1 /*
2 *
3 * honggfuzz - display statistics
4 * -----------------------------------------
5 *
6 * Author: Robert Swiecki <swiecki@google.com>
7 *
8 * Copyright 2010-2015 by Google Inc. All Rights Reserved.
9 *
10 * Licensed under the Apache License, Version 2.0 (the "License"); you may
11 * not use this file except in compliance with the License. You may obtain
12 * a copy of the License at
13 *
14 * http://www.apache.org/licenses/LICENSE-2.0
15 *
16 * Unless required by applicable law or agreed to in writing, software
17 * distributed under the License is distributed on an "AS IS" BASIS,
18 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
19 * implied. See the License for the specific language governing
20 * permissions and limitations under the License.
21 *
22 */
23
24 #define _WITH_DPRINTF
25
26 #include "display.h"
27
28 #include <inttypes.h>
29 #include <math.h>
30 #include <stdarg.h>
31 #include <stdio.h>
32 #include <stdlib.h>
33 #include <string.h>
34 #include <unistd.h>
35
36 #include "libcommon/common.h"
37 #include "libcommon/log.h"
38 #include "libcommon/util.h"
39
40 #define ESC_CLEAR_ALL "\033[2J"
41 #define ESC_CLEAR_LINE "\033[2K"
42 #define ESC_CLEAR_ABOVE "\033[1J"
43 #define ESC_TERM_RESET "\033c"
44 #define ESC_NAV(x, y) "\033[" #x ";" #y "H"
45 #define ESC_BOLD "\033[1m"
46 #define ESC_RED "\033[31m"
47 #define ESC_RESET "\033[0m"
48 #define ESC_SCROLL(x, y) "\033[" #x ";" #y "r"
49 #define ESC_SCROLL_DISABLE "\033[?7h"
50 #define ESC_SCROLL_ENABLE "\033[r"
51 #define ESC_RESET_SETTINGS "\033[!p"
52
53 #if defined(_HF_ARCH_LINUX)
54 #define _HF_MONETARY_MOD "'"
55 #else
56 #define _HF_MONETARY_MOD ""
57 #endif
58
display_put(const char * fmt,...)59 static void display_put(const char* fmt, ...) {
60 va_list args;
61 va_start(args, fmt);
62 vdprintf(logFd(), fmt, args);
63 va_end(args);
64 }
65
display_printKMG(uint64_t val)66 static void display_printKMG(uint64_t val) {
67 if (val >= 1000000000UL) {
68 display_put(" [%.2lfG]", (double)val / 1000000000.0);
69 } else if (val >= 1000000UL) {
70 display_put(" [%.2lfM]", (double)val / 1000000.0);
71 } else if (val >= 1000UL) {
72 display_put(" [%.2lfk]", (double)val / 1000.0);
73 }
74 }
75
getCpuUse(long num_cpu)76 static unsigned getCpuUse(long num_cpu) {
77 static uint64_t prevIdleT = 0UL;
78
79 FILE* f = fopen("/proc/stat", "re");
80 if (f == NULL) {
81 return 0;
82 }
83 defer { fclose(f); };
84 uint64_t userT, niceT, systemT, idleT;
85 if (fscanf(f, "cpu %" PRIu64 "%" PRIu64 "%" PRIu64 "%" PRIu64, &userT, &niceT, &systemT,
86 &idleT) != 4) {
87 LOG_W("fscanf('/proc/stat') != 4");
88 return 0;
89 }
90
91 if (prevIdleT == 0UL) {
92 prevIdleT = idleT;
93 return 0;
94 }
95
96 uint64_t cpuUse = (num_cpu * sysconf(_SC_CLK_TCK)) - (idleT - prevIdleT);
