add documentation for AFL_LLVM_THREADSAFE_INST

2025-06-16 20:08:07 +00:00 · 2021-05-30 12:43:30 +02:00
parent c9539aa6b7
commit eb74a7a800
5 changed files with 16 additions and 0 deletions
--- a/docs/Changelog.md
+++ b/docs/Changelog.md
@ -35,6 +35,7 @@ sending a mail to <afl-users+subscribe@googlegroups.com>.
    - Removed automatic linking with -lc++ for LTO mode
  - utils/aflpp_driver/aflpp_qemu_driver_hook fixed to work with qemu mode
  - add -d (add dead fuzzer stats) to afl-whatsup
+  - add thread safe counters for LLVM CLASSIC (set AFL_LLVM_THREADSAFE_INST)

 ### Version ++3.12c (release)
  - afl-fuzz:
--- a/docs/env_variables.md
+++ b/docs/env_variables.md
@ -231,6 +231,11 @@ Then there are a few specific features that are only available in instrumentatio

  See [instrumentation/README.instrument_list.md](../instrumentation/README.instrument_list.md) for more information.

+### Thread safe instrumentation counters (in mode LLVM CLASSIC)
+   - Setting `AFL_LLVM_THREADSAFE_INST` will inject code that implements thread safe counters.
+     The overhead is a bit higher compared to the older non-thread safe case. 
+     `AFL_LLVM_NOT_ZERO` and `AFL_LLVM_SKIP_NEVERZERO` are supported (see below). 
+
 ### NOT_ZERO

   - Setting `AFL_LLVM_NOT_ZERO=1` during compilation will use counters
--- a/instrumentation/README.llvm.md
+++ b/instrumentation/README.llvm.md
@ -144,6 +144,10 @@ is not optimal and was only fixed in llvm 9.
 You can set this with AFL_LLVM_NOT_ZERO=1
 See [README.neverzero.md](README.neverzero.md)

+Support for thread safe counters has been added for mode LLVM CLASSIC.
+Activate it with `AFL_LLVM_THREADSAFE_INST=1`. The tradeoff is better precision in 
+multi threaded apps for a slightly higher instrumentation overhead.
+
 ## 4) Snapshot feature

 To speed up fuzzing you can use a linux loadable kernel module which enables
--- a/instrumentation/README.neverzero.md
+++ b/instrumentation/README.neverzero.md
@ -33,3 +33,8 @@ AFL_LLVM_SKIP_NEVERZERO=1
 ```
 If the target does not have extensive loops or functions that are called
 a lot then this can give a small performance boost.
+
+Please note that the default counter implementations are not thread safe!
+
+Support for thread safe counters in mode LLVM CLASSIC can be activated with setting
+`AFL_LLVM_THREADSAFE_INST=1`.
--- a/src/afl-cc.c
+++ b/src/afl-cc.c
@ -1757,6 +1757,7 @@ int main(int argc, char **argv, char **envp) {
        SAYF(
            "\nLLVM/LTO/afl-clang-fast/afl-clang-lto specific environment "
            "variables:\n"
+            "  AFL_LLVM_THREADSAFE_INST: instrument with thread safe counters\n"

            COUNTER_BEHAVIOUR