diff options
Diffstat (limited to 'llvm_mode/README.lto.md')
| -rw-r--r-- | llvm_mode/README.lto.md | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/llvm_mode/README.lto.md b/llvm_mode/README.lto.md index d8e4766d..110b5e9c 100644 --- a/llvm_mode/README.lto.md +++ b/llvm_mode/README.lto.md @@ -6,6 +6,8 @@ This version requires a current llvm 11 compiled from the github master. 1. Use afl-clang-lto/afl-clang-lto++ because it is faster and gives better coverage than anything else that is out there in the AFL world + 1a. Set AFL_LLVM_INSTRUMENT=CFG if you want the InsTrimLTO version + (recommended) 2. You can use it together with llvm_mode: laf-intel and whitelisting features and can be combined with cmplog/Redqueen @@ -41,7 +43,7 @@ and many dead ends until we got to this: -fsanitize=coverage edge coverage mode :) The result: - * 10-20% speed gain compared to llvm_mode + * 10-25% speed gain compared to llvm_mode * guaranteed non-colliding edge coverage :-) * The compile time especially for libraries can be longer @@ -80,11 +82,13 @@ Just use afl-clang-lto like you did with afl-clang-fast or afl-gcc. Also whitelisting (AFL_LLVM_WHITELIST -> [README.whitelist.md](README.whitelist.md)) and laf-intel/compcov (AFL_LLVM_LAF_* -> [README.laf-intel.md](README.laf-intel.md)) work. -Instrim does not - but we can not really use it anyway for our approach. +InsTrim (control flow graph instrumentation) is supported and recommended! + (set `AFL_LLVM_INSTRUMENT=CFG`) Example: ``` -CC=afl-clang-lto CXX=afl-clang-lto++ ./configure +CC=afl-clang-lto CXX=afl-clang-lto++ RANLIB=llvm-ranlib AR=llvm-ar ./configure +export AFL_LLVM_INSTRUMENT=CFG make ``` |