From cc3d4d19e5be1a981556add62f6a40917329f212 Mon Sep 17 00:00:00 2001
From: Daniil Kutz <kutz@ispras.ru>
Date: Wed, 12 Apr 2023 13:06:16 +0300
Subject: [PATCH] Support exit_on_time option: issue #399

Stop fuzzing if no coverage was found for a certain amount of time
---
 cmdline.c   | 4 ++++
 honggfuzz.c | 5 +++++
 honggfuzz.h | 1 +
 3 files changed, 10 insertions(+)

diff --git a/cmdline.c b/cmdline.c
index ab4044a97..54c0193c4 100644
--- a/cmdline.c
+++ b/cmdline.c
@@ -500,6 +500,7 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) {
         { { "pprocess_cmd", required_argument, NULL, 0x111 }, "External command postprocessing files produced by internal mutators" },
         { { "ffmutate_cmd", required_argument, NULL, 0x110 }, "External command mutating files which have effective coverage feedback" },
         { { "run_time", required_argument, NULL, 0x109 }, "Number of seconds this fuzzing session will last (default: 0 [no limit])" },
+        { { "exit_on_time", required_argument, NULL, 0x10A }, "Stop fuzzing session if no new coverage was found for this number of seconds (default: 0 [no limit])" },
         { { "iterations", required_argument, NULL, 'N' }, "Number of fuzzing iterations (default: 0 [no limit])" },
         { { "rlimit_as", required_argument, NULL, 0x100 }, "Per process RLIMIT_AS in MiB (default: 0 [default limit])" },
         { { "rlimit_rss", required_argument, NULL, 0x101 }, "Per process RLIMIT_RSS in MiB (default: 0 [default limit]). It will also set *SAN's soft_rss_limit_mb" },
@@ -688,6 +689,9 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) {
                     hfuzz->timing.runEndTime = time(NULL) + p;
                 }
             } break;
+            case 0x10A:
+                hfuzz->timing.exitOnTime = atol(optarg);
+                break;
             case 'N':
                 hfuzz->mutate.mutationsMax = atol(optarg);
                 break;
diff --git a/honggfuzz.c b/honggfuzz.c
index 0d8dbb7b3..bba5703ca 100644
--- a/honggfuzz.c
+++ b/honggfuzz.c
@@ -282,6 +282,11 @@ static uint8_t mainThreadLoop(honggfuzz_t* hfuzz) {
             LOG_I("Maximum run time reached, terminating");
             break;
         }
+        if (hfuzz->timing.exitOnTime > 0 &&
+                time(NULL) - ATOMIC_GET(hfuzz->timing.lastCovUpdate) > hfuzz->timing.exitOnTime) {
+            LOG_I("No new coverage was found for the last %ld seconds, terminating", hfuzz->timing.exitOnTime);
+            break;
+        }
         pingThreads(hfuzz);
         pause();
     }
diff --git a/honggfuzz.h b/honggfuzz.h
index 214926540..ef8dced79 100644
--- a/honggfuzz.h
+++ b/honggfuzz.h
@@ -243,6 +243,7 @@ typedef struct {
         time_t  runEndTime;
         time_t  tmOut;
         time_t  lastCovUpdate;
+        time_t  exitOnTime;
         int64_t timeOfLongestUnitUSecs;
         bool    tmoutVTALRM;
     } timing;