Add the coverage data

Vincebye · Sep 20, 2023 · a54c475 · a54c475
1 parent 7f1a99a
commit a54c475
Show file tree

Hide file tree

Showing 7 changed files with 17 additions and 12 deletions.
diff --git a/crash_93824992241011 b/crash_93824992241011
diff --git a/crash_93824992252474 b/crash_93824992252474
diff --git a/crash_93824992261504 b/crash_93824992261504
diff --git a/crash_93824992261577 b/crash_93824992261577
diff --git a/src/forkserver.rs b/src/forkserver.rs
@@ -1,7 +1,7 @@
 use nix::sys::ptrace;
 use nix::sys::wait::{wait, waitpid, WaitStatus};
 use nix::unistd::{fork, ForkResult, Pid};
-use std::collections::HashMap;
+use std::collections::{HashMap, HashSet};
 use std::fs;
 use std::io::{BufRead, BufReader};
 use std::os::unix::process::CommandExt;
@@ -40,13 +40,13 @@ fn restore_breakpoint(pid: Pid, addr: u64, orig_value: i64) {
         ptrace::write(pid, addr as *mut c_void, orig_value as *mut c_void).unwrap();
     }
 }
-fn handle_sigstop(pid: Pid, saved_values: &HashMap<u64, i64>, trace: &mut Vec<u64>) {
+fn handle_sigstop(pid: Pid, saved_values: &HashMap<u64, i64>, trace: &mut Vec<u64>,hit_breakpoints:&mut HashSet<u64>) {
     let mut regs = ptrace::getregs(pid).unwrap();
     println!("Hit breakpoint at 0x{:x}", regs.rip - 1);
+    hit_breakpoints.insert(regs.rip - 1);
     match saved_values.get(&(regs.rip - 1)) {
         Some(orig) => {
             restore_breakpoint(pid, regs.rip - 1, *orig);
-
             // rewind rip
             regs.rip -= 1;
             trace.push(regs.rip);
@@ -120,6 +120,7 @@ pub fn run_child(
 pub fn run_parent(
     pid: Pid,
     bp_mapping: &HashMap<u64, i64>,
+    hit_breakpoints:&mut HashSet<u64>
 ) -> ParentStatus {
     //cal converage
 
@@ -129,7 +130,7 @@ pub fn run_parent(
         match waitpid(pid, None) {
             Ok(WaitStatus::Stopped(pid_t, sig_num)) => match sig_num {
                 Signal::SIGTRAP => {
-                    handle_sigstop(pid_t, &bp_mapping, &mut trace);
+                    handle_sigstop(pid_t, &bp_mapping, &mut trace,hit_breakpoints);
                 }
 
                 Signal::SIGSEGV => {

diff --git a/src/main.rs b/src/main.rs
@@ -1,5 +1,6 @@
 use clap::{Arg, Command};
 use nix::unistd::{fork, ForkResult, Pid};
+use std::collections::HashSet;
 use std::path::Path;
 use std::{
     collections::HashMap,
@@ -8,7 +9,6 @@ use std::{
     time::Instant,
 };
 mod config;
-mod execute;
 mod forkserver;
 mod mutate;
 
@@ -56,14 +56,15 @@ fn main() -> io::Result<()> {
     let mut sample_pool:Vec<mutate::Sample>=vec!();
     let mut stats = FuzzingStats::default();
     let mut bp_mapping: HashMap<u64, i64> = HashMap::new();
+    let mut hit_breakpoints:HashSet<u64>=HashSet::new();
     let start = Instant::now();
     let mut flag=true;
     while flag {
         for mut sample in &mut mutator{
             sample.materialize_sample(FILE);
             let child = forkserver::run_child(&runtime_config, &mut bp_mapping,FILE);
             stats.execute_count += 1;
-            match forkserver::run_parent(child, &bp_mapping){
+            match forkserver::run_parent(child, &bp_mapping,&mut hit_breakpoints){
                 forkserver::ParentStatus::Finished(trace)=>{
                     sample.add_trace(trace);
                     sample_pool.push(sample);
@@ -81,9 +82,12 @@ fn main() -> io::Result<()> {
 
     }
     let elapsed = start.elapsed().as_secs_f64();
-    print!("[{:10.2}] cases {:10} | fcps  {:10.2} | crashes {:10}\n",
+    let hit_breakpoint=hit_breakpoints.capacity() as f64;
+    let all_breakpoints=runtime_config.bpmap.capacity() as f64;
+    println!("[{:10.2}] cases {:10} | speed  {:10.2} | crashes {:10} | HitBreakpoints {:10}] |Coverage Rate {:10.2}%",
             elapsed, stats.execute_count, 
-            stats.execute_count as f64/ elapsed, stats.crash_count);
+            stats.execute_count as f64/ elapsed, stats.crash_count,hit_breakpoints.capacity(),(hit_breakpoint/all_breakpoints)*100.0);
+
     Ok(())
 
 }
diff --git a/src/mutate.rs b/src/mutate.rs
@@ -35,10 +35,10 @@ impl Mutator {
             match &sample.trace {
                 Some(trace) => {
                     if !self.trace_list.contains(trace) {
-                        println!(
-                            "[-]New coverage for input {:?} [{:?}]",
-                            sample.data, sample.method
-                        );
+                        // println!(
+                        //     "[-]New coverage for input {:?} [{:?}]",
+                        //     sample.data, sample.method
+                        // );
                         self.trace_list.insert(trace.clone());
                         self.corpus.push(sample.clone());
                     }