From 898353c87ae2b7e212e1012e847f02f8e18f9428 Mon Sep 17 00:00:00 2001
From: van Hauser <vh@thc.org>
Date: Mon, 3 Aug 2020 14:17:51 +0200
Subject: [PATCH 1/7] enforce no built-ins for lto

---
 llvm_mode/afl-clang-fast.c | 10 +---------
 1 file changed, 1 insertion(+), 9 deletions(-)

diff --git a/llvm_mode/afl-clang-fast.c b/llvm_mode/afl-clang-fast.c
index 738433ac..484943d2 100644
--- a/llvm_mode/afl-clang-fast.c
+++ b/llvm_mode/afl-clang-fast.c
@@ -255,12 +255,6 @@ static void edit_params(u32 argc, char **argv, char **envp) {
   if (getenv("LAF_TRANSFORM_COMPARES") ||
       getenv("AFL_LLVM_LAF_TRANSFORM_COMPARES")) {
 
-    if (!be_quiet && getenv("AFL_LLVM_LTO_AUTODICTIONARY") && lto_mode)
-      WARNF(
-          "using AFL_LLVM_LAF_TRANSFORM_COMPARES together with "
-          "AFL_LLVM_LTO_AUTODICTIONARY makes no sense. Use only "
-          "AFL_LLVM_LTO_AUTODICTIONARY.");
-
     cc_params[cc_par_cnt++] = "-Xclang";
     cc_params[cc_par_cnt++] = "-load";
     cc_params[cc_par_cnt++] = "-Xclang";
@@ -472,9 +466,7 @@ static void edit_params(u32 argc, char **argv, char **envp) {
   }
 
   if (getenv("AFL_NO_BUILTIN") || getenv("AFL_LLVM_LAF_TRANSFORM_COMPARES") ||
-      getenv("LAF_TRANSFORM_COMPARES") ||
-      (lto_mode && (getenv("AFL_LLVM_LTO_AUTODICTIONARY") ||
-                    getenv("AFL_LLVM_AUTODICTIONARY")))) {
+      getenv("LAF_TRANSFORM_COMPARES") || lto_mode) {
 
     cc_params[cc_par_cnt++] = "-fno-builtin-strcmp";
     cc_params[cc_par_cnt++] = "-fno-builtin-strncmp";

From f18c2eb8ae0b2d6c0d4147684b8efcaa1a0b2aae Mon Sep 17 00:00:00 2001
From: hexcoder- <heiko@hexco.de>
Date: Mon, 3 Aug 2020 15:16:46 +0200
Subject: [PATCH 2/7] no support for DragonFlyBSD.

---
 libtokencap/Makefile | 17 ++++++++---------
 1 file changed, 8 insertions(+), 9 deletions(-)

diff --git a/libtokencap/Makefile b/libtokencap/Makefile
index 8bdfa5ac..8edda394 100644
--- a/libtokencap/Makefile
+++ b/libtokencap/Makefile
@@ -28,21 +28,20 @@ UNAME_S =$(shell uname -s)# GNU make
 UNAME_S:sh=uname -s       # BSD make
 _UNIQ=_QINU_
 
-     _OS_DL = $(_UNIQ)$(UNAME_S)
-    __OS_DL =     $(_OS_DL:$(_UNIQ)Linux=$(_UNIQ))
-   ___OS_DL =    $(__OS_DL:$(_UNIQ)Darwin=$(_UNIQ))
-  ____OS_DL =   $(___OS_DL:$(_UNIQ)DragonFly=$(_UNIQ))
- _____OS_DL =  $(____OS_DL:$(_UNIQ)$(UNAME_S)=)
-______OS_DL = $(_____OS_DL:$(_UNIQ)="-ldl")
+    _OS_DL = $(_UNIQ)$(UNAME_S)
+   __OS_DL =     $(_OS_DL:$(_UNIQ)Linux=$(_UNIQ))
+  ___OS_DL =    $(__OS_DL:$(_UNIQ)Darwin=$(_UNIQ))
+ ____OS_DL =   $(___OS_DL:$(_UNIQ)$(UNAME_S)=)
+_____OS_DL =  $(____OS_DL:$(_UNIQ)="-ldl")
 
