push to stable (#1983)

* Output afl-clang-fast stuffs only if necessary (#1912) * afl-cc header * afl-cc common declarations - Add afl-cc-state.c - Strip includes, find_object, debug/be_quiet/have_*/callname setting from afl-cc.c - Use debugf_args in main - Modify execvp stuffs to fit new aflcc struct * afl-cc show usage * afl-cc mode selecting 1. compiler_mode by callname in argv[0] 2. compiler_mode by env "AFL_CC_COMPILER" 3. compiler_mode/instrument_mode by command line options "--afl-..." 4. instrument_mode/compiler_mode by various env vars including "AFL_LLVM_INSTRUMENT" 5. final checking steps 6. print "... - mode: %s-%s\n" 7. determine real argv[0] according to compiler_mode * afl-cc macro defs * afl-cc linking behaviors * afl-cc fsanitize behaviors * afl-cc misc * afl-cc body update * afl-cc all-in-one formated with custom-format.py * nits --------- Co-authored-by: vanhauser-thc <vh@thc.org> * changelog * update grammar mutator * lto llvm 12+ * docs(custom_mutators): fix missing ':' (#1953) * Fix broken LTO mode and response file support (#1948) * Strip `-Wl,-no-undefined` during compilation (#1952) Make the compiler wrapper stripping `-Wl,-no-undefined` in addition to `-Wl,--no-undefined`. Both versions of the flag are accepted by clang and, therefore, used by building systems in the wild (e.g., samba will not build without this fix). * Remove dead code in write_to_testcase (#1955) The custom_mutators_count check in if case is duplicate with if condition. The else case is custom_mutators_count == 0, neither custom_mutator_list iteration nor sent check needed. Signed-off-by: Xeonacid <h.dwwwwww@gmail.com> * update qemuafl * WIP: Add ability to generate drcov trace using QEMU backend (#1956) * Document new drcov QEMU plugin * Add link to lightkeeper for QEMU drcov file loading --------- Co-authored-by: Jean-Romain Garnier <jean-romain.garnier@airbus.com> * code format * changelog * sleep on uid != 0 afl-system-config * fix segv about skip_next, warn on unsupported cases of linking options (#1958) * todos * ensure afl-cc only allows available compiler modes * update grammar mutator * disable aslr on apple * fix for arm64 * help selective instrumentation * typos * macos * add compiler test script * apple fixes * bump nyx submodules (#1963) * fix docs * update changelog * update grammar mutator * improve compiler test script * gcc asan workaround (#1966) * fix github merge fuckup * fix * Fix afl-cc (#1968) - Check if too many cmdline params here, each time before insert a new param. - Check if it is "-fsanitize=..." before we do sth. - Remove improper param_st transfer. * Avoid adding llvmnative instrumentation when linking rust sanitizer runtime (#1969) * Dynamic instrumentation filtering for LLVM native (#1971) * Add two dynamic instrumentation filter methods to runtime * Always use pc-table with native pcguard * Add make_symbol_list.py and README * changelog * todos * new forkserver check * fix * nyx test for CI * improve nyx docs * Fixes to afl-cc and documentation (#1974) * Always compile with -ldl when building for CODE_COVERAGE When building with CODE_COVERAGE, the afl runtime contains code that calls `dladdr` which requires -ldl. Under most circumstances, clang already adds this (e.g. when building with pc-table), but there are some circumstances where it isn't added automatically. * Add visibility declaration to __afl_connected When building with hidden visibility, the use of __AFL_LOOP inside such code can cause linker errors due to __afl_connected being declared "hidden". * Update docs to clarify that CODE_COVERAGE=1 is required for dynamic_covfilter * nits * nyx build script updates * test error output * debug ci * debug ci * Improve afl-cc (#1975) * update response file support - full support of rsp file - fix some segv issues * Improve afl-cc - remove dead code about allow/denylist options of sancov - missing `if (!aflcc->have_msan)` - add docs for each function - typo * enable nyx * debug ci * debug ci * debug ci * debug ci * debug ci * debug ci * debug ci * debug ci * fix ci * clean test script * NO_NYX * NO_NYX * fix ci * debug ci * fix ci * finalize ci fix * Enhancement on Deterministic stage (#1972) * fuzzer: init commit based on aflpp 60dc37a8cf09f8e9048e4b6a2204d6c90b27655a * fuzzers: adding the skip variables and initialize * log: profile the det/havoc finding * log: add profile log output * fuzzers: sperate log/skipdet module * fuzzers: add quick eff_map calc * fuzzers: add skip_eff_map in fuzz_one * fuzzers: mark whole input space in eff_map * fuzzers: add undet bit threshold to skip some seeds * fuzzers: fix one byte overflow * fuzzers: fix overflow * fix code format * add havoc only again * code format * remove log to INTROSPECTION, rename skipdet module * rename skipdet module * remove log to stats * clean redundant code * code format * remove redundant code format check * remove redundant doc * remove redundant objects * clean files * change -d to default skipdet * disable deterministic when using CUSTOM_MUTATOR * revert fix * final touches for skipdet * remove unused var * remove redundant eff struct (#1977) * update QEMU-Nyx submodule (#1978) * update QEMU-Nyx submodule (#1980) * Fix type in AFL_NOOPT env variable in afl-cc help message (#1982) * nits * 2024 v4.10c release * fixes --------- Signed-off-by: Xeonacid <h.dwwwwww@gmail.com> Co-authored-by: Sonic <50692172+SonicStark@users.noreply.github.com> Co-authored-by: Xeonacid <h.dwwwwww@gmail.com> Co-authored-by: Nils Bars <nils.bars@rub.de> Co-authored-by: Jean-Romain Garnier <7504819+JRomainG@users.noreply.github.com> Co-authored-by: Jean-Romain Garnier <jean-romain.garnier@airbus.com> Co-authored-by: Sergej Schumilo <sergej@schumilo.de> Co-authored-by: Christian Holler (:decoder) <choller@mozilla.com> Co-authored-by: Han Zheng <35988108+kdsjZh@users.noreply.github.com> Co-authored-by: Khaled Yakdan <yakdan@code-intelligence.com>
2025-06-05 23:01:33 +00:00 · 2024-02-03 11:55:51 +01:00 · 2024-02-03 11:55:51 +01:00 · 602eceed8b
commit 602eceed8b
parent eda770fd32
104 changed files with 793 additions and 242 deletions
--- a/.gitmodules
+++ b/.gitmodules
@ -19,9 +19,9 @@
 [submodule "nyx_mode/libnyx"]
 	path = nyx_mode/libnyx
 	url = https://github.com/nyx-fuzz/libnyx.git
 [submodule "nyx_mode/QEMU-Nyx"]
 	path = nyx_mode/QEMU-Nyx
 	url = https://github.com/nyx-fuzz/qemu-nyx.git
 [submodule "nyx_mode/packer"]
 	path = nyx_mode/packer
 	url = https://github.com/nyx-fuzz/packer.git
 [submodule "nyx_mode/QEMU-Nyx"]
 	path = nyx_mode/QEMU-Nyx
 	url = https://github.com/nyx-fuzz/QEMU-Nyx
--- a/GNUmakefile.gcc_plugin
+++ b/GNUmakefile.gcc_plugin
@ -11,7 +11,7 @@
 # from Laszlo Szekeres.
 #
 # Copyright 2015 Google Inc. All rights reserved.
-# Copyright 2019-2023 AFLplusplus Project. All rights reserved.
+# Copyright 2019-2024 AFLplusplus Project. All rights reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
--- a/GNUmakefile.llvm
+++ b/GNUmakefile.llvm
@ -45,7 +45,7 @@ endif
 LLVMVER  = $(shell $(LLVM_CONFIG) --version 2>/dev/null | sed 's/git//' | sed 's/svn//' )
 LLVM_MAJOR = $(shell $(LLVM_CONFIG) --version 2>/dev/null | sed 's/\..*//' )
 LLVM_MINOR = $(shell $(LLVM_CONFIG) --version 2>/dev/null | sed 's/.*\.//' | sed 's/git//' | sed 's/svn//' | sed 's/ .*//' )
-LLVM_UNSUPPORTED = $(shell $(LLVM_CONFIG) --version 2>/dev/null | grep -E -q '^[0-2]\.|^3.[0-7]\.' && echo 1 || echo 0 )
+LLVM_UNSUPPORTED = $(shell $(LLVM_CONFIG) --version 2>/dev/null | grep -E -q '^[0-2]\.|^3.[0-8]\.' && echo 1 || echo 0 )
 LLVM_TOO_NEW = $(shell $(LLVM_CONFIG) --version 2>/dev/null | grep -E -q '^1[8-9]|^2[0-9]' && echo 1 || echo 0 )
 LLVM_TOO_OLD = $(shell $(LLVM_CONFIG) --version 2>/dev/null | grep -E -q '^[1-9]\.|^1[012]\.' && echo 1 || echo 0 )
 LLVM_NEW_API = $(shell $(LLVM_CONFIG) --version 2>/dev/null | grep -E -q '^1[0-9]' && echo 1 || echo 0 )
--- a/README.md
+++ b/README.md
@ -2,9 +2,9 @@
 <img align="right" src="https://raw.githubusercontent.com/AFLplusplus/Website/main/static/aflpp_bg.svg" alt="AFL++ logo" width="250" heigh="250">
-Release version: [4.09c](https://github.com/AFLplusplus/AFLplusplus/releases)
+Release version: [4.10c](https://github.com/AFLplusplus/AFLplusplus/releases)
-GitHub version: 4.10a
+GitHub version: 4.10c
 Repository:
 [https://github.com/AFLplusplus/AFLplusplus](https://github.com/AFLplusplus/AFLplusplus)
--- a/afl-cmin.bash
+++ b/afl-cmin.bash
@ -7,7 +7,7 @@
 #
 # Copyright 2014, 2015 Google Inc. All rights reserved.
 #
-# Copyright 2019-2023 AFLplusplus
+# Copyright 2019-2024 AFLplusplus
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
--- a/2
+++ b/2
@ -6,7 +6,7 @@
 # Originally written by Michal Zalewski
 #
 # Copyright 2015 Google Inc. All rights reserved.
-# Copyright 2019-2023 AFLplusplus Project. All rights reserved.
+# Copyright 2019-2024 AFLplusplus Project. All rights reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
--- a/docs/Changelog.md
+++ b/docs/Changelog.md
@ -3,12 +3,14 @@
  This is the list of all noteworthy changes made in every public
  release of the tool. See README.md for the general instruction manual.
-### Version ++4.10a (dev)
+### Version ++4.10c (release)
  - afl-fuzz:
    - default power schedule is now EXPLORE, due a fix in fast schedules
      explore is slightly better now.
    - fixed minor issues in the mutation engine, thanks to @futhewo for
      reporting!
    - better deterministic fuzzing is now available, benchmarks have shown
      to improve fuzzing. Enable with -D. Thanks to @kdsjZh for the PR!
  - afl-cc:
    - large rewrite by @SonicStark which fixes a few corner cases, thanks!
