| # Important changes in AFL++ |
| |
| This document lists important changes in AFL++, for example, major behavior |
| changes. |
| |
| ## From version 3.00 onwards |
| |
| With AFL++ 4.00, we introduced the following changes from previous behaviors: |
| * the complete documentation was overhauled and restructured thanks to @llzmb! |
| * a new CMPLOG target format requires recompiling CMPLOG targets for use with |
| AFL++ 4.0 onwards |
| * better naming for several fields in the UI |
| |
| With AFL++ 3.15, we introduced the following changes from previous behaviors: |
| * afl-cmin and afl-showmap `-Ci` now descend into subdirectories like afl-fuzz |
| `-i` does (but note that afl-cmin.bash does not) |
| |
| With AFL++ 3.14, we introduced the following changes from previous behaviors: |
| * afl-fuzz: deterministic fuzzing is not a default for `-M main` anymore |
| * afl-cmin/afl-showmap -i now descends into subdirectories (afl-cmin.bash, |
| however, does not) |
| |
| With AFL++ 3.10, we introduced the following changes from previous behaviors: |
| * The '+' feature of the `-t` option now means to auto-calculate the timeout |
| with the value given being the maximum timeout. The original meaning of |
| "skipping timeouts instead of abort" is now inherent to the `-t` option. |
| |
| With AFL++ 3.00, we introduced changes that break some previous AFL and AFL++ |
| behaviors and defaults: |
| * There are no llvm_mode and gcc_plugin subdirectories anymore and there is |
| only one compiler: afl-cc. All previous compilers now symlink to this one. |
| All instrumentation source code is now in the `instrumentation/` folder. |
| * The gcc_plugin was replaced with a new version submitted by AdaCore that |
| supports more features. Thank you! |
| * QEMU mode got upgraded to QEMU 5.1, but to be able to build this a current |
| ninja build tool version and python3 setuptools are required. QEMU mode also |
| got new options like snapshotting, instrumenting specific shared libraries, |
| etc. Additionally QEMU 5.1 supports more CPU targets so this is really worth |
| it. |
| * When instrumenting targets, afl-cc will not supersede optimizations anymore |
| if any were given. This allows to fuzz targets build regularly like those |
| for debug or release versions. |
| * afl-fuzz: |
| * if neither `-M` or `-S` is specified, `-S default` is assumed, so more |
| fuzzers can easily be added later |
| * `-i` input directory option now descends into subdirectories. It also does |
| not fail on crashes and too large files, instead it skips them and uses |
| them for splicing mutations |
| * `-m` none is now the default, set memory limits (in MB) with, e.g., `-m |
| 250` |
| * deterministic fuzzing is now disabled by default (unless using `-M`) and |
| can be enabled with `-D` |
| * a caching of test cases can now be performed and can be modified by |
| editing config.h for `TESTCASE_CACHE` or by specifying the environment |
| variable `AFL_TESTCACHE_SIZE` (in MB). Good values are between 50-500 |
| (default: 50). |
| * `-M` mains do not perform trimming |
| * `examples/` got renamed to `utils/` |
| * `libtokencap/`, `libdislocator/`, and `qdbi_mode/` were moved to `utils/` |
| * afl-cmin/afl-cmin.bash now search first in `PATH` and last in `AFL_PATH` |
