about summary refs log tree commit diff
path: root/include
diff options
context:
space:
mode:
Diffstat (limited to 'include')
-rw-r--r--include/afl-fuzz.h31
-rw-r--r--include/config.h9
-rw-r--r--include/envs.h1
3 files changed, 40 insertions, 1 deletions
diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h
index 85597150..940c5602 100644
--- a/include/afl-fuzz.h
+++ b/include/afl-fuzz.h
@@ -168,6 +168,8 @@ struct queue_entry {
 
   double perf_score;                    /* performance score                */
 
+  u8 *testcase_buf;                     /* The testcase buffer, if loaded.  */
+
   struct queue_entry *next;             /* Next element, if any             */
 
 };
@@ -363,7 +365,7 @@ typedef struct afl_env_vars {
   u8 *afl_tmpdir, *afl_custom_mutator_library, *afl_python_module, *afl_path,
       *afl_hang_tmout, *afl_forksrv_init_tmout, *afl_skip_crashes, *afl_preload,
       *afl_max_det_extras, *afl_statsd_host, *afl_statsd_port,
-      *afl_statsd_tags_flavor;
+      *afl_statsd_tags_flavor, *afl_testcache_size;
 
 } afl_env_vars_t;
 
@@ -675,6 +677,9 @@ typedef struct afl_state {
   u8 *in_scratch_buf;
 
   u8 *ex_buf;
+
+  u8 *testcase_buf, *splicecase_buf;
+
   u32 custom_mutators_count;
 
   list_t custom_mutator_list;
@@ -686,6 +691,22 @@ typedef struct afl_state {
   /* queue entries ready for splicing count (len > 4) */
   u32 ready_for_splicing_count;
 
+  /* This is the user specified maximum size to use for the testcase cache */
+  u64 q_testcase_max_cache_size;
+
+  /* How much of the testcase cache is used so far */
+  u64 q_testcase_cache_size;
+
+  /* highest cache count so far */
+  u32 q_testcase_max_cache_count;
+
+  /* How many queue entries currently have cached testcases */
+  u32 q_testcase_cache_count;
+
+  /* Refs to each queue entry with cached testcase (for eviction, if cache_count
+   * is too large) */
+  struct queue_entry *q_testcase_cache[TESTCASE_ENTRIES];
+
 } afl_state_t;
 
 struct custom_mutator {
@@ -1135,5 +1156,13 @@ static inline u64 next_p2(u64 val) {
 
 }
 
+/* Returns the testcase buf from the file behind this queue entry.
+  Increases the refcount. */
+u8 *queue_testcase_get(afl_state_t *afl, struct queue_entry *q);
+
+/* If trimming changes the testcase size we have to reload it */
+void queue_testcase_retake(afl_state_t *afl, struct queue_entry *q,
+                           u32 old_len);
+
 #endif
 
diff --git a/include/config.h b/include/config.h
index 7dd045e3..b4f3a775 100644
--- a/include/config.h
+++ b/include/config.h
@@ -295,6 +295,15 @@
 
 #define RESEED_RNG 100000
 
+/* The maximum number of testcases to cache */
+
+#define TESTCASE_ENTRIES 16384
+
+/* The default maximum testcase cache size in MB, 0 = disable.
+   A value between 50 and 250 is a good default value. */
+
+#define TESTCASE_CACHE 0
+
 /* Maximum line length passed from GCC to 'as' and used for parsing
    configuration files: */
 
diff --git a/include/envs.h b/include/envs.h
index 51520312..a1b3ad12 100644
--- a/include/envs.h
+++ b/include/envs.h
@@ -139,6 +139,7 @@ static char *afl_environment_variables[] = {
     "AFL_STATSD_HOST",
     "AFL_STATSD_PORT",
     "AFL_STATSD_TAGS_FLAVOR",
+    "AFL_TESTCACHE_SIZE",
     "AFL_TMIN_EXACT",
     "AFL_TMPDIR",
     "AFL_TOKEN_FILE",
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-05-21 14:25:20 +0000