aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--GNUmakefile2
-rw-r--r--docs/Changelog.md2
-rw-r--r--include/afl-fuzz.h3
-rw-r--r--instrumentation/SanitizerCoverageLTO.so.cc2
-rw-r--r--instrumentation/SanitizerCoveragePCGUARD.so.cc2
-rw-r--r--src/afl-fuzz-queue.c14
-rw-r--r--src/afl-fuzz.c7
7 files changed, 10 insertions, 22 deletions
diff --git a/GNUmakefile b/GNUmakefile
index 208e965b..85f164f5 100644
--- a/GNUmakefile
+++ b/GNUmakefile
@@ -546,7 +546,7 @@ ifndef AFL_NO_X86
test_build: afl-cc afl-gcc afl-as afl-showmap
@echo "[*] Testing the CC wrapper afl-cc and its instrumentation output..."
@unset AFL_MAP_SIZE AFL_USE_UBSAN AFL_USE_CFISAN AFL_USE_LSAN AFL_USE_ASAN AFL_USE_MSAN; ASAN_OPTIONS=detect_leaks=0 AFL_INST_RATIO=100 AFL_PATH=. ./afl-cc test-instr.c $(LDFLAGS) -o test-instr 2>&1 || (echo "Oops, afl-cc failed"; exit 1 )
- - ASAN_OPTIONS=detect_leaks=0 ./afl-showmap -m none -o .test-instr0 ./test-instr < /dev/null
+ -ASAN_OPTIONS=detect_leaks=0 ./afl-showmap -q -m none -o .test-instr0 ./test-instr < /dev/null
-echo 1 | ASAN_OPTIONS=detect_leaks=0 ./afl-showmap -m none -q -o .test-instr1 ./test-instr
@rm -f test-instr
@cmp -s .test-instr0 .test-instr1; DR="$$?"; rm -f .test-instr0 .test-instr1; if [ "$$DR" = "0" ]; then echo; echo "Oops, the instrumentation of afl-cc does not seem to be behaving correctly!"; echo; echo "Please post to https://github.com/AFLplusplus/AFLplusplus/issues to troubleshoot the issue."; echo; exit 1; fi
diff --git a/docs/Changelog.md b/docs/Changelog.md
index 736deb30..501300b1 100644
--- a/docs/Changelog.md
+++ b/docs/Changelog.md
@@ -12,7 +12,7 @@
- fixed a crash in pizza (1st april easter egg) mode. Sorry for
everyone who was affected!
- allow pizza mode to be disabled when AFL_PIZZA_MODE is set to -1
- - add -z switch to prefer new coverage findings in seed selection
+ - option `-p mmopt` now also selects new queue items more often
- print name of custom mutator in UI
- afl-cc:
- add CFI sanitizer variant to gcc targets
diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h
index 7ff3315b..5fd393dd 100644
--- a/include/afl-fuzz.h
+++ b/include/afl-fuzz.h
@@ -501,8 +501,7 @@ typedef struct afl_state {
custom_splice_optout, /* Custom mutator no splice buffer */
is_main_node, /* if this is the main node */
is_secondary_node, /* if this is a secondary instance */
- pizza_is_served, /* pizza mode */
- prefer_new; /* prefer new queue entries */
+ pizza_is_served; /* pizza mode */
u32 stats_update_freq; /* Stats update frequency (execs) */
diff --git a/instrumentation/SanitizerCoverageLTO.so.cc b/instrumentation/SanitizerCoverageLTO.so.cc
index 5603c455..e41f19b6 100644
--- a/instrumentation/SanitizerCoverageLTO.so.cc
+++ b/instrumentation/SanitizerCoverageLTO.so.cc
@@ -18,7 +18,7 @@
#include "llvm/ADT/ArrayRef.h"
#include "llvm/ADT/SmallVector.h"
#if LLVM_VERSION_MAJOR < 17
-#include "llvm/ADT/Triple.h"
+ #include "llvm/ADT/Triple.h"
#endif
#include "llvm/Analysis/EHPersonalities.h"
#include "llvm/Analysis/PostDominators.h"
diff --git a/instrumentation/SanitizerCoveragePCGUARD.so.cc b/instrumentation/SanitizerCoveragePCGUARD.so.cc
index 5f23698b..85b1ddd5 100644
--- a/instrumentation/SanitizerCoveragePCGUARD.so.cc
+++ b/instrumentation/SanitizerCoveragePCGUARD.so.cc
@@ -14,7 +14,7 @@
#include "llvm/ADT/ArrayRef.h"
#include "llvm/ADT/SmallVector.h"
#if LLVM_VERSION_MAJOR < 17
-#include "llvm/ADT/Triple.h"
+ #include "llvm/ADT/Triple.h"
#endif
#include "llvm/Analysis/EHPersonalities.h"
#include "llvm/Analysis/PostDominators.h"
diff --git a/src/afl-fuzz-queue.c b/src/afl-fuzz-queue.c
index 6fc3c743..8ad7cd97 100644
--- a/src/afl-fuzz-queue.c
+++ b/src/afl-fuzz-queue.c
@@ -149,21 +149,15 @@ void create_alias_table(afl_state_t *afl) {
}
- if (unlikely(afl->prefer_new) && afl->queued_discovered) {
+ if (unlikely(afl->schedule == MMOPT) && afl->queued_discovered) {
- double avg_weight = sum / active;
+ u32 cnt = afl->queued_discovered >= 5 ? 5 : afl->queued_discovered;
- for (i = n - afl->queued_discovered; i < n; i++) {
+ for (i = n - cnt; i < n; i++) {
struct queue_entry *q = afl->queue_buf[i];
- if (likely(!q->disabled) && q->weight > avg_weight) {
-
- double prev_weight = q->weight;
- q->weight *= (2.0 * (i / n));
- sum += (q->weight - prev_weight);
-
- }
+ if (likely(!q->disabled)) { q->weight *= 2.0; }
}
diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c
index a0c322da..5ba54d0b 100644
--- a/src/afl-fuzz.c
+++ b/src/afl-fuzz.c
@@ -132,7 +132,6 @@ static void usage(u8 *argv0, int more_help) {
" fast(default), explore, exploit, seek, rare, mmopt, "
"coe, lin\n"
" quad -- see docs/FAQ.md for more information\n"
- " -z - prefer new coverage findings when fuzzing\n"
" -f file - location read by the fuzzed program (default: stdin "
"or @@)\n"
" -t msec - timeout for each run (auto-scaled, default %u ms). "
@@ -556,7 +555,7 @@ int main(int argc, char **argv_orig, char **envp) {
while (
(opt = getopt(
argc, argv,
- "+Ab:B:c:CdDe:E:hi:I:f:F:g:G:l:L:m:M:nNOo:p:RQs:S:t:T:UV:WXx:YzZ")) >
+ "+Ab:B:c:CdDe:E:hi:I:f:F:g:G:l:L:m:M:nNOo:p:RQs:S:t:T:UV:WXx:YZ")) >
0) {
switch (opt) {
@@ -569,10 +568,6 @@ int main(int argc, char **argv_orig, char **envp) {
afl->max_length = atoi(optarg);
break;
- case 'z':
- afl->prefer_new = 1;
- break;
-
case 'Z':
afl->old_seed_selection = 1;
break;
generated by cgit v1.2.3 (git 2.25.1) at 2026-01-20 15:34:43 +0000