got rid of questionable phrasing

README.md

@@ -381,10 +381,10 @@ The available schedules are:
  - rare (experimental)
 
 In parallel mode (-M/-S, several instances with the shared queue), we suggest to
-run the master using the explore or fast schedule (-p explore) and the slaves
+run the main node using the explore or fast schedule (-p explore) and the secondary
-with a combination of cut-off-exponential (-p coe), exponential (-p fast),
+nodes with a combination of cut-off-exponential (-p coe), exponential (-p fast),
 explore (-p explore) and mmopt (-p mmopt) schedules. If a schedule does
-not perform well for a target, restart the slave with a different schedule.
+not perform well for a target, restart the secondary nodes with a different schedule.
 
 In single mode, using -p fast is usually slightly more beneficial than the
 default explore mode.

docs/Changelog.md

@@ -11,11 +11,11 @@ sending a mail to <afl-users+subscribe@googlegroups.com>.
 
 ### Version ++2.65d (dev)
   - afl-fuzz:
-     - -S slaves now only sync from the master to increase performance,
+     - -S secondary nodes now only sync from the main node to increase performance,
-       the -M master still syncs from everyone. Added checks that ensure
+       the -M main node still syncs from everyone. Added checks that ensure
-       exactly one master is present and warn otherwise
+       exactly one main node is present and warn otherwise
-     - If no master is present at a sync one slave automatically becomes
+     - If no main node is present at a sync one secondary node automatically becomes
-       a temporary master until a real master shows up
+       a temporary main node until a real main nodes shows up
      - fix/update to MOpt (thanks to arnow117)
   - llvm_mode:
     - the default instrumentation is now PCGUARD, as it is faster and provides

docs/binaryonly_fuzzing.md

@@ -4,7 +4,7 @@
   it allows for very fast and coverage guided fuzzing.
 
   However, if there is only the binary program and no source code available,
-  then standard `afl-fuzz -n` (dumb mode) is not effective.
+  then standard `afl-fuzz -n` (non-instrumented mode) is not effective.
 
   The following is a description of how these binaries can be fuzzed with afl++
 

docs/notes_for_asan.md

@@ -28,9 +28,9 @@ Note that ASAN is incompatible with -static, so be mindful of that.
 
 (You can also use AFL_USE_MSAN=1 to enable MSAN instead.)
 
-NOTE: if you run several slaves only one should run the target compiled with
+NOTE: if you run several secondary instances, only one should run the target
-ASAN (and UBSAN, CFISAN), the others should run the target with no sanitizers
+compiled with ASAN (and UBSAN, CFISAN), the others should run the target with
-compiled in.
+no sanitizers compiled in.
 
 There is also the option of generating a corpus using a non-ASAN binary, and
 then feeding it to an ASAN-instrumented one to check for bugs. This is faster,

docs/parallel_fuzzing.md

@@ -13,12 +13,12 @@ In fact, if you rely on just a single job on a multi-core system, you will
 be underutilizing the hardware. So, parallelization is usually the right
 way to go.
 
-When targeting multiple unrelated binaries or using the tool in "dumb" (-n)
+When targeting multiple unrelated binaries or using the tool in
-mode, it is perfectly fine to just start up several fully separate instances
+"non-instrumented" (-n) mode, it is perfectly fine to just start up several
-of afl-fuzz. The picture gets more complicated when you want to have multiple
+fully separate instances of afl-fuzz. The picture gets more complicated when
-fuzzers hammering a common target: if a hard-to-hit but interesting test case
+you want to have multiple fuzzers hammering a common target: if a hard-to-hit
-is synthesized by one fuzzer, the remaining instances will not be able to use
+but interesting test case is synthesized by one fuzzer, the remaining instances
-that input to guide their work.
+will not be able to use that input to guide their work.
 
 To help with this problem, afl-fuzz offers a simple way to synchronize test
 cases on the fly.
@@ -37,7 +37,7 @@ system, simply create a new, empty output directory ("sync dir") that will be
 shared by all the instances of afl-fuzz; and then come up with a naming scheme
 for every instance - say, "fuzzer01", "fuzzer02", etc. 
 
-Run the first one ("master", -M) like this:
+Run the first one ("main node", -M) like this:
 
 ```
 ./afl-fuzz -i testcase_dir -o sync_dir -M fuzzer01 [...other stuff...]
@@ -57,26 +57,26 @@ Each fuzzer will keep its state in a separate subdirectory, like so:
 Each instance will also periodically rescan the top-level sync directory
 for any test cases found by other fuzzers - and will incorporate them into
 its own fuzzing when they are deemed interesting enough.
-For performance reasons only -M masters sync the queue with everyone, the
+For performance reasons only -M main node syncs the queue with everyone, the
--S slaves will only sync from the master.
+-S secondary nodes will only sync from the main node.
 
-The difference between the -M and -S modes is that the master instance will
+The difference between the -M and -S modes is that the main instance will
 still perform deterministic checks; while the secondary instances will
 proceed straight to random tweaks.
 
-Note that you must always have one -M master instance!
+Note that you must always have one -M main instance!
 
 Note that running multiple -M instances is wasteful, although there is an
 experimental support for parallelizing the deterministic checks. To leverage
 that, you need to create -M instances like so:
 
