally in threads, but if it's
* above hfuzz->mutationsMax we don't really execute the fuzzing loop.
* Therefore at the end of fuzzing, the mutation counter might be higher
* than hfuzz->mutationsMax
*/
if (hfuzz->mutationsMax > 0 && curr_exec_cnt > hfuzz->mutationsMax) {
curr_exec_cnt = hfuzz->mutationsMax;
}
float exeProgress = 0.0f;
if (hfuzz->mutationsMax > 0) {
exeProgress = ((float)curr_exec_cnt * 100 / hfuzz->mutationsMax);
}
static size_t prev_exec_cnt = 0UL;
//uintptr_t exec_per_sec = curr_exec_cnt - prev_exec_cnt;
prev_exec_cnt = curr_exec_cnt;
/* The lock should be acquired before any output is printed on the screen */
MX_SCOPED_LOCK(logMutexGet());
target = files_get_filename_in_path(hfuzz->cmdline[0]);
hfuzz->target = target;
speed_second = elapsed_second ? ((float)curr_exec_cnt / elapsed_second) : ((float)ATOMIC_GET(hfuzz->tmOut)/hfuzz->threadsMax);
LOG_D("speed_second: %f\n", speed_second);
int remain_file_cnt = ATOMIC_GET(hfuzz->fileCnt) - curr_exec_cnt;
remain_second = (remain_file_cnt>0? remain_file_cnt:1) / speed_second;
time_remain_str = get_time_remain(remain_second);
display_put(ESC_NAV(11, 1) ESC_CLEAR_ABOVE ESC_NAV(1, 1));
display_put("-------------------------[ " ESC_BOLD ESC_YELLOW "%s " ESC_RESET ESC_BOLD"v%s " ESC_PINK "(%s)" ESC_RESET" ]",
PROG_NAME, PROG_VERSION, target );
remain_title_len = TITLE_LEN - LEFT_TITLE_LEN - strlen(target) - 3;
if (remain_title_len) {
for(int i=0;i<remain_title_len;i++){
printf("-");
}
} else {
LOG_W("target name very long!");
}
printf("\n");
display_put(ESC_WHITE " Iterations : " ESC_RESET ESC_BOLD "%" _HF_MONETARY_MOD "zu" ESC_RESET, curr_exec_cnt);
display_printKMG(curr_exec_cnt);
if (hfuzz->mutationsMax) {
display_put(" (out of: " ESC_BOLD "%" _HF_MONETARY_MOD "zu" ESC_RESET " [" ESC_BOLD "%.2f"
ESC_RESET "%%])", hfuzz->mutationsMax, exeProgress);
}
switch (ATOMIC_GET(hfuzz->state)) {
case _HF_STATE_STATIC:
display_put(ESC_WHITE "\n Run Mode : " ESC_RESET ESC_GREEN ESC_BOLD "Dumb Fuzzing" ESC_RESET);
break;
case _HF_STATE_DRY_RUN:
display_put(ESC_WHITE "\n Run Mode : " ESC_RESET ESC_GREEN ESC_BOLD "Dry Run" ESC_RESET);
break;
case _HF_STATE_DYNAMIC_PRE:
display_put(ESC_WHITE "\n Run Mode : " ESC_RESET ESC_GREEN ESC_BOLD "Dynamic Fuzzing" ESC_RESET);
break;
case _HF_STATE_DYNAMIC_MAIN:
display_put(ESC_WHITE "\n Run Mode : " ESC_RESET ESC_GREEN ESC_BOLD "Feedback-driven Fuzzing" ESC_RESET);
break;
case _HF_STATE_EXTERN:
extern_fuzzer = files_get_filename_in_path(hfuzz->externalCommand);
display_put(ESC_WHITE "\n Run Mode : " ESC_RESET ESC_GREEN ESC_BOLD "External (%s)" ESC_RESET, extern_fuzzer);
break;
default:
display_put(ESC_WHITE "\n Run Mode : " ESC_RESET ESC_GREEN ESC_BOLD "Unknown" ESC_RESET);
break;
}
char start_time_str[128];
util_getLocalTime("%F %T", start_time_str, sizeof(start_time_str), hfuzz->timeStart);
if(ATOMIC_GET(hfuzz->state) == _HF_STATE_DRY_RUN){
