about summary refs log tree commit diff
path: root/docs
diff options
context:
space:
mode:
Diffstat (limited to 'docs')
-rw-r--r--docs/Changelog.md15
-rw-r--r--docs/env_variables.md5
-rw-r--r--docs/ideas.md15
3 files changed, 21 insertions, 14 deletions
diff --git a/docs/Changelog.md b/docs/Changelog.md
index 5c6b0663..e9efdf38 100644
--- a/docs/Changelog.md
+++ b/docs/Changelog.md
@@ -16,15 +16,20 @@ sending a mail to <afl-users+subscribe@googlegroups.com>.
     to be placed in the source code.
     Check out instrumentation/README.instrument_list.md
   - afl-fuzz
+    - Making AFL_MAP_SIZE obsolete - afl-fuzz now learns on start the
+      target map size
     - upgraded cmplog/redqueen: solving for floating point, solving
       transformations (e.g. toupper, tolower, to/from hex, xor,
       arithmetics, etc.). this is costly hence new command line option
       -l that sets the intensity (values 1 to 3). recommended is 1 or 2.
+    - added `AFL_CMPLOG_ONLY_NEW` to not use cmplog on initial testcases from
+      `-i` or resumes (as these have most likely already been done)
     - fix crash for very, very fast targets+systems (thanks to mhlakhani
       for reporting)
     - if determinstic mode is active (-D, or -M without -d) then we sync
       after every queue entry as this can take very long time otherwise
     - better detection if a target needs a large shared map
+    - fix for -Z
     - switched to an even faster RNG
     - added hghwng's patch for faster trace map analysis
   - afl-cc
@@ -34,9 +39,17 @@ sending a mail to <afl-users+subscribe@googlegroups.com>.
     - cmplog/redqueen now also tracks floating point, _ExtInt() + 128bit
     - cmplog/redqueen can now process basic libc++ and libstdc++
       std::string comparisons (though no position or length type variants)
+    - added support for __afl_coverage_interesting() for LTO and
+      and our own PCGUARD (llvm 10.0.1+), read more about this function
+      and selective coverage in instrumentation/README.instrument_list.md
     - added AFL_LLVM_INSTRUMENT option NATIVE for native clang pc-guard
       support (less performant than our own), GCC for old afl-gcc and
       CLANG for old afl-clang
+  - qemuafl
+    - ported QASan to qemuafl! see qemu_mode/libqasan/README.md
+    - solved some persistent mode bugs (thanks Dil4rd)
+    - solved an issue when dumping the memory maps (thanks wizche)
+    - Android support for QASan
   - unicornafl
     - Substential speed gains in python bindings for certain use cases
     - Improved rust bindings
@@ -46,7 +59,7 @@ sending a mail to <afl-users+subscribe@googlegroups.com>.
   - LLVM mode is now compiled with -j4, unicorn with all cores. qemu was
     already building with all cores, the gcc plugin needs only one.
   - added dummy Makefile to instrumentation/
-  - Updated utils/afl_frida to be 5% faster
+  - Updated utils/afl_frida to be 5% faster, 7% on x86_x64
   - Added AFL_KILL_SIGNAL env variable (thanks @v-p-b)
   - @Edznux added a nice documentation on how to use rpc.statsd with
     afl++ in docs/rpc_statsd.md, thanks!
diff --git a/docs/env_variables.md b/docs/env_variables.md
index 66d85749..4c3b1cfb 100644
--- a/docs/env_variables.md
+++ b/docs/env_variables.md
@@ -287,6 +287,11 @@ checks or alter some of the more exotic semantics of the tool:
     the target. This must be equal or larger than the size the target was
     compiled with.
 
+  - `AFL_CMPLOG_ONLY_NEW` will only perform the expensive cmplog feature for
+    newly found testcases and not for testcases that are loaded on startup
+    (`-i in`). This is an important feature to set when resuming a fuzzing
+    session.
+
   - `AFL_TESTCACHE_SIZE` allows you to override the size of `#define TESTCASE_CACHE`
     in config.h. Recommended values are 50-250MB - or more if your fuzzing
     finds a huge amount of paths for large inputs.
diff --git a/docs/ideas.md b/docs/ideas.md
index aaa3eed1..7cbe60a5 100644
--- a/docs/ideas.md
+++ b/docs/ideas.md
@@ -16,6 +16,8 @@ test cases executed.
 It should be clickable which value is X and Y axis, zoom factor, log scaling
 on-off, etc.
 
+Mentor: vanhauser-thc
+
 ## WASM Instrumentation
 
 Currently, AFL++ can be used for source code fuzzing and traditional binaries.
@@ -36,19 +38,6 @@ Either improve a single mutator thorugh learning of many different bugs
 
 Mentor: domenukk
 
-## Collision-free Binary-Only Maps
-
-AFL++ supports collison-free maps using an LTO (link-time-optimization) pass.
-This should be possible to implement for QEMU and Unicorn instrumentations.
-As the forkserver parent caches just in time translated translation blocks,
-adding a simple counter between jumps should be doable.
-
-Note: this is already in development for qemu by Andrea, so for people who
-want to contribute it might make more sense to port his solution to unicorn.
-
-Mentor: andreafioraldi or domenukk
-Issue/idea tracker: [https://github.com/AFLplusplus/AFLplusplus/issues/237](https://github.com/AFLplusplus/AFLplusplus/issues/237)
-
 ## Your idea!
 
 Finally, we are open to proposals!
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-06-15 12:58:57 +0000