rename path
diff --git a/docs/Changelog.md b/docs/Changelog.md
index 34b9aff..99768d1 100644
--- a/docs/Changelog.md
+++ b/docs/Changelog.md
@@ -1566,7 +1566,7 @@
- Fixed a bug with installed copies of AFL trying to use QEMU mode. Spotted
by G.M. Lime.
- - Added last path / crash / hang times to fuzzer_stats, suggested by
+ - Added last find / crash / hang times to fuzzer_stats, suggested by
Richard Hipp.
- Fixed a typo, thanks to Jakub Wilk.
diff --git a/docs/afl-fuzz_approach.md b/docs/afl-fuzz_approach.md
index 2da61cc..058fe35 100644
--- a/docs/afl-fuzz_approach.md
+++ b/docs/afl-fuzz_approach.md
@@ -85,7 +85,7 @@
```
+----------------------------------------------------+
| run time : 0 days, 8 hrs, 32 min, 43 sec |
- | last new path : 0 days, 0 hrs, 6 min, 40 sec |
+ | last new find : 0 days, 0 hrs, 6 min, 40 sec |
| last uniq crash : none seen yet |
| last uniq hang : 0 days, 1 hrs, 24 min, 32 sec |
+----------------------------------------------------+
@@ -485,20 +485,20 @@
- `cycles_wo_finds` - number of cycles without any new paths found
- `execs_done` - number of execve() calls attempted
- `execs_per_sec` - overall number of execs per second
-- `paths_total` - total number of entries in the queue
-- `paths_favored` - number of queue entries that are favored
-- `paths_found` - number of entries discovered through local fuzzing
-- `paths_imported` - number of entries imported from other instances
+- `corpus_count` - total number of entries in the queue
+- `corpus_favored` - number of queue entries that are favored
+- `corpus_found` - number of entries discovered through local fuzzing
+- `corpus_imported` - number of entries imported from other instances
- `max_depth` - number of levels in the generated data set
-- `cur_path` - currently processed entry number
+- `cur_item` - currently processed entry number
- `pending_favs` - number of favored entries still waiting to be fuzzed
- `pending_total` - number of all entries waiting to be fuzzed
-- `variable_paths` - number of test cases showing variable behavior
+- `corpus_variable` - number of test cases showing variable behavior
- `stability` - percentage of bitmap bytes that behave consistently
- `bitmap_cvg` - percentage of edge coverage found in the map so far
-- `unique_crashes` - number of unique crashes recorded
-- `unique_hangs` - number of unique hangs encountered
-- `last_path` - seconds since the last path was found
+- `saved_crashes` - number of unique crashes recorded
+- `saved_hangs` - number of unique hangs encountered
+- `last_find` - seconds since the last find was found
- `last_crash` - seconds since the last crash was found
- `last_hang` - seconds since the last hang was found
- `execs_since_crash` - execs since the last crash was found
@@ -531,9 +531,9 @@
The selected metrics are a subset of all the metrics found in the status and in
the plot file. The list is the following: `cycle_done`, `cycles_wo_finds`,
-`execs_done`,`execs_per_sec`, `paths_total`, `paths_favored`, `paths_found`,
-`paths_imported`, `max_depth`, `cur_path`, `pending_favs`, `pending_total`,
-`variable_paths`, `unique_crashes`, `unique_hangs`, `total_crashes`,
+`execs_done`,`execs_per_sec`, `corpus_count`, `corpus_favored`, `corpus_found`,
+`corpus_imported`, `max_depth`, `cur_item`, `pending_favs`, `pending_total`,
+`corpus_variable`, `saved_crashes`, `saved_hangs`, `total_crashes`,
`slowest_exec_ms`, `edges_found`, `var_byte_count`, `havoc_expansion`. Their
definitions can be found in the addendum above.
diff --git a/docs/fuzzing_in_depth.md b/docs/fuzzing_in_depth.md
index aaceb60..160258e 100644
--- a/docs/fuzzing_in_depth.md
+++ b/docs/fuzzing_in_depth.md
@@ -11,7 +11,7 @@
2. Prepare the fuzzing by selecting and optimizing the input corpus for the
target.
3. Perform the fuzzing of the target by randomly mutating input and assessing if
- a generated input was processed in a new path in the target binary.
+ that input was processed on a new path in the target binary.
## 0. Common sense risks
@@ -354,7 +354,7 @@
### b) Making the input corpus unique
Use the AFL++ tool `afl-cmin` to remove inputs from the corpus that do not
-produce a new path in the target.
+produce a new path/coverage in the target.
Put all files from step a) into one directory, e.g., INPUTS.
@@ -633,7 +633,7 @@
### g) Checking the coverage of the fuzzing
-The `paths found` value is a bad indicator for checking how good the coverage
+The `corpus count` value is a bad indicator for checking how good the coverage
is.
A better indicator - if you use default llvm instrumentation with at least
@@ -822,7 +822,7 @@
will impact the speed by ~15% though.
* `AFL_FAST_CAL` - Enable fast calibration, this halves the time the
saturated corpus needs to be loaded.
- * `AFL_CMPLOG_ONLY_NEW` - only perform cmplog on new found paths, not the
+ * `AFL_CMPLOG_ONLY_NEW` - only perform cmplog on new finds, not the
initial corpus as this very likely has been done for them already.
* Keep the generated corpus, use afl-cmin and reuse it every time!
diff --git a/docs/resources/grafana-afl++.json b/docs/resources/grafana-afl++.json
index 96e824d..7afe89b 100644
--- a/docs/resources/grafana-afl++.json
+++ b/docs/resources/grafana-afl++.json
@@ -926,7 +926,7 @@
"steppedLine": false,
"targets": [
{
- "expr": "fuzzing{type=\"cur_path\"}",
+ "expr": "fuzzing{type=\"cur_item\"}",
"interval": "",
"legendFormat": "",
"refId": "A"
@@ -936,7 +936,7 @@
"timeFrom": null,
"timeRegions": [],
"timeShift": null,
- "title": "Curent path",
+ "title": "Current fuzz item",
"tooltip": {
"shared": true,
"sort": 0,
@@ -1116,7 +1116,7 @@
"steppedLine": false,
"targets": [
{
- "expr": "fuzzing{type=\"paths_favored\"}",
+ "expr": "fuzzing{type=\"corpus_favored\"}",
"interval": "",
"legendFormat": "",
"refId": "A"
@@ -1135,7 +1135,7 @@
}
],
"timeShift": null,
- "title": "Path Favored",
+ "title": "Corpus Favored",
"tooltip": {
"shared": true,
"sort": 0,
@@ -1428,7 +1428,7 @@
"steppedLine": false,
"targets": [
{
- "expr": "fuzzing{type=\"paths_imported\"}",
+ "expr": "fuzzing{type=\"corpus_imported\"}",
"interval": "",
"legendFormat": "",
"refId": "A"
@@ -1447,7 +1447,7 @@
}
],
"timeShift": null,
- "title": "Path Imported",
+ "title": "Corpus Imported",
"tooltip": {
"shared": true,
"sort": 0,
diff --git a/docs/rpc_statsd.md b/docs/rpc_statsd.md
index 003b9c7..d8f0fb6 100644
--- a/docs/rpc_statsd.md
+++ b/docs/rpc_statsd.md
@@ -26,7 +26,7 @@
applications and retransmit them to a backend of your choice.
From AFL++, StatsD can receive the following metrics:
-- cur_path
+- cur_item
- cycle_done
- cycles_wo_finds
- edges_found
@@ -34,18 +34,18 @@
- execs_per_sec
- havoc_expansion
- max_depth
-- paths_favored
-- paths_found
-- paths_imported
-- paths_total
+- corpus_favored
+- corpus_found
+- corpus_imported
+- corpus_count
- pending_favs
- pending_total
- slowest_exec_ms
- total_crashes
-- unique_crashes
-- unique_hangs
+- saved_crashes
+- saved_hangs
- var_byte_count
-- variable_paths
+- corpus_variable
Depending on your StatsD server, you will be able to monitor, trigger alerts, or
perform actions based on these metrics (for example: alert on slow exec/s for a
diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h
index f3d6d99..baab8ec 100644
--- a/include/afl-fuzz.h
+++ b/include/afl-fuzz.h
@@ -537,7 +537,7 @@
volatile u8 stop_soon, /* Ctrl-C pressed? */
clear_screen; /* Window resized? */
- u32 queued_paths, /* Total number of queued testcases */
+ u32 queued_items, /* Total number of queued testcases */
queued_variable, /* Testcases with variable behavior */
queued_at_start, /* Total number of initial inputs */
queued_discovered, /* Items discovered during this run */
@@ -546,7 +546,7 @@
queued_with_cov, /* Paths with new coverage bytes */
pending_not_fuzzed, /* Queued but not done yet */
pending_favored, /* Pending favored paths */
- cur_skipped_paths, /* Abandoned inputs in cur cycle */
+ cur_skipped_items, /* Abandoned inputs in cur cycle */
cur_depth, /* Current path depth */
max_depth, /* Max path depth */
useless_at_start, /* Number of useless starting paths */
@@ -556,10 +556,10 @@
max_det_extras; /* deterministic extra count (dicts)*/
u64 total_crashes, /* Total number of crashes */
