Merge pull request #1469 from AFLplusplus/dev

push to stable

8 files changed, 37 insertions, 21 deletions

diff --git a/docs/Changelog.md b/docs/Changelog.md
index 737df7fa..ff3907f0 100644
--- a/docs/Changelog.md
+++ b/docs/Changelog.md
@@ -8,6 +8,13 @@
 Want to stay in the loop on major new features? Join our mailing list by
 sending a mail to <afl-users+subscribe@googlegroups.com>.
 
+### Version ++4.02a (dev)
+  - gcc_plugin:
+    - Adacore submitted CMPLOG support to the gcc_plugin! :-)
+  - llvm_mode:
+    - laf cmp splitting fixed for more comparison types
+
+
 ### Version ++4.01c (release)
   - fixed */build_...sh scripts to work outside of git
   - new custom_mutator: libafl with token fuzzing :)
diff --git a/docs/INSTALL.md b/docs/INSTALL.md
index 41ec8561..312b41e9 100644
--- a/docs/INSTALL.md
+++ b/docs/INSTALL.md
@@ -21,12 +21,12 @@ development state of AFL++.
 If you want to build AFL++ yourself, you have many options. The easiest choice
 is to build and install everything:
 
-NOTE: depending on your Debian/Ubuntu/Kali/... version replease `-12` with
+NOTE: depending on your Debian/Ubuntu/Kali/... version release `-12` with
 whatever llvm version is available!
 
 ```shell
 sudo apt-get update
-sudo apt-get install -y build-essential python3-dev automake cmake git flex bison libglib2.0-dev libpixman-1-dev python3-setuptools
+sudo apt-get install -y build-essential python3-dev automake cmake git flex bison libglib2.0-dev libpixman-1-dev python3-setuptools cargo libgtk-3-dev
 # try to install llvm 12 and install the distro default if that fails
 sudo apt-get install -y lld-12 llvm-12 llvm-12-dev clang-12 || sudo apt-get install -y lld llvm llvm-dev clang
 sudo apt-get install -y gcc-$(gcc --version|head -n1|sed 's/\..*//'|sed 's/.* //')-plugin-dev libstdc++-$(gcc --version|head -n1|sed 's/\..*//'|sed 's/.* //')-dev
@@ -148,7 +148,7 @@ and definitely don't look POSIX-compliant. This means two things:
     environment before starting afl-fuzz.
 
 User emulation mode of QEMU does not appear to be supported on MacOS X, so
-black-box instrumentation mode (`-Q`) will not work. However, Frida mode (`-O`)
+black-box instrumentation mode (`-Q`) will not work. However, FRIDA mode (`-O`)
 works on both x86 and arm64 MacOS boxes.
 
 MacOS X supports SYSV shared memory used by AFL's instrumentation, but the
diff --git a/docs/env_variables.md b/docs/env_variables.md
index 0598a809..00948fc1 100644
--- a/docs/env_variables.md
+++ b/docs/env_variables.md
@@ -160,6 +160,8 @@ Available options:
 Setting `AFL_LLVM_CMPLOG=1` during compilation will tell afl-clang-fast to
 produce a CmpLog binary.
 
+For afl-gcc-fast, set `AFL_GCC_CMPLOG=1` instead.
+
 For more information, see
 [instrumentation/README.cmplog.md](../instrumentation/README.cmplog.md).
 
@@ -460,7 +462,7 @@ checks or alter some of the more exotic semantics of the tool:
     some basic stats. This behavior is also automatically triggered when the
     output from afl-fuzz is redirected to a file or to a pipe.
 
-  - In QEMU mode (-Q) and Frida mode (-O), `AFL_PATH` will be searched for
+  - In QEMU mode (-Q) and FRIDA mode (-O), `AFL_PATH` will be searched for
     afl-qemu-trace and afl-frida-trace.so.
 
   - If you are using persistent mode (you should, see
@@ -553,10 +555,10 @@ checks or alter some of the more exotic semantics of the tool:
       in the target binary
 
   - If you need an early forkserver in your target because of early
-    constructors in your target you can set `AFL_EARLY_FORKSERVER`.
