diff options
| author | van Hauser <vh@thc.org> | 2020-04-06 13:33:49 +0200 |
|---|---|---|
| committer | van Hauser <vh@thc.org> | 2020-04-09 10:23:37 +0200 |
| commit | ccbcb5c8d3e8cee8fbab49025429a8b7b7a4ee52 (patch) | |
| tree | 245765666a782044c6015d7c8774d89bc8eba210 /docs/env_variables.md | |
| parent | 2f172d6c5a200184ab0bf869d2cca80cad720c73 (diff) | |
| download | afl++-ccbcb5c8d3e8cee8fbab49025429a8b7b7a4ee52.tar.gz | |
added AFL_LLVM_INSTRUMENT, made USE_TRACE_PC obselete and llvm_mode Makefile fix, fixed for FUSELD (for LTO)
Diffstat (limited to 'docs/env_variables.md')
| -rw-r--r-- | docs/env_variables.md | 62 |
1 files changed, 35 insertions, 27 deletions
diff --git a/docs/env_variables.md b/docs/env_variables.md index ae283b1c..10a17a99 100644 --- a/docs/env_variables.md +++ b/docs/env_variables.md @@ -93,6 +93,17 @@ of the settings discussed in section #1, with the exception of: Then there are a few specific features that are only available in llvm_mode: +### Select the instrumentation mode + + - AFL_LLVM_INSTRUMENT - this configures the instrumentation mode. + Available options: + DEFAULT - classic AFL (map[cur_loc ^ prev_loc >> 1]++) + CFG - InsTrim instrumentation (see below) + LTO - LTO instrumentation (see below) + CTX - context sensitive instrumentation (see below) + NGRAM-x - deeper previous location coverage (from NGRAM-2 up to NGRAM-16) + Only one can be used. + ### LTO This is a different kind way of instrumentation: first it compiles all @@ -112,9 +123,32 @@ Then there are a few specific features that are only available in llvm_mode: - AFL_LLVM_LTO_DONTWRITEID prevents that the highest location ID written into the instrumentation is set in a global variable - Instrim, LTO and ngram modes can not be used together. See llvm_mode/README.LTO.md for more information. +### INSTRIM + + This feature increases the speed by ~15% without any disadvantages. + + - Setting AFL_LLVM_INSTRIM or AFL_LLVM_INSTRUMENT=CFG to activates this mode + + - Setting AFL_LLVM_INSTRIM_LOOPHEAD=1 expands on INSTRIM to optimize loops. + afl-fuzz will only be able to see the path the loop took, but not how + many times it was called (unless it is a complex loop). + + - Setting AFL_LLVM_INSTRIM_SKIPSINGLEBLOCK=1 will skip instrumenting + functions with a single basic block. This is useful for most C and + some C++ targets. + + See llvm_mode/README.instrim.md + +### NGRAM + + - Setting AFL_LLVM_NGRAM_SIZE or AFL_LLVM_INSTRUMENT=NGRAM-{value} + activates ngram prev_loc coverage, good values are 2, 4 or 8 + (any value between 2 and 16 is valid). + + See llvm_mode/README.ngram.md + ### LAF-INTEL This great feature will split compares to series of single byte comparisons @@ -139,32 +173,6 @@ Then there are a few specific features that are only available in llvm_mode: See llvm_mode/README.whitelist.md for more information. -### INSTRIM - - This feature increases the speed by whopping 20% but at the cost of a - lower path discovery and therefore coverage. - - - Setting AFL_LLVM_INSTRIM activates this mode - - - Setting AFL_LLVM_INSTRIM_LOOPHEAD=1 expands on INSTRIM to optimize loops. - afl-fuzz will only be able to see the path the loop took, but not how - many times it was called (unless it is a complex loop). - - - Setting AFL_LLVM_INSTRIM_SKIPSINGLEBLOCK=1 will skip instrumenting - functions with a single basic block. This is useful for most C and - some C++ targets. - - Instrim, LTO and ngram modes can not be used together. - See llvm_mode/README.instrim.md - -### NGRAM - - - Setting AFL_LLVM_NGRAM_SIZE activates ngram prev_loc coverage, good - values are 2, 4 or 8. - - Instrim, LTO and ngram modes can not be used together. - See llvm_mode/README.ngram.md - ### NOT_ZERO - Setting AFL_LLVM_NOT_ZERO=1 during compilation will use counters |