got rid of questionable phrasing

Author: domenukk

README.md

@@ -381,10 +381,10 @@ The available schedules are:
  - rare (experimental)
 
 In parallel mode (-M/-S, several instances with the shared queue), we suggest to
-run the master using the explore or fast schedule (-p explore) and the slaves
-with a combination of cut-off-exponential (-p coe), exponential (-p fast),
+run the main node using the explore or fast schedule (-p explore) and the secondary
+nodes with a combination of cut-off-exponential (-p coe), exponential (-p fast),
 explore (-p explore) and mmopt (-p mmopt) schedules. If a schedule does
-not perform well for a target, restart the slave with a different schedule.
+not perform well for a target, restart the secondary nodes with a different schedule.
 
 In single mode, using -p fast is usually slightly more beneficial than the
 default explore mode.

docs/Changelog.md

@@ -11,11 +11,11 @@ sending a mail to <[email protected]>.
 
 ### Version ++2.65d (dev)
   - afl-fuzz:
-     - -S slaves now only sync from the master to increase performance,
-       the -M master still syncs from everyone. Added checks that ensure
-       exactly one master is present and warn otherwise
-     - If no master is present at a sync one slave automatically becomes
-       a temporary master until a real master shows up
+     - -S secondary nodes now only sync from the main node to increase performance,
+       the -M main node still syncs from everyone. Added checks that ensure
+       exactly one main node is present and warn otherwise
+     - If no main node is present at a sync one secondary node automatically becomes
+       a temporary main node until a real main nodes shows up
      - fix/update to MOpt (thanks to arnow117)
   - llvm_mode:
     - the default instrumentation is now PCGUARD, as it is faster and provides
@@ -912,7 +912,7 @@ sending a mail to <[email protected]>.
   - Switched from exit() to _exit() in injected code to avoid snafus with
     destructors in C++ code. Spotted by sunblate.
 
-  - Made a change to avoid spuriously setting __AFL_SHM_ID when 
+  - Made a change to avoid spuriously setting __AFL_SHM_ID when
     AFL_DUMB_FORKSRV is set in conjunction with -n. Spotted by Jakub Wilk.
 
 ### Version 1.94b:

docs/binaryonly_fuzzing.md

@@ -4,7 +4,7 @@
   it allows for very fast and coverage guided fuzzing.
 
   However, if there is only the binary program and no source code available,
-  then standard `afl-fuzz -n` (dumb mode) is not effective.
+  then standard `afl-fuzz -n` (non-instrumented mode) is not effective.
 
   The following is a description of how these binaries can be fuzzed with afl++
 

docs/notes_for_asan.md

@@ -28,9 +28,9 @@ Note that ASAN is incompatible with -static, so be mindful of that.
 
 (You can also use AFL_USE_MSAN=1 to enable MSAN instead.)
 
-NOTE: if you run several slaves only one should run the target compiled with
-ASAN (and UBSAN, CFISAN), the others should run the target with no sanitizers
-compiled in.
+NOTE: if you run several secondary instances, only one should run the target
+compiled with ASAN (and UBSAN, CFISAN), the others should run the target with
+no sanitizers compiled in.
 
 There is also the option of generating a corpus using a non-ASAN binary, and
 then feeding it to an ASAN-instrumented one to check for bugs. This is faster,

docs/parallel_fuzzing.md

@@ -13,12 +13,12 @@ In fact, if you rely on just a single job on a multi-core system, you will
 be underutilizing the hardware. So, parallelization is usually the right
 way to go.
 
-When targeting multiple unrelated binaries or using the tool in "dumb" (-n)
-mode, it is perfectly fine to just start up several fully separate instances
-of afl-fuzz. The picture gets more complicated when you want to have multiple
-fuzzers hammering a common target: if a hard-to-hit but interesting test case
-is synthesized by one fuzzer, the remaining instances will not be able to use
-that input to guide their work.
+When targeting multiple unrelated binaries or using the tool in
+"non-instrumented" (-n) mode, it is perfectly fine to just start up several
+fully separate instances of afl-fuzz. The picture gets more complicated when
+you want to have multiple fuzzers hammering a common target: if a hard-to-hit
+but interesting test case is synthesized by one fuzzer, the remaining instances
+will not be able to use that input to guide their work.
 
 To help with this problem, afl-fuzz offers a simple way to synchronize test
 cases on the fly.
@@ -37,7 +37,7 @@ system, simply create a new, empty output directory ("sync dir") that will be
 shared by all the instances of afl-fuzz; and then come up with a naming scheme
 for every instance - say, "fuzzer01", "fuzzer02", etc. 
 