    - LTO mode now requires llvm 12+
@ -32,7 +34,6 @@
  - updated the custom grammar mutator
  - document afl-cmin does not work on macOS (but afl-cmin.bash does)
 ### Version ++4.09c (release)
  - afl-fuzz:
    - fixed the new mutation implementation for two bugs
--- a/docs/INSTALL.md
+++ b/docs/INSTALL.md
@ -114,10 +114,10 @@ freshly installed clang, clang++, llvm-config, gmake and coreutils, e.g.:
 # Depending on your MacOS system + brew version it is either
 export PATH="/opt/homebrew/opt/llvm/bin:$PATH"
 # or
-export PATH="/usr/local/opt/llvm/bin:$PATH"
+export PATH="/usr/local/opt/llvm/bin:/usr/local/opt/coreutils/libexec/gnubin:$PATH"
 # you can check with "brew info llvm"
-export PATH="/usr/local/opt/coreutils/libexec/gnubin:/usr/local/bin:$PATH"
+export PATH="/usr/local/bin:$PATH"
 export CC=clang
 export CXX=clang++
 gmake
--- a/frida_mode/Scripting.md
+++ b/frida_mode/Scripting.md
@ -390,7 +390,7 @@ Consider the [following](test/js/test2.c) test code...
   --------------------------------------------------------
   Originally written by Michal Zalewski
   Copyright 2014 Google Inc. All rights reserved.
-   Copyright 2019-2023 AFLplusplus Project. All rights reserved.
+   Copyright 2019-2024 AFLplusplus Project. All rights reserved.
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
   You may obtain a copy of the License at:
--- a/frida_mode/test/cmplog/cmplog.c
+++ b/frida_mode/test/cmplog/cmplog.c
@ -2,7 +2,7 @@
 //
 // Author: Mateusz Jurczyk (mjurczyk@google.com)
 //
-// Copyright 2019-2023 Google LLC
+// Copyright 2019-2024 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
--- a/frida_mode/test/deferred/testinstr.c
+++ b/frida_mode/test/deferred/testinstr.c
@ -3,7 +3,7 @@
   --------------------------------------------------------
   Originally written by Michal Zalewski
   Copyright 2014 Google Inc. All rights reserved.
-   Copyright 2019-2023 AFLplusplus Project. All rights reserved.
+   Copyright 2019-2024 AFLplusplus Project. All rights reserved.
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
   You may obtain a copy of the License at:
--- a/frida_mode/test/dynamic/testinstr.c
+++ b/frida_mode/test/dynamic/testinstr.c
@ -3,7 +3,7 @@
   --------------------------------------------------------
   Originally written by Michal Zalewski
   Copyright 2014 Google Inc. All rights reserved.
-   Copyright 2019-2023 AFLplusplus Project. All rights reserved.
+   Copyright 2019-2024 AFLplusplus Project. All rights reserved.
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
   You may obtain a copy of the License at:
--- a/frida_mode/test/entry_point/testinstr.c
+++ b/frida_mode/test/entry_point/testinstr.c
@ -3,7 +3,7 @@
   --------------------------------------------------------
   Originally written by Michal Zalewski
   Copyright 2014 Google Inc. All rights reserved.
-   Copyright 2019-2023 AFLplusplus Project. All rights reserved.
+   Copyright 2019-2024 AFLplusplus Project. All rights reserved.
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
   You may obtain a copy of the License at:
--- a/frida_mode/test/exe/testinstr.c
+++ b/frida_mode/test/exe/testinstr.c
@ -3,7 +3,7 @@
   --------------------------------------------------------
   Originally written by Michal Zalewski
   Copyright 2014 Google Inc. All rights reserved.
-   Copyright 2019-2023 AFLplusplus Project. All rights reserved.
+   Copyright 2019-2024 AFLplusplus Project. All rights reserved.
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
   You may obtain a copy of the License at:
--- a/frida_mode/test/js/test.c
+++ b/frida_mode/test/js/test.c
@ -3,7 +3,7 @@
   --------------------------------------------------------
   Originally written by Michal Zalewski
   Copyright 2014 Google Inc. All rights reserved.
-   Copyright 2019-2023 AFLplusplus Project. All rights reserved.
+   Copyright 2019-2024 AFLplusplus Project. All rights reserved.
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
   You may obtain a copy of the License at:
--- a/frida_mode/test/js/test2.c
+++ b/frida_mode/test/js/test2.c
@ -3,7 +3,7 @@
   --------------------------------------------------------
   Originally written by Michal Zalewski
   Copyright 2014 Google Inc. All rights reserved.
-   Copyright 2019-2023 AFLplusplus Project. All rights reserved.
+   Copyright 2019-2024 AFLplusplus Project. All rights reserved.
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
   You may obtain a copy of the License at:
--- a/frida_mode/test/output/testinstr.c
+++ b/frida_mode/test/output/testinstr.c
@ -3,7 +3,7 @@
   --------------------------------------------------------
   Originally written by Michal Zalewski
   Copyright 2014 Google Inc. All rights reserved.
-   Copyright 2019-2023 AFLplusplus Project. All rights reserved.
+   Copyright 2019-2024 AFLplusplus Project. All rights reserved.
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
   You may obtain a copy of the License at:
--- a/frida_mode/test/perf/perf.c
+++ b/frida_mode/test/perf/perf.c
@ -3,7 +3,7 @@
   --------------------------------------------------------
   Originally written by Michal Zalewski
   Copyright 2014 Google Inc. All rights reserved.
-   Copyright 2019-2023 AFLplusplus Project. All rights reserved.
+   Copyright 2019-2024 AFLplusplus Project. All rights reserved.
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
   You may obtain a copy of the License at:
--- a/frida_mode/test/persistent_ret/testinstr.c
+++ b/frida_mode/test/persistent_ret/testinstr.c
@ -3,7 +3,7 @@
   --------------------------------------------------------
   Originally written by Michal Zalewski
   Copyright 2014 Google Inc. All rights reserved.
-   Copyright 2019-2023 AFLplusplus Project. All rights reserved.
+   Copyright 2019-2024 AFLplusplus Project. All rights reserved.
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
   You may obtain a copy of the License at:
--- a/frida_mode/test/testinstr/testinstr.c
+++ b/frida_mode/test/testinstr/testinstr.c
@ -3,7 +3,7 @@
   --------------------------------------------------------
   Originally written by Michal Zalewski
   Copyright 2014 Google Inc. All rights reserved.
-   Copyright 2019-2023 AFLplusplus Project. All rights reserved.
+   Copyright 2019-2024 AFLplusplus Project. All rights reserved.
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
   You may obtain a copy of the License at:
--- a/frida_mode/test/unstable/unstable.c
+++ b/frida_mode/test/unstable/unstable.c
@ -3,7 +3,7 @@
   --------------------------------------------------------
   Originally written by Michal Zalewski
   Copyright 2014 Google Inc. All rights reserved.
-   Copyright 2019-2023 AFLplusplus Project. All rights reserved.
+   Copyright 2019-2024 AFLplusplus Project. All rights reserved.
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
   You may obtain a copy of the License at:
--- a/frida_mode/util/frida_get_symbol_addr.sh
+++ b/frida_mode/util/frida_get_symbol_addr.sh
@ -1,5 +1,5 @@
 #!/bin/bash
-# Copyright 2023 AFLplusplus
+# Copyright 2024 AFLplusplus
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
--- a/include/afl-as.h
+++ b/include/afl-as.h
@ -10,7 +10,7 @@
                     Dominik Maier <mail@dmnk.co>
   Copyright 2016, 2017 Google Inc. All rights reserved.
-   Copyright 2019-2023 AFLplusplus Project. All rights reserved.
+   Copyright 2019-2024 AFLplusplus Project. All rights reserved.
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
--- a/include/afl-fuzz.h
+++ b/include/afl-fuzz.h
@ -10,7 +10,7 @@
                     Dominik Maier <mail@dmnk.co>
   Copyright 2016, 2017 Google Inc. All rights reserved.
-   Copyright 2019-2023 AFLplusplus Project. All rights reserved.
+   Copyright 2019-2024 AFLplusplus Project. All rights reserved.
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
@ -149,6 +149,48 @@ struct tainted {
 };
 struct inf_profile {
  u32 inf_skipped_bytes;               /* Inference Stage Profiling         */
  u64 inf_execs_cost, inf_time_cost;
 };
 /* ToDo: add cmplog profile as well */
 struct havoc_profile {
  u32 queued_det_stage,                 /* Det/Havoc Stage Profiling        */
      queued_havoc_stage, total_queued_det, edge_det_stage, edge_havoc_stage,
      total_det_edge;
  u64 det_stage_time, havoc_stage_time, total_det_time;
 };
 struct skipdet_entry {
  u8  continue_inf, done_eff;
  u32 undet_bits, quick_eff_bytes;
  u8 *skip_eff_map,                     /* we'v finish the eff_map          */
      *done_inf_map;                    /* some bytes are not done yet      */
 };
 struct skipdet_global {
  u8 use_skip_havoc;
  u32 undet_bits_threshold;
  u64 last_cov_undet;
  u8 *virgin_det_bits;                  /* global fuzzed bits               */
  struct inf_profile *inf_prof;
 };
 struct queue_entry {
  u8 *fname;                            /* File name for the test case      */
@ -203,6 +245,8 @@ struct queue_entry {
  struct queue_entry *mother;           /* queue entry this based on        */
  struct skipdet_entry *skipdet_e;
 };
 struct extra_data {
@ -247,6 +291,8 @@ enum {
  /* 19 */ STAGE_CUSTOM_MUTATOR,
  /* 20 */ STAGE_COLORIZATION,
  /* 21 */ STAGE_ITS,
  /* 22 */ STAGE_INF,
  /* 23 */ STAGE_QUICK,
  STAGE_NUM_MAX
@ -782,6 +828,11 @@ typedef struct afl_state {
   * is too large) */
  struct queue_entry **q_testcase_cache;
  /* Global Profile Data for deterministic/havoc-splice stage */
  struct havoc_profile *havoc_prof;
  struct skipdet_global *skipdet_g;
 #ifdef INTROSPECTION
  char  mutation[8072];
  char  m_tmp[4096];
@ -1232,6 +1283,13 @@ AFL_RAND_RETURN rand_next(afl_state_t *afl);
 /* probability between 0.0 and 1.0 */
 double rand_next_percent(afl_state_t *afl);
 /* SkipDet Functions */
 u8 skip_deterministic_stage(afl_state_t *, u8 *, u8 *, u32, u64);
 u8 is_det_timeout(u64, u8);
 void plot_profile_data(afl_state_t *, struct queue_entry *);
 /**** Inline routines ****/
 /* Generate a random number (from 0 to limit - 1). This may
--- a/include/afl-prealloc.h
+++ b/include/afl-prealloc.h
@ -10,7 +10,7 @@
                     Dominik Maier <mail@dmnk.co>
   Copyright 2016, 2017 Google Inc. All rights reserved.
-   Copyright 2019-2023 AFLplusplus Project. All rights reserved.
+   Copyright 2019-2024 AFLplusplus Project. All rights reserved.
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
--- a/include/alloc-inl.h
+++ b/include/alloc-inl.h
@ -10,7 +10,7 @@
                     Dominik Maier <mail@dmnk.co>
   Copyright 2016, 2017 Google Inc. All rights reserved.
-   Copyright 2019-2023 AFLplusplus Project. All rights reserved.
+   Copyright 2019-2024 AFLplusplus Project. All rights reserved.
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
--- a/include/cmplog.h
+++ b/include/cmplog.h
@ -12,7 +12,7 @@
                     Dominik Maier <mail@dmnk.co>
   Copyright 2016, 2017 Google Inc. All rights reserved.
