diff options
| author | van Hauser <vh@thc.org> | 2020-08-21 15:45:15 +0200 |
|---|---|---|
| committer | van Hauser <vh@thc.org> | 2020-08-21 15:45:15 +0200 |
| commit | d5c77a9e96936bb4b916c36363f25ceb43cbdb9d (patch) | |
| tree | 9e55fe370998a1a6e9237764d6452db1c470bae6 | |
| parent | 4d2694c114b565d346d7a6834d68dee973d9e521 (diff) | |
| download | afl++-d5c77a9e96936bb4b916c36363f25ceb43cbdb9d.tar.gz | |
update todo
| -rw-r--r-- | TODO.md | 7 |
1 files changed, 2 insertions, 5 deletions
diff --git a/TODO.md b/TODO.md index e74fa1d5..65d59271 100644 --- a/TODO.md +++ b/TODO.md @@ -13,13 +13,10 @@ afl-fuzz: - add __sanitizer_cov_trace_cmp* support via shmem llvm_mode: - - LTO - imitate sancov - add __sanitizer_cov_trace_cmp* support gcc_plugin: - (wait for submission then decide) - - laf-intel - - better instrumentation (seems to be better with gcc-9+) qemu_mode: - update to 5.x (if the performance bug is gone) @@ -36,9 +33,9 @@ qemu_mode: - LTO/sancov: write current edge to prev_loc and use that information when using cmplog or __sanitizer_cov_trace_cmp*. maybe we can deduct by follow up edge numbers that both following cmp paths have been found and then - disable working on this edge id + disable working on this edge id -> cmplog_intelligence branch - new tancov: use some lightweight taint analysis to see which parts of a new queue entry is accessed and only fuzz these bytes - or better, only fuzz those bytes that are newly in coverage compared to the queue entry - the new one is based on + the new one is based on -> taint branch, not useful :-( |