pkg/fuzzer: display hints job info

This will let us gain even more insight into what the fuzzer is doing.

4 files changed, 32 insertions, 5 deletions

diff --git a/pkg/fuzzer/job.go b/pkg/fuzzer/job.go
index 44858d720..d1bac5054 100644
--- a/pkg/fuzzer/job.go
+++ b/pkg/fuzzer/job.go
@@ -193,6 +193,11 @@ func (job *triageJob) handleCall(call int, info *triageCall) {
 				exec: job.fuzzer.smashQueue,
 				p:    p.Clone(),
 				call: call,
+				info: &JobInfo{
+					Name:  p.String(),
+					Type:  "hints",
+					Calls: []string{p.CallName(call)},
+				},
 			})
 		}
 		if job.fuzzer.Config.FaultInjection && call >= 0 {
@@ -517,12 +522,14 @@ type hintsJob struct {
 	exec queue.Executor
 	p    *prog.Prog
 	call int
+	info *JobInfo
 }
 
 func (job *hintsJob) run(fuzzer *Fuzzer) {
 	// First execute the original program several times to get comparisons from KCOV.
 	// Additional executions lets us filter out flaky values, which seem to constitute ~30-40%.
 	p := job.p
+	job.info.Logf("\n%s", p.Serialize())
 
 	var comps prog.CompMap
 	for i := 0; i < 3; i++ {
@@ -534,6 +541,7 @@ func (job *hintsJob) run(fuzzer *Fuzzer) {
 		if result.Stop() {
 			return
 		}
+		job.info.Execs.Add(1)
 		if result.Info == nil || len(result.Info.Calls[job.call].Comps) == 0 {
 			continue
 		}
@@ -548,13 +556,16 @@ func (job *hintsJob) run(fuzzer *Fuzzer) {
 		}
 	}
 
+	job.info.Logf("stable comps: %d", comps.Len())
 	fuzzer.hintsLimiter.Limit(comps)
+	job.info.Logf("stable comps (after the hints limiter): %d", comps.Len())
 
 	// Then mutate the initial program for every match between
 	// a syscall argument and a comparison operand.
 	// Execute each of such mutants to check if it gives new coverage.
 	p.MutateWithHints(job.call, comps,
 		func(p *prog.Prog) bool {
+			defer job.info.Execs.Add(1)
 			result := fuzzer.execute(job.exec, &queue.Request{
 				Prog:     p,
 				ExecOpts: setFlags(flatrpc.ExecFlagCollectSignal),
@@ -564,6 +575,10 @@ func (job *hintsJob) run(fuzzer *Fuzzer) {
 		})
 }
 
+func (job *hintsJob) getInfo() *JobInfo {
+	return job.info
+}
+
 type syncBuffer struct {
 	mu  sync.Mutex
 	buf bytes.Buffer
diff --git a/pkg/fuzzer/stats.go b/pkg/fuzzer/stats.go
index f0039d500..7990f8b13 100644
--- a/pkg/fuzzer/stats.go
+++ b/pkg/fuzzer/stats.go
@@ -41,8 +41,9 @@ func newStats() Stats {
 		statJobsSmash: stat.New("smash jobs", "Running smash jobs", stat.StackedGraph("jobs"),
 			stat.Link("/jobs?type=smash")),
 		statJobsFaultInjection: stat.New("fault jobs", "Running fault injection jobs", stat.StackedGraph("jobs")),
-		statJobsHints:          stat.New("hints jobs", "Running hints jobs", stat.StackedGraph("jobs")),
-		statExecTime:           stat.New("prog exec time", "Test program execution time (ms)", stat.Distribution{}),
+		statJobsHints: stat.New("hints jobs", "Running hints jobs", stat.StackedGraph("jobs"),
+			stat.Link("/jobs?type=hints")),
+		statExecTime: stat.New("prog exec time", "Test program execution time (ms)", stat.Distribution{}),
 		statExecGenerate: stat.New("exec gen", "Executions of generated programs", stat.Rate{},
 			stat.StackedGraph("exec")),
 		statExecFuzz: stat.New("exec fuzz", "Executions of mutated programs",
diff --git a/prog/hints.go b/prog/hints.go
index c054b9852..a02d2d123 100644
--- a/prog/hints.go
+++ b/prog/hints.go
@@ -65,6 +65,16 @@ func (m CompMap) String() string {
 	return buf.String()
 }
 
+func (m CompMap) Len() int {
+	var count int
+	for _, nested := range m {
+		for _, nested2 := range nested {
+			count += len(nested2)
+		}
+	}
+	return count
+}
+
 // InplaceIntersect() only leaves the value pairs that are also present in other.
 func (m CompMap) InplaceIntersect(other CompMap) {
 	for val1, nested := range m {
diff --git a/syz-manager/http.go b/syz-manager/http.go
index 4e4b92d00..7c01b9ca5 100644
--- a/syz-manager/http.go
+++ b/syz-manager/http.go
@@ -668,12 +668,13 @@ func (mgr *Manager) httpJobs(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	jobType := r.FormValue("type")
-	data := UIJobList{}
+	data := UIJobList{
+		Title: fmt.Sprintf("%s jobs", jobType),
+	}
 	switch jobType {
 	case "triage":
-		data.Title = "triage jobs"
 	case "smash":
-		data.Title = "smash jobs"
+	case "hints":
 	default:
 		http.Error(w, "unknown job type", http.StatusBadRequest)
 		return