about summary refs log tree commit diff
path: root/TODO.md
diff options
context:
space:
mode:
Diffstat (limited to 'TODO.md')
-rw-r--r--TODO.md34
1 files changed, 14 insertions, 20 deletions
diff --git a/TODO.md b/TODO.md
index 1c616b4a..e6b095fc 100644
--- a/TODO.md
+++ b/TODO.md
@@ -1,38 +1,32 @@
 # TODO list for AFL++
 
-## Roadmap 3.00+
+## Should
 
+ - better autodetection of shifting runtime timeout values
  - Update afl->pending_not_fuzzed for MOpt
- - put fuzz target in top line of UI
  - afl-plot to support multiple plot_data
- - afl_custom_fuzz_splice_optin()
- - afl_custom_splice()
- - better autodetection of shifting runtime timeout values
- - cmplog: use colorization input for havoc?
  - parallel builds for source-only targets
+ - get rid of check_binary, replace with more forkserver communication
 
+## Maybe
 
-## Further down the road
+ - afl_custom_fuzz_splice_optin()
+ - afl_custom_splice()
+ - cmdline option from-to range for mutations
 
-afl-fuzz:
- - setting min_len/max_len/start_offset/end_offset limits for mutation output
+## Further down the road
 
-qemu_mode:
+QEMU mode/FRIDA mode:
  - non colliding instrumentation
  - rename qemu specific envs to AFL_QEMU (AFL_ENTRYPOINT, AFL_CODE_START/END,
    AFL_COMPCOV_LEVEL?)
- - add AFL_QEMU_EXITPOINT (maybe multiple?), maybe pointless as we have
+ - add AFL_QEMU_EXITPOINT (maybe multiple?), maybe pointless as there is
    persistent mode
- - add/implement AFL_QEMU_INST_LIBLIST and AFL_QEMU_NOINST_PROGRAM
- - add/implement AFL_QEMU_INST_REGIONS as a list of _START/_END addresses
-
 
 ## Ideas
 
  - LTO/sancov: write current edge to prev_loc and use that information when
-   using cmplog or __sanitizer_cov_trace_cmp*. maybe we can deduct by follow
-   up edge numbers that both following cmp paths have been found and then
-   disable working on this edge id -> cmplog_intelligence branch
- - use cmplog colorization taint result for havoc locations?
- - new instrumentation option for a thread-safe variant of feedback to shared mem.
-   The user decides, if this is needed (eg the target is multithreaded).
+   using cmplog or __sanitizer_cov_trace_cmp*. maybe we can deduct by follow up
+   edge numbers that both following cmp paths have been found and then disable
+   working on this edge id -> cmplog_intelligence branch
+ - use cmplog colorization taint result for havoc locations?
\ No newline at end of file
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-12-24 21:17:16 +0000