Merge pull request #1858 from AFLplusplus/pendfav

Pendfav
2025-06-21 21:54:25 +00:00 · 2023-09-11 12:52:46 +00:00
parent 5f6c76e192 cd6b89eb74
commit a8185f8ff2
4 changed files with 64 additions and 16 deletions
--- a/src/afl-fuzz-one.c
+++ b/src/afl-fuzz-one.c
@ -3442,7 +3442,12 @@ abandon_entry:
    --afl->pending_not_fuzzed;
    afl->queue_cur->was_fuzzed = 1;
    afl->reinit_table = 1;
-    if (afl->queue_cur->favored) { --afl->pending_favored; }
+    if (afl->queue_cur->favored) {
+
+      --afl->pending_favored;
+      afl->smallest_favored = -1;
+
+    }

  }

@ -5905,7 +5910,8 @@ pacemaker_fuzzing:

            --afl->pending_not_fuzzed;
            afl->queue_cur->was_fuzzed = 1;
-            if (afl->queue_cur->favored) { --afl->pending_favored; }
+            if (afl->queue_cur->favored) { --afl->pending_favored;
+        afl->smallest_favored = -1; }

          }

--- a/src/afl-fuzz-queue.c
+++ b/src/afl-fuzz-queue.c
@ -830,6 +830,8 @@ void cull_queue(afl_state_t *afl) {
  /* Let's see if anything in the bitmap isn't captured in temp_v.
     If yes, and if it has a afl->top_rated[] contender, let's use it. */

+  afl->smallest_favored = -1;
+
  for (i = 0; i < afl->fsrv.map_size; ++i) {

    if (afl->top_rated[i] && (temp_v[i >> 3] & (1 << (i & 7)))) {
@ -853,7 +855,16 @@ void cull_queue(afl_state_t *afl) {
        afl->top_rated[i]->favored = 1;
        ++afl->queued_favored;

-        if (!afl->top_rated[i]->was_fuzzed) { ++afl->pending_favored; }
+        if (!afl->top_rated[i]->was_fuzzed) {
+
+          ++afl->pending_favored;
+          if (unlikely(afl->smallest_favored < 0)) {
+
+            afl->smallest_favored = (s64)afl->top_rated[i]->id;
+
+          }
+
+        }

      }

--- a/src/afl-fuzz.c
+++ b/src/afl-fuzz.c
@ -2707,23 +2707,53 @@ int main(int argc, char **argv_orig, char **envp) {

      if (likely(!afl->old_seed_selection)) {

-        if (unlikely(prev_queued_items < afl->queued_items ||
-                     afl->reinit_table)) {
+        if (likely(afl->pending_favored && afl->smallest_favored >= 0)) {

-          // we have new queue entries since the last run, recreate alias table
-          prev_queued_items = afl->queued_items;
-          create_alias_table(afl);
+          afl->current_entry = afl->smallest_favored;
+
+          /*
+
+                    } else {
+
+                      for (s32 iter = afl->queued_items - 1; iter >= 0; --iter)
+             {
+
+                        if (unlikely(afl->queue_buf[iter]->favored &&
+                                     !afl->queue_buf[iter]->was_fuzzed)) {
+
+                          afl->current_entry = iter;
+                          break;
+
+                        }
+
+                      }
+
+          */
+
+          afl->queue_cur = afl->queue_buf[afl->current_entry];
+
+        } else {
+
+          if (unlikely(prev_queued_items < afl->queued_items ||
+                       afl->reinit_table)) {
+
+            // we have new queue entries since the last run, recreate alias
+            // table
+            prev_queued_items = afl->queued_items;
+            create_alias_table(afl);
+
+          }
+
+          do {
+
+            afl->current_entry = select_next_queue_entry(afl);
+
+          } while (unlikely(afl->current_entry >= afl->queued_items));
+
+          afl->queue_cur = afl->queue_buf[afl->current_entry];

        }

-        do {
-
-          afl->current_entry = select_next_queue_entry(afl);
-
-        } while (unlikely(afl->current_entry >= afl->queued_items));
-
-        afl->queue_cur = afl->queue_buf[afl->current_entry];
-
      }

      skipped_fuzz = fuzz_one(afl);