From 59d546f39aac4cba196db04d2678ee84f5d1b54c Mon Sep 17 00:00:00 2001
From: vanhauser-thc <vh@thc.org>
Date: Thu, 23 May 2024 21:42:17 +0200
Subject: [PATCH] minor enhancement

---
 include/afl-fuzz.h   |  1 +
 src/afl-fuzz-queue.c | 71 ++++++++++++++++++++++----------------------
 src/afl-fuzz.c       |  9 +++---
 3 files changed, 42 insertions(+), 39 deletions(-)

diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h
index 63ebac39..2380b289 100644
--- a/include/afl-fuzz.h
+++ b/include/afl-fuzz.h
@@ -200,6 +200,7 @@ struct queue_entry {
   u8 *fname;                            /* File name for the test case      */
   u32 len;                              /* Input length                     */
   u32 id;                               /* entry number in queue_buf        */
+  u32 found;
 
   u8 colorized,                         /* Do not run redqueen stage again  */
       cal_failed;                       /* Calibration failed?              */
diff --git a/src/afl-fuzz-queue.c b/src/afl-fuzz-queue.c
index 56410461..4dacd1c0 100644
--- a/src/afl-fuzz-queue.c
+++ b/src/afl-fuzz-queue.c
@@ -60,53 +60,53 @@ inline u32 select_next_queue_entry(afl_state_t *afl) {
 
 }
 
-//#define DEBUG_QUEUE 1
+// #define DEBUG_QUEUE 1
 double compute_weight(afl_state_t *afl, struct queue_entry *q,
                       double avg_exec_us, double avg_bitmap_size,
                       double avg_top_size, double avg_score) {
 
   double weight = 1.0;
-/*
-  if (likely(afl->schedule >= FAST && afl->schedule <= RARE)) {
+  /*
+    if (likely(afl->schedule >= FAST && afl->schedule <= RARE)) {
 
-    u32 hits = afl->n_fuzz[q->n_fuzz_entry];
-    if (likely(hits)) { weight /= (log10(hits) + 1); }
+      u32 hits = afl->n_fuzz[q->n_fuzz_entry];
+      if (likely(hits)) { weight /= (log10(hits) + 1); }
 
-  }
+    }
 
-#ifdef DEBUG_QUEUE
-  fprintf(stderr, "WEIGHT id=%u fname=%s start_weight=1.0\n", q->id, q->fname);
-  fprintf(stderr, "  after step 1: %.2f (log10(hits))\n", weight);
-#endif
-  if (likely(afl->schedule < RARE)) { weight *= (avg_exec_us / q->exec_us); }
-#ifdef DEBUG_QUEUE
-  fprintf(stderr, "  after step 2: %.2f (exec_us)\n", weight);
-#endif
-  weight *= (log(q->bitmap_size) / avg_bitmap_size);
-#ifdef DEBUG_QUEUE
-  fprintf(stderr, "  after step 3: %.2f (log(bitmap_size))\n", weight);
-#endif
-  weight *= (1 + (q->tc_ref / avg_top_size));
-#ifdef DEBUG_QUEUE
-  fprintf(stderr, "  after step 4: %.2f (top_size)\n", weight);
-#endif
-  if (unlikely(avg_score != 0.0)) { weight *= (q->score / avg_score); }
-#ifdef DEBUG_QUEUE
-  fprintf(stderr, "  after step 5: %.2f (score)\n", weight);
-#endif
+  #ifdef DEBUG_QUEUE
+    fprintf(stderr, "WEIGHT id=%u fname=%s start_weight=1.0\n", q->id,
+  q->fname); fprintf(stderr, "  after step 1: %.2f (log10(hits))\n", weight);
+  #endif
+    if (likely(afl->schedule < RARE)) { weight *= (avg_exec_us / q->exec_us); }
+  #ifdef DEBUG_QUEUE
+    fprintf(stderr, "  after step 2: %.2f (exec_us)\n", weight);
+  #endif
+    weight *= (log(q->bitmap_size) / avg_bitmap_size);
+  #ifdef DEBUG_QUEUE
+    fprintf(stderr, "  after step 3: %.2f (log(bitmap_size))\n", weight);
+  #endif
+    weight *= (1 + (q->tc_ref / avg_top_size));
+  #ifdef DEBUG_QUEUE
+    fprintf(stderr, "  after step 4: %.2f (top_size)\n", weight);
+  #endif
+    if (unlikely(avg_score != 0.0)) { weight *= (q->score / avg_score); }
+  #ifdef DEBUG_QUEUE
+    fprintf(stderr, "  after step 5: %.2f (score)\n", weight);
+  #endif
 
-  if (unlikely(weight < 0.1)) { weight = 0.1; }
-  if (unlikely(q->favored)) {
+    if (unlikely(weight < 0.1)) { weight = 0.1; }
+    if (unlikely(q->favored)) {
 
-    weight += 1;
-    weight *= 5;
+      weight += 1;
+      weight *= 5;
 
-  }
+    }
 
-#ifdef DEBUG_QUEUE
-  fprintf(stderr, "  after step 6: %.2f (favored)\n", weight);
-#endif
-*/
+  #ifdef DEBUG_QUEUE
+    fprintf(stderr, "  after step 6: %.2f (favored)\n", weight);
+  #endif
+  */
   if (unlikely(!q->was_fuzzed)) { weight *= 3; }
 #ifdef DEBUG_QUEUE
   fprintf(stderr, "  after step 7: %.2f (was_fuzzed)\n", weight);
@@ -635,6 +635,7 @@ void add_to_queue(afl_state_t *afl, u8 *fname, u32 len, u8 passed_det) {
   q->trace_mini = NULL;
   q->testcase_buf = NULL;
   q->mother = afl->queue_cur;
+  afl->queue_cur->found++;
   q->score = afl->current_score;
   if (unlikely(!q->score)) { q->score = 1; }
 
diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c
index 9c540451..f2df8e55 100644
--- a/src/afl-fuzz.c
+++ b/src/afl-fuzz.c
@@ -3081,15 +3081,16 @@ stop_fuzzing:
 
         struct queue_entry *q = afl->queue_buf[k];
         fprintf(stderr,
-                "item=%u fname=%s len=%u exec_us=%llu total_execs=%llu has_new_cov=%u "
+                "item=%u fname=%s len=%u exec_us=%llu total_execs=%llu "
+                "has_new_cov=%u "
                 "var_behavior=%u favored=%u fs_redundant=%u disabled=%u "
                 "bitmap_size=%u tc_ref=%u fuzz_level=%u was_fuzzed=%u "
-                "mother=%d perf_score=%.2f weight=%.2f score=%u\n",
+                "mother=%d found=%u perf_score=%.2f weight=%.2f score=%u\n",
                 k, q->fname, q->len, q->exec_us, q->total_execs, q->has_new_cov,
                 q->var_behavior, q->favored, q->fs_redundant, q->disabled,
                 q->bitmap_size, q->tc_ref, q->fuzz_level, q->was_fuzzed,
-                q->mother == NULL ? -1 : (int)q->mother->id, q->perf_score,
-                q->weight, q->score);
+                q->mother == NULL ? -1 : (int)q->mother->id, q->found,
+                q->perf_score, q->weight, q->score);
 
       }