fuzz until first solution

fuzzers/wcet_qemu_sys/src/bin/fuzzer.rs

@@ -507,7 +507,7 @@ fn fuzz(
     }
 
     fuzzer
-        .fuzz_loop(&mut stages, &mut executor, &mut state, &mut mgr)
+        .fuzz_for_solution(&mut stages, &mut executor, &mut state, &mut mgr)
         .expect("Error in the fuzzing loop");
 
     // Never reached

libafl/src/fuzzer/mod.rs

@@ -150,7 +150,7 @@ pub trait Fuzzer<E, EM, I, S, ST>
 where
     I: Input,
     EM: ProgressReporter<I>,
-    S: HasExecutions + HasClientPerfMonitor,
+    S: HasExecutions + HasClientPerfMonitor + HasSolutions<I>,
 {
     /// Fuzz for a single iteration
     /// Returns the index of the last fuzzed corpus item
@@ -182,6 +182,26 @@ where
         }
     }
 
+    /// Fuzz until the first solution.
+    fn fuzz_for_solution(
+        &mut self,
+        stages: &mut ST,
+        executor: &mut E,
+        state: &mut S,
+        manager: &mut EM,
+    ) -> Result<usize, Error> {
+        let mut last = current_time();
+        let monitor_timeout = STATS_TIMEOUT_DEFAULT;
+        let mut done = false;
+        let mut tiem = 0;
+        while !done {
+            self.fuzz_one(stages, executor, state, manager)?;
+            last = manager.maybe_report_progress(state, last, monitor_timeout)?;
+            done = state.solutions().count() > 1;
+        }
+        return Ok(0);
+    }
+
     /// Fuzz for n iterations
     /// Returns the index of the last fuzzed corpus item
     ///
@@ -513,7 +533,7 @@ where
     EM: EventManager<E, I, S, Self>,
     F: Feedback<I, S>,
     I: Input,
-    S: HasClientPerfMonitor + HasExecutions,
+    S: HasClientPerfMonitor + HasExecutions + HasSolutions<I>,
     OF: Feedback<I, S>,
     ST: StagesTuple<E, EM, S, Self>,
 {