about summary refs log tree commit diff
path: root/docs
diff options
context:
space:
mode:
Diffstat (limited to 'docs')
-rw-r--r--docs/ChangeLog3
-rw-r--r--docs/README4
-rw-r--r--docs/env_variables.txt46
3 files changed, 41 insertions, 12 deletions
diff --git a/docs/ChangeLog b/docs/ChangeLog
index ea6e59bc..73c69196 100644
--- a/docs/ChangeLog
+++ b/docs/ChangeLog
@@ -17,6 +17,9 @@ sending a mail to <afl-users+subscribe@googlegroups.com>.
 Version ++2.52d (tbd):
 -----------------------------
 
+  - added whitelist support for llvm_mode via AFL_LLVM_WHITELIST to allow
+    only to instrument what is actually interesting. Gives more speed and less
+    map pollution (originally by choller@mozilla)
   - added Python Module mutator support, python2.7-dev is autodetected.
     see docs/python_mutators.txt (originally by choller@mozilla)
   - added AFL_CAL_FAST for slow applications and AFL_DEBUG_CHILD_OUTPUT for debugging
diff --git a/docs/README b/docs/README
index 1d0dfb34..41a9459f 100644
--- a/docs/README
+++ b/docs/README
@@ -21,8 +21,8 @@ american fuzzy lop plus plus
   https://github.com/andreafioraldi/afl and got the community patches applied
   to it.
 
-  C. Hoellers Python mutator module support was added too
-  (https://github.com/choeller/afl)
+  C. Hoellers afl-fuzz Python mutator module and llvm_mode whitelist support
+  was added too (https://github.com/choeller/afl)
 
   So all in all this is the best-of AFL that is currently out there :-)
 
diff --git a/docs/env_variables.txt b/docs/env_variables.txt
index 07a74dc0..f5db3b4f 100644
--- a/docs/env_variables.txt
+++ b/docs/env_variables.txt
@@ -71,14 +71,8 @@ tools make fairly broad use of environmental variables:
   - Setting AFL_CAL_FAST will speed up the initial calibration, if the
     application is very slow
 
-  - Setting AFL_DEBUG_CHILD_OUTPUT will not suppress the child output.
-    Not pretty but good for debugging purposes.
-
-  - For AFL_PYTHON_MODULE and AFL_PYTHON_ONLY - they require to be compiled
-    with -DUSE_PYTHON. Please see docs/python_mutators.txt
-
-2) Settings for afl-clang-fast
-------------------------------
+2) Settings for afl-clang-fast / afl-clang-fast++
+-------------------------------------------------
 
 The native LLVM instrumentation helper accepts a subset of the settings
 discussed in section #1, with the exception of:
@@ -88,6 +82,30 @@ discussed in section #1, with the exception of:
   - TMPDIR and AFL_KEEP_ASSEMBLY, since no temporary assembly files are
     created.
 
+Then there are a few specific features that are only available in llvm_mode:
+
+  LAF-INTEL
+  =========
+    This great feature will split compares to series of single byte comparisons
+    to allow afl-fuzz to find otherwise rather impossible paths.
+
+    - Setting LAF_SPLIT_SWITCHES will split switch()es
+
+    - Setting LAF_TRANSFORM_COMPARES will split string compare functions
+
+    - Setting LAF_SPLIT_COMPARES will split > 8 bit CMP instructions
+
+    See llvm_mode/README.laf-intel for more information. 
+
+  WHITELIST
+  =========
+    This feature allows selectively instrumentation of the source
+
+    - Setting AFL_LLVM_WHITELIST with a filename will only instrument those
+      files that match these names.
+
+    See llvm_mode/README.whitelist for more information.
+
 Note that AFL_INST_RATIO will behave a bit differently than for afl-gcc,
 because functions are *not* instrumented unconditionally - so low values
 will have a more striking effect. For this tool, 0 is not a valid choice.
@@ -141,8 +159,8 @@ checks or alter some of the more exotic semantics of the tool:
 
   - AFL_TMPDIR is used to write the .cur_input file to if exists, and in
     the normal output directory otherwise. You would use this to point to
-    a ramdisk/tmpfs. This increases the speed by a very minimal value but
-    also reduces the stress on SSDs.
+    a ramdisk/tmpfs. This increases the speed by a small value but also
+    reduces the stress on SSDs.
 
   - When developing custom instrumentation on top of afl-fuzz, you can use
     AFL_SKIP_BIN_CHECK to inhibit the checks for non-instrumented binaries
@@ -159,6 +177,11 @@ checks or alter some of the more exotic semantics of the tool:
     mutated files - say, to fix up checksums. See experimental/post_library/
     for more.
 
+  - For AFL_PYTHON_MODULE and AFL_PYTHON_ONLY - they require to be compiled
+    with -DUSE_PYTHON. Please see docs/python_mutators.txt
+    This feature allows to configure custom mutators which can be very helpful
+    in e.g. fuzzing XML or other highly flexible structured input.
+
   - AFL_FAST_CAL keeps the calibration stage about 2.5x faster (albeit less
     precise), which can help when starting a session against a slow target.
 
@@ -183,6 +206,9 @@ checks or alter some of the more exotic semantics of the tool:
     processing the first queue entry; and AFL_BENCH_UNTIL_CRASH causes it to
     exit soon after the first crash is found.
 
+  - Setting AFL_DEBUG_CHILD_OUTPUT will not suppress the child output.
+    Not pretty but good for debugging purposes.
+
 4) Settings for afl-qemu-trace
 ------------------------------
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-08-06 09:15:45 +0000