From f807d7cefbc3c0e71cac6aad5cc28006f6a253be Mon Sep 17 00:00:00 2001 From: van Hauser Date: Mon, 24 Feb 2020 02:45:17 +0100 Subject: important InsTrim fixes! --- llvm_mode/afl-llvm-rt.o.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'llvm_mode/afl-llvm-rt.o.c') diff --git a/llvm_mode/afl-llvm-rt.o.c b/llvm_mode/afl-llvm-rt.o.c index 53852320..93b03bb2 100644 --- a/llvm_mode/afl-llvm-rt.o.c +++ b/llvm_mode/afl-llvm-rt.o.c @@ -129,7 +129,7 @@ static void __afl_map_shm(void) { __afl_area_ptr[0] = 1; } - + id_str = getenv(CMPLOG_SHM_ENV_VAR); if (id_str) { -- cgit 1.4.1 From 891b568678848f17e2502758569781f78b4fc0a2 Mon Sep 17 00:00:00 2001 From: hexcoder- Date: Tue, 25 Feb 2020 08:34:44 +0100 Subject: fix references to README docs --- afl-cmin.bash | 2 +- docs/Changelog.md | 18 +++++++++--------- docs/QuickStartGuide.md | 2 +- docs/env_variables.md | 2 +- docs/life_pro_tips.md | 4 ++-- docs/notes_for_asan.md | 2 +- docs/parallel_fuzzing.md | 2 +- docs/perf_tips.md | 4 ++-- docs/sister_projects.md | 4 ++-- docs/status_screen.md | 2 +- docs/technical_details.md | 4 ++-- gcc_plugin/afl-gcc-rt.o.c | 2 +- libdislocator/README.md | 2 +- libtokencap/README.md | 2 +- llvm_mode/README.md | 2 +- llvm_mode/afl-llvm-rt.o.c | 4 ++-- qemu_mode/README.md | 4 ++-- qemu_mode/libcompcov/libcompcov.so.c | 2 +- qemu_mode/patches/afl-qemu-cpu-inl.h | 2 +- src/afl-analyze.c | 2 +- src/afl-common.c | 4 ++-- src/afl-fuzz-init.c | 4 ++-- src/afl-fuzz.c | 6 +++--- src/afl-showmap.c | 2 +- 24 files changed, 42 insertions(+), 42 deletions(-) (limited to 'llvm_mode/afl-llvm-rt.o.c') diff --git a/afl-cmin.bash b/afl-cmin.bash index 948e0655..b1378eb5 100755 --- a/afl-cmin.bash +++ b/afl-cmin.bash @@ -126,7 +126,7 @@ Minimization settings: -C - keep crashing inputs, reject everything else -e - solve for edge coverage only, ignore hit counts -For additional tips, please consult docs/README. +For additional tips, please consult docs/README.md. Environment variables used: AFL_KEEP_TRACES: leave the temporary \.traces directory diff --git a/docs/Changelog.md b/docs/Changelog.md index 4e99bcac..2f8674c8 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -1,7 +1,7 @@ # Changelog This is the list of all noteworthy changes made in every public release of - the tool. See README for the general instruction manual. + the tool. See README.md for the general instruction manual. ## Staying informed @@ -45,7 +45,7 @@ sending a mail to . - now does not need to be recompiled between trace-pc and pass instrumentation. compile normally and set AFL_LLVM_USE_TRACE_PC :) - LLVM 11 is supported - - CmpLog instrumentation using SanCov (see llvm_mode/README.cmplog) + - CmpLog instrumentation using SanCov (see llvm_mode/README.cmplog.md) - afl-gcc, afl-clang-fast, afl-gcc-fast: - experimental support for undefined behaviour sanitizer UBSAN (set AFL_USE_UBSAN=1) @@ -189,7 +189,7 @@ sending a mail to . - fix llvm_mode AFL_TRACE_PC with modern llvm - fix a crash in qemu_mode which also exists in stock afl - added libcompcov, a laf-intel implementation for qemu! :) - see qemu_mode/libcompcov/README.libcompcov + see qemu_mode/libcompcov/README.libcompcov.md - afl-fuzz now displays the selected core in the status screen (blue {#}) - updated afl-fuzz and afl-system-config for new scaling governor location in modern kernels @@ -198,8 +198,8 @@ sending a mail to . - if llvm_mode was compiled, afl-clang/afl-clang++ will point to these instead of afl-gcc - added instrim, a much faster llvm_mode instrumentation at the cost of - path discovery. See llvm_mode/README.instrim (https://github.com/csienslab/instrim) - - added MOpt (github.com/puppet-meteor/MOpt-AFL) mode, see docs/README.MOpt + path discovery. See llvm_mode/README.instrim.md (https://github.com/csienslab/instrim) + - added MOpt (github.com/puppet-meteor/MOpt-AFL) mode, see docs/README.MOpt.md - added code to make it more portable to other platforms than Intel Linux - added never zero counters for afl-gcc and optionally (because of an optimization issue in llvm < 9) for llvm_mode (AFL_LLVM_NEVER_ZERO=1) @@ -229,11 +229,11 @@ sending a mail to . LLVM and Qemu modes are now faster. Important changes: afl-fuzz: -e EXTENSION commandline option - llvm_mode: LAF-intel performance (needs activation, see llvm/README.laf-intel) - a few new environment variables for afl-fuzz, llvm and qemu, see docs/env_variables.txt + llvm_mode: LAF-intel performance (needs activation, see llvm/README.laf-intel.md) + a few new environment variables for afl-fuzz, llvm and qemu, see docs/env_variables.md - Added the power schedules of AFLfast by Marcel Boehme, but set the default to the AFL schedule, not to the FAST schedule. So nothing changes unless - you use the new -p option :-) - see docs/power_schedules.txt + you use the new -p option :-) - see docs/power_schedules.md - added afl-system-config script to set all system performance options for fuzzing - llvm_mode works with llvm 3.9 up to including 8 ! - qemu_mode got upgraded from 2.1 to 3.1 - incorporated from @@ -476,7 +476,7 @@ sending a mail to . - Added libtokencap, a simple feature to intercept strcmp / memcmp and generate dictionary entries that can help extend coverage. - - Moved libdislocator to its own dir, added README. + - Moved libdislocator to its own dir, added README.md. - The demo in examples/instrumented_cmp is no more. diff --git a/docs/QuickStartGuide.md b/docs/QuickStartGuide.md index f9e3b256..1e1d60b7 100644 --- a/docs/QuickStartGuide.md +++ b/docs/QuickStartGuide.md @@ -27,7 +27,7 @@ how to hit the ground running: 4) Get a small but valid input file that makes sense to the program. When fuzzing verbose syntax (SQL, HTTP, etc), create a dictionary as described in - dictionaries/README.dictionaries, too. + dictionaries/README.md, too. 5) If the program reads from stdin, run 'afl-fuzz' like so: diff --git a/docs/env_variables.md b/docs/env_variables.md index c60821dc..9fc60187 100644 --- a/docs/env_variables.md +++ b/docs/env_variables.md @@ -2,7 +2,7 @@ This document discusses the environment variables used by American Fuzzy Lop++ to expose various exotic functions that may be (rarely) useful for power - users or for some types of custom fuzzing setups. See README for the general + users or for some types of custom fuzzing setups. See README.md for the general instruction manual. ## 1) Settings for afl-gcc, afl-clang, and afl-as - and gcc_plugin afl-gcc-fast diff --git a/docs/life_pro_tips.md b/docs/life_pro_tips.md index a0d90659..0724e83c 100644 --- a/docs/life_pro_tips.md +++ b/docs/life_pro_tips.md @@ -62,7 +62,7 @@ Specify `AFL_HARDEN=1` in the environment to enable hardening flags. ## Bumping into problems with non-reproducible crashes? It happens, but usually -isn't hard to diagnose. See section #7 in README for tips. +isn't hard to diagnose. See section #7 in README.md for tips. ## Fuzzing is not just about memory corruption issues in the codebase. Add some @@ -87,4 +87,4 @@ use a postprocessor! See examples/post_library/ for more. ## Dealing with a very slow target or hoping for instant results? -Specify `-d` when calling afl-fuzz! \ No newline at end of file +Specify `-d` when calling afl-fuzz! diff --git a/docs/notes_for_asan.md b/docs/notes_for_asan.md index 9c49dc1f..feac49f9 100644 --- a/docs/notes_for_asan.md +++ b/docs/notes_for_asan.md @@ -1,7 +1,7 @@ # Notes for using ASAN with afl-fuzz This file discusses some of the caveats for fuzzing under ASAN, and suggests - a handful of alternatives. See README for the general instruction manual. + a handful of alternatives. See README.md for the