Merge branch 'memcache_marc' into dev

2 files changed, 25 insertions, 0 deletions

diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h
index 45de197d..a3e87129 100644
--- a/include/afl-fuzz.h
+++ b/include/afl-fuzz.h
@@ -168,6 +168,9 @@ struct queue_entry {
 
   double perf_score;                    /* performance score                */
 
+  u8 *testcase_buf;                     /* The testcase buffer, if loaded.  */
+  u32 testcase_refs;                    /* count of users of testcase buf   */
+
   struct queue_entry *next;             /* Next element, if any             */
 
 };
@@ -686,6 +689,12 @@ typedef struct afl_state {
   /* queue entries ready for splicing count (len > 4) */
   u32 ready_for_splicing_count;
 
+  /* How many queue entries currently have cached testcases */
+  u32 q_testcase_cache_count;
+  /* Refs to each queue entry with cached testcase (for eviction, if cache_count
+   * is too large) */
+  struct queue_entry *q_testcase_cache[TESTCASE_CACHE_SIZE];
+
 } afl_state_t;
 
 struct custom_mutator {
@@ -1132,5 +1141,12 @@ static inline u64 next_p2(u64 val) {
 
 }
 
+/* Returns the testcase buf from the file behind this queue entry.
+  Increases the refcount. */
+u8 *queue_testcase_take(afl_state_t *afl, struct queue_entry *q);
+
+/* Tell afl that this testcase may be evicted from the cache */
+void queue_testcase_release(afl_state_t *afl, struct queue_entry *q);
+
 #endif
 
diff --git a/include/config.h b/include/config.h
index 7dd045e3..3f498275 100644
--- a/include/config.h
+++ b/include/config.h
@@ -295,6 +295,15 @@
 
 #define RESEED_RNG 100000
 
+/* The amount of entries in the testcase cache, held in memory.
+Decrease if RAM usage is high. */
+#define TESTCASE_CACHE_SIZE 3072
+
+#if TESTCASE_CACHE_SIZE < 4
+  #error \
+      "Dangerously low cache size: Set TESTCASE_CACHE_SIZE to 4 or more in config.h!"
+#endif
+
 /* Maximum line length passed from GCC to 'as' and used for parsing
    configuration files: */