1*08b48e0bSAndroid Build Coastguard Worker# Ideas for AFL++ 2*08b48e0bSAndroid Build Coastguard Worker 3*08b48e0bSAndroid Build Coastguard WorkerIn the following, we describe a variety of ideas that could be implemented for 4*08b48e0bSAndroid Build Coastguard Workerfuture AFL++ versions. 5*08b48e0bSAndroid Build Coastguard Worker 6*08b48e0bSAndroid Build Coastguard Worker**NOTE:** Our GSoC participation is concerning [libafl](https://github.com/AFLplusplus/libafl), not AFL++. 7*08b48e0bSAndroid Build Coastguard Worker 8*08b48e0bSAndroid Build Coastguard Worker## Analysis software 9*08b48e0bSAndroid Build Coastguard Worker 10*08b48e0bSAndroid Build Coastguard WorkerCurrently analysis is done by using afl-plot, which is rather outdated. A GTK or 11*08b48e0bSAndroid Build Coastguard Workerbrowser tool to create run-time analysis based on fuzzer_stats, queue/id* 12*08b48e0bSAndroid Build Coastguard Workerinformation and plot_data that allows for zooming in and out, changing min/max 13*08b48e0bSAndroid Build Coastguard Workerdisplay values etc. and doing that for a single run, different runs and 14*08b48e0bSAndroid Build Coastguard Workercampaigns vs. campaigns. Interesting values are execs, and execs/s, edges 15*08b48e0bSAndroid Build Coastguard Workerdiscovered (total, when each edge was discovered and which other fuzzer share 16*08b48e0bSAndroid Build Coastguard Workerfinding that edge), test cases executed. It should be clickable which value is X 17*08b48e0bSAndroid Build Coastguard Workerand Y axis, zoom factor, log scaling on-off, etc. 18*08b48e0bSAndroid Build Coastguard Worker 19*08b48e0bSAndroid Build Coastguard WorkerMentor: vanhauser-thc 20*08b48e0bSAndroid Build Coastguard Worker 21*08b48e0bSAndroid Build Coastguard Worker## Support other programming languages 22*08b48e0bSAndroid Build Coastguard Worker 23*08b48e0bSAndroid Build Coastguard WorkerOther programming languages also use llvm hence they could be (easily?) 24*08b48e0bSAndroid Build Coastguard Workersupported for fuzzing, e.g., mono, swift, go, kotlin native, fortran, ... 25*08b48e0bSAndroid Build Coastguard Worker 26*08b48e0bSAndroid Build Coastguard WorkerGCC also supports: Objective-C, Fortran, Ada, Go, and D (according to 27*08b48e0bSAndroid Build Coastguard Worker[Gcc homepage](https://gcc.gnu.org/)) 28*08b48e0bSAndroid Build Coastguard Worker 29*08b48e0bSAndroid Build Coastguard WorkerLLVM is also used by: Rust, LLGo (Go), kaleidoscope (Haskell), flang (Fortran), 30*08b48e0bSAndroid Build Coastguard Workeremscripten (JavaScript, WASM), ilwasm (CIL (C#)) (according to 31*08b48e0bSAndroid Build Coastguard Worker[LLVM frontends](https://gist.github.com/axic/62d66fb9d8bccca6cc48fa9841db9241)) 32*08b48e0bSAndroid Build Coastguard Worker 33*08b48e0bSAndroid Build Coastguard WorkerMentor: vanhauser-thc 34*08b48e0bSAndroid Build Coastguard Worker 35*08b48e0bSAndroid Build Coastguard Worker## Machine Learning 36*08b48e0bSAndroid Build Coastguard Worker 37*08b48e0bSAndroid Build Coastguard WorkerSomething with machine learning, better than 38*08b48e0bSAndroid Build Coastguard Worker[NEUZZ](https://github.com/dongdongshe/neuzz) :-) Either improve a single 39*08b48e0bSAndroid Build Coastguard Workermutator through learning of many different bugs (a bug class) or gather deep 40*08b48e0bSAndroid Build Coastguard Workerinsights about a single target beforehand (CFG, DFG, VFG, ...?) and improve 41*08b48e0bSAndroid Build Coastguard Workerperformance for a single target. 42*08b48e0bSAndroid Build Coastguard Worker 43*08b48e0bSAndroid Build Coastguard WorkerMentor: domenukk 44*08b48e0bSAndroid Build Coastguard Worker 45*08b48e0bSAndroid Build Coastguard Worker## Your idea! 46*08b48e0bSAndroid Build Coastguard Worker 47*08b48e0bSAndroid Build Coastguard WorkerFinally, we are open to proposals! Create an issue at 48*08b48e0bSAndroid Build Coastguard Workerhttps://github.com/AFLplusplus/AFLplusplus/issues and let's discuss :-) 49