key_puppet never goes back to 0

[hghwng]

https://github.com/puppet-meteor/MOpt-AFL/blob/a9a5dc5c0c291c1cdb09b2b7b27d7cbf1db7ce7b/MOpt/afl-fuzz.c#L8689

I formatted the code a bit, and it reads:

...
if (unlikely(
        queued_paths + unique_crashes >
      ((queued_paths + unique_crashes) * 1.1 + orig_hit_cnt_puppet))) {
key_puppet = 0;
...

If I understand correctly, key_puppet never goes back to 0 (due to the factor of 1.1 and the addition of u64 orig_hit_cnt_puppet). Could you please explain the design behind? Thanks in advance!

[puppet-meteor]

Hi! If you read the paper or the README of the github, you may realize that there is the pacemaker fuzzing mode in the design of MOpt. The pacemaker mode is used to skip the deterministic stage if necessary, which slows down the iteration of the customized PSO algorithm as described in the paper. In our paper, we test MOpt-AFL-tmp (which will re-enable the deterministic stage again when the number of new interesting test cases exceeds a predefined threshold) and MOpt-AFL-ever (which will never re-enable the deterministic stage in the following fuzzing process). Thus, key_puppet is used to control the pacemaker fuzzing mode. It never goes back to 0 since we open source the MOpt-AFL-ever. Note that the parameter -L t controls the the timing of key_puppet to become 1. We recommend -L 0 if your evaluation lasts less than 6 hours.

[hghwng]

Thanks for the note. It's really helpful to understand the design from a bird's-eye view! By the way, I cannot fully comprehend the original code snippet in specific. Could you elaborate it a bit?