diff options
| author | Andrea Fioraldi <andreafioraldi@gmail.com> | 2020-02-25 21:24:43 +0100 |
|---|---|---|
| committer | Andrea Fioraldi <andreafioraldi@gmail.com> | 2020-02-25 21:24:43 +0100 |
| commit | e12edca29a43f728868b1105ca071c85a0c4a11e (patch) | |
| tree | d4b17cc4b173783e68322eb068489a9afe197ff5 /docs | |
| parent | 7e0663e4e0040efabef875d6bcbb4e2c7a9085d7 (diff) | |
| parent | 4bd736e1a79ada95ae4266be72c331106e580075 (diff) | |
| download | afl++-e12edca29a43f728868b1105ca071c85a0c4a11e.tar.gz | |
Merge branch 'master' of github.com:vanhauser-thc/AFLplusplus
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/Changelog.md | 33 | ||||
| -rw-r--r-- | docs/QuickStartGuide.md | 2 | ||||
| -rw-r--r-- | docs/env_variables.md | 2 | ||||
| -rw-r--r-- | docs/life_pro_tips.md | 4 | ||||
| -rw-r--r-- | docs/notes_for_asan.md | 2 | ||||
| -rw-r--r-- | docs/parallel_fuzzing.md | 2 | ||||
| -rw-r--r-- | docs/perf_tips.md | 4 | ||||
| -rw-r--r-- | docs/sister_projects.md | 4 | ||||
| -rw-r--r-- | docs/status_screen.md | 2 | ||||
| -rw-r--r-- | docs/technical_details.md | 4 |
10 files changed, 35 insertions, 24 deletions
diff --git a/docs/Changelog.md b/docs/Changelog.md index 5d781545..2f8674c8 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -1,7 +1,7 @@ # Changelog This is the list of all noteworthy changes made in every public release of - the tool. See README for the general instruction manual. + the tool. See README.md for the general instruction manual. ## Staying informed @@ -9,7 +9,12 @@ Want to stay in the loop on major new features? Join our mailing list by sending a mail to <afl-users+subscribe@googlegroups.com>. -### Version ++2.60d (develop): +### Version ++2.61d (develop): + + - ... + + +### Version ++2.61c (release): - use -march=native if available - most tools now check for mistyped environment variables @@ -17,6 +22,7 @@ sending a mail to <afl-users+subscribe@googlegroups.com>. - the memory safety checks are now disabled for a little more speed during fuzzing (only affects creating queue entries), can be toggled in config.h - afl-fuzz: + - MOpt out of bounds writing crash fixed - now prints the real python version support compiled in - set stronger performance compile options and little tweaks - Android: prefer bigcores when selecting a CPU @@ -28,13 +34,18 @@ sending a mail to <afl-users+subscribe@googlegroups.com>. - bugfix for dictionary insert stage count (fix via Google repo PR) - added warning if -M is used together with custom mutators with _ONLY option - AFL_TMPDIR checks are now later and better explained if they fail - - llvm_mode InsTrim: no pointless instrumentation of 1 block functions + - llvm_mode + - InsTrim: three bug fixes: + 1. (minor) no pointless instrumentation of 1 block functions + 2. (medium) path bug that leads a few blocks not instrumented that + should be + 3. (major) incorrect prev_loc was written, fixed! - afl-clang-fast: - show in the help output for which llvm version it was compiled for - now does not need to be recompiled between trace-pc and pass instrumentation. compile normally and set AFL_LLVM_USE_TRACE_PC :) - LLVM 11 is supported - - CmpLog instrumentation using SanCov (see llvm_mode/README.cmplog) + - CmpLog instrumentation using SanCov (see llvm_mode/README.cmplog.md) - afl-gcc, afl-clang-fast, afl-gcc-fast: - experimental support for undefined behaviour sanitizer UBSAN (set AFL_USE_UBSAN=1) @@ -178,7 +189,7 @@ sending a mail to <afl-users+subscribe@googlegroups.com>. - fix llvm_mode AFL_TRACE_PC with modern llvm - fix a crash in qemu_mode which also exists in stock afl - added libcompcov, a laf-intel implementation for qemu! :) - see qemu_mode/libcompcov/README.libcompcov + see qemu_mode/libcompcov/README.libcompcov.md - afl-fuzz now displays the selected core in the status screen (blue {#}) - updated afl-fuzz and afl-system-config for new scaling governor location in modern