diff options
| author | van Hauser <vh@thc.org> | 2019-07-14 20:02:20 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-07-14 20:02:20 +0200 |
| commit | da8e03e18a1d01cb4ea26fc8efb25c4e7708a0b5 (patch) | |
| tree | 21e2f2e0bbe93341c3813d96576c5e83f62195d0 /docs/env_variables.txt | |
| parent | 5c0830f62857bc00d1da386e3d204932f544a6ba (diff) | |
| parent | 4a80dbdd10aedd3a3e70a0631aeb4e01438b634c (diff) | |
| download | afl++-da8e03e18a1d01cb4ea26fc8efb25c4e7708a0b5.tar.gz | |
Merge branch 'master' into shared_memory_mmap_refactor
Diffstat (limited to 'docs/env_variables.txt')
| -rw-r--r-- | docs/env_variables.txt | 23 |
1 files changed, 17 insertions, 6 deletions
diff --git a/docs/env_variables.txt b/docs/env_variables.txt index f5db3b4f..8e2723d7 100644 --- a/docs/env_variables.txt +++ b/docs/env_variables.txt @@ -82,6 +82,9 @@ discussed in section #1, with the exception of: - TMPDIR and AFL_KEEP_ASSEMBLY, since no temporary assembly files are created. + - AFL_INST_RATIO, as we switched for instrim instrumentation which + is more effective but makes not much sense together with this option. + Then there are a few specific features that are only available in llvm_mode: LAF-INTEL @@ -89,11 +92,11 @@ Then there are a few specific features that are only available in llvm_mode: This great feature will split compares to series of single byte comparisons to allow afl-fuzz to find otherwise rather impossible paths. - - Setting LAF_SPLIT_SWITCHES will split switch()es + - Setting AFL_LLVM_LAF_SPLIT_SWITCHES will split switch()es - - Setting LAF_TRANSFORM_COMPARES will split string compare functions + - Setting AFL_LLVM_LAF_TRANSFORM_COMPARES will split string compare functions - - Setting LAF_SPLIT_COMPARES will split > 8 bit CMP instructions + - Setting AFL_LLVM_LAF_SPLIT_COMPARES will split > 8 bit CMP instructions See llvm_mode/README.laf-intel for more information. @@ -106,9 +109,17 @@ Then there are a few specific features that are only available in llvm_mode: See llvm_mode/README.whitelist for more information. -Note that AFL_INST_RATIO will behave a bit differently than for afl-gcc, -because functions are *not* instrumented unconditionally - so low values -will have a more striking effect. For this tool, 0 is not a valid choice. + OTHER + ===== + - Setting LOOPHEAD=1 optimized loops. afl-fuzz will only be able to + see the path the loop took, but not how many times it was called + (unless its a complex loop). + + - Setting AFL_LLVM_NOT_ZERO=1 during compilation will use counters + that skip zero on overflow. This is the default for llvm >= 9, + however for llvm versions below that this will increase an unnecessary + slowdown due a performance issue that is only fixed in llvm 9+. + This feature increases path discovery by a little bit. 3) Settings for afl-fuzz ------------------------ |