document new environment variables and code format

author: van Hauser <vh@thc.org> 2020-03-10 07:14:42 +0100
committer: van Hauser <vh@thc.org> 2020-03-10 07:14:42 +0100
commit: 1148a2d0d1ce43ab89e14eefb70bc410726838c4 (patch)
tree: 4c2a69940d07cb2fadd8b8a5cbbfdb7f902c8d36 /llvm_mode/README.instrim.md
parent: 38d9aedb26d6c4530763a29fe7695155a21ffbbc (diff)
download: afl++-1148a2d0d1ce43ab89e14eefb70bc410726838c4.tar.gz
1 files changed, 9 insertions, 0 deletions
diff --git a/llvm_mode/README.instrim.md b/llvm_mode/README.instrim.md
index b40dbb18..5c3f32c8 100644
--- a/llvm_mode/README.instrim.md
+++ b/llvm_mode/README.instrim.md
@@ -19,6 +19,15 @@ see how often the loop has been rerun.
 This again is a tradeoff for speed for less path information.
 To enable this mode set `AFL_LLVM_INSTRIM_LOOPHEAD=1`.
 
+There is an additional optimization option that skips single block
+functions. In 95% of the C targets and (guess) 50% of the C++ targets
+it is good to enable this, as otherwise pointless instrumentation occurs.
+The corner case where we want this instrumentation is when vtable/call table
+is used and the index to that vtable/call table is not set in specific
+basic blocks.
+To enable skipping these (most of the time) unnecessary instrumentations set
+`AFL_LLVM_INSTRIM_SKIPSINGLEBLOCK=1`
+
 ## Background
 
 The paper: [InsTrim: Lightweight Instrumentation for Coverage-guided Fuzzing]
author	van Hauser <vh@thc.org>	2020-03-10 07:14:42 +0100
committer	van Hauser <vh@thc.org>	2020-03-10 07:14:42 +0100
commit	1148a2d0d1ce43ab89e14eefb70bc410726838c4 (patch)
tree	4c2a69940d07cb2fadd8b8a5cbbfdb7f902c8d36 /llvm_mode/README.instrim.md
parent	38d9aedb26d6c4530763a29fe7695155a21ffbbc (diff)
download	afl++-1148a2d0d1ce43ab89e14eefb70bc410726838c4.tar.gz