From 9063002af22e916701588248eca2fd2669e4d0df Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 9 Dec 2021 13:22:10 +0100 Subject: rename path --- src/afl-fuzz-one.c | 146 ++++++++++++++++++++++++++--------------------------- 1 file changed, 73 insertions(+), 73 deletions(-) (limited to 'src/afl-fuzz-one.c') diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index f4d3b77f..96c32a86 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -423,7 +423,7 @@ u8 fuzz_one_original(afl_state_t *afl) { } else if (!afl->non_instrumented_mode && !afl->queue_cur->favored && - afl->queued_paths > 10) { + afl->queued_items > 10) { /* Otherwise, still possibly skip non-favored cases, albeit less often. The odds of skipping stuff are higher for already-fuzzed inputs and @@ -449,7 +449,7 @@ u8 fuzz_one_original(afl_state_t *afl) { ACTF( "Fuzzing test case #%u (%u total, %llu uniq crashes found, " "perf_score=%0.0f, exec_us=%llu, hits=%u, map=%u, ascii=%u)...", - afl->current_entry, afl->queued_paths, afl->unique_crashes, + afl->current_entry, afl->queued_items, afl->saved_crashes, afl->queue_cur->perf_score, afl->queue_cur->exec_us, likely(afl->n_fuzz) ? afl->n_fuzz[afl->queue_cur->n_fuzz_entry] : 0, afl->queue_cur->bitmap_size, afl->queue_cur->is_ascii); @@ -492,7 +492,7 @@ u8 fuzz_one_original(afl_state_t *afl) { if (unlikely(afl->stop_soon) || res != afl->crash_mode) { - ++afl->cur_skipped_paths; + ++afl->cur_skipped_items; goto abandon_entry; } @@ -519,7 +519,7 @@ u8 fuzz_one_original(afl_state_t *afl) { if (unlikely(afl->stop_soon)) { - ++afl->cur_skipped_paths; + ++afl->cur_skipped_items; goto abandon_entry; } @@ -566,8 +566,8 @@ u8 fuzz_one_original(afl_state_t *afl) { if (afl->cmplog_lvl == 3 || (afl->cmplog_lvl == 2 && afl->queue_cur->tc_ref) || afl->queue_cur->favored || - !(afl->fsrv.total_execs % afl->queued_paths) || - get_cur_time() - afl->last_path_time > 300000) { // 300 seconds + !(afl->fsrv.total_execs % afl->queued_items) || + get_cur_time() - afl->last_find_time > 300000) { // 300 seconds if (input_to_state_stage(afl, in_buf, out_buf, len)) { @@ -630,7 +630,7 @@ u8 fuzz_one_original(afl_state_t *afl) { afl->stage_val_type = STAGE_VAL_NONE; - orig_hit_cnt = afl->queued_paths + afl->unique_crashes; + orig_hit_cnt = afl->queued_items + afl->saved_crashes; prev_cksum = afl->queue_cur->exec_cksum; @@ -734,7 +734,7 @@ u8 fuzz_one_original(afl_state_t *afl) { } - new_hit_cnt = afl->queued_paths + afl->unique_crashes; + new_hit_cnt = afl->queued_items + afl->saved_crashes; afl->stage_finds[STAGE_FLIP1] += new_hit_cnt - orig_hit_cnt; afl->stage_cycles[STAGE_FLIP1] += afl->stage_max; @@ -766,7 +766,7 @@ u8 fuzz_one_original(afl_state_t *afl) { } - new_hit_cnt = afl->queued_paths + afl->unique_crashes; + new_hit_cnt = afl->queued_items + afl->saved_crashes; afl->stage_finds[STAGE_FLIP2] += new_hit_cnt - orig_hit_cnt; afl->stage_cycles[STAGE_FLIP2] += afl->stage_max; @@ -802,7 +802,7 @@ u8 fuzz_one_original(afl_state_t *afl) { } - new_hit_cnt = afl->queued_paths + afl->unique_crashes; + new_hit_cnt = afl->queued_items + afl->saved_crashes; afl->stage_finds[STAGE_FLIP4] += new_hit_cnt - orig_hit_cnt; afl->stage_cycles[STAGE_FLIP4] += afl->stage_max; @@ -909,7 +909,7 @@ u8 fuzz_one_original(afl_state_t *afl) { afl->blocks_eff_total += EFF_ALEN(len); - new_hit_cnt = afl->queued_paths + afl->unique_crashes; + new_hit_cnt = afl->queued_items + afl->saved_crashes; afl->stage_finds[STAGE_FLIP8] += new_hit_cnt - orig_hit_cnt; afl->stage_cycles[STAGE_FLIP8] += afl->stage_max; @@ -952,7 +952,7 @@ u8 fuzz_one_original(afl_state_t *afl) { } - new_hit_cnt = afl->queued_paths + afl->unique_crashes; + new_hit_cnt = afl->queued_items + afl->saved_crashes; afl->stage_finds[STAGE_FLIP16] += new_hit_cnt - orig_hit_cnt; afl->stage_cycles[STAGE_FLIP16] += afl->stage_max; @@ -995,7 +995,7 @@ u8 fuzz_one_original(afl_state_t *afl) { } - new_hit_cnt = afl->queued_paths + afl->unique_crashes; + new_hit_cnt = afl->queued_items + afl->saved_crashes; afl->stage_finds[STAGE_FLIP32] += new_hit_cnt - orig_hit_cnt; afl->stage_cycles[STAGE_FLIP32] += afl->stage_max; @@ -1087,7 +1087,7 @@ skip_bitflip: } - new_hit_cnt = afl->queued_paths + afl->unique_crashes; + new_hit_cnt = afl->queued_items + afl->saved_crashes; afl->stage_finds[STAGE_ARITH8] += new_hit_cnt - orig_hit_cnt; afl->stage_cycles[STAGE_ARITH8] += afl->stage_max; @@ -1217,7 +1217,7 @@ skip_bitflip: } - new_hit_cnt = afl->queued_paths + afl->unique_crashes; + new_hit_cnt = afl->queued_items + afl->saved_crashes; afl->stage_finds[STAGE_ARITH16] += new_hit_cnt - orig_hit_cnt; afl->stage_cycles[STAGE_ARITH16] += afl->stage_max; @@ -1346,7 +1346,7 @@ skip_bitflip: } - new_hit_cnt = afl->queued_paths + afl->unique_crashes; + new_hit_cnt = afl->queued_items + afl->saved_crashes; afl->stage_finds[STAGE_ARITH32] += new_hit_cnt - orig_hit_cnt; afl->stage_cycles[STAGE_ARITH32] += afl->stage_max; @@ -1412,7 +1412,7 @@ skip_arith: } - new_hit_cnt = afl->queued_paths + afl->unique_crashes; + new_hit_cnt = afl->queued_items + afl->saved_crashes; afl->stage_finds[STAGE_INTEREST8] += new_hit_cnt - orig_hit_cnt; afl->stage_cycles[STAGE_INTEREST8] += afl->stage_max; @@ -1500,7 +1500,7 @@ skip_arith: } - new_hit_cnt = afl->queued_paths + afl->unique_crashes; + new_hit_cnt = afl->queued_items + afl->saved_crashes; afl->stage_finds[STAGE_INTEREST16] += new_hit_cnt - orig_hit_cnt; afl->stage_cycles[STAGE_INTEREST16] += afl->stage_max; @@ -1589,7 +1589,7 @@ skip_arith: } - new_hit_cnt = afl->queued_paths + afl->unique_crashes; + new_hit_cnt = afl->queued_items + afl->saved_crashes; afl->stage_finds[STAGE_INTEREST32] += new_hit_cnt - orig_hit_cnt; afl->stage_cycles[STAGE_INTEREST32] += afl->stage_max; @@ -1662,7 +1662,7 @@ skip_interest: } - new_hit_cnt = afl->queued_paths + afl->unique_crashes; + new_hit_cnt = afl->queued_items + afl->saved_crashes; afl->stage_finds[STAGE_EXTRAS_UO] += new_hit_cnt - orig_hit_cnt; afl->stage_cycles[STAGE_EXTRAS_UO] += afl->stage_max; @@ -1718,7 +1718,7 @@ skip_interest: } - new_hit_cnt = afl->queued_paths + afl->unique_crashes; + new_hit_cnt = afl->queued_items + afl->saved_crashes; afl->stage_finds[STAGE_EXTRAS_UI] += new_hit_cnt - orig_hit_cnt; afl->stage_cycles[STAGE_EXTRAS_UI] += afl->stage_max; @@ -1776,7 +1776,7 @@ skip_user_extras: } - new_hit_cnt = afl->queued_paths + afl->unique_crashes; + new_hit_cnt = afl->queued_items + afl->saved_crashes; afl->stage_finds[STAGE_EXTRAS_AO] += new_hit_cnt - orig_hit_cnt; afl->stage_cycles[STAGE_EXTRAS_AO] += afl->stage_max; @@ -1806,7 +1806,7 @@ custom_mutator_stage: const u32 max_seed_size = MAX_FILE, saved_max = afl->stage_max; - orig_hit_cnt = afl->queued_paths + afl->unique_crashes; + orig_hit_cnt = afl->queued_items + afl->saved_crashes; #ifdef INTROSPECTION afl->mutation[0] = 0; @@ -1850,7 +1850,7 @@ custom_mutator_stage: do { - tid = rand_below(afl, afl->queued_paths); + tid = rand_below(afl, afl->queued_items); } while (unlikely(tid == afl->current_entry || @@ -1890,7 +1890,7 @@ custom_mutator_stage: /* If we're finding new stuff, let's run for a bit longer, limits permitting. */ - if (afl->queued_paths != havoc_queued) { + if (afl->queued_items != havoc_queued) { if (perf_score <= afl->havoc_max_mult * 100) { @@ -1899,7 +1899,7 @@ custom_mutator_stage: } - havoc_queued = afl->queued_paths; + havoc_queued = afl->queued_items; } @@ -1926,7 +1926,7 @@ custom_mutator_stage: if (!has_custom_fuzz) goto havoc_stage; - new_hit_cnt = afl->queued_paths + afl->unique_crashes; + new_hit_cnt = afl->queued_items + afl->saved_crashes; afl->stage_finds[STAGE_CUSTOM_MUTATOR] += new_hit_cnt - orig_hit_cnt; afl->stage_cycles[STAGE_CUSTOM_MUTATOR] += afl->stage_max; @@ -1972,9 +1972,9 @@ havoc_stage: temp_len = len; - orig_hit_cnt = afl->queued_paths + afl->unique_crashes; + orig_hit_cnt = afl->queued_items + afl->saved_crashes; - havoc_queued = afl->queued_paths; + havoc_queued = afl->queued_items; if (afl->custom_mutators_count) { @@ -2023,7 +2023,7 @@ havoc_stage: } - if (unlikely(get_cur_time() - afl->last_path_time > 5000 /* 5 seconds */ && + if (unlikely(get_cur_time() - afl->last_find_time > 5000 /* 5 seconds */ && afl->ready_for_splicing_count > 1)) { /* add expensive havoc cases here if there is no findings in the last 5s */ @@ -2669,7 +2669,7 @@ havoc_stage: u32 tid; do { - tid = rand_below(afl, afl->queued_paths); + tid = rand_below(afl, afl->queued_items); } while (tid == afl->current_entry || afl->queue_buf[tid]->len < 4); @@ -2757,7 +2757,7 @@ havoc_stage: /* If we're finding new stuff, let's run for a bit longer, limits permitting. */ - if (afl->queued_paths != havoc_queued) { + if (afl->queued_items != havoc_queued) { if (perf_score <= afl->havoc_max_mult * 100) { @@ -2766,13 +2766,13 @@ havoc_stage: } - havoc_queued = afl->queued_paths; + havoc_queued = afl->queued_items; } } - new_hit_cnt = afl->queued_paths + afl->unique_crashes; + new_hit_cnt = afl->queued_items + afl->saved_crashes; if (!splice_cycle) { @@ -2821,7 +2821,7 @@ retry_splicing: do { - tid = rand_below(afl, afl->queued_paths); + tid = rand_below(afl, afl->queued_items); } while (tid == afl->current_entry || afl->queue_buf[tid]->len < 4); @@ -2945,7 +2945,7 @@ static u8 mopt_common_fuzzing(afl_state_t *afl, MOpt_globals_t