diff options
| author | yuawn <ssspeed00@gmail.com> | 2021-07-21 10:29:51 +0000 |
|---|---|---|
| committer | yuawn <ssspeed00@gmail.com> | 2021-07-21 10:29:51 +0000 |
| commit | 549b01e68b7ff25e87a1b81a70721dc231882034 (patch) | |
| tree | ff72fcf7b904511ab0269dee66fc410174060fb8 /docs | |
| parent | a9328e40b3cf9cbda844da8bdce20093df7bbffa (diff) | |
| download | afl++-549b01e68b7ff25e87a1b81a70721dc231882034.tar.gz | |
fix links in FAQ.md
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/FAQ.md | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/docs/FAQ.md b/docs/FAQ.md index 0f447044..8e5b5535 100644 --- a/docs/FAQ.md +++ b/docs/FAQ.md @@ -58,8 +58,8 @@ Solution: `git pull ; make clean install` of afl++ ## How to improve the fuzzing speed? - 1. Use [llvm_mode](docs/llvm_mode/README.md): afl-clang-lto (llvm >= 11) or afl-clang-fast (llvm >= 9 recommended) - 2. Use [persistent mode](llvm_mode/README.persistent_mode.md) (x2-x20 speed increase) + 1. Use [llvm_mode](/instrumentation/README.llvm.md): afl-clang-lto (llvm >= 11) or afl-clang-fast (llvm >= 9 recommended) + 2. Use [persistent mode](/instrumentation/README.persistent_mode.md) (x2-x20 speed increase) 3. Use the [afl++ snapshot module](https://github.com/AFLplusplus/AFL-Snapshot-LKM) (x2 speed increase) 4. If you do not use shmem persistent mode, use `AFL_TMPDIR` to put the input file directory on a tempfs location, see [docs/env_variables.md](docs/env_variables.md) 5. Improve Linux kernel performance: modify `/etc/default/grub`, set `GRUB_CMDLINE_LINUX_DEFAULT="ibpb=off ibrs=off kpti=off l1tf=off mds=off mitigations=off no_stf_barrier noibpb noibrs nopcid nopti nospec_store_bypass_disable nospectre_v1 nospectre_v2 pcid=off pti=off spec_store_bypass_disable=off spectre_v2=off stf_barrier=off"`; then `update-grub` and `reboot` (warning: makes the system less secure) @@ -77,7 +77,7 @@ Using a network channel is inadequate for several reasons: The established method to fuzz network services is to modify the source code to read from a file or stdin (fd 0) (or even faster via shared memory, combine -this with persistent mode [llvm_mode/README.persistent_mode.md](llvm_mode/README.persistent_mode.md) +this with persistent mode [instrumentation/README.persistent_mode.md](/instrumentation/README.persistent_mode.md) and you have a performance gain of x10 instead of a performance loss of over x10 - that is a x100 difference!). @@ -197,7 +197,7 @@ afl-clang-fast PCGUARD and afl-clang-lto LTO instrumentation. b) For PCGUARD instrumented binaries it is much more difficult. Here you can either modify the __sanitizer_cov_trace_pc_guard function in - llvm_mode/afl-llvm-rt.o.c to write a backtrace to a file if the ID in + instrumentation/afl-llvm-rt.o.c to write a backtrace to a file if the ID in __afl_area_ptr[*guard] is one of the unstable edge IDs. (Example code is already there). Then recompile and reinstall llvm_mode and rebuild your target. @@ -225,7 +225,7 @@ afl-clang-fast PCGUARD and afl-clang-lto LTO instrumentation. remove from instrumentation, or just specify the functions you want to skip for instrumentation. Note that optimization might inline functions! - Simply follow this document on how to do this: [llvm_mode/README.instrument_list.md](llvm_mode/README.instrument_list.md) + Simply follow this document on how to do this: [instrumentation/README.instrument_list.md](/instrumentation/README.instrument_list.md) If PCGUARD is used, then you need to follow this guide (needs llvm 12+!): [http://clang.llvm.org/docs/SanitizerCoverage.html#partially-disabling-instrumentation](http://clang.llvm.org/docs/SanitizerCoverage.html#partially-disabling-instrumentation) |