- unique_crashes, /* Crashes with unique signatures */
+ saved_crashes, /* Crashes with unique signatures */
total_tmouts, /* Total number of timeouts */
- unique_tmouts, /* Timeouts with unique signatures */
- unique_hangs, /* Hangs with unique signatures */
+ saved_tmouts, /* Timeouts with unique signatures */
+ saved_hangs, /* Hangs with unique signatures */
last_crash_execs, /* Exec counter at last crash */
queue_cycle, /* Queue round counter */
cycles_wo_finds, /* Cycles without any new paths */
@@ -571,7 +571,7 @@
start_time, /* Unix start time (ms) */
last_sync_time, /* Time of last sync */
last_sync_cycle, /* Cycle no. of the last sync */
- last_path_time, /* Time for most recent path (ms) */
+ last_find_time, /* Time for most recent path (ms) */
last_crash_time, /* Time for most recent crash (ms) */
last_hang_time, /* Time for most recent hang (ms) */
exit_on_time; /* Delay to exit if no new paths */
diff --git a/src/afl-fuzz-bitmap.c b/src/afl-fuzz-bitmap.c
index fa413dc..2d88896 100644
--- a/src/afl-fuzz-bitmap.c
+++ b/src/afl-fuzz-bitmap.c
@@ -491,13 +491,13 @@
#ifndef SIMPLE_FILES
queue_fn = alloc_printf(
- "%s/queue/id:%06u,%s", afl->out_dir, afl->queued_paths,
+ "%s/queue/id:%06u,%s", afl->out_dir, afl->queued_items,
describe_op(afl, new_bits, NAME_MAX - strlen("id:000000,")));
#else
queue_fn =
- alloc_printf("%s/queue/id_%06u", afl->out_dir, afl->queued_paths);
+ alloc_printf("%s/queue/id_%06u", afl->out_dir, afl->queued_items);
#endif /* ^!SIMPLE_FILES */
fd = open(queue_fn, O_WRONLY | O_CREAT | O_EXCL, DEFAULT_PERMISSION);
@@ -586,7 +586,7 @@
++afl->total_tmouts;
- if (afl->unique_hangs >= KEEP_UNIQUE_HANG) { return keeping; }
+ if (afl->saved_hangs >= KEEP_UNIQUE_HANG) { return keeping; }
if (likely(!afl->non_instrumented_mode)) {
@@ -603,7 +603,7 @@
}
- ++afl->unique_tmouts;
+ ++afl->saved_tmouts;
#ifdef INTROSPECTION
if (afl->custom_mutators_count && afl->current_custom_fuzz) {
@@ -661,17 +661,17 @@
#ifndef SIMPLE_FILES
snprintf(fn, PATH_MAX, "%s/hangs/id:%06llu,%s", afl->out_dir,
- afl->unique_hangs,
+ afl->saved_hangs,
describe_op(afl, 0, NAME_MAX - strlen("id:000000,")));
#else
snprintf(fn, PATH_MAX, "%s/hangs/id_%06llu", afl->out_dir,
- afl->unique_hangs);
+ afl->saved_hangs);
#endif /* ^!SIMPLE_FILES */
- ++afl->unique_hangs;
+ ++afl->saved_hangs;
afl->last_hang_time = get_cur_time();
@@ -687,7 +687,7 @@
++afl->total_crashes;
- if (afl->unique_crashes >= KEEP_UNIQUE_CRASH) { return keeping; }
+ if (afl->saved_crashes >= KEEP_UNIQUE_CRASH) { return keeping; }
if (likely(!afl->non_instrumented_mode)) {
@@ -699,22 +699,22 @@
}
- if (unlikely(!afl->unique_crashes)) { write_crash_readme(afl); }
+ if (unlikely(!afl->saved_crashes)) { write_crash_readme(afl); }
#ifndef SIMPLE_FILES
snprintf(fn, PATH_MAX, "%s/crashes/id:%06llu,sig:%02u,%s", afl->out_dir,
- afl->unique_crashes, afl->fsrv.last_kill_signal,
+ afl->saved_crashes, afl->fsrv.last_kill_signal,
describe_op(afl, 0, NAME_MAX - strlen("id:000000,sig:00,")));
#else
snprintf(fn, PATH_MAX, "%s/crashes/id_%06llu_%02u", afl->out_dir,
- afl->unique_crashes, afl->last_kill_signal);
+ afl->saved_crashes, afl->last_kill_signal);
#endif /* ^!SIMPLE_FILES */
- ++afl->unique_crashes;
+ ++afl->saved_crashes;
#ifdef INTROSPECTION
if (afl->custom_mutators_count && afl->current_custom_fuzz) {
diff --git a/src/afl-fuzz-cmplog.c b/src/afl-fuzz-cmplog.c
index 6fc926f..28a3ae3 100644
--- a/src/afl-fuzz-cmplog.c
+++ b/src/afl-fuzz-cmplog.c
@@ -59,7 +59,7 @@
if (afl->subseq_tmouts++ > TMOUT_LIMIT) {
- ++afl->cur_skipped_paths;
+ ++afl->cur_skipped_items;
return 1;
}
@@ -76,7 +76,7 @@
if (afl->skip_requested) {
afl->skip_requested = 0;
- ++afl->cur_skipped_paths;
+ ++afl->cur_skipped_items;
return 1;
}
diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c
index 4c030c0..3a0e080 100644
--- a/src/afl-fuzz-init.c
+++ b/src/afl-fuzz-init.c
@@ -638,8 +638,8 @@
if (first) {
- afl->last_path_time = 0;
- afl->queued_at_start = afl->queued_paths;
+ afl->last_find_time = 0;
+ afl->queued_at_start = afl->queued_items;
}
@@ -812,7 +812,7 @@
free(nl); /* not tracked */
- if (!afl->queued_paths && directory == NULL) {
+ if (!afl->queued_items && directory == NULL) {
SAYF("\n" cLRD "[-] " cRST
"Looks like there are no valid test cases in the input directory! The "
@@ -841,8 +841,8 @@
}
- afl->last_path_time = 0;
- afl->queued_at_start = afl->queued_paths;
+ afl->last_find_time = 0;
+ afl->queued_at_start = afl->queued_items;
}
@@ -855,7 +855,7 @@
u32 cal_failures = 0, idx;
u8 * use_mem;
- for (idx = 0; idx < afl->queued_paths; idx++) {
+ for (idx = 0; idx < afl->queued_items; idx++) {
q = afl->queue_buf[idx];
if (unlikely(!q || q->disabled)) { continue; }
@@ -1059,14 +1059,14 @@
q->perf_score = 0;
u32 i = 0;
- while (unlikely(i < afl->queued_paths && afl->queue_buf[i] &&
+ while (unlikely(i < afl->queued_items && afl->queue_buf[i] &&
afl->queue_buf[i]->disabled)) {
++i;
}
- if (i < afl->queued_paths && afl->queue_buf[i]) {
+ if (i < afl->queued_items && afl->queue_buf[i]) {
afl->queue = afl->queue_buf[i];
@@ -1077,7 +1077,7 @@
}
afl->max_depth = 0;
- for (i = 0; i < afl->queued_paths && likely(afl->queue_buf[i]); i++) {
+ for (i = 0; i < afl->queued_items && likely(afl->queue_buf[i]); i++) {
if (!afl->queue_buf[i]->disabled &&
afl->queue_buf[i]->depth > afl->max_depth)
@@ -1118,16 +1118,16 @@
if (cal_failures) {
- if (cal_failures == afl->queued_paths) {
+ if (cal_failures == afl->queued_items) {
FATAL("All test cases time out or crash, giving up!");
}
WARNF("Skipped %u test cases (%0.02f%%) due to timeouts or crashes.",
- cal_failures, ((double)cal_failures) * 100 / afl->queued_paths);
+ cal_failures, ((double)cal_failures) * 100 / afl->queued_items);
- if (cal_failures * 5 > afl->queued_paths) {
+ if (cal_failures * 5 > afl->queued_items) {
WARNF(cLRD "High percentage of rejected test cases, check settings!");
@@ -1139,14 +1139,14 @@
u32 duplicates = 0, i;
- for (idx = 0; idx < afl->queued_paths; idx++) {
+ for (idx = 0; idx < afl->queued_items; idx++) {
q = afl->queue_buf[idx];
if (!q || q->disabled || q->cal_failed || !q->exec_cksum) { continue; }
u32 done = 0;
for (i = idx + 1;
- i < afl->queued_paths && !done && likely(afl->queue_buf[i]); i++) {
+ i < afl->queued_items && !done && likely(afl->queue_buf[i]); i++) {
struct queue_entry *p = afl->queue_buf[i];
if (p->disabled || p->cal_failed || !p->exec_cksum) { continue; }
@@ -1196,7 +1196,7 @@
afl->max_depth = 0;
- for (idx = 0; idx < afl->queued_paths; idx++) {
+ for (idx = 0; idx < afl->queued_items; idx++) {
if (afl->queue_buf[idx] && !afl->queue_buf[idx]->disabled &&
afl->queue_buf[idx]->depth > afl->max_depth)
@@ -1254,7 +1254,7 @@
ACTF("Creating hard links for all input files...");
- for (i = 0; i < afl->queued_paths && likely(afl->queue_buf[i]); i++) {
+ for (i = 0; i < afl->queued_items && likely(afl->queue_buf[i]); i++) {
q = afl->queue_buf[i];
@@ -1293,7 +1293,7 @@
if (src_str && sscanf(src_str + 1, "%06u", &src_id) == 1) {
- if (src_id < afl->queued_paths) {
+ if (src_id < afl->queued_items) {
struct queue_entry *s = afl->queue_buf[src_id];
@@ -1391,11 +1391,11 @@
(void)i; /* Ignore errors */
close(fd);
- off = strstr(tmp, "cur_path : ");
+ off = strstr(tmp, "cur_item : ");
if (!off) { return 0; }
ret = atoi(off + 20);
- if (ret >= afl->queued_paths) { ret = 0; }
+ if (ret >= afl->queued_items) { ret = 0; }
return ret;
}
@@ -2040,9 +2040,9 @@
fprintf(
afl->fsrv.plot_file,
- "# relative_time, cycles_done, cur_path, paths_total, "
- "pending_total, pending_favs, map_size, unique_crashes, "
- "unique_hangs, max_depth, execs_per_sec, total_execs, edges_found\n");
+ "# relative_time, cycles_done, cur_item, corpus_count, "
+ "pending_total, pending_favs, map_size, saved_crashes, "
+ "saved_hangs, max_depth, execs_per_sec, total_execs, edges_found\n");
} else {
diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c
index f4d3b77..96c32a8 100644
--- a/src/afl-fuzz-one.c
+++ b/src/afl-fuzz-one.c
@@ -423,7 +423,7 @@
} else if (!afl->non_instrumented_mode && !afl->queue_cur->favored &&
- afl->queued_paths > 10) {
+ afl->queued_items > 10) {
/* Otherwise, still possibly skip non-favored cases, albeit less often.
