Add American Fuzzy Lop (afl) to third_party/afl/

third_party/afl/src/docs/ChangeLog

+=========
+ChangeLog
+=========
+
+  This is the list of all noteworthy changes made in every public release of
+  the tool. See README for the general instruction manual.
+
+----------------
+Staying informed
+----------------
+
+Want to stay in the loop on major new features? Join our mailing list by
+sending a mail to <afl-users+subscribe@googlegroups.com>.
+
+Not sure if you should upgrade? The lowest currently recommended version
+is 2.07b. If you're stuck on an earlier release, it's strongly advisable
+to get on with the times.
+
+--------------
+Version 2.14b:
+--------------
+
+  - Added FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION as a macro defined when
+    compiling with afl-gcc and friends. Suggested by Kostya Serebryany.
+
+  - Refreshed some of the non-x86 docs.
+
+--------------
+Version 2.13b:
+--------------
+
+  - Fixed a spurious build test error with trace-pc and llvm_mode/Makefile.
+    Spotted by Markus Teufelberger.
+
+  - Fixed a cosmetic issue with afl-whatsup. Spotted by Brandon Perry.
+
+--------------
+Version 2.12b:
+--------------
+
+  - Fixed a minor issue in afl-tmin that can make alphabet minimization less
+    efficient during passes > 1. Spotted by Daniel Binderman.
+
+--------------
+Version 2.11b:
+--------------
+
+  - Fixed a minor typo in instrumented_cmp, spotted by Hanno Eissfeldt.
+
+  - Added a missing size check for deterministic insertion steps.
+
+  - Made an improvement to afl-gotcpu when -Z not used.
+
+  - Fixed a typo in post_library_png.so.c in experimental/. Spotted by Kostya
+    Serebryany.
+
+--------------
+Version 2.10b:
+--------------
+
+  - Fixed a minor core counting glitch, reported by Tyler Nighswander.
+
+--------------
+Version 2.09b:
+--------------
+
+  - Made several documentation updates.
+
+  - Added some visual indicators to promote and simplify the use of -Z.
+
+--------------
+Version 2.08b:
+--------------
+
+  - Added explicit support for -m32 and -m64 for llvm_mode. Inspired by
+    a request from Christian Holler.
+
+  - Added a new benchmarking option, as requested by Kostya Serebryany.
+
+--------------
+Version 2.07b:
+--------------
+
+  - Added CPU affinity option (-Z) on Linux. With some caution, this can
+    offer a significant (10%+) performance bump and reduce jitter.
+    Proposed by Austin Seipp.
+
+  - Updated afl-gotcpu to use CPU affinity where supported.
+
+  - Fixed confusing CPU_TARGET error messages with QEMU build. Spotted by
+    Daniel Komaromy and others.
+
+--------------
+Version 2.06b:
+--------------
+
+  - Worked around LLVM persistent mode hiccups with -shared code.
+    Contributed by Christian Holler.
+
+  - Added __AFL_COMPILER as a convenient way to detect that something is
+    built under afl-gcc / afl-clang / afl-clang-fast and enable custom
+    optimizations in your code. Suggested by Pedro Corte-Real.
+
+  - Upstreamed several minor changes developed by Franjo Ivancic to
+    allow AFL to be built as a library. This is fairly use-specific and
+    may have relatively little appeal to general audiences.
+
+--------------
+Version 2.05b:
+--------------
+
+  - Put __sanitizer_cov_module_init & co behind #ifdef to avoid problems
+    with ASAN. Spotted by Christian Holler.
+
+--------------
+Version 2.04b:
+--------------
+
+  - Removed indirect-calls coverage from -fsanitize-coverage (since it's
+    redundant). Spotted by Kostya Serebryany.
+
+--------------
+Version 2.03b:
+--------------
+
+  - Added experimental -fsanitize-coverage=trace-pc support that goes with
+    some recent additions to LLVM, as implemented by Kostya Serebryany.
+    Right now, this is cumbersome to use with common build systems, so
+    the mode remains undocumented.
+
+  - Made several substantial improvements to better support non-standard
+    map sizes in LLVM mode.
+
+  - Switched LLVM mode to thread-local execution tracing, which may offer
+    better results in some multithreaded apps.
+
+  - Fixed a minor typo, reported by Heiko Eissfeldt.