97 prevIdleT = idleT;
98 return cpuUse * 100 / sysconf(_SC_CLK_TCK);
99 }
100
display_displayLocked(honggfuzz_t * hfuzz)101 static void display_displayLocked(honggfuzz_t* hfuzz) {
102 static bool firstDisplay = true;
103 if (firstDisplay) {
104 display_put(ESC_CLEAR_ALL);
105 firstDisplay = false;
106 }
107
108 unsigned long elapsed_second = (unsigned long)(time(NULL) - hfuzz->timing.timeStart);
109 unsigned int day, hour, min, second;
110 char time_elapsed_str[64];
111 if (elapsed_second < 24 * 3600) {
112 hour = elapsed_second / 3600;
113 min = (elapsed_second - 3600 * hour) / 60;
114 second = elapsed_second - hour * 3600 - min * 60;
115 snprintf(
116 time_elapsed_str, sizeof(time_elapsed_str), "%u hrs %u min %u sec", hour, min, second);
117 } else {
118 day = elapsed_second / 24 / 3600;
119 elapsed_second = elapsed_second - day * 24 * 3600;
120 hour = elapsed_second / 3600;
121 min = (elapsed_second - 3600 * hour) / 60;
122 second = elapsed_second - hour * 3600 - min * 60;
123 snprintf(time_elapsed_str, sizeof(time_elapsed_str), "%u days %u hrs %u min %u sec", day,
124 hour, min, second);
125 }
126
127 size_t curr_exec_cnt = ATOMIC_GET(hfuzz->cnts.mutationsCnt);
128 /*
129 * We increase the mutation counter unconditionally in threads, but if it's
130 * above hfuzz->mutationsMax we don't really execute the fuzzing loop.
131 * Therefore at the end of fuzzing, the mutation counter might be higher
132 * than hfuzz->mutationsMax
133 */
134 if (hfuzz->mutationsMax > 0 && curr_exec_cnt > hfuzz->mutationsMax) {
135 curr_exec_cnt = hfuzz->mutationsMax;
136 }
137 float exeProgress = 0.0f;
138 if (hfuzz->mutationsMax > 0) {
139 exeProgress = ((float)curr_exec_cnt * 100 / hfuzz->mutationsMax);
140 }
141
142 static size_t prev_exec_cnt = 0UL;
143 uintptr_t exec_per_sec = curr_exec_cnt - prev_exec_cnt;
144 prev_exec_cnt = curr_exec_cnt;
145
146 /* The lock should be acquired before any output is printed on the screen */
147 MX_SCOPED_LOCK(logMutexGet());
148
149 display_put(ESC_NAV(13, 1) ESC_CLEAR_ABOVE ESC_NAV(1, 1));
150 display_put("--------------------------- [ " ESC_BOLD "HONGGFUZZ" ESC_RESET " / " ESC_BOLD
151 "v%s" ESC_RESET " ] ------------------------------\n",
152 PROG_VERSION);
153 display_put(" Iterations : " ESC_BOLD "%" _HF_MONETARY_MOD "zu" ESC_RESET, curr_exec_cnt);
154 display_printKMG(curr_exec_cnt);
155 if (hfuzz->mutationsMax) {
156 display_put(" (out of: " ESC_BOLD "%" _HF_MONETARY_MOD "zu" ESC_RESET " [" ESC_BOLD
157 "%.2f" ESC_RESET "%%])",
158 hfuzz->mutationsMax, exeProgress);
159 }
160 switch (ATOMIC_GET(hfuzz->state)) {
161 case _HF_STATE_STATIC:
162 display_put("\n Phase : " ESC_BOLD "Main" ESC_RESET);
163 break;
164 case _HF_STATE_DYNAMIC_PRE:
165 display_put("\n Phase : " ESC_BOLD "Dynamic Dry Run (1/2)" ESC_RESET);