 ```
-./afl-fuzz -i testcase_dir -o sync_dir -M masterA:1/3 [...]
+./afl-fuzz -i testcase_dir -o sync_dir -M mainA:1/3 [...]
-./afl-fuzz -i testcase_dir -o sync_dir -M masterB:2/3 [...]
+./afl-fuzz -i testcase_dir -o sync_dir -M mainB:2/3 [...]
-./afl-fuzz -i testcase_dir -o sync_dir -M masterC:3/3 [...]
+./afl-fuzz -i testcase_dir -o sync_dir -M mainC:3/3 [...]
 ```
 
-...where the first value after ':' is the sequential ID of a particular master
+...where the first value after ':' is the sequential ID of a particular main
 instance (starting at 1), and the second value is the total number of fuzzers to
 distribute the deterministic fuzzing across. Note that if you boot up fewer
 fuzzers than indicated by the second number passed to -M, you may end up with
@@ -168,7 +168,7 @@ to keep in mind:
     This arrangement would allow test interesting cases to propagate across
     the fleet without having to copy every fuzzer queue to every single host.
 
-  - You do not want a "master" instance of afl-fuzz on every system; you should
+  - You do not want a "main" instance of afl-fuzz on every system; you should
     run them all with -S, and just designate a single process somewhere within
     the fleet to run with -M.
 
@@ -185,10 +185,10 @@ also basic machine-readable information always written to the fuzzer_stats file
 in the output directory. Locally, that information can be interpreted with
 afl-whatsup.
 
-In principle, you can use the status screen of the master (-M) instance to
+In principle, you can use the status screen of the main (-M) instance to
 monitor the overall fuzzing progress and decide when to stop. In this
 mode, the most important signal is just that no new paths are being found
-for a longer while. If you do not have a master instance, just pick any
+for a longer while. If you do not have a main instance, just pick any
 single secondary instance to watch and go by that.
 
 You can also rely on that instance's output directory to collect the
@@ -197,7 +197,7 @@ within the fleet. Secondary (-S) instances do not require any special
 monitoring, other than just making sure that they are up.
 
 Keep in mind that crashing inputs are *not* automatically propagated to the
-master instance, so you may still want to monitor for crashes fleet-wide
+main instance, so you may still want to monitor for crashes fleet-wide
 from within your synchronization or health checking scripts (see afl-whatsup).
 
 ## 5) Asymmetric setups

docs/power_schedules.md

@@ -25,7 +25,7 @@ where *α(i)* is the performance score that AFL uses to compute for the seed inp
   
 More details can be found in the paper that was accepted at the [23rd ACM Conference on Computer and Communications Security (CCS'16)](https://www.sigsac.org/ccs/CCS2016/accepted-papers/).
 
-PS: In parallel mode (several instances with shared queue), we suggest to run the master using the exploit schedule (-p exploit) and the slaves with a combination of cut-off-exponential (-p coe), exponential (-p fast; default), and explore (-p explore) schedules. In single mode, the default settings will do. **EDIT:** In parallel mode, AFLFast seems to perform poorly because the path probability estimates are incorrect for the imported seeds. Pull requests to fix this issue by syncing the estimates accross instances are appreciated :)
+PS: In parallel mode (several instances with shared queue), we suggest to run the main node using the exploit schedule (-p exploit) and the secondary nodes with a combination of cut-off-exponential (-p coe), exponential (-p fast; default), and explore (-p explore) schedules. In single mode, the default settings will do. **EDIT:** In parallel mode, AFLFast seems to perform poorly because the path probability estimates are incorrect for the imported seeds. Pull requests to fix this issue by syncing the estimates across instances are appreciated :)
 
 Copyright 2013, 2014, 2015, 2016 Google Inc. All rights reserved.
 Released under terms and conditions of Apache License, Version 2.0.

docs/status_screen.md

@@ -33,7 +33,7 @@ The top line shows you which mode afl-fuzz is running in
 (normal: "american fuzy lop", crash exploration mode: "peruvian rabbit mode")
 and the version of afl++.
 Next to the version is the banner, which, if not set with -T by hand, will
-either show the binary name being fuzzed, or the -M/-S master/slave name for
+either show the binary name being fuzzed, or the -M/-S main/secondary name for
 parallel fuzzing.
 Finally, the last item is the power schedule mode being run (default: explore).
 
