1# TODO list for AFL++ 2 3## Roadmap 3.00+ 4 5 - Update afl->pending_not_fuzzed for MOpt 6 - put fuzz target in top line of UI 7 - afl-plot to support multiple plot_data 8 - afl_custom_fuzz_splice_optin() 9 - afl_custom_splice() 10 - better autodetection of shifting runtime timeout values 11 - cmplog: use colorization input for havoc? 12 - parallel builds for source-only targets 13 14 15## Further down the road 16 17afl-fuzz: 18 - setting min_len/max_len/start_offset/end_offset limits for mutation output 19 20qemu_mode: 21 - non colliding instrumentation 22 - rename qemu specific envs to AFL_QEMU (AFL_ENTRYPOINT, AFL_CODE_START/END, 23 AFL_COMPCOV_LEVEL?) 24 - add AFL_QEMU_EXITPOINT (maybe multiple?), maybe pointless as we have 25 persistent mode 26 - add/implement AFL_QEMU_INST_LIBLIST and AFL_QEMU_NOINST_PROGRAM 27 - add/implement AFL_QEMU_INST_REGIONS as a list of _START/_END addresses 28 29 30## Ideas 31 32 - LTO/sancov: write current edge to prev_loc and use that information when 33 using cmplog or __sanitizer_cov_trace_cmp*. maybe we can deduct by follow 34 up edge numbers that both following cmp paths have been found and then 35 disable working on this edge id -> cmplog_intelligence branch 36 - use cmplog colorization taint result for havoc locations? 37 - new instrumentation option for a thread-safe variant of feedback to shared mem. 38 The user decides, if this is needed (eg the target is multithreaded). 39