aboutsummaryrefslogtreecommitdiff
path: root/docs/env_variables.txt
diff options
context:
space:
mode:
Diffstat (limited to 'docs/env_variables.txt')
-rw-r--r--docs/env_variables.txt23
1 files changed, 17 insertions, 6 deletions
diff --git a/docs/env_variables.txt b/docs/env_variables.txt
index f5db3b4f..8e2723d7 100644
--- a/docs/env_variables.txt
+++ b/docs/env_variables.txt
@@ -82,6 +82,9 @@ discussed in section #1, with the exception of:
- TMPDIR and AFL_KEEP_ASSEMBLY, since no temporary assembly files are
created.
+ - AFL_INST_RATIO, as we switched for instrim instrumentation which
+ is more effective but makes not much sense together with this option.
+
Then there are a few specific features that are only available in llvm_mode:
LAF-INTEL
@@ -89,11 +92,11 @@ Then there are a few specific features that are only available in llvm_mode:
This great feature will split compares to series of single byte comparisons
to allow afl-fuzz to find otherwise rather impossible paths.
- - Setting LAF_SPLIT_SWITCHES will split switch()es
+ - Setting AFL_LLVM_LAF_SPLIT_SWITCHES will split switch()es
- - Setting LAF_TRANSFORM_COMPARES will split string compare functions
+ - Setting AFL_LLVM_LAF_TRANSFORM_COMPARES will split string compare functions
- - Setting LAF_SPLIT_COMPARES will split > 8 bit CMP instructions
+ - Setting AFL_LLVM_LAF_SPLIT_COMPARES will split > 8 bit CMP instructions
See llvm_mode/README.laf-intel for more information.
@@ -106,9 +109,17 @@ Then there are a few specific features that are only available in llvm_mode:
See llvm_mode/README.whitelist for more information.
-Note that AFL_INST_RATIO will behave a bit differently than for afl-gcc,
-because functions are *not* instrumented unconditionally - so low values
-will have a more striking effect. For this tool, 0 is not a valid choice.
+ OTHER
+ =====
+ - Setting LOOPHEAD=1 optimized loops. afl-fuzz will only be able to
+ see the path the loop took, but not how many times it was called
+ (unless its a complex loop).
+
+ - Setting AFL_LLVM_NOT_ZERO=1 during compilation will use counters
+ that skip zero on overflow. This is the default for llvm >= 9,
+ however for llvm versions below that this will increase an unnecessary
+ slowdown due a performance issue that is only fixed in llvm 9+.
+ This feature increases path discovery by a little bit.
3) Settings for afl-fuzz
------------------------
generated by cgit v1.2.3 (git 2.25.1) at 2026-01-26 17:54:40 +0000