Merge pull request #1392 from AFLplusplus/dev

push to stable

1 files changed, 7 insertions, 3 deletions

diff --git a/docs/fuzzing_in_depth.md b/docs/fuzzing_in_depth.md
index cff00f77..2c27dfe1 100644
--- a/docs/fuzzing_in_depth.md
+++ b/docs/fuzzing_in_depth.md
@@ -333,6 +333,9 @@ is a non-standard way to set this, otherwise set up the build normally and edit
 the generated build environment afterwards manually to point it to the right
 compiler (and/or `RANLIB` and `AR`).
 
+In complex, weird, alien build systems you can try this neat project:
+[https://github.com/fuzzah/exeptor](https://github.com/fuzzah/exeptor)
+
 #### Linker scripts
 
 If the project uses linker scripts to hide the symbols exported by the
@@ -911,16 +914,17 @@ normal fuzzing campaigns as these are much shorter runnings.
     * Keep the generated corpus, use afl-cmin and reuse it every time!
 
 2. Additionally randomize the AFL++ compilation options, e.g.:
-    * 40% for `AFL_LLVM_CMPLOG`
-    * 10% for `AFL_LLVM_LAF_ALL`
+    * 30% for `AFL_LLVM_CMPLOG`
+    * 5% for `AFL_LLVM_LAF_ALL`
 
 3. Also randomize the afl-fuzz runtime options, e.g.:
     * 65% for `AFL_DISABLE_TRIM`
+    * 50% for `AFL_KEEP_TIMEOUTS`
     * 50% use a dictionary generated by `AFL_LLVM_DICT2FILE`
     * 40% use MOpt (`-L 0`)
     * 40% for `AFL_EXPAND_HAVOC_NOW`
     * 20% for old queue processing (`-Z`)
-    * for CMPLOG targets, 60% for `-l 2`, 40% for `-l 3`
+    * for CMPLOG targets, 70% for `-l 2`, 10% for `-l 3`, 20% for `-l 2AT`
 
 4. Do *not* run any `-M` modes, just running `-S` modes is better for CI
    fuzzing. `-M` enables old queue handling etc. which is good for a fuzzing