-     _OS_TARGET = $(____OS_DL:$(_UNIQ)FreeBSD=$(_UNIQ))
+     _OS_TARGET = $(___OS_DL:$(_UNIQ)FreeBSD=$(_UNIQ))
     __OS_TARGET =     $(_OS_TARGET:$(_UNIQ)OpenBSD=$(_UNIQ))
    ___OS_TARGET =    $(__OS_TARGET:$(_UNIQ)NetBSD=$(_UNIQ))
   ____OS_TARGET =   $(___OS_TARGET:$(_UNIQ)Haiku=$(_UNIQ))
  _____OS_TARGET =  $(____OS_TARGET:$(_UNIQ)SunOS=$(_UNIQ))
-______OS_TARGET =  $(____OS_TARGET:$(_UNIQ)$(UNAME_S)=)
+______OS_TARGET = $(_____OS_TARGET:$(_UNIQ)$(UNAME_S)=)
 
-TARGETS       =  $(_____OS_TARGET:$(_UNIQ)=libtokencap.so)
+TARGETS       =  $(______OS_TARGET:$(_UNIQ)=libtokencap.so)
 
 LDFLAGS     += $(______OS_DL)
 

From ed63364a777dd7a01a0cfdba938888707053e192 Mon Sep 17 00:00:00 2001
From: van Hauser <vh@thc.org>
Date: Mon, 3 Aug 2020 18:13:06 +0200
Subject: [PATCH 3/7] add touch shmem in forkserver, add binary library and
 patches.txt for easy testing

---
 examples/afl_untracer/afl-untracer.c  |   2 +
 examples/afl_untracer/libtestinstr.so | Bin 0 -> 17152 bytes
 examples/afl_untracer/patches.txt     |  57 +++++++++++++++-----------
 3 files changed, 36 insertions(+), 23 deletions(-)
 create mode 100755 examples/afl_untracer/libtestinstr.so

diff --git a/examples/afl_untracer/afl-untracer.c b/examples/afl_untracer/afl-untracer.c
index 77b15eb8..f6dbbcd6 100644
--- a/examples/afl_untracer/afl-untracer.c
+++ b/examples/afl_untracer/afl-untracer.c
@@ -437,6 +437,8 @@ inline static u32 __afl_next_testcase(u8 *buf, u32 max_len) {
   if (write(FORKSRV_FD + 1, &pid, 4) != 4) do_exit = 1;
   // fprintf(stderr, "write1 %d\n", do_exit);
 
+   __afl_area_ptr[0] = 1;  // put something in the map
+
   return status;
 
