1 /*
2 *
3 * honggfuzz - display statistics
4 * -----------------------------------------
5 *
6 * Author: Robert Swiecki <swiecki@google.com>
7 *
8 * Copyright 2010-2018 by Google Inc. All Rights Reserved.
9 *
10 * Licensed under the Apache License, Version 2.0 (the "License"); you may
11 * not use this file except in compliance with the License. You may obtain
12 * a copy of the License at
13 *
14 * http://www.apache.org/licenses/LICENSE-2.0
15 *
16 * Unless required by applicable law or agreed to in writing, software
17 * distributed under the License is distributed on an "AS IS" BASIS,
18 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
19 * implied. See the License for the specific language governing
20 * permissions and limitations under the License.
21 *
22 */
23
24 #define _WITH_DPRINTF
25
26 #include "display.h"
27
28 #include <inttypes.h>
29 #include <math.h>
30 #include <stdarg.h>
31 #include <stdio.h>
32 #include <stdlib.h>
33 #include <string.h>
34 #include <unistd.h>
35
36 #include "libhfcommon/common.h"
37 #include "libhfcommon/log.h"
38 #include "libhfcommon/util.h"
39
40 #define ESC_CLEAR_ALL "\033[2J"
41 #define ESC_CLEAR_LINE "\033[2K"
42 #define ESC_CLEAR_ABOVE "\033[1J"
43 #define ESC_TERM_RESET "\033c"
44 #define ESC_NAV(x, y) "\033[" #x ";" #y "H"
45 #define ESC_BOLD "\033[1m"
46 #define ESC_RED "\033[31m"
47 #define ESC_RESET "\033[0m"
48 #define ESC_SCROLL_REGION(x, y) "\033[" #x ";" #y "r"
49 #define ESC_SCROLL_DISABLE "\033[?7h"
50 #define ESC_SCROLL_RESET "\033[r"
51 #define ESC_NAV_DOWN(x) "\033[" #x "B"
52 #define ESC_NAV_HORIZ(x) "\033[" #x "G"
53 #define ESC_RESET_SETTINGS "\033[!p"
54
55 /* printf() nonmonetary separator. According to MacOSX's man it's supported there as well */
56 #define _HF_NONMON_SEP "'"
57
display_put(const char * fmt,...)58 __attribute__((format(printf, 1, 2))) static void display_put(const char* fmt, ...) {
59 va_list args;
60 va_start(args, fmt);
61 vdprintf(logFd(), fmt, args);
62 va_end(args);
63 }
64
display_printKMG(uint64_t val)65 static void display_printKMG(uint64_t val) {
66 if (val >= 1000000000UL) {
67 display_put(" [%.02LfG]", (long double)val / 1000000000.0L);
68 } else if (val >= 1000000UL) {
69 display_put(" [%.02LfM]", (long double)val / 1000000.0L);
70 } else if (val >= 1000UL) {
71 display_put(" [%.02Lfk]", (long double)val / 1000.0L);
72 }
73 }
74
getCpuUse(int numCpus)75 static unsigned getCpuUse(int numCpus) {
76 static uint64_t prevUserT = 0UL;
77 static uint64_t prevNiceT = 0UL;
78 static uint64_t prevSystemT = 0UL;
79 static uint64_t prevIdleT = 0UL;
80
81 FILE* f = fopen("/proc/stat", "re");
82 if (f == NULL) {
83 return 0;
84 }
85 defer {
86 fclose(f);
87 };
88 uint64_t userT, niceT, systemT, idleT;
89 if (fscanf(f, "cpu %" PRIu64 "%" PRIu64 "%" PRIu64 "%" PRIu64, &userT, &niceT, &systemT,
90 &idleT) != 4) {
91 LOG_W("fscanf('/proc/stat') != 4");
92 return 0;