The odds of skipping stuff are higher for already-fuzzed inputs and
@@ -449,7 +449,7 @@
ACTF(
"Fuzzing test case #%u (%u total, %llu uniq crashes found, "
"perf_score=%0.0f, exec_us=%llu, hits=%u, map=%u, ascii=%u)...",
- afl->current_entry, afl->queued_paths, afl->unique_crashes,
+ afl->current_entry, afl->queued_items, afl->saved_crashes,
afl->queue_cur->perf_score, afl->queue_cur->exec_us,
likely(afl->n_fuzz) ? afl->n_fuzz[afl->queue_cur->n_fuzz_entry] : 0,
afl->queue_cur->bitmap_size, afl->queue_cur->is_ascii);
@@ -492,7 +492,7 @@
if (unlikely(afl->stop_soon) || res != afl->crash_mode) {
- ++afl->cur_skipped_paths;
+ ++afl->cur_skipped_items;
goto abandon_entry;
}
@@ -519,7 +519,7 @@
if (unlikely(afl->stop_soon)) {
- ++afl->cur_skipped_paths;
+ ++afl->cur_skipped_items;
goto abandon_entry;
}
@@ -566,8 +566,8 @@
if (afl->cmplog_lvl == 3 ||
(afl->cmplog_lvl == 2 && afl->queue_cur->tc_ref) ||
afl->queue_cur->favored ||
- !(afl->fsrv.total_execs % afl->queued_paths) ||
- get_cur_time() - afl->last_path_time > 300000) { // 300 seconds
+ !(afl->fsrv.total_execs % afl->queued_items) ||
+ get_cur_time() - afl->last_find_time > 300000) { // 300 seconds
if (input_to_state_stage(afl, in_buf, out_buf, len)) {
@@ -630,7 +630,7 @@
afl->stage_val_type = STAGE_VAL_NONE;
- orig_hit_cnt = afl->queued_paths + afl->unique_crashes;
+ orig_hit_cnt = afl->queued_items + afl->saved_crashes;
prev_cksum = afl->queue_cur->exec_cksum;
@@ -734,7 +734,7 @@
}
- new_hit_cnt = afl->queued_paths + afl->unique_crashes;
+ new_hit_cnt = afl->queued_items + afl->saved_crashes;
afl->stage_finds[STAGE_FLIP1] += new_hit_cnt - orig_hit_cnt;
afl->stage_cycles[STAGE_FLIP1] += afl->stage_max;
@@ -766,7 +766,7 @@
}
- new_hit_cnt = afl->queued_paths + afl->unique_crashes;
+ new_hit_cnt = afl->queued_items + afl->saved_crashes;
afl->stage_finds[STAGE_FLIP2] += new_hit_cnt - orig_hit_cnt;
afl->stage_cycles[STAGE_FLIP2] += afl->stage_max;
@@ -802,7 +802,7 @@
}
- new_hit_cnt = afl->queued_paths + afl->unique_crashes;
+ new_hit_cnt = afl->queued_items + afl->saved_crashes;
afl->stage_finds[STAGE_FLIP4] += new_hit_cnt - orig_hit_cnt;
afl->stage_cycles[STAGE_FLIP4] += afl->stage_max;
@@ -909,7 +909,7 @@
afl->blocks_eff_total += EFF_ALEN(len);
- new_hit_cnt = afl->queued_paths + afl->unique_crashes;
+ new_hit_cnt = afl->queued_items + afl->saved_crashes;
afl->stage_finds[STAGE_FLIP8] += new_hit_cnt - orig_hit_cnt;
afl->stage_cycles[STAGE_FLIP8] += afl->stage_max;
@@ -952,7 +952,7 @@
}
- new_hit_cnt = afl->queued_paths + afl->unique_crashes;
+ new_hit_cnt = afl->queued_items + afl->saved_crashes;
afl->stage_finds[STAGE_FLIP16] += new_hit_cnt - orig_hit_cnt;
afl->stage_cycles[STAGE_FLIP16] += afl->stage_max;
@@ -995,7 +995,7 @@
}
- new_hit_cnt = afl->queued_paths + afl->unique_crashes;
+ new_hit_cnt = afl->queued_items + afl->saved_crashes;
afl->stage_finds[STAGE_FLIP32] += new_hit_cnt - orig_hit_cnt;
afl->stage_cycles[STAGE_FLIP32] += afl->stage_max;
@@ -1087,7 +1087,7 @@
}
- new_hit_cnt = afl->queued_paths + afl->unique_crashes;
+ new_hit_cnt = afl->queued_items + afl->saved_crashes;
afl->stage_finds[STAGE_ARITH8] += new_hit_cnt - orig_hit_cnt;
afl->stage_cycles[STAGE_ARITH8] += afl->stage_max;
@@ -1217,7 +1217,7 @@
}
- new_hit_cnt = afl->queued_paths + afl->unique_crashes;
+ new_hit_cnt = afl->queued_items + afl->saved_crashes;
afl->stage_finds[STAGE_ARITH16] += new_hit_cnt - orig_hit_cnt;
afl->stage_cycles[STAGE_ARITH16] += afl->stage_max;
@@ -1346,7 +1346,7 @@
}
- new_hit_cnt = afl->queued_paths + afl->unique_crashes;
+ new_hit_cnt = afl->queued_items + afl->saved_crashes;
afl->stage_finds[STAGE_ARITH32] += new_hit_cnt - orig_hit_cnt;
afl->stage_cycles[STAGE_ARITH32] += afl->stage_max;
@@ -1412,7 +1412,7 @@
}
- new_hit_cnt = afl->queued_paths + afl->unique_crashes;
+ new_hit_cnt = afl->queued_items + afl->saved_crashes;
afl->stage_finds[STAGE_INTEREST8] += new_hit_cnt - orig_hit_cnt;
afl->stage_cycles[STAGE_INTEREST8] += afl->stage_max;
@@ -1500,7 +1500,7 @@
}
- new_hit_cnt = afl->queued_paths + afl->unique_crashes;
+ new_hit_cnt = afl->queued_items + afl->saved_crashes;
afl->stage_finds[STAGE_INTEREST16] += new_hit_cnt - orig_hit_cnt;
afl->stage_cycles[STAGE_INTEREST16] += afl->stage_max;
@@ -1589,7 +1589,7 @@
}
- new_hit_cnt = afl->queued_paths + afl->unique_crashes;
+ new_hit_cnt = afl->queued_items + afl->saved_crashes;
afl->stage_finds[STAGE_INTEREST32] += new_hit_cnt - orig_hit_cnt;
afl->stage_cycles[STAGE_INTEREST32] += afl->stage_max;
@@ -1662,7 +1662,7 @@
}
- new_hit_cnt = afl->queued_paths + afl->unique_crashes;
+ new_hit_cnt = afl->queued_items + afl->saved_crashes;
afl->stage_finds[STAGE_EXTRAS_UO] += new_hit_cnt - orig_hit_cnt;
afl->stage_cycles[STAGE_EXTRAS_UO] += afl->stage_max;
@@ -1718,7 +1718,7 @@
}
- new_hit_cnt = afl->queued_paths + afl->unique_crashes;
+ new_hit_cnt = afl->queued_items + afl->saved_crashes;
afl->stage_finds[STAGE_EXTRAS_UI] += new_hit_cnt - orig_hit_cnt;
afl->stage_cycles[STAGE_EXTRAS_UI] += afl->stage_max;
@@ -1776,7 +1776,7 @@
}
- new_hit_cnt = afl->queued_paths + afl->unique_crashes;
+ new_hit_cnt = afl->queued_items + afl->saved_crashes;
afl->stage_finds[STAGE_EXTRAS_AO] += new_hit_cnt - orig_hit_cnt;
afl->stage_cycles[STAGE_EXTRAS_AO] += afl->stage_max;
@@ -1806,7 +1806,7 @@
const u32 max_seed_size = MAX_FILE, saved_max = afl->stage_max;
- orig_hit_cnt = afl->queued_paths + afl->unique_crashes;
+ orig_hit_cnt = afl->queued_items + afl->saved_crashes;
#ifdef INTROSPECTION
afl->mutation[0] = 0;
@@ -1850,7 +1850,7 @@
do {
- tid = rand_below(afl, afl->queued_paths);
+ tid = rand_below(afl, afl->queued_items);
} while (unlikely(tid == afl->current_entry ||
@@ -1890,7 +1890,7 @@
/* If we're finding new stuff, let's run for a bit longer, limits
permitting. */
- if (afl->queued_paths != havoc_queued) {
+ if (afl->queued_items != havoc_queued) {
if (perf_score <= afl->havoc_max_mult * 100) {
@@ -1899,7 +1899,7 @@
}
- havoc_queued = afl->queued_paths;
+ havoc_queued = afl->queued_items;
}
@@ -1926,7 +1926,7 @@
if (!has_custom_fuzz) goto havoc_stage;
- new_hit_cnt = afl->queued_paths + afl->unique_crashes;
+ new_hit_cnt = afl->queued_items + afl->saved_crashes;
afl->stage_finds[STAGE_CUSTOM_MUTATOR] += new_hit_cnt - orig_hit_cnt;
afl->stage_cycles[STAGE_CUSTOM_MUTATOR] += afl->stage_max;
@@ -1972,9 +1972,9 @@
temp_len = len;
- orig_hit_cnt = afl->queued_paths + afl->unique_crashes;
+ orig_hit_cnt = afl->queued_items + afl->saved_crashes;
- havoc_queued = afl->queued_paths;
+ havoc_queued = afl->queued_items;
if (afl->custom_mutators_count) {
@@ -2023,7 +2023,7 @@
}
- if (unlikely(get_cur_time() - afl->last_path_time > 5000 /* 5 seconds */ &&
+ if (unlikely(get_cur_time() - afl->last_find_time > 5000 /* 5 seconds */ &&
afl->ready_for_splicing_count > 1)) {
/* add expensive havoc cases here if there is no findings in the last 5s */
@@ -2669,7 +2669,7 @@
u32 tid;
do {
- tid = rand_below(afl, afl->queued_paths);
+ tid = rand_below(afl, afl->queued_items);
} while (tid == afl->current_entry || afl->queue_buf[tid]->len < 4);
@@ -2757,7 +2757,7 @@
/* If we're finding new stuff, let's run for a bit longer, limits
permitting. */
- if (afl->queued_paths != havoc_queued) {
+ if (afl->queued_items != havoc_queued) {
if (perf_score <= afl->havoc_max_mult * 100) {
@@ -2766,13 +2766,13 @@
}
- havoc_queued = afl->queued_paths;
+ havoc_queued = afl->queued_items;
}
}
- new_hit_cnt = afl->queued_paths + afl->unique_crashes;
+ new_hit_cnt = afl->queued_items + afl->saved_crashes;
if (!splice_cycle) {
@@ -2821,7 +2821,7 @@
do {
- tid = rand_below(afl, afl->queued_paths);
+ tid = rand_below(afl, afl->queued_items);
} while (tid == afl->current_entry || afl->queue_buf[tid]->len < 4);
@@ -2945,7 +2945,7 @@
} else if (!afl->non_instrumented_mode && !afl->queue_cur->favored &&
- afl->queued_paths > 10) {
+ afl->queued_items > 10) {
/* Otherwise, still possibly skip non-favored cases, albeit less often.
