1afl-cc(8)                   System Manager's Manual                  afl-cc(8)
2
3
4

NAME

6       afl-cc  - afl-cc++4.01a by Michal Zalewski, Laszlo Szekeres, Marc Heuse
7       afl-cc
8
9

SYNOPSIS

11       afl-cc/afl-c++ [options]
12
13

OPTIONS

15       This is a helper application for afl-fuzz. It serves as a drop-in replacement
16       for gcc and clang, letting you recompile third-party code with the required
17       runtime instrumentation. A common use pattern would be one of the following:
18
19         CC=afl-cc CXX=afl-c++ ./configure --disable-shared
20         cmake -DCMAKE_C_COMPILERC=afl-cc -DCMAKE_CXX_COMPILER=afl-c++ .
21         CC=afl-cc CXX=afl-c++ meson
22
23                                              |------------- FEATURES -------------|
24       MODES:                                  NCC PERSIST DICT   LAF CMPLOG SELECT
25         [LTO] llvm LTO:          AVAILABLE
26             PCGUARD              DEFAULT      yes yes     yes    yes yes    yes
27             CLASSIC                           yes yes     yes    yes yes    yes
28         [LLVM] llvm:             AVAILABLE [SELECTED]
29             PCGUARD              DEFAULT      yes yes     module yes yes    yes
30             CLASSIC                           no  yes     module yes yes    yes
31               - NORMAL
32               - CALLER
33               - CTX
34               - NGRAM-{2-16}
35         [GCC_PLUGIN] gcc plugin: unavailable!
36             CLASSIC              DEFAULT      no  yes     no     no  no     yes
37         [GCC/CLANG] simple gcc/clang: AVAILABLE
38             CLASSIC              DEFAULT      no  no      no     no  no     no
39
40       Modes:
41         To select the compiler mode use a symlink version (e.g. afl-clang-fast), set
42         the environment variable AFL_CC_COMPILER to a mode (e.g. LLVM) or use the
43         command line parameter --afl-MODE (e.g. --afl-llvm). If none is selected,
44         afl-cc will select the best available (LLVM -> GCC_PLUGIN -> GCC).
45         The best is LTO but it often needs RANLIB and AR settings outside of afl-cc.
46
47       Sub-Modes: (set via env AFL_LLVM_INSTRUMENT, afl-cc selects the best available)
48         PCGUARD: Dominator tree instrumentation (best!) (README.llvm.md)
49         LLVM-NATIVE:  use llvm's native PCGUARD instrumentation (less performant)
50         CLASSIC: decision target instrumentation (README.llvm.md)
51         CALLER:  CLASSIC + single callee context (instrumentation/README.ctx.md)
52         CTX:     CLASSIC + full callee context (instrumentation/README.ctx.md)
53         NGRAM-x: CLASSIC + previous path ((instrumentation/README.ngram.md)
54
55       Features: (see documentation links)
56         NCC:    non-colliding coverage [automatic] (that is an amazing thing!)
57                 (instrumentation/README.lto.md)
58         PERSIST: persistent mode support [code] (huge speed increase!)
59                 (instrumentation/README.persistent_mode.md)
60         DICT:   dictionary in the target [yes=automatic or llvm module pass]
61                 (instrumentation/README.lto.md + instrumentation/README.llvm.md)
62         LAF:    comparison splitting [env] (instrumentation/README.laf-intel.md)
63         CMPLOG: input2state exploration [env] (instrumentation/README.cmplog.md)
64         SELECT: selective instrumentation (allow/deny) on filename or function [env]
65                 (instrumentation/README.instrument_list.md)
66
67       To see all environment variables for the configuration of afl-cc use "-hh".
68
69       For any information on the available instrumentations and options please
70       consult the README.md, especially section 3.1 about instrumenting targets.
71
72       afl-cc LTO with ld=/usr/bin/ld.lld -flto=full
73       afl-cc LLVM version 14 using the binary path "/usr/bin".
74       Compiled with shmat support.
75
76       Do not be overwhelmed :) afl-cc uses good defaults if no options are selected.
77       Read the documentation for FEATURES though, all are good but few are defaults.
78       Recommended is afl-clang-lto with AFL_LLVM_CMPLOG or afl-clang-fast with
79       AFL_LLVM_CMPLOG and AFL_LLVM_DICT2FILE.
80
81
82

AUTHOR

84       afl++ was written by Michal "lcamtuf" Zalewski  and  is  maintained  by
85       Marc  "van  Hauser"  Heuse  <mh@mh-sec.de>, Heiko "hexcoder-" Eissfeldt
86       <heiko.eissfeldt@hexco.de>, Andrea Fioraldi  <andreafioraldi@gmail.com>
87       and  Dominik  Maier  <domenukk@gmail.com>  The  homepage  of  afl++ is:
88       https://github.com/AFLplusplus/AFLplusplus
89
90

LICENSE

92       Apache License Version 2.0, January 2004
93
94
95
96afl++                             2022-03-31                         afl-cc(8)
Impressum