Fix punctuation in connection with "however"

docs/FAQ.md

@@ -12,7 +12,9 @@ If you find an interesting or important question missing, submit it via
 
   American Fuzzy Lop (AFL) was developed by Michał "lcamtuf" Zalewski starting in 2013/2014, and when he left Google end of 2017 he stopped developing it.
 
-  At the end of 2019, the Google fuzzing team took over maintenance of AFL, however it is only accepting PRs from the community and is not developing enhancements anymore.
+  At the end of 2019, the Google fuzzing team took over maintenance of AFL,
+  however, it is only accepting PRs from the community and is not developing
+  enhancements anymore.
 
   In the second quarter of 2019, 1 1/2 years later, when no further development of AFL had happened and it became clear there would none be coming, AFL++ was born, where initially community patches were collected and applied for bug fixes and enhancements.
   Then from various AFL spin-offs - mostly academic research - features were integrated.
@@ -121,8 +123,10 @@ If you find an interesting or important question missing, submit it via
   Sending the same input again and again should take the exact same path through the target every time.
   If that is the case, the stability is 100%.
 
-  If however randomness happens, e.g. a thread reading other external data, reaction to timing, etc., then in some of the re-executions with the same data the edge coverage result will be different accross runs.
+  If, however, randomness happens, e.g. a thread reading other external data,
-  Those edges that change are then flagged "unstable".
+  reaction to timing, etc., then in some of the re-executions with the same data
+  the edge coverage result will be different accross runs. Those edges that
+  change are then flagged "unstable".
 
   The more "unstable" edges, the more difficult for AFL++ to identify valid new paths.
 

docs/best_practices.md

@@ -54,9 +54,11 @@ to emulate the network. This is also much faster than the real network would be.
 See [utils/socket_fuzzing/](../utils/socket_fuzzing/).
 
 There is an outdated AFL++ branch that implements networking if you are
-desperate though: [https://github.com/AFLplusplus/AFLplusplus/tree/networking](https://github.com/AFLplusplus/AFLplusplus/tree/networking) -
+desperate though:
-however a better option is AFLnet ([https://github.com/aflnet/aflnet](https://github.com/aflnet/aflnet))
+[https://github.com/AFLplusplus/AFLplusplus/tree/networking](https://github.com/AFLplusplus/AFLplusplus/tree/networking)
-which allows you to define network state with different type of data packets.
+- however, a better option is AFLnet
+([https://github.com/aflnet/aflnet](https://github.com/aflnet/aflnet)) which
+allows you to define network state with different type of data packets.
 
 ## Improvements
 
@@ -72,13 +74,16 @@ which allows you to define network state with different type of data packets.
 
 ### Improving stability
 
-For fuzzing a 100% stable target that covers all edges is the best case.
+For fuzzing a 100% stable target that covers all edges is the best case. A 90%
-A 90% stable target that covers all edges is however better than a 100% stable target that ignores 10% of the edges.
+stable target that covers all edges is, however, better than a 100% stable
+target that ignores 10% of the edges.
 
 With instability, you basically have a partial coverage loss on an edge, with ignored functions you have a full loss on that edges.
 
-There are functions that are unstable, but also provide value to coverage, e.g., init functions that use fuzz data as input.
+There are functions that are unstable, but also provide value to coverage, e.g.,
-If however a function that has nothing to do with the input data is the source of instability, e.g., checking jitter, or is a hash map function etc., then it should not be instrumented.
+init functions that use fuzz data as input. If, however, a function that has
+nothing to do with the input data is the source of instability, e.g., checking
+jitter, or is a hash map function etc., then it should not be instrumented.
 
 To be able to exclude these functions (based on AFL++'s measured stability), the following process will allow to identify functions with variable edges.
 
@@ -116,8 +121,12 @@ Four steps are required to do this and it also requires quite some knowledge of
      If `PCGUARD` is used, then you need to follow this guide (needs llvm 12+!):
      [https://clang.llvm.org/docs/SanitizerCoverage.html#partially-disabling-instrumentation](https://clang.llvm.org/docs/SanitizerCoverage.html#partially-disabling-instrumentation)
 
-     Only exclude those functions from instrumentation that provide no value for coverage - that is if it does not process any fuzz data directly or indirectly (e.g. hash maps, thread management etc.).
+     Only exclude those functions from instrumentation that provide no value for
-     If however a function directly or indirectly handles fuzz data, then you should not put the function in a deny instrumentation list and rather live with the instability it comes with.
+     coverage - that is if it does not process any fuzz data directly or
+     indirectly (e.g. hash maps, thread management etc.). If, however, a
+     function directly or indirectly handles fuzz data, then you should not put
+     the function in a deny instrumentation list and rather live with the
+     instability it comes with.
 