+    constructors in your target, you can set `AFL_EARLY_FORKSERVER`.
     Note that this is not a compile time option but a runtime option :-)
 
-  - set `AFL_PIZZA_MODE` to 1 to enable the April 1st stats menu, set to 0
+  - Set `AFL_PIZZA_MODE` to 1 to enable the April 1st stats menu, set to 0
     to disable although it is 1st of April.
 
 ## 5) Settings for afl-qemu-trace
diff --git a/docs/features.md b/docs/features.md
index dd3d2bcb..212302f8 100644
--- a/docs/features.md
+++ b/docs/features.md
@@ -12,7 +12,7 @@ QEMU 5.1 with laf-intel and Redqueen, FRIDA mode, unicorn mode, gcc plugin, full
 | NeverZero           [B]       | x86[_64] |    x(1)   |      x     |        x       |         x        |         x        |              |                    |
 | Persistent Mode     [C]       |          |     x     |      x     | x86[_64]/arm64 | x86[_64]/arm[64] |         x        |              |                    |
 | LAF-Intel / CompCov [D]       |          |     x     |            |                | x86[_64]/arm[64] | x86[_64]/arm[64] |   x86[_64]   |                    |
-| CmpLog              [E]       |          |     x     |            | x86[_64]/arm64 | x86[_64]/arm[64] |                  |              |                    |
+| CmpLog              [E]       |          |     x     |      x     | x86[_64]/arm64 | x86[_64]/arm[64] |                  |              |                    |
 | Selective Instrumentation [F] |          |     x     |      x     |        x       |         x        |                  |              |                    |
 | Non-Colliding Coverage    [G] |          |    x(4)   |            |                |       (x)(5)     |                  |              |                    |
 | Ngram prev_loc Coverage   [H] |          |    x(6)   |            |                |                  |                  |              |                    |
diff --git a/docs/fuzzing_in_depth.md b/docs/fuzzing_in_depth.md
index 2c27dfe1..37889137 100644
--- a/docs/fuzzing_in_depth.md
+++ b/docs/fuzzing_in_depth.md
@@ -838,9 +838,10 @@ Here are some of the most important caveats for AFL++:
 
 - There is no direct support for fuzzing network services, background daemons,
   or interactive apps that require UI interaction to work. You may need to make
-  simple code changes to make them behave in a more traditional way. Preeny or libdesock may
-  offer a relatively simple option, too - see:
-  [https://github.com/zardus/preeny](https://github.com/zardus/preeny) or [https://github.com/fkie-cad/libdesock](https://github.com/fkie-cad/libdesock)
+  simple code changes to make them behave in a more traditional way. Preeny or
+  libdesock may offer a relatively simple option, too - see:
+  [https://github.com/zardus/preeny](https://github.com/zardus/preeny) or
+  [https://github.com/fkie-cad/libdesock](https://github.com/fkie-cad/libdesock)
 
   Some useful tips for modifying network-based services can be also found at:
   [https://www.fastly.com/blog/how-to-fuzz-server-american-fuzzy-lop](https://www.fastly.com/blog/how-to-fuzz-server-american-fuzzy-lop)
diff --git a/docs/ideas.md b/docs/ideas.md
index e2360ab2..b5de637f 100644
--- a/docs/ideas.md
+++ b/docs/ideas.md
@@ -19,18 +19,18 @@ Mentor: vanhauser-thc
 ## WASM Instrumentation
 
 Currently, AFL++ can be used for source code fuzzing and traditional binaries.
-With the rise of WASM as a compile target, however, a novel way of instrumentation
-needs to be implemented for binaries compiled to Webassembly. This can either be
-done by inserting instrumentation directly into the WASM AST, or by patching