@@ -404,7 +404,7 @@ directory. This includes:
   - `var_byte_count`    - how many edges are non-deterministic
   - `afl_banner`        - banner text (e.g. the target name)
   - `afl_version`       - the version of afl used
-  - `target_mode`       - default, persistent, qemu, unicorn, dumb
+  - `target_mode`       - default, persistent, qemu, unicorn, non-instrumented
   - `command_line`      - full command line used for the fuzzing session
 
 Most of these map directly to the UI elements discussed earlier on.

gcc_plugin/README.md

@@ -71,7 +71,7 @@ reports to <hexcoder-@github.com>.
 ## 4) Bonus feature #1: deferred initialization
 
 AFL tries to optimize performance by executing the targeted binary just once,
-stopping it just before main(), and then cloning this "master" process to get
+stopping it just before main(), and then cloning this "main" process to get
 a steady supply of targets to fuzz.
 
 Although this approach eliminates much of the OS-, linker- and libc-level

include/afl-fuzz.h

@@ -408,8 +408,8 @@ typedef struct afl_state {
       debug,                            /* Debug mode                       */
       custom_only,                      /* Custom mutator only mode         */
       python_only,                      /* Python-only mode                 */
-      is_master,                        /* if this is a master              */
+      is_main_node,                     /* if this is the main node         */
-      is_slave;                         /* if this is a slave               */
+      is_secondary_node;                /* if this is a secondary instance  */
 
   u32 stats_update_freq;                /* Stats update frequency (execs)   */
 
@@ -421,7 +421,7 @@ typedef struct afl_state {
 
   u8 skip_deterministic,                /* Skip deterministic stages?       */
       use_splicing,                     /* Recombine input files?           */
-      dumb_mode,                        /* Run in non-instrumented mode?    */
+      non_instrumented_mode,            /* Run in non-instrumented mode?    */
       score_changed,                    /* Scoring for favorites changed?   */
       resuming_fuzz,                    /* Resuming an older fuzzing job?   */
       timeout_given,                    /* Specific timeout given?          */
@@ -503,7 +503,7 @@ typedef struct afl_state {
   s32 stage_cur, stage_max;             /* Stage progression                */
   s32 splicing_with;                    /* Splicing with which test case?   */
 
-  u32 master_id, master_max;            /* Master instance job splitting    */
+  u32 main_node_id, main_node_max;      /*   Main instance job splitting    */
 
   u32 syncing_case;                     /* Syncing with case #...           */
 
@@ -916,7 +916,7 @@ u32    find_start_position(afl_state_t *);
 void   find_timeout(afl_state_t *);
 double get_runnable_processes(void);
 void   nuke_resume_dir(afl_state_t *);
-int    check_master_exists(afl_state_t *);
+int    check_main_node_exists(afl_state_t *);
 void   setup_dirs_fds(afl_state_t *);
 void   setup_cmdline_file(afl_state_t *, char **);
 void   setup_stdio_file(afl_state_t *);

include/sharedmem.h

@@ -53,7 +53,7 @@ typedef struct sharedmem {
 
 } sharedmem_t;
 
-u8 * afl_shm_init(sharedmem_t *, size_t, unsigned char dumb_mode);
+u8 * afl_shm_init(sharedmem_t *, size_t, unsigned char non_instrumented_mode);
 void afl_shm_deinit(sharedmem_t *);
 
 #endif

llvm_mode/README.persistent_mode.md

@@ -55,7 +55,7 @@ The speed increase is usually x10 to x20.
 ## 3) deferred initialization
 
 AFL tries to optimize performance by executing the targeted binary just once,
-stopping it just before main(), and then cloning this "master" process to get
+stopping it just before main(), and then cloning this "main" process to get
 a steady supply of targets to fuzz.
 
 Although this approach eliminates much of the OS-, linker- and libc-level

llvm_mode/afl-llvm-rt.o.c

@@ -425,7 +425,7 @@ static void __afl_start_snapshots(void) {
 
     } else {
 
-      // uh this forkserver master does not understand extended option passing
+      // uh this forkserver does not understand extended option passing
       // or does not want the dictionary
       if (!__afl_fuzz_ptr) already_read_first = 1;
 
@@ -627,7 +627,7 @@ static void __afl_start_forkserver(void) {
 
     } else {
 
-      // uh this forkserver master does not understand extended option passing
+      // uh this forkserver does not understand extended option passing
       // or does not want the dictionary
       if (!__afl_fuzz_ptr) already_read_first = 1;
 

