remove -z option, use -p mmopt instead

2025-06-13 18:48:08 +00:00 · 2023-04-13 11:44:39 +02:00
parent 824385f52c
commit 6cc8d607fb
7 changed files with 10 additions and 22 deletions
--- a/2
+++ b/2
@ -546,7 +546,7 @@ ifndef AFL_NO_X86
 test_build: afl-cc afl-gcc afl-as afl-showmap
 	@echo "[*] Testing the CC wrapper afl-cc and its instrumentation output..."
 	@unset AFL_MAP_SIZE AFL_USE_UBSAN AFL_USE_CFISAN AFL_USE_LSAN AFL_USE_ASAN AFL_USE_MSAN; ASAN_OPTIONS=detect_leaks=0 AFL_INST_RATIO=100 AFL_PATH=. ./afl-cc test-instr.c $(LDFLAGS) -o test-instr 2>&1 || (echo "Oops, afl-cc failed"; exit 1 )
-	- ASAN_OPTIONS=detect_leaks=0 ./afl-showmap -m none -o .test-instr0 ./test-instr < /dev/null
+	-ASAN_OPTIONS=detect_leaks=0 ./afl-showmap -q -m none -o .test-instr0 ./test-instr < /dev/null
 	-echo 1 | ASAN_OPTIONS=detect_leaks=0 ./afl-showmap -m none -q -o .test-instr1 ./test-instr
 	@rm -f test-instr
 	@cmp -s .test-instr0 .test-instr1; DR="$$?"; rm -f .test-instr0 .test-instr1; if [ "$$DR" = "0" ]; then echo; echo "Oops, the instrumentation of afl-cc does not seem to be behaving correctly!"; echo; echo "Please post to https://github.com/AFLplusplus/AFLplusplus/issues to troubleshoot the issue."; echo; exit 1; fi
--- a/docs/Changelog.md
+++ b/docs/Changelog.md
@ -12,7 +12,7 @@
    - fixed a crash in pizza (1st april easter egg) mode. Sorry for
      everyone who was affected!
    - allow pizza mode to be disabled when AFL_PIZZA_MODE is set to -1
-    - add -z switch to prefer new coverage findings in seed selection
+    - option `-p mmopt` now also selects new queue items more often
    - print name of custom mutator in UI
  - afl-cc:
    - add CFI sanitizer variant to gcc targets
--- a/include/afl-fuzz.h
+++ b/include/afl-fuzz.h
@ -501,8 +501,7 @@ typedef struct afl_state {
      custom_splice_optout,             /* Custom mutator no splice buffer  */
      is_main_node,                     /* if this is the main node         */
      is_secondary_node,                /* if this is a secondary instance  */
-      pizza_is_served,                  /* pizza mode                       */
-      prefer_new;                       /* prefer new queue entries         */
+      pizza_is_served;                  /* pizza mode                       */

  u32 stats_update_freq;                /* Stats update frequency (execs)   */

--- a/instrumentation/SanitizerCoverageLTO.so.cc
+++ b/instrumentation/SanitizerCoverageLTO.so.cc
@ -18,7 +18,7 @@
 #include "llvm/ADT/ArrayRef.h"
 #include "llvm/ADT/SmallVector.h"
 #if LLVM_VERSION_MAJOR < 17
-#include "llvm/ADT/Triple.h"
+  #include "llvm/ADT/Triple.h"
 #endif
 #include "llvm/Analysis/EHPersonalities.h"
 #include "llvm/Analysis/PostDominators.h"
--- a/instrumentation/SanitizerCoveragePCGUARD.so.cc
+++ b/instrumentation/SanitizerCoveragePCGUARD.so.cc
@ -14,7 +14,7 @@
 #include "llvm/ADT/ArrayRef.h"
 #include "llvm/ADT/SmallVector.h"
 #if LLVM_VERSION_MAJOR < 17
-#include "llvm/ADT/Triple.h"
+  #include "llvm/ADT/Triple.h"
 #endif
 #include "llvm/Analysis/EHPersonalities.h"
 #include "llvm/Analysis/PostDominators.h"
--- a/src/afl-fuzz-queue.c
+++ b/src/afl-fuzz-queue.c
@ -149,21 +149,15 @@ void create_alias_table(afl_state_t *afl) {

    }

-    if (unlikely(afl->prefer_new) && afl->queued_discovered) {
+    if (unlikely(afl->schedule == MMOPT) && afl->queued_discovered) {

-      double avg_weight = sum / active;
+      u32 cnt = afl->queued_discovered >= 5 ? 5 : afl->queued_discovered;

-      for (i = n - afl->queued_discovered; i < n; i++) {
+      for (i = n - cnt; i < n; i++) {

        struct queue_entry *q = afl->queue_buf[i];

-        if (likely(!q->disabled) && q->weight > avg_weight) {
-
-          double prev_weight = q->weight;
-          q->weight *= (2.0 * (i / n));
-          sum += (q->weight - prev_weight);
-
-        }
+        if (likely(!q->disabled)) { q->weight *= 2.0; }

      }

--- a/src/afl-fuzz.c
+++ b/src/afl-fuzz.c
@ -132,7 +132,6 @@ static void usage(u8 *argv0, int more_help) {
      "                  fast(default), explore, exploit, seek, rare, mmopt, "
      "coe, lin\n"
      "                  quad -- see docs/FAQ.md for more information\n"
-      "  -z            - prefer new coverage findings when fuzzing\n"
      "  -f file       - location read by the fuzzed program (default: stdin "
      "or @@)\n"
      "  -t msec       - timeout for each run (auto-scaled, default %u ms). "
@ -556,7 +555,7 @@ int main(int argc, char **argv_orig, char **envp) {
  while (
      (opt = getopt(
           argc, argv,
-           "+Ab:B:c:CdDe:E:hi:I:f:F:g:G:l:L:m:M:nNOo:p:RQs:S:t:T:UV:WXx:YzZ")) >
+           "+Ab:B:c:CdDe:E:hi:I:f:F:g:G:l:L:m:M:nNOo:p:RQs:S:t:T:UV:WXx:YZ")) >
      0) {

    switch (opt) {
@ -569,10 +568,6 @@ int main(int argc, char **argv_orig, char **envp) {
        afl->max_length = atoi(optarg);
        break;

-      case 'z':
-        afl->prefer_new = 1;
-        break;
-
      case 'Z':
        afl->old_seed_selection = 1;
        break;