added andrea's splicing, added cycle_schedules

3 files changed, 32 insertions, 4 deletions

diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h
index adab8155..96d3d9f4 100644
--- a/include/afl-fuzz.h
+++ b/include/afl-fuzz.h
@@ -139,7 +139,8 @@ struct queue_entry {
       var_behavior,                     /* Variable behavior?               */
       favored,                          /* Currently favored?               */
       fs_redundant,                     /* Marked as redundant in the fs?   */
-      fully_colorized;                  /* Do not run redqueen stage again  */
+      fully_colorized,                  /* Do not run redqueen stage again  */
+      is_ascii;                         /* Is the input just ascii text?    */
 
   u32 bitmap_size,                      /* Number of bits set in bitmap     */
       fuzz_level;                       /* Number of fuzzing iterations     */
@@ -333,7 +334,7 @@ typedef struct afl_env_vars {
       afl_dumb_forksrv, afl_import_first, afl_custom_mutator_only, afl_no_ui,
       afl_force_ui, afl_i_dont_care_about_missing_crashes, afl_bench_just_one,
       afl_bench_until_crash, afl_debug_child_output, afl_autoresume,
-      afl_cal_fast;
+      afl_cal_fast, afl_cycle_schedules;
 
   u8 *afl_tmpdir, *afl_custom_mutator_library, *afl_python_module, *afl_path,
       *afl_hang_tmout, *afl_skip_crashes, *afl_preload;
@@ -454,7 +455,9 @@ typedef struct afl_state {
       fixed_seed,                       /* do not reseed                    */
       fast_cal,                         /* Try to calibrate faster?         */
       disable_trim,                     /* Never trim in fuzz_one           */
-      shmem_testcase_mode;              /* If sharedmem testcases are used  */
+      shmem_testcase_mode,              /* If sharedmem testcases are used  */
+      expand_havoc,                /* perform expensive havoc after no find */
+      cycle_schedules;                  /* cycle power schedules ?          */
 
   u8 *virgin_bits,                      /* Regions yet untouched by fuzzing */
       *virgin_tmout,                    /* Bits we haven't seen in tmouts   */
@@ -548,7 +551,7 @@ typedef struct afl_state {
 
   // growing buf
   struct queue_entry **queue_buf;
-  size_t queue_size;
+  size_t               queue_size;
 
   struct queue_entry **top_rated;           /* Top entries for bitmap bytes */
 
diff --git a/include/config.h b/include/config.h
index 4503c3e9..9710cd1f 100644
--- a/include/config.h
+++ b/include/config.h
@@ -401,5 +401,29 @@
 
 // #define IGNORE_FINDS
 
+/* Text mutations */
+
+/* What is the minimum length of a queue input to be evaluated for "is_ascii"?
++ */
+
+#define AFL_TXT_MIN_LEN 12
+
+/* What is the minimum percentage of ascii characters present to be classifed
+   as "is_ascii"? */
+
+#define AFL_TXT_MIN_PERCENT 95
+
+/* How often to perform ASCII mutations 0 = disable, 1-8 are good values */
+
+#define AFL_TXT_BIAS 6
+
+/* Maximum length of a string to tamper with */
+
+#define AFL_TXT_STRING_MAX_LEN 1024
+
+/* Maximum mutations on a string */
+
+#define AFL_TXT_STRING_MAX_MUTATIONS 8
+
 #endif                                                  /* ! _HAVE_CONFIG_H */
 
diff --git a/include/envs.h b/include/envs.h
index 86222418..cb3c183e 100644
--- a/include/envs.h
+++ b/include/envs.h
@@ -34,6 +34,7 @@ static char *afl_environment_variables[] = {
     "AFL_CUSTOM_MUTATOR_LIBRARY",
     "AFL_CUSTOM_MUTATOR_ONLY",
     "AFL_CXX",
+    "AFL_CYCLE_SCHEDULES",
     "AFL_DEBUG",
     "AFL_DEBUG_CHILD_OUTPUT",
     "AFL_DEBUG_GDB",