   4. Recompile the target
 

docs/custom_mutators.md

@@ -112,11 +112,11 @@ def deinit():  # optional for Python
 
 - `fuzz_count` (optional):
 
-    When a queue entry is selected to be fuzzed, afl-fuzz selects the number
+    When a queue entry is selected to be fuzzed, afl-fuzz selects the number of
-    of fuzzing attempts with this input based on a few factors.
+    fuzzing attempts with this input based on a few factors. If, however, the
-    If however the custom mutator wants to set this number instead on how often
+    custom mutator wants to set this number instead on how often it is called
-    it is called for a specific queue entry, use this function.
+    for a specific queue entry, use this function. This function is most useful
-    This function is most useful if `AFL_CUSTOM_MUTATOR_ONLY` is **not** used.
+    if `AFL_CUSTOM_MUTATOR_ONLY` is **not** used.
 
 - `fuzz` (optional):
 

docs/fuzzing_in_depth.md

@@ -131,8 +131,8 @@ The following options are available when you instrument with LTO mode
   have to compile the target twice, once specifically with/for this mode by
   setting `AFL_LLVM_CMPLOG=1`, and pass this binary to afl-fuzz via the `-c`
   parameter. Note that you can compile also just a cmplog binary and use that
-  for both however there will be a performance penality. You can read more about
+  for both, however, there will be a performance penality. You can read more
-  this in
+  about this in
   [instrumentation/README.cmplog.md](../instrumentation/README.cmplog.md).
 
 If you use LTO, LLVM or GCC_PLUGIN mode
@@ -151,7 +151,7 @@ only instrument parts of the target that you are interested in:
   inlined and then would not match! See
   [instrumentation/README.instrument_list.md](../instrumentation/README.instrument_list.md)
 
-There are many more options and modes available however these are most of the
+There are many more options and modes available, however, these are most of the
 time less effective. See:
 * [instrumentation/README.ctx.md](../instrumentation/README.ctx.md)
 * [instrumentation/README.ngram.md](../instrumentation/README.ngram.md)
@@ -369,8 +369,8 @@ This step is highly recommended!
 ### c) Minimizing all corpus files
 