-Run the first one ("master", -M) like this:
+Run the first one ("main node", -M) like this:
 
 ```
 ./afl-fuzz -i testcase_dir -o sync_dir -M fuzzer01 [...other stuff...]
@@ -57,26 +57,26 @@ Each fuzzer will keep its state in a separate subdirectory, like so:
 Each instance will also periodically rescan the top-level sync directory
 for any test cases found by other fuzzers - and will incorporate them into
 its own fuzzing when they are deemed interesting enough.
-For performance reasons only -M masters sync the queue with everyone, the
--S slaves will only sync from the master.
+For performance reasons only -M main node syncs the queue with everyone, the
+-S secondary nodes will only sync from the main node.
 
-The difference between the -M and -S modes is that the master instance will
+The difference between the -M and -S modes is that the main instance will
 still perform deterministic checks; while the secondary instances will
 proceed straight to random tweaks.
 
-Note that you must always have one -M master instance!
+Note that you must always have one -M main instance!
 
 Note that running multiple -M instances is wasteful, although there is an
 experimental support for parallelizing the deterministic checks. To leverage
 that, you need to create -M instances like so:
 
 ```
-./afl-fuzz -i testcase_dir -o sync_dir -M masterA:1/3 [...]
-./afl-fuzz -i testcase_dir -o sync_dir -M masterB:2/3 [...]
-./afl-fuzz -i testcase_dir -o sync_dir -M masterC:3/3 [...]
+./afl-fuzz -i testcase_dir -o sync_dir -M mainA:1/3 [...]
+./afl-fuzz -i testcase_dir -o sync_dir -M mainB:2/3 [...]
+./afl-fuzz -i testcase_dir -o sync_dir -M mainC:3/3 [...]
 ```
 
-...where the first value after ':' is the sequential ID of a particular master
+...where the first value after ':' is the sequential ID of a particular main
 instance (starting at 1), and the second value is the total number of fuzzers to
 distribute the deterministic fuzzing across. Note that if you boot up fewer
 fuzzers than indicated by the second number passed to -M, you may end up with
@@ -168,7 +168,7 @@ to keep in mind:
     This arrangement would allow test interesting cases to propagate across
     the fleet without having to copy every fuzzer queue to every single host.
 
-  - You do not want a "master" instance of afl-fuzz on every system; you should
+  - You do not want a "main" instance of afl-fuzz on every system; you should
     run them all with -S, and just designate a single process somewhere within
     the fleet to run with -M.
 
@@ -185,10 +185,10 @@ also basic machine-readable information always written to the fuzzer_stats file
 in the output directory. Locally, that information can be interpreted with
 afl-whatsup.
 
-In principle, you can use the status screen of the master (-M) instance to
+In principle, you can use the status screen of the main (-M) instance to
 monitor the overall fuzzing progress and decide when to stop. In this
 mode, the most important signal is just that no new paths are being found
-for a longer while. If you do not have a master instance, just pick any
+for a longer while. If you do not have a main instance, just pick any
 single secondary instance to watch and go by that.
 
 You can also rely on that instance's output directory to collect the
@@ -197,7 +197,7 @@ within the fleet. Secondary (-S) instances do not require any special
 monitoring, other than just making sure that they are up.
 
 Keep in mind that crashing inputs are *not* automatically propagated to the
-master instance, so you may still want to monitor for crashes fleet-wide
+main instance, so you may still want to monitor for crashes fleet-wide
 from within your synchronization or health checking scripts (see afl-whatsup).
 
 ## 5) Asymmetric setups

docs/power_schedules.md

@@ -25,7 +25,7 @@ where *α(i)* is the performance score that AFL uses to compute for the seed inp
 
 More details can be found in the paper that was accepted at the [23rd ACM Conference on Computer and Communications Security (CCS'16)](https://www.sigsac.org/ccs/CCS2016/accepted-papers/).
 
-PS: In parallel mode (several instances with shared queue), we suggest to run the master using the exploit schedule (-p exploit) and the slaves with a combination of cut-off-exponential (-p coe), exponential (-p fast; default), and explore (-p explore) schedules. In single mode, the default settings will do. **EDIT:** In parallel mode, AFLFast seems to perform poorly because the path probability estimates are incorrect for the imported seeds. Pull requests to fix this issue by syncing the estimates accross instances are appreciated :)
