From cdce81b11b98a3dbee12ece111bec05cf1e083f2 Mon Sep 17 00:00:00 2001
From: Nassim Corteggiani <2283868+Bounti@users.noreply.github.com>
Date: Tue, 4 Jun 2024 18:00:52 +0200
Subject: [PATCH] Update README.md

---
 fuzzers/cva6-vcs-fuzzer/README.md | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/fuzzers/cva6-vcs-fuzzer/README.md b/fuzzers/cva6-vcs-fuzzer/README.md
index 60dce4b..ed5c62d 100644
--- a/fuzzers/cva6-vcs-fuzzer/README.md
+++ b/fuzzers/cva6-vcs-fuzzer/README.md
@@ -15,6 +15,17 @@ Follow the installation instructions from the Spike GitHub repository.
 
 * [RISC-V GNU Compiler Toolchain] (https://github.com/riscv-collab/riscv-gnu-toolchain)
 
+With everything properly installed, please make sure to set the right environment variables in your `bashrc` or equivalent file. The fuzzer expects the following configuration in bash:
+
+Please, find below an example of configuratio
+```bash
+export RISCV=$HOME/riscv
+export VERDI_HOME=/usr/synopsys/verdi/U-2023.03-SP2
+export VCS_HOME=/usr/synopsys/vcs/U-2023.03-SP2
+export SNPSLMD_LICENSE_FILE=server@server.fr
+export LD_LIBRARY_PATH=$VERDI_HOME/share/NPI/lib/linux64
+```
+
 ## Building
 
 The build.rs script performs the following tasks:
@@ -58,10 +69,12 @@ for i in {1..10}; do AFL_LAUNCHER_CLIENT=$i ./cva6_vcs_fuzzer & done
 The fuzzer is bootstraped using the seed files into the `seeds` folder. Feel free to customize the content of this file with any interesting seed.
 When starting the fuzzer loads the initial inputs (i.e., the seeds), and only keep interesting ones in the corpus (i.e., coverage novelty).
 Coverage novelty consider any changes for all supported code coverage metrics on vcs, i.e., branch, conditional, line, toggle, and FSM.
+
 Then, starts the fuzzer loop that iteratively calls the different stages. 
 StdMutationalStage is responsible for generating new mutant by applying mutation to the existing testcase in the corpus. 
 The mutations work at the ISA level by first deserializing the binary testcase into stream of instruction, then different mutations might be applied (e.g., adding instruction, removing instruction, changing opcode, ..). 
 The mutation can easily be customized by changing `../../libpresifuzz_mutators/src/riscv_isa.rs`. 
+
 The generated testcase is then inserted into a template ELF file by simplify injecting the code after the `payload` label. 
 This template contains epilogue and prologue code. 
 The current version is very simple. We first init registers to some known values, and we change the `mtvec` to points to our own trap handler.
@@ -79,4 +92,4 @@ python3 ./plot.py -m branch -d ./sync
 ```
 
 The `-m` option is there to provide the coverage metric that is either tgl, cond, branch, line, fsm.
-The `-d` points to the directory where stats are saved.
\ No newline at end of file
+The `-d` points to the directory where stats are saved.