From ffad6f3f095fce0a6a570727fb97593873a64b26 Mon Sep 17 00:00:00 2001
From: tocic <tocic@protonmail.ch>
Date: Sat, 10 Sep 2022 07:41:19 +0300
Subject: Fix typos in docs

---
 docs/fuzzing_in_depth.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'docs/fuzzing_in_depth.md')

diff --git a/docs/fuzzing_in_depth.md b/docs/fuzzing_in_depth.md
index 92c9910b..a0bf1566 100644
--- a/docs/fuzzing_in_depth.md
+++ b/docs/fuzzing_in_depth.md
@@ -523,7 +523,7 @@ mode!) and switch the input directory with a dash (`-`):
 afl-fuzz -i - -o output -- bin/target -someopt @@
 ```
 
-Adding a dictionary is helpful. You have to following options:
+Adding a dictionary is helpful. You have the following options:
 
 * See the directory
 [dictionaries/](../dictionaries/), if something is already included for your
@@ -672,7 +672,7 @@ The syncing process itself is very simple. As the `-M main-$HOSTNAME` instance
 syncs to all `-S` secondaries as well as to other fuzzers, you have to copy only
 this directory to the other machines.
 
-Lets say all servers have the `-o out` directory in /target/foo/out, and you
+Let's say all servers have the `-o out` directory in /target/foo/out, and you
 created a file `servers.txt` which contains the hostnames of all participating
 servers, plus you have an ssh key deployed to all of them, then run:
 
-- 
cgit v1.2.3


From 2c39c51263fd38de50ef41ff30075c1282997e14 Mon Sep 17 00:00:00 2001
From: fedotoff <fedotoff@ispras.ru>
Date: Mon, 21 Nov 2022 15:18:19 +0300
Subject: casr-afl short description in fuzzing_in_depth.

---
 docs/fuzzing_in_depth.md | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

(limited to 'docs/fuzzing_in_depth.md')

diff --git a/docs/fuzzing_in_depth.md b/docs/fuzzing_in_depth.md
index a0bf1566..1645ba5c 100644
--- a/docs/fuzzing_in_depth.md
+++ b/docs/fuzzing_in_depth.md
@@ -900,6 +900,32 @@ then color-codes the input based on which sections appear to be critical and
 which are not; while not bulletproof, it can often offer quick insights into
 complex file formats.
 
+`casr-afl` from [CASR](https://github.com/ispras/casr) tools provides a
+straightforward CASR integration with AFL++. While walking through afl
+instances, `casr-afl` generates crash reports depending on target binary. For
+binary with ASAN `casr-san` is used, otherwise `casr-gdb`. On the next step
+report deduplication is done by `casr-cluster`. Finally, reports are triaged
+into clusters. Crash reports contain many useful information: severity
+(like [exploitable](https://github.com/jfoote/exploitable)), OS and package
+versions, command line, stack trace, register values, disassembly, and even
+source code fragment where crash appeared.
+
+**NOTE:** `casr-gdb` and `casr-san` should be in PATH to make `casr-afl` work.
+Before using casr-afl, please, follow the installation
+[guide](https://github.com/ispras/casr#getting-started). Using `casr-afl` is
+very simple:
+
+```shell
+casr-afl -i /path/to/afl/out/dir -o /path/to/casr/out/dir
+```
+
+Output directory contains subdirectories (cl1...clN) with report clusters. To
+view reports you could use `casr-cli` tool:
+
+```shell
+casr-cli /path/to/casr/out/dir/cl1/report.casrep
+```
+
 ## 5. CI fuzzing
 
 Some notes on continuous integration (CI) fuzzing - this fuzzing is different to
-- 
cgit v1.2.3


From a16726039f167548da86ce51d0cf4bd1b04e5374 Mon Sep 17 00:00:00 2001
From: vanhauser-thc <vh@thc.org>
Date: Mon, 21 Nov 2022 13:28:07 +0100
Subject: shorten text

---
 docs/fuzzing_in_depth.md | 25 +++----------------------
 1 file changed, 3 insertions(+), 22 deletions(-)

(limited to 'docs/fuzzing_in_depth.md')

diff --git a/docs/fuzzing_in_depth.md b/docs/fuzzing_in_depth.md
index 1645ba5c..87f31a58 100644
--- a/docs/fuzzing_in_depth.md
+++ b/docs/fuzzing_in_depth.md
@@ -900,32 +900,13 @@ then color-codes the input based on which sections appear to be critical and
 which are not; while not bulletproof, it can often offer quick insights into
 complex file formats.
 
-`casr-afl` from [CASR](https://github.com/ispras/casr) tools provides a
-straightforward CASR integration with AFL++. While walking through afl
-instances, `casr-afl` generates crash reports depending on target binary. For
-binary with ASAN `casr-san` is used, otherwise `casr-gdb`. On the next step
-report deduplication is done by `casr-cluster`. Finally, reports are triaged
-into clusters. Crash reports contain many useful information: severity
-(like [exploitable](https://github.com/jfoote/exploitable)), OS and package
-versions, command line, stack trace, register values, disassembly, and even
-source code fragment where crash appeared.
