debug

vanhauser-thc · vanhauser-thc · commit d4071b0fe427 · 2024-05-16T14:40:53.000+02:00
diff --git a/src/afl-fuzz-queue.c b/src/afl-fuzz-queue.c
@@ -60,6 +60,7 @@ inline u32 select_next_queue_entry(afl_state_t *afl) {
 
 }
 
+#define DEBUG_QUEUE 1
 double compute_weight(afl_state_t *afl, struct queue_entry *q,
                       double avg_exec_us, double avg_bitmap_size,
                       double avg_top_size, double avg_score) {
@@ -73,15 +74,46 @@ double compute_weight(afl_state_t *afl, struct queue_entry *q,
 
   }
 
+#ifdef DEBUG_QUEUE
+  fprintf(stderr, "WEIGHT id=%u fname=%s start_weight=1.0\n", q->id, q->fname);
+  fprintf(stderr, "  after step 1: %.2f (log10(hits))\n", weight);
+#endif
   if (likely(afl->schedule < RARE)) { weight *= (avg_exec_us / q->exec_us); }
+#ifdef DEBUG_QUEUE
+  fprintf(stderr, "  after step 2: %.2f (exec_us)\n", weight);
+#endif
   weight *= (log(q->bitmap_size) / avg_bitmap_size);
+#ifdef DEBUG_QUEUE
+  fprintf(stderr, "  after step 3: %.2f (log(bitmap_size))\n", weight);
+#endif
   weight *= (1 + (q->tc_ref / avg_top_size));
-  if (unlikely(avg_score != 0.0)) { weight *= (log(q->score) / avg_score); }
+#ifdef DEBUG_QUEUE
+  fprintf(stderr, "  after step 4: %.2f (top_size)\n", weight);
+#endif
+  if (unlikely(avg_score != 0.0)) { weight *= (q->score / avg_score); }
+#ifdef DEBUG_QUEUE
+  fprintf(stderr, "  after step 5: %.2f (score)\n", weight);
+#endif
 
   if (unlikely(weight < 0.1)) { weight = 0.1; }
-  if (unlikely(q->favored)) { weight *= 5; }
-  if (unlikely(!q->was_fuzzed)) { weight *= 2; }
-  if (unlikely(q->fs_redundant)) { weight *= 0.8; }
+  if (unlikely(q->favored)) {
+
+    weight += 1;
+    weight *= 5;
+
+  }
+
+#ifdef DEBUG_QUEUE
+  fprintf(stderr, "  after step 6: %.2f (favored)\n", weight);
+#endif
+  if (unlikely(!q->was_fuzzed)) { weight *= 2.5; }
+#ifdef DEBUG_QUEUE
+  fprintf(stderr, "  after step 7: %.2f (was_fuzzed)\n", weight);
+#endif
+  if (unlikely(q->fs_redundant)) { weight *= 0.75; }
+#ifdef DEBUG_QUEUE
+  fprintf(stderr, "  after final step: %.2f (fs_redundant)\n", weight);
+#endif
 
   return weight;
 
@@ -133,7 +165,7 @@ void create_alias_table(afl_state_t *afl) {
         avg_exec_us += q->exec_us;
         avg_bitmap_size += log(q->bitmap_size);
         avg_top_size += q->tc_ref;
-        if (exploit) { avg_score += q->score; }
+        if (exploit) { avg_score += /*log(*/ q->score /*)*/; }
         ++active;
 
       }
diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c
@@ -3080,13 +3080,13 @@ int main(int argc, char **argv_orig, char **envp) {
         struct queue_entry *q = afl->queue_buf[k];
         fprintf(stderr,
                 "item=%u fname=%s len=%u exec_us=%llu has_new_cov=%u "
-                "var_behavior=%u "
-                "favored=%u fs_redundant=%u disabled=%u bitmap_size=%u "
-                "fuzz_level=%u "
-                "mother=%d perf_score=%.2f weight=%.2f score=%u\n",
+                "var_behavior=%u favored=%u fs_redundant=%u disabled=%u "
+                "bitmap_size=%u "
+                "fuzz_level=%u was_fuzzed=%u mother=%d perf_score=%.2f "
+                "weight=%.2f score=%u\n",
                 k, q->fname, q->len, q->exec_us, q->has_new_cov,
                 q->var_behavior, q->favored, q->fs_redundant, q->disabled,
-                q->bitmap_size, q->fuzz_level,
+                q->bitmap_size, q->fuzz_level, q->was_fuzzed,
                 q->mother == NULL ? -1 : (int)q->mother->id, q->perf_score,
                 q->weight, q->score);
 
