about summary refs log tree commit diff
path: root/include
diff options
context:
space:
mode:
Diffstat (limited to 'include')
-rw-r--r--include/afl-fuzz.h39
-rw-r--r--include/config.h36
-rw-r--r--include/envs.h4
3 files changed, 57 insertions, 22 deletions
diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h
index 5ab787e0..a3e87129 100644
--- a/include/afl-fuzz.h
+++ b/include/afl-fuzz.h
@@ -65,6 +65,8 @@
 #include <dlfcn.h>
 #include <sched.h>
 
+#include <netdb.h>
+
 #include <sys/wait.h>
 #include <sys/time.h>
 #ifndef USEMMAP
@@ -76,6 +78,7 @@
 #include <sys/mman.h>
 #include <sys/ioctl.h>
 #include <sys/file.h>
+#include <sys/types.h>
 
 #if defined(__APPLE__) || defined(__FreeBSD__) || defined(__OpenBSD__) || \
     defined(__NetBSD__) || defined(__DragonFly__)
@@ -148,7 +151,8 @@ struct queue_entry {
       favored,                          /* Currently favored?               */
       fs_redundant,                     /* Marked as redundant in the fs?   */
       fully_colorized,                  /* Do not run redqueen stage again  */
-      is_ascii;                         /* Is the input just ascii text?    */
+      is_ascii,                         /* Is the input just ascii text?    */
+      disabled;                         /* Is disabled from fuzz selection  */
 
   u32 bitmap_size,                      /* Number of bits set in bitmap     */
       fuzz_level,                       /* Number of fuzzing iterations     */
@@ -162,6 +166,8 @@ struct queue_entry {
   u8 *trace_mini;                       /* Trace bytes, if kept             */
   u32 tc_ref;                           /* Trace bytes ref count            */
 
+  double perf_score;                    /* performance score                */
+
   u8 *testcase_buf;                     /* The testcase buffer, if loaded.  */
   u32 testcase_refs;                    /* count of users of testcase buf   */
 
@@ -355,11 +361,12 @@ typedef struct afl_env_vars {
       afl_dumb_forksrv, afl_import_first, afl_custom_mutator_only, afl_no_ui,
       afl_force_ui, afl_i_dont_care_about_missing_crashes, afl_bench_just_one,
       afl_bench_until_crash, afl_debug_child_output, afl_autoresume,
-      afl_cal_fast, afl_cycle_schedules, afl_expand_havoc;
+      afl_cal_fast, afl_cycle_schedules, afl_expand_havoc, afl_statsd;
 
   u8 *afl_tmpdir, *afl_custom_mutator_library, *afl_python_module, *afl_path,
       *afl_hang_tmout, *afl_forksrv_init_tmout, *afl_skip_crashes, *afl_preload,
-      *afl_max_det_extras;
+      *afl_max_det_extras, *afl_statsd_host, *afl_statsd_port,
+      *afl_statsd_tags_flavor;
 
 } afl_env_vars_t;
 
@@ -487,12 +494,17 @@ typedef struct afl_state {
       disable_trim,                     /* Never trim in fuzz_one           */
       shmem_testcase_mode,              /* If sharedmem testcases are used  */
       expand_havoc,                /* perform expensive havoc after no find */
-      cycle_schedules;                  /* cycle power schedules?           */
+      cycle_schedules,                  /* cycle power schedules?           */
+      old_seed_selection;               /* use vanilla afl seed selection   */
 
   u8 *virgin_bits,                      /* Regions yet untouched by fuzzing */
       *virgin_tmout,                    /* Bits we haven't seen in tmouts   */
       *virgin_crash;                    /* Bits we haven't seen in crashes  */
 
+  double *alias_probability;            /* alias weighted probabilities     */
+  u32 *   alias_table;                /* alias weighted random lookup table */
+  u32     active_paths;                 /* enabled entries in the queue     */
+
   u8 *var_bytes;                        /* Bytes that appear to be variable */
 
 #define N_FUZZ_SIZE (1 << 21)
@@ -637,6 +649,16 @@ typedef struct afl_state {
   u64 plot_prev_qc, plot_prev_uc, plot_prev_uh, plot_prev_ed;
 
   u64 stats_last_stats_ms, stats_last_plot_ms, stats_last_ms, stats_last_execs;
+
+  /* StatsD */
+  u64                statsd_last_send_ms;
+  struct sockaddr_in statsd_server;
+  int                statsd_sock;
+  char *             statsd_tags_flavor;
+  char *             statsd_tags_format;
+  char *             statsd_metric_format;
+  int                statsd_metric_format_type;
+
   double stats_avg_exec;
 
   u8 *clean_trace;
@@ -966,6 +988,13 @@ void maybe_update_plot_file(afl_state_t *, double, double);
 void show_stats(afl_state_t *);
 void show_init_stats(afl_state_t *);
 