MOpt_globals) { } else if (!afl->non_instrumented_mode && !afl->queue_cur->favored && - afl->queued_paths > 10) { + afl->queued_items > 10) { /* Otherwise, still possibly skip non-favored cases, albeit less often. The odds of skipping stuff are higher for already-fuzzed inputs and @@ -2969,7 +2969,7 @@ static u8 mopt_common_fuzzing(afl_state_t *afl, MOpt_globals_t MOpt_globals) { if (afl->not_on_tty) { ACTF("Fuzzing test case #%u (%u total, %llu uniq crashes found)...", - afl->current_entry, afl->queued_paths, afl->unique_crashes); + afl->current_entry, afl->queued_items, afl->saved_crashes); fflush(stdout); } @@ -3010,7 +3010,7 @@ static u8 mopt_common_fuzzing(afl_state_t *afl, MOpt_globals_t MOpt_globals) { if (afl->stop_soon || res != afl->crash_mode) { - ++afl->cur_skipped_paths; + ++afl->cur_skipped_items; goto abandon_entry; } @@ -3037,7 +3037,7 @@ static u8 mopt_common_fuzzing(afl_state_t *afl, MOpt_globals_t MOpt_globals) { if (unlikely(afl->stop_soon)) { - ++afl->cur_skipped_paths; + ++afl->cur_skipped_items; goto abandon_entry; } @@ -3082,8 +3082,8 @@ static u8 mopt_common_fuzzing(afl_state_t *afl, MOpt_globals_t MOpt_globals) { if (afl->cmplog_lvl == 3 || (afl->cmplog_lvl == 2 && afl->queue_cur->tc_ref) || - !(afl->fsrv.total_execs % afl->queued_paths) || - get_cur_time() - afl->last_path_time > 300000) { // 300 seconds + !(afl->fsrv.total_execs % afl->queued_items) || + get_cur_time() - afl->last_find_time > 300000) { // 300 seconds if (input_to_state_stage(afl, in_buf, out_buf, len)) { @@ -3101,10 +3101,10 @@ static u8 mopt_common_fuzzing(afl_state_t *afl, MOpt_globals_t MOpt_globals) { cur_ms_lv = get_cur_time(); if (!(afl->key_puppet == 0 && - ((cur_ms_lv - afl->last_path_time < (u32)afl->limit_time_puppet) || + ((cur_ms_lv - afl->last_find_time < (u32)afl->limit_time_puppet) || (afl->last_crash_time != 0 && cur_ms_lv - afl->last_crash_time < (u32)afl->limit_time_puppet) || - afl->last_path_time == 0))) { + afl->last_find_time == 0))) { afl->key_puppet = 1; goto pacemaker_fuzzing; @@ -3156,7 +3156,7 @@ static u8 mopt_common_fuzzing(afl_state_t *afl, MOpt_globals_t MOpt_globals) { afl->stage_val_type = STAGE_VAL_NONE; - orig_hit_cnt = afl->queued_paths + afl->unique_crashes; + orig_hit_cnt = afl->queued_items + afl->saved_crashes; prev_cksum = afl->queue_cur->exec_cksum; @@ -3259,7 +3259,7 @@ static u8 mopt_common_fuzzing(afl_state_t *afl, MOpt_globals_t MOpt_globals) { } /* for afl->stage_cur */ - new_hit_cnt = afl->queued_paths + afl->unique_crashes; + new_hit_cnt = afl->queued_items + afl->saved_crashes; afl->stage_finds[STAGE_FLIP1] += new_hit_cnt - orig_hit_cnt; afl->stage_cycles[STAGE_FLIP1] += afl->stage_max; @@ -3290,7 +3290,7 @@ static u8 mopt_common_fuzzing(afl_state_t *afl, MOpt_globals_t MOpt_globals) { } /* for afl->stage_cur */ - new_hit_cnt = afl->queued_paths + afl->unique_crashes; + new_hit_cnt = afl->queued_items + afl->saved_crashes; afl->stage_finds[STAGE_FLIP2] += new_hit_cnt - orig_hit_cnt; afl->stage_cycles[STAGE_FLIP2] += afl->stage_max; @@ -3325,7 +3325,7 @@ static u8 mopt_common_fuzzing(afl_state_t *afl, MOpt_globals_t MOpt_globals) { } /* for afl->stage_cur */ - new_hit_cnt = afl->queued_paths + afl->unique_crashes; + new_hit_cnt = afl->queued_items + afl->saved_crashes; afl->stage_finds[STAGE_FLIP4] += new_hit_cnt - orig_hit_cnt; afl->stage_cycles[STAGE_FLIP4] += afl->stage_max; @@ -3431,7 +3431,7 @@ static u8 mopt_common_fuzzing(afl_state_t *afl, MOpt_globals_t MOpt_globals) { afl->blocks_eff_total += EFF_ALEN(len); - new_hit_cnt = afl->queued_paths + afl->unique_crashes; + new_hit_cnt = afl->queued_items + afl->saved_crashes; afl->stage_finds[STAGE_FLIP8] += new_hit_cnt - orig_hit_cnt; afl->stage_cycles[STAGE_FLIP8] += afl->stage_max; @@ -3473,7 +3473,7 @@ static u8 mopt_common_fuzzing(afl_state_t *afl, MOpt_globals_t MOpt_globals) { } /* for i = 0; i < len */ - new_hit_cnt = afl->queued_paths + afl->unique_crashes; + new_hit_cnt = afl->queued_items + afl->saved_crashes; afl->stage_finds[STAGE_FLIP16] += new_hit_cnt - orig_hit_cnt; afl->stage_cycles[STAGE_FLIP16] += afl->stage_max; @@ -3515,7 +3515,7 @@ static u8 mopt_common_fuzzing(afl_state_t *afl, MOpt_globals_t MOpt_globals) { } /* for i = 0; i < len - 3 */ - new_hit_cnt = afl->queued_paths + afl->unique_crashes; + new_hit_cnt = afl->queued_items + afl->saved_crashes; afl->stage_finds[STAGE_FLIP32] += new_hit_cnt - orig_hit_cnt; afl->stage_cycles[STAGE_FLIP32] += afl->stage_max; @@ -3605,7 +3605,7 @@ skip_bitflip: } /* for i = 0; i < len */ - new_hit_cnt = afl->queued_paths + afl->unique_crashes; + new_hit_cnt = afl->queued_items + afl->saved_crashes; afl->stage_finds[STAGE_ARITH8] += new_hit_cnt - orig_hit_cnt; afl->stage_cycles[STAGE_ARITH8] += afl->stage_max; @@ -3731,7 +3731,7 @@ skip_bitflip: } /* for i = 0; i < len - 1 */ - new_hit_cnt = afl->queued_paths + afl->unique_crashes; + new_hit_cnt = afl->queued_items + afl->saved_crashes; afl->stage_finds[STAGE_ARITH16] += new_hit_cnt - orig_hit_cnt; afl->stage_cycles[STAGE_ARITH16] += afl->stage_max; @@ -3856,7 +3856,7 @@ skip_bitflip: } /* for i = 0; i < len - 3 */ - new_hit_cnt = afl->queued_paths + afl->unique_crashes; + new_hit_cnt = afl->queued_items + afl->saved_crashes; afl->stage_finds[STAGE_ARITH32] += new_hit_cnt - orig_hit_cnt; afl->stage_cycles[STAGE_ARITH32] += afl->stage_max; @@ -3921,7 +3921,7 @@ skip_arith: } /* for i = 0; i < len */ - new_hit_cnt = afl->queued_paths + afl->unique_crashes; + new_hit_cnt = afl->queued_items + afl->saved_crashes; afl->stage_finds[STAGE_INTEREST8] += new_hit_cnt - orig_hit_cnt; afl->stage_cycles[STAGE_INTEREST8] += afl->stage_max; @@ -4007,7 +4007,7 @@ skip_arith: } /* for i = 0; i < len - 1 */ - new_hit_cnt = afl->queued_paths + afl->unique_crashes; + new_hit_cnt = afl->queued_items + afl->saved_crashes; afl->stage_finds[STAGE_INTEREST16] += new_hit_cnt - orig_hit_cnt; afl->stage_cycles[STAGE_INTEREST16] += afl->stage_max; @@ -4094,7 +4094,7 @@ skip_arith: } /* for i = 0; i < len - 3 */ - new_hit_cnt = afl->queued_paths + afl->unique_crashes; + new_hit_cnt = afl->queued_items + afl->saved_crashes; afl->stage_finds[STAGE_INTEREST32] += new_hit_cnt - orig_hit_cnt; afl->stage_cycles[STAGE_INTEREST32] += afl->stage_max; @@ -4167,7 +4167,7 @@ skip_interest: } /* for i = 0; i < len */ - new_hit_cnt = afl->queued_paths + afl->unique_crashes; + new_hit_cnt = afl->queued_items + afl->saved_crashes; afl->stage_finds[STAGE_EXTRAS_UO] += new_hit_cnt - orig_hit_cnt; afl->stage_cycles[STAGE_EXTRAS_UO] += afl->stage_max; @@ -4223,7 +4223,7 @@ skip_interest: } /* for i = 0; i <= len */ - new_hit_cnt = afl->queued_paths + afl->unique_crashes; + new_hit_cnt = afl->queued_items + afl->saved_crashes; afl->stage_finds[STAGE_EXTRAS_UI] += new_hit_cnt - orig_hit_cnt; afl->stage_cycles[STAGE_EXTRAS_UI] += afl->stage_max; @@ -4282,7 +4282,7 @@ skip_user_extras: } /* for i = 0; i < len */ - new_hit_cnt = afl->queued_paths + afl->unique_crashes; + new_hit_cnt = afl->queued_items + afl->saved_crashes; afl->stage_finds[STAGE_EXTRAS_AO] += new_hit_cnt - orig_hit_cnt; afl->stage_cycles[STAGE_EXTRAS_AO] += afl->stage_max; @@ -4335,7 +4335,7 @@ pacemaker_fuzzing: if (unlikely(afl->orig_hit_cnt_puppet == 0)) { - afl->orig_hit_cnt_puppet = afl->queued_paths + afl->unique_crashes; + afl->orig_hit_cnt_puppet = afl->queued_items + afl->saved_crashes; afl->last_limit_time_start = get_cur_time(); afl->SPLICE_CYCLES_puppet = (rand_below( @@ -4380,9 +4380,9 @@ pacemaker_fuzzing: temp_len = len; - orig_hit_cnt = afl->queued_paths + afl->unique_crashes; + orig_hit_cnt = afl->queued_items + afl->saved_crashes; - havoc_queued = afl->queued_paths; + havoc_queued = afl->queued_items; u32 r_max; @@ -4948,7 +4948,7 @@ pacemaker_fuzzing: u32 tid; do { - tid = rand_below(afl, afl->queued_paths); + tid = rand_below(afl, afl->queued_items); } while (tid == afl->current_entry || @@ -5029,7 +5029,7 @@ pacemaker_fuzzing: ++*MOpt_globals.pTime; - u64 temp_total_found = afl->queued_paths + afl->unique_crashes; + u64 temp_total_found = afl->queued_items + afl->saved_crashes; if (common_fuzz_stuff(afl, out_buf, temp_len)) { @@ -5048,7 +5048,7 @@ pacemaker_fuzzing: /* If we're finding new stuff, let's run for a bit longer, limits permitting. */ - if (afl->queued_paths != havoc_queued) { + if (afl->queued_items != havoc_queued) { if (perf_score <= afl->havoc_max_mult * 100) { @@ -5057,15 +5057,15 @@ pacemaker_fuzzing: } - havoc_queued = afl->queued_paths; + havoc_queued = afl->queued_items; } - if (unlikely(afl->queued_paths + afl->unique_crashes > + if (unlikely(afl->queued_items + afl->saved_crashes > temp_total_found)) { u64 temp_temp_puppet = - afl->queued_paths + afl->unique_crashes - temp_total_found; + afl->queued_items + afl->saved_crashes - temp_total_found; afl->total_puppet_find = afl->total_puppet_find + temp_temp_puppet; if (MOpt_globals.is_pilot_mode) { @@ -5099,7 +5099,7 @@ pacemaker_fuzzing: ++afl->stage_cur) { */ - new_hit_cnt = afl->queued_paths + afl->unique_crashes; + new_hit_cnt = afl->queued_items + afl->saved_crashes; if (MOpt_globals.is_pilot_mode) { @@ -5149,7 +5149,7 @@ pacemaker_fuzzing: do { - tid = rand_below(afl, afl->queued_paths); + tid = rand_below(afl, afl->queued_items); } while (tid == afl->current_entry || afl->queue_buf[tid]->len < 4); @@ -5235,8 +5235,8 @@ pacemaker_fuzzing: if (afl->key_puppet == 1) { if (unlikely( - afl->queued_paths + afl->unique_crashes > - ((afl->queued_paths + afl->unique_crashes) * limit_time_bound + + afl->queued_items + afl->saved_crashes > + ((afl->queued_items + afl->saved_crashes) * limit_time_bound + afl->orig_hit_cnt_puppet))) { afl->key_puppet = 0; @@ -5251,7 +5251,7 @@ pacemaker_fuzzing: afl->total_pacemaker_time += *MOpt_globals.pTime; *MOpt_globals.pTime = 0; - new_hit_cnt = afl->queued_paths + afl->unique_crashes; + new_hit_cnt = afl->queued_items + afl->saved_crashes; if (MOpt_globals.is_pilot_mode) { -- cgit 1.4.1 From 6ce72deb75163a8532ab3142cc1a9d8a1138459b Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 9 Dec 2021 15:21:12 +0100 Subject: more rename --- qemu_mode/qemuafl | 2 +- src/afl-fuzz-one.c | 4 ++-- src/afl-fuzz-stats.c | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) (limited to 'src/afl-fuzz-one.c') diff --git a/qemu_mode/qemuafl b/qemu_mode/qemuafl index 8809a2b2..002e4739 160000 --- a/qemu_mode/qemuafl +++ b/qemu_mode/qemuafl @@ -1 +1 @@ -Subproject commit 8809a2b2ebf089d3427dd8f6a0044bcc2e13b389 +Subproject commit 002e473939a350854d56f67ce7b2e2d9706b8bca diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index 96c32a86..ebf3f4ac 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -447,7 +447,7 @@ u8 fuzz_one_original(afl_state_t *afl) { if (unlikely(afl->not_on_tty)) { ACTF( - "Fuzzing test case #%u (%u total, %llu uniq crashes found, " + "Fuzzing test case #%u (%u total, %llu crashes saved, " "perf_score=%0.0f, exec_us=%llu, hits=%u, map=%u, ascii=%u)...", afl->current_entry, afl->queued_items, afl->saved_crashes, afl->queue_cur->perf_score, afl->queue_cur->exec_us, @@ -2968,7 +2968,7 @@ static u8 mopt_common_fuzzing(afl_state_t *afl, MOpt_globals_t MOpt_globals) { if (afl->not_on_tty) { - ACTF("Fuzzing test case #%u (%u total, %llu uniq crashes found)...", + ACTF("Fuzzing test case #%u (%u total, %llu crashes saved)...", afl->current_entry, afl->queued_items, afl->saved_crashes); fflush(stdout); diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c index 5016095f..50e6c2f4 100644 --- a/src/afl-fuzz-stats.c +++ b/src/afl-fuzz-stats.c @@ -832,7 +832,7 @@ void show_stats(afl_state_t *afl) { sprintf(tmp, "%s (%0.02f%%)", u_stringify_int(IB(0), afl->cur_skipped_items), ((double)afl->cur_skipped_items * 100) / afl->queued_items); - SAYF(bV bSTOP " items timed out : " cRST "%-18s " bSTG bV, tmp); + SAYF(bV bSTOP " runs timed out : " cRST "%-18s " bSTG bV, tmp); sprintf(tmp, "%0.02f bits/tuple", t_bytes ? (((double)t_bits) / t_bytes) : 0); @@ -870,7 +870,7 @@ void show_stats(afl_state_t *afl) { SAYF(" new edges on : " cRST "%-20s" bSTG bV "\n", tmp); - sprintf(tmp, "%s (%s%s unique)", u_stringify_int(IB(0), afl->total_crashes), + sprintf(tmp, "%s (%s%s saved)", u_stringify_int(IB(0), afl->total_crashes), u_stringify_int(IB(1), afl->saved_crashes), (afl->saved_crashes >= KEEP_UNIQUE_CRASH) ? "+" : ""); @@ -904,7 +904,7 @@ void show_stats(afl_state_t *afl) { } - sprintf(tmp, "%s (%s%s unique)", u_stringify_int(IB(0), afl->total_tmouts), + sprintf(tmp, "%s (%s%s saved)", u_stringify_int(IB(0), afl->total_tmouts), u_stringify_int(IB(1), afl->saved_tmouts), (afl->saved_hangs >= KEEP_UNIQUE_HANG) ? "+" : ""); -- cgit 1.4.1 From 7603e49765080c8114b8c2e796ce9e0d2a02614b Mon Sep 17 00:00:00 2001 From: yuawn Date: Sat, 11 Dec 2021 09:10:14 +0000 Subject: rename active_paths --- src/afl-fuzz-init.c | 8 ++++---- src/afl-fuzz-one.c | 4 ++-- src/afl-fuzz-queue.c | 2 +- src/afl-fuzz-redqueen.c | 2 +- 4 files changed, 8 insertions(+), 8 deletions(-) (limited to 'src/afl-fuzz-one.c') diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index 3a0e0801..e4b83fa5 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -920,7 +920,7 @@ void perform_dry_run(afl_state_t *afl) { q->was_fuzzed = 1; --afl->pending_not_fuzzed; - --afl->active_paths; + --afl->active_items; } @@ -1051,7 +1051,7 @@ void perform_dry_run(afl_state_t *afl) { q->was_fuzzed = 1; --afl->pending_not_fuzzed; - --afl->active_paths; + --afl->active_items; } @@ -1162,7 +1162,7 @@ void perform_dry_run(afl_state_t *afl) { p->was_fuzzed = 1; --afl->pending_not_fuzzed; - --afl->active_paths; + --afl->active_items; } @@ -1175,7 +1175,7 @@ void perform_dry_run(afl_state_t *afl) { q->was_fuzzed = 1; --afl->pending_not_fuzzed; - --afl->active_paths; + --afl->active_items; } diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index ebf3f4ac..426a6507 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -547,7 +547,7 @@ u8 fuzz_one_original(afl_state_t *afl) { afl->queue_cur->perf_score = orig_perf = perf_score = calculate_score(afl, afl->queue_cur); - if (unlikely(perf_score <= 0 && afl->active_paths > 1)) { + if (unlikely(perf_score <= 0 && afl->active_items > 1)) { goto abandon_entry; @@ -3064,7 +3064,7 @@ static u8 mopt_common_fuzzing(afl_state_t *afl, MOpt_globals_t MOpt_globals) { else orig_perf = perf_score = calculate_score(afl, afl->queue_cur); - if (unlikely(perf_score <= 0 && afl->active_paths > 1)) { + if (unlikely(perf_score <= 0 && afl->active_items > 1)) { goto abandon_entry; diff --git a/src/afl-fuzz-queue.c b/src/afl-fuzz-queue.c index fd5610ca..2d76e4d2 100644 --- a/src/afl-fuzz-queue.c +++ b/src/afl-fuzz-queue.c @@ -548,7 +548,7 @@ void add_to_queue(afl_state_t *afl, u8 *fname, u32 len, u8 passed_det) { if (likely(q->len > 4)) afl->ready_for_splicing_count++; ++afl->queued_items; - ++afl->active_paths; + ++afl->active_items; ++afl->pending_not_fuzzed; afl->cycles_wo_finds = 0; diff --git a/src/afl-fuzz-redqueen.c b/src/afl-fuzz-redqueen.c index 240bd708..e363dffd 100644 --- a/src/afl-fuzz-redqueen.c +++ b/src/afl-fuzz-redqueen.c @@ -461,7 +461,7 @@ static u8 colorization(afl_state_t *afl, u8 *buf, u32 len, if (afl->colorize_success && afl->cmplog_lvl < 3 && (positions > CMPLOG_POSITIONS_MAX && len / positions == 1 && - afl->active_paths / afl->colorize_success > CMPLOG_CORPUS_PERCENT)) { + afl->active_items / afl->colorize_success > CMPLOG_CORPUS_PERCENT)) { #ifdef _DEBUG fprintf(stderr, "Colorization unsatisfactory\n"); -- cgit 1.4.1