add CFI sanitizer

docs/Changelog.md

@@ -31,6 +31,7 @@ sending a mail to <afl-users+subscribe@googlegroups.com>.
                the last 5 queue entries
       - rare: puts focus on queue entries that hits rare branches, also ignores
               runtime
+  - llvm_mode: added Control Flow Integrity sanatizer (AFL_USE_CFISAN)
   - LTO collision free instrumented added in llvm_mode with afl-clang-lto -
     note that this mode is amazing, but quite some targets won't compile
   - Added llvm_mode NGRAM prev_loc coverage by Adrean Herrera

docs/env_variables.md

@@ -31,7 +31,9 @@ tools make fairly broad use of environmental variables:
 
     (You can also enable MSAN via AFL_USE_MSAN; ASAN and MSAN come with the
     same gotchas; the modes are mutually exclusive. UBSAN can be enabled
-    similarly by setting the environment variable AFL_USE_UBSAN=1)
+    similarly by setting the environment variable AFL_USE_UBSAN=1. Finally
+    there is the Control Flow Integrity sanitizer that can be activated by
+    AFL_USE_CFISAN=1)
 
   - Setting AFL_CC, AFL_CXX, and AFL_AS lets you use alternate downstream
     compilation tools, rather than the default 'clang', 'gcc', or 'as' binaries

docs/notes_for_asan.md

@@ -29,7 +29,7 @@ Note that ASAN is incompatible with -static, so be mindful of that.
 (You can also use AFL_USE_MSAN=1 to enable MSAN instead.)
 
 NOTE: if you run several slaves only one should run the target compiled with
-ASAN (and UBSAN), the others should run the target with no sanitizers
+ASAN (and UBSAN, CFISAN), the others should run the target with no sanitizers
 compiled in.
 
 There is also the option of generating a corpus using a non-ASAN binary, and