main: add coarse timing measurements

2025-12-12 15:49:46 -08:00 · 2021-11-04 12:38:35 -06:00
parent ed3bd4ef75
commit f98236046b
1 changed files with 31 additions and 24 deletions
--- a/capa/main.py
+++ b/capa/main.py
@@ -168,27 +168,28 @@ def find_capabilities(ruleset: RuleSet, extractor: FeatureExtractor, disable_pro
    n_funcs = len(functions)

    pb = pbar(functions, desc="matching", unit=" functions", postfix="skipped 0 library functions")
-    for f in pb:
-        function_address = int(f)
+    with timing("match functions"):
+        for f in pb:
+            function_address = int(f)

-        if extractor.is_library_function(function_address):
-            function_name = extractor.get_function_name(function_address)
-            logger.debug("skipping library function 0x%x (%s)", function_address, function_name)
-            meta["library_functions"][function_address] = function_name
-            n_libs = len(meta["library_functions"])
-            percentage = 100 * (n_libs / n_funcs)
-            if isinstance(pb, tqdm.tqdm):
-                pb.set_postfix_str("skipped %d library functions (%d%%)" % (n_libs, percentage))
-            continue
+            if extractor.is_library_function(function_address):
+                function_name = extractor.get_function_name(function_address)
+                logger.debug("skipping library function 0x%x (%s)", function_address, function_name)
+                meta["library_functions"][function_address] = function_name
+                n_libs = len(meta["library_functions"])
+                percentage = 100 * (n_libs / n_funcs)
+                if isinstance(pb, tqdm.tqdm):
+                    pb.set_postfix_str("skipped %d library functions (%d%%)" % (n_libs, percentage))
+                continue

-        function_matches, bb_matches, feature_count = find_function_capabilities(ruleset, extractor, f)
-        meta["feature_counts"]["functions"][function_address] = feature_count
-        logger.debug("analyzed function 0x%x and extracted %d features", function_address, feature_count)
+            function_matches, bb_matches, feature_count = find_function_capabilities(ruleset, extractor, f)
+            meta["feature_counts"]["functions"][function_address] = feature_count
+            logger.debug("analyzed function 0x%x and extracted %d features", function_address, feature_count)

-        for rule_name, res in function_matches.items():
-            all_function_matches[rule_name].extend(res)
-        for rule_name, res in bb_matches.items():
-            all_bb_matches[rule_name].extend(res)
+            for rule_name, res in function_matches.items():
+                all_function_matches[rule_name].extend(res)
+            for rule_name, res in bb_matches.items():
+                all_bb_matches[rule_name].extend(res)

    # collection of features that captures the rule matches within function and BB scopes.
    # mapping from feature (matched rule) to set of addresses at which it matched.
@@ -198,7 +199,8 @@ def find_capabilities(ruleset: RuleSet, extractor: FeatureExtractor, disable_pro
        rule = ruleset[rule_name]
        capa.engine.index_rule_matches(function_and_lower_features, rule, locations)

-    all_file_matches, feature_count = find_file_capabilities(ruleset, extractor, function_and_lower_features)
+    with timing("match file"):
+        all_file_matches, feature_count = find_file_capabilities(ruleset, extractor, function_and_lower_features)
    meta["feature_counts"]["file"] = feature_count

    matches = {
@@ -410,9 +412,11 @@ def get_workspace(path, format, sigpaths):
    else:
        raise ValueError("unexpected format: " + format)

-    viv_utils.flirt.register_flirt_signature_analyzers(vw, sigpaths)
+    with timing("load FLIRT"):
+        viv_utils.flirt.register_flirt_signature_analyzers(vw, sigpaths)

-    vw.analyze()
+    with timing("viv analyze"):
+        vw.analyze()

    logger.debug("%s", get_meta_str(vw))
    return vw
@@ -900,8 +904,10 @@ def main(argv=None):
        return E_MISSING_FILE

    try:
-        rules = get_rules(args.rules, disable_progress=args.quiet)
-        rules = capa.rules.RuleSet(rules)
+        with timing("load rules"):
+            rules = get_rules(args.rules, disable_progress=args.quiet)
+            rules = capa.rules.RuleSet(rules)
+
        logger.debug(
            "successfully loaded %s rules",
            # during the load of the RuleSet, we extract subscope statements into their own rules
@@ -1013,7 +1019,8 @@ def main(argv=None):

    meta = collect_metadata(argv, args.sample, args.rules, extractor)

-    capabilities, counts = find_capabilities(rules, extractor, disable_progress=args.quiet)
+    with timing("find capabilities"):
+        capabilities, counts = find_capabilities(rules, extractor, disable_progress=args.quiet)
    meta["analysis"].update(counts)
    meta["analysis"]["layout"] = compute_layout(rules, extractor, capabilities)