diff options
| author | van Hauser <vh@thc.org> | 2020-05-06 00:58:13 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-05-06 00:58:13 +0200 |
| commit | df5215783414ddda7d9f371ccef5acb2235f66d0 (patch) | |
| tree | 52ca748f7a90c9deb09d9380c19f8220f0f45105 /docs | |
| parent | c7de368dc20078116bcb2e34b0f2237127802841 (diff) | |
| parent | a13958b32b6a1d8cba6f82b0d1ad03801721e3ef (diff) | |
| download | afl++-df5215783414ddda7d9f371ccef5acb2235f66d0.tar.gz | |
Merge pull request #352 from AFLplusplus/dev
Pull to master because of crash in string compare transform
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/Changelog.md | 13 | ||||
| -rw-r--r-- | docs/env_variables.md | 11 |
2 files changed, 22 insertions, 2 deletions
diff --git a/docs/Changelog.md b/docs/Changelog.md index dadfa7e0..54564a5d 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -20,6 +20,12 @@ sending a mail to <afl-users+subscribe@googlegroups.com>. address for the shared memory map is used as this increases the fuzzing speed - fixes to LTO mode if instrumented edges > MAP_SIZE + - CTX and NGRAM can now be used together + - CTX and NGRAM are now also supported in CFG/INSTRIM mode + - AFL_LLVM_LAF_TRANSFORM_COMPARES could crash, fixed + - added AFL_LLVM_SKIP_NEVERZERO to skip the never zero coverage counter + implementation. For targets with few or no loops or heavily called + functions. Gives a small performance boost. - qemu_mode: - add information on PIE/PIC load addresses for 32 bit - better dependency checks @@ -28,6 +34,13 @@ sending a mail to <afl-users+subscribe@googlegroups.com>. - unicorn_mode: - better submodule handling - afl-showmap: fix for -Q mode + - added examples/afl_network_proxy which allows to fuzz a target over the + network (not fuzzing tcp/ip services but running afl-fuzz on one system + and the target being on an embedded device) + - added examples/afl_untracer which does a binary-only fuzzing with the + modifications done in memory + - added examples/afl_proxy which can be easily used to fuzz and instrument + non-standard things - all: - forkserver communication now also used for error reporting - fix 32 bit build options diff --git a/docs/env_variables.md b/docs/env_variables.md index 41c8f12a..ed81c8a3 100644 --- a/docs/env_variables.md +++ b/docs/env_variables.md @@ -97,12 +97,15 @@ Then there are a few specific features that are only available in llvm_mode: - AFL_LLVM_INSTRUMENT - this configures the instrumentation mode. Available options: - DEFAULT - classic AFL (map[cur_loc ^ prev_loc >> 1]++) + CLASSIC - classic AFL (map[cur_loc ^ prev_loc >> 1]++) (default) CFG - InsTrim instrumentation (see below) LTO - LTO instrumentation (see below) CTX - context sensitive instrumentation (see below) NGRAM-x - deeper previous location coverage (from NGRAM-2 up to NGRAM-16) - Only one can be used. + In CLASSIC (default) and CFG/INSTRIM you can also specify CTX and/or + NGRAM, seperate the options with a comma "," then, e.g.: + AFL_LLVM_INSTRUMENT=CFG,CTX,NGRAM-4 + Not that this is a good idea to use both CTX and NGRAM :) ### LTO @@ -204,6 +207,10 @@ Then there are a few specific features that are only available in llvm_mode: slowdown due a performance issue that is only fixed in llvm 9+. This feature increases path discovery by a little bit. + - Setting AFL_LLVM_SKIP_NEVERZERO=1 will not implement the skip zero + test. If the target performs only few loops then this will give a + small performance boost. + See llvm_mode/README.neverzero.md ### CMPLOG |