doc fixes
diff --git a/qemu_mode/README.md b/qemu_mode/README.md
index 3ebfc54..4ed2f29 100644
--- a/qemu_mode/README.md
+++ b/qemu_mode/README.md
@@ -13,8 +13,8 @@
The usual performance cost is 2-5x, which is considerably better than seen so
far in experiments with tools such as DynamoRIO and PIN.
-The idea and much of the initial implementation comes from Andrew Griffiths. The
-actual implementation on current QEMU (shipped as qemuafl) is from Andrea
+The idea and much of the initial implementation comes from Andrew Griffiths.
+The actual implementation on current QEMU (shipped as qemuafl) is from Andrea
Fioraldi. Special thanks to abiondo that re-enabled TCG chaining.
## 2) How to use QEMU mode
@@ -30,17 +30,13 @@
Once the binaries are compiled, you can leverage the QEMU tool by calling
afl-fuzz and all the related utilities with `-Q` in the command line.
-Note that QEMU requires a generous memory limit to run; somewhere around 200 MB
-is a good starting point, but considerably more may be needed for more complex
-programs. The default `-m` limit will be automatically bumped up to 200 MB when
-specifying `-Q` to afl-fuzz; be careful when overriding this.
-
In principle, if you set `CPU_TARGET` before calling ./build_qemu_support.sh,
you should get a build capable of running non-native binaries (say, you can try
`CPU_TARGET=arm`). This is also necessary for running 32-bit binaries on a
64-bit system (`CPU_TARGET=i386`). If you're trying to run QEMU on a different
architecture, you can also set `HOST` to the cross-compiler prefix to use (for
example `HOST=arm-linux-gnueabi` to use arm-linux-gnueabi-gcc).
+Another common target is `CPU_TARGET=aarch64`.
You can also compile statically-linked binaries by setting `STATIC=1`. This can
be useful when compiling QEMU on a different system than the one you're planning
@@ -219,9 +215,6 @@
for AVX2/FMA3. Using binaries for older CPUs or recompiling them with
`-march=core2`, can help.
-Beyond that, this is an early-stage mechanism, so fields reports are welcome.
-You can send them to <afl-users@googlegroups.com>.
-
## 14) Alternatives: static rewriting
Statically rewriting binaries just once, instead of attempting to translate them
@@ -230,4 +223,4 @@
control flow without actually executing each and every code path.
For more information and hints, check out
-[docs/fuzzing_binary-only_targets.md](../docs/fuzzing_binary-only_targets.md).
\ No newline at end of file
+[docs/fuzzing_binary-only_targets.md](../docs/fuzzing_binary-only_targets.md).
diff --git a/qemu_mode/README.persistent.md b/qemu_mode/README.persistent.md
index ab45860..ef8fb71 100644
--- a/qemu_mode/README.persistent.md
+++ b/qemu_mode/README.persistent.md
@@ -27,11 +27,12 @@
return to START (like WinAFL).
*Note:* If the target is compiled with position independent code (PIE/PIC) qemu
-loads these to a specific base address. For 64 bit you have to add 0x4000000000
-(9 zeroes) and for 32 bit 0x40000000 (7 zeroes) to the address. On strange
-setups the base address set by QEMU for PIE executable may change. You can check
-it printing the process map using `AFL_QEMU_DEBUG_MAPS=1 afl-qemu-trace
-TARGET-BINARY`.
+loads these to a specific base address. For amd64 bit you have to add
+0x4000000000 (9 zeroes) and for 32 bit 0x40000000 (7 zeroes) to the address.
+For aarch64 it is usually 0x5500000000.
+On strange setups the base address set by QEMU for PIE executable may change.
+You can check it printing the process map using
+`AFL_QEMU_DEBUG_MAPS=1 afl-qemu-trace TARGET-BINARY`.
If this address is not valid, afl-fuzz will error during startup with the
message that the forkserver was not found.
diff --git a/qemu_mode/build_qemu_support.sh b/qemu_mode/build_qemu_support.sh
index 277a632..c108675 100755
--- a/qemu_mode/build_qemu_support.sh
+++ b/qemu_mode/build_qemu_support.sh
@@ -360,8 +360,10 @@
make -C libcompcov && echo "[+] libcompcov ready"
echo "[+] Building unsigaction ..."
make -C unsigaction && echo "[+] unsigaction ready"
+ echo "[+] Building fastexit ..."
+ make -C fastexit && echo "[+] fastexit ready"
echo "[+] Building libqasan ..."
- make -C libqasan && echo "[+] unsigaction ready"
+ make -C libqasan && echo "[+] libqasan ready"
echo "[+] Building qemu libfuzzer helpers ..."
make -C ../utils/aflpp_driver
else
diff --git a/qemu_mode/fastexit/README.md b/qemu_mode/fastexit/README.md
index f01340c..66763e9 100644
--- a/qemu_mode/fastexit/README.md
+++ b/qemu_mode/fastexit/README.md
@@ -2,4 +2,4 @@
This library forces _exit on exit when preloaded to gain speed.
-Gives speed on complex tarets like Android or Wine.
+Gives speed on complex targets like Android or Wine.
