diff options
Diffstat (limited to 'qemu_mode')
| -rw-r--r-- | qemu_mode/README.md | 6 | ||||
| -rw-r--r-- | qemu_mode/patches/afl-qemu-common.h | 2 |
2 files changed, 4 insertions, 4 deletions
diff --git a/qemu_mode/README.md b/qemu_mode/README.md index 76b74e17..3cf678e4 100644 --- a/qemu_mode/README.md +++ b/qemu_mode/README.md @@ -147,8 +147,8 @@ non-instrumented binary with the same optimization flags that are normally injected by afl-gcc, and make sure that the bits to be tested are statically linked into the binary. A common way to do this would be: -$ CFLAGS="-O3 -funroll-loops" ./configure --disable-shared -$ make clean all +CFLAGS="-O3 -funroll-loops" ./configure --disable-shared +make clean all Comparative measurements of execution speed or instrumentation coverage will be fairly meaningless if the optimization levels or instrumentation scopes don't @@ -157,7 +157,7 @@ match. ## 10) Gotchas, feedback, bugs If you need to fix up checksums or do other cleanup on mutated test cases, see -examples/post_library/ for a viable solution. +examples/custom_mutators/ for a viable solution. Do not mix QEMU mode with ASAN, MSAN, or the likes; QEMU doesn't appreciate the "shadow VM" trick employed by the sanitizers and will probably just diff --git a/qemu_mode/patches/afl-qemu-common.h b/qemu_mode/patches/afl-qemu-common.h index dbdb41bc..057e1b62 100644 --- a/qemu_mode/patches/afl-qemu-common.h +++ b/qemu_mode/patches/afl-qemu-common.h @@ -42,7 +42,7 @@ #ifdef CPU_NB_REGS #define AFL_REGS_NUM CPU_NB_REGS #elif TARGET_ARM - #define AFL_REGS_NUM 32 + #define AFL_REGS_NUM 16 #elif TARGET_AARCH64 #define AFL_REGS_NUM 32 #else |