less executions on variable paths

3 files changed, 5 insertions, 3 deletions

diff --git a/docs/Changelog.md b/docs/Changelog.md
index dfd5c393..33d37067 100644
--- a/docs/Changelog.md
+++ b/docs/Changelog.md
@@ -35,6 +35,8 @@ sending a mail to <afl-users+subscribe@googlegroups.com>.
       afl++ ignores these and uses them for splicing instead.
     - added AFL_EXIT_ON_TIME env that will make afl-fuzz exit fuzzing after
       no new paths have been found for n seconds
+    - when AFL_FAST_CAL is set a variable path will no be calibrated 8 times
+      instead of 40
   - afl-cc:
     - We do not support llvm versions prior 6.0 anymore
     - Fix for -pie compiled binaries with default afl-clang-fast PCGUARD
diff --git a/include/config.h b/include/config.h
index aa24ea6c..80cdb684 100644
--- a/include/config.h
+++ b/include/config.h
@@ -154,7 +154,7 @@
    cases that show variable behavior): */
 
 #define CAL_CYCLES 8U
-#define CAL_CYCLES_LONG 40U
+#define CAL_CYCLES_LONG 20U
 
 /* Number of subsequent timeouts before abandoning an input file: */
 
@@ -163,7 +163,7 @@
 /* Maximum number of unique hangs or crashes to record: */
 
 #define KEEP_UNIQUE_HANG 500U
-#define KEEP_UNIQUE_CRASH 5000U
+#define KEEP_UNIQUE_CRASH 10000U
 
 /* Baseline number of random tweaks during a single 'havoc' stage: */
 
diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c
index 6e5210b8..5a481639 100644
--- a/src/afl-fuzz-run.c
+++ b/src/afl-fuzz-run.c
@@ -410,7 +410,7 @@ u8 calibrate_case(afl_state_t *afl, struct queue_entry *q, u8 *use_mem,
         }
 
         var_detected = 1;
-        afl->stage_max = CAL_CYCLES_LONG;
+        afl->stage_max = afl->fast_cal ? CAL_CYCLES : CAL_CYCLES_LONG;
 
       } else {