afl++: add CTX-2 coverage option (#5567)

2 files changed, 9 insertions, 3 deletions

diff --git a/infra/base-images/base-builder/Dockerfile b/infra/base-images/base-builder/Dockerfile
index d802f247..ad2eeb94 100644
--- a/infra/base-images/base-builder/Dockerfile
+++ b/infra/base-images/base-builder/Dockerfile
@@ -181,7 +181,7 @@ WORKDIR $SRC
 # TODO: switch to -b stable once we can.
 RUN git clone https://github.com/AFLplusplus/AFLplusplus.git aflplusplus && \
     cd aflplusplus && \
-    git checkout 2102264acf5c271b7560a82771b3af8136af9354
+    git checkout 3ff4ca348c344bded53f53b0d0c4b020a188f26e
 
 RUN cd $SRC && \
     curl -L -O https://github.com/google/honggfuzz/archive/oss-fuzz.tar.gz && \
diff --git a/infra/base-images/base-builder/compile_afl b/infra/base-images/base-builder/compile_afl
index dc662445..f948876a 100644
--- a/infra/base-images/base-builder/compile_afl
+++ b/infra/base-images/base-builder/compile_afl
@@ -45,14 +45,20 @@ export ASAN_OPTIONS="detect_leaks=0:symbolize=0:detect_odr_violation=0:abort_on_
 
 # AFL compile option roulette. It is OK if they all happen together.
 
-# 40% chance to perform CMPLOG
+# 30% chance for CTX-2 coverage instrumentation (Caller conTeXt sensitive
+# edge coverage).
+test $(($RANDOM % 10)) -lt 3 && {
+  export AFL_LLVM_INSTRUMENT=CLASSIC,CTX-2
+}
+
+# 40% chance to perform CMPLOG/REDQUEEN.
 rm -f "$OUT/afl_cmplog.txt"
 test $(($RANDOM % 10)) -lt 4 && {
   export AFL_LLVM_CMPLOG=1
   touch "$OUT/afl_cmplog.txt"
 }
 
-# 10% chance to perform LAF_INTEL
+# 10% chance to perform COMPCOV/LAF_INTEL.
 test $(($RANDOM % 10)) -lt 1 && {
   export AFL_LLVM_LAF_ALL=1
 }