+PS: In parallel mode (several instances with shared queue), we suggest to run the main node using the exploit schedule (-p exploit) and the secondary nodes with a combination of cut-off-exponential (-p coe), exponential (-p fast; default), and explore (-p explore) schedules. In single mode, the default settings will do. **EDIT:** In parallel mode, AFLFast seems to perform poorly because the path probability estimates are incorrect for the imported seeds. Pull requests to fix this issue by syncing the estimates across instances are appreciated :)
 
 Copyright 2013, 2014, 2015, 2016 Google Inc. All rights reserved.
 Released under terms and conditions of Apache License, Version 2.0.

docs/status_screen.md

@@ -33,7 +33,7 @@ The top line shows you which mode afl-fuzz is running in
 (normal: "american fuzy lop", crash exploration mode: "peruvian rabbit mode")
 and the version of afl++.
 Next to the version is the banner, which, if not set with -T by hand, will
-either show the binary name being fuzzed, or the -M/-S master/slave name for
+either show the binary name being fuzzed, or the -M/-S main/secondary name for
 parallel fuzzing.
 Finally, the last item is the power schedule mode being run (default: explore).
 
@@ -404,7 +404,7 @@ directory. This includes:
   - `var_byte_count`    - how many edges are non-deterministic
   - `afl_banner`        - banner text (e.g. the target name)
   - `afl_version`       - the version of afl used
-  - `target_mode`       - default, persistent, qemu, unicorn, dumb
+  - `target_mode`       - default, persistent, qemu, unicorn, non-instrumented
   - `command_line`      - full command line used for the fuzzing session
 
 Most of these map directly to the UI elements discussed earlier on.

gcc_plugin/README.md

@@ -71,7 +71,7 @@ reports to <[email protected]>.
 ## 4) Bonus feature #1: deferred initialization
 
 AFL tries to optimize performance by executing the targeted binary just once,
-stopping it just before main(), and then cloning this "master" process to get
+stopping it just before main(), and then cloning this "main" process to get
 a steady supply of targets to fuzz.
 
 Although this approach eliminates much of the OS-, linker- and libc-level

include/afl-fuzz.h

@@ -408,8 +408,8 @@ typedef struct afl_state {
       debug,                            /* Debug mode                       */
       custom_only,                      /* Custom mutator only mode         */
       python_only,                      /* Python-only mode                 */
-      is_master,                        /* if this is a master              */
-      is_slave;                         /* if this is a slave               */
+      is_main_node,                     /* if this is the main node         */
+      is_secondary_node;                /* if this is a secondary instance  */
 
   u32 stats_update_freq;                /* Stats update frequency (execs)   */
 
@@ -421,7 +421,7 @@ typedef struct afl_state {
 
   u8 skip_deterministic,                /* Skip deterministic stages?       */
       use_splicing,                     /* Recombine input files?           */
-      dumb_mode,                        /* Run in non-instrumented mode?    */
+      non_instrumented_mode,            /* Run in non-instrumented mode?    */
       score_changed,                    /* Scoring for favorites changed?   */
       resuming_fuzz,                    /* Resuming an older fuzzing job?   */
       timeout_given,                    /* Specific timeout given?          */
@@ -503,7 +503,7 @@ typedef struct afl_state {
   s32 stage_cur, stage_max;             /* Stage progression                */
   s32 splicing_with;                    /* Splicing with which test case?   */
 
-  u32 master_id, master_max;            /* Master instance job splitting    */
+  u32 main_node_id, main_node_max;      /*   Main instance job splitting    */
 
   u32 syncing_case;                     /* Syncing with case #...           */
 
@@ -916,7 +916,7 @@ u32    find_start_position(afl_state_t *);
 void   find_timeout(afl_state_t *);
 double get_runnable_processes(void);