-   Copyright 2019-2023 AFLplusplus Project. All rights reserved.
+   Copyright 2019-2024 AFLplusplus Project. All rights reserved.
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
--- a/include/common.h
+++ b/include/common.h
@ -10,7 +10,7 @@
                     Dominik Maier <mail@dmnk.co>
   Copyright 2016, 2017 Google Inc. All rights reserved.
-   Copyright 2019-2023 AFLplusplus Project. All rights reserved.
+   Copyright 2019-2024 AFLplusplus Project. All rights reserved.
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
--- a/include/config.h
+++ b/include/config.h
@ -10,7 +10,7 @@
                     Heiko Eissfeldt <heiko.eissfeldt@hexco.de>,
   Copyright 2016, 2017 Google Inc. All rights reserved.
-   Copyright 2019-2023 AFLplusplus Project. All rights reserved.
+   Copyright 2019-2024 AFLplusplus Project. All rights reserved.
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
@ -26,7 +26,7 @@
 /* Version string: */
 // c = release, a = volatile github dev, e = experimental branch
-#define VERSION "++4.10a"
+#define VERSION "++4.10c"
 /******************************************************
 *                                                    *
@ -52,6 +52,18 @@
 /* Default file permission umode when creating files (default: 0600) */
 #define DEFAULT_PERMISSION 0600
 /* SkipDet's global configuration */
 #define MINIMAL_BLOCK_SIZE 64
 #define SMALL_DET_TIME (60 * 1000 * 1000U)
 #define MAXIMUM_INF_EXECS (16 * 1024U)
 #define MAXIMUM_QUICK_EFF_EXECS (64 * 1024U)
 #define THRESHOLD_DEC_TIME (20 * 60 * 1000U)
 /* Set the Prob of selecting eff_bytes 3 times more than original,
   Now disabled */
 #define EFF_HAVOC_RATE 3
 /* CMPLOG/REDQUEEN TUNING
 *
 * Here you can modify tuning and solving options for CMPLOG.
--- a/include/debug.h
+++ b/include/debug.h
@ -10,7 +10,7 @@
                     Dominik Maier <mail@dmnk.co>
   Copyright 2016, 2017 Google Inc. All rights reserved.
-   Copyright 2019-2023 AFLplusplus Project. All rights reserved.
+   Copyright 2019-2024 AFLplusplus Project. All rights reserved.
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
--- a/include/forkserver.h
+++ b/include/forkserver.h
@ -12,7 +12,7 @@
                     Dominik Maier <mail@dmnk.co>>
   Copyright 2016, 2017 Google Inc. All rights reserved.
-   Copyright 2019-2023 AFLplusplus Project. All rights reserved.
+   Copyright 2019-2024 AFLplusplus Project. All rights reserved.
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
@ -126,7 +126,8 @@ typedef struct afl_forkserver {
  u8 *out_file,                         /* File to fuzz, if any             */
      *target_path;                     /* Path of the target               */
-  FILE *plot_file;                      /* Gnuplot output file              */
+  FILE *plot_file,                      /* Gnuplot output file              */
      *det_plot_file;
  /* Note: last_run_timed_out is u32 to send it to the child as 4 byte array */
  u32 last_run_timed_out;               /* Traced process timed out?        */
--- a/include/hash.h
+++ b/include/hash.h
@ -15,7 +15,7 @@
   Other code written by Michal Zalewski
   Copyright 2016 Google Inc. All rights reserved.
-   Copyright 2019-2023 AFLplusplus Project. All rights reserved.
+   Copyright 2019-2024 AFLplusplus Project. All rights reserved.
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
--- a/include/list.h
+++ b/include/list.h
@ -10,7 +10,7 @@
                     Dominik Maier <mail@dmnk.co>
   Copyright 2016, 2017 Google Inc. All rights reserved.
-   Copyright 2019-2023 AFLplusplus Project. All rights reserved.
+   Copyright 2019-2024 AFLplusplus Project. All rights reserved.
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
--- a/include/sharedmem.h
+++ b/include/sharedmem.h
@ -12,7 +12,7 @@
                     Dominik Maier <mail@dmnk.co>
   Copyright 2016, 2017 Google Inc. All rights reserved.
-   Copyright 2019-2023 AFLplusplus Project. All rights reserved.
+   Copyright 2019-2024 AFLplusplus Project. All rights reserved.
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
--- a/include/snapshot-inl.h
+++ b/include/snapshot-inl.h
@ -12,7 +12,7 @@
                     Dominik Maier <mail@dmnk.co>
   Copyright 2016, 2017 Google Inc. All rights reserved.
-   Copyright 2019-2023 AFLplusplus Project. All rights reserved.
+   Copyright 2019-2024 AFLplusplus Project. All rights reserved.
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
--- a/include/types.h
+++ b/include/types.h
@ -10,7 +10,7 @@
                     Dominik Maier <mail@dmnk.co>
   Copyright 2016, 2017 Google Inc. All rights reserved.
-   Copyright 2019-2023 AFLplusplus Project. All rights reserved.
+   Copyright 2019-2024 AFLplusplus Project. All rights reserved.
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
--- a/include/xxhash.h
+++ b/include/xxhash.h
@ -1,7 +1,7 @@
 /*
 * xxHash - Extremely Fast Hash algorithm
 * Header File
- * Copyright (C) 2012-2023 Yann Collet
+ * Copyright (C) 2012-2024 Yann Collet
 *
 * BSD 2-Clause License (https://www.opensource.org/licenses/bsd-license.php)
 *
--- a/instrumentation/afl-compiler-rt.o.c
+++ b/instrumentation/afl-compiler-rt.o.c
@ -3,7 +3,7 @@
   ------------------------------------------------
   Copyright 2015, 2016 Google Inc. All rights reserved.
-   Copyright 2019-2023 AFLplusplus Project. All rights reserved.
+   Copyright 2019-2024 AFLplusplus Project. All rights reserved.
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
--- a/instrumentation/afl-gcc-cmplog-pass.so.cc
+++ b/instrumentation/afl-gcc-cmplog-pass.so.cc
@ -3,7 +3,7 @@
   Copyright 2014-2019 Free Software Foundation, Inc
   Copyright 2015, 2016 Google Inc. All rights reserved.
   Copyright 2019-2020 AFLplusplus Project. All rights reserved.
-   Copyright 2019-2023 AdaCore
+   Copyright 2019-2024 AdaCore
   Written by Alexandre Oliva <oliva@adacore.com>, based on the AFL++
   LLVM CmpLog pass by Andrea Fioraldi <andreafioraldi@gmail.com>, and
--- a/instrumentation/afl-gcc-cmptrs-pass.so.cc
+++ b/instrumentation/afl-gcc-cmptrs-pass.so.cc
@ -3,7 +3,7 @@
   Copyright 2014-2019 Free Software Foundation, Inc
   Copyright 2015, 2016 Google Inc. All rights reserved.
   Copyright 2019-2020 AFLplusplus Project. All rights reserved.
-   Copyright 2019-2023 AdaCore
+   Copyright 2019-2024 AdaCore
   Written by Alexandre Oliva <oliva@adacore.com>, based on the AFL++
   LLVM CmpLog Routines pass by Andrea Fioraldi
--- a/instrumentation/afl-gcc-common.h
+++ b/instrumentation/afl-gcc-common.h
@ -2,7 +2,7 @@
   Copyright 2014-2019 Free Software Foundation, Inc
   Copyright 2015, 2016 Google Inc. All rights reserved.
-   Copyright 2019-2023 AdaCore
+   Copyright 2019-2024 AdaCore
   Written by Alexandre Oliva <oliva@adacore.com>, based on the AFL++
   GCC plugin.
--- a/instrumentation/afl-gcc-pass.so.cc
+++ b/instrumentation/afl-gcc-pass.so.cc
@ -2,7 +2,7 @@
   Copyright 2014-2019 Free Software Foundation, Inc
   Copyright 2015, 2016 Google Inc. All rights reserved.
-   Copyright 2019-2023 AdaCore
+   Copyright 2019-2024 AdaCore
   Written by Alexandre Oliva <oliva@adacore.com>, based on the AFL
   LLVM pass by Laszlo Szekeres <lszekeres@google.com> and Michal
--- a/instrumentation/afl-llvm-dict2file.so.cc
+++ b/instrumentation/afl-llvm-dict2file.so.cc
@ -4,7 +4,7 @@
   Written by Marc Heuse <mh@mh-sec.de>
-   Copyright 2019-2023 AFLplusplus Project. All rights reserved.
+   Copyright 2019-2024 AFLplusplus Project. All rights reserved.
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
--- a/instrumentation/afl-llvm-lto-instrumentlist.so.cc
+++ b/instrumentation/afl-llvm-lto-instrumentlist.so.cc
@ -9,7 +9,7 @@
   from afl-as.c are Michal's fault.
   Copyright 2015, 2016 Google Inc. All rights reserved.
-   Copyright 2019-2023 AFLplusplus Project. All rights reserved.
+   Copyright 2019-2024 AFLplusplus Project. All rights reserved.
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
--- a/instrumentation/afl-llvm-pass.so.cc
+++ b/instrumentation/afl-llvm-pass.so.cc
@ -12,7 +12,7 @@
   NGRAM previous location coverage comes from Adrian Herrera.
   Copyright 2015, 2016 Google Inc. All rights reserved.
-   Copyright 2019-2023 AFLplusplus Project. All rights reserved.
+   Copyright 2019-2024 AFLplusplus Project. All rights reserved.
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
--- a/instrumentation/cmplog-instructions-pass.cc
+++ b/instrumentation/cmplog-instructions-pass.cc
@ -5,7 +5,7 @@
   Written by Andrea Fioraldi <andreafioraldi@gmail.com>
   Copyright 2015, 2016 Google Inc. All rights reserved.
-   Copyright 2019-2023 AFLplusplus Project. All rights reserved.
+   Copyright 2019-2024 AFLplusplus Project. All rights reserved.
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
--- a/instrumentation/cmplog-routines-pass.cc
+++ b/instrumentation/cmplog-routines-pass.cc
@ -5,7 +5,7 @@
   Written by Andrea Fioraldi <andreafioraldi@gmail.com>
   Copyright 2015, 2016 Google Inc. All rights reserved.
-   Copyright 2019-2023 AFLplusplus Project. All rights reserved.
+   Copyright 2019-2024 AFLplusplus Project. All rights reserved.
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
--- a/instrumentation/cmplog-switches-pass.cc
+++ b/instrumentation/cmplog-switches-pass.cc
@ -5,7 +5,7 @@
   Written by Andrea Fioraldi <andreafioraldi@gmail.com>
   Copyright 2015, 2016 Google Inc. All rights reserved.
-   Copyright 2019-2023 AFLplusplus Project. All rights reserved.
+   Copyright 2019-2024 AFLplusplus Project. All rights reserved.
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
--- a/instrumentation/injection-pass.cc
+++ b/instrumentation/injection-pass.cc
@ -5,7 +5,7 @@
   Written by Marc Heuse <mh@mh-sec.de>
   Copyright 2015, 2016 Google Inc. All rights reserved.
-   Copyright 2019-2023 AFLplusplus Project. All rights reserved.
+   Copyright 2019-2024 AFLplusplus Project. All rights reserved.
