Add docs

README.md

@@ -52,7 +52,8 @@ and AFL-based fuzzer [Sharpfuzz](https://github.com/Metalnem/sharpfuzz).
 [libFuzzer](https://www.llvm.org/docs/LibFuzzer.html) based fuzzer
 (C/C++/[go-fuzz](https://github.com/dvyukov/go-fuzz)/[Atheris](https://github.com/google/atheris)
 /[Jazzer](https://github.com/CodeIntelligenceTesting/jazzer)/[Jazzer.js](https://github.com/CodeIntelligenceTesting/jazzer.js)/
-[jsfuzz](https://github.com/fuzzitdev/jsfuzz)).
+[jsfuzz](https://github.com/fuzzitdev/jsfuzz)). `casr-libafl` is used to triage crashes found by
+[LibAFL](https://github.com/AFLplusplus/LibAFL) based [fuzzers](https://github.com/AFLplusplus/LibAFL/tree/main/fuzzers).
 `casr-dojo` allows to upload new and unique CASR reports to
 [DefectDojo](https://github.com/DefectDojo/django-DefectDojo) (available with
 `dojo` feature).
@@ -214,6 +215,10 @@ Triage libFuzzer crashes with casr-libfuzzer:
 
     $ casr-libfuzzer -t 30 -i casr/tests/casr_tests/casrep/libfuzzer_crashes_xlnt -o casr/tests/tmp_tests_casr/casr_libfuzzer_out -- casr/tests/casr_tests/bin/load_fuzzer
 
+Triage LibAFL crashes with casr-libafl:
+
+    $ casr-libafl -i casr/tests/casr_tests/casrep/test_libafl_crashes -o casr/tests/tmp_tests_casr/casr_libafl_out -- casr/tests/casr_tests/bin/test_libafl_hierarchy @@
+
 Triage Atheris crashes with casr-libfuzzer:
 
     $ unzip casr/tests/casr_tests/python/ruamel.zip
@@ -263,6 +268,9 @@ If you use [libFuzzer](https://www.llvm.org/docs/LibFuzzer.html) based fuzzer
 [jsfuzz](https://github.com/fuzzitdev/jsfuzz)), the pipeline (without `casr-ubsan` and `casr-dojo`) could be done automatically
 by `casr-libfuzzer`.
 
+If you use [LibAFL](https://github.com/AFLplusplus/LibAFL), the pipeline
+(without `casr-ubsan` and `casr-dojo`) could be done automatically by `casr-libafl`.
+
 ## Contributing
 
 Feel free to open [issues](https://github.com/ispras/casr/issues) or [PRs](https://github.com/ispras/casr/pulls) (especially pay attention to [help wanted](https://github.com/ispras/casr/issues?q=is%3Aopen+is%3Aissue+label%3A%22help+wanted%22) issues)! We appreciate your support!

casr/src/bin/casr-libafl.rs

@@ -15,7 +15,7 @@ use std::path::{Path, PathBuf};
 fn main() -> Result<()> {
     let matches = clap::Command::new("casr-libafl")
         .version(clap::crate_version!())
-        .about("Triage crashes found by LibAFL")
+        .about("Triage crashes found by LibAFL-based fuzzer")
         .term_width(90)
         .arg(
             Arg::new("log-level")
@@ -49,7 +49,7 @@ fn main() -> Result<()> {
                 .action(ArgAction::Set)
                 .value_name("INPUT_DIR")
                 .required(true)
-                .help("LibAFL work directory")
+                .help("LibAFL crash directory")
                 .value_parser(move |arg: &str| {
                     let i_dir = Path::new(arg);
                     if !i_dir.exists() {

docs/usage.md

@@ -16,8 +16,10 @@ crashes found by [AFL++](https://github.com/AFLplusplus/AFLplusplus) and
 AFL-based fuzzer [Sharpfuzz](https://github.com/Metalnem/sharpfuzz).
 `casr-libfuzzer` can triage crashes found by
 [libFuzzer](https://www.llvm.org/docs/LibFuzzer.html) (libFuzzer, go-fuzz,
-Atheris, Jazzer, Jazzer.js, jsfuzz). `casr-dojo` allows to upload new and
-unique CASR reports to [DefectDojo](https://github.com/DefectDojo/django-DefectDojo).
+Atheris, Jazzer, Jazzer.js, jsfuzz). `casr-libafl` is used to triage crashes
+found by [LibAFL](https://github.com/AFLplusplus/LibAFL) based
+[fuzzers](https://github.com/AFLplusplus/LibAFL/tree/main/fuzzers).
+`casr-dojo` allows to upload new and unique CASR reports to [DefectDojo](https://github.com/DefectDojo/django-DefectDojo).
 `casr-cli` is meant to provide TUI for viewing reports and converting them into
 SARIF report. Reports triage (deduplication, clustering) is done by `casr-cluster`.
 
@@ -647,6 +649,42 @@ Jazzer.js example (Jazzer.js installation [guide](https://github.com/CodeIntelli
 You can set environment variable `RUST_BACKTRACE=(1|full)` for `casr-libfuzzer`. This
 variable may be used by [casr-san](#casr-san).
 
+## casr-libafl
+
+Triage crashes found by LibAFL-based fuzzer
+
+    Usage: casr-libafl [OPTIONS] --input <INPUT_DIR> --output <OUTPUT_DIR> -- <ARGS>...
+
+    Arguments:
+      <ARGS>...  Set "-- ./debug_target <arguments>" to generate crash reports
+
+    Options:
+      -l, --log-level <log-level>     Logging level [default: info] [possible values: info,
+                                      debug]
+      -j, --jobs <jobs>               Number of parallel jobs for generating CASR reports
+                                      [default: half of cpu cores]
+      -t, --timeout <SECONDS>         Timeout (in seconds) for target execution, 0 value means
+                                      that timeout is disabled [default: 0]
+      -i, --input <INPUT_DIR>         LibAFL crash directory
+      -o, --output <OUTPUT_DIR>       Output directory with triaged reports
+          --join <PREV_CLUSTERS_DIR>  Use directory with previously triaged reports for new
+                                      reports accumulation [env: CASR_PREV_CLUSTERS_DIR=]
+      -f, --force-remove              Remove output project directory if it exists
+          --no-cluster                Do not cluster CASR reports
+          --hint <HINT>               Hint to force run casr-HINT tool to analyze crashes
+                                      [default: auto] [possible values: auto, gdb, san]
+      -h, --help                      Print help
+      -V, --version                   Print version
+
+LibAFL example:
+
+    $ casr-libafl -i casr/tests/casr_tests/casrep/test_libafl_crashes -o casr/tests/tmp_tests_casr/casr_libafl_out -- casr/tests/casr_tests/bin/test_libafl_hierarchy @@
+
+You can set environment variable `RUST_BACKTRACE=(1|full)` for `casr-libafl`. This
+variable may be used by [casr-san](#casr-san).
+
+**NOTE:** to triage crashes by `casr-libafl`, you need to compile fuzz-target separately from LibAFL.
+
 ## casr-dojo
 
 Tool for uploading new and unique CASR reports to DefectDojo