+/* StatsD */
+
+void statsd_setup_format(afl_state_t *afl);
+int  statsd_socket_init(afl_state_t *afl);
+int  statsd_send_metric(afl_state_t *afl);
+int  statsd_format_metric(afl_state_t *afl, char *buff, size_t bufflen);
+
 /* Run */
 
 fsrv_run_result_t fuzz_run_target(afl_state_t *, afl_forkserver_t *fsrv, u32);
@@ -997,6 +1026,8 @@ void   find_timeout(afl_state_t *);
 double get_runnable_processes(void);
 void   nuke_resume_dir(afl_state_t *);
 int    check_main_node_exists(afl_state_t *);
+u32    select_next_queue_entry(afl_state_t *afl);
+void   create_alias_table(afl_state_t *afl);
 void   setup_dirs_fds(afl_state_t *);
 void   setup_cmdline_file(afl_state_t *, char **);
 void   setup_stdio_file(afl_state_t *);
diff --git a/include/config.h b/include/config.h
index 9c316a86..3f498275 100644
--- a/include/config.h
+++ b/include/config.h
@@ -41,6 +41,14 @@
 
 #define USE_COLOR
 
+/* StatsD config
+   Config can be adjusted via AFL_STATSD_HOST and AFL_STATSD_PORT environment
+   variable.
+*/
+#define STATSD_UPDATE_SEC 1
+#define STATSD_DEFAULT_PORT 8125
+#define STATSD_DEFAULT_HOST "127.0.0.1"
+
 /* If you want to have the original afl internal memory corruption checks.
    Disabled by default for speed. it is better to use "make ASAN_BUILD=1". */
 
@@ -66,25 +74,17 @@
   #define WORD_SIZE_64 1
 #endif
 
-/* Default memory limit for child process (MB): */
-
-#ifndef __NetBSD__
-  #ifndef WORD_SIZE_64
-    #define MEM_LIMIT 50
-  #else
-    #define MEM_LIMIT 75
-  #endif                                                  /* ^!WORD_SIZE_64 */
-#else /* NetBSD's kernel needs more space for stack, see discussion for issue \
-         #165 */
-  #define MEM_LIMIT 250
-#endif
-/* Default memory limit when running in QEMU mode (MB): */
+/* Default memory limit for child process (MB) 0 = disabled : */
+
+#define MEM_LIMIT 0
+
+/* Default memory limit when running in QEMU mode (MB) 0 = disabled : */
 
-#define MEM_LIMIT_QEMU 250
+#define MEM_LIMIT_QEMU 0
 
-/* Default memory limit when running in Unicorn mode (MB): */
+/* Default memory limit when running in Unicorn mode (MB) 0 = disabled : */
 
-#define MEM_LIMIT_UNICORN 250
+#define MEM_LIMIT_UNICORN 0
 
 /* Number of calibration cycles per every new test case (and for test
    cases that show variable behavior): */
@@ -109,8 +109,8 @@
 /* Maximum multiplier for the above (should be a power of two, beware
    of 32-bit int overflows): */
 
-#define HAVOC_MAX_MULT 32
-#define HAVOC_MAX_MULT_MOPT 32
+#define HAVOC_MAX_MULT 64
+#define HAVOC_MAX_MULT_MOPT 64
 
 /* Absolute minimum number of havoc cycles (after all adjustments): */
 
diff --git a/include/envs.h b/include/envs.h
index 3a06aa2a..51520312 100644
--- a/include/envs.h
+++ b/include/envs.h
@@ -135,6 +135,10 @@ static char *afl_environment_variables[] = {
     "AFL_SKIP_BIN_CHECK",
     "AFL_SKIP_CPUFREQ",
     "AFL_SKIP_CRASHES",
+    "AFL_STATSD",
+    "AFL_STATSD_HOST",
+    "AFL_STATSD_PORT",
+    "AFL_STATSD_TAGS_FLAVOR",
     "AFL_TMIN_EXACT",
     "AFL_TMPDIR",
     "AFL_TOKEN_FILE",
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-05-29 06:09:05 +0000