about summary refs log tree commit diff
path: root/utils/optimin/README.md
diff options
context:
space:
mode:
Diffstat (limited to 'utils/optimin/README.md')
-rw-r--r--utils/optimin/README.md49
1 files changed, 34 insertions, 15 deletions
diff --git a/utils/optimin/README.md b/utils/optimin/README.md
index 5001b59d..ec9c4b0a 100644
--- a/utils/optimin/README.md
+++ b/utils/optimin/README.md
@@ -10,27 +10,46 @@ heuristic and/or greedy algorithms to identify these functionally distinct
 files. This means that minimized corpora are generally much smaller than those
 produced by other tools.
 
-## Usage
+## Building
 
-To build the `optimin` executable (when cloned from github):
+To build the `optimin` just execute the `build_optimin.sh` script.
 
-```bash
-# Ensure EvalMaxSAT is available
-git submodule init
-git submodule update
+## Running
 
-mkdir build
-cd build
+Running `optimin` is the same as running `afl-cmin`:
 
-# You may have to specify -DLLVM_DIR=`llvm-config --cmakedir` if you have a
-# non-standard LLVM install (e.g., install via apt)
-cmake ..
-make -j
-make install
+```
+Required parameters:
+  -i dir        - input directory with starting corpus
+  -o dir        - output directory for minimized files
+
+Execution control settings:
+  -f file       - location read by the fuzzed program (stdin)
+  -m megs       - memory limit for child process (none MB)
+  -t msec       - run time limit for child process (none)
+  -O            - use binary-only instrumentation (FRIDA mode)
+  -Q            - use binary-only instrumentation (QEMU mode)
+  -U            - use unicorn-based instrumentation (unicorn mode)
+
+Minimization settings:
+  -C            - keep crashing inputs, reject everything else
+  -e            - solve for edge coverage only, ignore hit counts
+
+For additional tips, please consult README.md
+
+Environment variables used:
+AFL_ALLOW_TMP: allow unsafe use of input/output directories under {/var}/tmp
+AFL_CRASH_EXITCODE: optional child exit code to be interpreted as crash
+AFL_FORKSRV_INIT_TMOUT: time the fuzzer waits for the forkserver to come up
+AFL_KEEP_TRACES: leave the temporary <out_dir>/.traces directory
+AFL_KILL_SIGNAL: Signal delivered to child processes on timeout (default: SIGKILL)
+AFL_NO_FORKSRV: run target via execve instead of using the forkserver
+AFL_PATH: path for the afl-showmap binary if not found anywhere in PATH
+AFL_PRINT_FILENAMES: If set, the filename currently processed will be printed to stdout
+AFL_SKIP_BIN_CHECK: skip afl instrumentation checks for target binary
 ```
 
-Otherwise, run the `build_optimin.sh` script. Running `optimin` is the same as
-running `afl-cmin`.
+Example: `optimin -i files -o seeds -- ./target @@`
 
 ### Weighted Minimizations
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-05-20 19:03:45 +0000