add -z switch

2 files changed, 11 insertions, 1 deletions

diff --git a/src/afl-fuzz-queue.c b/src/afl-fuzz-queue.c
index 40184645..1cdc8b54 100644
--- a/src/afl-fuzz-queue.c
+++ b/src/afl-fuzz-queue.c
@@ -74,9 +74,14 @@ double compute_weight(afl_state_t *afl, struct queue_entry *q,
   if (likely(afl->schedule < RARE)) { weight *= (avg_exec_us / q->exec_us); }
   weight *= (log(q->bitmap_size) / avg_bitmap_size);
   weight *= (1 + (q->tc_ref / avg_top_size));
-  if (unlikely(weight < 1.0)) { weight = 1.0; }
+  if (unlikely(weight < 0.1)) { weight = 0.1; }
   if (unlikely(q->favored)) { weight *= 5; }
   if (unlikely(!q->was_fuzzed)) { weight *= 2; }
+  if (unlikely(afl->prefer_new)) {
+
+    weight *= (2.0 * (q->id / (afl->queued_items - 1)));
+
+  }
 
   return weight;
 
diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c
index 3380fd90..0f01360e 100644
--- a/src/afl-fuzz.c
+++ b/src/afl-fuzz.c
@@ -132,6 +132,7 @@ static void usage(u8 *argv0, int more_help) {
       "                  fast(default), explore, exploit, seek, rare, mmopt, "
       "coe, lin\n"
       "                  quad -- see docs/FAQ.md for more information\n"
+      "  -z            - prefer new coverage findings when fuzzing\n"
       "  -f file       - location read by the fuzzed program (default: stdin "
       "or @@)\n"
       "  -t msec       - timeout for each run (auto-scaled, default %u ms). "
@@ -569,6 +570,10 @@ int main(int argc, char **argv_orig, char **envp) {
         afl->max_length = atoi(optarg);
         break;
 
+      case 'z':
+        afl->prefer_new = 1;
+        break;
+
       case 'Z':
         afl->old_seed_selection = 1;
         break;