 The shorter the input files that still traverse the same path within the target,
-the better the fuzzing will be. This minimization is done with `afl-tmin`
+the better the fuzzing will be. This minimization is done with `afl-tmin`,
-however it is a long process as this has to be done for every file:
+however, it is a long process as this has to be done for every file:
 
 ```
 mkdir input

docs/important_changes.md

@@ -15,8 +15,8 @@ With AFL++ 3.15 we introduced the following changes from previous behaviors:
 
 With AFL++ 3.14 we introduced the following changes from previous behaviors:
   * afl-fuzz: deterministic fuzzing it not a default for -M main anymore
-  * afl-cmin/afl-showmap -i now descends into subdirectories (afl-cmin.bash
+  * afl-cmin/afl-showmap -i now descends into subdirectories (afl-cmin.bash,
-    however does not)
+    however, does not)
 
 With AFL++ 3.10 we introduced the following changes from previous behaviors:
   * The '+' feature of the '-t' option now means to  auto-calculate the timeout

instrumentation/README.llvm.md

@@ -106,9 +106,10 @@ either setting `AFL_CC_COMPILER=LLVM` or pass the parameter `--afl-llvm` via
 CFLAGS/CXXFLAGS/CPPFLAGS.
 
 The tool honors roughly the same environmental variables as afl-gcc (see
-[docs/env_variables.md](../docs/env_variables.md)). This includes AFL_USE_ASAN,
+[docs/env_variables.md](../docs/env_variables.md)). This includes
-AFL_HARDEN, and AFL_DONT_OPTIMIZE. However AFL_INST_RATIO is not honored as it
+`AFL_USE_ASAN`, `AFL_HARDEN`, and `AFL_DONT_OPTIMIZE`. However, `AFL_INST_RATIO`
-does not serve a good purpose with the more effective PCGUARD analysis.
+is not honored as it does not serve a good purpose with the more effective
+PCGUARD analysis.
 
 ## 3) Options
 
@@ -125,8 +126,8 @@ For splitting memcmp, strncmp, etc., see
 Then there are different ways of instrumenting the target:
 
 1. An better instrumentation strategy uses LTO and link time instrumentation.
-   Note that not all targets can compile in this mode, however if it works it is
+   Note that not all targets can compile in this mode, however, if it works it
-   the best option you can use. To go with this option, use
+   is the best option you can use. To go with this option, use
    afl-clang-lto/afl-clang-lto++. See [README.lto.md](README.lto.md).
 
 2. Alternatively you can choose a completely different coverage method:

qemu_mode/README.persistent.md

@@ -17,10 +17,10 @@ The start of the persistent loop has to be set with environment variable
 `AFL_QEMU_PERSISTENT_ADDR`.
 
 This address can be the address of whatever instruction. Setting this address to
-the start of a function makes the usage simple. If the address is however within
+the start of a function makes the usage simple. If the address is, however,
-a function, either RET, OFFSET, or EXITS (see below in 2.2, 2.3, 2.6) have to be
+within a function, either RET, OFFSET, or EXITS (see below in 2.2, 2.3, 2.6)
-set. This address (as well as the RET address, see below) has to be defined in
+have to be set. This address (as well as the RET address, see below) has to be
-hexadecimal with the 0x prefix or as a decimal value.
+defined in hexadecimal with the 0x prefix or as a decimal value.
 
 If both RET and EXITS are not set, QEMU will assume that START points to a
 function and will patch the return address (on stack or in the link register) to

qemu_mode/libcompcov/README.md

@@ -18,7 +18,7 @@ and this module is not capable to log the coverage in this case.
 If you have the source code of the fuzzing target you should nto use this
 library and QEMU but build it with afl-clang-fast and the laf-intel options.
 
-To use this library make sure to preload it with AFL_PRELOAD.
+To use this library, make sure to preload it with AFL_PRELOAD.
 
 ```
   export AFL_PRELOAD=/path/to/libcompcov.so
@@ -32,6 +32,6 @@ Level 1 logs just comparison with immediates / read-only memory and level 2
 logs all the comparisons.
 
 The library make use of https://github.com/ouadev/proc_maps_parser and so it is
-Linux specific. However this is not a strict dependency, other UNIX operating
+Linux specific. However, this is not a strict dependency, other UNIX operating
-systems can be supported by replacing the code related to the
+systems can be supported by replacing the code related to the /proc/self/maps
-/proc/self/maps parsing.
+parsing.

utils/afl_network_proxy/README.md

@@ -34,16 +34,17 @@ afl-network-server -i 1111 -m 25M -t 1000 -- /bin/target -f @@
 
 ### on the (afl-fuzz) main node
 
-Just run afl-fuzz with your normal options, however the target should be
+Just run afl-fuzz with your normal options, however, the target should be
 `afl-network-client` with the IP and PORT of the `afl-network-server` and
 increase the -t value:
+
 ```
 afl-fuzz -i in -o out -t 2000+ -- afl-network-client TARGET-IP 1111
 ```
-Note the '+' on the -t parameter value. The afl-network-server will take
+
-care of proper timeouts hence afl-fuzz should not. The '+' increases the
+Note the '+' on the -t parameter value. The afl-network-server will take care of
-timeout and the value itself should be 500-1000 higher than the one on 
+proper timeouts hence afl-fuzz should not. The '+' increases the timeout and the
-afl-network-server.
+value itself should be 500-1000 higher than the one on afl-network-server.
 
 ### networking
 

utils/afl_untracer/README.md

@@ -5,9 +5,9 @@
 afl-untracer is an example skeleton file which can easily be used to fuzz
 a closed source library.
 
-It requires less memory and is x3-5 faster than qemu_mode however it is way
+It requires less memory and is x3-5 faster than qemu_mode, however, it is way
-more course grained and does not provide interesting features like compcov
+more course grained and does not provide interesting features like compcov or
-or cmplog.
+cmplog.
 
 Supported is so far Intel (i386/x86_64) and AARCH64.