fix 32-bit mode, fix weighting

GNUmakefile

@@ -414,7 +414,7 @@ afl-as: src/afl-as.c include/afl-as.h $(COMM_HDR) | test_x86
 	@ln -sf afl-as as
 
 src/afl-performance.o : $(COMM_HDR) src/afl-performance.c include/hash.h
-	$(CC) -Iinclude $(SPECIAL_PERFORMANCE) -O3 -fno-unroll-loops -c src/afl-performance.c -o src/afl-performance.o
+	$(CC) $(CFLAGS) -Iinclude $(SPECIAL_PERFORMANCE) -O3 -fno-unroll-loops -c src/afl-performance.c -o src/afl-performance.o
 
 src/afl-common.o : $(COMM_HDR) src/afl-common.c include/common.h
 	$(CC) $(CFLAGS) $(CFLAGS_FLTO) -c src/afl-common.c -o src/afl-common.o

src/afl-fuzz-init.c

@@ -1667,21 +1667,21 @@ static void handle_existing_out_dir(afl_state_t *afl) {
 
   if (afl->in_place_resume && rmdir(fn)) {
 
-    time_t     cur_t = time(0);
-    struct tm  t;
+    time_t    cur_t = time(0);
+    struct tm t;
     localtime_r(&cur_t, &t);
 
 #ifndef SIMPLE_FILES
 
-    u8 *nfn = alloc_printf("%s.%04d-%02d-%02d-%02d:%02d:%02d", fn,
-                           t.tm_year + 1900, t.tm_mon + 1, t.tm_mday,
-                           t.tm_hour, t.tm_min, t.tm_sec);
+    u8 *nfn =
+        alloc_printf("%s.%04d-%02d-%02d-%02d:%02d:%02d", fn, t.tm_year + 1900,
+                     t.tm_mon + 1, t.tm_mday, t.tm_hour, t.tm_min, t.tm_sec);
 
 #else
 
-    u8 *nfn = alloc_printf("%s_%04d%02d%02d%02d%02d%02d", fn, t.tm_year + 1900,
-                           t.tm_mon + 1, t.tm_mday, t.tm_hour, t.tm_min,
-                           t.tm_sec);
+    u8 *nfn =
+        alloc_printf("%s_%04d%02d%02d%02d%02d%02d", fn, t.tm_year + 1900,
+                     t.tm_mon + 1, t.tm_mday, t.tm_hour, t.tm_min, t.tm_sec);
 
 #endif                                                    /* ^!SIMPLE_FILES */
 
@@ -1699,21 +1699,21 @@ static void handle_existing_out_dir(afl_state_t *afl) {
 
   if (afl->in_place_resume && rmdir(fn)) {
 
-    time_t     cur_t = time(0);
-    struct tm  t;
+    time_t    cur_t = time(0);
+    struct tm t;
     localtime_r(&cur_t, &t);
 
 #ifndef SIMPLE_FILES
 
-    u8 *nfn = alloc_printf("%s.%04d-%02d-%02d-%02d:%02d:%02d", fn,
-                           t.tm_year + 1900, t.tm_mon + 1, t.tm_mday,
-                           t.tm_hour, t.tm_min, t.tm_sec);
+    u8 *nfn =
+        alloc_printf("%s.%04d-%02d-%02d-%02d:%02d:%02d", fn, t.tm_year + 1900,
+                     t.tm_mon + 1, t.tm_mday, t.tm_hour, t.tm_min, t.tm_sec);
 
 #else
 
-    u8 *nfn = alloc_printf("%s_%04d%02d%02d%02d%02d%02d", fn, t.tm_year + 1900,
-                           t.tm_mon + 1, t.tm_mday, t.tm_hour, t.tm_min,
-                           t.tm_sec);
+    u8 *nfn =
+        alloc_printf("%s_%04d%02d%02d%02d%02d%02d", fn, t.tm_year + 1900,
+                     t.tm_mon + 1, t.tm_mday, t.tm_hour, t.tm_min, t.tm_sec);
 