93 }
94
95 uint64_t userCycles = (userT - prevUserT);
96 uint64_t niceCycles = (niceT - prevNiceT);
97 uint64_t systemCycles = (systemT - prevSystemT);
98 uint64_t idleCycles = (idleT - prevIdleT);
99
100 prevUserT = userT;
101 prevNiceT = niceT;
102 prevSystemT = systemT;
103 prevIdleT = idleT;
104
105 uint64_t allCycles = userCycles + niceCycles + systemCycles + idleCycles;
106 if (allCycles == 0) {
107 return 0;
108 }
109
110 return ((userCycles + niceCycles + systemCycles) * numCpus * 100) / (allCycles);
111 }
112
getDuration(time_t elapsed_second,char * buf,size_t bufSz)113 static void getDuration(time_t elapsed_second, char* buf, size_t bufSz) {
114 if (elapsed_second < 0) {
115 snprintf(buf, bufSz, "----");
116 return;
117 }
118
119 unsigned int day, hour, min, second;
120 day = elapsed_second / 24 / 3600;
121 elapsed_second = elapsed_second - day * 24 * 3600;
122 hour = elapsed_second / 3600;
123 min = (elapsed_second - 3600 * hour) / 60;
124 second = elapsed_second - hour * 3600 - min * 60;
125 snprintf(buf, bufSz, "%u days %02u hrs %02u mins %02u secs", day, hour, min, second);
126 }
127
display_displayLocked(honggfuzz_t * hfuzz)128 static void display_displayLocked(honggfuzz_t* hfuzz) {
129 const time_t curr_sec = time(NULL);
130 const time_t elapsed_sec = curr_sec - hfuzz->timing.timeStart;
131 const int64_t curr_time_millis = util_timeNowMillis();
132 const int64_t elapsed_millis = curr_time_millis - hfuzz->display.lastDisplayMillis;
133 hfuzz->display.lastDisplayMillis = curr_time_millis;
134
135 char lastCovStr[64];
136 getDuration(curr_sec - ATOMIC_GET(hfuzz->timing.lastCovUpdate), lastCovStr, sizeof(lastCovStr));
137 char timeStr[64];
138 if (ATOMIC_GET(hfuzz->timing.runEndTime)) {
139 getDuration(ATOMIC_GET(hfuzz->timing.runEndTime) - curr_sec, timeStr, sizeof(timeStr));
140 } else {
141 getDuration(elapsed_sec, timeStr, sizeof(timeStr));
142 }
143
144 size_t curr_exec_cnt = ATOMIC_GET(hfuzz->cnts.mutationsCnt);
145 /*
146 * We increase the mutation counter unconditionally in threads, but if it's
147 * above hfuzz->mutationsMax we don't really execute the fuzzing loop.
148 * Therefore at the end of fuzzing, the mutation counter might be higher
149 * than hfuzz->mutationsMax
150 */
151 if (hfuzz->mutate.mutationsMax > 0 && curr_exec_cnt > hfuzz->mutate.mutationsMax) {
152 curr_exec_cnt = hfuzz->mutate.mutationsMax;
153 }
154 int exeProgress = 0;
155 if (hfuzz->mutate.mutationsMax > 0) {
156 exeProgress = (curr_exec_cnt * 100) / hfuzz->mutate.mutationsMax;
157 }
158
159 static size_t prev_exec_cnt = 0UL;
160 size_t exec_per_millis =
161 elapsed_millis ? ((curr_exec_cnt - prev_exec_cnt) * 1000) / elapsed_millis : 0;
162 prev_exec_cnt = curr_exec_cnt;
163
164 display_put(ESC_NAV(13, 1) ESC_CLEAR_ABOVE ESC_NAV(1, 1));
165 display_put("------------------------[" ESC_BOLD "%31s " ESC_RESET "]----------------------\n",
166 timeStr);