display_put(ESC_WHITE "\n Run Time : " ESC_RESET ESC_BOLD "%s (" ESC_RESET ESC_WHITE "Remain: " ESC_RESET ESC_BOLD "%s)\n" ESC_RESET , time_elapsed_str, time_remain_str);
}else{
display_put(ESC_WHITE "\n Run Time : " ESC_RESET ESC_BOLD "%s\n" ESC_RESET , time_elapsed_str);
}
static char tmpstr[1024] = {0};
size_t len = strlen(hfuzz->inputDir);
if(len > 40){
snprintf(tmpstr, sizeof(tmpstr), "%.32s...%s", hfuzz->inputDir, hfuzz->inputDir+len-18);
}else{
snprintf(tmpstr, sizeof(tmpstr), "%s", hfuzz->inputDir);
}
display_put(ESC_WHITE " Input Dir : " ESC_RESET ESC_RED "[% " _HF_MONETARY_MOD "zu] " ESC_RESET ESC_BOLD "'%s" ESC_RESET "'\n",
ATOMIC_GET(hfuzz->fileCnt), tmpstr);
/*
display_put(ESC_WHITE " Fuzzed Cmd : " ESC_RESET ESC_BOLD "'%s" ESC_RESET "'\n", hfuzz->cmdline_txt);
if (hfuzz->linux.pid > 0) {
display_put(ESC_WHITE "Remote cmd [" ESC_BOLD "%d" ESC_RESET "]: '" ESC_RESET ESC_BOLD "%s" ESC_RESET
"'\n", hfuzz->linux.pid, hfuzz->linux.pidCmd);
}
*/
static long num_cpu = 0;
if (num_cpu == 0) {
num_cpu = sysconf(_SC_NPROCESSORS_ONLN);
}
double cpuUse = getCpuUse(num_cpu);
display_put(ESC_WHITE " Threads : " ESC_RESET ESC_BOLD "%zu" ESC_RESET ", " ESC_WHITE "CPUs: " ESC_RESET ESC_BOLD "%ld" ESC_RESET
", " ESC_WHITE "CPU: " ESC_RESET ESC_BOLD "%.1lf" ESC_RESET "%%\n",
hfuzz->threadsMax, num_cpu, cpuUse / num_cpu);
display_put(ESC_WHITE " Speed : " ESC_RESET ESC_BOLD "%.2f" ESC_RESET ESC_WHITE "/sec" ESC_RESET"\n",
elapsed_second ? ((float_t)curr_exec_cnt / elapsed_second) : 0);
uint64_t crashesCnt = ATOMIC_GET(hfuzz->crashesCnt);
/* colored the crash count as red when exist crash */
display_put(ESC_WHITE " Crashes : " ESC_RESET ESC_BOLD "%s" "%zu" ESC_RESET " (" ESC_WHITE "unique: " ESC_RESET "%s" ESC_BOLD "%zu"
ESC_RESET ", " ESC_WHITE "blacklist: " ESC_RESET ESC_BOLD "%zu" ESC_RESET ", " ESC_WHITE "verified: " ESC_RESET
ESC_BOLD "%s" "%zu" ESC_RESET ")\n", crashesCnt > 0 ? ESC_RED : "", hfuzz->crashesCnt,
ATOMIC_GET(hfuzz->uniqueCrashesCnt) > 0 ? ESC_RED : "",
ATOMIC_GET(hfuzz->uniqueCrashesCnt), ATOMIC_GET(hfuzz->blCrashesCnt),
ATOMIC_GET(hfuzz->verifiedCrashesCnt) > 0 ? ESC_RED : "",
ATOMIC_GET(hfuzz->verifiedCrashesCnt));
display_put(ESC_WHITE " Timeouts : " ESC_RESET ESC_BOLD "%" _HF_MONETARY_MOD "zu" ESC_RESET " [%"
_HF_MONETARY_MOD "zu sec]\n", ATOMIC_GET(hfuzz->timeoutedCnt), hfuzz->tmOut);
/* Feedback data sources are enabled. Start with common headers. */
if (hfuzz->dynFileMethod != _HF_DYNFILE_NONE || hfuzz->useSanCov) {
/*
display_put(ESC_WHITE " Corpus Size : " ESC_RESET ESC_BOLD "%" _HF_MONETARY_MOD "zu" ESC_RESET
", " ESC_WHITE "max size (bytes): " ESC_RESET ESC_BOLD "%" _HF_MONETARY_MOD "zu" ESC_RESET "\n",
hfuzz->dynfileqCnt, hfuzz->maxFileSz);
display_put(ESC_WHITE " Coverage :\n" ESC_RESET);
*/
}else{
display_put(ESC_WHITE " Coverage : N/A\n" ESC_RESET);
}