 }
diff --git a/examples/afl_untracer/libtestinstr.so b/examples/afl_untracer/libtestinstr.so
new file mode 100755
index 0000000000000000000000000000000000000000..389a946c882529d4ea3d7bd082ed637b27ce10ae
GIT binary patch
literal 17152
zcmeHOZ)_Y#6`#HJ*_WJSJO7H4v}6+5B}Mpbhvt7BpY7N=gOixx2o<$#*LUl?YwmW<
z?w(_Zwpc{8L{Xw31ga=skoZ9PSVUFv1y>DGp#r5+DV0zqQ(8z#p{W!qBT$a_cIKUT
z*XOnpf4;C|-M)FhdA~QaZ|7!qd^2Ai9vg`%3Zta5!wj|YHi4vN!NNhA0g-0=*&4X+
zVBE89ST0(Tdr}sXWYRCz5l3sOhvl4X5=kmY*mKE|42gT!n*66!N&0z>P}Y_b25pCf
zvOOkrE+z3$MIM(tE_oyuWIIVFgd4Ao*v|dZUs!fXJCfc#0XF`Yo5TDATo{BU*^?yR
z=YWUp{HTe-ep1%AT3l|*`y(k;@BTJHWh#7*9zVs>FCD$}l|RiqdEwIUZoJWb;GG-k
zi6^iv6hGw2_Cb?57J2$luI_xwQ&zcPJ9(Wl4X_P$aIA;d!9TSMJ_7j8I`*dk+rXMx
ze7z_vkd3D0%a*A*u5P=U#<bCiV_MFzjeOB@4SV9)P{}fl34O9;h_d=6T6R{~ri!Ls
zDxNi%YdCJvbX=QFS6qjcij&!tW2N@8qhq6kL)z}t?$jQye$km?O!5A5fYEcTY%Q+A
zXq&Q~)W4}eGI<~Evi}mkARX|uAQDdcV!y!g*<oxcUH9SG2Pob2;nX*=Y{`dv-+M`D
zPm4?w2yu6^AQDjoq6kD0h$0Y0Ac{Z~fhYn|1fmH1$0LwA_f8^nA^v(dW0|inxUuTB
z%(*Lx7i#rX_q+i`)y_BJ+PXarIn=$?(A$euNS)7sK6RN0nTvfd1CY5G|0Rk8OYUZH
zKZAL2zoxp_x_usPUyu^)zwg=a`7VlkZfDNl%sl_s{><}BYDT%5dHJ@x2^<Vd2Z`$9
zRO|L5%l!F19g0|``&8y!-`$waoPW!0&Rpml1m*gJ(8B8lxLl1N09|>I>LvO1SD^3|
za3BzEne&e>ov++F_vkJ5*!YFvTbb;&%!T2ljB@QN_=Q~Sv+TZ}N((glN(*>@_ja{<
zV;2?lE*HFt1+8HA8#H?nHRbXzFsfd>0}%!=N>K!&2t*NxA`nF&ia->BC<0Lgq6kD0
zh$0Y0;J+M!G0Qsb@KW)#!F7Jtur2Odylm`X<F?_tbKI%e26qd(%Zm<Jz;By7ycQid
zif+NM5#W~XG5dMOI>WzQ(Tk?*87bS;LmaGC_*{9nTD=eCn;`Lb%cpNvtB-)h-;gmW
zXHPO^woTdA+?2QsKQwj#b|-x1!JdO;Eo~z$?Vo8)o=MEJ{;h{T`RR_G2qPc<9l&P6
zj()pD9Jvp`rxWV&{#!B7()M_4XkBA03pJocl%fbk5r`rXMIeem6oDuLQ3Rq0L=lK0
z@P8fwxlfe#h0>l+T(e<n7NWNCbe+_vC2xz=Y5(aqsne2ctJG;9Dz4KoQTg9)S1r^Z
zlAA$kuV@c0A|c5=#Oxcge64`lSt*lJwo55#jHLx2X^hHg{fYZeF?~!3Hs2sJguf;o
zQ9FMq?O@Zbm&hOd)a$kXIcX2SE_*t~5tgH#{v%obcd6IfDgFJg1npxF*S9ycFZk%t
z&_TZIh%s5zP2Ss+>P_`@-FuJBG2C4(A}ivvV%K!Y{j;Ep04J0)kZ=AXT)N>?j~Gid
z-33LlhNhh;ltd9ltm#*t)_B^};)@{EhB*B1fyEMW>^2PvuSjXM(IVmXB=Ch#Dh@x(
zGi7sQxH{!~jgyrrD7nKx&NmB<CBp=D`xiVFz68p8rL$#YQf=ARvR>KH)CT<}*1?j=
z!vH}8WEP^(&<g12MyM;L^lwpH4kiyJ4<tXa1zG9#?+n5hr7_Obguq8P#;{%ZEmK)1
zTovUXE$iUw9nFBwqu{Ra+CK4A7EHi(2U`=Pdr&ti@y0*q<IOL|*Y?L7-FW=7@z&qQ
zlbCre-lm>;HLj>h9)sQE3hYtObMJ!js<~y$c*S&zdDF;oH0YkT^W6g@W7DOIgP-o4
zG1G0#>gDN@;dJX$C9Pt*ww^WYa4TzWvIX77g93c0cc1JvysPY1OrtMvn1)@<f~wou
zLf`EEy<L0n<z0E+b)tuNO^uHZ!BuzW%xuB7OsnE_Rm?L*GuP$fE_;VL1<Q7MttM=+
zfH3z#NrkA=xeULZ3VoTzpCGQ*#+@MEz-W95;&Ddb^B~^HXnY9bO^n8wAfBj=M?oA$
zA36ZwD^S^5#_QrqmadC8*UtO++(1uU$7oy+;?UK(9}#(#wbst9_)Ar2<a}NG^^E3;
zp#26$^Ft8d$m)$(D*P9a&M5@#H`m7fAbtnqX+I+JDvbWS>f$uI2RSOE*)ELJEEmRU
zHVor53x;tV_ks!Mkp}i&HHeCNIR>*co!g>v9Ow|A4?XuC5?=`6`v6ybalra84Z%l&
z6EWfE@-X1&pU#({Ev6axC;*0^@3#T3*Z$S+>j$2nHnzke6H4{`JOehdI{o%Jz!kRg
zx&Pe5SN5x4dv&es&%c*`!u{kg9=@`_sc>U4I4uWXfk0XVI1eB~=>)vqxu$)q*pGPj
zE6*v7uVVi&;5d!0NLkx;+{)AxOfAdDnKZYoW${3h!!#{tY59^hsh6~zYuS#bS7uq(
z!a2Y-a;cvB7I?_1sOh$?&uIos5_4?I*2{*LtCY)gK=ElBSh@kz(3GcXBPR!r4Qs>4
zkKoBG^o*4{mR8Ws93Hqja{uvxW1~ZW!c?OTXCxtW<Rn0FHjAi7$4(3mjA<uEMm|40
zp-l`7jtzrDtp5WKbm8f&blQI?D|8xcc_#JFg?)sxUqN>)<;;~~S_A3YLKY}zTCS1G
zo0ZgLrC7>!6?4qf3c6EZsob0iOd;VInO8Dn*iO+h1BwP^wo%fNAam0tm!-U0PeC@7
zw?K7`S-5%uPT5vYcXgIB3i4qUa^QqCK^0F;Fenc-=;dM-s<&M942|>rOgaurLBA<O
zcL2<otmJ{Bn|bJDQZ1TO7UlKHN!yqqtyDA(%Hw&te>>rb>_2-(?*k+|LNzpm^c3jt
z!#jLT;t$CTN#fJ{J*^+e&3?$>nuYkZt|3Y546GNvy0vu@%}8m$&^PhvJ%l8!i@?N7
z=)<2fpx_#X`1HO)66X(0)PAxfc?!yK%|kl9*O25$h7@kUK*bv`mJy%ce@N2(Q~eY_
zx_?vp9+VE}(HSI?WQTkhoma$f7BGwntt)Hev>dPD{XUSS`x@pz&d=wPSCchMk)dgT
z<YOUzS{9I``z1G|lYAn?r}>}cU7-g~^^(7fAwIqDk)-u4*@y4{Tar)Dk8x=!<^576
zLG32}Dac?GiND%;XR;61|8$5y&xIw)M~En8xc(mlj(wc^7rn30dFZe`=_G#!+*Ti-
z-jCXGV1Pt+LR;1ee+de(?@|5qeoN=g7ce-G=)Q?Z&+%(eh9<<P_uxfbO+(_|b@@Vk
zlCMCKpU=|Lwns=VRT9J_`8pK%`8+Kwx#W{wm{0m2AcHp4etNIkwF)2W@~7*dASTUg
zMa2Jj4G|gQlY9?g%KJ@6q{Fb^6}AAZz`)UrB>vRzv`$^ktMGez1@TKC!r!_I|B~bv
zK7@a_<cII`eaZjxDtx+Ul=R*8n=bAa+Ai<kE{tsl6<tz)pm7<;7kc)BA+Cx2LOxCv
W$-<E8Ej#M*FC7qs-Vh<AvVQ^eTotqc

