From 3200e6515b9cc988d0d8dccd27257baccc8df021 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Sun, 14 Aug 2022 12:24:42 +0200 Subject: add AFL_NO_STARTUP_CALIBRATION feature --- src/afl-fuzz-init.c | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) (limited to 'src/afl-fuzz-init.c') diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index 4ffcfd2b..32e2b7b8 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -850,6 +850,30 @@ void read_testcases(afl_state_t *afl, u8 *directory) { } +/* In case no initial calibration is to be performed (e.g. huge queue and slow +execution time), then setting AFL_NO_STARTUP_CALIBRATION will help getting +initial data. For this to succeed, non-calibrated corpus entries have to look +especially juicy so they are more likely to be selected then a calibrated good +looking one. */ + +void no_dry_run(afl_state_t *afl) { + + struct queue_entry *q; + u32 idx; + + for (idx = 0; idx < afl->queued_items; idx++) { + + q = afl->queue_buf[idx]; + if (unlikely(!q || q->disabled)) { continue; } + + q->exec_us = 1; + q->bitmap_size = MAP_SIZE; + q->tc_ref = MAP_SIZE; + + } + +} + /* Perform dry run of all test cases to confirm that the app is working as expected. This is done only for the initial inputs, and only once. */ -- cgit 1.4.1