The odds of skipping stuff are higher for already-fuzzed inputs and
@@ -2969,7 +2969,7 @@
if (afl->not_on_tty) {
ACTF("Fuzzing test case #%u (%u total, %llu uniq crashes found)...",
- afl->current_entry, afl->queued_paths, afl->unique_crashes);
+ afl->current_entry, afl->queued_items, afl->saved_crashes);
fflush(stdout);
}
@@ -3010,7 +3010,7 @@
if (afl->stop_soon || res != afl->crash_mode) {
- ++afl->cur_skipped_paths;
+ ++afl->cur_skipped_items;
goto abandon_entry;
}
@@ -3037,7 +3037,7 @@
if (unlikely(afl->stop_soon)) {
- ++afl->cur_skipped_paths;
+ ++afl->cur_skipped_items;
goto abandon_entry;
}
@@ -3082,8 +3082,8 @@
if (afl->cmplog_lvl == 3 ||
(afl->cmplog_lvl == 2 && afl->queue_cur->tc_ref) ||
- !(afl->fsrv.total_execs % afl->queued_paths) ||
- get_cur_time() - afl->last_path_time > 300000) { // 300 seconds
+ !(afl->fsrv.total_execs % afl->queued_items) ||
+ get_cur_time() - afl->last_find_time > 300000) { // 300 seconds
if (input_to_state_stage(afl, in_buf, out_buf, len)) {
@@ -3101,10 +3101,10 @@
cur_ms_lv = get_cur_time();
if (!(afl->key_puppet == 0 &&
- ((cur_ms_lv - afl->last_path_time < (u32)afl->limit_time_puppet) ||
+ ((cur_ms_lv - afl->last_find_time < (u32)afl->limit_time_puppet) ||
(afl->last_crash_time != 0 &&
cur_ms_lv - afl->last_crash_time < (u32)afl->limit_time_puppet) ||
- afl->last_path_time == 0))) {
+ afl->last_find_time == 0))) {
afl->key_puppet = 1;
goto pacemaker_fuzzing;
@@ -3156,7 +3156,7 @@
afl->stage_val_type = STAGE_VAL_NONE;
- orig_hit_cnt = afl->queued_paths + afl->unique_crashes;
+ orig_hit_cnt = afl->queued_items + afl->saved_crashes;
prev_cksum = afl->queue_cur->exec_cksum;
@@ -3259,7 +3259,7 @@
} /* for afl->stage_cur */
- new_hit_cnt = afl->queued_paths + afl->unique_crashes;
+ new_hit_cnt = afl->queued_items + afl->saved_crashes;
afl->stage_finds[STAGE_FLIP1] += new_hit_cnt - orig_hit_cnt;
afl->stage_cycles[STAGE_FLIP1] += afl->stage_max;
@@ -3290,7 +3290,7 @@
} /* for afl->stage_cur */
- new_hit_cnt = afl->queued_paths + afl->unique_crashes;
+ new_hit_cnt = afl->queued_items + afl->saved_crashes;
afl->stage_finds[STAGE_FLIP2] += new_hit_cnt - orig_hit_cnt;
afl->stage_cycles[STAGE_FLIP2] += afl->stage_max;
@@ -3325,7 +3325,7 @@
} /* for afl->stage_cur */
- new_hit_cnt = afl->queued_paths + afl->unique_crashes;
+ new_hit_cnt = afl->queued_items + afl->saved_crashes;
afl->stage_finds[STAGE_FLIP4] += new_hit_cnt - orig_hit_cnt;
afl->stage_cycles[STAGE_FLIP4] += afl->stage_max;
@@ -3431,7 +3431,7 @@
afl->blocks_eff_total += EFF_ALEN(len);
- new_hit_cnt = afl->queued_paths + afl->unique_crashes;
+ new_hit_cnt = afl->queued_items + afl->saved_crashes;
afl->stage_finds[STAGE_FLIP8] += new_hit_cnt - orig_hit_cnt;
afl->stage_cycles[STAGE_FLIP8] += afl->stage_max;
@@ -3473,7 +3473,7 @@
} /* for i = 0; i < len */
- new_hit_cnt = afl->queued_paths + afl->unique_crashes;
+ new_hit_cnt = afl->queued_items + afl->saved_crashes;
afl->stage_finds[STAGE_FLIP16] += new_hit_cnt - orig_hit_cnt;
afl->stage_cycles[STAGE_FLIP16] += afl->stage_max;
@@ -3515,7 +3515,7 @@
} /* for i = 0; i < len - 3 */
- new_hit_cnt = afl->queued_paths + afl->unique_crashes;
+ new_hit_cnt = afl->queued_items + afl->saved_crashes;
afl->stage_finds[STAGE_FLIP32] += new_hit_cnt - orig_hit_cnt;
afl->stage_cycles[STAGE_FLIP32] += afl->stage_max;
@@ -3605,7 +3605,7 @@
} /* for i = 0; i < len */
- new_hit_cnt = afl->queued_paths + afl->unique_crashes;
+ new_hit_cnt = afl->queued_items + afl->saved_crashes;
afl->stage_finds[STAGE_ARITH8] += new_hit_cnt - orig_hit_cnt;
afl->stage_cycles[STAGE_ARITH8] += afl->stage_max;
@@ -3731,7 +3731,7 @@
} /* for i = 0; i < len - 1 */
- new_hit_cnt = afl->queued_paths + afl->unique_crashes;
+ new_hit_cnt = afl->queued_items + afl->saved_crashes;
afl->stage_finds[STAGE_ARITH16] += new_hit_cnt - orig_hit_cnt;
afl->stage_cycles[STAGE_ARITH16] += afl->stage_max;
@@ -3856,7 +3856,7 @@
} /* for i = 0; i < len - 3 */
- new_hit_cnt = afl->queued_paths + afl->unique_crashes;
+ new_hit_cnt = afl->queued_items + afl->saved_crashes;
afl->stage_finds[STAGE_ARITH32] += new_hit_cnt - orig_hit_cnt;
afl->stage_cycles[STAGE_ARITH32] += afl->stage_max;
@@ -3921,7 +3921,7 @@
} /* for i = 0; i < len */
- new_hit_cnt = afl->queued_paths + afl->unique_crashes;
+ new_hit_cnt = afl->queued_items + afl->saved_crashes;
afl->stage_finds[STAGE_INTEREST8] += new_hit_cnt - orig_hit_cnt;
afl->stage_cycles[STAGE_INTEREST8] += afl->stage_max;
@@ -4007,7 +4007,7 @@
} /* for i = 0; i < len - 1 */
- new_hit_cnt = afl->queued_paths + afl->unique_crashes;
+ new_hit_cnt = afl->queued_items + afl->saved_crashes;
afl->stage_finds[STAGE_INTEREST16] += new_hit_cnt - orig_hit_cnt;
afl->stage_cycles[STAGE_INTEREST16] += afl->stage_max;
@@ -4094,7 +4094,7 @@
} /* for i = 0; i < len - 3 */
- new_hit_cnt = afl->queued_paths + afl->unique_crashes;
+ new_hit_cnt = afl->queued_items + afl->saved_crashes;
afl->stage_finds[STAGE_INTEREST32] += new_hit_cnt - orig_hit_cnt;
afl->stage_cycles[STAGE_INTEREST32] += afl->stage_max;
@@ -4167,7 +4167,7 @@
} /* for i = 0; i < len */
- new_hit_cnt = afl->queued_paths + afl->unique_crashes;
+ new_hit_cnt = afl->queued_items + afl->saved_crashes;
afl->stage_finds[STAGE_EXTRAS_UO] += new_hit_cnt - orig_hit_cnt;
afl->stage_cycles[STAGE_EXTRAS_UO] += afl->stage_max;
@@ -4223,7 +4223,7 @@
} /* for i = 0; i <= len */
- new_hit_cnt = afl->queued_paths + afl->unique_crashes;
+ new_hit_cnt = afl->queued_items + afl->saved_crashes;
afl->stage_finds[STAGE_EXTRAS_UI] += new_hit_cnt - orig_hit_cnt;
afl->stage_cycles[STAGE_EXTRAS_UI] += afl->stage_max;
@@ -4282,7 +4282,7 @@
} /* for i = 0; i < len */
- new_hit_cnt = afl->queued_paths + afl->unique_crashes;
+ new_hit_cnt = afl->queued_items + afl->saved_crashes;
afl->stage_finds[STAGE_EXTRAS_AO] += new_hit_cnt - orig_hit_cnt;
afl->stage_cycles[STAGE_EXTRAS_AO] += afl->stage_max;
@@ -4335,7 +4335,7 @@
if (unlikely(afl->orig_hit_cnt_puppet == 0)) {
- afl->orig_hit_cnt_puppet = afl->queued_paths + afl->unique_crashes;
+ afl->orig_hit_cnt_puppet = afl->queued_items + afl->saved_crashes;
afl->last_limit_time_start = get_cur_time();
afl->SPLICE_CYCLES_puppet =
(rand_below(
@@ -4380,9 +4380,9 @@
temp_len = len;
- orig_hit_cnt = afl->queued_paths + afl->unique_crashes;
+ orig_hit_cnt = afl->queued_items + afl->saved_crashes;
- havoc_queued = afl->queued_paths;
+ havoc_queued = afl->queued_items;
u32 r_max;
@@ -4948,7 +4948,7 @@
u32 tid;
do {
- tid = rand_below(afl, afl->queued_paths);
+ tid = rand_below(afl, afl->queued_items);
} while (tid == afl->current_entry ||
@@ -5029,7 +5029,7 @@
++*MOpt_globals.pTime;
- u64 temp_total_found = afl->queued_paths + afl->unique_crashes;
+ u64 temp_total_found = afl->queued_items + afl->saved_crashes;
if (common_fuzz_stuff(afl, out_buf, temp_len)) {
@@ -5048,7 +5048,7 @@
/* If we're finding new stuff, let's run for a bit longer, limits
permitting. */
- if (afl->queued_paths != havoc_queued) {
+ if (afl->queued_items != havoc_queued) {
if (perf_score <= afl->havoc_max_mult * 100) {
@@ -5057,15 +5057,15 @@
}
- havoc_queued = afl->queued_paths;
+ havoc_queued = afl->queued_items;
}
- if (unlikely(afl->queued_paths + afl->unique_crashes >
+ if (unlikely(afl->queued_items + afl->saved_crashes >
temp_total_found)) {
u64 temp_temp_puppet =
- afl->queued_paths + afl->unique_crashes - temp_total_found;
+ afl->queued_items + afl->saved_crashes - temp_total_found;
afl->total_puppet_find = afl->total_puppet_find + temp_temp_puppet;
if (MOpt_globals.is_pilot_mode) {
@@ -5099,7 +5099,7 @@
++afl->stage_cur) { */
- new_hit_cnt = afl->queued_paths + afl->unique_crashes;
+ new_hit_cnt = afl->queued_items + afl->saved_crashes;
if (MOpt_globals.is_pilot_mode) {
@@ -5149,7 +5149,7 @@
do {
- tid = rand_below(afl, afl->queued_paths);
+ tid = rand_below(afl, afl->queued_items);
} while (tid == afl->current_entry || afl->queue_buf[tid]->len < 4);
@@ -5235,8 +5235,8 @@
if (afl->key_puppet == 1) {
if (unlikely(
- afl->queued_paths + afl->unique_crashes >
- ((afl->queued_paths + afl->unique_crashes) * limit_time_bound +
+ afl->queued_items + afl->saved_crashes >
+ ((afl->queued_items + afl->saved_crashes) * limit_time_bound +
afl->orig_hit_cnt_puppet))) {
afl->key_puppet = 0;
@@ -5251,7 +5251,7 @@
afl->total_pacemaker_time += *MOpt_globals.pTime;
*MOpt_globals.pTime = 0;
- new_hit_cnt = afl->queued_paths + afl->unique_crashes;
+ new_hit_cnt = afl->queued_items + afl->saved_crashes;
if (MOpt_globals.is_pilot_mode) {
diff --git a/src/afl-fuzz-queue.c b/src/afl-fuzz-queue.c
index 1523d55..fd5610c 100644
--- a/src/afl-fuzz-queue.c
+++ b/src/afl-fuzz-queue.c
@@ -31,7 +31,7 @@
inline u32 select_next_queue_entry(afl_state_t *afl) {
- u32 s = rand_below(afl, afl->queued_paths);
+ u32 s = rand_below(afl, afl->queued_items);
double p = rand_next_percent(afl);
/*
fprintf(stderr, "select: p=%f s=%u ... p < prob[s]=%f ? s=%u : alias[%u]=%u"
@@ -69,7 +69,7 @@
void create_alias_table(afl_state_t *afl) {
- u32 n = afl->queued_paths, i = 0, a, g;
+ u32 n = afl->queued_items, i = 0, a, g;
double sum = 0;
afl->alias_table =
@@ -547,19 +547,19 @@
if (likely(q->len > 4)) afl->ready_for_splicing_count++;
- ++afl->queued_paths;
+ ++afl->queued_items;
++afl->active_paths;
++afl->pending_not_fuzzed;
afl->cycles_wo_finds = 0;
struct queue_entry **queue_buf = afl_realloc(
- AFL_BUF_PARAM(queue), afl->queued_paths * sizeof(struct queue_entry *));
+ AFL_BUF_PARAM(queue), afl->queued_items * sizeof(struct queue_entry *));
if (unlikely(!queue_buf)) { PFATAL("alloc"); }
- queue_buf[afl->queued_paths - 1] = q;
- q->id = afl->queued_paths - 1;
+ queue_buf[afl->queued_items - 1] = q;
+ q->id = afl->queued_items - 1;
- afl->last_path_time = get_cur_time();
+ afl->last_find_time = get_cur_time();
if (afl->custom_mutators_count) {
@@ -583,7 +583,7 @@
u32 i;
- for (i = 0; i < afl->queued_paths; i++) {
+ for (i = 0; i < afl->queued_items; i++) {
struct queue_entry *q;
@@ -737,7 +737,7 @@
afl->queued_favored = 0;
afl->pending_favored = 0;
- for (i = 0; i < afl->queued_paths; i++) {
+ for (i = 0; i < afl->queued_items; i++) {
afl->queue_buf[i]->favored = 0;
@@ -782,7 +782,7 @@
}
- for (i = 0; i < afl->queued_paths; i++) {
+ for (i = 0; i < afl->queued_items; i++) {
if (likely(!afl->queue_buf[i]->disabled)) {
@@ -915,7 +915,7 @@
}
- u32 n_paths;
+ u32 n_items;
double factor = 1.0;
long double fuzz_mu;
@@ -933,26 +933,26 @@
case COE:
fuzz_mu = 0.0;
- n_paths = 0;
+ n_items = 0;
// Don't modify perf_score for unfuzzed seeds
if (q->fuzz_level == 0) break;
u32 i;
- for (i = 0; i < afl->queued_paths; i++) {
+ for (i = 0; i < afl->queued_items; i++) {
if (likely(!afl->queue_buf[i]->disabled)) {
fuzz_mu += log2(afl->n_fuzz[afl->queue_buf[i]->n_fuzz_entry]);
- n_paths++;
+ n_items++;
}
}
- if (unlikely(!n_paths)) { FATAL("Queue state corrupt"); }
+ if (unlikely(!n_items)) { FATAL("Queue state corrupt"); }
- fuzz_mu = fuzz_mu / n_paths;
+ fuzz_mu = fuzz_mu / n_items;
if (log2(afl->n_fuzz[q->n_fuzz_entry]) > fuzz_mu) {
@@ -1018,7 +1018,7 @@
-- rare. the simpler algo however is good when rare is not.
