Execs/Second Extremely Low

[turnerrocks1]

On Ubuntu 20.04 running this fuzzer, Ubuntu ARM64 "Linux" is installed I chose "virtualization" not "emulate" under UTM macOS app. When running fuzzer in that OS it runs flawlessly and fast I believe if i can remember i was getting nearly 800+ exec/second. Now using regular macOS m1 air I only get 10.98 exec/second at first when the fuzzer intially run for like a minute or so it runs at 200+ exec/second which is still extremely slow. Now keep in mind this virtualized Ubuntu running 800+ seconds is running on the same mac m1 air just in a "virtual machine" of sorts? Also to further iterate no I don't have anything open at all other than the terminal running the fuzzer, And i double checked with Activity Monitor and The fuzzer is the only highest memory consuming process running.

[turnerrocks1]

I tried to lookup ways to fix this manually

Now i used that commond after running sudo nice -n -20 ./fuzzilliCli blahblah to prioritize fuzzilliCli as top priority then in a seperate terminal i ranned the Top command and got this bootywarrior@Bootys-MacBook-Air ~ % top

Processes: 398 total, 3 running, 395 sleeping, 1648 threads 13:36:57 Load Avg: 1.65, 2.33, 2.88 CPU usage: 13.93% user, 2.56% sys, 83.49% idle SharedLibs: 428M resident, 86M data, 21M linkedit. MemRegions: 60681 total, 2595M resident, 219M private, 913M shared. PhysMem: 7542M used (1075M wired), 90M unused. VM: 152T vsize, 3778M framework vsize, 13083007(0) swapins, 13185152(0) swapouts Networks: packets: 22502388/31G in, 4352319/335M out. Disks: 21438107/444G read, 3448890/318G written.

PID COMMAND %CPU TIME #TH #WQ #PORT MEM PURG CMPRS PGRP 35710 FuzzilliCli 98.0 01:42.81 2/1 1 26 1731M+ 0B 0B 35709

[turnerrocks1]

Go figures doing the nice command aint work neither

[2D7A7A84:Fuzzer] Let's go! Fuzzer Statistics

Total Samples: 0 Interesting Samples Found: 1008 Valid Samples Found: 0 Corpus Size: 966 Correctness Rate: nan% Timeout Rate: nan% Crashes Found: 0 Timeouts Hit: 0 Coverage: 13.74% Avg. program size: 0.00 Connected workers: 1 Execs / Second: 183.42 Fuzzer Overhead: 12.84% Total Execs: 35249

Fuzzer Statistics

Total Samples: 4 Interesting Samples Found: 1695 Valid Samples Found: 0 Corpus Size: 1653 Correctness Rate: 0.00% Timeout Rate: 50.00% Crashes Found: 0 Timeouts Hit: 2 Coverage: 13.74% Avg. program size: 73.75 Connected workers: 1 Execs / Second: 177.35 Fuzzer Overhead: 24.85% Total Execs: 45126

Fuzzer Statistics

Total Samples: 4 Interesting Samples Found: 2103 Valid Samples Found: 0 Corpus Size: 2060 Correctness Rate: 0.00% Timeout Rate: 50.00% Crashes Found: 0 Timeouts Hit: 2 Coverage: 13.74% Avg. program size: 73.75 Connected workers: 1 Execs / Second: 174.06 Fuzzer Overhead: 28.24% Total Execs: 50501

Fuzzer Statistics

Total Samples: 110 Interesting Samples Found: 2344 Valid Samples Found: 58 Corpus Size: 2301 Correctness Rate: 52.73% Timeout Rate: 9.09% Crashes Found: 0 Timeouts Hit: 10 Coverage: 13.74% Avg. program size: 1188.10 Connected workers: 1 Execs / Second: 79.59 Fuzzer Overhead: 35.73% Total Execs: 56712

[turnerrocks1]

Why not use posix_spawn instead of fork? https://blog.famzah.net/2018/12/19/posix_spawn-performance-benchmarks-and-usage-examples/ referencing librepl-posix.c

[saelo]

<10 execs/s is pretty normal for JavaScript engines. I usually use something like 250-500 CPUs for fuzzing. Fuzzilli already uses a "persistence mode" in which a process is reused multiple times before creating a new one, thus minimizing the process creation overhead. See REPRL. We also can't use something like posix_spawn as there's a bunch of stuff that needs to happen after fork but before exec. See here.

[turnerrocks1]

@saelo Hmmmm well thats strange then how come the execs/second is wayyy higher on Ubuntu "linux" using the same computer sounds like a mac only slowness to me number 1 reason why i despise it