-
-**NOTE:** `casr-gdb` and `casr-san` should be in PATH to make `casr-afl` work.
-Before using casr-afl, please, follow the installation
-[guide](https://github.com/ispras/casr#getting-started). Using `casr-afl` is
-very simple:
-
+`casr-afl` from [CASR](https://github.com/ispras/casr) tools provides
+comfortable triaging for crashes found by AFL++. Reports are clustered and
+contain severity and other information.
 ```shell
 casr-afl -i /path/to/afl/out/dir -o /path/to/casr/out/dir
 ```
 
-Output directory contains subdirectories (cl1...clN) with report clusters. To
-view reports you could use `casr-cli` tool:
-
-```shell
-casr-cli /path/to/casr/out/dir/cl1/report.casrep
-```
-
 ## 5. CI fuzzing
 
 Some notes on continuous integration (CI) fuzzing - this fuzzing is different to
-- 
cgit v1.2.3


From 80eabd6e8a30c2ffc0f084ab34df8b9d582419c3 Mon Sep 17 00:00:00 2001
From: vanhauser-thc <vh@thc.org>
Date: Mon, 13 Feb 2023 11:34:14 +0100
Subject: AFL_LLVM_DICT2FILE_NO_MAIN support

---
 docs/fuzzing_in_depth.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'docs/fuzzing_in_depth.md')

diff --git a/docs/fuzzing_in_depth.md b/docs/fuzzing_in_depth.md
index 87f31a58..efab0633 100644
--- a/docs/fuzzing_in_depth.md
+++ b/docs/fuzzing_in_depth.md
@@ -534,6 +534,8 @@ dictionaries/FORMAT.dict`.
 * With `afl-clang-fast`, you can set
   `AFL_LLVM_DICT2FILE=/full/path/to/new/file.dic` to automatically generate a
   dictionary during target compilation.
+  Adding `AFL_LLVM_DICT2FILE_NO_MAIN=1` to not parse main (usually command line
+  parameter parsing) is often a good idea too.
 * You also have the option to generate a dictionary yourself during an
   independent run of the target, see
   [utils/libtokencap/README.md](../utils/libtokencap/README.md).
@@ -935,7 +937,7 @@ phase and start fuzzing at once.
 3. Also randomize the afl-fuzz runtime options, e.g.:
     * 65% for `AFL_DISABLE_TRIM`
     * 50% for `AFL_KEEP_TIMEOUTS`
-    * 50% use a dictionary generated by `AFL_LLVM_DICT2FILE`
+    * 50% use a dictionary generated by `AFL_LLVM_DICT2FILE` + `AFL_LLVM_DICT2FILE_NO_MAIN=1`
     * 40% use MOpt (`-L 0`)
     * 40% for `AFL_EXPAND_HAVOC_NOW`
     * 20% for old queue processing (`-Z`)
-- 
cgit v1.2.3


From ebaac23a514cd3950d4a6cb597bd921e13ab9baa Mon Sep 17 00:00:00 2001
From: vanhauser-thc <vh@thc.org>
Date: Mon, 20 Feb 2023 11:42:40 +0100
Subject: clarify AFL_NO_STARTUP_CALIBRATION

---
 docs/fuzzing_in_depth.md | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'docs/fuzzing_in_depth.md')

diff --git a/docs/fuzzing_in_depth.md b/docs/fuzzing_in_depth.md
index 87f31a58..2a088201 100644
--- a/docs/fuzzing_in_depth.md
+++ b/docs/fuzzing_in_depth.md
@@ -628,7 +628,8 @@ If you have a large corpus, a corpus from a previous run or are fuzzing in a CI,
 then also set `export AFL_CMPLOG_ONLY_NEW=1` and `export AFL_FAST_CAL=1`.
 If the queue in the CI is huge and/or the execution time is slow then you can
 also add `AFL_NO_STARTUP_CALIBRATION=1` to skip the initial queue calibration
-phase and start fuzzing at once.
+phase and start fuzzing at once - but only do this if the calibration phase
+would be too long for your fuzz run time.
 
 You can also use different fuzzers. If you are using AFL spinoffs or AFL
 conforming fuzzers, then just use the same -o directory and give it a unique
@@ -914,7 +915,8 @@ normal fuzzing campaigns as these are much shorter runnings.
 
 If the queue in the CI is huge and/or the execution time is slow then you can
 also add `AFL_NO_STARTUP_CALIBRATION=1` to skip the initial queue calibration
-phase and start fuzzing at once.
+phase and start fuzzing at once. But only do that if the calibration time is
+too long for your overall available fuzz run time.
 
 1. Always:
     * LTO has a much longer compile time which is diametrical to short fuzzing -
-- 
cgit v1.2.3