literal 0
HcmV?d00001

diff --git a/examples/afl_untracer/patches.txt b/examples/afl_untracer/patches.txt
index b3063e3a..7e964249 100644
--- a/examples/afl_untracer/patches.txt
+++ b/examples/afl_untracer/patches.txt
@@ -1,23 +1,34 @@
-libtestinstr.so:0x2000L
-0x1050L
-0x1063L
-0x106fL
-0x1078L
-0x1080L
-0x10a4L
-0x10b0L
-0x10b8L
-0x10c0L
-0x10c9L
-0x10d7L
-0x10e3L
-0x10f8L
-0x1100L
-0x1105L
-0x111aL
-0x1135L
-0x1143L
-0x114eL
-0x115cL
-0x116aL
-0x116bL
+libtestinstr.so:0x1000
+0x10
+0x12
+0x20
+0x36
+0x30
+0x40
+0x50
+0x63
+0x6f
+0x78
+0x80
+0xa4
+0xb0
+0xb8
+0x100
+0xc0
+0xc9
+0xd7
+0xe3
+0xe8
+0xf8
+0x105
+0x11a
+0x135
+0x141
+0x143
+0x14e
+0x15a
+0x15c
+0x168
+0x16a
+0x16b
+0x170

From 38bed607d1f52ad7ede7792fe01163358a703953 Mon Sep 17 00:00:00 2001
From: Dominik Maier <domenukk@gmail.com>
Date: Mon, 3 Aug 2020 20:50:47 +0200
Subject: [PATCH 4/7] code format