 void   nuke_resume_dir(afl_state_t *);
-int    check_master_exists(afl_state_t *);
+int    check_main_node_exists(afl_state_t *);
 void   setup_dirs_fds(afl_state_t *);
 void   setup_cmdline_file(afl_state_t *, char **);
 void   setup_stdio_file(afl_state_t *);

include/sharedmem.h

@@ -53,7 +53,7 @@ typedef struct sharedmem {
 
 } sharedmem_t;
 
-u8 * afl_shm_init(sharedmem_t *, size_t, unsigned char dumb_mode);
+u8 * afl_shm_init(sharedmem_t *, size_t, unsigned char non_instrumented_mode);
 void afl_shm_deinit(sharedmem_t *);
 
 #endif

llvm_mode/README.persistent_mode.md

@@ -55,7 +55,7 @@ The speed increase is usually x10 to x20.
 ## 3) deferred initialization
 
 AFL tries to optimize performance by executing the targeted binary just once,
-stopping it just before main(), and then cloning this "master" process to get
+stopping it just before main(), and then cloning this "main" process to get
 a steady supply of targets to fuzz.
 
 Although this approach eliminates much of the OS-, linker- and libc-level

llvm_mode/afl-llvm-rt.o.c

@@ -425,7 +425,7 @@ static void __afl_start_snapshots(void) {
 
     } else {
 
-      // uh this forkserver master does not understand extended option passing
+      // uh this forkserver does not understand extended option passing
       // or does not want the dictionary
       if (!__afl_fuzz_ptr) already_read_first = 1;
 
@@ -627,7 +627,7 @@ static void __afl_start_forkserver(void) {
 
     } else {
 
-      // uh this forkserver master does not understand extended option passing
+      // uh this forkserver does not understand extended option passing
       // or does not want the dictionary
       if (!__afl_fuzz_ptr) already_read_first = 1;
 

qemu_mode/patches/afl-qemu-tcg-runtime-inl.h

@@ -215,7 +215,7 @@ void HELPER(afl_cmplog_rtn)(CPUArchState *env) {
 
 #else
 
-  // dumb code to make it compile
+  // stupid code to make it compile
   void *ptr1 = NULL;
   void *ptr2 = NULL;
   return;

src/afl-common.c

@@ -253,7 +253,7 @@ char **get_qemu_argv(u8 *own_loc, u8 **target_path_p, int argc, char **argv) {
        "binaries that are\n"
        "    instrumented at compile time with afl-gcc. It is also possible to "
        "use it as a\n"
-       "    traditional \"dumb\" fuzzer by specifying '-n' in the command "
+       "    traditional non-instrumented fuzzer by specifying '-n' in the command "
        "line.\n");
 
   FATAL("Failed to locate 'afl-qemu-trace'.");
@@ -353,7 +353,7 @@ char **get_wine_argv(u8 *own_loc, u8 **target_path_p, int argc, char **argv) {
        "binaries that are\n"
        "    instrumented at compile time with afl-gcc. It is also possible to "
        "use it as a\n"
-       "    traditional \"dumb\" fuzzer by specifying '-n' in the command "
+       "    traditional non-instrumented fuzzer by specifying '-n' in the command "
        "line.\n",
        ncp);
 

src/afl-forkserver.c

@@ -167,7 +167,7 @@ static u32 read_s32_timed(s32 fd, s32 *buf, u32 timeout_ms,
 
 }
 
-/* Internal forkserver for dumb_mode=1 and non-forkserver mode runs.
+/* Internal forkserver for non_instrumented_mode=1 and non-forkserver mode runs.
   It execvs for each fork, forwarding exit codes and child pids to afl. */
 
 static void afl_fauxsrv_execv(afl_forkserver_t *fsrv, char **argv) {

src/afl-fuzz-bitmap.c

@@ -623,14 +623,14 @@ u8 save_if_interesting(afl_state_t *afl, void *mem, u32 len, u8 fault) {
 
       /* Timeouts are not very interesting, but we're still obliged to keep
          a handful of samples. We use the presence of new bits in the
-         hang-specific bitmap as a signal of uniqueness. In "dumb" mode, we
-         just keep everything. */
+         hang-specific bitmap as a signal of uniqueness. In "non-instrumented"
+         mode, we just keep everything. */
 
       ++afl->total_tmouts;
 
       if (afl->unique_hangs >= KEEP_UNIQUE_HANG) { return keeping; }
 
-      if (likely(!afl->dumb_mode)) {
+      if (likely(!afl->non_instrumented_mode)) {
 
 #ifdef WORD_SIZE_64
         simplify_trace(afl, (u64 *)afl->fsrv.trace_bits);
@@ -698,7 +698,7 @@ u8 save_if_interesting(afl_state_t *afl, void *mem, u32 len, u8 fault) {
 
       if (afl->unique_crashes >= KEEP_UNIQUE_CRASH) { return keeping; }
 
-      if (likely(!afl->dumb_mode)) {
+      if (likely(!afl->non_instrumented_mode)) {
 
 #ifdef WORD_SIZE_64
         simplify_trace(afl, (u64 *)afl->fsrv.trace_bits);