Merge pull request #548 from AFLplusplus/pre-3

Pre 3.0 changes
author: van Hauser <vh@thc.org> 2020-09-05 13:26:08 +0200
committer: GitHub <noreply@github.com> 2020-09-05 13:26:08 +0200
commit: 81b1d85f6168cb0828b4afef5d7994dba3c6753e (patch)
tree: 8ddfccbd1594c3f3c50025eb8cbe23f84a10fa20 /instrumentation/README.ctx.md
parent: fac108476c1cb5326cf4339b2a4c846828698816 (diff)
parent: 2f90f2faba92c0ef5e081ff74b54fb07eb1faaa9 (diff)
download: afl++-81b1d85f6168cb0828b4afef5d7994dba3c6753e.tar.gz
1 files changed, 22 insertions, 0 deletions
diff --git a/instrumentation/README.ctx.md b/instrumentation/README.ctx.md
new file mode 100644
index 00000000..caf2c09a
--- /dev/null
+++ b/instrumentation/README.ctx.md
@@ -0,0 +1,22 @@
+# AFL Context Sensitive Branch Coverage
+
+## What is this?
+
+This is an LLVM-based implementation of the context sensitive branch coverage.
+
+Basically every function gets its own ID and that ID is combined with the
+edges of the called functions.
+
+So if both function A and function B call a function C, the coverage
+collected in C will be different.
+
+In math the coverage is collected as follows:
+`map[current_location_ID ^ previous_location_ID >> 1 ^ previous_callee_ID] += 1`
+
+## Usage
+
+Set the `AFL_LLVM_INSTRUMENT=CTX` or `AFL_LLVM_CTX=1` environment variable.
+
+It is highly recommended to increase the MAP_SIZE_POW2 definition in
+config.h to at least 18 and maybe up to 20 for this as otherwise too
+many map collisions occur.
author	van Hauser <vh@thc.org>	2020-09-05 13:26:08 +0200
committer	GitHub <noreply@github.com>	2020-09-05 13:26:08 +0200
commit	81b1d85f6168cb0828b4afef5d7994dba3c6753e (patch)
tree	8ddfccbd1594c3f3c50025eb8cbe23f84a10fa20 /instrumentation/README.ctx.md
parent	fac108476c1cb5326cf4339b2a4c846828698816 (diff)
parent	2f90f2faba92c0ef5e081ff74b54fb07eb1faaa9 (diff)
download	afl++-81b1d85f6168cb0828b4afef5d7994dba3c6753e.tar.gz