From 560aab6302c02e982ac9cd6f0495422c8e365fa6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ulf=20Karg=C3=A9n?= <ulf.kargen@liu.se>
Date: Wed, 15 Nov 2023 02:29:37 +0100
Subject: [PATCH] new sync delay implementation
---
include/afl-fuzz.h | 3 ++-
src/afl-fuzz-init.c | 6 ++++++
src/afl-fuzz-one.c | 2 ++
src/afl-fuzz-queue.c | 3 +++
src/afl-fuzz-run.c | 22 ++++++++++++++--------
5 files changed, 27 insertions(+), 9 deletions(-)
diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h
index f7d564b6..f48754b6 100644
--- a/include/afl-fuzz.h
+++ b/include/afl-fuzz.h
@@ -184,7 +184,8 @@ struct queue_entry {
handicap, /* Number of queue cycles behind */
depth, /* Path depth */
exec_cksum, /* Checksum of the execution trace */
- stats_mutated; /* stats: # of mutations performed */
+ stats_mutated, /* stats: # of mutations performed */
+ first_fuzz; /* Time of first fuzzing */
u8 *trace_mini; /* Trace bytes, if kept */
u32 tc_ref; /* Trace bytes ref count */
diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c
index d600fff2..d4350420 100644
--- a/src/afl-fuzz-init.c
+++ b/src/afl-fuzz-init.c
@@ -902,6 +902,8 @@ void perform_dry_run(afl_state_t *afl) {
}
+ u64 runtime = afl->prev_run_time + get_cur_time() - afl->start_time;
+
switch (res) {
case FSRV_RUN_OK:
@@ -928,6 +930,7 @@ void perform_dry_run(afl_state_t *afl) {
--afl->pending_not_fuzzed;
--afl->active_items;
+ q->first_fuzz = runtime;
mark_as_fuzzed(afl, q);
}
@@ -1061,6 +1064,7 @@ void perform_dry_run(afl_state_t *afl) {
--afl->pending_not_fuzzed;
--afl->active_items;
+ q->first_fuzz = runtime;
mark_as_fuzzed(afl, q);
}
@@ -1182,6 +1186,7 @@ void perform_dry_run(afl_state_t *afl) {
--afl->pending_not_fuzzed;
--afl->active_items;
+ p->first_fuzz = runtime;
mark_as_fuzzed(afl, p);
}
@@ -1197,6 +1202,7 @@ void perform_dry_run(afl_state_t *afl) {
--afl->pending_not_fuzzed;
--afl->active_items;
+ q->first_fuzz = runtime;
mark_as_fuzzed(afl, q);
}
diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c
index 9496a052..53f6e447 100644
--- a/src/afl-fuzz-one.c
+++ b/src/afl-fuzz-one.c
@@ -3091,6 +3091,8 @@ abandon_entry:
afl->reinit_table = 1;
if (afl->queue_cur->favored) { --afl->pending_favored; }
+ afl->queue_cur->first_fuzz =
+ afl->prev_run_time + get_cur_time() - afl->start_time;
mark_as_fuzzed(afl, afl->queue_cur);
}
diff --git a/src/afl-fuzz-queue.c b/src/afl-fuzz-queue.c
index b57fe0e9..e5282517 100644
--- a/src/afl-fuzz-queue.c
+++ b/src/afl-fuzz-queue.c
@@ -302,6 +302,9 @@ void mark_as_fuzzed(afl_state_t *afl, struct queue_entry *q) {
fd = open(fn, O_WRONLY | O_CREAT | O_EXCL, DEFAULT_PERMISSION);
if (fd < 0) { PFATAL("Unable to create '%s'", fn); }
+
+ ck_write(fd, &q->first_fuzz, sizeof(u64), fn);
+
close(fd);
}
diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c
index eef580a5..7dc669b5 100644
--- a/src/afl-fuzz-run.c
+++ b/src/afl-fuzz-run.c
@@ -780,9 +780,9 @@ void sync_fuzzers(afl_state_t *afl) {
for (o = m; o < n; o++) {
- s32 fd;
+ s32 fd, wf_fd;
struct stat st;
- struct stat wf_st;
+ u64 ftime;
u8 skip;
snprintf(path, sizeof(path), "%s/%s", qd_path, namelist[o]->d_name);
@@ -793,16 +793,20 @@ void sync_fuzzers(afl_state_t *afl) {
if (afl->afl_env.afl_delay_sync) {
- u64 cycle_time = (get_cur_time() -
- (!afl->last_sync_time ? afl->start_time : afl->last_sync_time)) / 1000;
+ u64 cycle_time = get_cur_time() -
+ (!afl->last_sync_time ? afl->start_time : afl->last_sync_time);
+
+ u64 runtime = afl->prev_run_time + get_cur_time() - afl->start_time;
snprintf(wf_path, sizeof(wf_path), "%s/.state/was_fuzzed/%s",
qd_path, namelist[o]->d_name);
- if (lstat(wf_path, &wf_st) ||
- ((u64)wf_st.st_mtime >
- get_cur_time() / 1000 - SYNC_DELAY_CYCLES * cycle_time)) {
-
+ wf_fd = open(wf_path, O_RDONLY);
+
+ if (wf_fd < 0 ||
+ read(wf_fd, &ftime, sizeof(u64)) != sizeof(u64) ||
+ ftime > runtime - SYNC_DELAY_CYCLES * cycle_time) {
+
skip = 1;
/* All entries beyond this one would need to be retried at the next
@@ -813,6 +817,8 @@ void sync_fuzzers(afl_state_t *afl) {
ck_write(id_fd, &next_min_accept, sizeof(u32), qd_synced_path);
}
+ close(wf_fd);
+
}
afl->syncing_case = next_min_accept;
--
GitLab