167 display_put(" Iterations : " ESC_BOLD "%" _HF_NONMON_SEP "zu" ESC_RESET, curr_exec_cnt);
168 display_printKMG(curr_exec_cnt);
169 if (hfuzz->mutate.mutationsMax) {
170 display_put(" (out of: " ESC_BOLD "%" _HF_NONMON_SEP "zu" ESC_RESET " [%d%%])",
171 hfuzz->mutate.mutationsMax, exeProgress);
172 }
173 switch (ATOMIC_GET(hfuzz->feedback.state)) {
174 case _HF_STATE_STATIC:
175 display_put("\n Mode : " ESC_BOLD "Static" ESC_RESET "\n");
176 break;
177 case _HF_STATE_DYNAMIC_DRY_RUN:
178 display_put("\n Mode [1/2] : " ESC_BOLD "Feedback Driven Dry Run" ESC_RESET "\n");
179 break;
180 case _HF_STATE_DYNAMIC_MAIN:
181 display_put("\n Mode [2/2] : " ESC_BOLD "Feedback Driven Mode" ESC_RESET "\n");
182 break;
183 default:
184 display_put("\n Mode : " ESC_BOLD "Unknown" ESC_RESET "\n");
185 break;
186 }
187 display_put(" Target : " ESC_BOLD "%s" ESC_RESET "\n", hfuzz->display.cmdline_txt);
188
189 static long num_cpu = 0;
190 if (num_cpu == 0) {
191 num_cpu = sysconf(_SC_NPROCESSORS_ONLN);
192 }
193 if (num_cpu <= 0) {
194 num_cpu = 1;
195 }
196 unsigned cpuUse = getCpuUse(num_cpu);
197 display_put(" Threads : " ESC_BOLD "%zu" ESC_RESET ", CPUs: " ESC_BOLD "%ld" ESC_RESET
198 ", CPU%%: " ESC_BOLD "%u" ESC_RESET "%% [" ESC_BOLD "%lu" ESC_RESET "%%/CPU]\n",
199 hfuzz->threads.threadsMax, num_cpu, cpuUse, cpuUse / num_cpu);
200
201 size_t tot_exec_per_sec = elapsed_sec ? (curr_exec_cnt / elapsed_sec) : 0;
202 display_put(" Speed : " ESC_BOLD "%" _HF_NONMON_SEP "zu" ESC_RESET "/sec [avg: " ESC_BOLD
203 "%" _HF_NONMON_SEP "zu" ESC_RESET "]\n",
204 exec_per_millis, tot_exec_per_sec);
205
206 uint64_t crashesCnt = ATOMIC_GET(hfuzz->cnts.crashesCnt);
207 /* colored the crash count as red when exist crash */
208 display_put(" Crashes : " ESC_BOLD "%s"
209 "%zu" ESC_RESET " [unique: %s" ESC_BOLD "%zu" ESC_RESET ", blacklist: " ESC_BOLD
210 "%zu" ESC_RESET ", verified: " ESC_BOLD "%zu" ESC_RESET "]\n",
211 crashesCnt > 0 ? ESC_RED : "", hfuzz->cnts.crashesCnt, crashesCnt > 0 ? ESC_RED : "",
212 ATOMIC_GET(hfuzz->cnts.uniqueCrashesCnt), ATOMIC_GET(hfuzz->cnts.blCrashesCnt),
213 ATOMIC_GET(hfuzz->cnts.verifiedCrashesCnt));
214 display_put(" Timeouts : " ESC_BOLD "%" _HF_NONMON_SEP "zu" ESC_RESET " [%lu sec]\n",
215 ATOMIC_GET(hfuzz->cnts.timeoutedCnt), (unsigned long)hfuzz->timing.tmOut);
216 /* Feedback data sources. Common headers. */
217 display_put(" Corpus Size : " ESC_BOLD "%" _HF_NONMON_SEP "zu" ESC_RESET ", max: " ESC_BOLD
218 "%" _HF_NONMON_SEP "zu" ESC_RESET " bytes, init: " ESC_BOLD "%" _HF_NONMON_SEP
219 "zu" ESC_RESET " files\n",
220 hfuzz->io.dynfileqCnt, hfuzz->mutate.maxFileSz, ATOMIC_GET(hfuzz->io.fileCnt));
221 display_put(" Cov Update : " ESC_BOLD "%s" ESC_RESET " ago\n" ESC_RESET, lastCovStr);
222 display_put(" Coverage :");
223
224 /* HW perf specific counters */
225 if (hfuzz->feedback.dynFileMethod == 0) {
226 display_put(" [none]");
227 }
