diff options
| author | van Hauser <vh@thc.org> | 2019-07-16 21:05:50 +0200 |
|---|---|---|
| committer | van Hauser <vh@thc.org> | 2019-07-16 21:05:50 +0200 |
| commit | 80c98f4d0c31d857ff1112369d0a5ff0854e0923 (patch) | |
| tree | c6c63a232e082f6ab6586e28cc5ec0f20781df12 | |
| parent | da372335bfd85110dcf33bf36bd834c6e611777d (diff) | |
| download | afl++-80c98f4d0c31d857ff1112369d0a5ff0854e0923.tar.gz | |
added readme
| -rw-r--r-- | llvm_mode/README.instrim | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/llvm_mode/README.instrim b/llvm_mode/README.instrim new file mode 100644 index 00000000..956a9856 --- /dev/null +++ b/llvm_mode/README.instrim @@ -0,0 +1,26 @@ +# InsTrim +InsTrim: Lightweight Instrumentation for Coverage-guided Fuzzing + + +## Introduction + +InsTrim uses CFG and markers to instrument just what is necessary in the +binary in llvm_mode. It is about 20-25% faster but as a cost has a lower +path discovery. + + +## Usage + +Set the environment variable AFL_LLVM_INSTRIM=1 + +There is also an advanced mode which instruments loops in a way so that +afl-fuzz can see which loop path has been selected but not being able to +see how often the loop has been rerun. +This again is a tradeoff for speed for less path information. +To enable this mode set AFL_LLVM_INSTRIM_LOOPHEAD=1 + + +## Background + +The paper: [InsTrim: Lightweight Instrumentation for Coverage-guided Fuzzing] +(https://www.ndss-symposium.org/wp-content/uploads/2018/07/bar2018_14_Hsu_paper.pdf) |