166 break;
167 case _HF_STATE_DYNAMIC_MAIN:
168 display_put("\n Phase : " ESC_BOLD "Dynamic Main (2/2)" ESC_RESET);
169 break;
170 default:
171 display_put("\n Phase : " ESC_BOLD "Unknown" ESC_RESET);
172 break;
173 }
174
175 display_put("\n Run Time : " ESC_BOLD "%s" ESC_RESET, time_elapsed_str);
176 if (hfuzz->timing.runEndTime > 0) {
177 time_t time_left = hfuzz->timing.runEndTime - time(NULL);
178 if (time_left < 0) {
179 time_left = 0;
180 }
181 if (time_left > 3600) {
182 char end_time_str[512];
183 util_getLocalTime(
184 "%F %H:%M:%S", end_time_str, sizeof(end_time_str), hfuzz->timing.runEndTime);
185 display_put(", end time: " ESC_BOLD "%s" ESC_RESET, end_time_str);
186 } else {
187 display_put(", left: " ESC_BOLD "%d" ESC_RESET " sec.", time_left);
188 }
189 }
190 display_put("\n Input Dir : [% " _HF_MONETARY_MOD "zu] '" ESC_BOLD "%s" ESC_RESET "'\n",
191 ATOMIC_GET(hfuzz->io.fileCnt), hfuzz->io.inputDir);
192
193 if (hfuzz->linux.pid > 0) {
194 display_put(" Remote cmd : [" ESC_BOLD "%d" ESC_RESET "] '" ESC_BOLD "%s" ESC_RESET "'\n",
195 hfuzz->linux.pid, hfuzz->linux.pidCmd);
196 } else {
197 display_put(" Fuzzed Cmd : '" ESC_BOLD "%s" ESC_RESET "'\n", hfuzz->cmdline_txt);
198 }
199
200 static long num_cpu = 0;
201 if (num_cpu == 0) {
202 num_cpu = sysconf(_SC_NPROCESSORS_ONLN);
203 }
204 unsigned cpuUse = getCpuUse(num_cpu);
205 display_put(" Threads : " ESC_BOLD "%zu" ESC_RESET ", CPUs: " ESC_BOLD "%ld" ESC_RESET
206 ", CPU%: " ESC_BOLD "%u" ESC_RESET "%% (" ESC_BOLD "%u" ESC_RESET "%%/CPU)\n",
207 hfuzz->threads.threadsMax, num_cpu, cpuUse, cpuUse / num_cpu);
208
209 display_put(" Speed : " ESC_BOLD "% " _HF_MONETARY_MOD "zu" ESC_RESET
210 "/sec"
211 " (avg: " ESC_BOLD "%" _HF_MONETARY_MOD "zu" ESC_RESET ")\n",
212 exec_per_sec, elapsed_second ? (curr_exec_cnt / elapsed_second) : 0);
213
214 uint64_t crashesCnt = ATOMIC_GET(hfuzz->cnts.crashesCnt);
215 /* colored the crash count as red when exist crash */
216 display_put(" Crashes : " ESC_BOLD
217 "%s"
218 "%zu" ESC_RESET " (unique: %s" ESC_BOLD "%zu" ESC_RESET ", blacklist: " ESC_BOLD
219 "%zu" ESC_RESET ", verified: " ESC_BOLD "%zu" ESC_RESET ")\n",
220 crashesCnt > 0 ? ESC_RED : "", hfuzz->cnts.crashesCnt, crashesCnt > 0 ? ESC_RED : "",
221 ATOMIC_GET(hfuzz->cnts.uniqueCrashesCnt), ATOMIC_GET(hfuzz->cnts.blCrashesCnt),
222 ATOMIC_GET(hfuzz->cnts.verifiedCrashesCnt));
223 display_put(" Timeouts : " ESC_BOLD "%" _HF_MONETARY_MOD "zu" ESC_RESET
224 " [%" _HF_MONETARY_MOD "zu sec.]\n",
225 ATOMIC_GET(hfuzz->cnts.timeoutedCnt), hfuzz->timing.tmOut);
226 /* Feedback data sources. Common headers. */
227 display_put(" Corpus Size : " ESC_BOLD "%" _HF_MONETARY_MOD "zu" ESC_RESET
228 ", max file size: " ESC_BOLD "%" _HF_MONETARY_MOD "zu" ESC_RESET "\n",