/* HW perf specific counters */
if (hfuzz->dynFileMethod & _HF_DYNFILE_INSTR_COUNT) {
display_put(ESC_YELLOW " *** instructions: " ESC_RESET ESC_BOLD "%" _HF_MONETARY_MOD PRIu64 ESC_RESET
"\n", ATOMIC_GET(hfuzz->linux.hwCnts.cpuInstrCnt));
}
if (hfuzz->dynFileMethod & _HF_DYNFILE_BRANCH_COUNT) {
display_put(ESC_YELLOW " *** branches: " ESC_RESET ESC_BOLD "%" _HF_MONETARY_MOD PRIu64 ESC_RESET
"\n", ATOMIC_GET(hfuzz->linux.hwCnts.cpuBranchCnt));
}
if (hfuzz->dynFileMethod & _HF_DYNFILE_BTS_BLOCK) {
display_put(ESC_YELLOW " *** BTS blocks: " ESC_RESET ESC_BOLD "%" _HF_MONETARY_MOD PRIu64 ESC_RESET
"\n", ATOMIC_GET(hfuzz->linux.hwCnts.bbCnt));
}
if (hfuzz->dynFileMethod & _HF_DYNFILE_BTS_EDGE) {
display_put(ESC_YELLOW " *** BTS edges: " ESC_RESET ESC_BOLD "%" _HF_MONETARY_MOD PRIu64 ESC_RESET
"\n", ATOMIC_GET(hfuzz->linux.hwCnts.bbCnt));
}
if (hfuzz->dynFileMethod & _HF_DYNFILE_IPT_BLOCK) {
display_put(ESC_YELLOW " *** PT blocks: " ESC_RESET ESC_BOLD "%" _HF_MONETARY_MOD PRIu64 ESC_RESET
"\n", ATOMIC_GET(hfuzz->linux.hwCnts.bbCnt));
}
if (hfuzz->dynFileMethod & _HF_DYNFILE_SOFT) {
uint64_t softCntPc = ATOMIC_GET(hfuzz->linux.hwCnts.softCntPc);
uint64_t softCntCmp = ATOMIC_GET(hfuzz->linux.hwCnts.softCntCmp);
display_put(ESC_YELLOW " *** blocks seen: " ESC_RESET ESC_BOLD "%" _HF_MONETARY_MOD PRIu64 ESC_RESET
", comparison map: " ESC_BOLD "%" _HF_MONETARY_MOD PRIu64 ESC_RESET "\n",
softCntPc, softCntCmp);
}
/* Sanitizer coverage specific counters */
if (hfuzz->useSanCov) {
uint64_t hitBB = ATOMIC_GET(hfuzz->sanCovCnts.hitBBCnt);
uint64_t totalBB = ATOMIC_GET(hfuzz->sanCovCnts.totalBBCnt);
float covPer = totalBB ? (((float)hitBB * 100) / totalBB) : 0.0;
display_put(ESC_YELLOW " Coverage : " ESC_RESET ESC_BOLD "%.2f" ESC_RESET "%%"
"(" ESC_BOLD "%" _HF_MONETARY_MOD PRIu64 ESC_RESET ESC_WHITE
", last update:" ESC_RESET ESC_BOLD " %s" ESC_RESET ")\n", covPer, hitBB,
get_time_elapsed(ATOMIC_GET(hfuzz->sanCovCnts.lastBBTime)));
/*
display_put(ESC_YELLOW " *** hit #bb : " ESC_RESET ESC_BOLD "%" _HF_MONETARY_MOD PRIu64 ESC_RESET
" (" ESC_WHITE "coverage: " ESC_RESET ESC_BOLD "%.2f" ESC_RESET "%%)\n", hitBB, covPer);
display_put(ESC_YELLOW " *** total #dso : " ESC_RESET ESC_BOLD "%" _HF_MONETARY_MOD PRIu64 ESC_RESET
" (" ESC_WHITE "Instrumented Dynamic Shared Object" ESC_RESET ")\n", ATOMIC_GET(hfuzz->sanCovCnts.iDsoCnt));
display_put(ESC_YELLOW " *** new #bb : " ESC_RESET ESC_BOLD "%" _HF_MONETARY_MOD PRIu64 ESC_RESET
" (" ESC_WHITE "last update:" ESC_RESET ESC_BOLD " %s)\n" ESC_RESET,
ATOMIC_GET(hfuzz->sanCovCnts.newBBCnt),
get_time_elapsed(ATOMIC_GET(hfuzz->sanCovCnts.lastBBTime)));
display_put(ESC_YELLOW " *** crashes : " ESC_RESET ESC_BOLD "%" _HF_MONETARY_MOD PRIu64 ESC_RESET
"\n", ATOMIC_GET(hfuzz->sanCovCnts.crashesCnt));
*/
}
display_put("-----------------------------------[ " ESC_BOLD ESC_YELLOW "LOGS" ESC_RESET
