about summary refs log tree commit diff
path: root/docs/fuzzing_expert.md
diff options
context:
space:
mode:
Diffstat (limited to 'docs/fuzzing_expert.md')
-rw-r--r--docs/fuzzing_expert.md6
1 files changed, 4 insertions, 2 deletions
diff --git a/docs/fuzzing_expert.md b/docs/fuzzing_expert.md
index 96193f88..876c5fbb 100644
--- a/docs/fuzzing_expert.md
+++ b/docs/fuzzing_expert.md
@@ -87,8 +87,8 @@ The following options are available when you instrument with LTO mode (afl-clang
    transform input data before comparison. Therefore this technique is called
    `input to state` or `redqueen`.
    If you want to use this technique, then you have to compile the target
-   twice, once specifically with/for this mode, and pass this binary to afl-fuzz
-   via the `-c` parameter.
+   twice, once specifically with/for this mode by setting `AFL_LLVM_CMPLOG=1`,
+   and pass this binary to afl-fuzz via the `-c` parameter.
    Note that you can compile also just a cmplog binary and use that for both
    however there will be a performance penality.
    You can read more about this in [instrumentation/README.cmplog.md](../instrumentation/README.cmplog.md)
@@ -149,6 +149,8 @@ The following sanitizers have built-in support in AFL++:
     vulnerabilities - which is however one of the most important and dangerous
     C++ memory corruption classes!
     Enabled with `export AFL_USE_CFISAN=1` before compiling.
+  * TSAN = Thread SANitizer, finds thread race conditions.
+    Enabled with `export AFL_USE_TSAN=1` before compiling.
   * LSAN = Leak SANitizer, finds memory leaks in a program. This is not really
     a security issue, but for developers this can be very valuable.
     Note that unlike the other sanitizers above this needs
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-06-12 14:46:17 +0000