+
+  - Force-disabled symbolization for ASAN, as suggested by Christian Holler.
+
+  - AFL_NOX86 renamed to AFL_NO_X86 for consistency.
+
+  - Added AFL_LD_PRELOAD to allow LD_PRELOAD to be set for targets without
+    affecting AFL itself. Suggested by Daniel Godas-Lopez.
+
+--------------
+Version 2.02b:
+--------------
+
+  - Fixed a "lcamtuf can't count to 16" bug in the havoc stage. Reported
+    by Guillaume Endignoux.
+
+--------------
+Version 2.01b:
+--------------
+
+  - Made an improvement to cycle counter color coding, based on feedback
+    from Shai Sarfaty.
+
+  - Added a mention of aflize to sister_projects.txt.
+
+  - Fixed an installation issue with afl-as, as spotted by ilovezfs.
+
+--------------
+Version 2.00b:
+--------------
+
+  - Cleaned up color handling after a minor snafu in 1.99b (affecting some
+    terminals).
+
+  - Made minor updates to the documentation.
+
+--------------
+Version 1.99b:
+--------------
+
+  - Substantially revamped the output and the internal logic of afl-analyze.
+
+  - Cleaned up some of the color handling code and added support for
+    background colors.
+
+  - Removed some stray files (oops).
+
+  - Updated docs to better explain afl-analyze.
+
+--------------
+Version 1.98b:
+--------------
+
+  - Improved to "boring string" detection in afl-analyze.
+
+  - Added technical_details.txt for afl-analyze.
+
+--------------
+Version 1.97b:
+--------------
+
+  - Added afl-analyze, a nifty tool to analyze the structure of a file
+    based on the feedback from AFL instrumentation. This is kinda experimental,
+    so field reports welcome.
+
+  - Added a mention of afl-cygwin.
+
+  - Fixed a couple of typos, as reported by Jakub Wilk and others.
+
+--------------
+Version 1.96b:
+--------------
+
+  - Added -fpic to CFLAGS for the clang plugin, as suggested by Hanno Boeck.
+
+  - Made another clang change (IRBuilder) suggested by Jeff Trull.
+
+  - Fixed several typos, spotted by Jakub Wilk.
+
+  - Added support for AFL_SHUFFLE_QUEUE, based on discussions with
+    Christian Holler.
+
+--------------
+Version 1.95b:
+--------------
+
+  - Fixed a harmless bug when handling -B. Spotted by Jacek Wielemborek.
+
+  - Made the exit message a bit more accurate when AFL_EXIT_WHEN_DONE is set.
+
+  - Added some error-checking for old-style forkserver syntax. Suggested by
+    Ben Nagy.
+
+  - Switched from exit() to _exit() in injected code to avoid snafus with
+    destructors in C++ code. Spotted by sunblate.
+
+  - Made a change to avoid spuriously setting __AFL_SHM_ID when 
+    AFL_DUMB_FORKSRV is set in conjunction with -n. Spotted by Jakub Wilk.
+
+--------------
+Version 1.94b:
+--------------
+
+  - Changed allocator alignment to improve support for non-x86 systems (now
+    that llvm_mode makes this more feasible).
+
+  - Fixed a minor typo in afl-cmin. Spotted by Jonathan Neuschafer.
+
+  - Fixed an obscure bug that would affect people trying to use afl-gcc
+    with $TMP set but $TMPDIR absent. Spotted by Jeremy Barnes.
+
+--------------
+Version 1.93b:
+--------------
+
+  - Hopefully fixed a problem with MacOS X and persistent mode, spotted by
+    Leo Barnes.
+
+--------------
+Version 1.92b:
+--------------
+
+  - Made yet another C++ fix (namespaces). Reported by Daniel Lockyer.
+
+--------------
+Version 1.91b:
+--------------
+
+  - Made another fix to make 1.90b actually work properly with C++ (d'oh).
+    Problem spotted by Daniel Lockyer.
+
+--------------
+Version 1.90b:
+--------------
+
+  - Fixed a minor typo spotted by Kai Zhao; and made several other minor updates
+    to docs.
+
+  - Updated the project URL for python-afl. Requested by Jakub Wilk.
+
+  - Fixed a potential problem with deferred mode signatures getting optimized
+    out by the linker (with --gc-sections).
+
+--------------
+Version 1.89b:
+--------------
+
+  - Revamped the support for persistent and deferred forkserver modes.
