about summary refs log tree commit diff
diff options
context:
space:
mode:
authorvan Hauser <vh@thc.org>2020-09-10 08:54:57 +0200
committervan Hauser <vh@thc.org>2020-09-10 08:54:57 +0200
commitfdb0452245672db94be0832288f1335e905a2fc8 (patch)
tree8bbac9c1a645eb9895efcb9b32fe7413321b66ad
parent454a860020048c5531f518b5691c92949bdc8017 (diff)
downloadafl++-fdb0452245672db94be0832288f1335e905a2fc8.tar.gz
update documentation
Diffstat
-rw-r--r--README.md12


-rw-r--r--instrumentation/README.gcc_plugin.md11


2 files changed, 16 insertions, 7 deletions
diff --git a/README.md b/README.md
index fb59835c..2fc9d807 100644
--- a/README.md
+++ b/README.md
@@ -41,7 +41,7 @@ behaviours:
   * When instrumenting targets, afl-cc will not supersede optimizations. This
     allows to fuzz targets as same as they are built for debug or release.
   * afl-fuzz' `-i` option now descends into subdirectories.
-  * afl-fuzz will skip over empty dictionaries and too large test cases instead
+  * afl-fuzz will skip over empty dictionaries and too-large test cases instead
     of failing.
 
 ## Contents
@@ -63,20 +63,20 @@ behaviours:
 
   | Feature/Instrumentation  | afl-gcc | llvm      | gcc_plugin | qemu_mode        | unicorn_mode |
   | -------------------------|:-------:|:---------:|:----------:|:----------------:|:------------:|
-  | NeverZero                | x86[_64]|     x(1)  |      (2)   |         x        |       x      |
+  | NeverZero                | x86[_64]|     x(1)  |     x      |         x        |       x      |
   | Persistent Mode          |         |     x     |     x      | x86[_64]/arm[64] |       x      |
   | LAF-Intel / CompCov      |         |     x     |            | x86[_64]/arm[64] | x86[_64]/arm |
   | CmpLog                   |         |     x     |            | x86[_64]/arm[64] |              |
-  | Selective Instrumentation|         |     x     |     x      |        (x)(3)    |              |
+  | Selective Instrumentation|         |     x     |     x      |         x        |              |
   | Non-Colliding Coverage   |         |     x(4)  |            |        (x)(5)    |              |
   | Ngram prev_loc Coverage  |         |     x(6)  |            |                  |              |
   | Context Coverage         |         |     x(6)  |            |                  |              |
   | Auto Dictionary          |         |     x(7)  |            |                  |              |
-  | Snapshot LKM Support     |         |     x     |            |        (x)(5)    |              |
+  | Snapshot LKM Support     |         |     x     |     x      |        (x)(5)    |              |
 
   1. default for LLVM >= 9.0, env var for older version due an efficiency bug in llvm <= 8
   2. GCC creates non-performant code, hence it is disabled in gcc_plugin
-  3. partially via AFL_CODE_START/AFL_CODE_END
+  3. (currently unassigned)
   4. with pcguard mode and LTO mode for LLVM >= 11
   5. upcoming, development in the branch
   6. not compatible with LTO instrumentation and needs at least LLVM >= 4.1
@@ -92,8 +92,6 @@ behaviours:
   * AFLfast's power schedules by Marcel Böhme: [https://github.com/mboehme/aflfast](https://github.com/mboehme/aflfast)
   * The MOpt mutator: [https://github.com/puppet-meteor/MOpt-AFL](https://github.com/puppet-meteor/MOpt-AFL)
   * LLVM mode Ngram coverage by Adrian Herrera [https://github.com/adrianherrera/afl-ngram-pass](https://github.com/adrianherrera/afl-ngram-pass)
-  * C. Holler's afl-fuzz Python mutator module: [https://github.com/choller/afl](https://github.com/choller/afl)
-  * Custom mutator by a library (instead of Python) by kyakdan
   * LAF-Intel/CompCov support for instrumentation, qemu_mode and unicorn_mode (with enhanced capabilities)
   * Radamsa and honggfuzz mutators (as custom mutators).
   * QBDI mode to fuzz android native libraries via Quarkslab's [QBDI](https://github.com/QBDI/QBDI) framework
diff --git a/instrumentation/README.gcc_plugin.md b/instrumentation/README.gcc_plugin.md
index 53519b90..919801d1 100644
--- a/instrumentation/README.gcc_plugin.md
+++ b/instrumentation/README.gcc_plugin.md
@@ -3,6 +3,13 @@
 See [../README.md](../README.md) for the general instruction manual.
 See [README.llvm.md](README.llvm.md) for the LLVM-based instrumentation.
 
+TLDR:
+  * `apt-get install gcc-VERSION-plugin-dev`
+  * `make`
+  * gcc and g++ must point to the gcc-VERSION you you have to set AFL_CC/AFL_CXX
+    to point to these!
+  * just use afl-gcc-fast/afl-g++-fast normally like you would afl-clang-fast
+
 ## 1) Introduction
 
 The code in this directory allows you to instrument programs for AFL using
@@ -40,8 +47,12 @@ installing the `gcc-VERSION-plugin-dev` packages.
 
 To build the instrumentation itself, type 'make'. This will generate binaries
 called afl-gcc-fast and afl-g++-fast in the parent directory. 
+
+The gcc and g++ compiler links have to point to gcc-VERSION - or set these
+by pointing the environment variables AFL_CC/AFL_CXX to them.
 If the CC/CXX have been overridden, those compilers will be used from
 those wrappers without using AFL_CXX/AFL_CC settings.
+
 Once this is done, you can instrument third-party code in a way similar to the
 standard operating mode of AFL, e.g.:
 

 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-05-14 19:06:38 +0000