about summary refs log tree commit diff
path: root/docs
diff options
context:
space:
mode:
Diffstat (limited to 'docs')
-rw-r--r--docs/Changelog.md3
-rw-r--r--docs/PATCHES.md1
-rw-r--r--docs/env_variables.md34
3 files changed, 27 insertions, 11 deletions
diff --git a/docs/Changelog.md b/docs/Changelog.md
index 3eb5d329..ece2c4b5 100644
--- a/docs/Changelog.md
+++ b/docs/Changelog.md
@@ -31,6 +31,9 @@ sending a mail to <afl-users+subscribe@googlegroups.com>.
               runtime
   - LTO collision free instrumented added in llvm_mode with afl-clang-lto -
     note that this mode is amazing, but quite some targets won't compile
+  - Added llvm_mode NGRAM prev_loc coverage by Adrean Herrera
+    (https://github.com/adrianherrera/afl-ngram-pass/), activate by setting
+    AFL_LLVM_NGRAM_SIZE
   - llvm_mode InsTrim mode:
     - removed workaround for bug where paths were not instrumented and 
       imported fix by author
diff --git a/docs/PATCHES.md b/docs/PATCHES.md
index 1dfb6622..a6783523 100644
--- a/docs/PATCHES.md
+++ b/docs/PATCHES.md
@@ -20,6 +20,7 @@ afl-qemu-speed.diff			by abiondo on github
 afl-qemu-optimize-map.diff		by mh(at)mh-sec(dot)de
 ```
 
++ llvm_mode ngram prev_loc coverage (github.com/adrianherrera/afl-ngram-pass)
 + Custom mutator (native library) (by kyakdan)
 + unicorn_mode (modernized and updated by domenukk)
 + instrim (https://github.com/csienslab/instrim) was integrated
diff --git a/docs/env_variables.md b/docs/env_variables.md
index 8c7510cd..98f27bdf 100644
--- a/docs/env_variables.md
+++ b/docs/env_variables.md
@@ -93,23 +93,26 @@ Then there are a few specific features that are only available in llvm_mode:
 
 ### LTO
 
-This is a different kind way of instrumentation: first it compiles all
-code in LTO (link time optimization) and then performs an edge inserting
-instrumentation which is 100% collision free (collisions are a big issue
-in afl and afl-like instrumentations). This is performed by using
-afl-clang-lto/afl-clang-lto++ instead of afl-clang-fast, but is only
-built if LLVM 9 or newer is used.
-
-None of these options are necessary to be used and are rather for manual
-use (which only ever the author of this LTO implementation will use ;-)
-These are used if several seperated instrumentation are performed which
-are then later combined.
+    This is a different kind way of instrumentation: first it compiles all
+    code in LTO (link time optimization) and then performs an edge inserting
+    instrumentation which is 100% collision free (collisions are a big issue
+    in afl and afl-like instrumentations). This is performed by using
+    afl-clang-lto/afl-clang-lto++ instead of afl-clang-fast, but is only
+    built if LLVM 9 or newer is used.
+
+    None of these options are necessary to be used and are rather for manual
+    use (which only ever the author of this LTO implementation will use ;-)
+    These are used if several seperated instrumentation are performed which
+    are then later combined.
 
    - AFL_LLVM_LTO_STARTID sets the starting location ID for the instrumentation.
      This defaults to 1
    - AFL_LLVM_LTO_DONTWRITEID prevents that the highest location ID written
      into the instrumentation is set in a global variable
 
+    Instrim, LTO and ngram modes can not be used together.
+    See llvm_mode/README.LTO.md for more information.
+
 ### LAF-INTEL
 
     This great feature will split compares to series of single byte comparisons
@@ -149,8 +152,17 @@ are then later combined.
       functions with a single basic block. This is useful for most C and
       some C++ targets.
 
+    Instrim, LTO and ngram modes can not be used together.
     See llvm_mode/README.instrim.md
 
+### NGRAM
+
+    - Setting AFL_LLVM_NGRAM_SIZE activates ngram prev_loc coverage, good
+      values are 2, 4 or 8.
+
+    Instrim, LTO and ngram modes can not be used together.
+    See llvm_mode/README.ngram.md
+
 ### NOT_ZERO
 
     - Setting AFL_LLVM_NOT_ZERO=1 during compilation will use counters
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-05-19 18:09:59 +0000