docs

author: vanhauser-thc <vh@thc.org> 2023-05-01 08:55:37 +0200
committer: vanhauser-thc <vh@thc.org> 2023-05-01 08:55:37 +0200
commit: fcab3ec99026e92b688a69de476a0763942a9d67 (patch)
tree: ecce5db65912995bfec76df8ec1df6587f8956b3 /docs/FAQ.md
parent: 9065d4ba86ecdafeade50e5235ee1e99f4179692 (diff)
download: afl++-fcab3ec99026e92b688a69de476a0763942a9d67.tar.gz
1 files changed, 8 insertions, 0 deletions
diff --git a/docs/FAQ.md b/docs/FAQ.md
index 76350c79..8178db46 100644
--- a/docs/FAQ.md
+++ b/docs/FAQ.md
@@ -171,6 +171,14 @@ If you find an interesting or important question missing, submit it via
   The more "unstable" edges there are, the harder it is for AFL++ to identify
   valid new paths.
 
+  If you fuzz in persistent mode (`AFL_LOOP` or `LLVMFuzzerTestOneInput()`
+  harnesses, a large number of unstable edges can mean that the target keeps
+  internal state and therefore it is possible that crashes cannot be replayed.
+  In such a case do either **not** fuzz in persistent mode (remove `AFL_LOOP()`
+  from your harness or call `LLVMFuzzerTestOneInput()` harnesses with `@@`),
+  or set a low  `AFL_LOOP` value, e.g. 100, and enable `AFL_PERSISTENT_RECORD`
+  in `config.h` with the same value.
+
   A value above 90% is usually fine and a value above 80% is also still ok, and
   even a value above 20% can still result in successful finds of bugs. However,
   it is recommended that for values below 90% or 80% you should take
author	vanhauser-thc <vh@thc.org>	2023-05-01 08:55:37 +0200
committer	vanhauser-thc <vh@thc.org>	2023-05-01 08:55:37 +0200
commit	fcab3ec99026e92b688a69de476a0763942a9d67 (patch)
tree	ecce5db65912995bfec76df8ec1df6587f8956b3 /docs/FAQ.md
parent	9065d4ba86ecdafeade50e5235ee1e99f4179692 (diff)
download	afl++-fcab3ec99026e92b688a69de476a0763942a9d67.tar.gz