---
 src/afl-fuzz-init.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c
index 396a20f0..2c17ffbb 100644
--- a/src/afl-fuzz-init.c
+++ b/src/afl-fuzz-init.c
@@ -490,9 +490,13 @@ void read_foreign_testcases(afl_state_t *afl, int first) {
 
       if (nl_cnt == 0) {
 
-        if (first)
+        if (first) {
+
           WARNF("directory %s is currently empty",
                 afl->foreign_syncs[iter].dir);
+
+        }
+
         continue;
 
       }
@@ -540,11 +544,15 @@ void read_foreign_testcases(afl_state_t *afl, int first) {
 
         if (st.st_size > MAX_FILE) {
 
-          if (first)
+          if (first) {
+
             WARNF(
                 "Test case '%s' is too big (%s, limit is %s), skipping", fn2,
                 stringify_mem_size(val_buf[0], sizeof(val_buf[0]), st.st_size),
                 stringify_mem_size(val_buf[1], sizeof(val_buf[1]), MAX_FILE));
+
+          }
+
           ck_free(fn2);
           continue;
 

From e6e38d1703c5765a1d62cba211e881b0f34b959c Mon Sep 17 00:00:00 2001
From: van Hauser <vh@thc.org>
Date: Mon, 3 Aug 2020 21:25:32 +0200
Subject: [PATCH 5/7] give document edge id a unique id per module

---
 examples/afl_untracer/afl-untracer.c         |  2 +-
 llvm_mode/afl-llvm-lto-instrumentation.so.cc | 30 ++++++++++++++++++--
 2 files changed, 28 insertions(+), 4 deletions(-)

diff --git a/examples/afl_untracer/afl-untracer.c b/examples/afl_untracer/afl-untracer.c
index f6dbbcd6..cb6f948c 100644
--- a/examples/afl_untracer/afl-untracer.c
+++ b/examples/afl_untracer/afl-untracer.c
@@ -437,7 +437,7 @@ inline static u32 __afl_next_testcase(u8 *buf, u32 max_len) {
   if (write(FORKSRV_FD + 1, &pid, 4) != 4) do_exit = 1;
   // fprintf(stderr, "write1 %d\n", do_exit);
 
-   __afl_area_ptr[0] = 1;  // put something in the map
+  __afl_area_ptr[0] = 1;  // put something in the map
 
   return status;
 
diff --git a/llvm_mode/afl-llvm-lto-instrumentation.so.cc b/llvm_mode/afl-llvm-lto-instrumentation.so.cc
index 5686eb56..4023c1d6 100644
--- a/llvm_mode/afl-llvm-lto-instrumentation.so.cc
+++ b/llvm_mode/afl-llvm-lto-instrumentation.so.cc
@@ -105,6 +105,11 @@ bool AFLLTOPass::runOnModule(Module &M) {
   char *                           ptr;
   FILE *                           documentFile = NULL;
 
+  srand((unsigned int)time(NULL));
+
+  unsigned long long int moduleID =
+      (((unsigned long long int)(rand() & 0xffffffff)) << 32) | getpid();
+
   IntegerType *Int8Ty = IntegerType::getInt8Ty(C);
   IntegerType *Int32Ty = IntegerType::getInt32Ty(C);
   IntegerType *Int64Ty = IntegerType::getInt64Ty(C);
@@ -189,13 +194,32 @@ bool AFLLTOPass::runOnModule(Module &M) {
   ConstantInt *Zero = ConstantInt::get(Int8Ty, 0);
   ConstantInt *One = ConstantInt::get(Int8Ty, 1);
 
+  /* This dumps all inialized global strings - might be useful in the future
+  for (auto G=M.getGlobalList().begin(); G!=M.getGlobalList().end(); G++) {
+
+    GlobalVariable &GV=*G;
+    if (!GV.getName().str().empty()) {
+
+      fprintf(stderr, "Global Variable: %s", GV.getName().str().c_str());
+      if (GV.hasInitializer())
+        if (auto *Val = dyn_cast<ConstantDataArray>(GV.getInitializer()))
+          fprintf(stderr, " Value: \"%s\"", Val->getAsString().str().c_str());
+      fprintf(stderr, "\n");
+
+    }
+
+  }
+
+  */
+
   /* Instrument all the things! */
 
   int inst_blocks = 0;
 
   for (auto &F : M) {
 
-    // fprintf(stderr, "DEBUG: Function %s\n", F.getName().str().c_str());
+    // fprintf(stderr, "DEBUG: Module %s Function %s\n",
+    // M.getName().str().c_str(), F.getName().str().c_str());
 
     if (F.size() < function_minimum_size) continue;
     if (isIgnoreFunction(&F)) continue;
@@ -603,8 +627,8 @@ bool AFLLTOPass::runOnModule(Module &M) {
 
           if (documentFile) {
 
-            fprintf(documentFile, "%s %u\n", F.getName().str().c_str(),
-                    afl_global_id);
+            fprintf(documentFile, "ModuleID=%llu Function=%s edgeID=%u\n",
+                    moduleID, F.getName().str().c_str(), afl_global_id);
 