kernels @@ -187,8 +198,8 @@ sending a mail to <afl-users+subscribe@googlegroups.com>. - if llvm_mode was compiled, afl-clang/afl-clang++ will point to these instead of afl-gcc - added instrim, a much faster llvm_mode instrumentation at the cost of - path discovery. See llvm_mode/README.instrim (https://github.com/csienslab/instrim) - - added MOpt (github.com/puppet-meteor/MOpt-AFL) mode, see docs/README.MOpt + path discovery. See llvm_mode/README.instrim.md (https://github.com/csienslab/instrim) + - added MOpt (github.com/puppet-meteor/MOpt-AFL) mode, see docs/README.MOpt.md - added code to make it more portable to other platforms than Intel Linux - added never zero counters for afl-gcc and optionally (because of an optimization issue in llvm < 9) for llvm_mode (AFL_LLVM_NEVER_ZERO=1) @@ -218,11 +229,11 @@ sending a mail to <afl-users+subscribe@googlegroups.com>. LLVM and Qemu modes are now faster. Important changes: afl-fuzz: -e EXTENSION commandline option - llvm_mode: LAF-intel performance (needs activation, see llvm/README.laf-intel) - a few new environment variables for afl-fuzz, llvm and qemu, see docs/env_variables.txt + llvm_mode: LAF-intel performance (needs activation, see llvm/README.laf-intel.md) + a few new environment variables for afl-fuzz, llvm and qemu, see docs/env_variables.md - Added the power schedules of AFLfast by Marcel Boehme, but set the default to the AFL schedule, not to the FAST schedule. So nothing changes unless - you use the new -p option :-) - see docs/power_schedules.txt + you use the new -p option :-) - see docs/power_schedules.md - added afl-system-config script to set all system performance options for fuzzing - llvm_mode works with llvm 3.9 up to including 8 ! - qemu_mode got upgraded from 2.1 to 3.1 - incorporated from @@ -465,7 +476,7 @@ sending a mail to <afl-users+subscribe@googlegroups.com>. - Added libtokencap, a simple feature to intercept strcmp / memcmp and generate dictionary entries that can help extend coverage. - - Moved libdislocator to its own dir, added README. + - Moved libdislocator to its own dir, added README.md. - The demo in examples/instrumented_cmp is no more. diff --git a/docs/QuickStartGuide.md b/docs/QuickStartGuide.md index f9e3b256..1e1d60b7 100644 --- a/docs/QuickStartGuide.md +++ b/docs/QuickStartGuide.md @@ -27,7 +27,7 @@ how to hit the ground running: 4) Get a small but valid input file that makes sense to the program. When fuzzing verbose syntax (SQL, HTTP, etc), create a dictionary as described in - dictionaries/README.dictionaries, too. + dictionaries/README.md, too. 5) If the program reads from stdin, run 'afl-fuzz' like so: diff --git a/docs/env_variables.md b/docs/env_variables.md index c60821dc..9fc60187 100644 --- a/docs/env_variables.md +++ b/docs/env_variables.md @@ -2,7 +2,7 @@ This document discusses the environment variables used by American Fuzzy Lop++ to expose various exotic functions that may be (rarely) useful for power - users or for some types of custom fuzzing setups. See README for the general + users or for some types of custom fuzzing setups. See README.md for the general instruction manual. ## 1) Settings for afl-gcc, afl-clang, and afl-as - and gcc_plugin afl-gcc-fast diff --git a/docs/life_pro_tips.md b/docs/life_pro_tips.md index a0d90659..0724e83c 100644 --- a/docs/life_pro_tips.md +++ b/docs/life_pro_tips.md @@ -62,7 +62,7 @@ Specify `AFL_HARDEN=1` in the environment to enable hardening flags. ## Bumping into problems with non-reproducible crashes? It happens, but usually -isn't hard to diagnose. See section #7 in README for tips. +isn't hard to diagnose. See section #7 in README.md for tips. ## Fuzzing is not just about memory corruption issues in the codebase. Add some @@ -87,4 +87,4 @@ use a postprocessor! See examples/post_library/ for more. ## Dealing with a very slow target or hoping for instant results? -Specify `-d` when calling afl-fuzz! \ No newline at end of file +Specify `-d` when calling afl-fuzz! diff --git a/docs/notes_for_asan.md b/docs/notes_for_asan.md index 9c49dc1f..feac49f9 100644 --- a/docs/notes_for_asan.md +++ b/docs/notes_for_asan.md @@ -1,7 +1,7 @@ # Notes for using ASAN with afl-fuzz This file discusses some of the caveats for fuzzing under ASAN, and suggests - a handful of alternatives. See README for the general instruction manual. + a handful of alternatives. See README.md for the general instruction manual. ## 1) Short version diff --git a/docs/parallel_fuzzing.md b/docs/parallel_fuzzing.md index 0a2863fe..8b39df04 100644 --- a/docs/parallel_fuzzing.md +++ b/docs/parallel_fuzzing.md @@ -1,7 +1,7 @@ # Tips for parallel fuzzing This document talks about synchronizing afl-fuzz jobs on a single machine - or across a fleet of systems. See README for the general instruction manual. + or across a fleet of systems. See README.md for the general instruction manual. ## 1) Introduction diff --git a/docs/perf_tips.md b/docs/perf_tips.md index 41d74447..fcd03db7 100644 --- a/docs/perf_tips.md +++ b/docs/perf_tips.md @@ -1,7 +1,7 @@ ## Tips for performance optimization This file provides tips for troubleshooting slow or wasteful fuzzing jobs. - See README for the general instruction manual. + See README.md for the general instruction manual. ## 1. Keep your test cases small @@ -221,4 +221,4 @@ early on, you can always resort to the `-d` mode. The mode causes `afl-fuzz` to skip all the deterministic fuzzing steps, which makes output a lot less neat and can ultimately make the testing a bit less in-depth, but it will give you an experience more familiar from other fuzzing -tools. \ No newline at end of file +tools. diff --git a/docs/sister_projects.md b/docs/sister_projects.md index ecc3b924..1625044c 100644 --- a/docs/sister_projects.md +++ b/docs/sister_projects.md @@ -1,7 +1,7 @@ # Sister projects This doc lists some of the projects that are inspired by, derived from, -designed for, or meant to integrate with AFL. See README for the general +designed for, or meant to integrate with AFL. See README.md for the general instruction manual. !!! @@ -252,7 +252,7 @@ https://code.google.com/p/address-sanitizer/wiki/AsanCoverage#Coverage_counters ### AFL JS (Han Choongwoo) One-off optimizations to speed up the fuzzing of JavaScriptCore (now likely -superseded by LLVM deferred forkserver init - see llvm_mode/README.llvm). +superseded by LLVM deferred forkserver init - see llvm_mode/README.md). https://github.com/tunz/afl-fuzz-js diff --git a/docs/status_screen.md b/docs/status_screen.md index 066c2c07..0bc636c4 100644 --- a/docs/status_screen.md +++ b/docs/status_screen.md @@ -1,7 +1,7 @@ # Understanding the status screen This document provides an overview of the status screen - plus tips for -troubleshooting any warnings and red text shown in the UI. See README for +troubleshooting any warnings and red text shown in the UI. See README.md for the general instruction manual. ## A note about colors diff --git a/docs/technical_details.md b/docs/technical_details.md index d53b30e3..996bf162 100644 --- a/docs/technical_details.md +++ b/docs/technical_details.md @@ -1,7 +1,7 @@ # Technical "whitepaper" for afl-fuzz This document provides a quick overview of the guts of American Fuzzy Lop. -See README for the general instruction manual; and for a discussion of +See README.md for the general instruction manual; and for a discussion of motivations and design goals behind AFL, see historical_notes.md. ## 0. Design statement @@ -542,4 +542,4 @@ It uses the following classification scheme: takes place. - "Magic value section" - a generic token where changes cause the type of binary behavior outlined earlier, but that doesn't meet any of the - other criteria. May be an atomically compared keyword or so. \ No newline at end of file + other criteria. May be an atomically compared keyword or so. |