" ]-----------------------------------\n");
display_put(ESC_SCROLL(12, 999) ESC_NAV(999, 1));
}
static void display_displayLocked(honggfuzz_t * hfuzz)
{
unsigned long elapsed_second = (unsigned long)(time(NULL) - hfuzz->timeStart);
unsigned int day, hour, min, second;
char time_elapsed_str[64];
if (elapsed_second < 24 * 3600) {
hour = elapsed_second / 3600;
min = (elapsed_second - 3600 * hour) / 60;
second = elapsed_second - hour * 3600 - min * 60;
snprintf(time_elapsed_str, sizeof(time_elapsed_str), "%u hrs %u min %u sec", hour,
min, second);
} else {
day = elapsed_second / 24 / 3600;
elapsed_second = elapsed_second - day * 24 * 3600;
hour = elapsed_second / 3600;
min = (elapsed_second - 3600 * hour) / 60;
second = elapsed_second - hour * 3600 - min * 60;
snprintf(time_elapsed_str, sizeof(time_elapsed_str),
"%u days %u hrs %u min %u sec", day, hour, min, second);
}
size_t curr_exec_cnt = ATOMIC_GET(hfuzz->mutationsCnt);
/*
* We increase the mutation counter unconditionally in threads, but if it's
* above hfuzz->mutationsMax we don't really execute the fuzzing loop.
* Therefore at the end of fuzzing, the mutation counter might be higher
* than hfuzz->mutationsMax
*/
if (hfuzz->mutationsMax > 0 && curr_exec_cnt > hfuzz->mutationsMax) {
curr_exec_cnt = hfuzz->mutationsMax;
}
float exeProgress = 0.0f;
if (hfuzz->mutationsMax > 0) {
exeProgress = ((float)curr_exec_cnt * 100 / hfuzz->mutationsMax);
}
static size_t prev_exec_cnt = 0UL;
uintptr_t exec_per_sec = curr_exec_cnt - prev_exec_cnt;
prev_exec_cnt = curr_exec_cnt;
/* The lock should be acquired before any output is printed on the screen */
MX_SCOPED_LOCK(logMutexGet());
display_put("%s", ESC_CLEAR);
display_put("----------------------------[ %s v%s ]---------------------------\n",
PROG_NAME, PROG_VERSION);
display_put(" Iterations : " ESC_BOLD "%" _HF_MONETARY_MOD "zu" ESC_RESET, curr_exec_cnt);
display_printKMG(curr_exec_cnt);
if (hfuzz->mutationsMax) {
display_put(" (out of: " ESC_BOLD "%zu" ESC_RESET " [" ESC_BOLD "%.2f" ESC_RESET
"%%])", hfuzz->mutationsMax, exeProgress);
}
switch (ATOMIC_GET(hfuzz->state)) {
case _HF_STATE_STATIC:
display_put("\n Phase : " ESC_BOLD "Static Main" ESC_RESET);
break;
case _HF_STATE_DYNAMIC_PRE:
display_put("\n Phase : " ESC_BOLD "Dynamic Pre" ESC_RESET);
break;
case _HF_STATE_DYNAMIC_MAIN:
display_put("\n Phase : " ESC_BOLD "Dynamic Main" ESC_RESET);
break;
default:
display_put("\n Phase : " ESC_BOLD "Unknown" ESC_RESET);
break;
}
char start_time_str[128];
util_getLocalTime("%F %T", start_time_str, sizeof(start_time_str), hfuzz->timeStart);
display_put("\n Run Time : " ESC_BOLD "%s" ESC_RESET " (since: " ESC_BOLD "%s" ESC_RESET
")\n", time_elapsed_str, start_time_str);
display_put(" Input Dir : '" ESC_BOLD "%s" ESC_RESET "'\n",
hfuzz->inputDir != NULL ? hfuzz->inputDir : "[NONE]");
