diff options
| author | van Hauser <vh@thc.org> | 2019-07-05 11:28:08 +0200 | 
|---|---|---|
| committer | van Hauser <vh@thc.org> | 2019-07-05 11:28:08 +0200 | 
| commit | 7f6aaa53147afd4feb549214f49d0f5f69e4af6c (patch) | |
| tree | 9e99e541b9df310af959b4ac8d893ec24ab3fd11 /llvm_mode/README.neverzero | |
| parent | 9199967022284da0ee4d78459d8d34513540cf32 (diff) | |
| download | afl++-7f6aaa53147afd4feb549214f49d0f5f69e4af6c.tar.gz | |
final touches
Diffstat (limited to 'llvm_mode/README.neverzero')
| -rw-r--r-- | llvm_mode/README.neverzero | 22 | 
1 files changed, 22 insertions, 0 deletions
| diff --git a/llvm_mode/README.neverzero b/llvm_mode/README.neverzero new file mode 100644 index 00000000..ef873acb --- /dev/null +++ b/llvm_mode/README.neverzero @@ -0,0 +1,22 @@ +Usage +===== + +In larger, complex or reiterative programs the map that collects the edge pairs +can easily fill up and wrap. +This is not that much of an issue - unless by chance it wraps just to a 0 +when the program execution ends. +In this case afl-fuzz is not able to see that the pair has been accessed and +will ignore it. + +NeverZero prevents this behaviour. If a counter wraps, it jumps over the 0 +directly to a 1. This improves path discovery (by a very little amount) +at a very little cost (one instruction per edge). + +This is implemented in afl-gcc, however for llvm_mode this is optional if +the llvm version is below 9 - as there is a perfomance bug that is only fixed +in version 9 and onwards. + +If you want to enable this for llvm < 9 then set + +export AFL_LLVM_NOT_ZERO=1 + | 
