From 5ee63a6e6267e448342ccb28cc8d3c0d34ffc1cd Mon Sep 17 00:00:00 2001 From: van Hauser Date: Wed, 14 Oct 2020 12:54:59 +0200 Subject: fix link --- README.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 4cad6b47..77696080 100644 --- a/README.md +++ b/README.md @@ -232,14 +232,14 @@ anything below 9 is not recommended. ``` +--------------------------------+ | clang/clang++ 11+ is available | --> use afl-clang-lto and afl-clang-lto++ -+--------------------------------+ see [llvm/README.lto.md](llvm/README.lto.md) ++--------------------------------+ see [llvm_mode/README.lto.md](llvm_mode/README.lto.md) | | if not, or if the target fails with afl-clang-lto/++ | v +---------------------------------+ | clang/clang++ 3.3+ is available | --> use afl-clang-fast and afl-clang-fast++ -+---------------------------------+ see [llvm/README.md](llvm/README.md) ++---------------------------------+ see [llvm_mode/README.md](llvm_mode/README.md) | | if not, or if the target fails with afl-clang-fast/++ | @@ -257,8 +257,8 @@ anything below 9 is not recommended. Clickable README links for the chosen compiler: - * [afl-clang-lto](llvm/README.lto.md) - * [afl-clang-fast](llvm/README.md) + * [afl-clang-lto](llvm_mode/README.lto.md) + * [afl-clang-fast](llvm_mode/README.md) * [afl-gcc-fast](gcc_plugin/README.md) * afl-gcc has no README as it has no features @@ -272,7 +272,7 @@ afl-clang-lto: and large input corpus. This technique is called laf-intel or COMPCOV. To use this set the following environment variable before compiling the target: `export AFL_LLVM_LAF_ALL=1` - You can read more about this in [llvm/README.laf-intel.md](llvm/README.laf-intel.md) + You can read more about this in [llvm_mode/README.laf-intel.md](llvm_mode/README.laf-intel.md) * A different technique (and usually a better than laf-intel) is to instrument the target so that any compare values in the target are sent to afl++ which then tries to put these values into the fuzzing data at different @@ -350,7 +350,7 @@ For `configure` build systems this is usually done by: Note that if you are using the (better) afl-clang-lto compiler you also have to set AR to llvm-ar[-VERSION] and RANLIB to llvm-ranlib[-VERSION] - as it is -described in [llvm/README.lto.md](llvm/README.lto.md) +described in [llvm_mode/README.lto.md](llvm_mode/README.lto.md) ##### cmake @@ -362,7 +362,7 @@ or `-DCMAKE_C_COMPILER=... DCMAKE_CPP_COMPILER=...` instead. Note that if you are using the (better) afl-clang-lto compiler you also have to set AR to llvm-ar[-VERSION] and RANLIB to llvm-ranlib[-VERSION] - as it is -described in [llvm/README.lto.md](llvm/README.lto.md) +described in [llvm_mode/README.lto.md](llvm_mode/README.lto.md) ##### other build systems or if configure/cmake didn't work -- cgit 1.4.1 From fe705bb9567341427ce1ea39d5fc6b19fdee1646 Mon Sep 17 00:00:00 2001 From: Andrea Fioraldi Date: Wed, 28 Oct 2020 14:32:53 +0100 Subject: expand havoc if not new findings in the last 5 seconds --- src/afl-fuzz-one.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index bf568c38..2e186b90 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -1884,16 +1884,22 @@ havoc_stage: u32 r_max, r; + r_max = 15 + ((afl->extras_cnt + afl->a_extras_cnt) ? 2 : 0); + if (unlikely(afl->expand_havoc)) { /* add expensive havoc cases here, they are activated after a full cycle without finds happened */ - r_max = 16 + ((afl->extras_cnt + afl->a_extras_cnt) ? 2 : 0); + r_max += 1; - } else { + } + + if (unlikely(get_cur_time() - afl->last_path_time > 5000)) { + + /* add expensive havoc cases here if there is no findings in the last 5s */ - r_max = 15 + ((afl->extras_cnt + afl->a_extras_cnt) ? 2 : 0); + r_max += 1; } -- cgit 1.4.1