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
--- a/nyx_mode/QEMU-Nyx
+++ b/nyx_mode/QEMU-Nyx
@ -1 +1 @@
-Subproject commit 1def26f83e83556d767754581fa52081ffb54b09
+Subproject commit e5e1c4c21ff9c4dc80e6409d4eab47146c6024cd
--- a/nyx_mode/QEMU_NYX_VERSION
+++ b/nyx_mode/QEMU_NYX_VERSION
@ -1 +1 @@
-1def26f83e
+e5e1c4c21ff9c4dc80e6409d4eab47146c6024cd
--- a/qemu_mode/build_qemu_support.sh
+++ b/qemu_mode/build_qemu_support.sh
@ -13,7 +13,7 @@
 # counters by Andrea Fioraldi <andreafioraldi@gmail.com>
 #
 # Copyright 2015, 2016, 2017 Google Inc. All rights reserved.
-# Copyright 2019-2023 AFLplusplus Project. All rights reserved.
+# Copyright 2019-2024 AFLplusplus Project. All rights reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
--- a/qemu_mode/fastexit/Makefile
+++ b/qemu_mode/fastexit/Makefile
@ -4,7 +4,7 @@
 #
 # Written by Andrea Fioraldi <andreafioraldi@gmail.com>
 #
-# Copyright 2019-2023 Andrea Fioraldi. All rights reserved.
+# Copyright 2019-2024 Andrea Fioraldi. All rights reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
--- a/qemu_mode/libcompcov/Makefile
+++ b/qemu_mode/libcompcov/Makefile
@ -4,7 +4,7 @@
 #
 # Written by Andrea Fioraldi <andreafioraldi@gmail.com>
 #
-# Copyright 2019-2023 Andrea Fioraldi. All rights reserved.
+# Copyright 2019-2024 Andrea Fioraldi. All rights reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
--- a/qemu_mode/libcompcov/compcovtest.cc
+++ b/qemu_mode/libcompcov/compcovtest.cc
@ -2,7 +2,7 @@
 //
 // Author: Mateusz Jurczyk (mjurczyk@google.com)
 //
-// Copyright 2019-2023 Google LLC
+// Copyright 2019-2024 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
--- a/qemu_mode/libcompcov/libcompcov.so.c
+++ b/qemu_mode/libcompcov/libcompcov.so.c
@ -5,7 +5,7 @@
   Written and maintained by Andrea Fioraldi <andreafioraldi@gmail.com>
-   Copyright 2019-2023 AFLplusplus Project. All rights reserved.
+   Copyright 2019-2024 AFLplusplus Project. All rights reserved.
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
--- a/qemu_mode/libqasan/Makefile
+++ b/qemu_mode/libqasan/Makefile
@ -4,7 +4,7 @@
 #
 # Written by Andrea Fioraldi <andreafioraldi@gmail.com>
 #
-# Copyright 2019-2023 Andrea Fioraldi. All rights reserved.
+# Copyright 2019-2024 Andrea Fioraldi. All rights reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
--- a/qemu_mode/libqasan/hooks.c
+++ b/qemu_mode/libqasan/hooks.c
@ -1,5 +1,5 @@
 /*******************************************************************************
-Copyright (c) 2019-2023, Andrea Fioraldi
+Copyright (c) 2019-2024, Andrea Fioraldi
 Redistribution and use in source and binary forms, with or without
--- a/qemu_mode/libqasan/libqasan.c
+++ b/qemu_mode/libqasan/libqasan.c
@ -1,5 +1,5 @@
 /*******************************************************************************
-Copyright (c) 2019-2023, Andrea Fioraldi
+Copyright (c) 2019-2024, Andrea Fioraldi
 Redistribution and use in source and binary forms, with or without
--- a/qemu_mode/libqasan/libqasan.h
+++ b/qemu_mode/libqasan/libqasan.h
@ -1,5 +1,5 @@
 /*******************************************************************************
-Copyright (c) 2019-2023, Andrea Fioraldi
+Copyright (c) 2019-2024, Andrea Fioraldi
 Redistribution and use in source and binary forms, with or without
--- a/qemu_mode/libqasan/malloc.c
+++ b/qemu_mode/libqasan/malloc.c
@ -1,5 +1,5 @@
 /*******************************************************************************
-Copyright (c) 2019-2023, Andrea Fioraldi
+Copyright (c) 2019-2024, Andrea Fioraldi
 Redistribution and use in source and binary forms, with or without
--- a/qemu_mode/libqasan/patch.c
+++ b/qemu_mode/libqasan/patch.c
@ -1,5 +1,5 @@
 /*******************************************************************************
-Copyright (c) 2019-2023, Andrea Fioraldi
+Copyright (c) 2019-2024, Andrea Fioraldi
 Redistribution and use in source and binary forms, with or without
--- a/qemu_mode/libqasan/string.c
+++ b/qemu_mode/libqasan/string.c
@ -1,5 +1,5 @@
 /*******************************************************************************
-Copyright (c) 2019-2023, Andrea Fioraldi
+Copyright (c) 2019-2024, Andrea Fioraldi
 Redistribution and use in source and binary forms, with or without
--- a/qemu_mode/libqasan/uninstrument.c
+++ b/qemu_mode/libqasan/uninstrument.c
@ -7,7 +7,7 @@ for some strange reason.
 */
 /*******************************************************************************
-Copyright (c) 2019-2023, Andrea Fioraldi
+Copyright (c) 2019-2024, Andrea Fioraldi
 Redistribution and use in source and binary forms, with or without
--- a/qemu_mode/unsigaction/Makefile
+++ b/qemu_mode/unsigaction/Makefile
@ -4,7 +4,7 @@
 #
 # Written by Andrea Fioraldi <andreafioraldi@gmail.com>
 #
-# Copyright 2019-2023 Andrea Fioraldi. All rights reserved.
+# Copyright 2019-2024 Andrea Fioraldi. All rights reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
--- a/qemu_mode/util/qemu_get_symbol_addr.sh
+++ b/qemu_mode/util/qemu_get_symbol_addr.sh
@ -1,5 +1,5 @@
 #!/bin/bash
-# Copyright 2023 AFLplusplus
+# Copyright 2024 AFLplusplus
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
--- a/src/afl-analyze.c
+++ b/src/afl-analyze.c
@ -9,7 +9,7 @@
                        Andrea Fioraldi <andreafioraldi@gmail.com>
   Copyright 2016, 2017 Google Inc. All rights reserved.
-   Copyright 2019-2023 AFLplusplus Project. All rights reserved.
+   Copyright 2019-2024 AFLplusplus Project. All rights reserved.
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
--- a/src/afl-as.c
+++ b/src/afl-as.c
@ -9,7 +9,7 @@
                        Andrea Fioraldi <andreafioraldi@gmail.com>
   Copyright 2016, 2017 Google Inc. All rights reserved.
-   Copyright 2019-2023 AFLplusplus Project. All rights reserved.
+   Copyright 2019-2024 AFLplusplus Project. All rights reserved.
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
--- a/src/afl-cc.c
+++ b/src/afl-cc.c
@ -5,7 +5,7 @@
   Written by Michal Zalewski, Laszlo Szekeres and Marc Heuse
   Copyright 2015, 2016 Google Inc. All rights reserved.
-   Copyright 2019-2023 AFLplusplus Project. All rights reserved.
+   Copyright 2019-2024 AFLplusplus Project. All rights reserved.
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
@ -2830,7 +2830,7 @@ static void maybe_usage(aflcc_state_t *aflcc, int argc, char **argv) {
          "  AFL_DONT_OPTIMIZE: disable optimization instead of -O3\n"
          "  AFL_NO_BUILTIN: no builtins for string compare functions (for "
          "libtokencap.so)\n"
-          "  AFL_NOOP: behave like a normal compiler (to pass configure "
+          "  AFL_NOOPT: behave like a normal compiler (to pass configure "
          "tests)\n"
          "  AFL_PATH: path to instrumenting pass and runtime  "
          "(afl-compiler-rt.*o)\n"
--- a/src/afl-common.c
+++ b/src/afl-common.c
@ -9,7 +9,7 @@
                        Andrea Fioraldi <andreafioraldi@gmail.com>
   Copyright 2016, 2017 Google Inc. All rights reserved.
-   Copyright 2019-2023 AFLplusplus Project. All rights reserved.
+   Copyright 2019-2024 AFLplusplus Project. All rights reserved.
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
--- a/src/afl-forkserver.c
+++ b/src/afl-forkserver.c
@ -13,7 +13,7 @@
   Copyright 2016, 2017 Google Inc. All rights reserved.
-   Copyright 2019-2023 AFLplusplus Project. All rights reserved.
+   Copyright 2019-2024 AFLplusplus Project. All rights reserved.
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
@ -1019,7 +1019,9 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv,
    if (status >= 0x41464c00 && status <= 0x41464cff) {
-      FATAL("Target uses the new forkserver model, you need to switch to a newer afl-fuzz too!");
+      FATAL(
          "Target uses the new forkserver model, you need to switch to a newer "
          "afl-fuzz too!");
    }
--- a/src/afl-fuzz-bitmap.c
+++ b/src/afl-fuzz-bitmap.c
@ -9,7 +9,7 @@
                        Andrea Fioraldi <andreafioraldi@gmail.com>
   Copyright 2016, 2017 Google Inc. All rights reserved.
-   Copyright 2019-2023 AFLplusplus Project. All rights reserved.
+   Copyright 2019-2024 AFLplusplus Project. All rights reserved.
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
--- a/src/afl-fuzz-cmplog.c
+++ b/src/afl-fuzz-cmplog.c
@ -11,7 +11,7 @@
                        Andrea Fioraldi <andreafioraldi@gmail.com>
   Copyright 2016, 2017 Google Inc. All rights reserved.
-   Copyright 2019-2023 AFLplusplus Project. All rights reserved.
+   Copyright 2019-2024 AFLplusplus Project. All rights reserved.
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
--- a/src/afl-fuzz-extras.c
+++ b/src/afl-fuzz-extras.c
@ -9,7 +9,7 @@
                        Andrea Fioraldi <andreafioraldi@gmail.com>
   Copyright 2016, 2017 Google Inc. All rights reserved.
-   Copyright 2019-2023 AFLplusplus Project. All rights reserved.
+   Copyright 2019-2024 AFLplusplus Project. All rights reserved.
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
--- a/src/afl-fuzz-init.c
+++ b/src/afl-fuzz-init.c
@ -9,7 +9,7 @@
                        Andrea Fioraldi <andreafioraldi@gmail.com>
   Copyright 2016, 2017 Google Inc. All rights reserved.
-   Copyright 2019-2023 AFLplusplus Project. All rights reserved.
+   Copyright 2019-2024 AFLplusplus Project. All rights reserved.
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
@ -2236,6 +2236,21 @@ void setup_dirs_fds(afl_state_t *afl) {
  fflush(afl->fsrv.plot_file);
 #ifdef INTROSPECTION
  tmp = alloc_printf("%s/plot_det_data", afl->out_dir);
  int fd = open(tmp, O_WRONLY | O_CREAT, DEFAULT_PERMISSION);
  if (fd < 0) { PFATAL("Unable to create '%s'", tmp); }
  ck_free(tmp);
  afl->fsrv.det_plot_file = fdopen(fd, "w");
  if (!afl->fsrv.det_plot_file) { PFATAL("fdopen() failed"); }
  if (afl->in_place_resume) { fseek(afl->fsrv.det_plot_file, 0, SEEK_END); }
 #endif
  /* ignore errors */
 }
--- a/src/afl-fuzz-mutators.c
+++ b/src/afl-fuzz-mutators.c
@ -10,7 +10,7 @@
                        Dominik Maier <mail@dmnk.co>
   Copyright 2016, 2017 Google Inc. All rights reserved.
