update readme and todo

4 files changed, 25 insertions, 11 deletions

diff --git a/.gitignore b/.gitignore
index e4d2346e..b2975a7e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,5 @@
+.test
+.test2
 *.o
 *.so
 afl-analyze
diff --git a/README.md b/README.md
index 597ed8f0..c697da4f 100644
--- a/README.md
+++ b/README.md
@@ -30,9 +30,9 @@
 
   * AFLfast's power schedules by Marcel Böhme: [https://github.com/mboehme/aflfast](https://github.com/mboehme/aflfast)
 
-  * the new excellent MOpt mutator: [https://github.com/puppet-meteor/MOpt-AFL](https://github.com/puppet-meteor/MOpt-AFL)
+  * The new excellent MOpt mutator: [https://github.com/puppet-meteor/MOpt-AFL](https://github.com/puppet-meteor/MOpt-AFL)
 
-  * instrim, a very effective CFG llvm_mode instrumentation implementation for large targets: [https://github.com/csienslab/instrim](https://github.com/csienslab/instrim)
+  * InsTrim, a very effective CFG llvm_mode instrumentation implementation for large targets: [https://github.com/csienslab/instrim](https://github.com/csienslab/instrim)
 
   * C. Holler's afl-fuzz Python mutator module and llvm_mode whitelist support: [https://github.com/choller/afl](https://github.com/choller/afl)
 
@@ -40,12 +40,22 @@
 
   * unicorn_mode which allows fuzzing of binaries from completely different platforms (integration provided by domenukk)
 
-  * laf-intel (compcov) support for llvm_mode, qemu_mode and unicorn_mode
+  * laf-intel or CompCov support for llvm_mode, qemu_mode and unicorn_mode
 
-  * neverZero patch for afl-gcc, llvm_mode, qemu_mode and unicorn_mode which prevents a wrapping map value to zero, increases coverage (by Andrea Fioraldi)
+  * NeverZero patch for afl-gcc, llvm_mode, qemu_mode and unicorn_mode which prevents a wrapping map value to zero, increases coverage
+  
+  * Persistent mode and deferred forkserver for qemu_mode
 
   A more thorough list is available in the PATCHES file.
 
+  | Feature/Instrumentation | LLVM | GCC | QEMU | Unicorn |
+  | ----------------------- |:----:|:---:|:----:| -------:|
+  | laf-intel / CompCov     |  x   |     |  x   |    x    |
+  | NeverZero               |  x   |  x  |  x   |    x    |
+  | Persistent mode         |  x   |     |  x   |         |
+  | Whitelist               |  x   |     |      |         |
+  | InsTrim                 |  x   |     |      |         |
+
   So all in all this is the best-of AFL that is currently out there :-)
 
   For new versions and additional information, check out:
diff --git a/TODO b/TODO
index 26311713..87d1488c 100644
--- a/TODO
+++ b/TODO
@@ -20,6 +20,14 @@ gcc_plugin:
 
 qemu_mode:
  - update to 4.x (probably this will be skipped :( )
+ - deferred mode with AFL_DEFERRED_QEMU=0xaddress
+   (AFL_ENTRYPOINT let you to specify only a basic block address as starting
+   point. This will be implemented togheter with the logic for persistent
+   mode.)
+ - instrim for QEMU mode via static analysis (with r2pipe? or angr?)
+   Idea: The static analyzer outputs a map in which each edge that must be
+   skipped is marked with 1. QEMU loads it at startup in the parent process.
+
 
 unit testing / or large testcase campaign
 
@@ -52,10 +60,3 @@ Problem: Average targets (tiff, jpeg, unrar) go through 1500 edges.
     Bad: completely changes how afl uses the map and the scheduling.
     Overall another very good solution, Marc Heuse/vanHauser follows this up
     
-qemu_mode:
- - persistent mode patching the return address (WinAFL style)
- - deferred mode with AFL_DEFERRED_QEMU=0xaddress
-   (AFL_ENTRYPOINT let you to specify only a basic block address as starting
-    point. This will be implemented togheter with the logic for persistent
-    mode.)
-
diff --git a/docs/ChangeLog b/docs/ChangeLog
index a407e253..fa05d1b8 100644
--- a/docs/ChangeLog
+++ b/docs/ChangeLog
@@ -20,6 +20,7 @@ Version ++2.54d (dev):
   - no more unlinking the input file, this way the input file can also be a
     FIFO or disk partition
   - reducing duplicate code in afl-fuzz
+  - persistent mode for QEMU
 
 
 --------------------------