about summary refs log tree commit diff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--docs/ideas.md36
1 files changed, 30 insertions, 6 deletions
diff --git a/docs/ideas.md b/docs/ideas.md
index b6d215aa..6c316bf6 100644
--- a/docs/ideas.md
+++ b/docs/ideas.md
@@ -1,6 +1,7 @@
 # Ideas for afl++
 
-In the following, we describe a variety of ideas that could be implemented for further AFL++ versions.
+In the following, we describe a variety of ideas that could be implemented
+for future AFL++ versions.
 
 ## Flexible Grammar Mutator
 
@@ -19,6 +20,8 @@ common issues of the academic code.
 We aim to develop a pluggable grammar mutator for afl++ that combines
 various results.
 
+Mentor: andreafioraldi 
+
 ## Expand on the MOpt mutator
 
 Work on the MOpt mutator that is already in AFL++.
@@ -32,12 +35,20 @@ on Redqueen, the Radamsa mutator, the Custom mutator (the user can define
 its own mutator) and the work is to generalize MOpt for all the current
 and future mutators.
 
+Mentor: vanhauser-thc or andreafioraldi
+
 ## perf-fuzz Linux Kernel Module
 
-Port the parts of the Linux Kernel modified by [perf-fuzz](https://gts3.org/assets/papers/2017/xu:os-fuzz.pdf) in a LKM.
-Or reimplement it from scratch.
+Port the parts of the Linux Kernel modified by 
+[perf-fuzz](https://gts3.org/assets/papers/2017/xu:os-fuzz.pdf)
+into a linux kernel module, so no source in the kernel needs to be changed.
+Or write your worn LKM from scratch to do this.
+The perf-fuzz kernel can be found at [https://github.com/sslab-gatech/perf-fuzz](https://github.com/sslab-gatech/perf-fuzz)
+There also is/was a FreeBSD project at [https://github.com/veracode-research/freebsd-perf-fuzz](https://github.com/veracode-research/freebsd-perf-fuzz)
+
+This enable snapshot fuzzing on Linux with an incredible performance!
 
-This enable snapshot fuzzing on Linux with an incredible performance.
+Mentor: any
 
 ## QEMU 4-based Instrumentation
 
@@ -49,6 +60,8 @@ This is the cause why, right now, we cannot switch to QEMU 4.2.
 Understanding the current instrumentation and fixing the current caching
 issues will be needed.
 
+Mentor: andreafioraldi
+
 ## WASM Instrumentation
 
 Currently, AFL++ can be used for source code fuzzing and traditional binaries.
@@ -58,10 +71,16 @@ This can either be done by inserting instrumentation directly into the
 WASM AST, or by patching feedback into a WASM VMs of choice, similar to
 the current Unicorn instrumentation.
 
+Mentor: any
+
 ## Machine Learning
 
-Something with machine learning, better than NEUZZ :-)
-Either improve a single mutator thorugh learning of many different bugs (a bug class) or gather deep insights about a single target beforehand (CFG, DFG, VFG, ...?) and improve performance for a single target.
+Something with machine learning, better than [NEUZZ](https://github.com/dongdongshe/neuzz) :-)
+Either improve a single mutator thorugh learning of many different bugs
+(a bug class) or gather deep insights about a single target beforehand
+(CFG, DFG, VFG, ...?) and improve performance for a single target.
+
+Mentor: domenukk
 
 ## Reengineer `afl-fuzz` as Thread Safe, Embeddable Library
 
@@ -69,13 +88,18 @@ Right now, afl-fuzz is single threaded, cannot safely be embedded in tools, and
 Instead, afl-fuzz could be refactored to contain no global state and globals.
 This allows for different use cases that could be implemented during this project.
 
+Mentor: hexcoder- or vanhauser-thc
+
 ## Collision-free Binary-Only Maps
 
 AFL++ supports collison-free maps using an LTO (link-time-optimization) pass.
 This should be possile to implement for QEMU and Unicorn instrumentations.
 As the forkserver parent caches just in time translated translation blocks, adding a simple counter between jumps should be doable.
 
+Mentor: andreafioraldi or domenukk
+
 ## Your idea!
 
 Finally, we are open to proposals!
 Create an issue at https://github.com/vanhauser-thc/AFLplusplus/issues and let's discuss :-)
+
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-05-19 13:57:35 +0000