 #endif                                                    /* ^!SIMPLE_FILES */
 

src/afl-fuzz-queue.c

@@ -97,30 +97,43 @@ void create_alias_table(afl_state_t *afl) {
 
     double avg_exec_us = 0.0;
     double avg_bitmap_size = 0.0;
-    for (i = 0; i < n; i++) {
-
-      struct queue_entry *q = afl->queue_buf[i];
-      avg_exec_us += q->exec_us;
-      avg_bitmap_size += log(q->bitmap_size);
-
-    }
-
-    avg_exec_us /= afl->queued_paths;
-    avg_bitmap_size /= afl->queued_paths;
+    u32    active = 0;
 
     for (i = 0; i < n; i++) {
 
       struct queue_entry *q = afl->queue_buf[i];
 
-      q->weight = q->disabled ? 0 : compute_weight(afl, q, avg_exec_us, avg_bitmap_size);
-      q->perf_score = q->disabled ? 0 : calculate_score(afl, q);
+      // disabled entries might have timings and bitmap values
+      if (likely(!q->disabled)) {
 
-      sum += q->weight;
+        avg_exec_us += q->exec_us;
+        avg_bitmap_size += log(q->bitmap_size);
+        ++active;
+
+      }
+
+    }
+
+    avg_exec_us /= active;
+    avg_bitmap_size /= active;
+
+    for (i = 0; i < n; i++) {
+
+      struct queue_entry *q = afl->queue_buf[i];
+
+      if (likely(!q->disabled)) {
+
+        q->weight = compute_weight(afl, q, avg_exec_us, avg_bitmap_size);
+        q->perf_score = calculate_score(afl, q);
+        sum += q->weight;
+
+      }
 
     }
 
     for (i = 0; i < n; i++) {
 
+      // weight is always 0 for disabled entries
       P[i] = (afl->queue_buf[i]->weight * n) / sum;
 
     }
@@ -139,8 +152,8 @@ void create_alias_table(afl_state_t *afl) {
 
     for (i = 0; i < n; i++) {
 
-      struct queue_entry *q = afl->queue_buf[i];
-      P[i] = (q->perf_score * n) / sum;
+      // perf_score is always 0 for disabled entries
+      P[i] = (afl->queue_buf[i]->perf_score * n) / sum;
 
     }
 

src/afl-fuzz-redqueen.c

@@ -456,7 +456,8 @@ static u8 cmp_extend_encoding(afl_state_t *afl, struct cmp_header *h,
 
   }
 
-  if (/* SHAPE_BYTES(h->shape) >= 1 && */ *status != 1) { /* avoid CodeQL warning on unsigned overflow */
+  /* avoid CodeQL warning on unsigned overflow */
+  if (/* SHAPE_BYTES(h->shape) >= 1 && */ *status != 1) {
 
     if (its_len >= 1 && *buf_8 == (u8)pattern && *o_buf_8 == (u8)o_pattern) {
 

src/afl-performance.c

@@ -56,13 +56,13 @@ inline AFL_RAND_RETURN rand_next(afl_state_t *afl) {
 // RomuTrio32
 inline AFL_RAND_RETURN rand_next(afl_state_t *afl) {
 
-  AFL_RAND_RETURN xp = afl->rand_seed[0], yp = afl->rand_seed[1],
-                  zp = afl->rand_seed[2];
+  AFL_RAND_RETURN xp = (u32)afl->rand_seed[0], yp = (u32)afl->rand_seed[1],
+                  zp = (u32)afl->rand_seed[2];
   afl->rand_seed[0] = 3323815723u * zp;
   afl->rand_seed[1] = yp - xp;
-  afl->rand_seed[1] = ROTL(afl->rand_seed[1], 6);
+  afl->rand_seed[1] = ROTL((u32)afl->rand_seed[1], 6);
   afl->rand_seed[2] = zp - yp;
-  afl->rand_seed[2] = ROTL(afl->rand_seed[2], 22);
+  afl->rand_seed[2] = ROTL((u32)afl->rand_seed[2], 22);
   return xp;
 
 }