// the newer the entry, the higher the pref_score
perf_score *= (1 + (double)((double)q->depth /
- (double)afl->queued_paths));
+ (double)afl->queued_items));
// with special focus on the last 8 entries
if (afl->max_depth - q->depth < 8) perf_score *= (1 + ((8 -
(afl->max_depth - q->depth)) / 5));
diff --git a/src/afl-fuzz-redqueen.c b/src/afl-fuzz-redqueen.c
index 0a6e5ee..240bd70 100644
--- a/src/afl-fuzz-redqueen.c
+++ b/src/afl-fuzz-redqueen.c
@@ -276,7 +276,7 @@
#endif
u64 orig_hit_cnt, new_hit_cnt, exec_cksum;
- orig_hit_cnt = afl->queued_paths + afl->unique_crashes;
+ orig_hit_cnt = afl->queued_items + afl->saved_crashes;
afl->stage_name = "colorization";
afl->stage_short = "colorization";
@@ -424,7 +424,7 @@
}
- new_hit_cnt = afl->queued_paths + afl->unique_crashes;
+ new_hit_cnt = afl->queued_items + afl->saved_crashes;
#if defined(_DEBUG) || defined(CMPLOG_INTROSPECTION)
FILE *f = stderr;
@@ -517,7 +517,7 @@
u64 orig_hit_cnt, new_hit_cnt;
- orig_hit_cnt = afl->queued_paths + afl->unique_crashes;
+ orig_hit_cnt = afl->queued_items + afl->saved_crashes;
#ifdef _DEBUG
dump("DATA", buf, len);
@@ -525,7 +525,7 @@
if (unlikely(common_fuzz_stuff(afl, buf, len))) { return 1; }
- new_hit_cnt = afl->queued_paths + afl->unique_crashes;
+ new_hit_cnt = afl->queued_items + afl->saved_crashes;
if (unlikely(new_hit_cnt != orig_hit_cnt)) {
@@ -2720,7 +2720,7 @@
u64 orig_hit_cnt, new_hit_cnt;
u64 orig_execs = afl->fsrv.total_execs;
- orig_hit_cnt = afl->queued_paths + afl->unique_crashes;
+ orig_hit_cnt = afl->queued_items + afl->saved_crashes;
afl->stage_name = "input-to-state";
afl->stage_short = "its";
@@ -2845,7 +2845,7 @@
}
#ifdef CMPLOG_COMBINE
- if (afl->queued_paths + afl->unique_crashes > orig_hit_cnt + 1) {
+ if (afl->queued_items + afl->saved_crashes > orig_hit_cnt + 1) {
// copy the current virgin bits so we can recover the information
u8 *virgin_save = afl_realloc((void **)&afl->eff_buf, afl->shm.map_size);
@@ -2897,7 +2897,7 @@
#endif
- new_hit_cnt = afl->queued_paths + afl->unique_crashes;
+ new_hit_cnt = afl->queued_items + afl->saved_crashes;
afl->stage_finds[STAGE_ITS] += new_hit_cnt - orig_hit_cnt;
afl->stage_cycles[STAGE_ITS] += afl->fsrv.total_execs - orig_execs;
diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c
index 2789b56..d730876 100644
--- a/src/afl-fuzz-run.c
+++ b/src/afl-fuzz-run.c
@@ -953,7 +953,7 @@
if (afl->subseq_tmouts++ > TMOUT_LIMIT) {
- ++afl->cur_skipped_paths;
+ ++afl->cur_skipped_items;
return 1;
}
@@ -970,7 +970,7 @@
if (afl->skip_requested) {
afl->skip_requested = 0;
- ++afl->cur_skipped_paths;
+ ++afl->cur_skipped_items;
return 1;
}
diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c
index 152bebe..5016095 100644
--- a/src/afl-fuzz-stats.c
+++ b/src/afl-fuzz-stats.c
@@ -147,10 +147,10 @@
afl->fsrv.total_execs = strtoull(lptr, &nptr, 10);
break;
case 10:
- if (!strcmp(keystring, "paths_total ")) {
+ if (!strcmp(keystring, "corpus_count ")) {
- u32 paths_total = strtoul(lptr, &nptr, 10);
- if (paths_total != afl->queued_paths) {
+ u32 corpus_count = strtoul(lptr, &nptr, 10);
+ if (corpus_count != afl->queued_items) {
WARNF(
"queue/ has been modified -- things might not work, you're "
@@ -162,11 +162,11 @@
break;
case 12:
- if (!strcmp(keystring, "paths_found "))
+ if (!strcmp(keystring, "corpus_found "))
afl->queued_discovered = strtoul(lptr, &nptr, 10);
break;
case 13:
- if (!strcmp(keystring, "paths_imported "))
+ if (!strcmp(keystring, "corpus_imported "))
afl->queued_imported = strtoul(lptr, &nptr, 10);
break;
case 14:
@@ -174,12 +174,12 @@
afl->max_depth = strtoul(lptr, &nptr, 10);
break;
case 21:
- if (!strcmp(keystring, "unique_crashes "))
- afl->unique_crashes = strtoull(lptr, &nptr, 10);
+ if (!strcmp(keystring, "saved_crashes "))
+ afl->saved_crashes = strtoull(lptr, &nptr, 10);
break;
case 22:
- if (!strcmp(keystring, "unique_hangs "))
- afl->unique_hangs = strtoull(lptr, &nptr, 10);
+ if (!strcmp(keystring, "saved_hangs "))
+ afl->saved_hangs = strtoull(lptr, &nptr, 10);
break;
default:
break;
@@ -190,7 +190,7 @@
}
- if (afl->unique_crashes) { write_crash_readme(afl); }
+ if (afl->saved_crashes) { write_crash_readme(afl); }
return;
@@ -243,96 +243,95 @@
if (getrusage(RUSAGE_CHILDREN, &rus)) { rus.ru_maxrss = 0; }
#endif
- fprintf(f,
- "start_time : %llu\n"
- "last_update : %llu\n"
- "run_time : %llu\n"
- "fuzzer_pid : %u\n"
- "cycles_done : %llu\n"
- "cycles_wo_finds : %llu\n"
- "execs_done : %llu\n"
- "execs_per_sec : %0.02f\n"
- "execs_ps_last_min : %0.02f\n"
- "paths_total : %u\n"
- "paths_favored : %u\n"
- "paths_found : %u\n"
- "paths_imported : %u\n"
- "max_depth : %u\n"
- "cur_path : %u\n" /* Must match find_start_position() */
- "pending_favs : %u\n"
- "pending_total : %u\n"
- "variable_paths : %u\n"
- "stability : %0.02f%%\n"
- "bitmap_cvg : %0.02f%%\n"
- "unique_crashes : %llu\n"
- "unique_hangs : %llu\n"
- "last_path : %llu\n"
- "last_crash : %llu\n"
- "last_hang : %llu\n"
- "execs_since_crash : %llu\n"
- "exec_timeout : %u\n"
- "slowest_exec_ms : %u\n"
- "peak_rss_mb : %lu\n"
- "cpu_affinity : %d\n"
- "edges_found : %u\n"
- "total_edges : %u\n"
- "var_byte_count : %u\n"
- "havoc_expansion : %u\n"
- "auto_dict_entries : %u\n"
- "testcache_size : %llu\n"
- "testcache_count : %u\n"
- "testcache_evict : %u\n"
- "afl_banner : %s\n"
- "afl_version : " VERSION
- "\n"
- "target_mode : %s%s%s%s%s%s%s%s%s%s\n"
- "command_line : %s\n",
- (afl->start_time - afl->prev_run_time) / 1000, cur_time / 1000,
- (afl->prev_run_time + cur_time - afl->start_time) / 1000,
- (u32)getpid(), afl->queue_cycle ? (afl->queue_cycle - 1) : 0,
- afl->cycles_wo_finds, afl->fsrv.total_execs,
- afl->fsrv.total_execs /
- ((double)(afl->prev_run_time + get_cur_time() - afl->start_time) /
- 1000),
- afl->last_avg_execs_saved, afl->queued_paths, afl->queued_favored,
- afl->queued_discovered, afl->queued_imported, afl->max_depth,
- afl->current_entry, afl->pending_favored, afl->pending_not_fuzzed,
- afl->queued_variable, stability, bitmap_cvg, afl->unique_crashes,
- afl->unique_hangs, afl->last_path_time / 1000,
- afl->last_crash_time / 1000, afl->last_hang_time / 1000,
- afl->fsrv.total_execs - afl->last_crash_execs, afl->fsrv.exec_tmout,
- afl->slowest_exec_ms,
+ fprintf(
+ f,
+ "start_time : %llu\n"
+ "last_update : %llu\n"
+ "run_time : %llu\n"
+ "fuzzer_pid : %u\n"
