more docu

fuzzers/libfuzzer_libpng/README.md

@@ -1,6 +1,7 @@
 # Libfuzzer for libpng
 
 This folder contains an example fuzzer for libpng, using LLMP for fast multi-process fuzzing and crash detection.
+To show off crash detection, we added a ud2 instruction to the harness, edit harness.cc if you want a non-crashing example.
 It has been tested on Linux.
 
 ## Build
@@ -19,4 +20,6 @@ As this example uses in-process fuzzing, we added a Restarting Event Manager (`s
 This means each client will start itself again to listen for crashes and timeouts.
 By restarting the actual fuzzer, it can recover from these exit conditions.
 
-For convenience, you may just run `./test.sh` in this folder.
+In any real-world scenario, you should use `taskset` to pin each client to an empty cpu core, the lib does not pick an empty core automatically (yet).
+
+For convenience, you may just run `./test.sh` in this folder to test it.

fuzzers/libfuzzer_libpng/test.sh

@@ -6,12 +6,12 @@ cargo build --example libfuzzer_libpng --release || exit 1
 cp ../../target/release/examples/libfuzzer_libpng ./.libfuzzer_test.elf
 
 # The broker
-RUST_BACKTRACE=full ./.libfuzzer_test.elf &
+RUST_BACKTRACE=full taskset 0 ./.libfuzzer_test.elf &
 # Give the broker time to spawn
 sleep 2
 echo "Spawning client"
-# The 1st fuzzer client
+# The 1st fuzzer client, pin to cpu 0x1
-RUST_BACKTRACE=full ./.libfuzzer_test.elf 2>/dev/null
+RUST_BACKTRACE=full taskset 1 ./.libfuzzer_test.elf 2>/dev/null
 
 killall .libfuzzer_test.elf
 rm -rf ./.libfuzzer_test.elf