xref: /aosp_15_r20/external/AFLplusplus/docs/important_changes.md (revision 08b48e0b10e97b33e7b60c5b6e2243bd915777f2) 
1# Important changes in AFL++
2
3This document lists important changes in AFL++, for example, major behavior
4changes.
5
6## From version 3.00 onwards
7
8With AFL++ 4.00, we introduced the following changes from previous behaviors:
9  * the complete documentation was overhauled and restructured thanks to @llzmb!
10  * a new CMPLOG target format requires recompiling CMPLOG targets for use with
11    AFL++ 4.0 onwards
12  * better naming for several fields in the UI
13
14With AFL++ 3.15, we introduced the following changes from previous behaviors:
15  * afl-cmin and afl-showmap `-Ci` now descend into subdirectories like afl-fuzz
16    `-i` does (but note that afl-cmin.bash does not)
17
18With AFL++ 3.14, we introduced the following changes from previous behaviors:
19  * afl-fuzz: deterministic fuzzing is not a default for `-M main` anymore
20  * afl-cmin/afl-showmap -i now descends into subdirectories (afl-cmin.bash,
21    however, does not)
22
23With AFL++ 3.10, we introduced the following changes from previous behaviors:
24  * The '+' feature of the `-t` option now means to auto-calculate the timeout
25    with the value given being the maximum timeout. The original meaning of
26    "skipping timeouts instead of abort" is now inherent to the `-t` option.
27
28With AFL++ 3.00, we introduced changes that break some previous AFL and AFL++
29behaviors and defaults:
30  * There are no llvm_mode and gcc_plugin subdirectories anymore and there is
31    only one compiler: afl-cc. All previous compilers now symlink to this one.
32    All instrumentation source code is now in the `instrumentation/` folder.
33  * The gcc_plugin was replaced with a new version submitted by AdaCore that
34    supports more features. Thank you!
35  * QEMU mode got upgraded to QEMU 5.1, but to be able to build this a current
36    ninja build tool version and python3 setuptools are required. QEMU mode also
37    got new options like snapshotting, instrumenting specific shared libraries,
38    etc. Additionally QEMU 5.1 supports more CPU targets so this is really worth
39    it.
40  * When instrumenting targets, afl-cc will not supersede optimizations anymore
41    if any were given. This allows to fuzz targets build regularly like those
42    for debug or release versions.
43  * afl-fuzz:
44    * if neither `-M` or `-S` is specified, `-S default` is assumed, so more
45      fuzzers can easily be added later
46    * `-i` input directory option now descends into subdirectories. It also does
47      not fail on crashes and too large files, instead it skips them and uses
48      them for splicing mutations
49    * `-m` none is now the default, set memory limits (in MB) with, e.g., `-m
50      250`
51    * deterministic fuzzing is now disabled by default (unless using `-M`) and
52      can be enabled with `-D`
53    * a caching of test cases can now be performed and can be modified by
54      editing config.h for `TESTCASE_CACHE` or by specifying the environment
55      variable `AFL_TESTCACHE_SIZE` (in MB). Good values are between 50-500
56      (default: 50).
57    * `-M` mains do not perform trimming
58  * `examples/` got renamed to `utils/`
59  * `libtokencap/`, `libdislocator/`, and `qdbi_mode/` were moved to `utils/`
60  * afl-cmin/afl-cmin.bash now search first in `PATH` and last in `AFL_PATH`
61