+ "cycles_done : %llu\n"
+ "cycles_wo_finds : %llu\n"
+ "execs_done : %llu\n"
+ "execs_per_sec : %0.02f\n"
+ "execs_ps_last_min : %0.02f\n"
+ "corpus_count : %u\n"
+ "corpus_favored : %u\n"
+ "corpus_found : %u\n"
+ "corpus_imported : %u\n"
+ "corpus_variable : %u\n"
+ "max_depth : %u\n"
+ "cur_item : %u\n"
+ "pending_favs : %u\n"
+ "pending_total : %u\n"
+ "stability : %0.02f%%\n"
+ "bitmap_cvg : %0.02f%%\n"
+ "saved_crashes : %llu\n"
+ "saved_hangs : %llu\n"
+ "last_find : %llu\n"
+ "last_crash : %llu\n"
+ "last_hang : %llu\n"
+ "execs_since_crash : %llu\n"
+ "exec_timeout : %u\n"
+ "slowest_exec_ms : %u\n"
+ "peak_rss_mb : %lu\n"
+ "cpu_affinity : %d\n"
+ "edges_found : %u\n"
+ "total_edges : %u\n"
+ "var_byte_count : %u\n"
+ "havoc_expansion : %u\n"
+ "auto_dict_entries : %u\n"
+ "testcache_size : %llu\n"
+ "testcache_count : %u\n"
+ "testcache_evict : %u\n"
+ "afl_banner : %s\n"
+ "afl_version : " VERSION
+ "\n"
+ "target_mode : %s%s%s%s%s%s%s%s%s%s\n"
+ "command_line : %s\n",
+ (afl->start_time - afl->prev_run_time) / 1000, cur_time / 1000,
+ (afl->prev_run_time + cur_time - afl->start_time) / 1000, (u32)getpid(),
+ afl->queue_cycle ? (afl->queue_cycle - 1) : 0, afl->cycles_wo_finds,
+ afl->fsrv.total_execs,
+ afl->fsrv.total_execs /
+ ((double)(afl->prev_run_time + get_cur_time() - afl->start_time) /
+ 1000),
+ afl->last_avg_execs_saved, afl->queued_items, afl->queued_favored,
+ afl->queued_discovered, afl->queued_imported, afl->max_depth,
+ afl->current_entry, afl->pending_favored, afl->pending_not_fuzzed,
+ afl->queued_variable, stability, bitmap_cvg, afl->saved_crashes,
+ afl->saved_hangs, afl->last_find_time / 1000, afl->last_crash_time / 1000,
+ afl->last_hang_time / 1000, afl->fsrv.total_execs - afl->last_crash_execs,
+ afl->fsrv.exec_tmout, afl->slowest_exec_ms,
#ifndef __HAIKU__
#ifdef __APPLE__
- (unsigned long int)(rus.ru_maxrss >> 20),
+ (unsigned long int)(rus.ru_maxrss >> 20),
#else
- (unsigned long int)(rus.ru_maxrss >> 10),
+ (unsigned long int)(rus.ru_maxrss >> 10),
#endif
#else
- -1UL,
+ -1UL,
#endif
#ifdef HAVE_AFFINITY
- afl->cpu_aff,
+ afl->cpu_aff,
#else
- -1,
+ -1,
#endif
- t_bytes, afl->fsrv.real_map_size, afl->var_byte_count,
- afl->expand_havoc, afl->a_extras_cnt, afl->q_testcase_cache_size,
- afl->q_testcase_cache_count, afl->q_testcase_evictions,
- afl->use_banner, afl->unicorn_mode ? "unicorn" : "",
- afl->fsrv.qemu_mode ? "qemu " : "",
- afl->fsrv.cs_mode ? "coresight" : "",
- afl->non_instrumented_mode ? " non_instrumented " : "",
- afl->no_forkserver ? "no_fsrv " : "", afl->crash_mode ? "crash " : "",
- afl->persistent_mode ? "persistent " : "",
- afl->shmem_testcase_mode ? "shmem_testcase " : "",
- afl->deferred_mode ? "deferred " : "",
- (afl->unicorn_mode || afl->fsrv.qemu_mode || afl->fsrv.cs_mode ||
- afl->non_instrumented_mode || afl->no_forkserver ||
- afl->crash_mode || afl->persistent_mode || afl->deferred_mode)
- ? ""
- : "default",
- afl->orig_cmdline);
+ t_bytes, afl->fsrv.real_map_size, afl->var_byte_count, afl->expand_havoc,
+ afl->a_extras_cnt, afl->q_testcase_cache_size,
+ afl->q_testcase_cache_count, afl->q_testcase_evictions, afl->use_banner,
+ afl->unicorn_mode ? "unicorn" : "", afl->fsrv.qemu_mode ? "qemu " : "",
+ afl->fsrv.cs_mode ? "coresight" : "",
+ afl->non_instrumented_mode ? " non_instrumented " : "",
+ afl->no_forkserver ? "no_fsrv " : "", afl->crash_mode ? "crash " : "",
+ afl->persistent_mode ? "persistent " : "",
+ afl->shmem_testcase_mode ? "shmem_testcase " : "",
+ afl->deferred_mode ? "deferred " : "",
+ (afl->unicorn_mode || afl->fsrv.qemu_mode || afl->fsrv.cs_mode ||
+ afl->non_instrumented_mode || afl->no_forkserver || afl->crash_mode ||
+ afl->persistent_mode || afl->deferred_mode)
+ ? ""
+ : "default",
+ afl->orig_cmdline);
/* ignore errors */
@@ -373,13 +372,13 @@
if (unlikely(!afl->force_ui_update &&
(afl->stop_soon ||
- (afl->plot_prev_qp == afl->queued_paths &&
+ (afl->plot_prev_qp == afl->queued_items &&
afl->plot_prev_pf == afl->pending_favored &&
afl->plot_prev_pnf == afl->pending_not_fuzzed &&
afl->plot_prev_ce == afl->current_entry &&
afl->plot_prev_qc == afl->queue_cycle &&
- afl->plot_prev_uc == afl->unique_crashes &&
- afl->plot_prev_uh == afl->unique_hangs &&
+ afl->plot_prev_uc == afl->saved_crashes &&
+ afl->plot_prev_uh == afl->saved_hangs &&
afl->plot_prev_md == afl->max_depth &&
afl->plot_prev_ed == afl->fsrv.total_execs) ||
!afl->queue_cycle ||
@@ -389,29 +388,29 @@
}
- afl->plot_prev_qp = afl->queued_paths;
+ afl->plot_prev_qp = afl->queued_items;
afl->plot_prev_pf = afl->pending_favored;
afl->plot_prev_pnf = afl->pending_not_fuzzed;
afl->plot_prev_ce = afl->current_entry;
afl->plot_prev_qc = afl->queue_cycle;
- afl->plot_prev_uc = afl->unique_crashes;
- afl->plot_prev_uh = afl->unique_hangs;
+ afl->plot_prev_uc = afl->saved_crashes;
+ afl->plot_prev_uh = afl->saved_hangs;
afl->plot_prev_md = afl->max_depth;
afl->plot_prev_ed = afl->fsrv.total_execs;
/* Fields in the file:
- relative_time, afl->cycles_done, cur_path, paths_total, paths_not_fuzzed,
- favored_not_fuzzed, unique_crashes, unique_hangs, max_depth,
+ relative_time, afl->cycles_done, cur_item, corpus_count, corpus_not_fuzzed,
+ favored_not_fuzzed, saved_crashes, saved_hangs, max_depth,
execs_per_sec, edges_found */
fprintf(afl->fsrv.plot_file,
"%llu, %llu, %u, %u, %u, %u, %0.02f%%, %llu, %llu, %u, %0.02f, %llu, "
"%u\n",
((afl->prev_run_time + get_cur_time() - afl->start_time) / 1000),
- afl->queue_cycle - 1, afl->current_entry, afl->queued_paths,
+ afl->queue_cycle - 1, afl->current_entry, afl->queued_items,
afl->pending_not_fuzzed, afl->pending_favored, bitmap_cvg,
- afl->unique_crashes, afl->unique_hangs, afl->max_depth, eps,
+ afl->saved_crashes, afl->saved_hangs, afl->max_depth, eps,
afl->plot_prev_ed, t_bytes); /* ignore errors */
fflush(afl->fsrv.plot_file);
@@ -611,9 +610,9 @@
/* AFL_EXIT_ON_TIME. */
- if (unlikely(afl->last_path_time && !afl->non_instrumented_mode &&
+ if (unlikely(afl->last_find_time && !afl->non_instrumented_mode &&
afl->afl_env.afl_exit_on_time &&
- (cur_ms - afl->last_path_time) > afl->exit_on_time)) {
+ (cur_ms - afl->last_find_time) > afl->exit_on_time)) {
afl->stop_soon = 2;
@@ -704,10 +703,10 @@
/* Since `total_crashes` does not get reloaded from disk on restart,
it indicates if we found crashes this round already -> paint red.
