document AFL_LLVM_INSTRUMENT option NATIVE
diff --git a/docs/Changelog.md b/docs/Changelog.md
index 28b7e72..a26a4e0 100644
--- a/docs/Changelog.md
+++ b/docs/Changelog.md
@@ -17,6 +17,8 @@
- allow instrumenting LLVMFuzzerTestOneInput
- fixed endless loop for allow/blocklist lines starting with a
comment (thanks to Zherya for reporting)
+ - added AFL_LLVM_INSTRUMENT option NATIVE for native clang pc-guard support
+ (less performant than our own)
### Version ++3.00c (release)
diff --git a/docs/env_variables.md b/docs/env_variables.md
index 74863d8..c169374 100644
--- a/docs/env_variables.md
+++ b/docs/env_variables.md
@@ -113,6 +113,8 @@
- `AFL_LLVM_INSTRUMENT` - this configures the instrumentation mode.
Available options:
+ PCGUARD - our own pcgard based instrumentation (default)
+ NATIVE - clang's original pcguard based instrumentation
CLASSIC - classic AFL (map[cur_loc ^ prev_loc >> 1]++) (default)
CFG - InsTrim instrumentation (see below)
LTO - LTO instrumentation (see below)
diff --git a/instrumentation/README.llvm.md b/instrumentation/README.llvm.md
index 0763697..2705ce0 100644
--- a/instrumentation/README.llvm.md
+++ b/instrumentation/README.llvm.md
@@ -168,26 +168,7 @@
Please see [README.persistent_mode.md](README.persistent_mode.md) for a
full explanation.
-## 7) Bonus feature: 'trace-pc-guard' mode
-
-LLVM is shipping with a built-in execution tracing feature
-that provides AFL with the necessary tracing data without the need to
-post-process the assembly or install any compiler plugins. See:
-
- http://clang.llvm.org/docs/SanitizerCoverage.html#tracing-pcs-with-guards
-
-If you have not an outdated compiler and want to give it a try, build
-targets this way:
-
-```
-AFL_LLVM_INSTRUMENT=PCGUARD make
-```
-
-Note that this is currently the default if you use LLVM >= 7, as it is the best
-mode. Recommended is LLVM >= 9.
-If you have llvm 11+ and compiled afl-clang-lto - this is the only better mode.
-
-## 8) Bonus feature: 'dict2file' pass
+## 7) Bonus feature: 'dict2file' pass
Just specify `AFL_LLVM_DICT2FILE=/absolute/path/file.txt` and during compilation
all constant string compare parameters will be written to this file to be
diff --git a/src/afl-cc.c b/src/afl-cc.c
index 8593f9b..6f4801d 100644
--- a/src/afl-cc.c
+++ b/src/afl-cc.c
@@ -1346,6 +1346,9 @@
"Sub-Modes: (set via env AFL_LLVM_INSTRUMENT, afl-cc selects the best "
"available)\n"
" PCGUARD: Dominator tree instrumentation (best!) (README.llvm.md)\n"
+#if LLVM_MAJOR > 10 || (LLVM_MAJOR == 10 && LLVM_MINOR > 0)
+ " NATIVE: use llvm's native PCGUARD instrumentation (less performant)\n"
+#endif
" CLASSIC: decision target instrumentation (README.llvm.md)\n"
" CTX: CLASSIC + callee context (instrumentation/README.ctx.md)\n"
" NGRAM-x: CLASSIC + previous path "
