diff options
| author | vanhauser-thc <vh@thc.org> | 2024-10-14 09:45:59 +0200 |
|---|---|---|
| committer | vanhauser-thc <vh@thc.org> | 2024-10-14 09:45:59 +0200 |
| commit | b3d16f7b8c19c3fb06cdbb2ef8df977b6b674b59 (patch) | |
| tree | 9ea6b20e249f08b374aca7094f789b4c65f8a4cd | |
| parent | c0837409bd50b6d14789c0415d8e49406f9a2509 (diff) | |
| download | afl++-b3d16f7b8c19c3fb06cdbb2ef8df977b6b674b59.tar.gz | |
update how AFL_EXIT_WHEN_DONE and colors of cycles done are working
| -rw-r--r-- | docs/env_variables.md | 5 | ||||
| -rw-r--r-- | src/afl-fuzz-stats.c | 28 |
2 files changed, 8 insertions, 25 deletions
diff --git a/docs/env_variables.md b/docs/env_variables.md index 3db46b36..ef67abec 100644 --- a/docs/env_variables.md +++ b/docs/env_variables.md @@ -424,9 +424,8 @@ checks or alter some of the more exotic semantics of the tool: types of automated jobs. - `AFL_EXIT_WHEN_DONE` causes afl-fuzz to terminate when all existing paths - have been fuzzed and there were no new finds for a while. This would be - normally indicated by the cycle counter in the UI turning green. May be - convenient for some types of automated jobs. + have been fuzzed and there were no new finds for a while. This is basically + when the fuzzing state says `state: finished` - Setting `AFL_EXPAND_HAVOC_NOW` will start in the extended havoc mode that includes costly mutations. afl-fuzz automatically enables this mode when diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c index a7465330..e0127e54 100644 --- a/src/afl-fuzz-stats.c +++ b/src/afl-fuzz-stats.c @@ -56,6 +56,8 @@ char *get_fuzzing_state(afl_state_t *afl) { if (unlikely(percent_cur >= 80 && percent_total >= 80)) { + if (unlikely(afl->afl_env.afl_exit_when_done)) { afl->stop_soon = 2; } + return fuzzing_state[3]; } else if (unlikely(percent_cur >= 55 && percent_total >= 55)) { @@ -822,15 +824,6 @@ void show_stats_normal(afl_state_t *afl) { } - /* Honor AFL_EXIT_WHEN_DONE and AFL_BENCH_UNTIL_CRASH. */ - - if (unlikely(!afl->non_instrumented_mode && afl->cycles_wo_finds > 100 && - !afl->pending_not_fuzzed && afl->afl_env.afl_exit_when_done)) { - - afl->stop_soon = 2; - - } - /* AFL_EXIT_ON_TIME. */ /* If no coverage was found yet, check whether run time is greater than @@ -998,14 +991,14 @@ void show_stats_normal(afl_state_t *afl) { } else /* Subsequent cycles, but we're still making finds. */ - if (afl->cycles_wo_finds < 25 || min_wo_finds < 30) { + if (afl->cycles_wo_finds < 2 || min_wo_finds <= 30) { strcpy(tmp, cYEL); } else /* No finds for a long time and no test cases to try. */ - if (afl->cycles_wo_finds > 100 && !afl->pending_not_fuzzed && + if (afl->cycles_wo_finds > 1 && !afl->pending_not_fuzzed && min_wo_finds > 120) { strcpy(tmp, cLGN); @@ -1656,15 +1649,6 @@ void show_stats_pizza(afl_state_t *afl) { } - /* Honor AFL_EXIT_WHEN_DONE and AFL_BENCH_UNTIL_CRASH. */ - - if (unlikely(!afl->non_instrumented_mode && afl->cycles_wo_finds > 100 && - !afl->pending_not_fuzzed && afl->afl_env.afl_exit_when_done)) { - - afl->stop_soon = 2; - - } - /* AFL_EXIT_ON_TIME. */ /* If no coverage was found yet, check whether run time is greater than @@ -1813,14 +1797,14 @@ void show_stats_pizza(afl_state_t *afl) { } else /* Subsequent cycles, but we're still making finds. */ - if (afl->cycles_wo_finds < 25 || min_wo_finds < 30) { + if (afl->cycles_wo_finds < 2 || min_wo_finds <= 30) { strcpy(tmp, cYEL); } else /* No finds for a long time and no test cases to try. */ - if (afl->cycles_wo_finds > 100 && !afl->pending_not_fuzzed && + if (afl->cycles_wo_finds > 1 && !afl->pending_not_fuzzed && min_wo_finds > 120) { strcpy(tmp, cLGN); |