Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(157)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: third_party/afl/src/docs/env_variables.txt

Issue 2238013002: Roll src/third_party/afl/src/ 2.14b..2.30b (16 versions). (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Note in "Local Modifications" that we have removed dictionaries/. Created 4 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « third_party/afl/src/docs/README ('k') | third_party/afl/src/docs/life_pro_tips.txt » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: third_party/afl/src/docs/env_variables.txt
diff --git a/third_party/afl/src/docs/env_variables.txt b/third_party/afl/src/docs/env_variables.txt
index 16de03442364100602409484d80c16f0bd9d125b..fc2a6100b55527f5509e550b2f99715438376761 100644
--- a/third_party/afl/src/docs/env_variables.txt
+++ b/third_party/afl/src/docs/env_variables.txt
@@ -52,6 +52,9 @@ tools make fairly broad use of environmental variables:
Setting AFL_INST_RATIO to 0 is a valid choice. This will instrument only
the transitions between function entry points, but not individual branches.
+ - AFL_NO_BUILTIN causes the compiler to generate code suitable for use with
+ libtokencap.so (but perhaps running a bit slower than without the flag).
+
- TMPDIR is used by afl-as for temporary files; if this variable is not set,
the tool defaults to /tmp.
@@ -99,16 +102,15 @@ checks or alter some of the more exotic semantics of the tool:
normally done when starting up the forkserver and causes a pretty
significant performance drop.
- - Setting AFL_NO_VAR_CHECK skips the detection of variable test cases,
- greatly speeding up session resumption and path discovery for complex
- multi-threaded apps (but depriving you of a potentially useful signal
- in more orderly programs).
-
- AFL_EXIT_WHEN_DONE causes afl-fuzz to terminate when all existing paths
have been fuzzed and there were no new finds for a while. This would be
normally indicated by the cycle counter in the UI turning green. May be
convenient for some types of automated jobs.
+ - Setting AFL_NO_AFFINITY disables attempts to bind to a specific CPU core
+ on Linux systems. This slows things down, but lets you run more instances
+ of afl-fuzz than would be prudent (if you really want to).
+
- AFL_SKIP_CRASHES causes AFL to tolerate crashing files in the input
queue. This can help with rare situations where a program crashes only
intermittently, but it's not really recommended under normal operating
@@ -139,15 +141,16 @@ checks or alter some of the more exotic semantics of the tool:
- In QEMU mode (-Q), AFL_PATH will be searched for afl-qemu-trace.
- - Setting AFL_LD_PRELOAD causes AFL to set LD_PRELOAD for the target binary
- without disrupting the afl-fuzz process itself.
+ - Setting AFL_PRELOAD causes AFL to set LD_PRELOAD for the target binary
+ without disrupting the afl-fuzz process itself. This is useful, among other
+ things, for bootstrapping libdislocator.so.
- If you are Jakub, you may need AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES.
Others need not apply.
- Benchmarking only: AFL_BENCH_JUST_ONE causes the fuzzer to exit after
processing the first queue entry; and AFL_BENCH_UNTIL_CRASH causes it to
- exit when first crash is found.
+ exit soon after the first crash is found.
4) Settings for afl-qemu-trace
------------------------------
@@ -184,7 +187,29 @@ Virtually nothing to play with. Well, in QEMU mode (-Q), AFL_PATH will be
searched for afl-qemu-trace. In addition to this, TMPDIR may be used if a
temporary file can't be created in the current working directory.
-7) Third-party variables set by afl-fuzz & other tools
+7) Settings for libdislocator.so
+--------------------------------
+
+The library honors three environmental variables:
+
+ - AFL_LD_LIMIT_MB caps the size of the maximum heap usage permitted by the
+ library, in megabytes. The default value is 1 GB. Once this is exceeded,
+ allocations will return NULL.
+
+ - AFL_LD_HARD_FAIL alters the behavior by calling abort() on excessive
+ allocations, thus causing what AFL would perceive as a crash. Useful for
+ programs that are supposed to maintain a specific memory footprint.
+
+ - AFL_LD_VERBOSE causes the library to output some diagnostic messages
+ that may be useful for pinpointing the cause of any observed issues.
+
+8) Settings for libtokencap.so
+------------------------------
+
+This library accepts AFL_TOKEN_FILE to indicate the location to which the
+discovered tokens should be written.
+
+9) Third-party variables set by afl-fuzz & other tools
------------------------------------------------------
Several variables are not directly interpreted by afl-fuzz, but are set to
@@ -215,5 +240,6 @@ optimal values if not already present in the environment:
msan_track_origins=0
allocator_may_return_null=1
- Be sure to include the first one when customizing anything, since MSAN
- doesn't call abort() on error, and we need a way to detect faults.
+ Be sure to include the first one when customizing anything, since some
+ MSAN versions don't call abort() on error, and we need a way to detect
+ faults.
« no previous file with comments | « third_party/afl/src/docs/README ('k') | third_party/afl/src/docs/life_pro_tips.txt » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698