diff options
| author | Dominik Maier <domenukk@gmail.com> | 2020-02-20 19:40:39 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-02-20 19:40:39 +0100 |
| commit | 7c8cb338482f7c5155afc9e41d5d361d32199e18 (patch) | |
| tree | b53740e8f29d8022235353c707860ff0b4cbf0f2 | |
| parent | d6623d4b65727057238d7038b489b82843bd544f (diff) | |
| download | afl++-7c8cb338482f7c5155afc9e41d5d361d32199e18.tar.gz | |
GSOC <3
| -rw-r--r-- | docs/ideas.md | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/docs/ideas.md b/docs/ideas.md index c6e8b3af..23072511 100644 --- a/docs/ideas.md +++ b/docs/ideas.md @@ -53,7 +53,20 @@ the current Unicorn instrumentation. ## Machine Learning -something with machine learning, better than NEUZZ :-) +Something with machine learning, better than NEUZZ :-) +Either improve a single mutator thorugh learning of many different bugs (a bug class) or gather deep insights about a single target beforehand (CFG, DFG, VFG, ...?) and improve performance for a single target. + +## Reengineer `afl-fuzz` as Thread Safe, Embeddable Library + +Right now, afl-fuzz is single threaded, cannot safely be embedded in tools, and not multi-threaded. It makes use of a large number of globals, must always be the parent process and exec child processes. +Instead, afl-fuzz could be refactored to contain no global state and globals. +This allows for different use cases that could be implemented during this project. + +## Collision-free Binary-Only Maps + +AFL++ supports collison-free maps using an LTO (link-time-optimization) pass. +This should be possile to implement for QEMU and Unicorn instrumentations. +As the forkserver parent caches just in time translated translation blocks, adding a simple counter between jumps should be doable. ## Your idea! |