general instruction manual. ## 1) Short version diff --git a/docs/parallel_fuzzing.md b/docs/parallel_fuzzing.md index 0a2863fe..8b39df04 100644 --- a/docs/parallel_fuzzing.md +++ b/docs/parallel_fuzzing.md @@ -1,7 +1,7 @@ # Tips for parallel fuzzing This document talks about synchronizing afl-fuzz jobs on a single machine - or across a fleet of systems. See README for the general instruction manual. + or across a fleet of systems. See README.md for the general instruction manual. ## 1) Introduction diff --git a/docs/perf_tips.md b/docs/perf_tips.md index 41d74447..fcd03db7 100644 --- a/docs/perf_tips.md +++ b/docs/perf_tips.md @@ -1,7 +1,7 @@ ## Tips for performance optimization This file provides tips for troubleshooting slow or wasteful fuzzing jobs. - See README for the general instruction manual. + See README.md for the general instruction manual. ## 1. Keep your test cases small @@ -221,4 +221,4 @@ early on, you can always resort to the `-d` mode. The mode causes `afl-fuzz` to skip all the deterministic fuzzing steps, which makes output a lot less neat and can ultimately make the testing a bit less in-depth, but it will give you an experience more familiar from other fuzzing -tools. \ No newline at end of file +tools. diff --git a/docs/sister_projects.md b/docs/sister_projects.md index ecc3b924..1625044c 100644 --- a/docs/sister_projects.md +++ b/docs/sister_projects.md @@ -1,7 +1,7 @@ # Sister projects This doc lists some of the projects that are inspired by, derived from, -designed for, or meant to integrate with AFL. See README for the general +designed for, or meant to integrate with AFL. See README.md for the general instruction manual. !!! @@ -252,7 +252,7 @@ https://code.google.com/p/address-sanitizer/wiki/AsanCoverage#Coverage_counters ### AFL JS (Han Choongwoo) One-off optimizations to speed up the fuzzing of JavaScriptCore (now likely -superseded by LLVM deferred forkserver init - see llvm_mode/README.llvm). +superseded by LLVM deferred forkserver init - see llvm_mode/README.md). https://github.com/tunz/afl-fuzz-js diff --git a/docs/status_screen.md b/docs/status_screen.md index 066c2c07..0bc636c4 100644 --- a/docs/status_screen.md +++ b/docs/status_screen.md @@ -1,7 +1,7 @@ # Understanding the status screen This document provides an overview of the status screen - plus tips for -troubleshooting any warnings and red text shown in the UI. See README for +troubleshooting any warnings and red text shown in the UI. See README.md for the general instruction manual. ## A note about colors diff --git a/docs/technical_details.md b/docs/technical_details.md index d53b30e3..996bf162 100644 --- a/docs/technical_details.md +++ b/docs/technical_details.md @@ -1,7 +1,7 @@ # Technical "whitepaper" for afl-fuzz This document provides a quick overview of the guts of American Fuzzy Lop. -See README for the general instruction manual; and for a discussion of +See README.md for the general instruction manual; and for a discussion of motivations and design goals behind AFL, see historical_notes.md. ## 0. Design statement @@ -542,4 +542,4 @@ It uses the following classification scheme: takes place. - "Magic value section" - a generic token where changes cause the type of binary behavior outlined earlier, but that doesn't meet any of the - other criteria. May be an atomically compared keyword or so. \ No newline at end of file + other criteria. May be an atomically compared keyword or so. diff --git a/gcc_plugin/afl-gcc-rt.o.c b/gcc_plugin/afl-gcc-rt.o.c index 1831f935..356d0b6d 100644 --- a/gcc_plugin/afl-gcc-rt.o.c +++ b/gcc_plugin/afl-gcc-rt.o.c @@ -214,7 +214,7 @@ static void __afl_start_forkserver(void) { } -/* A simplified persistent mode handler, used as explained in README.llvm. */ +/* A simplified persistent mode handler, used