qemu_mode/patches/afl-qemu-tcg-runtime-inl.h

@@ -215,7 +215,7 @@ void HELPER(afl_cmplog_rtn)(CPUArchState *env) {
 
 #else
 
-  // dumb code to make it compile
+  // stupid code to make it compile
   void *ptr1 = NULL;
   void *ptr2 = NULL;
   return;

src/afl-common.c

@@ -253,7 +253,7 @@ char **get_qemu_argv(u8 *own_loc, u8 **target_path_p, int argc, char **argv) {
        "binaries that are\n"
        "    instrumented at compile time with afl-gcc. It is also possible to "
        "use it as a\n"
-       "    traditional \"dumb\" fuzzer by specifying '-n' in the command "
+       "    traditional non-instrumented fuzzer by specifying '-n' in the command "
        "line.\n");
 
   FATAL("Failed to locate 'afl-qemu-trace'.");
@@ -353,7 +353,7 @@ char **get_wine_argv(u8 *own_loc, u8 **target_path_p, int argc, char **argv) {
        "binaries that are\n"
        "    instrumented at compile time with afl-gcc. It is also possible to "
        "use it as a\n"
-       "    traditional \"dumb\" fuzzer by specifying '-n' in the command "
+       "    traditional non-instrumented fuzzer by specifying '-n' in the command "
        "line.\n",
        ncp);
 

src/afl-forkserver.c

@@ -167,7 +167,7 @@ static u32 read_s32_timed(s32 fd, s32 *buf, u32 timeout_ms,
 
 }
 
-/* Internal forkserver for dumb_mode=1 and non-forkserver mode runs.
+/* Internal forkserver for non_instrumented_mode=1 and non-forkserver mode runs.
   It execvs for each fork, forwarding exit codes and child pids to afl. */
 
 static void afl_fauxsrv_execv(afl_forkserver_t *fsrv, char **argv) {

src/afl-fuzz-bitmap.c

@@ -623,14 +623,14 @@ u8 save_if_interesting(afl_state_t *afl, void *mem, u32 len, u8 fault) {
 
       /* Timeouts are not very interesting, but we're still obliged to keep
          a handful of samples. We use the presence of new bits in the
-         hang-specific bitmap as a signal of uniqueness. In "dumb" mode, we
+         hang-specific bitmap as a signal of uniqueness. In "non-instrumented"
-         just keep everything. */
+         mode, we just keep everything. */
 
       ++afl->total_tmouts;
 
       if (afl->unique_hangs >= KEEP_UNIQUE_HANG) { return keeping; }
 
-      if (likely(!afl->dumb_mode)) {
+      if (likely(!afl->non_instrumented_mode)) {
 
 #ifdef WORD_SIZE_64
         simplify_trace(afl, (u64 *)afl->fsrv.trace_bits);
@@ -698,7 +698,7 @@ u8 save_if_interesting(afl_state_t *afl, void *mem, u32 len, u8 fault) {
 
       if (afl->unique_crashes >= KEEP_UNIQUE_CRASH) { return keeping; }
 
-      if (likely(!afl->dumb_mode)) {
+      if (likely(!afl->non_instrumented_mode)) {
 
 #ifdef WORD_SIZE_64
         simplify_trace(afl, (u64 *)afl->fsrv.trace_bits);

src/afl-fuzz-init.c

@@ -1315,10 +1315,10 @@ dir_cleanup_failed:
 
 }
 
-/* If this is a -S slave, ensure a -M master is running, if a master is
+/* If this is a -S secondary node, ensure a -M main node is running,
-   running when another master is started then warn */
+  if a main node is running when another main is started, then warn */
 
-int check_master_exists(afl_state_t *afl) {
+int check_main_node_exists(afl_state_t *afl) {
 
   DIR *          sd;
   struct dirent *sd_ent;
@@ -1337,7 +1337,7 @@ int check_master_exists(afl_state_t *afl) {
 
     }
 
-    fn = alloc_printf("%s/%s/is_master", afl->sync_dir, sd_ent->d_name);
+    fn = alloc_printf("%s/%s/is_main_node", afl->sync_dir, sd_ent->d_name);
     int res = access(fn, F_OK);
     free(fn);
     if (res == 0) return 1;
@@ -1392,9 +1392,9 @@ void setup_dirs_fds(afl_state_t *afl) {
 
   }
 
-  if (afl->is_master) {
+  if (afl->is_main_node) {
 
-    u8 *x = alloc_printf("%s/is_master", afl->out_dir);
+    u8 *x = alloc_printf("%s/is_main_node", afl->out_dir);
     int fd = open(x, O_CREAT | O_RDWR, 0644);
     if (fd < 0) FATAL("cannot create %s", x);
     free(x);
@@ -1859,7 +1859,7 @@ void fix_up_sync(afl_state_t *afl) {
 
   u8 *x = afl->sync_id;
 
-  if (afl->dumb_mode) { FATAL("-S / -M and -n are mutually exclusive"); }
+  if (afl->non_instrumented_mode) { FATAL("-S / -M and -n are mutually exclusive"); }
 
   while (*x) {
 
@@ -1955,7 +1955,7 @@ void setup_testcase_shmem(afl_state_t *afl) {
 
   afl->shm_fuzz = ck_alloc(sizeof(sharedmem_t));
 
-  // we need to set the dumb mode to not overwrite the SHM_ENV_VAR
+  // we need to set the non-instrumented mode to not overwrite the SHM_ENV_VAR
   if ((afl->fsrv.shmem_fuzz = afl_shm_init(afl->shm_fuzz, MAX_FILE, 1))) {
 
 #ifdef USEMMAP
@@ -2126,7 +2126,7 @@ void check_binary(afl_state_t *afl, u8 *fname) {
 
