afl-cc(8) | System Manager's Manual | afl-cc(8) |
NAME
afl-cc - afl-cc++4.21c by Michal Zalewski, Laszlo Szekeres, Marc Heuse afl-cc
SYNOPSIS
afl-cc/afl-c++ [options]
OPTIONS
This is a helper application for afl-fuzz. It serves as a drop-in replacement for gcc and clang, letting you recompile third-party code with the required runtime instrumentation. A common use pattern would be one of the following: CC=afl-cc CXX=afl-c++ ./configure --disable-shared cmake -DCMAKE_C_COMPILERC=afl-cc -DCMAKE_CXX_COMPILER=afl-c++ . CC=afl-cc CXX=afl-c++ meson |------------- FEATURES -------------| MODES: NCC PERSIST DICT LAF CMPLOG SELECT [LLVM] LLVM: unavailable! PCGUARD unavailable! yes yes module yes yes yes NATIVE AVAILABLE no yes no no part. yes CLASSIC unavailable! no yes module yes yes yes - NORMAL - CALLER - CTX - NGRAM-{2-16} [LTO] LLVM LTO: unavailable! PCGUARD DEFAULT yes yes yes yes yes yes CLASSIC yes yes yes yes yes yes [GCC_PLUGIN] gcc plugin: unavailable! CLASSIC DEFAULT no yes no no no yes [GCC/CLANG] simple gcc/clang: AVAILABLE [SELECTED] CLASSIC DEFAULT no no no no no no Modes: To select the compiler mode use a symlink version (e.g. afl-clang-fast), set the environment variable AFL_CC_COMPILER to a mode (e.g. LLVM) or use the command line parameter --afl-MODE (e.g. --afl-llvm). If none is selected, afl-cc will select the best available (LLVM -> GCC_PLUGIN -> GCC). The best is LTO but it often needs RANLIB and AR settings outside of afl-cc. Sub-Modes: (set via env AFL_LLVM_INSTRUMENT, afl-cc selects the best available) PCGUARD: Dominator tree instrumentation (best!) (README.llvm.md) LLVM-NATIVE: use llvm's native PCGUARD instrumentation (less performant) CLASSIC: decision target instrumentation (README.llvm.md) CALLER: CLASSIC + single callee context (instrumentation/README.ctx.md) CTX: CLASSIC + full callee context (instrumentation/README.ctx.md) NGRAM-x: CLASSIC + previous path ((instrumentation/README.ngram.md) Features: (see documentation links) NCC: non-colliding coverage [automatic] (that is an amazing thing!) (instrumentation/README.lto.md) PERSIST: persistent mode support [code] (huge speed increase!) (instrumentation/README.persistent_mode.md) DICT: dictionary in the target [yes=automatic or LLVM module pass] (instrumentation/README.lto.md + instrumentation/README.llvm.md) LAF: comparison splitting [env] (instrumentation/README.laf-intel.md) CMPLOG: input2state exploration [env] (instrumentation/README.cmplog.md) SELECT: selective instrumentation (allow/deny) on filename or function [env] (instrumentation/README.instrument_list.md) To see all environment variables for the configuration of afl-cc use "-hh". For any information on the available instrumentations and options please consult the README.md, especially section 3.1 about instrumenting targets. Compiled with shmat support. Do not be overwhelmed :) afl-cc uses good defaults if no options are selected. Read the documentation for FEATURES though, all are good but few are defaults. Recommended is afl-clang-lto with AFL_LLVM_CMPLOG or afl-clang-fast with AFL_LLVM_CMPLOG and AFL_LLVM_DICT2FILE+AFL_LLVM_DICT2FILE_NO_MAIN.
AUTHOR
AFL++ was written by Michal "lcamtuf" Zalewski and is maintained by Marc "van Hauser" Heuse <mh@mh-sec.de>, Dominik Maier <domenukk@gmail.com>, Andrea Fioraldi <andreafioraldi@gmail.com> and Heiko "hexcoder-" Eissfeldt <heiko.eissfeldt@hexco.de> The homepage of AFL++ is: https://github.com/AFLplusplus/AFLplusplus
LICENSE
Apache License Version 2.0, January 2004
2024-07-01 | AFL++ |