3 files changed, 19 insertions, 4 deletions

diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h
index 88646db3..ea83aaca 100644
--- a/include/afl-fuzz.h
+++ b/include/afl-fuzz.h
@@ -169,12 +169,22 @@ struct queue_entry {
 
   u32 bitmap_size,                      /* Number of bits set in bitmap     */
       fuzz_level,                       /* Number of fuzzing iterations     */
-      n_fuzz_entry;                     /* offset in n_fuzz                 */
+      n_fuzz_entry                      /* offset in n_fuzz                 */
+#ifdef INTROSPECTION
+      ,
+      stats_selected,                   /* stats: how often selected        */
+      stats_skipped,                    /* stats: how often skipped         */
+      stats_finds,                      /* stats: # of saved finds          */
+      stats_crashes,                    /* stats: # of saved crashes        */
+      stats_tmouts                      /* stats: # of saved timeouts       */
+#endif
+      ;
 
   u64 exec_us,                          /* Execution time (us)              */
       handicap,                         /* Number of queue cycles behind    */
       depth,                            /* Path depth                       */
-      exec_cksum;                       /* Checksum of the execution trace  */
+      exec_cksum,                       /* Checksum of the execution trace  */
+      stats_mutated;                    /* stats: # of mutations performed  */
 
   u8 *trace_mini;                       /* Trace bytes, if kept             */
   u32 tc_ref;                           /* Trace bytes ref count            */
@@ -686,7 +696,8 @@ typedef struct afl_state {
   u32 plot_prev_qp, plot_prev_pf, plot_prev_pnf, plot_prev_ce, plot_prev_md;
   u64 plot_prev_qc, plot_prev_uc, plot_prev_uh, plot_prev_ed;
 
-  u64 stats_last_stats_ms, stats_last_plot_ms, stats_last_ms, stats_last_execs;
+  u64 stats_last_stats_ms, stats_last_plot_ms, stats_last_queue_ms,
+      stats_last_ms, stats_last_execs;
 
   /* StatsD */
   u64                statsd_last_send_ms;
@@ -1101,6 +1112,7 @@ void load_stats_file(afl_state_t *);
 void write_setup_file(afl_state_t *, u32, char **);
 void write_stats_file(afl_state_t *, u32, double, double, double);
 void maybe_update_plot_file(afl_state_t *, u32, double, double);
+void write_queue_stats(afl_state_t *);
 void show_stats(afl_state_t *);
 void show_stats_normal(afl_state_t *);
 void show_stats_pizza(afl_state_t *);
diff --git a/include/config.h b/include/config.h
index 22c1a162..b82ead47 100644
--- a/include/config.h
+++ b/include/config.h
@@ -290,10 +290,11 @@
 
 #define UI_TARGET_HZ 5
 
-/* Fuzzer stats file and plot update intervals (sec): */
+/* Fuzzer stats file, queue stats and plot update intervals (sec): */
 
 #define STATS_UPDATE_SEC 60
 #define PLOT_UPDATE_SEC 5
+#define QUEUE_UPDATE_SEC 1800
 
 /* Smoothing divisor for CPU load and exec speed stats (1 - no smoothing). */
 
diff --git a/include/envs.h b/include/envs.h
index 68d83f8c..f4cdf390 100644
--- a/include/envs.h
+++ b/include/envs.h
@@ -124,7 +124,9 @@ static char *afl_environment_variables[] = {
     "AFL_LLVM_ALLOWLIST",
     "AFL_LLVM_DENYLIST",
     "AFL_LLVM_BLOCKLIST",
+    "AFL_CMPLOG",
     "AFL_LLVM_CMPLOG",
+    "AFL_GCC_CMPLOG",
     "AFL_LLVM_INSTRIM",
     "AFL_LLVM_CALLER",
     "AFL_LLVM_CTX",