- If it's 0, but `unique_crashes` is set from a past run, paint in yellow. */
- char *crash_color = afl->total_crashes ? cLRD
- : afl->unique_crashes ? cYEL
- : cRST;
+ If it's 0, but `saved_crashes` is set from a past run, paint in yellow. */
+ char *crash_color = afl->total_crashes ? cLRD
+ : afl->saved_crashes ? cYEL
+ : cRST;
/* Lord, forgive me this. */
@@ -721,7 +720,7 @@
} else {
- u64 min_wo_finds = (cur_ms - afl->last_path_time) / 1000 / 60;
+ u64 min_wo_finds = (cur_ms - afl->last_find_time) / 1000 / 60;
/* First queue cycle: don't stop now! */
if (afl->queue_cycle == 1 || min_wo_finds < 15) {
@@ -762,48 +761,48 @@
except when resuming fuzzing or running in non-instrumented mode. */
if (!afl->non_instrumented_mode &&
- (afl->last_path_time || afl->resuming_fuzz || afl->queue_cycle == 1 ||
+ (afl->last_find_time || afl->resuming_fuzz || afl->queue_cycle == 1 ||
afl->in_bitmap || afl->crash_mode)) {
- u_stringify_time_diff(time_tmp, cur_ms, afl->last_path_time);
- SAYF(bV bSTOP " last new path : " cRST "%-33s ", time_tmp);
+ u_stringify_time_diff(time_tmp, cur_ms, afl->last_find_time);
+ SAYF(bV bSTOP " last new find : " cRST "%-33s ", time_tmp);
} else {
if (afl->non_instrumented_mode) {
- SAYF(bV bSTOP " last new path : " cPIN "n/a" cRST
+ SAYF(bV bSTOP " last new find : " cPIN "n/a" cRST
" (non-instrumented mode) ");
} else {
- SAYF(bV bSTOP " last new path : " cRST "none yet " cLRD
+ SAYF(bV bSTOP " last new find : " cRST "none yet " cLRD
"(odd, check syntax!) ");
}
}
- SAYF(bSTG bV bSTOP " total paths : " cRST "%-5s " bSTG bV "\n",
- u_stringify_int(IB(0), afl->queued_paths));
+ SAYF(bSTG bV bSTOP " corpus count : " cRST "%-5s " bSTG bV "\n",
+ u_stringify_int(IB(0), afl->queued_items));
/* Highlight crashes in red if found, denote going over the KEEP_UNIQUE_CRASH
limit with a '+' appended to the count. */
- sprintf(tmp, "%s%s", u_stringify_int(IB(0), afl->unique_crashes),
- (afl->unique_crashes >= KEEP_UNIQUE_CRASH) ? "+" : "");
+ sprintf(tmp, "%s%s", u_stringify_int(IB(0), afl->saved_crashes),
+ (afl->saved_crashes >= KEEP_UNIQUE_CRASH) ? "+" : "");
u_stringify_time_diff(time_tmp, cur_ms, afl->last_crash_time);
- SAYF(bV bSTOP " last uniq crash : " cRST "%-33s " bSTG bV bSTOP
- " uniq crashes : %s%-6s" bSTG bV "\n",
+ SAYF(bV bSTOP "last saved crash : " cRST "%-33s " bSTG bV bSTOP
+ "saved crashes : %s%-6s" bSTG bV "\n",
time_tmp, crash_color, tmp);
- sprintf(tmp, "%s%s", u_stringify_int(IB(0), afl->unique_hangs),
- (afl->unique_hangs >= KEEP_UNIQUE_HANG) ? "+" : "");
+ sprintf(tmp, "%s%s", u_stringify_int(IB(0), afl->saved_hangs),
+ (afl->saved_hangs >= KEEP_UNIQUE_HANG) ? "+" : "");
u_stringify_time_diff(time_tmp, cur_ms, afl->last_hang_time);
- SAYF(bV bSTOP " last uniq hang : " cRST "%-33s " bSTG bV bSTOP
- " uniq hangs : " cRST "%-6s" bSTG bV "\n",
+ SAYF(bV bSTOP " last saved hang : " cRST "%-33s " bSTG bV bSTOP
+ " saved hangs : " cRST "%-6s" bSTG bV "\n",
time_tmp, tmp);
SAYF(bVR bH bSTOP cCYA
@@ -816,7 +815,7 @@
sprintf(tmp, "%s%s%u (%0.01f%%)", u_stringify_int(IB(0), afl->current_entry),
afl->queue_cur->favored ? "." : "*", afl->queue_cur->fuzz_level,
- ((double)afl->current_entry * 100) / afl->queued_paths);
+ ((double)afl->current_entry * 100) / afl->queued_items);
SAYF(bV bSTOP " now processing : " cRST "%-18s " bSTG bV bSTOP, tmp);
@@ -830,10 +829,10 @@
: ((t_bytes < 200 && !afl->non_instrumented_mode) ? cPIN : cRST),
tmp);
- sprintf(tmp, "%s (%0.02f%%)", u_stringify_int(IB(0), afl->cur_skipped_paths),
- ((double)afl->cur_skipped_paths * 100) / afl->queued_paths);
+ sprintf(tmp, "%s (%0.02f%%)", u_stringify_int(IB(0), afl->cur_skipped_items),
+ ((double)afl->cur_skipped_items * 100) / afl->queued_items);
- SAYF(bV bSTOP " paths timed out : " cRST "%-18s " bSTG bV, tmp);
+ SAYF(bV bSTOP " items timed out : " cRST "%-18s " bSTG bV, tmp);
sprintf(tmp, "%0.02f bits/tuple", t_bytes ? (((double)t_bits) / t_bytes) : 0);
@@ -844,12 +843,12 @@
" findings in depth " bSTG bH10 bH5 bH2 bVL "\n");
sprintf(tmp, "%s (%0.02f%%)", u_stringify_int(IB(0), afl->queued_favored),
- ((double)afl->queued_favored) * 100 / afl->queued_paths);
+ ((double)afl->queued_favored) * 100 / afl->queued_items);
/* Yeah... it's still going on... halp? */
SAYF(bV bSTOP " now trying : " cRST "%-22s " bSTG bV bSTOP
- " favored paths : " cRST "%-20s" bSTG bV "\n",
+ " favored items : " cRST "%-20s" bSTG bV "\n",
afl->stage_name, tmp);
if (!afl->stage_max) {
@@ -867,13 +866,13 @@
SAYF(bV bSTOP " stage execs : " cRST "%-23s" bSTG bV bSTOP, tmp);
sprintf(tmp, "%s (%0.02f%%)", u_stringify_int(IB(0), afl->queued_with_cov),
- ((double)afl->queued_with_cov) * 100 / afl->queued_paths);
+ ((double)afl->queued_with_cov) * 100 / afl->queued_items);
SAYF(" new edges on : " cRST "%-20s" bSTG bV "\n", tmp);
sprintf(tmp, "%s (%s%s unique)", u_stringify_int(IB(0), afl->total_crashes),
- u_stringify_int(IB(1), afl->unique_crashes),
- (afl->unique_crashes >= KEEP_UNIQUE_CRASH) ? "+" : "");
+ u_stringify_int(IB(1), afl->saved_crashes),
+ (afl->saved_crashes >= KEEP_UNIQUE_CRASH) ? "+" : "");
if (afl->crash_mode) {
@@ -906,15 +905,15 @@
}
sprintf(tmp, "%s (%s%s unique)", u_stringify_int(IB(0), afl->total_tmouts),
- u_stringify_int(IB(1), afl->unique_tmouts),
- (afl->unique_hangs >= KEEP_UNIQUE_HANG) ? "+" : "");
+ u_stringify_int(IB(1), afl->saved_tmouts),
+ (afl->saved_hangs >= KEEP_UNIQUE_HANG) ? "+" : "");
SAYF(bSTG bV bSTOP " total tmouts : " cRST "%-20s" bSTG bV "\n", tmp);
/* Aaaalmost there... hold on! */
SAYF(bVR bH cCYA bSTOP " fuzzing strategy yields " bSTG bH10 bH2 bHT bH10 bH2
- bH bHB bH bSTOP cCYA " path geometry " bSTG bH5 bH2 bVL "\n");
+ bH bHB bH bSTOP cCYA " item geometry " bSTG bH5 bH2 bVL "\n");
if (unlikely(afl->custom_only)) {
@@ -1222,7 +1221,7 @@
}
- for (i = 0; i < afl->queued_paths; i++) {
+ for (i = 0; i < afl->queued_items; i++) {
q = afl->queue_buf[i];
if (unlikely(q->disabled)) { continue; }
@@ -1290,13 +1289,13 @@
}
- if (afl->queued_paths > 100) {
+ if (afl->queued_items > 100) {
WARNF(cLRD
"You probably have far too many input files! Consider trimming "
"down.");
- } else if (afl->queued_paths > 20) {
+ } else if (afl->queued_items > 20) {
WARNF("You have lots of input files; try starting small.");
@@ -1311,8 +1310,8 @@
" Bitmap range : " cRST
"%u to %u bits (average: %0.02f bits)\n" cGRA
" Exec timing : " cRST "%s to %s us (average: %s us)\n",
- afl->queued_favored, afl->queued_variable, afl->queued_paths - count,
- afl->queued_paths, min_bits, max_bits,
+ afl->queued_favored, afl->queued_variable, afl->queued_items - count,
+ afl->queued_items, min_bits, max_bits,
((double)afl->total_bitmap_size) /
(afl->total_bitmap_entries ? afl->total_bitmap_entries : 1),
stringify_int(IB(0), min_us), stringify_int(IB(1), max_us),
diff --git a/src/afl-fuzz-statsd.c b/src/afl-fuzz-statsd.c
index 461bbbf..e835c8e 100644
--- a/src/afl-fuzz-statsd.c
+++ b/src/afl-fuzz-statsd.c
@@ -42,46 +42,48 @@
// For DogstatsD
#define STATSD_TAGS_TYPE_SUFFIX 1
-#define STATSD_TAGS_SUFFIX_METRICS \
- METRIC_PREFIX \
- ".cycle_done:%llu|g%s\n" METRIC_PREFIX \
- ".cycles_wo_finds:%llu|g%s\n" METRIC_PREFIX \
- ".execs_done:%llu|g%s\n" METRIC_PREFIX \
- ".execs_per_sec:%0.02f|g%s\n" METRIC_PREFIX \
- ".paths_total:%u|g%s\n" METRIC_PREFIX \
- ".paths_favored:%u|g%s\n" METRIC_PREFIX \
- ".paths_found:%u|g%s\n" METRIC_PREFIX \
- ".paths_imported:%u|g%s\n" METRIC_PREFIX ".max_depth:%u|g%s\n" METRIC_PREFIX \
- ".cur_path:%u|g%s\n" METRIC_PREFIX ".pending_favs:%u|g%s\n" METRIC_PREFIX \
- ".pending_total:%u|g%s\n" METRIC_PREFIX \
- ".variable_paths:%u|g%s\n" METRIC_PREFIX \
- ".unique_crashes:%llu|g%s\n" METRIC_PREFIX \
- ".unique_hangs:%llu|g%s\n" METRIC_PREFIX \
- ".total_crashes:%llu|g%s\n" METRIC_PREFIX \
- ".slowest_exec_ms:%u|g%s\n" METRIC_PREFIX \
- ".edges_found:%u|g%s\n" METRIC_PREFIX \
+#define STATSD_TAGS_SUFFIX_METRICS \
+ METRIC_PREFIX \
+ ".cycle_done:%llu|g%s\n" METRIC_PREFIX \
+ ".cycles_wo_finds:%llu|g%s\n" METRIC_PREFIX \
+ ".execs_done:%llu|g%s\n" METRIC_PREFIX \
+ ".execs_per_sec:%0.02f|g%s\n" METRIC_PREFIX \
+ ".corpus_count:%u|g%s\n" METRIC_PREFIX \
+ ".corpus_favored:%u|g%s\n" METRIC_PREFIX \
+ ".corpus_found:%u|g%s\n" METRIC_PREFIX \
+ ".corpus_imported:%u|g%s\n" METRIC_PREFIX \
+ ".max_depth:%u|g%s\n" METRIC_PREFIX ".cur_item:%u|g%s\n" METRIC_PREFIX \
+ ".pending_favs:%u|g%s\n" METRIC_PREFIX \
+ ".pending_total:%u|g%s\n" METRIC_PREFIX \
+ ".corpus_variable:%u|g%s\n" METRIC_PREFIX \
+ ".saved_crashes:%llu|g%s\n" METRIC_PREFIX \
+ ".saved_hangs:%llu|g%s\n" METRIC_PREFIX \
+ ".total_crashes:%llu|g%s\n" METRIC_PREFIX \
+ ".slowest_exec_ms:%u|g%s\n" METRIC_PREFIX \
+ ".edges_found:%u|g%s\n" METRIC_PREFIX \
".var_byte_count:%u|g%s\n" METRIC_PREFIX ".havoc_expansion:%u|g%s\n"
// For Librato, InfluxDB, SignalFX
#define STATSD_TAGS_TYPE_MID 2