-   Copyright 2019-2023 AFLplusplus Project. All rights reserved.
+   Copyright 2019-2024 AFLplusplus Project. All rights reserved.
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
--- a/src/afl-fuzz-one.c
+++ b/src/afl-fuzz-one.c
@ -9,7 +9,7 @@
                        Andrea Fioraldi <andreafioraldi@gmail.com>
   Copyright 2016, 2017 Google Inc. All rights reserved.
-   Copyright 2019-2023 AFLplusplus Project. All rights reserved.
+   Copyright 2019-2024 AFLplusplus Project. All rights reserved.
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
@ -329,9 +329,9 @@ u8 fuzz_one_original(afl_state_t *afl) {
  u32 len, temp_len;
  u32 j;
  u32 i;
-  u8 *in_buf, *out_buf, *orig_in, *ex_tmp, *eff_map = 0;
+  u8 *in_buf, *out_buf, *orig_in, *ex_tmp;
  u64 havoc_queued = 0, orig_hit_cnt, new_hit_cnt = 0, prev_cksum, _prev_cksum;
-  u32 splice_cycle = 0, perf_score = 100, orig_perf, eff_cnt = 1;
+  u32 splice_cycle = 0, perf_score = 100, orig_perf;
  u8 ret_val = 1, doing_det = 0;
@ -545,12 +545,37 @@ u8 fuzz_one_original(afl_state_t *afl) {
  }
  u64 before_det_time = get_cur_time();
 #ifdef INTROSPECTION
  u64 before_havoc_time;
  u32 before_det_findings = afl->queued_items,
      before_det_edges = count_non_255_bytes(afl, afl->virgin_bits),
      before_havoc_findings, before_havoc_edges;
  u8 is_logged = 0;
 #endif
  if (!afl->skip_deterministic) {
    if (!skip_deterministic_stage(afl, in_buf, out_buf, len, before_det_time)) {
      goto abandon_entry;
    }
  }
  u8 *skip_eff_map = afl->queue_cur->skipdet_e->skip_eff_map;
  /* Skip right away if -d is given, if it has not been chosen sufficiently
     often to warrant the expensive deterministic stage (fuzz_level), or
     if it has gone through deterministic testing in earlier, resumed runs
     (passed_det). */
  /* if skipdet decide to skip the seed or no interesting bytes found,
     we skip the whole deterministic stage as well */
  if (likely(afl->skip_deterministic) || likely(afl->queue_cur->passed_det) ||
      likely(!afl->queue_cur->skipdet_e->quick_eff_bytes) ||
      likely(perf_score <
             (afl->queue_cur->depth * 30 <= afl->havoc_max_mult * 100
                  ? afl->queue_cur->depth * 30
@ -609,6 +634,10 @@ u8 fuzz_one_original(afl_state_t *afl) {
    afl->stage_cur_byte = afl->stage_cur >> 3;
    if (!skip_eff_map[afl->stage_cur_byte]) continue;
    if (is_det_timeout(before_det_time, 0)) { goto custom_mutator_stage; }
    FLIP_BIT(out_buf, afl->stage_cur);
 #ifdef INTROSPECTION
@ -725,6 +754,10 @@ u8 fuzz_one_original(afl_state_t *afl) {
    afl->stage_cur_byte = afl->stage_cur >> 3;
    if (!skip_eff_map[afl->stage_cur_byte]) continue;
    if (is_det_timeout(before_det_time, 0)) { goto custom_mutator_stage; }
    FLIP_BIT(out_buf, afl->stage_cur);
    FLIP_BIT(out_buf, afl->stage_cur + 1);
@ -760,6 +793,10 @@ u8 fuzz_one_original(afl_state_t *afl) {
    afl->stage_cur_byte = afl->stage_cur >> 3;
    if (!skip_eff_map[afl->stage_cur_byte]) continue;
    if (is_det_timeout(before_det_time, 0)) { goto custom_mutator_stage; }
    FLIP_BIT(out_buf, afl->stage_cur);
    FLIP_BIT(out_buf, afl->stage_cur + 1);
    FLIP_BIT(out_buf, afl->stage_cur + 2);
@ -787,34 +824,6 @@ u8 fuzz_one_original(afl_state_t *afl) {
  afl->queue_cur->stats_mutated += afl->stage_max;
 #endif
  /* Effector map setup. These macros calculate:
     EFF_APOS      - position of a particular file offset in the map.
     EFF_ALEN      - length of a map with a particular number of bytes.
     EFF_SPAN_ALEN - map span for a sequence of bytes.
   */
 #define EFF_APOS(_p) ((_p) >> EFF_MAP_SCALE2)
 #define EFF_REM(_x) ((_x) & ((1 << EFF_MAP_SCALE2) - 1))
 #define EFF_ALEN(_l) (EFF_APOS(_l) + !!EFF_REM(_l))
 #define EFF_SPAN_ALEN(_p, _l) (EFF_APOS((_p) + (_l)-1) - EFF_APOS(_p) + 1)
  /* Initialize effector map for the next step (see comments below). Always
     flag first and last byte as doing something. */
  eff_map = afl_realloc(AFL_BUF_PARAM(eff), EFF_ALEN(len));
  if (unlikely(!eff_map)) { PFATAL("alloc"); }
  memset(eff_map, 0, EFF_ALEN(len));
  eff_map[0] = 1;
  if (EFF_APOS(len - 1) != 0) {
    eff_map[EFF_APOS(len - 1)] = 1;
    ++eff_cnt;
  }
  /* Walking byte. */
  afl->stage_name = "bitflip 8/8";
@ -828,6 +837,10 @@ u8 fuzz_one_original(afl_state_t *afl) {
    afl->stage_cur_byte = afl->stage_cur;
    if (!skip_eff_map[afl->stage_cur_byte]) continue;
    if (is_det_timeout(before_det_time, 0)) { goto custom_mutator_stage; }
    out_buf[afl->stage_cur] ^= 0xFF;
 #ifdef INTROSPECTION
@ -837,59 +850,19 @@ u8 fuzz_one_original(afl_state_t *afl) {
    if (common_fuzz_stuff(afl, out_buf, len)) { goto abandon_entry; }
    /* We also use this stage to pull off a simple trick: we identify
       bytes that seem to have no effect on the current execution path
       even when fully flipped - and we skip them during more expensive
       deterministic stages, such as arithmetics or known ints. */
    if (!eff_map[EFF_APOS(afl->stage_cur)]) {
      u64 cksum;
      /* If in non-instrumented mode or if the file is very short, just flag
         everything without wasting time on checksums. */
      if (!afl->non_instrumented_mode && len >= EFF_MIN_LEN) {
        cksum = hash64(afl->fsrv.trace_bits, afl->fsrv.map_size, HASH_CONST);
      } else {
        cksum = ~prev_cksum;
      }
      if (cksum != prev_cksum) {
        eff_map[EFF_APOS(afl->stage_cur)] = 1;
        ++eff_cnt;
      }
    }
    out_buf[afl->stage_cur] ^= 0xFF;
  }
-  /* If the effector map is more than EFF_MAX_PERC dense, just flag the
+  /* New effective bytes calculation. */
     whole thing as worth fuzzing, since we wouldn't be saving much time
     anyway. */
-  if (eff_cnt != (u32)EFF_ALEN(len) &&
+  for (i = 0; i < len; i++) {
      eff_cnt * 100 / EFF_ALEN(len) > EFF_MAX_PERC) {
-    memset(eff_map, 1, EFF_ALEN(len));
+    if (skip_eff_map[i]) afl->blocks_eff_select += 1;
    afl->blocks_eff_select += EFF_ALEN(len);
  } else {
    afl->blocks_eff_select += eff_cnt;
  }
-  afl->blocks_eff_total += EFF_ALEN(len);
+  afl->blocks_eff_total += len;
  new_hit_cnt = afl->queued_items + afl->saved_crashes;
@ -914,12 +887,9 @@ u8 fuzz_one_original(afl_state_t *afl) {
    /* Let's consult the effector map... */
-    if (!eff_map[EFF_APOS(i)] && !eff_map[EFF_APOS(i + 1)]) {
+    if (!skip_eff_map[i]) continue;
-      --afl->stage_max;
+    if (is_det_timeout(before_det_time, 0)) { goto custom_mutator_stage; }
      continue;
    }
    afl->stage_cur_byte = i;
@ -959,13 +929,10 @@ u8 fuzz_one_original(afl_state_t *afl) {
  for (i = 0; i < len - 3; ++i) {
    /* Let's consult the effector map... */
    if (!eff_map[EFF_APOS(i)] && !eff_map[EFF_APOS(i + 1)] &&
        !eff_map[EFF_APOS(i + 2)] && !eff_map[EFF_APOS(i + 3)]) {
-      --afl->stage_max;
+    if (!skip_eff_map[i]) continue;
      continue;
-    }
+    if (is_det_timeout(before_det_time, 0)) { goto custom_mutator_stage; }
    afl->stage_cur_byte = i;
@ -1016,12 +983,9 @@ skip_bitflip:
    /* Let's consult the effector map... */
-    if (!eff_map[EFF_APOS(i)]) {
+    if (!skip_eff_map[i]) continue;
-      afl->stage_max -= 2 * ARITH_MAX;
+    if (is_det_timeout(before_det_time, 0)) { goto custom_mutator_stage; }
      continue;
    }
    afl->stage_cur_byte = i;
@ -1103,12 +1067,9 @@ skip_bitflip:
    /* Let's consult the effector map... */
-    if (!eff_map[EFF_APOS(i)] && !eff_map[EFF_APOS(i + 1)]) {
+    if (!skip_eff_map[i]) continue;
-      afl->stage_max -= 4 * ARITH_MAX;
+    if (is_det_timeout(before_det_time, 0)) { goto custom_mutator_stage; }
      continue;
    }
    afl->stage_cur_byte = i;
@ -1236,13 +1197,9 @@ skip_bitflip:
    /* Let's consult the effector map... */
-    if (!eff_map[EFF_APOS(i)] && !eff_map[EFF_APOS(i + 1)] &&
+    if (!skip_eff_map[i]) continue;
        !eff_map[EFF_APOS(i + 2)] && !eff_map[EFF_APOS(i + 3)]) {
-      afl->stage_max -= 4 * ARITH_MAX;
+    if (is_det_timeout(before_det_time, 0)) { goto custom_mutator_stage; }
      continue;
    }
    afl->stage_cur_byte = i;
@ -1374,12 +1331,9 @@ skip_arith:
    /* Let's consult the effector map... */
-    if (!eff_map[EFF_APOS(i)]) {
+    if (!skip_eff_map[i]) continue;
-      afl->stage_max -= sizeof(interesting_8);
+    if (is_det_timeout(before_det_time, 0)) { goto custom_mutator_stage; }
