mirror of
https://github.com/AFLplusplus/AFLplusplus.git
synced 2025-06-11 09:41:35 +00:00
28 lines
977 B
Markdown
28 lines
977 B
Markdown
# NeverZero counters for LLVM instrumentation
|
|
|
|
## Usage
|
|
|
|
In larger, complex or reiterative programs the counters that collect the edge
|
|
coverage can easily fill up and wrap around.
|
|
This is not that much of an issue - unless by chance it wraps just to a value
|
|
of zero when the program execution ends.
|
|
In this case afl-fuzz is not able to see that the edge has been accessed and
|
|
will ignore it.
|
|
|
|
NeverZero prevents this behaviour. If a counter wraps, it jumps over the value
|
|
0 directly to a 1. This improves path discovery (by a very little amount)
|
|
at a very little cost (one instruction per edge).
|
|
|
|
(The alternative of saturated counters has been tested also and proved to be
|
|
inferior in terms of path discovery.)
|
|
|
|
This is implemented in afl-gcc, however for llvm_mode this is optional if
|
|
the llvm version is below 9 - as there is a perfomance bug that is only fixed
|
|
in version 9 and onwards.
|
|
|
|
If you want to enable this for llvm < 9 then set
|
|
|
|
```
|
|
export AFL_LLVM_NOT_ZERO=1
|
|
```
|