From 1e30c3a941bb10658a0d0b7c07d62e5b011d12b9 Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Sat, 7 Mar 2020 03:37:32 +0100 Subject: afl-tmin hang mode added --- docs/Changelog.md | 2 ++ docs/technical_details.md | 5 +++-- 2 files changed, 5 insertions(+), 2 deletions(-) (limited to 'docs') diff --git a/docs/Changelog.md b/docs/Changelog.md index d5c2a279..57a78691 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -16,6 +16,8 @@ sending a mail to . - afl-fuzz basic tools now report on the environment variables picked up - more tools get environment variable usage info in the help output - AFL_AUTORESUME will resume execution without the need to specify `-i -` + - afl-tmin now supports hang mode `-H` to minimize hangs + - fixed potential afl-tmin missbehavior for targets with multiple hangs ### Version ++2.62c (release): diff --git a/docs/technical_details.md b/docs/technical_details.md index 996bf162..a0453c91 100644 --- a/docs/technical_details.md +++ b/docs/technical_details.md @@ -286,8 +286,9 @@ operation of `afl-tmin` is as follows. First, the tool automatically selects the operating mode. If the initial input crashes the target binary, afl-tmin will run in non-instrumented mode, simply -keeping any tweaks that produce a simpler file but still crash the target. If -the target is non-crashing, the tool uses an instrumented mode and keeps only +keeping any tweaks that produce a simpler file but still crash the target. +The same mode is used for hangs, if `-H` (hang mode) is specified. +If the target is non-crashing, the tool uses an instrumented mode and keeps only the tweaks that produce exactly the same execution path. The actual minimization algorithm is: -- cgit 1.4.1