ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-08 08:11:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

update fuzzing_in_depth

Browse Source
This commit is contained in:
vanhauser-thc 2025-05-14 16:45:23 +02:00
parent b6d1247e7d
commit ef0c236427
1 changed files with 9 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
docs/fuzzing_in_depth.md
View File

@ -132,11 +132,15 @@ options are available:
locations. This technique is very fast and good - if the target does not locations. This technique is very fast and good - if the target does not
transform input data before comparison. Therefore, this technique is called transform input data before comparison. Therefore, this technique is called
`input to state` or `redqueen`. If you want to use this technique, then you `input to state` or `redqueen`. If you want to use this technique, then you
have to compile the target twice, once specifically with/for this mode by have to compile the target with `AFL_LLVM_CMPLOG=1`.
setting `AFL_LLVM_CMPLOG=1`, and pass this binary to afl-fuzz via the `-c` You could use the resulting binary for both normal fuzzing and `-c` CMPLOG
parameter. Note that you can compile also just a cmplog binary and use that mode (with `-c 0`), however this will result in a performance loss of about
for both, however, there will be a performance penalty. You can read more 20%.
about this in It is therefore better to compile a specific CMPLOG target with
`AFL_LLVM_ONLY_FSRV=1 AFL_LLVM_CMPLOG=1` and pass this binary name via
`-c cmplog-fuzzing-target` and compile target again normally with `afl-cc`
and use this is the fuzzing target as usual.
You can read more about this in
[instrumentation/README.cmplog.md](../instrumentation/README.cmplog.md). [instrumentation/README.cmplog.md](../instrumentation/README.cmplog.md).
If you use LTO, LLVM, or GCC_PLUGIN mode If you use LTO, LLVM, or GCC_PLUGIN mode