about summary refs log tree commit diff
path: root/docs
diff options
context:
space:
mode:
Diffstat (limited to 'docs')
-rw-r--r--docs/Changelog.md3
-rw-r--r--docs/env_variables.md8
-rw-r--r--docs/fuzzing_in_depth.md7
-rw-r--r--docs/third_party_tools.md2
4 files changed, 16 insertions, 4 deletions
diff --git a/docs/Changelog.md b/docs/Changelog.md
index c5eb6be3..4df47645 100644
--- a/docs/Changelog.md
+++ b/docs/Changelog.md
@@ -9,6 +9,9 @@
       send fuzz data to the target as you need, e.g. via IPC.
     - cmplog mode now has -l R option for random colorization, thanks
       to guyf2010 for the PR!
+    - queue statistics are written every 30 minutes to
+      out/NAME/queue_data - likely this will be moved to a debug flag
+      in the future.
   - afl-showmap/afl-cmin
     - -t none now translates to -t 120000 (120 seconds)
   - unicorn_mode updated
diff --git a/docs/env_variables.md b/docs/env_variables.md
index d1c13e15..22a5c386 100644
--- a/docs/env_variables.md
+++ b/docs/env_variables.md
@@ -378,10 +378,10 @@ checks or alter some of the more exotic semantics of the tool:
     valid terminal was detected (for virtual consoles).
 
   - Setting `AFL_FORKSRV_INIT_TMOUT` allows you to specify a different timeout
-    to wait for the forkserver to spin up. The default is the `-t` value times
-    `FORK_WAIT_MULT` from `config.h` (usually 10), so for a `-t 100`, the
-    default would wait for `1000` milliseconds. Setting a different time here is
-    useful if the target has a very slow startup time, for example, when doing
+    to wait for the forkserver to spin up. The specified value is the new timeout, in milliseconds.
+    The default is the `-t` value times `FORK_WAIT_MULT` from `config.h` (usually 10), so for a `-t 100`, the default would wait for `1000` milliseconds.
+    The `AFL_FORKSRV_INIT_TMOUT` value does not get multiplied. It overwrites the initial timeout afl-fuzz waits for the target to come up with a constant time.
+    Setting a different time here is useful if the target has a very slow startup time, for example, when doing
     full-system fuzzing or emulation, but you don't want the actual runs to wait
     too long for timeouts.
 
diff --git a/docs/fuzzing_in_depth.md b/docs/fuzzing_in_depth.md
index a0bf1566..87f31a58 100644
--- a/docs/fuzzing_in_depth.md
+++ b/docs/fuzzing_in_depth.md
@@ -900,6 +900,13 @@ then color-codes the input based on which sections appear to be critical and
 which are not; while not bulletproof, it can often offer quick insights into
 complex file formats.
 
+`casr-afl` from [CASR](https://github.com/ispras/casr) tools provides
+comfortable triaging for crashes found by AFL++. Reports are clustered and
+contain severity and other information.
+```shell
+casr-afl -i /path/to/afl/out/dir -o /path/to/casr/out/dir
+```
+
 ## 5. CI fuzzing
 
 Some notes on continuous integration (CI) fuzzing - this fuzzing is different to
diff --git a/docs/third_party_tools.md b/docs/third_party_tools.md
index 1175d9e5..97f2c362 100644
--- a/docs/third_party_tools.md
+++ b/docs/third_party_tools.md
@@ -62,3 +62,5 @@
   generates builds of debian packages suitable for AFL.
 * [afl-fid](https://github.com/FoRTE-Research/afl-fid) - a set of tools for
   working with input data.
+* [CASR](https://github.com/ispras/casr) - a set of tools for crash triage and
+  analysis.
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-05-15 21:50:29 +0000