 #endif                                                       /* ^!__APPLE__ */
 
-  if (!afl->fsrv.qemu_mode && !afl->unicorn_mode && !afl->dumb_mode &&
+  if (!afl->fsrv.qemu_mode && !afl->unicorn_mode && !afl->non_instrumented_mode &&
       !memmem(f_data, f_len, SHM_ENV_VAR, strlen(SHM_ENV_VAR) + 1)) {
 
     SAYF("\n" cLRD "[-] " cRST
@@ -2143,8 +2143,8 @@ void check_binary(afl_state_t *afl, u8 *fname) {
          "    mode support. Consult the README.md for tips on how to enable "
          "this.\n"
 
-         "    (It is also possible to use afl-fuzz as a traditional, \"dumb\" "
+         "    (It is also possible to use afl-fuzz as a traditional, "
-         "fuzzer.\n"
+         "non-instrumented fuzzer.\n"
          "    For that, you can use the -n option - but expect much worse "
          "results.)\n",
          doc_path);

src/afl-fuzz-one.c

@@ -415,7 +415,7 @@ u8 fuzz_one_original(afl_state_t *afl) {
 
     }
 
-  } else if (!afl->dumb_mode && !afl->queue_cur->favored &&
+  } else if (!afl->non_instrumented_mode && !afl->queue_cur->favored &&
 
              afl->queued_paths > 10) {
 
@@ -512,7 +512,7 @@ u8 fuzz_one_original(afl_state_t *afl) {
    * TRIMMING *
    ************/
 
-  if (!afl->dumb_mode && !afl->queue_cur->trim_done && !afl->disable_trim) {
+  if (!afl->non_instrumented_mode && !afl->queue_cur->trim_done && !afl->disable_trim) {
 
     u8 res = trim_case(afl, afl->queue_cur, in_buf);
 
@@ -577,10 +577,10 @@ u8 fuzz_one_original(afl_state_t *afl) {
   }
 
   /* Skip deterministic fuzzing if exec path checksum puts this out of scope
-     for this master instance. */
+     for this main instance. */
 
-  if (afl->master_max &&
+  if (afl->main_node_max &&
-      (afl->queue_cur->exec_cksum % afl->master_max) != afl->master_id - 1) {
+      (afl->queue_cur->exec_cksum % afl->main_node_max) != afl->main_node_id - 1) {
 
     goto custom_mutator_stage;
 
@@ -650,7 +650,7 @@ u8 fuzz_one_original(afl_state_t *afl) {
 
       */
 
-    if (!afl->dumb_mode && (afl->stage_cur & 7) == 7) {
+    if (!afl->non_instrumented_mode && (afl->stage_cur & 7) == 7) {
 
       u32 cksum = hash32(afl->fsrv.trace_bits, afl->fsrv.map_size, HASH_CONST);
 
@@ -822,10 +822,10 @@ u8 fuzz_one_original(afl_state_t *afl) {
 
       u32 cksum;
 
-      /* If in dumb mode or if the file is very short, just flag everything
+      /* If in non-instrumented mode or if the file is very short, just flag
-         without wasting time on checksums. */
+         everything without wasting time on checksums. */
 
-      if (!afl->dumb_mode && len >= EFF_MIN_LEN) {
+      if (!afl->non_instrumented_mode && len >= EFF_MIN_LEN) {
 
         cksum = hash32(afl->fsrv.trace_bits, afl->fsrv.map_size, HASH_CONST);
 
@@ -2568,7 +2568,7 @@ static u8 mopt_common_fuzzing(afl_state_t *afl, MOpt_globals_t MOpt_globals) {
 
     }
 
-  } else if (!afl->dumb_mode && !afl->queue_cur->favored &&
+  } else if (!afl->non_instrumented_mode && !afl->queue_cur->favored &&
 
              afl->queued_paths > 10) {
 
@@ -2660,7 +2660,7 @@ static u8 mopt_common_fuzzing(afl_state_t *afl, MOpt_globals_t MOpt_globals) {
    * TRIMMING *
    ************/
 
-  if (!afl->dumb_mode && !afl->queue_cur->trim_done) {
+  if (!afl->non_instrumented_mode && !afl->queue_cur->trim_done) {
 
     u8 res = trim_case(afl, afl->queue_cur, in_buf);
 
@@ -2730,10 +2730,10 @@ static u8 mopt_common_fuzzing(afl_state_t *afl, MOpt_globals_t MOpt_globals) {
   }
 
   /* Skip deterministic fuzzing if exec path checksum puts this out of scope
-     for this master instance. */
+     for this main instance. */
 
-  if (afl->master_max &&
+  if (afl->main_node_max &&
-      (afl->queue_cur->exec_cksum % afl->master_max) != afl->master_id - 1) {
+      (afl->queue_cur->exec_cksum % afl->main_node_max) != afl->main_node_id - 1) {
 
     goto havoc_stage;
 
@@ -2803,7 +2803,7 @@ static u8 mopt_common_fuzzing(afl_state_t *afl, MOpt_globals_t MOpt_globals) {
 
       */
 
-    if (!afl->dumb_mode && (afl->stage_cur & 7) == 7) {
+    if (!afl->non_instrumented_mode && (afl->stage_cur & 7) == 7) {
 
       u32 cksum = hash32(afl->fsrv.trace_bits, afl->fsrv.map_size, HASH_CONST);
 
@@ -2975,10 +2975,10 @@ static u8 mopt_common_fuzzing(afl_state_t *afl, MOpt_globals_t MOpt_globals) {
 
       u32 cksum;
 
-      /* If in dumb mode or if the file is very short, just flag everything
+      /* If in non-instrumented mode or if the file is very short, just flag everything
          without wasting time on checksums. */
 
-      if (!afl->dumb_mode && len >= EFF_MIN_LEN) {
