Angora now supports using libdft64 for taint anlysis instead of DFSan (LLVM mode). The feature is still experimental.
export LIBDFT_PATH=/path-to-libdft64
cd pin_mode
make OBJDIR=../bin/lib/
As Build a target program mentioned, Angora uses two variables USE_FAST and USE_TRACK to compile two different version programs respectively. In Pin mode, Angora uses variable USE_PIN to compile the one with taint tracking instead of USE_TRACK.
USE_PIN=1 CC=/path-to-angora/bin/angora-clang CXX=/path-to-angora/bin/angora-clang++ make
Command line options -m is used to set which mode you are using in fuzzing. We have "llvm" and "pin" modes.
./angora_fuzzer -m pin -i input -o output -t path-to-taint-program-pin -- program args(..)