diff options
| author | llzmb <46303940+llzmb@users.noreply.github.com> | 2021-11-30 20:17:58 +0100 |
|---|---|---|
| committer | llzmb <46303940+llzmb@users.noreply.github.com> | 2021-11-30 20:17:58 +0100 |
| commit | f2ff029cc25e81fec36abd0b8c676f1dd6a39c77 (patch) | |
| tree | 4631c78c7e8963aae8823809a9c38ae49034693e /qemu_mode | |
| parent | f1d2332657fbdd79331ab917a2bfbcd39e5a7f8f (diff) | |
| download | afl++-f2ff029cc25e81fec36abd0b8c676f1dd6a39c77.tar.gz | |
Edit QEMU mode README.md
Diffstat (limited to 'qemu_mode')
| -rw-r--r-- | qemu_mode/README.md | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/qemu_mode/README.md b/qemu_mode/README.md index 4ade93d7..b4b5e7bf 100644 --- a/qemu_mode/README.md +++ b/qemu_mode/README.md @@ -8,7 +8,7 @@ The code in this directory allows you to build a standalone feature that leverages the QEMU "user emulation" mode and allows callers to obtain instrumentation output for black-box, closed-source binaries. This mechanism can be then used by afl-fuzz to stress-test targets that couldn't be built with -afl-gcc. +afl-cc. The usual performance cost is 2-5x, which is considerably better than seen so far in experiments with tools such as DynamoRIO and PIN. @@ -180,10 +180,10 @@ and instrument every basic block encountered. ## 11) Benchmarking If you want to compare the performance of the QEMU instrumentation with that of -afl-gcc compiled code against the same target, you need to build the +afl-clang-fast compiled code against the same target, you need to build the non-instrumented binary with the same optimization flags that are normally -injected by afl-gcc, and make sure that the bits to be tested are statically -linked into the binary. A common way to do this would be: +injected by afl-clang-fast, and make sure that the bits to be tested are +statically linked into the binary. A common way to do this would be: ``` CFLAGS="-O3 -funroll-loops" ./configure --disable-shared |