           }
 

From 76888fdf59ba018aee29d433017c8f01fbedb102 Mon Sep 17 00:00:00 2001
From: hexcoder- <heiko@hexco.de>
Date: Mon, 3 Aug 2020 23:11:58 +0200
Subject: [PATCH 6/7] bugfix libtokencap Makefile

---
 libtokencap/Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libtokencap/Makefile b/libtokencap/Makefile
index 8edda394..244ee58f 100644
--- a/libtokencap/Makefile
+++ b/libtokencap/Makefile
@@ -43,7 +43,7 @@ ______OS_TARGET = $(_____OS_TARGET:$(_UNIQ)$(UNAME_S)=)
 
 TARGETS       =  $(______OS_TARGET:$(_UNIQ)=libtokencap.so)
 
-LDFLAGS     += $(______OS_DL)
+LDFLAGS     += $(_____OS_DL)
 
 #ifeq "$(shell uname)" "Linux"
 #  TARGETS = libtokencap.so

From e1d20706ca97faf871abc03a9db3b551277d6b3f Mon Sep 17 00:00:00 2001
From: van Hauser <vh@thc.org>
Date: Tue, 4 Aug 2020 13:17:53 +0200
Subject: [PATCH 7/7] fix cmplog with lto

---
 llvm_mode/afl-clang-fast.c                   | 6 ++++++
 llvm_mode/afl-llvm-lto-instrumentation.so.cc | 4 +++-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/llvm_mode/afl-clang-fast.c b/llvm_mode/afl-clang-fast.c
index 484943d2..ef99e3f3 100644
--- a/llvm_mode/afl-clang-fast.c
+++ b/llvm_mode/afl-clang-fast.c
@@ -305,6 +305,11 @@ static void edit_params(u32 argc, char **argv, char **envp) {
 
   if (lto_mode) {
 
+    if (cmplog_mode)
+      unsetenv("AFL_LLVM_LTO_AUTODICTIONARY");
+    else
+      setenv("AFL_LLVM_LTO_AUTODICTIONARY", "1", 1);
+
     cc_params[cc_par_cnt++] = alloc_printf("-fuse-ld=%s", AFL_REAL_LD);
     cc_params[cc_par_cnt++] = "-Wl,--allow-multiple-definition";
     /*
@@ -392,6 +397,7 @@ static void edit_params(u32 argc, char **argv, char **envp) {
       continue;
 
     if (lto_mode && !strncmp(cur, "-fuse-ld=", 9)) continue;
+    if (lto_mode && !strncmp(cur, "--ld-path=", 10)) continue;
 
     cc_params[cc_par_cnt++] = cur;
 
diff --git a/llvm_mode/afl-llvm-lto-instrumentation.so.cc b/llvm_mode/afl-llvm-lto-instrumentation.so.cc
index 4023c1d6..38c3f202 100644
--- a/llvm_mode/afl-llvm-lto-instrumentation.so.cc
+++ b/llvm_mode/afl-llvm-lto-instrumentation.so.cc
@@ -86,7 +86,7 @@ class AFLLTOPass : public ModulePass {
   bool runOnModule(Module &M) override;
 
  protected:
-  int      afl_global_id = 1, autodictionary = 1;
+  int      afl_global_id = 1, autodictionary = 0;
   uint32_t function_minimum_size = 1;
   uint32_t inst_blocks = 0, inst_funcs = 0, total_instr = 0;
   uint64_t map_addr = 0x10000;
@@ -133,6 +133,8 @@ bool AFLLTOPass::runOnModule(Module &M) {
 
   }
 
+  if (getenv("AFL_LLVM_LTO_AUTODICTIONARY")) autodictionary = 1;
+
   if (getenv("AFL_LLVM_MAP_DYNAMIC")) map_addr = 0;
 
   if (getenv("AFL_LLVM_SKIPSINGLEBLOCK")) function_minimum_size = 2;