xref: /aosp_15_r20/external/AFLplusplus/docs/important_changes.md (revision 08b48e0b10e97b33e7b60c5b6e2243bd915777f2)

# Important changes in AFL++

This document lists important changes in AFL++, for example, major behavior
changes.

## From version 3.00 onwards

With AFL++ 4.00, we introduced the following changes from previous behaviors:
  * the complete documentation was overhauled and restructured thanks to @llzmb!
  * a new CMPLOG target format requires recompiling CMPLOG targets for use with
    AFL++ 4.0 onwards
  * better naming for several fields in the UI

With AFL++ 3.15, we introduced the following changes from previous behaviors:
  * afl-cmin and afl-showmap `-Ci` now descend into subdirectories like afl-fuzz
    `-i` does (but note that afl-cmin.bash does not)

With AFL++ 3.14, we introduced the following changes from previous behaviors:
  * afl-fuzz: deterministic fuzzing is not a default for `-M main` anymore
  * afl-cmin/afl-showmap -i now descends into subdirectories (afl-cmin.bash,
    however, does not)

With AFL++ 3.10, we introduced the following changes from previous behaviors:
  * The '+' feature of the `-t` option now means to auto-calculate the timeout
    with the value given being the maximum timeout. The original meaning of
    "skipping timeouts instead of abort" is now inherent to the `-t` option.

With AFL++ 3.00, we introduced changes that break some previous AFL and AFL++
behaviors and defaults:
  * There are no llvm_mode and gcc_plugin subdirectories anymore and there is
    only one compiler: afl-cc. All previous compilers now symlink to this one.
    All instrumentation source code is now in the `instrumentation/` folder.
  * The gcc_plugin was replaced with a new version submitted by AdaCore that
    supports more features. Thank you!
  * QEMU mode got upgraded to QEMU 5.1, but to be able to build this a current
    ninja build tool version and python3 setuptools are required. QEMU mode also
    got new options like snapshotting, instrumenting specific shared libraries,
    etc. Additionally QEMU 5.1 supports more CPU targets so this is really worth
    it.
  * When instrumenting targets, afl-cc will not supersede optimizations anymore
    if any were given. This allows to fuzz targets build regularly like those
    for debug or release versions.
  * afl-fuzz:
    * if neither `-M` or `-S` is specified, `-S default` is assumed, so more
      fuzzers can easily be added later
    * `-i` input directory option now descends into subdirectories. It also does
      not fail on crashes and too large files, instead it skips them and uses
      them for splicing mutations
    * `-m` none is now the default, set memory limits (in MB) with, e.g., `-m
      250`
    * deterministic fuzzing is now disabled by default (unless using `-M`) and
      can be enabled with `-D`
    * a caching of test cases can now be performed and can be modified by
      editing config.h for `TESTCASE_CACHE` or by specifying the environment
      variable `AFL_TESTCACHE_SIZE` (in MB). Good values are between 50-500
      (default: 50).
    * `-M` mains do not perform trimming
  * `examples/` got renamed to `utils/`
  * `libtokencap/`, `libdislocator/`, and `qdbi_mode/` were moved to `utils/`
  * afl-cmin/afl-cmin.bash now search first in `PATH` and last in `AFL_PATH`