228 if (hfuzz->feedback.dynFileMethod & _HF_DYNFILE_INSTR_COUNT) {
229 display_put(" hwi: " ESC_BOLD "%" _HF_NONMON_SEP PRIu64 ESC_RESET,
230 ATOMIC_GET(hfuzz->linux.hwCnts.cpuInstrCnt));
231 }
232 if (hfuzz->feedback.dynFileMethod & _HF_DYNFILE_BRANCH_COUNT) {
233 display_put(" hwb: " ESC_BOLD "%" _HF_NONMON_SEP PRIu64 ESC_RESET,
234 ATOMIC_GET(hfuzz->linux.hwCnts.cpuBranchCnt));
235 }
236 if (hfuzz->feedback.dynFileMethod & _HF_DYNFILE_BTS_EDGE) {
237 display_put(" bts: " ESC_BOLD "%" _HF_NONMON_SEP PRIu64 ESC_RESET,
238 ATOMIC_GET(hfuzz->linux.hwCnts.bbCnt));
239 }
240 if (hfuzz->feedback.dynFileMethod & _HF_DYNFILE_IPT_BLOCK) {
241 display_put(" ipt: " ESC_BOLD "%" _HF_NONMON_SEP PRIu64 ESC_RESET,
242 ATOMIC_GET(hfuzz->linux.hwCnts.bbCnt));
243 }
244 if (hfuzz->feedback.dynFileMethod & _HF_DYNFILE_SOFT) {
245 uint64_t softCntPc = ATOMIC_GET(hfuzz->linux.hwCnts.softCntPc);
246 uint64_t softCntEdge = ATOMIC_GET(hfuzz->linux.hwCnts.softCntEdge);
247 uint64_t softCntCmp = ATOMIC_GET(hfuzz->linux.hwCnts.softCntCmp);
248 display_put(" edge: " ESC_BOLD "%" _HF_NONMON_SEP PRIu64 ESC_RESET, softCntEdge);
249 display_put(" pc: " ESC_BOLD "%" _HF_NONMON_SEP PRIu64 ESC_RESET, softCntPc);
250 display_put(" cmp: " ESC_BOLD "%" _HF_NONMON_SEP PRIu64 ESC_RESET, softCntCmp);
251 }
252
253 display_put("\n---------------------------------- [ " ESC_BOLD "LOGS" ESC_RESET
254 " ] ------------------/ " ESC_BOLD "%s %s " ESC_RESET "/-",
255 PROG_NAME, PROG_VERSION);
256 display_put(ESC_SCROLL_REGION(13, ) ESC_NAV_HORIZ(1) ESC_NAV_DOWN(500));
257 }
258
display_createTargetStr(honggfuzz_t * hfuzz)259 void display_createTargetStr(honggfuzz_t* hfuzz) {
260 if (!hfuzz->exe.cmdline[0]) {
261 LOG_W("Your fuzzed binary is not specified");
262 snprintf(hfuzz->display.cmdline_txt, sizeof(hfuzz->display.cmdline_txt), "[EMPTY]");
263 return;
264 }
265
266 static char tmpstr[1024 * 128] = {0};
267 snprintf(tmpstr, sizeof(tmpstr), "%s", hfuzz->exe.cmdline[0]);
268 for (int i = 1; i < hfuzz->exe.argc; i++) {
269 util_ssnprintf(tmpstr, sizeof(tmpstr), " %s", hfuzz->exe.cmdline[i]);
270 }
271
272 size_t len = strlen(tmpstr);
273 if (len <= (sizeof(hfuzz->display.cmdline_txt) - 1)) {
274 snprintf(hfuzz->display.cmdline_txt, sizeof(hfuzz->display.cmdline_txt), "%s", tmpstr);
275 return;
276 }
277
278 snprintf(hfuzz->display.cmdline_txt, sizeof(hfuzz->display.cmdline_txt), "%.32s.....%s", tmpstr,
279 &tmpstr[len - 27]);
280 }
281
display_display(honggfuzz_t * hfuzz)282 void display_display(honggfuzz_t* hfuzz) {
283 if (logIsTTY() == false) {
284 return;
285 }
286 MX_SCOPED_LOCK(logMutexGet());
287 display_displayLocked(hfuzz);
288 }
289
display_fini(void)290 void display_fini(void) {
291 display_put(ESC_SCROLL_RESET ESC_NAV_DOWN(500));
292 }
293
display_init(void)294 void display_init(void) {
295 atexit(display_fini);
296 display_put(ESC_CLEAR_ALL);
297 display_put(ESC_NAV_DOWN(500));
298 }
299