+      if (!afl->non_instrumented_mode && len >= EFF_MIN_LEN) {
 
         cksum = hash32(afl->fsrv.trace_bits, afl->fsrv.map_size, HASH_CONST);
 

src/afl-fuzz-queue.c

@@ -303,7 +303,7 @@ void cull_queue(afl_state_t *afl) {
   u32                 i;
   u8 *                temp_v = afl->map_tmp_buf;
 
-  if (afl->dumb_mode || !afl->score_changed) { return; }
+  if (afl->non_instrumented_mode || !afl->score_changed) { return; }
 
   afl->score_changed = 0;
 

src/afl-fuzz-run.c

@@ -234,7 +234,7 @@ u8 calibrate_case(afl_state_t *afl, struct queue_entry *q, u8 *use_mem,
     if (afl->fsrv.support_shdmen_fuzz && !afl->fsrv.use_shdmen_fuzz) {
 
       afl_shm_deinit(afl->shm_fuzz);
-      free(afl->shm_fuzz);
+      ck_free(afl->shm_fuzz);
       afl->shm_fuzz = NULL;
       afl->fsrv.support_shdmen_fuzz = 0;
       afl->fsrv.shmem_fuzz = NULL;
@@ -272,7 +272,7 @@ u8 calibrate_case(afl_state_t *afl, struct queue_entry *q, u8 *use_mem,
 
     if (afl->stop_soon || fault != afl->crash_mode) { goto abort_calibration; }
 
-    if (!afl->dumb_mode && !afl->stage_cur &&
+    if (!afl->non_instrumented_mode && !afl->stage_cur &&
         !count_bytes(afl, afl->fsrv.trace_bits)) {
 
       fault = FSRV_RUN_NOINST;
@@ -337,7 +337,7 @@ u8 calibrate_case(afl_state_t *afl, struct queue_entry *q, u8 *use_mem,
      parent. This is a non-critical problem, but something to warn the user
      about. */
 
-  if (!afl->dumb_mode && first_run && !fault && !new_bits) {
+  if (!afl->non_instrumented_mode && first_run && !fault && !new_bits) {
 
     fault = FSRV_RUN_NOBITS;
 
@@ -412,17 +412,17 @@ void sync_fuzzers(afl_state_t *afl) {
 
     entries++;
 
-    // a slave only syncs from a master, a master syncs from everyone
+    // secondary nodes only syncs from main, the main node syncs from everyone
-    if (likely(afl->is_slave)) {
+    if (likely(afl->is_secondary_node)) {
 
-      sprintf(qd_path, "%s/%s/is_master", afl->sync_dir, sd_ent->d_name);
+      sprintf(qd_path, "%s/%s/is_main_node", afl->sync_dir, sd_ent->d_name);
       int res = access(qd_path, F_OK);
-      if (unlikely(afl->is_master)) {  // an elected temporary master
+      if (unlikely(afl->is_main_node)) {  // an elected temporary main node
 
-        if (likely(res == 0)) {  // there is another master? downgrade.
+        if (likely(res == 0)) {  // there is another main node? downgrade.
 
-          afl->is_master = 0;
+          afl->is_main_node = 0;
-          sprintf(qd_path, "%s/is_master", afl->out_dir);
+          sprintf(qd_path, "%s/is_main_node", afl->out_dir);
           unlink(qd_path);
 
         }
@@ -561,16 +561,16 @@ void sync_fuzzers(afl_state_t *afl) {
 
   closedir(sd);
 
-  // If we are a slave and no master was found to sync then become the master
+  // If we are a secondary and no main was found to sync then become the main
-  if (unlikely(synced == 0) && likely(entries) && likely(afl->is_slave)) {
+  if (unlikely(synced == 0) && likely(entries) && likely(afl->is_secondary_node)) {
 
-    // there is a small race condition here that another slave runs at the same
+    // there is a small race condition here that another secondary runs at the same
-    // time. If so, the first temporary master running again will demote
+    // time. If so, the first temporary main node running again will demote
     // themselves so this is not an issue
 
     u8 path[PATH_MAX];
-    afl->is_master = 1;
+    afl->is_main_node = 1;
-    sprintf(path, "%s/is_master", afl->out_dir);
+    sprintf(path, "%s/is_main_node", afl->out_dir);
     int fd = open(path, O_CREAT | O_RDWR, 0644);
     if (fd >= 0) { close(fd); }
 

src/afl-fuzz-stats.c

@@ -125,12 +125,13 @@ void write_stats_file(afl_state_t *afl, double bitmap_cvg, double stability,
 #endif
       t_bytes, afl->var_byte_count, afl->use_banner,
       afl->unicorn_mode ? "unicorn" : "", afl->fsrv.qemu_mode ? "qemu " : "",
-      afl->dumb_mode ? " dumb " : "", afl->no_forkserver ? "no_fsrv " : "",
+      afl->non_instrumented_mode ? " non_instrumented " : "",
+      afl->no_forkserver ? "no_fsrv " : "",
       afl->crash_mode ? "crash " : "",
       afl->persistent_mode ? "persistent " : "",
       afl->shmem_testcase_mode ? "shmem_testcase " : "",
       afl->deferred_mode ? "deferred " : "",
-      (afl->unicorn_mode || afl->fsrv.qemu_mode || afl->dumb_mode ||
+      (afl->unicorn_mode || afl->fsrv.qemu_mode || afl->non_instrumented_mode ||
        afl->no_forkserver || afl->crash_mode || afl->persistent_mode ||
        afl->deferred_mode)
           ? ""
@@ -327,7 +328,7 @@ void show_stats(afl_state_t *afl) {
 