as explained in README.md. */ int __afl_persistent_loop(unsigned int max_cnt) { diff --git a/libdislocator/README.md b/libdislocator/README.md index 4a11c138..873d8806 100644 --- a/libdislocator/README.md +++ b/libdislocator/README.md @@ -1,6 +1,6 @@ # libdislocator, an abusive allocator - (See ../docs/README for the general instruction manual.) + (See ../docs/README.md for the general instruction manual.) This is a companion library that can be used as a drop-in replacement for the libc allocator in the fuzzed binaries. It improves the odds of bumping into diff --git a/libtokencap/README.md b/libtokencap/README.md index 8aae38bf..0a3591eb 100644 --- a/libtokencap/README.md +++ b/libtokencap/README.md @@ -1,6 +1,6 @@ # strcmp() / memcmp() token capture library - (See ../docs/README for the general instruction manual.) + (See ../docs/README.md for the general instruction manual.) This companion library allows you to instrument `strcmp()`, `memcmp()`, and related functions to automatically extract syntax tokens passed to any of diff --git a/llvm_mode/README.md b/llvm_mode/README.md index ee6e51b5..e6c47c9c 100644 --- a/llvm_mode/README.md +++ b/llvm_mode/README.md @@ -2,7 +2,7 @@ (See [../README](../README.md) for the general instruction manual.) - (See [../gcc_plugin/README.gcc](../gcc_plugin/README.gcc.md) for the GCC-based instrumentation.) + (See [../gcc_plugin/README](../gcc_plugin/README.md) for the GCC-based instrumentation.) ## 1) Introduction diff --git a/llvm_mode/afl-llvm-rt.o.c b/llvm_mode/afl-llvm-rt.o.c index 93b03bb2..b3561cb2 100644 --- a/llvm_mode/afl-llvm-rt.o.c +++ b/llvm_mode/afl-llvm-rt.o.c @@ -260,7 +260,7 @@ static void __afl_start_forkserver(void) { } -/* A simplified persistent mode handler, used as explained in README.llvm. */ +/* A simplified persistent mode handler, used as explained in llvm_mode/README.md. */ int __afl_persistent_loop(unsigned int max_cnt) { @@ -346,7 +346,7 @@ __attribute__((constructor(CONST_PRIO))) void __afl_auto_init(void) { /* The following stuff deals with supporting -fsanitize-coverage=trace-pc-guard. It remains non-operational in the traditional, plugin-backed LLVM mode. - For more info about 'trace-pc-guard', see README.llvm. + For more info about 'trace-pc-guard', see llvm_mode/README.md. The first function (__sanitizer_cov_trace_pc_guard) is called back on every edge (as opposed to every basic block). */ diff --git a/qemu_mode/README.md b/qemu_mode/README.md index 0759f4fb..71a3ada7 100644 --- a/qemu_mode/README.md +++ b/qemu_mode/README.md @@ -1,6 +1,6 @@ # High-performance binary-only instrumentation for afl-fuzz - (See ../docs/README for the general instruction manual.) + (See ../docs/README.md for the general instruction manual.) ## 1) Introduction @@ -60,7 +60,7 @@ binary on x86_64) use QEMU_LD_PREFIX. ## 3) Bonus feature #1: deferred initialization -As for LLVM mode (refer to its README for mode details) QEMU mode supports +As for LLVM mode (refer to its README.md for mode details) QEMU mode supports the deferred initialization. This can be enabled setting the environment variable AFL_ENTRYPOINT which allows diff --git a/qemu_mode/libcompcov/libcompcov.so.c b/qemu_mode/libcompcov/libcompcov.so.c index ceb0a041..8e2c279b 100644 --- a/qemu_mode/libcompcov/libcompcov.so.c +++ b/qemu_mode/libcompcov/libcompcov.so.c @@ -15,7 +15,7 @@ This Linux-only companion library allows you to instrument strcmp(), memcmp(), and related functions to get compare coverage. - See README.compcov for more info. + See README.md for more info. */ diff --git a/qemu_mode/patches/afl-qemu-cpu-inl.h b/qemu_mode/patches/afl-qemu-cpu-inl.h index d4ae4b8d..63869898 100644 --- a/qemu_mode/patches/afl-qemu-cpu-inl.h +++ b/qemu_mode/patches/afl-qemu-cpu-inl.h @@ -407,7 +407,7 @@ void afl_forkserver(CPUState *cpu) { } -/* A simplified persistent mode handler, used as explained in README.llvm. */ +/* A simplified persistent mode handler, used as explained in llvm_mode/README.md. */ void afl_persistent_loop(void) { diff --git a/src/afl-analyze.c b/src/afl-analyze.c index 6816f6c8..3b91285c 100644 --- a/src/afl-analyze.c +++ b/src/afl-analyze.c @@ -798,7 +798,7 @@ static void usage(u8* argv0) { " -e - look for edge coverage only, ignore hit counts\n\n" - "For additional tips, please consult %s/README.