      continue;
    }
    afl->stage_cur_byte = i;
@ -1437,12 +1391,9 @@ skip_arith:
    /* Let's consult the effector map... */
-    if (!eff_map[EFF_APOS(i)] && !eff_map[EFF_APOS(i + 1)]) {
+    if (!skip_eff_map[i]) continue;
-      afl->stage_max -= sizeof(interesting_16);
+    if (is_det_timeout(before_det_time, 0)) { goto custom_mutator_stage; }
      continue;
    }
    afl->stage_cur_byte = i;
@ -1528,13 +1479,9 @@ skip_arith:
    /* Let's consult the effector map... */
-    if (!eff_map[EFF_APOS(i)] && !eff_map[EFF_APOS(i + 1)] &&
+    if (!skip_eff_map[i]) continue;
        !eff_map[EFF_APOS(i + 2)] && !eff_map[EFF_APOS(i + 3)]) {
-      afl->stage_max -= sizeof(interesting_32) >> 1;
+    if (is_det_timeout(before_det_time, 0)) { goto custom_mutator_stage; }
      continue;
    }
    afl->stage_cur_byte = i;
@ -1626,6 +1573,10 @@ skip_interest:
    u32 last_len = 0;
    if (!skip_eff_map[i]) continue;
    if (is_det_timeout(before_det_time, 0)) { goto custom_mutator_stage; }
    afl->stage_cur_byte = i;
    /* Extras are sorted by size, from smallest to largest. This means
@ -1643,9 +1594,7 @@ skip_interest:
      if ((afl->extras_cnt > afl->max_det_extras &&
           rand_below(afl, afl->extras_cnt) >= afl->max_det_extras) ||
          afl->extras[j].len > len - i ||
-          !memcmp(afl->extras[j].data, out_buf + i, afl->extras[j].len) ||
+          !memcmp(afl->extras[j].data, out_buf + i, afl->extras[j].len)) {
          !memchr(eff_map + EFF_APOS(i), 1,
                  EFF_SPAN_ALEN(i, afl->extras[j].len))) {
        --afl->stage_max;
        continue;
@ -1693,6 +1642,10 @@ skip_interest:
  for (i = 0; i <= (u32)len; ++i) {
    if (!skip_eff_map[i % len]) continue;
    if (is_det_timeout(before_det_time, 0)) { goto custom_mutator_stage; }
    afl->stage_cur_byte = i;
    for (j = 0; j < afl->extras_cnt; ++j) {
@ -1755,6 +1708,10 @@ skip_user_extras:
    u32 last_len = 0;
    if (!skip_eff_map[i]) continue;
    if (is_det_timeout(before_det_time, 0)) { goto custom_mutator_stage; }
    afl->stage_cur_byte = i;
    u32 min_extra_len = MIN(afl->a_extras_cnt, (u32)USE_AUTO_EXTRAS);
@ -1763,9 +1720,7 @@ skip_user_extras:
      /* See the comment in the earlier code; extras are sorted by size. */
      if (afl->a_extras[j].len > len - i ||
-          !memcmp(afl->a_extras[j].data, out_buf + i, afl->a_extras[j].len) ||
+          !memcmp(afl->a_extras[j].data, out_buf + i, afl->a_extras[j].len)) {
          !memchr(eff_map + EFF_APOS(i), 1,
                  EFF_SPAN_ALEN(i, afl->a_extras[j].len))) {
        --afl->stage_max;
        continue;
@ -1813,6 +1768,10 @@ skip_user_extras:
  for (i = 0; i <= (u32)len; ++i) {
    if (!skip_eff_map[i % len]) continue;
    if (is_det_timeout(before_det_time, 0)) { goto custom_mutator_stage; }
    afl->stage_cur_byte = i;
    for (j = 0; j < afl->a_extras_cnt; ++j) {
@ -2020,6 +1979,19 @@ custom_mutator_stage:
 havoc_stage:
 #ifdef INTROSPECTION
  if (!is_logged) {
    is_logged = 1;
    before_havoc_findings = afl->queued_items;
    before_havoc_edges = count_non_255_bytes(afl, afl->virgin_bits);
    before_havoc_time = get_cur_time();
  }
 #endif
  if (unlikely(afl->custom_only)) {
    /* Force UI update */
@ -3430,6 +3402,25 @@ retry_splicing:
  ret_val = 0;
 #ifdef INTROSPECTION
  afl->havoc_prof->queued_det_stage =
      before_havoc_findings - before_det_findings;
  afl->havoc_prof->queued_havoc_stage =
      afl->queued_items - before_havoc_findings;
  afl->havoc_prof->total_queued_det += afl->havoc_prof->queued_det_stage;
  afl->havoc_prof->edge_det_stage = before_havoc_edges - before_det_edges;
  afl->havoc_prof->edge_havoc_stage =
      count_non_255_bytes(afl, afl->virgin_bits) - before_havoc_edges;
  afl->havoc_prof->total_det_edge += afl->havoc_prof->edge_det_stage;
  afl->havoc_prof->det_stage_time = before_havoc_time - before_det_time;
  afl->havoc_prof->havoc_stage_time = get_cur_time() - before_havoc_time;
  afl->havoc_prof->total_det_time += afl->havoc_prof->det_stage_time;
  plot_profile_data(afl, afl->queue_cur);
 #endif
 /* we are through with this queue entry - for this iteration */
 abandon_entry:
--- a/src/afl-fuzz-python.c
+++ b/src/afl-fuzz-python.c
@ -9,7 +9,7 @@
                        Andrea Fioraldi <andreafioraldi@gmail.com>
   Copyright 2016, 2017 Google Inc. All rights reserved.
-   Copyright 2019-2023 AFLplusplus Project. All rights reserved.
+   Copyright 2019-2024 AFLplusplus Project. All rights reserved.
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
--- a/src/afl-fuzz-queue.c
+++ b/src/afl-fuzz-queue.c
@ -9,7 +9,7 @@
                        Andrea Fioraldi <andreafioraldi@gmail.com>
   Copyright 2016, 2017 Google Inc. All rights reserved.
-   Copyright 2019-2023 AFLplusplus Project. All rights reserved.
+   Copyright 2019-2024 AFLplusplus Project. All rights reserved.
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
   You may obtain a copy of the License at:
@ -664,6 +664,8 @@ void add_to_queue(afl_state_t *afl, u8 *fname, u32 len, u8 passed_det) {
  }
  q->skipdet_e = (struct skipdet_entry *)ck_alloc(sizeof(struct skipdet_entry));
 }
 /* Destroy the entire queue. */
@ -679,6 +681,15 @@ void destroy_queue(afl_state_t *afl) {
    q = afl->queue_buf[i];
    ck_free(q->fname);
    ck_free(q->trace_mini);
    if (q->skipdet_e) {
      if (q->skipdet_e->done_inf_map) ck_free(q->skipdet_e->done_inf_map);
      if (q->skipdet_e->skip_eff_map) ck_free(q->skipdet_e->skip_eff_map);
      ck_free(q->skipdet_e);
    }
    ck_free(q);
  }
--- a/src/afl-fuzz-redqueen.c
+++ b/src/afl-fuzz-redqueen.c
@ -11,7 +11,7 @@
                        Andrea Fioraldi <andreafioraldi@gmail.com>
   Copyright 2016, 2017 Google Inc. All rights reserved.
-   Copyright 2019-2023 AFLplusplus Project. All rights reserved.
+   Copyright 2019-2024 AFLplusplus Project. All rights reserved.
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
--- a/src/afl-fuzz-run.c
+++ b/src/afl-fuzz-run.c
@ -10,7 +10,7 @@
                        Dominik Maier <mail@dmnk.co>
   Copyright 2016, 2017 Google Inc. All rights reserved.
-   Copyright 2019-2023 AFLplusplus Project. All rights reserved.
+   Copyright 2019-2024 AFLplusplus Project. All rights reserved.
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
--- a/src/afl-fuzz-skipdet.c
+++ b/src/afl-fuzz-skipdet.c
@ -0,0 +1,403 @@
 #include "afl-fuzz.h"
 void flip_range(u8 *input, u32 pos, u32 size) {
  for (u32 i = 0; i < size; i++)
    input[pos + i] ^= 0xFF;
  return;
 }
 #define MAX_EFF_TIMEOUT (10 * 60 * 1000)
 #define MAX_DET_TIMEOUT (15 * 60 * 1000)
 u8 is_det_timeout(u64 cur_ms, u8 is_flip) {
  if (is_flip) {
    if (unlikely(get_cur_time() - cur_ms > MAX_EFF_TIMEOUT)) return 1;
  } else {
    if (unlikely(get_cur_time() - cur_ms > MAX_DET_TIMEOUT)) return 1;
  }
  return 0;
 }
 /* decide if the seed should be deterministically fuzzed */
 u8 should_det_fuzz(afl_state_t *afl, struct queue_entry *q) {
  if (!afl->skipdet_g->virgin_det_bits) {
    afl->skipdet_g->virgin_det_bits =
        (u8 *)ck_alloc(sizeof(u8) * afl->fsrv.map_size);
  }
  if (!q->favored || q->passed_det) return 0;
  if (!q->trace_mini) return 0;
  if (!afl->skipdet_g->last_cov_undet)
    afl->skipdet_g->last_cov_undet = get_cur_time();
  if (get_cur_time() - afl->skipdet_g->last_cov_undet >= THRESHOLD_DEC_TIME) {
    if (afl->skipdet_g->undet_bits_threshold >= 2) {
      afl->skipdet_g->undet_bits_threshold *= 0.75;
      afl->skipdet_g->last_cov_undet = get_cur_time();
    }
  }
  u32 new_det_bits = 0;
  for (u32 i = 0; i < afl->fsrv.map_size; i++) {
    if (unlikely(q->trace_mini[i >> 3] & (1 << (i & 7)))) {
      if (!afl->skipdet_g->virgin_det_bits[i]) { new_det_bits++; }
    }
  }
  if (!afl->skipdet_g->undet_bits_threshold)
    afl->skipdet_g->undet_bits_threshold = new_det_bits * 0.05;
  if (new_det_bits >= afl->skipdet_g->undet_bits_threshold) {
    afl->skipdet_g->last_cov_undet = get_cur_time();
    q->skipdet_e->undet_bits = new_det_bits;
    for (u32 i = 0; i < afl->fsrv.map_size; i++) {
      if (unlikely(q->trace_mini[i >> 3] & (1 << (i & 7)))) {
        if (!afl->skipdet_g->virgin_det_bits[i])
          afl->skipdet_g->virgin_det_bits[i] = 1;
      }
    }
    return 1;
  }
  return 0;
 }
 /*
  consists of two stages that
  return 0 if exec failed.
