From a1bdb604cca448c8123f6151ec9f51213e600ebd Mon Sep 17 00:00:00 2001 From: Dmitry Vyukov Date: Tue, 17 Oct 2017 15:00:01 +0200 Subject: syz-manager: extend periodic messages Add coverage and number of reproducing programs to the periodic messages. When all machines are busy reproducing crashes, it appears that syz-manager hanged as number of executed programs does not increase. Coverage is just a nice characteristic. Also print machine check message, it appears once and contains useful info. --- docs/setup.md | 8 ++++---- syz-manager/manager.go | 45 ++++++++++++++++++++++++++------------------- 2 files changed, 30 insertions(+), 23 deletions(-) diff --git a/docs/setup.md b/docs/setup.md index 26c06062a..d02209b35 100644 --- a/docs/setup.md +++ b/docs/setup.md @@ -20,10 +20,10 @@ $ ./bin/syz-manager -config=my.cfg 2017/06/14 16:39:05 booting test machines... 2017/06/14 16:39:05 wait for the connection from test machine... 2017/06/14 16:39:59 received first connection from test machine vm-9 -2017/06/14 16:40:05 executed programs: 9, crashes: 0 -2017/06/14 16:40:15 executed programs: 13, crashes: 0 -2017/06/14 16:40:25 executed programs: 15042, crashes: 0 -2017/06/14 16:40:35 executed programs: 24391, crashes: 0 +2017/06/14 16:40:05 executed 293, cover 43260, crashes 0, repro 0 +2017/06/14 16:40:15 executed 5992, cover 88463, crashes 0, repro 0 +2017/06/14 16:40:25 executed 10959, cover 116991, crashes 0, repro 0 +2017/06/14 16:40:35 executed 15504, cover 132403, crashes 0, repro 0 ``` More information on the configuration file format is available [here](configuration.md). diff --git a/syz-manager/manager.go b/syz-manager/manager.go index 7ead9e64c..fc6e49884 100644 --- a/syz-manager/manager.go +++ b/syz-manager/manager.go @@ -41,22 +41,23 @@ var ( ) type Manager struct { - cfg *mgrconfig.Config - vmPool *vm.Pool - target *prog.Target - crashdir string - port int - corpusDB *db.DB - startTime time.Time - firstConnect time.Time - lastPrioCalc time.Time - fuzzingTime time.Duration - stats map[string]uint64 - crashTypes map[string]bool - vmStop chan bool - vmChecked bool - fresh bool - numFuzzing uint32 + cfg *mgrconfig.Config + vmPool *vm.Pool + target *prog.Target + crashdir string + port int + corpusDB *db.DB + startTime time.Time + firstConnect time.Time + lastPrioCalc time.Time + fuzzingTime time.Duration + stats map[string]uint64 + crashTypes map[string]bool + vmStop chan bool + vmChecked bool + fresh bool + numFuzzing uint32 + numReproducing uint32 dash *dashapi.Dashboard @@ -262,8 +263,12 @@ func RunManager(cfg *mgrconfig.Config, target *prog.Target, syscalls map[int]boo mgr.fuzzingTime += diff * time.Duration(atomic.LoadUint32(&mgr.numFuzzing)) executed := mgr.stats["exec total"] crashes := mgr.stats["crashes"] + signal := len(mgr.corpusSignal) mgr.mu.Unlock() - Logf(0, "executed programs: %v, crashes: %v", executed, crashes) + numReproducing := atomic.LoadUint32(&mgr.numReproducing) + + Logf(0, "executed %v, cover %v, crashes %v, repro %v", + executed, signal, crashes, numReproducing) } }() @@ -415,6 +420,7 @@ func (mgr *Manager) vmLoop() { vmIndexes := append([]int{}, instances[len(instances)-instancesPerRepro:]...) instances = instances[:len(instances)-instancesPerRepro] reproInstances += instancesPerRepro + atomic.AddUint32(&mgr.numReproducing, 1) Logf(1, "loop: starting repro of '%v' on instances %+v", crash.desc, vmIndexes) go func() { res, err := repro.Run(crash.log, mgr.cfg, mgr.vmPool, vmIndexes) @@ -459,6 +465,7 @@ func (mgr *Manager) vmLoop() { } } case res := <-reproDone: + atomic.AddUint32(&mgr.numReproducing, ^uint32(0)) crepro := false desc := "" if res.res != nil { @@ -869,8 +876,8 @@ func (mgr *Manager) Check(a *CheckArgs, r *int) error { if mgr.vmChecked { return nil } - Logf(1, "fuzzer %v vm check: %v calls enabled, kcov=%v, kleakcheck=%v, faultinjection=%v, compsenabled=%v", - a.Name, len(a.Calls), a.Kcov, a.Leak, a.Fault, a.CompsSupported) + Logf(0, "machine check: %v calls enabled, kcov=%v, kleakcheck=%v, faultinjection=%v, comps=%v", + len(a.Calls), a.Kcov, a.Leak, a.Fault, a.CompsSupported) if len(a.Calls) == 0 { Fatalf("no system calls enabled") } -- cgit mrf-deployment