   /* Honor AFL_EXIT_WHEN_DONE and AFL_BENCH_UNTIL_CRASH. */
 
-  if (!afl->dumb_mode && afl->cycles_wo_finds > 100 &&
+  if (!afl->non_instrumented_mode && afl->cycles_wo_finds > 100 &&
       !afl->pending_not_fuzzed && afl->afl_env.afl_exit_when_done) {
 
     afl->stop_soon = 2;
@@ -415,7 +416,7 @@ void show_stats(afl_state_t *afl) {
        " process timing " bSTG bH30 bH5 bH bHB bH bSTOP cCYA
        " overall results " bSTG bH2 bH2                 bRT "\n");
 
-  if (afl->dumb_mode) {
+  if (afl->non_instrumented_mode) {
 
     strcpy(tmp, cRST);
 
@@ -461,7 +462,7 @@ void show_stats(afl_state_t *afl) {
   /* We want to warn people about not seeing new paths after a full cycle,
      except when resuming fuzzing or running in non-instrumented mode. */
 
-  if (!afl->dumb_mode &&
+  if (!afl->non_instrumented_mode &&
       (afl->last_path_time || afl->resuming_fuzz || afl->queue_cycle == 1 ||
        afl->in_bitmap || afl->crash_mode)) {
 
@@ -470,7 +471,7 @@ void show_stats(afl_state_t *afl) {
 
   } else {
 
-    if (afl->dumb_mode) {
+    if (afl->non_instrumented_mode) {
 
       SAYF(bV bSTOP "   last new path : " cPIN "n/a" cRST
                     " (non-instrumented mode)       ");
@@ -526,7 +527,7 @@ void show_stats(afl_state_t *afl) {
 
   SAYF("    map density : %s%-21s" bSTG bV "\n",
        t_byte_ratio > 70 ? cLRD
-                         : ((t_bytes < 200 && !afl->dumb_mode) ? cPIN : cRST),
+                         : ((t_bytes < 200 && !afl->non_instrumented_mode) ? cPIN : cRST),
        tmp);
 
   sprintf(tmp, "%s (%0.02f%%)", u_stringify_int(IB(0), afl->cur_skipped_paths),
@@ -1021,10 +1022,10 @@ void show_init_stats(afl_state_t *afl) {
 
   }
 
-  /* In dumb mode, re-running every timing out test case with a generous time
+  /* In non-instrumented mode, re-running every timing out test case with a generous time
      limit is very expensive, so let's select a more conservative default. */
 
-  if (afl->dumb_mode && !(afl->afl_env.afl_hang_tmout)) {
+  if (afl->non_instrumented_mode && !(afl->afl_env.afl_hang_tmout)) {
 
     afl->hang_tmout = MIN(EXEC_TIMEOUT, afl->fsrv.exec_tmout * 2 + 100);
 

src/afl-fuzz.c

@@ -130,7 +130,7 @@ static void usage(afl_state_t *afl, u8 *argv0, int more_help) {
       "  -N            - do not unlink the fuzzing input file (only for "
       "devices etc.!)\n"
       "  -d            - quick & dirty mode (skips deterministic steps)\n"
-      "  -n            - fuzz without instrumentation (dumb mode)\n"
+      "  -n            - fuzz without instrumentation (non-instrumented mode)\n"
       "  -x dir        - optional fuzzer dictionary (see README.md, its really "
       "good!)\n\n"
 
@@ -379,17 +379,17 @@ int main(int argc, char **argv_orig, char **envp) {
 
           *c = 0;
 
-          if (sscanf(c + 1, "%u/%u", &afl->master_id, &afl->master_max) != 2 ||
+          if (sscanf(c + 1, "%u/%u", &afl->main_node_id, &afl->main_node_max) != 2 ||
-              !afl->master_id || !afl->master_max ||
+              !afl->main_node_id || !afl->main_node_max ||
-              afl->master_id > afl->master_max || afl->master_max > 1000000) {
+              afl->main_node_id > afl->main_node_max || afl->main_node_max > 1000000) {
 
-            FATAL("Bogus master ID passed to -M");
+            FATAL("Bogus main node ID passed to -M");
 
           }
 
         }
 
-        afl->is_master = 1;
+        afl->is_main_node = 1;
 
       }
 
@@ -399,7 +399,7 @@ int main(int argc, char **argv_orig, char **envp) {
 
         if (afl->sync_id) { FATAL("Multiple -S or -M options not supported"); }
         afl->sync_id = ck_strdup(optarg);
-        afl->is_slave = 1;
+        afl->is_secondary_node = 1;
         afl->skip_deterministic = 1;
         afl->use_splicing = 1;
         break;
@@ -533,14 +533,14 @@ int main(int argc, char **argv_orig, char **envp) {
 
       case 'n':                                                /* dumb mode */
 
-        if (afl->dumb_mode) { FATAL("Multiple -n options not supported"); }
+        if (afl->non_instrumented_mode) { FATAL("Multiple -n options not supported"); }
         if (afl->afl_env.afl_dumb_forksrv) {
 
-          afl->dumb_mode = 2;
+          afl->non_instrumented_mode = 2;
 
         } else {
 
-          afl->dumb_mode = 1;
+          afl->non_instrumented_mode = 1;
 
         }
 
@@ -791,10 +791,10 @@ int main(int argc, char **argv_orig, char **envp) {
   OKF("afl-tmin fork server patch from github.com/nccgroup/TriforceAFL");
   OKF("MOpt Mutator from github.com/puppet-meteor/MOpt-AFL");
 
