diff options
| -rw-r--r-- | docs/env_variables.md | 24 | ||||
| -rwxr-xr-x | examples/distributed_fuzzing/sync_script.sh | 2 | 
2 files changed, 13 insertions, 13 deletions
| diff --git a/docs/env_variables.md b/docs/env_variables.md index 7d4f6716..d377e83f 100644 --- a/docs/env_variables.md +++ b/docs/env_variables.md @@ -10,8 +10,8 @@ Because they can't directly accept command-line options, the compile-time tools make fairly broad use of environmental variables: - - Most afl tools do not print any ouput if stout/stderr are redirected. - If you want to have the output into a file then set the AFL_DEBUG + - Most afl tools do not print any output if stdout/stderr are redirected. + If you want to save the output in a file then set the AFL_DEBUG environment variable. This is sadly necessary for various build processes which fail otherwise. @@ -44,7 +44,7 @@ tools make fairly broad use of environmental variables: you instrument hand-written assembly when compiling clang code by plugging a normalizer into the chain. (There is no equivalent feature for GCC.) - - Setting AFL_INST_RATIO to a percentage between 0 and 100% controls the + - Setting AFL_INST_RATIO to a percentage between 0% and 100% controls the probability of instrumenting every branch. This is (very rarely) useful when dealing with exceptionally complex programs that saturate the output bitmap. Examples include v8, ffmpeg, and perl. @@ -88,7 +88,7 @@ of the settings discussed in section #1, with the exception of: - TMPDIR and AFL_KEEP_ASSEMBLY, since no temporary assembly files are created. - - AFL_INST_RATIO, as we by default collision free instrumentation is used. + - AFL_INST_RATIO, as we by default use collision free instrumentation. Then there are a few specific features that are only available in llvm_mode: @@ -121,7 +121,7 @@ Then there are a few specific features that are only available in llvm_mode: None of the following options are necessary to be used and are rather for manual use (which only ever the author of this LTO implementation will use). - These are used if several seperated instrumentation are performed which + These are used if several seperated instrumentations are performed which are then later combined. - AFL_LLVM_DOCUMENT_IDS=file will document to a file which edge ID was given @@ -200,7 +200,7 @@ Then there are a few specific features that are only available in llvm_mode: ### INSTRUMENT LIST (selectively instrument files and functions) - This feature allows selectively instrumentation of the source + This feature allows selective instrumentation of the source - Setting AFL_LLVM_ALLOWLIST or AFL_LLVM_DENYLIST with a filenames and/or function will only instrument (or skip) those files that match the names @@ -371,10 +371,10 @@ checks or alter some of the more exotic semantics of the tool: - Setting AFL_MAX_DET_EXRAS will change the threshold at what number of elements in the `-x` dictionary and LTO autodict (combined) the probabilistic mode will - kick off. In probabilistic mode, not all dictionary entires will be used all - of the times for fuzzing mutations to not make fuzzing slower by it. - The default count is `200` element. So for the 200 + 1st element, there is a - 1 in 201 chance, that one of the dictionary entry will not be used directly. + kick off. In probabilistic mode, not all dictionary entries will be used all + the times for fuzzing mutations in order not to slow down fuzzing. + The default count is `200` elements. So for the 200 + 1st element, there is a + 1 in 201 chance, that one of the dictionary entries will not be used directly. - Setting AFL_NO_FORKSRV disables the forkserver optimization, reverting to fork + execve() call for every tested input. This is useful mostly when @@ -385,14 +385,14 @@ checks or alter some of the more exotic semantics of the tool: normally done when starting up the forkserver and causes a pretty significant performance drop. - - Setting AFL_MAX_DET_EXTRAS changes the count of dictionary enties/extras + - Setting AFL_MAX_DET_EXTRAS changes the count of dictionary entries/extras (default 200), after which the entries will be used probabilistically. So, if the dict/extras file (`-x`) contains more tokens than this threshold, not all of the tokens will be used in each fuzzing step, every time. Instead, there is a chance that the entry will be skipped during fuzzing. This makes sure that the fuzzer doesn't spend all its time only inserting the extras, but will still do other mutations. However, it decreases the - likelyhood for each token to be inserted, before the next queue entrie is fuzzed. + likelihood for each token to be inserted, before the next queue entry is fuzzed. Either way, all tokens will be used eventually, in a longer fuzzing campaign. - Outdated environment variables that are that not supported anymore: diff --git a/examples/distributed_fuzzing/sync_script.sh b/examples/distributed_fuzzing/sync_script.sh index fade48c7..b28ff6cd 100755 --- a/examples/distributed_fuzzing/sync_script.sh +++ b/examples/distributed_fuzzing/sync_script.sh @@ -39,7 +39,7 @@ FUZZ_USER=bob # Directory to synchronize SYNC_DIR='/home/bob/sync_dir' -# We only capture -M main nodes, set the name to your chosen nameing scheme +# We only capture -M main nodes, set the name to your chosen naming scheme MAIN_NAME='main' # Interval (seconds) between sync attempts (eg one hour) | 