229 hfuzz->dynfileqCnt, hfuzz->maxFileSz);
230 display_put(" Coverage :");
231
232 /* HW perf specific counters */
233 if (hfuzz->dynFileMethod & _HF_DYNFILE_INSTR_COUNT) {
234 display_put(" hwi: " ESC_BOLD "%" _HF_MONETARY_MOD PRIu64 ESC_RESET,
235 ATOMIC_GET(hfuzz->linux.hwCnts.cpuInstrCnt));
236 }
237 if (hfuzz->dynFileMethod & _HF_DYNFILE_BRANCH_COUNT) {
238 display_put(" hwb: " ESC_BOLD "%" _HF_MONETARY_MOD PRIu64 ESC_RESET,
239 ATOMIC_GET(hfuzz->linux.hwCnts.cpuBranchCnt));
240 }
241 if (hfuzz->dynFileMethod & _HF_DYNFILE_BTS_EDGE) {
242 display_put(" bts: " ESC_BOLD "%" _HF_MONETARY_MOD PRIu64 ESC_RESET,
243 ATOMIC_GET(hfuzz->linux.hwCnts.bbCnt));
244 }
245 if (hfuzz->dynFileMethod & _HF_DYNFILE_IPT_BLOCK) {
246 display_put(" ipt: " ESC_BOLD "%" _HF_MONETARY_MOD PRIu64 ESC_RESET,
247 ATOMIC_GET(hfuzz->linux.hwCnts.bbCnt));
248 }
249 if (hfuzz->dynFileMethod & _HF_DYNFILE_SOFT) {
250 uint64_t softCntPc = ATOMIC_GET(hfuzz->linux.hwCnts.softCntPc);
251 uint64_t softCntEdge = ATOMIC_GET(hfuzz->linux.hwCnts.softCntEdge);
252 uint64_t softCntCmp = ATOMIC_GET(hfuzz->linux.hwCnts.softCntCmp);
253 display_put(" edge: " ESC_BOLD "%" _HF_MONETARY_MOD PRIu64 ESC_RESET, softCntEdge);
254 display_put(" pc: " ESC_BOLD "%" _HF_MONETARY_MOD PRIu64 ESC_RESET, softCntPc);
255 display_put(" cmp: " ESC_BOLD "%" _HF_MONETARY_MOD PRIu64 ESC_RESET, softCntCmp);
256 }
257
258 /* Sanitizer coverage specific counters */
259 if (hfuzz->useSanCov) {
260 uint64_t hitBB = ATOMIC_GET(hfuzz->sanCovCnts.hitBBCnt);
261 uint64_t totalBB = ATOMIC_GET(hfuzz->sanCovCnts.totalBBCnt);
262 float covPer = totalBB ? (((float)hitBB * 100) / totalBB) : 0.0;
263 display_put(" #sancov_bb: " ESC_BOLD "%" _HF_MONETARY_MOD PRIu64 ESC_RESET
264 " (cov: " ESC_BOLD "%.2f" ESC_RESET "%%)",
265 hitBB, covPer);
266 display_put(" #dso: " ESC_BOLD "%" _HF_MONETARY_MOD PRIu64 ESC_RESET,
267 ATOMIC_GET(hfuzz->sanCovCnts.iDsoCnt));
268 display_put(" #newbb: " ESC_BOLD "%" _HF_MONETARY_MOD PRIu64 ESC_RESET,
269 ATOMIC_GET(hfuzz->sanCovCnts.newBBCnt));
270 display_put(" #crashes: " ESC_BOLD "%" _HF_MONETARY_MOD PRIu64 ESC_RESET,
271 ATOMIC_GET(hfuzz->sanCovCnts.crashesCnt));
272 }
273 display_put("\n---------------------------------- [ " ESC_BOLD "LOGS" ESC_RESET
274 " ] -----------------------------------\n");
275 display_put(ESC_SCROLL(14, 999) ESC_NAV(999, 1));
276 }
277
display_display(honggfuzz_t * hfuzz)278 extern void display_display(honggfuzz_t* hfuzz) {
279 if (logIsTTY() == false) {
280 return;
281 }
282 display_displayLocked(hfuzz);
283 }
284
display_fini(void)285 extern void display_fini(void) { display_put(ESC_SCROLL_ENABLE ESC_NAV(999, 1)); }
286
display_init(void)287 extern void display_init(void) {
288 atexit(display_fini);
289 display_put(ESC_NAV(999, 1));
290 }
291