\n\n", + "For additional tips, please consult %s/README.md.\n\n", argv0, EXEC_TIMEOUT, MEM_LIMIT, doc_path); diff --git a/src/afl-common.c b/src/afl-common.c index 330b1497..0f8094be 100644 --- a/src/afl-common.c +++ b/src/afl-common.c @@ -163,7 +163,7 @@ char** get_qemu_argv(u8* own_loc, char** argv, int argc) { SAYF("\n" cLRD "[-] " cRST "Oops, unable to find the 'afl-qemu-trace' binary. The binary must be " "built\n" - " separately by following the instructions in qemu_mode/README.qemu. " + " separately by following the instructions in qemu_mode/README.md. " "If you\n" " already have the binary installed, you may need to specify " "AFL_PATH in the\n" @@ -259,7 +259,7 @@ char** get_wine_argv(u8* own_loc, char** argv, int argc) { SAYF("\n" cLRD "[-] " cRST "Oops, unable to find the '%s' binary. The binary must be " "built\n" - " separately by following the instructions in qemu_mode/README.qemu. " + " separately by following the instructions in qemu_mode/README.md. " "If you\n" " already have the binary installed, you may need to specify " "AFL_PATH in the\n" diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index 93ecfe99..1858fabd 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -1980,11 +1980,11 @@ void check_binary(u8* fname) { "while\n" " mutating the input data. For more information, and for tips on " "how to\n" - " instrument binaries, please see %s/README.\n\n" + " instrument binaries, please see %s/README.md.\n\n" " When source code is not available, you may be able to leverage " "QEMU\n" - " mode support. Consult the README for tips on how to enable this.\n" + " mode support. Consult the README.md for tips on how to enable this.\n" " (It is also possible to use afl-fuzz as a traditional, \"dumb\" " "fuzzer.\n" diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 5fa737d7..cc895f74 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -112,7 +112,7 @@ static void usage(u8* argv0) { "entering the\n" " pacemaker mode (minutes of no new paths, 0 = " "immediately).\n" - " a recommended value is 10-60. see docs/README.MOpt\n" + " a recommended value is 10-60. see docs/README.MOpt.md\n" " -c program - enable CmpLog by specifying a binary compiled for " "it.\n" " if using QEMU, just use -c 0.\n\n" @@ -121,7 +121,7 @@ static void usage(u8* argv0) { " -N - do not unlink the fuzzing input file\n" " -d - quick & dirty mode (skips deterministic steps)\n" " -n - fuzz without instrumentation (dumb mode)\n" - " -x dir - optional fuzzer dictionary (see README, its really " + " -x dir - optional fuzzer dictionary (see README.md, its really " "good!)\n\n" "Testing settings:\n" @@ -1087,7 +1087,7 @@ stop_fuzzing: SAYF("\n" cYEL "[!] " cRST "Stopped during the first cycle, results may be incomplete.\n" - " (For info on resuming, see %s/README)\n", + " (For info on resuming, see %s/README.md)\n", doc_path); } diff --git a/src/afl-showmap.c b/src/afl-showmap.c index 5ea164f8..2f6a263f 100644 --- a/src/afl-showmap.c +++ b/src/afl-showmap.c @@ -647,7 +647,7 @@ static void usage(u8* argv0) { " -c - allow core dumps\n\n" "This tool displays raw tuple data captured by AFL instrumentation.\n" - "For additional help, consult %s/README.\n\n" cRST, + "For additional help, consult %s/README.md.\n\n" cRST, argv0, MEM_LIMIT, doc_path); -- cgit 1.4.1