display_put(" Fuzzed Cmd : '" ESC_BOLD "%s" ESC_RESET "'\n", hfuzz->cmdline_txt);
if (hfuzz->linux.pid > 0) {
display_put("Remote cmd [" ESC_BOLD "%d" ESC_RESET "]: '" ESC_BOLD "%s" ESC_RESET
"'\n", hfuzz->linux.pid, hfuzz->linux.pidCmd);
}
static long num_cpu = 0;
if (num_cpu == 0) {
num_cpu = sysconf(_SC_NPROCESSORS_ONLN);
}
double cpuUse = getCpuUse(num_cpu);
display_put(" Threads : " ESC_BOLD "%zu" ESC_RESET ", CPUs: " ESC_BOLD "%ld" ESC_RESET
", CPU: " ESC_BOLD "%.1lf" ESC_RESET "%% (" ESC_BOLD "%.1lf" ESC_RESET "%%/CPU)\n",
hfuzz->threadsMax, num_cpu, cpuUse, cpuUse / num_cpu);
display_put(" Speed : " ESC_BOLD "% " _HF_MONETARY_MOD "zu" ESC_RESET "/sec"
" (avg: " ESC_BOLD "%" _HF_MONETARY_MOD "zu" ESC_RESET ")\n", exec_per_sec,
elapsed_second ? (curr_exec_cnt / elapsed_second) : 0);
/* If dry run, print also the input file count */
if (hfuzz->origFlipRate == 0.0L && hfuzz->useVerifier) {
display_put(" Input Files : '" ESC_BOLD "%" _HF_MONETARY_MOD "zu" ESC_RESET "'\n",
hfuzz->fileCnt);
}
uint64_t crashesCnt = ATOMIC_GET(hfuzz->crashesCnt);
/* colored the crash count as red when exist crash */
display_put(" Crashes : " ESC_BOLD "%s" "%zu" ESC_RESET " (unique: %s" ESC_BOLD "%zu"
ESC_RESET ", blacklist: " ESC_BOLD "%zu" ESC_RESET ", verified: "
ESC_BOLD "%zu" ESC_RESET ")\n", crashesCnt > 0 ? ESC_RED : "",
hfuzz->crashesCnt, crashesCnt > 0 ? ESC_RED : "",
ATOMIC_GET(hfuzz->uniqueCrashesCnt), ATOMIC_GET(hfuzz->blCrashesCnt),
ATOMIC_GET(hfuzz->verifiedCrashesCnt));
display_put(" Timeouts : " ESC_BOLD "%" _HF_MONETARY_MOD "zu" ESC_RESET " [%"
_HF_MONETARY_MOD "zu sec.]\n", ATOMIC_GET(hfuzz->timeoutedCnt), hfuzz->tmOut);
/* Feedback data sources are enabled. Start with common headers. */
if (hfuzz->dynFileMethod != _HF_DYNFILE_NONE || hfuzz->useSanCov) {
display_put(" Corpus Size : " ESC_BOLD "%" _HF_MONETARY_MOD "zu" ESC_RESET
", max size (bytes): " ESC_BOLD "%" _HF_MONETARY_MOD "zu" ESC_RESET "\n",
hfuzz->dynfileqCnt, hfuzz->maxFileSz);
display_put(" Coverage :\n");
}
/* HW perf specific counters */
if (hfuzz->dynFileMethod & _HF_DYNFILE_INSTR_COUNT) {
display_put(" *** instructions: " ESC_BOLD "%" _HF_MONETARY_MOD PRIu64 ESC_RESET
"\n", ATOMIC_GET(hfuzz->linux.hwCnts.cpuInstrCnt));
}
if (hfuzz->dynFileMethod & _HF_DYNFILE_BRANCH_COUNT) {
display_put(" *** branches: " ESC_BOLD "%" _HF_MONETARY_MOD PRIu64 ESC_RESET
"\n", ATOMIC_GET(hfuzz->linux.hwCnts.cpuBranchCnt));
}
if (hfuzz->dynFileMethod & _HF_DYNFILE_BTS_BLOCK) {
display_put(" *** BTS blocks: " ESC_BOLD "%" _HF_MONETARY_MOD PRIu64 ESC_RESET
"\n", ATOMIC_GET(hfuzz->linux.hwCnts.bbCnt));
}
if (hfuzz->dynFileMethod & _HF_DYNFILE_BTS_EDGE) {
display_put(" *** BTS edges: " ESC_BOLD "%" _HF_MONETARY_MOD PRIu64 ESC_RESET
"\n", ATOMIC_GET(hfuzz->linux.hwCnts.bbCnt));
}
if (hfuzz->dynFileMethod & _HF_DYNFILE_IPT_BLOCK) {
display_put(" *** PT blocks: " ESC_BOLD "%" _HF_MONETARY_MOD PRIu64 ESC_RESET
