Add opinionated environment variables guide to AFL++ skill #18
Description
The skill documents compile-time variables (AFL_USE_ASAN, AFL_LLVM_CMPLOG) but lacks practical guidance on runtime environment variables. Rather than duplicating the official docs, add an opinionated "how to use them right" section based on real-world experience.
Suggested Section: "Environment Variables That Matter"
Always Set These
# Every campaign should use tmpfs - SSDs will thank you, and it's faster
AFL_TMPDIR=/dev/shm
# 2.5x faster calibration with negligible precision loss
AFL_FAST_CAL=1Why: These are free performance wins with no downsides. Not setting AFL_TMPDIR wears out your SSD and slows fuzzing. Not setting AFL_FAST_CAL wastes time on startup for marginal precision gains.
Multi-Core Campaigns
# On the primary (-M) instance only
AFL_FINAL_SYNC=1
# On all instances - share findings faster
AFL_TESTCACHE_SIZE=100Why: Without AFL_FINAL_SYNC, your primary instance might miss late-discovered paths from secondary instances. Default cache is too small for large campaigns.
CI/Automated Fuzzing
# Fail fast if fuzzing isn't finding anything
AFL_EXIT_ON_TIME=3600 # 1 hour with no new paths = stop
# Or run until "done" (all queue entries processed)
AFL_EXIT_WHEN_DONE=1
# Headless environments
AFL_NO_UI=1Why: Unbounded fuzzing in CI wastes resources. Set time limits or use exit conditions.
Variables to Avoid
| Variable | Why Skip It |
|---|---|
AFL_NO_ARITH |
Rarely helps, can hurt coverage |
AFL_SHUFFLE_QUEUE |
Only for exotic setups, usually harmful |
AFL_DISABLE_TRIM |
Trimming is valuable, don't disable without reason |
Reference
Full list: https://aflplus.plus/docs/env_variables/ (but most are niche - stick to the ones above)
Follow-up from PR #15 review feedback.