merge from master

author: Andrea Fioraldi <andreafioraldi@gmail.com> 2019-09-02 18:47:07 +0200
committer: Andrea Fioraldi <andreafioraldi@gmail.com> 2019-09-02 18:47:07 +0200
commit: 2ae4ca91b48407add0e940ee13bd8b385e319a7a (patch)
tree: edf805e670fd89a5ca687bfa0102353b1974d3bb /llvm_mode/README.instrim.md
parent: e9d968e060f59df634409d2bbe58c279cf6eca00 (diff)
parent: c124576a4dc00e31ad5cad118098f46eaa29cd17 (diff)
download: afl++-2ae4ca91b48407add0e940ee13bd8b385e319a7a.tar.gz
1 files changed, 24 insertions, 0 deletions
diff --git a/llvm_mode/README.instrim.md b/llvm_mode/README.instrim.md
new file mode 100644
index 00000000..e5e3614d
--- /dev/null
+++ b/llvm_mode/README.instrim.md
@@ -0,0 +1,24 @@
+# InsTrim
+
+InsTrim: Lightweight Instrumentation for Coverage-guided Fuzzing
+
+## Introduction
+
+InsTrim uses CFG and markers to instrument just what is necessary in the
+binary in llvm_mode. It is about 20-25% faster but as a cost has a lower
+path discovery.
+
+## Usage
+
+Set the environment variable `AFL_LLVM_INSTRIM=1`.
+
+There is also an advanced mode which instruments loops in a way so that
+afl-fuzz can see which loop path has been selected but not being able to
+see how often the loop has been rerun.
+This again is a tradeoff for speed for less path information.
+To enable this mode set `AFL_LLVM_INSTRIM_LOOPHEAD=1`.
+
+## Background
+
+The paper: [InsTrim: Lightweight Instrumentation for Coverage-guided Fuzzing]
+(https://www.ndss-symposium.org/wp-content/uploads/2018/07/bar2018_14_Hsu_paper.pdf)
author	Andrea Fioraldi <andreafioraldi@gmail.com>	2019-09-02 18:47:07 +0200
committer	Andrea Fioraldi <andreafioraldi@gmail.com>	2019-09-02 18:47:07 +0200
commit	2ae4ca91b48407add0e940ee13bd8b385e319a7a (patch)
tree	edf805e670fd89a5ca687bfa0102353b1974d3bb /llvm_mode/README.instrim.md
parent	e9d968e060f59df634409d2bbe58c279cf6eca00 (diff)
parent	c124576a4dc00e31ad5cad118098f46eaa29cd17 (diff)
download	afl++-2ae4ca91b48407add0e940ee13bd8b385e319a7a.tar.gz