1 files changed, 10 insertions, 0 deletions

diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c
index a3787e5c..2da27453 100644
--- a/src/afl-fuzz-run.c
+++ b/src/afl-fuzz-run.c
@@ -427,6 +427,12 @@ static void write_with_gap(afl_state_t *afl, u8 *mem, u32 len, u32 skip_at,
 
 }
 
+static u64 compute_proximity_score(u32 *dfg_bits) {
+  u64 result = 0;
+  for (size_t i = 0; i < DFG_MAP_SIZE; result += dfg_bits[++i]);
+  return result;
+}
+
 /* Calibrate a new test case. This is done when processing the input directory
    to warn about flaky or otherwise problematic test cases early on; and when
    new paths are discovered to detect variable behavior and so on. */
@@ -645,6 +651,7 @@ u8 calibrate_case(afl_state_t *afl, struct queue_entry *q, u8 *use_mem,
   if (unlikely(!q->exec_us)) { q->exec_us = 1; }
 
   q->bitmap_size = count_bytes(afl, afl->fsrv.trace_bits);
+  q->prox_score = compute_proximity_score();
   q->handicap = handicap;
   q->cal_failed = 0;
 
@@ -653,6 +660,9 @@ u8 calibrate_case(afl_state_t *afl, struct queue_entry *q, u8 *use_mem,
 
   update_bitmap_score(afl, q);
 
+  afl->mean_prox_score +=
+      (q->prox_score - afl->mean_prox_score) / afl->queued_items;
+
   /* If this case didn't result in new output from the instrumentation, tell
      parent. This is a non-critical problem, but something to warn the user
      about. */