doc

author: vanhauser-thc <vh@thc.org> 2021-11-10 11:33:49 +0100
committer: vanhauser-thc <vh@thc.org> 2021-11-10 11:33:49 +0100
commit: b47344e8f7b92c2501262e132b8459f01e89147e (patch)
tree: b8518a05191e33a1397b4ebe0c013fde2c77fa35
parent: 6570327c2b7be5a8e6f8c396ae9de343ef15a414 (diff)
download: afl++-b47344e8f7b92c2501262e132b8459f01e89147e.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/docs/fuzzing_expert.md b/docs/fuzzing_expert.md
index 44ebade4..876c5fbb 100644
--- a/docs/fuzzing_expert.md
+++ b/docs/fuzzing_expert.md
@@ -87,8 +87,8 @@ The following options are available when you instrument with LTO mode (afl-clang
    transform input data before comparison. Therefore this technique is called
    `input to state` or `redqueen`.
    If you want to use this technique, then you have to compile the target
-   twice, once specifically with/for this mode, and pass this binary to afl-fuzz
-   via the `-c` parameter.
+   twice, once specifically with/for this mode by setting `AFL_LLVM_CMPLOG=1`,
+   and pass this binary to afl-fuzz via the `-c` parameter.
    Note that you can compile also just a cmplog binary and use that for both
    however there will be a performance penality.
    You can read more about this in [instrumentation/README.cmplog.md](../instrumentation/README.cmplog.md)
author	vanhauser-thc <vh@thc.org>	2021-11-10 11:33:49 +0100
committer	vanhauser-thc <vh@thc.org>	2021-11-10 11:33:49 +0100
commit	b47344e8f7b92c2501262e132b8459f01e89147e (patch)
tree	b8518a05191e33a1397b4ebe0c013fde2c77fa35
parent	6570327c2b7be5a8e6f8c396ae9de343ef15a414 (diff)
download	afl++-b47344e8f7b92c2501262e132b8459f01e89147e.tar.gz