From 46a0f812b1b99032831dd523fbe0efe65f507c4c Mon Sep 17 00:00:00 2001
From: van Hauser <vh@thc.org>
Date: Mon, 25 May 2020 21:58:00 +0200
Subject: [PATCH 1/3] libfuzzer driver, better rt compilation

---
 llvm_mode/GNUmakefile | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/llvm_mode/GNUmakefile b/llvm_mode/GNUmakefile
index 01c83787..5f90783a 100644
--- a/llvm_mode/GNUmakefile
+++ b/llvm_mode/GNUmakefile
@@ -196,7 +196,8 @@ ifeq "$(shell echo 'int main() {return 0; }' | $(CLANG_BIN) -x c - -fuse-ld=`com
 endif
 endif
 
-CFLAGS          ?= -O3 -funroll-loops -D_FORTIFY_SOURCE=2
+CFLAGS          ?= -O3 -funroll-loops
+# -D_FORTIFY_SOURCE=2
 override CFLAGS += -Wall \
                -g -Wno-pointer-sign -I ../include/ \
                -DAFL_PATH=\"$(HELPER_PATH)\" -DBIN_PATH=\"$(BIN_PATH)\" \
@@ -209,7 +210,8 @@ ifdef AFL_TRACE_PC
   $(info Compile option AFL_TRACE_PC is deprecated, just set AFL_LLVM_INSTRUMENT=PCGUARD to activate when compiling targets )
 endif
 
-CXXFLAGS          ?= -O3 -funroll-loops -D_FORTIFY_SOURCE=2
+CXXFLAGS          ?= -O3 -funroll-loops
+# -D_FORTIFY_SOURCE=2
 override CXXFLAGS += -Wall -g -I ../include/ \
                      -DVERSION=\"$(VERSION)\" -Wno-variadic-macros
 

From d5bb9731fe1e4d80c050180f9fe05dd21d75e2b2 Mon Sep 17 00:00:00 2001
From: root <root@localhost.localdomain>
Date: Tue, 26 May 2020 17:41:24 +0200
Subject: [PATCH 2/3] Revert "libfuzzer driver, better rt compilation"

This reverts commit 46a0f812b1b99032831dd523fbe0efe65f507c4c.
---
 llvm_mode/GNUmakefile | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/llvm_mode/GNUmakefile b/llvm_mode/GNUmakefile
index 5f90783a..01c83787 100644
--- a/llvm_mode/GNUmakefile
+++ b/llvm_mode/GNUmakefile
@@ -196,8 +196,7 @@ ifeq "$(shell echo 'int main() {return 0; }' | $(CLANG_BIN) -x c - -fuse-ld=`com
 endif
 endif
 
-CFLAGS          ?= -O3 -funroll-loops
-# -D_FORTIFY_SOURCE=2
+CFLAGS          ?= -O3 -funroll-loops -D_FORTIFY_SOURCE=2
 override CFLAGS += -Wall \
                -g -Wno-pointer-sign -I ../include/ \
                -DAFL_PATH=\"$(HELPER_PATH)\" -DBIN_PATH=\"$(BIN_PATH)\" \
@@ -210,8 +209,7 @@ ifdef AFL_TRACE_PC
   $(info Compile option AFL_TRACE_PC is deprecated, just set AFL_LLVM_INSTRUMENT=PCGUARD to activate when compiling targets )
 endif
 
-CXXFLAGS          ?= -O3 -funroll-loops
-# -D_FORTIFY_SOURCE=2
+CXXFLAGS          ?= -O3 -funroll-loops -D_FORTIFY_SOURCE=2
 override CXXFLAGS += -Wall -g -I ../include/ \
                      -DVERSION=\"$(VERSION)\" -Wno-variadic-macros
 

From dab498c3b726cf4503abfbd61b62f65f92c9a4e9 Mon Sep 17 00:00:00 2001
From: arnow117 <arnow117@163.com>
Date: Wed, 27 May 2020 16:01:44 +0800
Subject: [PATCH 3/3] fix MOPT implementation flaws in core fuzzing

---
 src/afl-fuzz-one.c | 32 ++++++++++++++++++++++++++++----
 1 file changed, 28 insertions(+), 4 deletions(-)

diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c
index ddd15c84..5b1a2cba 100644
--- a/src/afl-fuzz-one.c
+++ b/src/afl-fuzz-one.c
@@ -4250,14 +4250,29 @@ pacemaker_fuzzing:
           u64 temp_temp_puppet =
               afl->queued_paths + afl->unique_crashes - temp_total_found;
           afl->total_puppet_find = afl->total_puppet_find + temp_temp_puppet;
-          for (i = 0; i < operator_num; ++i) {
 
-            if (MOpt_globals.cycles_v2[i] > MOpt_globals.cycles_v3[i]) {
+          if (MOpt_globals.is_pilot_mode){
 
-              MOpt_globals.finds_v2[i] += temp_temp_puppet;
+            for (i = 0; i < operator_num; ++i) {
+
+              if (MOpt_globals.cycles_v2[i] > MOpt_globals.cycles_v3[i]) {
+
+                MOpt_globals.finds_v2[i] += temp_temp_puppet;
+
+              }
 
             }
 
+          } else {
+
+          	for (i = 0; i < operator_num; i++) {
+
+							if (afl->core_operator_cycles_puppet_v2[i] > afl->core_operator_cycles_puppet_v3[i])
+
+								afl->core_operator_finds_puppet_v2[i] += temp_temp_puppet;
+
+				    }
+
           }
 
         }                                                             /* if */
@@ -4437,7 +4452,6 @@ pacemaker_fuzzing:
 
         afl->total_pacemaker_time += *MOpt_globals.pTime;
         *MOpt_globals.pTime = 0;
-        afl->temp_puppet_find = afl->total_puppet_find;
         new_hit_cnt = afl->queued_paths + afl->unique_crashes;
 
         if (MOpt_globals.is_pilot_mode) {
@@ -4448,6 +4462,7 @@ pacemaker_fuzzing:
 
         }
 
+        afl->temp_puppet_find = afl->total_puppet_find;
         u64 temp_stage_finds_puppet = 0;
         for (i = 0; i < operator_num; ++i) {
 
@@ -4530,6 +4545,15 @@ pacemaker_fuzzing:
 
         } else {
 
+					for (i = 0; i < operator_num; i++)
+					{
+
+						afl->core_operator_finds_puppet[i] = afl->core_operator_finds_puppet_v2[i];
+						afl->core_operator_cycles_puppet[i] = afl->core_operator_cycles_puppet_v2[i];
+						temp_stage_finds_puppet += afl->core_operator_finds_puppet[i];
+            
+					}
+
           afl->key_module = 2;
 
           afl->old_hit_count = new_hit_cnt;