From 287d6acfa17f708fb2d6aecfa4de231a41a1dd12 Mon Sep 17 00:00:00 2001
From: Aleksandr Nogikh <nogikh@google.com>
Date: Mon, 2 Sep 2024 11:53:30 +0200
Subject: pkg/fuzzer: display hints job info

This will let us gain even more insight into what the fuzzer is doing.
---
 pkg/fuzzer/job.go   | 15 +++++++++++++++
 pkg/fuzzer/stats.go |  5 +++--
 2 files changed, 18 insertions(+), 2 deletions(-)

(limited to 'pkg/fuzzer')

diff --git a/pkg/fuzzer/job.go b/pkg/fuzzer/job.go
index 44858d720..d1bac5054 100644
--- a/pkg/fuzzer/job.go
+++ b/pkg/fuzzer/job.go
@@ -193,6 +193,11 @@ func (job *triageJob) handleCall(call int, info *triageCall) {
 				exec: job.fuzzer.smashQueue,
 				p:    p.Clone(),
 				call: call,
+				info: &JobInfo{
+					Name:  p.String(),
+					Type:  "hints",
+					Calls: []string{p.CallName(call)},
+				},
 			})
 		}
 		if job.fuzzer.Config.FaultInjection && call >= 0 {
@@ -517,12 +522,14 @@ type hintsJob struct {
 	exec queue.Executor
 	p    *prog.Prog
 	call int
+	info *JobInfo
 }
 
 func (job *hintsJob) run(fuzzer *Fuzzer) {
 	// First execute the original program several times to get comparisons from KCOV.
 	// Additional executions lets us filter out flaky values, which seem to constitute ~30-40%.
 	p := job.p
+	job.info.Logf("\n%s", p.Serialize())
 
 	var comps prog.CompMap
 	for i := 0; i < 3; i++ {
@@ -534,6 +541,7 @@ func (job *hintsJob) run(fuzzer *Fuzzer) {
 		if result.Stop() {
 			return
 		}
+		job.info.Execs.Add(1)
 		if result.Info == nil || len(result.Info.Calls[job.call].Comps) == 0 {
 			continue
 		}
@@ -548,13 +556,16 @@ func (job *hintsJob) run(fuzzer *Fuzzer) {
 		}
 	}
 
+	job.info.Logf("stable comps: %d", comps.Len())
 	fuzzer.hintsLimiter.Limit(comps)
+	job.info.Logf("stable comps (after the hints limiter): %d", comps.Len())
 
 	// Then mutate the initial program for every match between
 	// a syscall argument and a comparison operand.
 	// Execute each of such mutants to check if it gives new coverage.
 	p.MutateWithHints(job.call, comps,
 		func(p *prog.Prog) bool {
+			defer job.info.Execs.Add(1)
 			result := fuzzer.execute(job.exec, &queue.Request{
 				Prog:     p,
 				ExecOpts: setFlags(flatrpc.ExecFlagCollectSignal),
@@ -564,6 +575,10 @@ func (job *hintsJob) run(fuzzer *Fuzzer) {
 		})
 }
 
+func (job *hintsJob) getInfo() *JobInfo {
+	return job.info
+}
+
 type syncBuffer struct {
 	mu  sync.Mutex
 	buf bytes.Buffer
diff --git a/pkg/fuzzer/stats.go b/pkg/fuzzer/stats.go
index f0039d500..7990f8b13 100644
--- a/pkg/fuzzer/stats.go
+++ b/pkg/fuzzer/stats.go
@@ -41,8 +41,9 @@ func newStats() Stats {
 		statJobsSmash: stat.New("smash jobs", "Running smash jobs", stat.StackedGraph("jobs"),
 			stat.Link("/jobs?type=smash")),
 		statJobsFaultInjection: stat.New("fault jobs", "Running fault injection jobs", stat.StackedGraph("jobs")),
-		statJobsHints:          stat.New("hints jobs", "Running hints jobs", stat.StackedGraph("jobs")),
-		statExecTime:           stat.New("prog exec time", "Test program execution time (ms)", stat.Distribution{}),
+		statJobsHints: stat.New("hints jobs", "Running hints jobs", stat.StackedGraph("jobs"),
+			stat.Link("/jobs?type=hints")),
+		statExecTime: stat.New("prog exec time", "Test program execution time (ms)", stat.Distribution{}),
 		statExecGenerate: stat.New("exec gen", "Executions of generated programs", stat.Rate{},
 			stat.StackedGraph("exec")),
 		statExecFuzz: stat.New("exec fuzz", "Executions of mutated programs",
-- 
cgit mrf-deployment