diff options
| -rw-r--r-- | docs/fuzzing_in_depth.md | 4 | ||||
| -rw-r--r-- | src/afl-fuzz.c | 1 |
2 files changed, 3 insertions, 2 deletions
diff --git a/docs/fuzzing_in_depth.md b/docs/fuzzing_in_depth.md index f75ca5dc..5a5acbb2 100644 --- a/docs/fuzzing_in_depth.md +++ b/docs/fuzzing_in_depth.md @@ -616,7 +616,7 @@ For every secondary fuzzer there should be a variation, e.g.: be one of them! (Although this is not really recommended.) All other secondaries should be used like this: -* a quarter to a third with the MOpt mutator enabled: `-L 0` +* 10-20% with the MOpt mutator enabled: `-L 0` * run with a different power schedule, recommended are: `fast` (default), `explore`, `coe`, `lin`, `quad`, `exploit`, and `rare` which you can set with the `-p` option, e.g., `-p explore`. See the @@ -940,7 +940,7 @@ too long for your overall available fuzz run time. * 65% for `AFL_DISABLE_TRIM` * 50% for `AFL_KEEP_TIMEOUTS` * 50% use a dictionary generated by `AFL_LLVM_DICT2FILE` + `AFL_LLVM_DICT2FILE_NO_MAIN=1` - * 40% use MOpt (`-L 0`) + * 10% use MOpt (`-L 0`) * 40% for `AFL_EXPAND_HAVOC_NOW` * 20% for old queue processing (`-Z`) * for CMPLOG targets, 70% for `-l 2`, 10% for `-l 3`, 20% for `-l 2AT` diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 8b9c1e50..90c255e3 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -176,6 +176,7 @@ static void usage(u8 *argv0, int more_help) { " pacemaker mode (minutes of no new finds). 0 = " "immediately,\n" " -1 = immediately and together with normal mutation.\n" + " Note: this option is usually not very effective\n" " -c program - enable CmpLog by specifying a binary compiled for " "it.\n" " if using QEMU/FRIDA or the fuzzing target is " |