third_party/afl/src/afl-fuzz.c - Issue 2252273004: Roll AFL 2.30b..2.31b

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: third_party/afl/src/afl-fuzz.c

Issue 2252273004: Roll AFL 2.30b..2.31b (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Remove vuln_samples changes. Created 4 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: third_party/afl/src/afl-fuzz.c

diff --git a/third_party/afl/src/afl-fuzz.c b/third_party/afl/src/afl-fuzz.c

index 5ca8c8f02b8f7f3d0a18d3c560f5fd5f895640c9..c113f19e04b7bf044d753aa1c99efbce291d19fc 100644

--- a/third_party/afl/src/afl-fuzz.c

+++ b/third_party/afl/src/afl-fuzz.c

@@ -3906,7 +3906,7 @@ static void show_stats(void) {

/* Honor AFL_EXIT_WHEN_DONE and AFL_BENCH_UNTIL_CRASH. */

- if (!dumb_mode && cycles_wo_finds > 20 && !pending_not_fuzzed &&

+ if (!dumb_mode && cycles_wo_finds > 50 && !pending_not_fuzzed &&

getenv("AFL_EXIT_WHEN_DONE")) stop_soon = 2;

if (total_crashes && getenv("AFL_BENCH_UNTIL_CRASH")) stop_soon = 2;

@@ -3980,10 +3980,10 @@ static void show_stats(void) {

if (queue_cycle == 1) strcpy(tmp, cMGN); else

/* Subsequent cycles, but we're still making finds. */

- if (cycles_wo_finds < 3) strcpy(tmp, cYEL); else

+ if (cycles_wo_finds < 5) strcpy(tmp, cYEL); else

/* No finds for a long time and no test cases to try. */

- if (cycles_wo_finds > 20 && !pending_not_fuzzed) strcpy(tmp, cLGN);

+ if (cycles_wo_finds > 50 && !pending_not_fuzzed) strcpy(tmp, cLGN);

/* Default: cautiously OK to stop? */

else strcpy(tmp, cLBL);

@@ -4881,7 +4881,7 @@ static u8 fuzz_one(char** argv) {

u64 havoc_queued, orig_hit_cnt, new_hit_cnt;

u32 splice_cycle = 0, perf_score = 100, orig_perf, prev_cksum, eff_cnt = 1;

- u8 ret_val = 1;

+ u8 ret_val = 1, doing_det = 0;

u8 a_collect[MAX_AUTO_EXTRA];

u32 a_len = 0;

@@ -5020,6 +5020,8 @@ static u8 fuzz_one(char** argv) {

if (master_max && (queue_cur->exec_cksum % master_max) != master_id - 1)

goto havoc_stage;

+ doing_det = 1;

/*********************************************

* SIMPLE BITFLIP (+dictionary construction) *

*********************************************/

@@ -5126,8 +5128,6 @@ static u8 fuzz_one(char** argv) {

stage_finds[STAGE_FLIP1] += new_hit_cnt - orig_hit_cnt;

stage_cycles[STAGE_FLIP1] += stage_max;

- if (queue_cur->passed_det) goto havoc_stage;

/* Two walking bits. */

stage_name = "bitflip 2/1";

@@ -5990,7 +5990,8 @@ havoc_stage:

stage_name = "havoc";

stage_short = "havoc";

- stage_max = HAVOC_CYCLES * perf_score / havoc_div / 100;

+ stage_max = (doing_det ? HAVOC_CYCLES_INIT : HAVOC_CYCLES) *

+ perf_score / havoc_div / 100;

} else {

« no previous file with comments | « third_party/afl/README.chromium ('k') | third_party/afl/src/config.h » ('j') | no next file with comments »