about summary refs log tree commit diff
path: root/docs
diff options
context:
space:
mode:
Diffstat (limited to 'docs')
-rw-r--r--docs/PATCHES1
-rw-r--r--docs/README6
-rw-r--r--docs/env_variables.txt13
3 files changed, 14 insertions, 6 deletions
diff --git a/docs/PATCHES b/docs/PATCHES
index 06da053e..f6ca9284 100644
--- a/docs/PATCHES
+++ b/docs/PATCHES
@@ -17,6 +17,7 @@ afl-qemu-optimize-entrypoint.diff	by mh(at)mh-sec(dot)de
 afl-qemu-speed.diff			by abiondo on github
 afl-qemu-optimize-map.diff		by mh(at)mh-sec(dot)de
 
++ instrim (https://github.com/csienslab/instrim) was integrated
 + MOpt (github.com/puppet-meteor/MOpt-AFL) was imported
 + AFLfast additions (github.com/mboehme/aflfast) were incorporated.
 + Qemu 3.1 upgrade with enhancement patches (github.com/andreafioraldi/afl)
diff --git a/docs/README b/docs/README
index 3f19d328..54e3e4a4 100644
--- a/docs/README
+++ b/docs/README
@@ -19,9 +19,13 @@ american fuzzy lop plus plus
   C. Hollers afl-fuzz Python mutator module and llvm_mode whitelist support
   was added too (https://github.com/choller/afl)
 
-  The newest additions is the excellent MOpt mutator from
+  New is the excellent MOpt mutator from
   https://github.com/puppet-meteor/MOpt-AFL  
 
+  Also newly integrated is instrim, a very effective CFG llvm_mode
+  instrumentation implementation which replaced the original afl one and is
+  from https://github.com/csienslab/instrim
+
   A more thorough list is available in the PATCHES file.
 
   So all in all this is the best-of AFL that is currently out there :-)
diff --git a/docs/env_variables.txt b/docs/env_variables.txt
index d854ea8d..8e2723d7 100644
--- a/docs/env_variables.txt
+++ b/docs/env_variables.txt
@@ -82,6 +82,9 @@ discussed in section #1, with the exception of:
   - TMPDIR and AFL_KEEP_ASSEMBLY, since no temporary assembly files are
     created.
 
+  - AFL_INST_RATIO, as we switched for instrim instrumentation which
+    is more effective but makes not much sense together with this option.
+
 Then there are a few specific features that are only available in llvm_mode:
 
   LAF-INTEL
@@ -108,16 +111,16 @@ Then there are a few specific features that are only available in llvm_mode:
 
   OTHER
   =====
-    - Setting export AFL_LLVM_NOT_ZERO=1 during compilation will use counters
+    - Setting LOOPHEAD=1 optimized loops. afl-fuzz will only be able to
+      see the path the loop took, but not how many times it was called
+      (unless its a complex loop).
+
+    - Setting AFL_LLVM_NOT_ZERO=1 during compilation will use counters
       that skip zero on overflow. This is the default for llvm >= 9,
       however for llvm versions below that this will increase an unnecessary
       slowdown due a performance issue that is only fixed in llvm 9+.
       This feature increases path discovery by a little bit.
 
-Note that AFL_INST_RATIO will behave a bit differently than for afl-gcc,
-because functions are *not* instrumented unconditionally - so low values
-will have a more striking effect. For this tool, 0 is not a valid choice.
-
 3) Settings for afl-fuzz
 ------------------------
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-05-17 04:07:53 +0000