From 314debb799f5e288c64c5e7938bc09e650420ae9 Mon Sep 17 00:00:00 2001
From: van Hauser <vh@thc.org>
Date: Wed, 8 Apr 2020 03:54:49 +0200
Subject: ctx done

---
 llvm_mode/README.ctx.md | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)
 create mode 100644 llvm_mode/README.ctx.md

(limited to 'llvm_mode/README.ctx.md')

diff --git a/llvm_mode/README.ctx.md b/llvm_mode/README.ctx.md
new file mode 100644
index 00000000..14255313
--- /dev/null
+++ b/llvm_mode/README.ctx.md
@@ -0,0 +1,22 @@
+# AFL Context Sensitive Branch Coverage
+
+## What is this?
+
+This is an LLVM-based implementation of the context sensitive branch coverage.
+
+Basically every function gets it's own ID and that ID is combined with the
+edges of the called functions.
+
+So if both function A and function B call a function C, the coverage
+collected in C will be different.
+
+In math the coverage is collected as follows:
+`map[current_location_ID ^ previous_location_ID >> 1 ^ previous_callee_ID] += 1`
+
+## Usage
+
+Set the `AFL_LLVM_INSTRUMENT=CTX` or `AFL_LLVM_CTX=1` environment variable.
+
+It is highly recommended to increase the MAP_SIZE_POW2 definition in
+config.h to at least 18 and maybe up to 20 for this as otherwise too
+many map collisions occur.
-- 
cgit 1.4.1