1 files changed, 19 insertions, 17 deletions

diff --git a/TODO.md b/TODO.md
index 8522b06d..e5a678cf 100644
--- a/TODO.md
+++ b/TODO.md
@@ -1,31 +1,23 @@
 # TODO list for AFL++
 
-## Roadmap 2.67+
+## Roadmap 3.00+
 
- - expand on AFL_LLVM_INSTRUMENT_FILE to also support sancov allowlist format
- - AFL_MAP_SIZE for qemu_mode and unicorn_mode
  - CPU affinity for many cores? There seems to be an issue > 96 cores
+ - afl-plot to support multiple plot_data
+ - afl_custom_fuzz_splice_optin()
+ - afl_custom_splice()
+ - intel-pt tracer
+ - better autodetection of shifting runtime timeout values
+ - cmplog: use colorization input for havoc?
+ - cmplog: too much tainted bytes, directly add to dict and skip?
+
 
 ## Further down the road
 
 afl-fuzz:
  - setting min_len/max_len/start_offset/end_offset limits for mutation output
 
-llvm_mode:
- - LTO - imitate sancov
-
-gcc_plugin:
- - (wait for submission then decide)
- - laf-intel
- - better instrumentation (seems to be better with gcc-9+)
-
-better documentation:
- - flow graph
- - short intro
- - faq (how to increase stability, speed, many parallel ...)
-
 qemu_mode:
- - update to 5.x (if the performance bug if gone)
  - non colliding instrumentation
  - rename qemu specific envs to AFL_QEMU (AFL_ENTRYPOINT, AFL_CODE_START/END,
    AFL_COMPCOV_LEVEL?)
@@ -33,3 +25,13 @@ qemu_mode:
    persistent mode
  - add/implement AFL_QEMU_INST_LIBLIST and AFL_QEMU_NOINST_PROGRAM
  - add/implement AFL_QEMU_INST_REGIONS as a list of _START/_END addresses
+
+
+## Ideas
+
+ - LTO/sancov: write current edge to prev_loc and use that information when
+   using cmplog or __sanitizer_cov_trace_cmp*. maybe we can deduct by follow
+   up edge numbers that both following cmp paths have been found and then
+   disable working on this edge id -> cmplog_intelligence branch
+ - use cmplog colorization taint result for havoc locations?
+