"\n", ATOMIC_GET(hfuzz->linux.hwCnts.bbCnt));
}
if (hfuzz->dynFileMethod & _HF_DYNFILE_CUSTOM) {
display_put(" *** custom counter: " ESC_BOLD "%" _HF_MONETARY_MOD PRIu64 ESC_RESET
"\n", ATOMIC_GET(hfuzz->linux.hwCnts.customCnt));
}
if (hfuzz->dynFileMethod & _HF_DYNFILE_SOFT) {
uint64_t softCntPc = ATOMIC_GET(hfuzz->linux.hwCnts.softCntPc);
uint64_t softCntCmp = ATOMIC_GET(hfuzz->linux.hwCnts.softCntCmp);
display_put(" *** blocks seen: " ESC_BOLD "%" _HF_MONETARY_MOD PRIu64 ESC_RESET
", comparison map: " ESC_BOLD "%" _HF_MONETARY_MOD PRIu64 ESC_RESET "\n",
softCntPc, softCntCmp);
}
/* Sanitizer coverage specific counters */
if (hfuzz->useSanCov) {
uint64_t hitBB = ATOMIC_GET(hfuzz->sanCovCnts.hitBBCnt);
uint64_t totalBB = ATOMIC_GET(hfuzz->sanCovCnts.totalBBCnt);
float covPer = totalBB ? (((float)hitBB * 100) / totalBB) : 0.0;
display_put(" *** total hit #bb: " ESC_BOLD "%" _HF_MONETARY_MOD PRIu64 ESC_RESET
" (coverage " ESC_BOLD "%.2f" ESC_RESET "%%)\n", hitBB, covPer);
display_put(" *** total #dso: " ESC_BOLD "%" _HF_MONETARY_MOD PRIu64 ESC_RESET
" (instrumented only)\n", ATOMIC_GET(hfuzz->sanCovCnts.iDsoCnt));
display_put(" *** discovered #bb: " ESC_BOLD "%" _HF_MONETARY_MOD PRIu64 ESC_RESET
" (new from input seed)\n", ATOMIC_GET(hfuzz->sanCovCnts.newBBCnt));
display_put(" *** crashes: " ESC_BOLD "%" _HF_MONETARY_MOD PRIu64 ESC_RESET
"\n", ATOMIC_GET(hfuzz->sanCovCnts.crashesCnt));
}
display_put("-----------------------------------[ LOGS ]-----------------------------------\n");
}
void logLog(enum llevel_t ll, const char *fn, int ln, bool perr, const char *fmt, ...)
{
char strerr[512];
if (perr == true) {
snprintf(strerr, sizeof(strerr), "%s", strerror(errno));
}
struct ll_t {
const char *descr;
const char *prefix;
const bool print_funcline;
const bool print_time;
};
static const struct ll_t logLevels[] = {
{"F", "\033[7;35m", true, true},
{"E", "\033[1;31m", true, true},
{"W", "\033[0;33m", true, true},
{"I", "\033[1m", false, false},
{"D", "\033[0;4m", true, true},
{"HR", "\033[0m", false, false},
{"HB", "\033[1m", false, false},
};
time_t ltstamp = time(NULL);
struct tm utctime;
localtime_r(<stamp, &utctime);
char timestr[32];
if (strftime(timestr, sizeof(timestr) - 1, "%FT%T%z", &utctime) == 0) {
timestr[0] = '\0';
}
/* Start printing logs */
{
MX_SCOPED_LOCK(&log_mutex);
if (log_fd_isatty) {
dprintf(log_fd, "%s", logLevels[ll].prefix);
}
if (logLevels[ll].print_time) {
dprintf(log_fd, "[%s][%s][%d] ", timestr, logLevels[ll].descr, __hf_pid());
}
if (logLevels[ll].print_funcline) {
dprintf(log_fd, "%s():%d ", fn, ln);
}
va_list args;
va_start(args, fmt);
vdprintf(log_fd, fmt, args);
va_end(args);
if (perr == true) {
dprintf(log_fd, ": %s", strerr);
}
if (log_fd_isatty) {
dprintf(log_fd, "\033[0m");
}
dprintf(log_fd, "\n");
}
/* End printing logs */
if (ll == FATAL) {
exit(1);
}
}