-#define STATSD_TAGS_MID_METRICS \
- METRIC_PREFIX \
- ".cycle_done%s:%llu|g\n" METRIC_PREFIX \
- ".cycles_wo_finds%s:%llu|g\n" METRIC_PREFIX \
- ".execs_done%s:%llu|g\n" METRIC_PREFIX \
- ".execs_per_sec%s:%0.02f|g\n" METRIC_PREFIX \
- ".paths_total%s:%u|g\n" METRIC_PREFIX \
- ".paths_favored%s:%u|g\n" METRIC_PREFIX \
- ".paths_found%s:%u|g\n" METRIC_PREFIX \
- ".paths_imported%s:%u|g\n" METRIC_PREFIX ".max_depth%s:%u|g\n" METRIC_PREFIX \
- ".cur_path%s:%u|g\n" METRIC_PREFIX ".pending_favs%s:%u|g\n" METRIC_PREFIX \
- ".pending_total%s:%u|g\n" METRIC_PREFIX \
- ".variable_paths%s:%u|g\n" METRIC_PREFIX \
- ".unique_crashes%s:%llu|g\n" METRIC_PREFIX \
- ".unique_hangs%s:%llu|g\n" METRIC_PREFIX \
- ".total_crashes%s:%llu|g\n" METRIC_PREFIX \
- ".slowest_exec_ms%s:%u|g\n" METRIC_PREFIX \
- ".edges_found%s:%u|g\n" METRIC_PREFIX \
+#define STATSD_TAGS_MID_METRICS \
+ METRIC_PREFIX \
+ ".cycle_done%s:%llu|g\n" METRIC_PREFIX \
+ ".cycles_wo_finds%s:%llu|g\n" METRIC_PREFIX \
+ ".execs_done%s:%llu|g\n" METRIC_PREFIX \
+ ".execs_per_sec%s:%0.02f|g\n" METRIC_PREFIX \
+ ".corpus_count%s:%u|g\n" METRIC_PREFIX \
+ ".corpus_favored%s:%u|g\n" METRIC_PREFIX \
+ ".corpus_found%s:%u|g\n" METRIC_PREFIX \
+ ".corpus_imported%s:%u|g\n" METRIC_PREFIX \
+ ".max_depth%s:%u|g\n" METRIC_PREFIX ".cur_item%s:%u|g\n" METRIC_PREFIX \
+ ".pending_favs%s:%u|g\n" METRIC_PREFIX \
+ ".pending_total%s:%u|g\n" METRIC_PREFIX \
+ ".corpus_variable%s:%u|g\n" METRIC_PREFIX \
+ ".saved_crashes%s:%llu|g\n" METRIC_PREFIX \
+ ".saved_hangs%s:%llu|g\n" METRIC_PREFIX \
+ ".total_crashes%s:%llu|g\n" METRIC_PREFIX \
+ ".slowest_exec_ms%s:%u|g\n" METRIC_PREFIX \
+ ".edges_found%s:%u|g\n" METRIC_PREFIX \
".var_byte_count%s:%u|g\n" METRIC_PREFIX ".havoc_expansion%s:%u|g\n"
void statsd_setup_format(afl_state_t *afl) {
@@ -238,11 +240,11 @@
afl->fsrv.total_execs /
((double)(get_cur_time() + afl->prev_run_time - afl->start_time) /
1000),
- tags, afl->queued_paths, tags, afl->queued_favored, tags,
+ tags, afl->queued_items, tags, afl->queued_favored, tags,
afl->queued_discovered, tags, afl->queued_imported, tags,
afl->max_depth, tags, afl->current_entry, tags, afl->pending_favored,
tags, afl->pending_not_fuzzed, tags, afl->queued_variable, tags,
- afl->unique_crashes, tags, afl->unique_hangs, tags, afl->total_crashes,
+ afl->saved_crashes, tags, afl->saved_hangs, tags, afl->total_crashes,
tags, afl->slowest_exec_ms, tags,
count_non_255_bytes(afl, afl->virgin_bits), tags, afl->var_byte_count,
tags, afl->expand_havoc, tags);
@@ -256,11 +258,11 @@
afl->fsrv.total_execs /
((double)(get_cur_time() + afl->prev_run_time - afl->start_time) /
1000),
- tags, afl->queued_paths, tags, afl->queued_favored, tags,
+ tags, afl->queued_items, tags, afl->queued_favored, tags,
afl->queued_discovered, tags, afl->queued_imported, tags,
afl->max_depth, tags, afl->current_entry, tags, afl->pending_favored,
tags, afl->pending_not_fuzzed, tags, afl->queued_variable, tags,
- afl->unique_crashes, tags, afl->unique_hangs, tags, afl->total_crashes,
+ afl->saved_crashes, tags, afl->saved_hangs, tags, afl->total_crashes,
tags, afl->slowest_exec_ms, tags,
count_non_255_bytes(afl, afl->virgin_bits), tags, afl->var_byte_count,
tags, afl->expand_havoc);
diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c
index 195366b..f59bb47 100644
--- a/src/afl-fuzz.c
+++ b/src/afl-fuzz.c
@@ -129,7 +129,7 @@
" -D - enable deterministic fuzzing (once per queue entry)\n"
" -L minutes - use MOpt(imize) mode and set the time limit for "
"entering the\n"
- " pacemaker mode (minutes of no new paths). 0 = "
+ " pacemaker mode (minutes of no new finds). 0 = "
"immediately,\n"
" -1 = immediately and together with normal mutation.\n"
" See docs/README.MOpt.md\n"
@@ -214,7 +214,7 @@
"AFL_DISABLE_TRIM: disable the trimming of test cases\n"
"AFL_DUMB_FORKSRV: use fork server without feedback from target\n"
"AFL_EXIT_WHEN_DONE: exit when all inputs are run and no new finds are found\n"
- "AFL_EXIT_ON_TIME: exit when no new paths are found within the specified time period\n"
+ "AFL_EXIT_ON_TIME: exit when no new coverage finds are made within the specified time period\n"
"AFL_EXPAND_HAVOC_NOW: immediately enable expand havoc mode (default: after 60 minutes and a cycle without finds)\n"
"AFL_FAST_CAL: limit the calibration stage to three cycles for speedup\n"
"AFL_FORCE_UI: force showing the status screen (for virtual consoles)\n"
@@ -1607,7 +1607,7 @@
read_testcases(afl, NULL);
// read_foreign_testcases(afl, 1); for the moment dont do this
- OKF("Loaded a total of %u seeds.", afl->queued_paths);
+ OKF("Loaded a total of %u seeds.", afl->queued_items);
pivot_inputs(afl);
@@ -1929,7 +1929,7 @@
// ensure we have at least one seed that is not disabled.
u32 entry, valid_seeds = 0;
- for (entry = 0; entry < afl->queued_paths; ++entry)
+ for (entry = 0; entry < afl->queued_items; ++entry)
if (!afl->queue_buf[entry]->disabled) { ++valid_seeds; }
if (!afl->pending_not_fuzzed || !valid_seeds) {
@@ -1951,7 +1951,7 @@
u64 max_ms = 0;
- for (entry = 0; entry < afl->queued_paths; ++entry)
+ for (entry = 0; entry < afl->queued_items; ++entry)
if (!afl->queue_buf[entry]->disabled)
if (afl->queue_buf[entry]->exec_us > max_ms)
max_ms = afl->queue_buf[entry]->exec_us;
@@ -1993,7 +1993,7 @@
afl->start_time = get_cur_time();
u32 runs_in_current_cycle = (u32)-1;
- u32 prev_queued_paths = 0;
+ u32 prev_queued_items = 0;
u8 skipped_fuzz;
#ifdef INTROSPECTION
@@ -2014,7 +2014,7 @@
cull_queue(afl);
if (unlikely((!afl->old_seed_selection &&
- runs_in_current_cycle > afl->queued_paths) ||
+ runs_in_current_cycle > afl->queued_items) ||
(afl->old_seed_selection && !afl->queue_cur))) {
if (unlikely((afl->last_sync_cycle < afl->queue_cycle ||
@@ -2027,25 +2027,25 @@
++afl->queue_cycle;
runs_in_current_cycle = (u32)-1;
- afl->cur_skipped_paths = 0;
+ afl->cur_skipped_items = 0;
if (unlikely(afl->old_seed_selection)) {
afl->current_entry = 0;
- while (unlikely(afl->current_entry < afl->queued_paths &&
+ while (unlikely(afl->current_entry < afl->queued_items &&
afl->queue_buf[afl->current_entry]->disabled)) {
++afl->current_entry;
}
- if (afl->current_entry >= afl->queued_paths) { afl->current_entry = 0; }
+ if (afl->current_entry >= afl->queued_items) { afl->current_entry = 0; }
afl->queue_cur = afl->queue_buf[afl->current_entry];
if (unlikely(seek_to)) {
- if (unlikely(seek_to >= afl->queued_paths)) {
+ if (unlikely(seek_to >= afl->queued_items)) {
// This should never happen.
FATAL("BUG: seek_to location out of bounds!\n");
@@ -2070,7 +2070,7 @@
/* If we had a full queue cycle with no new finds, try
recombination strategies next. */
- if (unlikely(afl->queued_paths == prev_queued
+ if (unlikely(afl->queued_items == prev_queued
/* FIXME TODO BUG: && (get_cur_time() - afl->start_time) >=
3600 */
)) {
@@ -2148,7 +2148,7 @@
fprintf(afl->introspection_file,
"CYCLE cycle=%llu cycle_wo_finds=%llu expand_havoc=%u queue=%u\n",
afl->queue_cycle, afl->cycles_wo_finds, afl->expand_havoc,
- afl->queued_paths);
+ afl->queued_items);
#endif
if (afl->cycle_schedules) {
@@ -2188,7 +2188,7 @@
}
// we must recalculate the scores of all queue entries
- for (u32 i = 0; i < afl->queued_paths; i++) {
+ for (u32 i = 0; i < afl->queued_items; i++) {
if (likely(!afl->queue_buf[i]->disabled)) {
@@ -2200,7 +2200,7 @@
}
- prev_queued = afl->queued_paths;
+ prev_queued = afl->queued_items;
}
@@ -2210,11 +2210,11 @@
if (likely(!afl->old_seed_selection)) {
- if (unlikely(prev_queued_paths < afl->queued_paths ||
+ if (unlikely(prev_queued_items < afl->queued_items ||
afl->reinit_table)) {
// we have new queue entries since the last run, recreate alias table
- prev_queued_paths = afl->queued_paths;
+ prev_queued_items = afl->queued_items;
create_alias_table(afl);
}
@@ -2230,10 +2230,10 @@
if (unlikely(afl->old_seed_selection)) {
- while (++afl->current_entry < afl->queued_paths &&
+ while (++afl->current_entry < afl->queued_items &&
afl->queue_buf[afl->current_entry]->disabled)
;
- if (unlikely(afl->current_entry >= afl->queued_paths ||
+ if (unlikely(afl->current_entry >= afl->queued_items ||
afl->queue_buf[afl->current_entry] == NULL ||
afl->queue_buf[afl->current_entry]->disabled))
afl->queue_cur = NULL;
@@ -2321,11 +2321,11 @@
u8 time_tmp[64];
u_stringify_time_diff(time_tmp, get_cur_time(), afl->start_time);
ACTF(
- "Statistics: %u new paths found, %.02f%% coverage achieved, %llu "
- "crashes found, %llu timeouts found, total runtime %s",
+ "Statistics: %u new corpus items found, %.02f%% coverage achieved, "
+ "%llu crashes saved, %llu timeouts saved, total runtime %s",
afl->queued_discovered,
- ((double)t_bytes * 100) / afl->fsrv.real_map_size, afl->unique_crashes,
- afl->unique_hangs, time_tmp);
+ ((double)t_bytes * 100) / afl->fsrv.real_map_size, afl->saved_crashes,
+ afl->saved_hangs, time_tmp);
}
