add env info to afl-fuzz (please review!), small clarifications in docs/env_variables.md

1 files changed, 41 insertions, 3 deletions

diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c
index dc033713..24491998 100644
--- a/src/afl-fuzz.c
+++ b/src/afl-fuzz.c
@@ -143,9 +143,47 @@ static void usage(u8* argv0) {
       "file\n"
       "  -C            - crash exploration mode (the peruvian rabbit thing)\n"
       "  -e ext        - File extension for the temporarily generated test "
-      "case\n\n",
-
-      argv0, EXEC_TIMEOUT, MEM_LIMIT);
+      "case\n\n"
+
+      "Environment variables used:\n"
+      "AFL_PATH: path to AFL support binaries\n"
+      "AFL_QUIET: suppress forkserver status messages\n"
+      "AFL_DEBUG_CHILD_OUTPUT: do not suppress stdout/stderr from target\n"
+      "LD_BIND_LAZY: do not set LD_BIND_NOW env var for target\n"
+      "AFL_BENCH_JUST_ONE: run the target just once\n"
+      "AFL_DUMB_FORKSRV: use fork server without feedback from target\n"
+      "AFL_CUSTOM_MUTATOR_LIBRARY: lib with afl_custom_mutator() to mutate inputs\n"
+      "AFL_CUSTOM_MUTATOR_ONLY: avoid AFL++'s internal mutators\n"
+      "AFL_PYTHON_MODULE: mutate and trim inputs with the specified Python module\n"
+      "AFL_PYTHON_ONLY: skip AFL++'s own mutators\n"
+      "AFL_DEBUG: extra debugging output for Python mode trimming\n"
+      "AFL_DISABLE_TRIM: disable the trimming of test cases\n"
+      "AFL_NO_UI: switch status screen off\n"
+      "AFL_FORCE_UI: force showing the status screen (for virtual consoles)\n"
+      "AFL_NO_CPU_RED: avoid red color for showing very high cpu usage\n"
+      "AFL_SKIP_CPUFREQ: do not warn about variable cpu clocking\n"
+      "AFL_NO_FORKSRV: run target via execve instead of using the forkserver\n"
+      "AFL_NO_ARITH: skip arithmetic mutations in deterministic stage\n"
+      "AFL_SHUFFLE_QUEUE: reorder the input queue randomly on startup\n"
+      "AFL_FAST_CAL: limit the calibration stage to three cycles for speedup\n"
+      "AFL_HANG_TMOUT: override timeout value (in milliseconds)\n"
+      "AFL_PRELOAD: LD_PRELOAD / DYLD_INSERT_LIBRARIES settings for target\n"
+      "AFL_TMPDIR: directory to use for input file generation (ramdisk recommended)\n"
+      "AFL_IMPORT_FIRST: sync and import test cases from other fuzzer instances first\n"
+      "AFL_NO_AFFINITY: do not check for an unused cpu core to use for fuzzing\n"
+      "AFL_POST_LIBRARY: postprocess generated test cases before use as target input\n"
+      "AFL_SKIP_CRASHES: during initial dry run do not terminate for crashing inputs\n"
+      "AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES: don't warn about core dump handlers\n"
+      "ASAN_OPTIONS: custom settings for ASAN\n"
+      "              (must contain abort_on_error=1 and symbolize=0)\n"
+      "MSAN_OPTIONS: custom settings for MSAN\n"
+      "              (must contain exitcode="STRINGIFY(MSAN_ERROR)" and symbolize=0)\n"
+      "AFL_SKIP_BIN_CHECK: skip the check, if the target is an excutable\n"
+      "AFL_PERSISTENT: not supported anymore -> no effect, just a warning\n"
+      "AFL_DEFER_FORKSRV: not supported anymore -> no effect, just a warning\n"
+      "AFL_EXIT_WHEN_DONE: exit when all inputs are run and no new finds are found\n"
+      "AFL_BENCH_UNTIL_CRASH: exit soon when the first crashing input has been found\n"
+      , argv0, EXEC_TIMEOUT, MEM_LIMIT);
 
 #ifdef USE_PYTHON
   SAYF("Compiled with %s module support, see docs/python_mutators.md\n",