On startup, tracing starts before any call to afl_setup to consume environment variables and configure the results of afl_must_instrument...

main
cpu_loop
cpu_exec
tb_gen_code
afl_gen_trace <-- `afl_must_instrument` called here to determine if a range should be instrumented.

The flow to afl_setup is...

main
cpu_loop
cpu_exec
tb_gen_code
gen_intermediate_code
translator_loop <-- In here, `afl_setup` is only called if `db->pc_next == afl_entry_point`. Hence it's delayed quite a bit.
afl_setup

This means that any code which is executed prior to AFL_ENTRYPOINT will be instrumented irrespective of the configuration of the environment variables. This results in unstable edges being reported even when the code is excluded from instrumentation and will also result in an overhead in execution as well as pollution of the coverage map.

Proposed fix: #36