fixes

docs/binaryonly_fuzzing.md

@@ -15,9 +15,9 @@
   high enough. Otherwise try retrowrite, afl-dyninst and if these
   fail too then standard qemu_mode with AFL_ENTRYPOINT to where you need it.
 
-  If your a target is library use examples/afl_frida/.
+  If your target is a library use examples/afl_frida/.
 
-  If your target is non-linux then use unicorn_mode/
+  If your target is non-linux then use unicorn_mode/.
 
 
 ## QEMU

examples/afl_frida/GNUmakefile

@@ -0,0 +1,23 @@
+ifdef DEBUG
+  OPT=-O0 -D_DEBUG=\"1\"
+else
+  OPT=-O3 -funroll-loops
+endif
+
+all:	afl-frida libtestinstr.so
+
+libfrida-gum.a:
+	@echo Download and extract frida-gum-devkit-VERSION-PLATFORM.tar.xz for your platform from https://github.com/frida/frida/releases/latest
+	@exit 1
+	
+afl-frida:	afl-frida.c libfrida-gum.a
+	$(CC) -g $(OPT) -o afl-frida -Wno-format -Wno-pointer-sign -I. -fpermissive -fPIC afl-frida.c ../../afl-llvm-rt.o libfrida-gum.a -ldl -lresolv -pthread
+
+libtestinstr.so:        libtestinstr.c
+	$(CC) -g -O0 -fPIC -o libtestinstr.so -shared libtestinstr.c
+
+clean:
+	rm -f afl-frida *~ core *.o libtestinstr.so
+
+deepclean: clean
+	rm -f libfrida-gum.a frida-gum*

examples/afl_frida/Makefile

@@ -1,23 +1,2 @@
-ifdef DEBUG
+all:
-  OPT=-O0 -D_DEBUG=\"1\"
+	@echo please use GNU make, thanks!
-else
-  OPT=-O3 -funroll-loops
-endif
-
-all:	afl-frida libtestinstr.so
-
-libfrida-gum.a:
-	@echo Download and extract frida-gum-devkit-VERSION-PLATFORM.tar.xz for your platform from https://github.com/frida/frida/releases/latest
-	@exit 1
-	
-afl-frida:	afl-frida.c libfrida-gum.a
-	$(CC) -g $(OPT) -o afl-frida -Wno-format -Wno-pointer-sign -I. -fpermissive -fPIC afl-frida.c ../../afl-llvm-rt.o libfrida-gum.a -ldl -lresolv -pthread
-
-libtestinstr.so:        libtestinstr.c
-	$(CC) -g -O0 -fPIC -o libtestinstr.so -shared libtestinstr.c
-
-clean:
-	rm -f afl-frida *~ core *.o libtestinstr.so
-
-deepclean: clean
-	rm -f libfrida-gum.a frida-gum*

src/afl-fuzz.c

@@ -163,11 +163,13 @@ static void usage(afl_state_t *afl, u8 *argv0, int more_help) {
       "AFL_BENCH_UNTIL_CRASH: exit soon when the first crashing input has been found\n"
       "AFL_CUSTOM_MUTATOR_LIBRARY: lib with afl_custom_fuzz() to mutate inputs\n"
       "AFL_CUSTOM_MUTATOR_ONLY: avoid AFL++'s internal mutators\n"
+      "AFL_CYCLE_SCHEDULES: after completing a cycle, switch to a different -p schedule\n"
       "AFL_DEBUG: extra debugging output for Python mode trimming\n"
       "AFL_DEBUG_CHILD_OUTPUT: do not suppress stdout/stderr from target\n"
       "AFL_DISABLE_TRIM: disable the trimming of test cases\n"
       "AFL_DUMB_FORKSRV: use fork server without feedback from target\n"
       "AFL_EXIT_WHEN_DONE: exit when all inputs are run and no new finds are found\n"
+      "AFL_EXPAND_HAVOC_NOW: immediately enable expand havoc mode (default: after 60 minutes and a cycle without finds)\n"
       "AFL_FAST_CAL: limit the calibration stage to three cycles for speedup\n"
       "AFL_FORCE_UI: force showing the status screen (for virtual consoles)\n"
       "AFL_HANG_TMOUT: override timeout value (in milliseconds)\n"