2.14b

Makefile

@@ -14,7 +14,7 @@
 #
 
 PROGNAME    = afl
-VERSION     = 2.13b
+VERSION     = 2.14b
 
 PREFIX     ?= /usr/local
 BIN_PATH    = $(PREFIX)/bin
@@ -50,7 +50,7 @@ ifndef AFL_NO_X86
 
 test_x86:
 	@echo "[*] Checking for the ability to compile x86 code..."
-	@echo 'main() { __asm__("xorb %al, %al"); }' | $(CC) -w -x c - -o .test || ( echo; echo "Oops, looks like your compiler can't generate x86 code."; echo; echo "You can still try using the LLVM or QEMU mode, but see docs/INSTALL first."; echo "To ignore this error, set AFL_NO_X86=1."; echo; exit 1 )
+	@echo 'main() { __asm__("xorb %al, %al"); }' | $(CC) -w -x c - -o .test || ( echo; echo "Oops, looks like your compiler can't generate x86 code."; echo; echo "Don't panic! You can use the LLVM or QEMU mode, but see docs/INSTALL first."; echo "(To ignore this error, set AFL_NO_X86=1 and try again.)"; echo; exit 1 )
 	@rm -f .test
 	@echo "[+] Everything seems to be working, ready to compile."
 

afl-gcc.c

@@ -262,7 +262,12 @@ static void edit_params(u32 argc, char** argv) {
 
     cc_params[cc_par_cnt++] = "-O3";
     cc_params[cc_par_cnt++] = "-funroll-loops";
+
+    /* Two indicators that you're building for fuzzing; one of them is
+       AFL-specific, the other is shared with libfuzzer. */
+
     cc_params[cc_par_cnt++] = "-D__AFL_COMPILER=1";
+    cc_params[cc_par_cnt++] = "-DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION=1";
 
   }
 

afl-tmin.c

@@ -15,7 +15,7 @@
    A simple test case minimizer that takes an input file and tries to remove
    as much data as possible while keeping the binary in a crashing state
    *or* producing consistent instrumentation output (the mode is auto-selected
-   based on initially observed behavior).
+   based on the initially observed behavior).
 
  */
 

docs/ChangeLog

@@ -16,6 +16,15 @@ Not sure if you should upgrade? The lowest currently recommended version
 is 2.07b. If you're stuck on an earlier release, it's strongly advisable
 to get on with the times.
 
+--------------
+Version 2.14b:
+--------------
+
+  - Added FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION as a macro defined when
+    compiling with afl-gcc and friends. Suggested by Kostya Serebryany.
+
+  - Refreshed some of the non-x86 docs.
+
 --------------
 Version 2.13b:
 --------------

docs/INSTALL

@@ -105,12 +105,19 @@ Standard build will fail on non-x86 systems, but you should be able to
 leverage two other options:
 
   - The LLVM mode (see llvm_mode/README.llvm), which does not rely on
-    x86-specific assembly shims,
+    x86-specific assembly shims. It's fast and robust, but requires a
+    complete installation of clang.
 
   - The QEMU mode (see qemu_mode/README.qemu), which can be also used for
-    fuzzing cross-platform binaries.
+    fuzzing cross-platform binaries. It's slower and more fragile, but
+    can be used even when you don't have the source for the tested app.
 
-In both cases, you will need to set AFL_NO_X86=1 before running make or gmake.
+If you're not sure what you need, you need the LLVM mode. To get it, try:
+
+$ AFL_NO_X86=1 gmake && gmake -C llvm_mode
+
+...and compile your target program with afl-clang-fast or afl-clang-fast++
+instead of the traditional afl-gcc or afl-clang wrappers.
 
 5) Solaris on x86
 -----------------

llvm_mode/afl-clang-fast.c

@@ -198,6 +198,7 @@ static void edit_params(u32 argc, char** argv) {
 
   cc_params[cc_par_cnt++] = "-D__AFL_HAVE_MANUAL_CONTROL=1";
   cc_params[cc_par_cnt++] = "-D__AFL_COMPILER=1";
+  cc_params[cc_par_cnt++] = "-DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION=1";
 
   /* When the user tries to use persistent or deferred forkserver modes by
      appending a single line to the program, we want to reliably inject a