about summary refs log tree commit diff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--README.md11
-rw-r--r--docs/ideas.md52
2 files changed, 57 insertions, 6 deletions
diff --git a/README.md b/README.md
index ec1d5ba9..01d61fea 100644
--- a/README.md
+++ b/README.md
@@ -89,6 +89,17 @@
   read this file.
 
 
+## Shameless plug to students and enthusiast developers
+
+We have several ideas we would like to see in AFL++ to make it even better.
+However we already work on so many things that we do not have the time for
+all the big ideas.
+
+This can be your way to support and contribute to AFL++ - extend it to
+something cool
+
+We have an idea list in [docs/ideas.md](docs/ideas.md)
+
 ## 0) Building and installing afl++
 
 afl++ has many build options.
diff --git a/docs/ideas.md b/docs/ideas.md
index 10d97ca0..c6e8b3af 100644
--- a/docs/ideas.md
+++ b/docs/ideas.md
@@ -4,18 +4,58 @@ In the following, we describe a variety of ideas that could be implemented for f
 
 ## Flexible Grammar Mutator
 
-Currently, AFL++'s mutation does not have deeper knowledge about the fuzzed binary, apart from feedback, even though the developer may have insights about the target. A developer may choose to provide dictionaries and implement own mutations in python or c, but an easy mutator that behaves according to a given grammar, does not exist.
+Currently, AFL++'s mutation does not have deeper knowledge about the fuzzed
+binary, apart from feedback, even though the developer may have insights
+about the target.
 
-## LTO Based Non-Colliding Edge Coverage
+A developer may choose to provide dictionaries and implement own mutations
+in python or C, but an easy mutator that behaves according to a given grammar,
+does not exist.
 
-An unsolved problem in our fuzzing, right now, are hash collisions between paths. By iterating through all functions at link time, assigning unique values to each branch, therefore reducing or even eliminating collisions, should be possible.
+State-of-the-art research on grammar fuzzing has some problems in their
+implementations like code quality, scalability, or ease of use and other
+common issues of the academic code.
+
+We aim to develop a pluggable grammar mutator for afl++ that combines
+various results.
+
+## Expand on the MOpt mutator
+
+Work on the MOpt mutator that is already in AFL++.
+
+This is an excellent mutations scheduler based on Particle Swarm
+Optimization but the current implementation schedule only the mutations
+that were present on AFL.
+
+AFL++ added a lost of optional mutators like the Input-2-State one based
+on Redqueen, the Radamsa mutator, the Custom mutator (the user can define
+its own mutator) and the work is to generalize MOpt for all the current
+and future mutators.
 
 ## QEMU 4-based Instrumentation
 
-First tests to use QEMU 4 for binary-only AFL++ showed that caching behavior changed, which vastly decreases fuzzing speeds.
-This is the cause why, right now, we cannot switch to QEMU 4.2. Understanding the current instrumentation and fixing the current caching issues will be needed.
+First tests to use QEMU 4 for binary-only AFL++ showed that caching behavior
+changed, which vastly decreases fuzzing speeds.
+
+This is the cause why, right now, we cannot switch to QEMU 4.2.
+
+Understanding the current instrumentation and fixing the current caching
+issues will be needed.
 
 ## WASM Instrumentation
 
 Currently, AFL++ can be used for source code fuzzing and traditional binaries.
-With the rise of WASM as compile target, however, a novel way of instrumentation needs to be implemented for binaries compiled to Webassembly. This can either be done by inserting instrumentation directly into the WASM AST, or by patching feedback into a WASM VMs of choice, similar to the current Unicorn instrumentation.
+With the rise of WASM as compile target, however, a novel way of
+instrumentation needs to be implemented for binaries compiled to Webassembly.
+This can either be done by inserting instrumentation directly into the
+WASM AST, or by patching feedback into a WASM VMs of choice, similar to
+the current Unicorn instrumentation.
+
+## Machine Learning
+
+something with machine learning, better than NEUZZ :-)
+
+## Your idea!
+
+Finally, we are open to proposals!
+Create an issue at https://github.com/vanhauser-thc/AFLplusplus/issues and let's discuss :-)
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-05-19 17:54:23 +0000