 */
 u8 skip_deterministic_stage(afl_state_t *afl, u8 *orig_buf, u8 *out_buf,
                            u32 len, u64 before_det_time) {
  u64 orig_hit_cnt, new_hit_cnt;
  if (afl->queue_cur->skipdet_e->done_eff) return 1;
  if (!should_det_fuzz(afl, afl->queue_cur)) return 1;
  /* Add check to make sure that for seeds without too much undet bits,
     we ignore them */
  /******************
   * SKIP INFERENCE *
   ******************/
  afl->stage_short = "inf";
  afl->stage_name = "inference";
  afl->stage_cur = 0;
  orig_hit_cnt = afl->queued_items + afl->saved_crashes;
  u8 *inf_eff_map = (u8 *)ck_alloc(sizeof(u8) * len);
  memset(inf_eff_map, 1, sizeof(u8) * len);
  if (common_fuzz_stuff(afl, orig_buf, len)) { return 0; }
  u64 prev_cksum = hash64(afl->fsrv.trace_bits, afl->fsrv.map_size, HASH_CONST);
  u64 _prev_cksum = prev_cksum;
  if (MINIMAL_BLOCK_SIZE * 8 < len) {
    // u64 size_skiped = 0, quick_skip_exec = total_execs, quick_skip_time =
    // get_cur_time();
    u64 pre_inf_exec = afl->fsrv.total_execs, pre_inf_time = get_cur_time();
    /* if determine stage time / input size is too small, just go ahead */
    u32 pos = 0, cur_block_size = MINIMAL_BLOCK_SIZE, max_block_size = len / 8;
    while (pos < len - 1) {
      cur_block_size = MINIMAL_BLOCK_SIZE;
      while (cur_block_size < max_block_size) {
        u32 flip_block_size =
            (cur_block_size + pos < len) ? cur_block_size : len - 1 - pos;
        afl->stage_cur += 1;
        flip_range(out_buf, pos, flip_block_size);
        if (common_fuzz_stuff(afl, out_buf, len)) return 0;
        flip_range(out_buf, pos, flip_block_size);
        u64 cksum =
            hash64(afl->fsrv.trace_bits, afl->fsrv.map_size, HASH_CONST);
        // printf("Now trying range %d with %d, %s.\n", pos, cur_block_size,
        //     (cksum == prev_cksum) ? (u8*)"Yes" : (u8*) "Not");
        /* continue until we fail or exceed length */
        if (cksum == _prev_cksum) {
          cur_block_size *= 2;
          if (cur_block_size >= len - 1 - pos) break;
        } else {
          break;
        }
      }
      if (cur_block_size == MINIMAL_BLOCK_SIZE) {
        /* we failed early on*/
        pos += cur_block_size;
      } else {
        u32 cur_skip_len = (cur_block_size / 2 + pos < len)
                               ? (cur_block_size / 2)
                               : (len - pos - 1);
        memset(inf_eff_map + pos, 0, cur_skip_len);
        afl->skipdet_g->inf_prof->inf_skipped_bytes += cur_skip_len;
        pos += cur_skip_len;
      }
    }
    afl->skipdet_g->inf_prof->inf_execs_cost +=
        (afl->fsrv.total_execs - pre_inf_exec);
    afl->skipdet_g->inf_prof->inf_time_cost += (get_cur_time() - pre_inf_time);
    // PFATAL("Done, now have %d bytes skipped, with exec %lld, time %lld.\n",
    // afl->inf_skipped_bytes, afl->inf_execs_cost, afl->inf_time_cost);
  } else
    memset(inf_eff_map, 1, len);
  new_hit_cnt = afl->queued_items + afl->saved_crashes;
  afl->stage_finds[STAGE_INF] += new_hit_cnt - orig_hit_cnt;
  afl->stage_cycles[STAGE_INF] += afl->stage_cur;
  /****************************
   * Quick Skip Effective Map *
   ****************************/
  /* Quick Effective Map Calculation */
  afl->stage_short = "quick";
  afl->stage_name = "quick eff";
  afl->stage_cur = 0;
  afl->stage_max = 32 * 1024;
  orig_hit_cnt = afl->queued_items + afl->saved_crashes;
  u32 before_skip_inf = afl->queued_items;
  /* clean all the eff bytes, since previous eff bytes are already fuzzed */
  u8 *skip_eff_map = afl->queue_cur->skipdet_e->skip_eff_map,
     *done_inf_map = afl->queue_cur->skipdet_e->done_inf_map;
  if (!skip_eff_map) {
    skip_eff_map = (u8 *)ck_alloc(sizeof(u8) * len);
    afl->queue_cur->skipdet_e->skip_eff_map = skip_eff_map;
  } else {
    memset(skip_eff_map, 0, sizeof(u8) * len);
  }
  /* restore the starting point */
  if (!done_inf_map) {
    done_inf_map = (u8 *)ck_alloc(sizeof(u8) * len);
    afl->queue_cur->skipdet_e->done_inf_map = done_inf_map;
  } else {
    for (afl->stage_cur = 0; afl->stage_cur < len; afl->stage_cur++) {
      if (done_inf_map[afl->stage_cur] == 0) break;
    }
  }
  /* depending on the seed's performance, we could search eff bytes
     for multiple rounds */
  u8 eff_round_continue = 1, eff_round_done = 0, done_eff = 0, repeat_eff = 0,
     fuzz_nearby = 0, *non_eff_bytes = 0;
  u64 before_eff_execs = afl->fsrv.total_execs;
  if (getenv("REPEAT_EFF")) repeat_eff = 1;
  if (getenv("FUZZ_NEARBY")) fuzz_nearby = 1;
  if (fuzz_nearby) {
    non_eff_bytes = (u8 *)ck_alloc(sizeof(u8) * len);
    // clean exec cksum
    if (common_fuzz_stuff(afl, out_buf, len)) { return 0; }
    prev_cksum = hash64(afl->fsrv.trace_bits, afl->fsrv.map_size, HASH_CONST);
  }
  do {
    eff_round_continue = 0;
    afl->stage_max = 32 * 1024;
    for (; afl->stage_cur < afl->stage_max && afl->stage_cur < len;
         ++afl->stage_cur) {
      afl->stage_cur_byte = afl->stage_cur;
      if (!inf_eff_map[afl->stage_cur_byte] ||
          skip_eff_map[afl->stage_cur_byte])
        continue;
      if (is_det_timeout(before_det_time, 1)) { goto cleanup_skipdet; }
      u8 orig = out_buf[afl->stage_cur_byte], replace = rand_below(afl, 256);
      while (replace == orig) {
        replace = rand_below(afl, 256);
      }
      out_buf[afl->stage_cur_byte] = replace;
      before_skip_inf = afl->queued_items;
      if (common_fuzz_stuff(afl, out_buf, len)) { return 0; }
      out_buf[afl->stage_cur_byte] = orig;
      if (fuzz_nearby) {
        if (prev_cksum ==
            hash64(afl->fsrv.trace_bits, afl->fsrv.map_size, HASH_CONST)) {
          non_eff_bytes[afl->stage_cur_byte] = 1;
        }
      }
      if (afl->queued_items != before_skip_inf) {
        skip_eff_map[afl->stage_cur_byte] = 1;
        afl->queue_cur->skipdet_e->quick_eff_bytes += 1;
        if (afl->stage_max < MAXIMUM_QUICK_EFF_EXECS) { afl->stage_max *= 2; }
        if (afl->stage_max == MAXIMUM_QUICK_EFF_EXECS && repeat_eff)
          eff_round_continue = 1;
      }
      done_inf_map[afl->stage_cur_byte] = 1;
    }
    afl->stage_cur = 0;
    done_eff = 1;
    if (++eff_round_done >= 8) break;
  } while (eff_round_continue);
  new_hit_cnt = afl->queued_items + afl->saved_crashes;
  afl->stage_finds[STAGE_QUICK] += new_hit_cnt - orig_hit_cnt;
  afl->stage_cycles[STAGE_QUICK] += (afl->fsrv.total_execs - before_eff_execs);
 cleanup_skipdet:
  if (fuzz_nearby) {
    u8 *nearby_bytes = (u8 *)ck_alloc(sizeof(u8) * len);
    u32 i = 3;
    while (i < len) {
      // assume DWORD size, from i - 3 -> i + 3
      if (skip_eff_map[i]) {
        u32 fill_length = (i + 3 < len) ? 7 : len - i + 2;
        memset(nearby_bytes + i - 3, 1, fill_length);
        i += 3;
      } else
        i += 1;
    }
    for (i = 0; i < len; i++) {
      if (nearby_bytes[i] && !non_eff_bytes[i]) skip_eff_map[i] = 1;
    }
    ck_free(nearby_bytes);
    ck_free(non_eff_bytes);
  }
  if (done_eff) {
    afl->queue_cur->skipdet_e->continue_inf = 0;
    afl->queue_cur->skipdet_e->done_eff = 1;
  } else {
    afl->queue_cur->skipdet_e->continue_inf = 1;
  }
  return 1;
 }
--- a/src/afl-fuzz-state.c
+++ b/src/afl-fuzz-state.c
@ -9,7 +9,7 @@
                        Andrea Fioraldi <andreafioraldi@gmail.com>
   Copyright 2016, 2017 Google Inc. All rights reserved.
-   Copyright 2019-2023 AFLplusplus Project. All rights reserved.
+   Copyright 2019-2024 AFLplusplus Project. All rights reserved.
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
@ -140,6 +140,14 @@ void afl_state_init(afl_state_t *afl, uint32_t map_size) {
  afl->fsrv.child_pid = -1;
  afl->fsrv.out_dir_fd = -1;
  /* Init SkipDet */
  afl->skipdet_g =
      (struct skipdet_global *)ck_alloc(sizeof(struct skipdet_global));
  afl->skipdet_g->inf_prof =
      (struct inf_profile *)ck_alloc(sizeof(struct inf_profile));
  afl->havoc_prof =
      (struct havoc_profile *)ck_alloc(sizeof(struct havoc_profile));
  init_mopt_globals(afl);
  list_append(&afl_states, afl);
--- a/src/afl-fuzz-stats.c
+++ b/src/afl-fuzz-stats.c
@ -9,7 +9,7 @@
                        Andrea Fioraldi <andreafioraldi@gmail.com>
   Copyright 2016, 2017 Google Inc. All rights reserved.
-   Copyright 2019-2023 AFLplusplus Project. All rights reserved.
+   Copyright 2019-2024 AFLplusplus Project. All rights reserved.
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
@ -502,6 +502,44 @@ void maybe_update_plot_file(afl_state_t *afl, u32 t_bytes, double bitmap_cvg,
 }
 /* Log deterministic stage efficiency */
 void plot_profile_data(afl_state_t *afl, struct queue_entry *q) {
  u64 current_ms = get_cur_time() - afl->start_time;
  u32    current_edges = count_non_255_bytes(afl, afl->virgin_bits);
  double det_finding_rate = (double)afl->havoc_prof->total_det_edge * 100.0 /
                            (double)current_edges,
         det_time_rate = (double)afl->havoc_prof->total_det_time * 100.0 /
                         (double)current_ms;
  u32 ndet_bits = 0;
  for (u32 i = 0; i < afl->fsrv.map_size; i++) {
    if (afl->skipdet_g->virgin_det_bits[i]) ndet_bits += 1;
  }
  double det_fuzzed_rate = (double)ndet_bits * 100.0 / (double)current_edges;
  fprintf(afl->fsrv.det_plot_file,
          "[%02lld:%02lld:%02lld] fuzz %d (%d), find %d/%d among %d(%02.2f) "
          "and spend %lld/%lld(%02.2f), cover %02.2f yet, %d/%d undet bits, "
          "continue %d.\n",
          current_ms / 1000 / 3600, (current_ms / 1000 / 60) % 60,
          (current_ms / 1000) % 60, afl->current_entry, q->fuzz_level,
          afl->havoc_prof->edge_det_stage, afl->havoc_prof->edge_havoc_stage,
          current_edges, det_finding_rate,
          afl->havoc_prof->det_stage_time / 1000,
          afl->havoc_prof->havoc_stage_time / 1000, det_time_rate,
          det_fuzzed_rate, q->skipdet_e->undet_bits,
          afl->skipdet_g->undet_bits_threshold, q->skipdet_e->continue_inf);
  fflush(afl->fsrv.det_plot_file);
 }
 /* Check terminal dimensions after resize. */
 static void check_term_size(afl_state_t *afl) {
--- a/src/afl-fuzz.c
+++ b/src/afl-fuzz.c
@ -9,7 +9,7 @@
                        Andrea Fioraldi <andreafioraldi@gmail.com>
   Copyright 2016, 2017 Google Inc. All rights reserved.
