testcase cache added

2 files changed, 23 insertions, 0 deletions

diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h
index fb661ce5..46da8c7d 100644
--- a/include/afl-fuzz.h
+++ b/include/afl-fuzz.h
@@ -162,6 +162,9 @@ struct queue_entry {
   u8 *trace_mini;                       /* Trace bytes, if kept             */
   u32 tc_ref;                           /* Trace bytes ref count            */
 
+  u8 *testcase_buf;                     /* The testcase buffer, if loaded.  */
+  u32 testcase_refs;                             /* count of users of testcase buf   */
+
   struct queue_entry *next;             /* Next element, if any             */
 
 };
@@ -664,6 +667,11 @@ typedef struct afl_state {
   /* queue entries ready for splicing count (len > 4) */
   u32 ready_for_splicing_count;
 
+  /* How many queue entries currently have cached testcases */
+  u32 q_testcase_cache_count;
+  /* Refs to each queue entry with cached testcase (for eviction, if cache_count is too large) */
+  struct queue_entry *q_testcase_cache[TESTCASE_CACHE_SIZE];
+
 } afl_state_t;
 
 struct custom_mutator {
@@ -1101,5 +1109,12 @@ static inline u64 next_p2(u64 val) {
 
 }
 
+/* Returns the testcase buf from the file behind this queue entry.
+  Increases the refcount. */
+u8 *queue_testcase_take(afl_state_t *afl, struct queue_entry *q);
+
+/* Tell afl that this testcase may be evicted from the cache */
+void queue_testcase_release(afl_state_t *afl, struct queue_entry *q);
+
 #endif
 
diff --git a/include/config.h b/include/config.h
index 7c8e0c7d..38a734ce 100644
--- a/include/config.h
+++ b/include/config.h
@@ -295,6 +295,14 @@
 
 #define RESEED_RNG 100000
 
+/* The amount of entries in the testcase cache, held in memory.
+Decrease if RAM usage is high. */
+#define TESTCASE_CACHE_SIZE 2048
+
+#if TESTCASE_CACHE_SIZE < 4
+  #error "Dangerously low cache size: Set TESTCASE_CACHE_SIZE to 4 or more in config.h!
+#endif
+
 /* Maximum line length passed from GCC to 'as' and used for parsing
    configuration files: */