about summary refs log tree commit diff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--docs/Changelog.md1
-rw-r--r--docs/env_variables.md5
-rw-r--r--instrumentation/README.llvm.md4
-rw-r--r--instrumentation/README.neverzero.md5
-rw-r--r--src/afl-cc.c1
5 files changed, 16 insertions, 0 deletions
diff --git a/docs/Changelog.md b/docs/Changelog.md
index 9c9a3976..d8e96bf3 100644
--- a/docs/Changelog.md
+++ b/docs/Changelog.md
@@ -35,6 +35,7 @@ sending a mail to <afl-users+subscribe@googlegroups.com>.
     - Removed automatic linking with -lc++ for LTO mode
   - utils/aflpp_driver/aflpp_qemu_driver_hook fixed to work with qemu mode
   - add -d (add dead fuzzer stats) to afl-whatsup
+  - add thread safe counters for LLVM CLASSIC (set AFL_LLVM_THREADSAFE_INST)
 
 ### Version ++3.12c (release)
   - afl-fuzz:
diff --git a/docs/env_variables.md b/docs/env_variables.md
index 0100ffac..d9a774aa 100644
--- a/docs/env_variables.md
+++ b/docs/env_variables.md
@@ -231,6 +231,11 @@ Then there are a few specific features that are only available in instrumentatio
 
   See [instrumentation/README.instrument_list.md](../instrumentation/README.instrument_list.md) for more information.
 
+### Thread safe instrumentation counters (in mode LLVM CLASSIC)
+   - Setting `AFL_LLVM_THREADSAFE_INST` will inject code that implements thread safe counters.
+     The overhead is a bit higher compared to the older non-thread safe case. 
+     `AFL_LLVM_NOT_ZERO` and `AFL_LLVM_SKIP_NEVERZERO` are supported (see below). 
+
 ### NOT_ZERO
 
    - Setting `AFL_LLVM_NOT_ZERO=1` during compilation will use counters
diff --git a/instrumentation/README.llvm.md b/instrumentation/README.llvm.md
index adce6c1d..a9d51829 100644
--- a/instrumentation/README.llvm.md
+++ b/instrumentation/README.llvm.md
@@ -144,6 +144,10 @@ is not optimal and was only fixed in llvm 9.
 You can set this with AFL_LLVM_NOT_ZERO=1
 See [README.neverzero.md](README.neverzero.md)
 
+Support for thread safe counters has been added for mode LLVM CLASSIC.
+Activate it with `AFL_LLVM_THREADSAFE_INST=1`. The tradeoff is better precision in 
+multi threaded apps for a slightly higher instrumentation overhead.
+
 ## 4) Snapshot feature
 
 To speed up fuzzing you can use a linux loadable kernel module which enables
diff --git a/instrumentation/README.neverzero.md b/instrumentation/README.neverzero.md
index 49104e00..06334eab 100644
--- a/instrumentation/README.neverzero.md
+++ b/instrumentation/README.neverzero.md
@@ -33,3 +33,8 @@ AFL_LLVM_SKIP_NEVERZERO=1
 ```
 If the target does not have extensive loops or functions that are called
 a lot then this can give a small performance boost.
+
+Please note that the default counter implementations are not thread safe!
+
+Support for thread safe counters in mode LLVM CLASSIC can be activated with setting
+`AFL_LLVM_THREADSAFE_INST=1`.
\ No newline at end of file
diff --git a/src/afl-cc.c b/src/afl-cc.c
index 1f89bac5..132f5f83 100644
--- a/src/afl-cc.c
+++ b/src/afl-cc.c
@@ -1757,6 +1757,7 @@ int main(int argc, char **argv, char **envp) {
         SAYF(
             "\nLLVM/LTO/afl-clang-fast/afl-clang-lto specific environment "
             "variables:\n"
+            "  AFL_LLVM_THREADSAFE_INST: instrument with thread safe counters\n"
 
             COUNTER_BEHAVIOUR
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-05-21 11:08:11 +0000