-feedback into a WASM VM of choice, similar to the current Unicorn
+With the rise of WASM as a compile target, however, a novel way of
+instrumentation needs to be implemented for binaries compiled to Webassembly.
+This can either be done by inserting instrumentation directly into the WASM AST,
+or by patching feedback into a WASM VM of choice, similar to the current Unicorn
 instrumentation.
 
 Mentor: any
 
 ## Support other programming languages
 
-Other programming languages also use llvm hence they could be (easily?) supported
-for fuzzing, e.g., mono, swift, go, kotlin native, fortran, ...
+Other programming languages also use llvm hence they could be (easily?)
+supported for fuzzing, e.g., mono, swift, go, kotlin native, fortran, ...
 
 GCC also supports: Objective-C, Fortran, Ada, Go, and D (according to
 [Gcc homepage](https://gcc.gnu.org/))
diff --git a/docs/third_party_tools.md b/docs/third_party_tools.md
index 8d40c429..1175d9e5 100644
--- a/docs/third_party_tools.md
+++ b/docs/third_party_tools.md
@@ -1,11 +1,13 @@
 # Tools that help fuzzing with AFL++
 
-Speeding up fuzzing:
+## Speeding up fuzzing
+
 * [libfiowrapper](https://github.com/marekzmyslowski/libfiowrapper) - if the
   function you want to fuzz requires loading a file, this allows using the
   shared memory test case feature :-) - recommended.
 
-Minimization of test cases:
+## Minimization of test cases
+
 * [afl-pytmin](https://github.com/ilsani/afl-pytmin) - a wrapper for afl-tmin
   that tries to speed up the process of minimization of a single test case by
   using many CPU cores.
@@ -14,7 +16,8 @@ Minimization of test cases:
 * [halfempty](https://github.com/googleprojectzero/halfempty) -  is a fast
   utility for minimizing test cases by Tavis Ormandy based on parallelization.
 
-Distributed execution:
+## Distributed execution
+
 * [disfuzz-afl](https://github.com/MartijnB/disfuzz-afl) - distributed fuzzing
   for AFL.
 * [AFLDFF](https://github.com/quantumvm/AFLDFF) - AFL distributed fuzzing
@@ -26,7 +29,8 @@ Distributed execution:
 * [afl-in-the-cloud](https://github.com/abhisek/afl-in-the-cloud) - another
   script for running AFL in AWS.
 
-Deployment, management, monitoring, reporting
+## Deployment, management, monitoring, reporting
+
 * [afl-utils](https://gitlab.com/rc0r/afl-utils) - a set of utilities for
   automatic processing/analysis of crashes and reducing the number of test
   cases.
@@ -44,7 +48,8 @@ Deployment, management, monitoring, reporting
 * [afl-extras](https://github.com/fekir/afl-extras) - shell scripts to
   parallelize afl-tmin, startup, and data collection.
 
-Crash processing
+## Crash processing
+
 * [AFLTriage](https://github.com/quic/AFLTriage) -
   triage crashing input files using gdb.
 * [afl-crash-analyzer](https://github.com/floyd-fuh/afl-crash-analyzer) -
diff --git a/docs/tutorials.md b/docs/tutorials.md
index 477ff98b..758fddab 100644
--- a/docs/tutorials.md
+++ b/docs/tutorials.md
@@ -33,6 +33,7 @@ structure is), these links have you covered (some are outdated though):
   [https://github.com/adrian-rt/superion-mutator](https://github.com/adrian-rt/superion-mutator)
 
 ## Video Tutorials
+
 * [Install AFL++ Ubuntu](https://www.youtube.com/watch?v=5dCvhkbi3RA)
 * [[Fuzzing with AFLplusplus] Installing AFLPlusplus and fuzzing a simple C program](https://www.youtube.com/watch?v=9wRVo0kYSlc)
 * [[Fuzzing with AFLplusplus] How to fuzz a binary with no source code on Linux in persistent mode](https://www.youtube.com/watch?v=LGPJdEO02p4)