added snapshot feature to documentation
diff --git a/docs/Changelog.md b/docs/Changelog.md
index 7af8a62..424b61d 100644
--- a/docs/Changelog.md
+++ b/docs/Changelog.md
@@ -35,6 +35,7 @@
- rare: puts focus on queue entries that hits rare branches, also ignores
runtime
- llvm_mode:
+ - added SNAPSHOT feature (using https://github.com/AFLplusplus/AFL-Snapshot-LKM)
- added Control Flow Integrity sanitizer (AFL_USE_CFISAN)
- added AFL_LLVM_INSTRUMENT option to control the instrumentation type
easier: DEFAULT, CFG (INSTRIM), LTO, CTX, NGRAM-x (x=2-16)
diff --git a/docs/env_variables.md b/docs/env_variables.md
index 802e7bd..cd00214 100644
--- a/docs/env_variables.md
+++ b/docs/env_variables.md
@@ -257,6 +257,9 @@
- AFL_NO_ARITH causes AFL to skip most of the deterministic arithmetics.
This can be useful to speed up the fuzzing of text-based file formats.
+ - AFL_NO_SNAPSHOT will advice afl-fuzz not to use the snapshot feature
+ if the snapshot lkm is loaded
+
- AFL_SHUFFLE_QUEUE randomly reorders the input queue on startup. Requested
by some users for unorthodox parallelized fuzzing setups, but not
advisable otherwise.
diff --git a/llvm_mode/README.md b/llvm_mode/README.md
index 805bb65..607350f 100644
--- a/llvm_mode/README.md
+++ b/llvm_mode/README.md
@@ -129,12 +129,18 @@
You can set this with AFL_LLVM_NOT_ZERO=1
See [README.neverzero](README.neverzero.md)
-## 4) Gotchas, feedback, bugs
+## 4) Snapshot feature
+
+To speed up fuzzing you can use a linux loadable kernel module which enables
+a snapshot feature.
+See [README.snapshot](README.snapshot.md)
+
+## 5) Gotchas, feedback, bugs
This is an early-stage mechanism, so field reports are welcome. You can send bug
reports to <afl-users@googlegroups.com>.
-## 5) Bonus feature #1: deferred initialization
+## 6) Bonus feature #1: deferred initialization
AFL tries to optimize performance by executing the targeted binary just once,
stopping it just before main(), and then cloning this "master" process to get
@@ -182,7 +188,7 @@
Finally, recompile the program with afl-clang-fast (afl-gcc or afl-clang will
*not* generate a deferred-initialization binary) - and you should be all set!
-## 6) Bonus feature #2: persistent mode
+## 7) Bonus feature #2: persistent mode
Some libraries provide APIs that are stateless, or whose state can be reset in
between processing different input files. When such a reset is performed, a
diff --git a/llvm_mode/README.snapshot.md b/llvm_mode/README.snapshot.md
new file mode 100644
index 0000000..6bf76b3
--- /dev/null
+++ b/llvm_mode/README.snapshot.md
@@ -0,0 +1,12 @@
+# AFL++ snapshot feature
+
+Snapshot is a mechanic that makes a snapshot from a process and then restores
+it's state, which is faster then forking it again.
+
+All targets compiled with llvm_mode are automatically enabled for the
+snapshot feature.
+
+To use the snapshot feature for fuzzing compile and load this kernel
+module: [https://github.com/AFLplusplus/AFL-Snapshot-LKM](https://github.com/AFLplusplus/AFL-Snapshot-LKM)
+
+Note that is has little value for persistent (__AFL_LOOP) fuzzing.
diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c
index ad4f5b6..e348f75 100644
--- a/src/afl-fuzz.c
+++ b/src/afl-fuzz.c
@@ -165,6 +165,7 @@
"AFL_FORCE_UI: force showing the status screen (for virtual consoles)\n"
"AFL_NO_CPU_RED: avoid red color for showing very high cpu usage\n"
"AFL_SKIP_CPUFREQ: do not warn about variable cpu clocking\n"
+ "AFL_NO_SNAPSHOT: do not use the snapshot feature (if the snapshot lkm is loaded\n"
"AFL_NO_FORKSRV: run target via execve instead of using the forkserver\n"
"AFL_NO_ARITH: skip arithmetic mutations in deterministic stage\n"
"AFL_SHUFFLE_QUEUE: reorder the input queue randomly on startup\n"