-   Copyright 2019-2023 AFLplusplus Project. All rights reserved.
+   Copyright 2019-2024 AFLplusplus Project. All rights reserved.
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
@ -170,7 +170,7 @@ static void usage(u8 *argv0, int more_help) {
      "  -g minlength  - set min length of generated fuzz input (default: 1)\n"
      "  -G maxlength  - set max length of generated fuzz input (default: "
      "%lu)\n"
-      "  -D            - enable deterministic fuzzing (once per queue entry)\n"
+      "  -D            - enable (a new) effective deterministic fuzzing\n"
      "  -L minutes    - use MOpt(imize) mode and set the time limit for "
      "entering the\n"
      "                  pacemaker mode (minutes of no new finds). 0 = "
@ -955,14 +955,20 @@ int main(int argc, char **argv_orig, char **envp) {
      break;
-      case 'D':                                    /* enforce deterministic */
+      case 'D':                                    /* partial deterministic */
        afl->skip_deterministic = 0;
        break;
-      case 'd':                                       /* skip deterministic */
+      case 'd':                                         /* no deterministic */
-        afl->skip_deterministic = 1;
+        // this is the default and currently a lot of infrastructure enforces
        // it (e.g. clusterfuzz, fuzzbench) based on that this feature
        // originally was bad performance wise. We now have a better
        // implementation, hence if it is activated, we do not want to
        // deactivate it by such setups.
        // afl->skip_deterministic = 1;
        break;
      case 'B':                                              /* load bitmap */
@ -1424,11 +1430,11 @@ int main(int argc, char **argv_orig, char **envp) {
  }
  #endif
  // silently disable deterministic mutation if custom mutators are used
  if (!afl->skip_deterministic && afl->afl_env.afl_custom_mutator_only) {
-    FATAL(
+    afl->skip_deterministic = 1;
        "Using -D determinstic fuzzing is incompatible with "
        "AFL_CUSTOM_MUTATOR_ONLY!");
  }
@ -3031,6 +3037,11 @@ stop_fuzzing:
  if (frida_afl_preload) { ck_free(frida_afl_preload); }
  fclose(afl->fsrv.plot_file);
  #ifdef INTROSPECTION
  fclose(afl->fsrv.det_plot_file);
  #endif
  destroy_queue(afl);
  destroy_extras(afl);
  destroy_custom_mutators(afl);
--- a/src/afl-gotcpu.c
+++ b/src/afl-gotcpu.c
@ -9,7 +9,7 @@
                        Andrea Fioraldi <andreafioraldi@gmail.com>
   Copyright 2016, 2017 Google Inc. All rights reserved.
-   Copyright 2019-2023 AFLplusplus Project. All rights reserved.
+   Copyright 2019-2024 AFLplusplus Project. All rights reserved.
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
--- a/src/afl-ld-lto.c
+++ b/src/afl-ld-lto.c
@ -9,7 +9,7 @@
                Andrea Fioraldi <andreafioraldi@gmail.com>
                Dominik Maier <domenukk@gmail.com>
-  Copyright 2019-2023 AFLplusplus Project. All rights reserved.
+  Copyright 2019-2024 AFLplusplus Project. All rights reserved.
  Licensed under the Apache License, Version 2.0 (the "License");
  you may not use this file except in compliance with the License.
--- a/src/afl-sharedmem.c
+++ b/src/afl-sharedmem.c
@ -11,7 +11,7 @@
                        Andrea Fioraldi <andreafioraldi@gmail.com>
   Copyright 2016, 2017 Google Inc. All rights reserved.
-   Copyright 2019-2023 AFLplusplus Project. All rights reserved.
+   Copyright 2019-2024 AFLplusplus Project. All rights reserved.
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
--- a/src/afl-showmap.c
+++ b/src/afl-showmap.c
@ -12,7 +12,7 @@
                        Dominik Maier <mail@dmnk.co>
   Copyright 2016, 2017 Google Inc. All rights reserved.
-   Copyright 2019-2023 AFLplusplus Project. All rights reserved.
+   Copyright 2019-2024 AFLplusplus Project. All rights reserved.
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
--- a/src/afl-tmin.c
+++ b/src/afl-tmin.c
@ -12,7 +12,7 @@
                        Dominik Maier <mail@dmnk.co>
   Copyright 2016, 2017 Google Inc. All rights reserved.
-   Copyright 2019-2023 AFLplusplus Project. All rights reserved.
+   Copyright 2019-2024 AFLplusplus Project. All rights reserved.
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
--- a/test-instr.c
+++ b/test-instr.c
@ -3,7 +3,7 @@
   --------------------------------------------------------
   Originally written by Michal Zalewski
   Copyright 2014 Google Inc. All rights reserved.
-   Copyright 2019-2023 AFLplusplus Project. All rights reserved.
+   Copyright 2019-2024 AFLplusplus Project. All rights reserved.
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
   You may obtain a copy of the License at:
--- a/test/test-custom-mutators.sh
+++ b/test/test-custom-mutators.sh
@ -38,7 +38,7 @@ test -e test-custom-mutator.c -a -e ${CUSTOM_MUTATOR_PATH}/example.c -a -e ${CUS
    # Run afl-fuzz w/ the C mutator
    $ECHO "$GREY[*] running afl-fuzz for the C mutator, this will take approx 10 seconds"
    {
-      AFL_CUSTOM_MUTATOR_LIBRARY=./libexamplemutator.so AFL_CUSTOM_MUTATOR_ONLY=1 ../afl-fuzz -V07 -m ${MEM_LIMIT} -i in -o out -- ./test-custom-mutator >>errors 2>&1
+      AFL_CUSTOM_MUTATOR_LIBRARY=./libexamplemutator.so AFL_CUSTOM_MUTATOR_ONLY=1 ../afl-fuzz -V07 -m ${MEM_LIMIT} -i in -o out -d -- ./test-custom-mutator >>errors 2>&1
    } >>errors 2>&1
    # Check results
@ -58,7 +58,7 @@ test -e test-custom-mutator.c -a -e ${CUSTOM_MUTATOR_PATH}/example.c -a -e ${CUS
    # Run afl-fuzz w/ multiple C mutators
    $ECHO "$GREY[*] running afl-fuzz with multiple custom C mutators, this will take approx 10 seconds"
    {
-      AFL_CUSTOM_MUTATOR_LIBRARY="./libexamplemutator.so;./libexamplemutator2.so" AFL_CUSTOM_MUTATOR_ONLY=1 ../afl-fuzz -V07 -m ${MEM_LIMIT} -i in -o out -- ./test-multiple-mutators >>errors 2>&1
+      AFL_CUSTOM_MUTATOR_LIBRARY="./libexamplemutator.so;./libexamplemutator2.so" AFL_CUSTOM_MUTATOR_ONLY=1 ../afl-fuzz -V07 -m ${MEM_LIMIT} -i in -o out -d -- ./test-multiple-mutators >>errors 2>&1
    } >>errors 2>&1
    test -n "$( ls out/default/crashes/id:000000* 2>/dev/null )" && {  # TODO: update here
--- a/unicorn_mode/build_unicorn_support.sh
+++ b/unicorn_mode/build_unicorn_support.sh
@ -14,7 +14,7 @@
 #                                <andreafioraldi@gmail.com>
 #
 # Copyright 2017 Battelle Memorial Institute. All rights reserved.
-# Copyright 2019-2023 AFLplusplus Project. All rights reserved.
+# Copyright 2019-2024 AFLplusplus Project. All rights reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
--- a/utils/afl_network_proxy/afl-network-client.c
+++ b/utils/afl_network_proxy/afl-network-client.c
@ -4,7 +4,7 @@
   Written by Marc Heuse <mh@mh-sec.de>
-   Copyright 2019-2023 AFLplusplus Project. All rights reserved.
+   Copyright 2019-2024 AFLplusplus Project. All rights reserved.
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
--- a/utils/afl_network_proxy/afl-network-server.c
+++ b/utils/afl_network_proxy/afl-network-server.c
@ -12,7 +12,7 @@
                        Dominik Maier <mail@dmnk.co>
   Copyright 2016, 2017 Google Inc. All rights reserved.
-   Copyright 2019-2023 AFLplusplus Project. All rights reserved.
+   Copyright 2019-2024 AFLplusplus Project. All rights reserved.
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
--- a/utils/afl_proxy/afl-proxy.c
+++ b/utils/afl_proxy/afl-proxy.c
@ -4,7 +4,7 @@
   Written by Marc Heuse <mh@mh-sec.de>
-   Copyright 2019-2023 AFLplusplus Project. All rights reserved.
+   Copyright 2019-2024 AFLplusplus Project. All rights reserved.
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
--- a/utils/afl_untracer/afl-untracer.c
+++ b/utils/afl_untracer/afl-untracer.c
@ -4,7 +4,7 @@
   Written by Marc Heuse <mh@mh-sec.de>
-   Copyright 2019-2023 AFLplusplus Project. All rights reserved.
+   Copyright 2019-2024 AFLplusplus Project. All rights reserved.
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
--- a/utils/afl_untracer/libtestinstr.c
+++ b/utils/afl_untracer/libtestinstr.c
@ -3,7 +3,7 @@
   --------------------------------------------------------
   Originally written by Michal Zalewski
   Copyright 2014 Google Inc. All rights reserved.
-   Copyright 2019-2023 AFLplusplus Project. All rights reserved.
+   Copyright 2019-2024 AFLplusplus Project. All rights reserved.
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
   You may obtain a copy of the License at:
--- a/utils/argv_fuzzing/Makefile
+++ b/utils/argv_fuzzing/Makefile
@ -2,7 +2,7 @@
 # american fuzzy lop++ - argvfuzz
 # --------------------------------
 #
-# Copyright 2019-2023 Kjell Braden <afflux@pentabarf.de>
+# Copyright 2019-2024 Kjell Braden <afflux@pentabarf.de>
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
--- a/utils/argv_fuzzing/argvfuzz.c
+++ b/utils/argv_fuzzing/argvfuzz.c
@ -2,7 +2,7 @@
   american fuzzy lop++ - LD_PRELOAD for fuzzing argv in binaries
   ------------------------------------------------------------
-   Copyright 2019-2023 Kjell Braden <afflux@pentabarf.de>
+   Copyright 2019-2024 Kjell Braden <afflux@pentabarf.de>
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
--- a/Show More
+++ b/Show More
		`@ -1 +1 @@`
			`Subproject commit 1def26f83e83556d767754581fa52081ffb54b09`				`Subproject commit e5e1c4c21ff9c4dc80e6409d4eab47146c6024cd`
`@ -1 +1 @@`
	`1def26f83e`	`e5e1c4c21ff9c4dc80e6409d4eab47146c6024cd`