-  if (afl->sync_id && afl->is_master && afl->afl_env.afl_custom_mutator_only) {
+  if (afl->sync_id && afl->is_main_node && afl->afl_env.afl_custom_mutator_only) {
 
     WARNF(
-        "Using -M master with the AFL_CUSTOM_MUTATOR_ONLY mutator options will "
+        "Using -M main node with the AFL_CUSTOM_MUTATOR_ONLY mutator options will "
         "result in no deterministic mutations being done!");
 
   }
@@ -872,7 +872,7 @@ int main(int argc, char **argv_orig, char **envp) {
 
   }
 
-  if (afl->dumb_mode) {
+  if (afl->non_instrumented_mode) {
 
     if (afl->crash_mode) { FATAL("-C and -n are mutually exclusive"); }
     if (afl->fsrv.qemu_mode) { FATAL("-Q and -n are mutually exclusive"); }
@@ -955,13 +955,13 @@ int main(int argc, char **argv_orig, char **envp) {
 
   }
 
-  if (afl->dumb_mode == 2 && afl->no_forkserver) {
+  if (afl->non_instrumented_mode == 2 && afl->no_forkserver) {
 
     FATAL("AFL_DUMB_FORKSRV and AFL_NO_FORKSRV are mutually exclusive");
 
   }
 
-  afl->fsrv.use_fauxsrv = afl->dumb_mode == 1 || afl->no_forkserver;
+  afl->fsrv.use_fauxsrv = afl->non_instrumented_mode == 1 || afl->no_forkserver;
 
   if (getenv("LD_PRELOAD")) {
 
@@ -1058,7 +1058,7 @@ int main(int argc, char **argv_orig, char **envp) {
   check_cpu_governor(afl);
 
   afl->fsrv.trace_bits =
-      afl_shm_init(&afl->shm, afl->fsrv.map_size, afl->dumb_mode);
+      afl_shm_init(&afl->shm, afl->fsrv.map_size, afl->non_instrumented_mode);
 
   if (!afl->in_bitmap) { memset(afl->virgin_bits, 255, afl->fsrv.map_size); }
   memset(afl->virgin_tmout, 255, afl->fsrv.map_size);
@@ -1066,7 +1066,7 @@ int main(int argc, char **argv_orig, char **envp) {
 
   init_count_class16();
 
-  if (afl->is_master && check_master_exists(afl) == 1) {
+  if (afl->is_main_node && check_main_node_exists(afl) == 1) {
 
     WARNF("it is wasteful to run more than one master!");
     sleep(1);
@@ -1075,9 +1075,9 @@ int main(int argc, char **argv_orig, char **envp) {
 
   setup_dirs_fds(afl);
 
-  if (afl->is_slave && check_master_exists(afl) == 0) {
+  if (afl->is_secondary_node && check_main_node_exists(afl) == 0) {
 
-    WARNF("no -M master found. You need to run one master!");
+    WARNF("no -M main node found. You need to run one main instance!");
     sleep(5);
 
   }
@@ -1369,10 +1369,10 @@ stop_fuzzing:
        time_spent_working / afl->fsrv.total_execs);
   #endif
 
-  if (afl->is_master) {
+  if (afl->is_main_node) {
 
     u8 path[PATH_MAX];
-    sprintf(path, "%s/is_master", afl->out_dir);
+    sprintf(path, "%s/is_main_node", afl->out_dir);
     unlink(path);
 
   }

src/afl-sharedmem.c

@@ -96,7 +96,7 @@ void afl_shm_deinit(sharedmem_t *shm) {
    Returns a pointer to shm->map for ease of use.
 */
 
-u8 *afl_shm_init(sharedmem_t *shm, size_t map_size, unsigned char dumb_mode) {
+u8 *afl_shm_init(sharedmem_t *shm, size_t map_size, unsigned char non_instrumented_mode) {
 
   shm->map_size = map_size;
 
@@ -137,12 +137,12 @@ u8 *afl_shm_init(sharedmem_t *shm, size_t map_size, unsigned char dumb_mode) {
 
   }
 
-  /* If somebody is asking us to fuzz instrumented binaries in dumb mode,
+  /* If somebody is asking us to fuzz instrumented binaries in non-instrumented mode,
      we don't want them to detect instrumentation, since we won't be sending
      fork server commands. This should be replaced with better auto-detection
      later on, perhaps? */
 
-  if (!dumb_mode) setenv(SHM_ENV_VAR, shm->g_shm_file_path, 1);
+  if (!non_instrumented_mode) setenv(SHM_ENV_VAR, shm->g_shm_file_path, 1);
 
   if (shm->map == -1 || !shm->map) PFATAL("mmap() failed");
 
@@ -164,12 +164,12 @@ u8 *afl_shm_init(sharedmem_t *shm, size_t map_size, unsigned char dumb_mode) {
 
   shm_str = alloc_printf("%d", shm->shm_id);
 
-  /* If somebody is asking us to fuzz instrumented binaries in dumb mode,
+  /* If somebody is asking us to fuzz instrumented binaries in non-instrumented mode,
      we don't want them to detect instrumentation, since we won't be sending
      fork server commands. This should be replaced with better auto-detection
      later on, perhaps? */
 
-  if (!dumb_mode) { setenv(SHM_ENV_VAR, shm_str, 1); }
+  if (!non_instrumented_mode) { setenv(SHM_ENV_VAR, shm_str, 1); }
 
   ck_free(shm_str);
 
@@ -177,7 +177,7 @@ u8 *afl_shm_init(sharedmem_t *shm, size_t map_size, unsigned char dumb_mode) {
 
     shm_str = alloc_printf("%d", shm->cmplog_shm_id);
 
-    if (!dumb_mode) { setenv(CMPLOG_SHM_ENV_VAR, shm_str, 1); }
+    if (!non_instrumented_mode) { setenv(CMPLOG_SHM_ENV_VAR, shm_str, 1); }
 
     ck_free(shm_str);