+    Both now feature simpler syntax and do not require companion env
+    variables. Suggested by Jakub Wilk.
+
+  - Added a bit more info about afl-showmap. Suggested by Jacek Wielemborek.
+
+--------------
+Version 1.88b:
+--------------
+
+  - Made AFL_EXIT_WHEN_DONE work in non-tty mode. Issue spotted by
+    Jacek Wielemborek.
+
+--------------
+Version 1.87b:
+--------------
+
+  - Added QuickStartGuide.txt, a one-page quick start doc.
+
+  - Fixed several typos spotted by Dominique Pelle.
+
+  - Revamped several parts of README.
+
+--------------
+Version 1.86b:
+--------------
+
+  - Added support for AFL_SKIP_CRASHES, which is a very hackish solution to
+    the problem of resuming sessions with intermittently crashing inputs.
+
+  - Removed the hard-fail terminal size check, replaced with a dynamic
+    warning shown in place of the UI. Based on feedback from Christian Holler.
+
+  - Fixed a minor typo in show_stats. Spotted by Dingbao Xie.
+
+--------------
+Version 1.85b:
+--------------
+
+  - Fixed a garbled sentence in notes on parallel fuzzing. Thanks to Jakub Wilk.
+
+  - Fixed a minor glitch in afl-cmin. Spotted by Jonathan Foote.
+
+--------------
+Version 1.84b:
+--------------
+
+  - Made SIMPLE_FILES behave as expected when naming backup directories for
+    crashes and hangs.
+
+  - Added the total number of favored paths to fuzzer_stats. Requested by
+    Ben Nagy.
+
+  - Made afl-tmin, afl-fuzz, and afl-cmin reject negative values passed to
+    -t and -m, since they generally won't work as expected.
+
+  - Made a fix for no lahf / sahf support on older versions of FreeBSD.
+    Patch contributed by Alex Moneger.
+
+--------------
+Version 1.83b:
+--------------
+
+  - Fixed a problem with xargs -d on non-Linux systems in afl-cmin. Spotted by
+    teor2345 and Ben Nagy.
+
+  - Fixed an implicit declaration in LLVM mode on MacOS X. Reported by 
+    Kai Zhao.
+
+--------------
+Version 1.82b:
+--------------
+
+  - Fixed a harmless but annoying race condition in persistent mode - signal
+    delivery is a bit more finicky than I thought.
+
+  - Updated the documentation to explain persistent mode a bit better.
+
+  - Tweaked AFL_PERSISTENT to force AFL_NO_VAR_CHECK.
+
+--------------
+Version 1.81b:
+--------------
+
+  - Added persistent mode for in-process fuzzing. See llvm_mode/README.llvm.
+    Inspired by Kostya Serebryany and Christian Holler.
+
+  - Changed the in-place resume code to preserve crashes/README.txt. Suggested
+    by Ben Nagy.
+
+  - Included a potential fix for LLVM mode issues on MacOS X, based on the
+    investigation done by teor2345.
+
+--------------
+Version 1.80b:
+--------------
+
+  - Made afl-cmin tolerant of whitespaces in filenames. Suggested by 
+    Jonathan Neuschafer and Ketil Froyn.
+
+  - Added support for AFL_EXIT_WHEN_DONE, as suggested by Michael Rash.
+
+--------------
+Version 1.79b:
+--------------
+
+  - Added support for dictionary levels, see testcases/README.testcases.
+
+  - Reworked the SQL dictionary to use levels.
+
+  - Added a note about Preeny.
+
+--------------
+Version 1.78b:
+--------------
+
+  - Added a dictionary for PDF, contributed by Ben Nagy.
+
+  - Added several references to afl-cov, a new tool by Michael Rash.
+
+  - Fixed a problem with crash reporter detection on MacOS X, as reported by
+    Louis Dassy.
+
+--------------
+Version 1.77b:
+--------------
+
+  - Extended the -x option to support single-file dictionaries.
+
+  - Replaced factory-packaged dictionaries with file-based variants.
+
+  - Removed newlines from HTML keywords in testcases/_extras/html/.
+
+--------------
+Version 1.76b:
+--------------
+
+  - Very significantly reduced the number of duplicate execs during
+    deterministic checks, chiefly in int16 and int32 stages. Confirmed
+    identical path yields. This should improve early-stage efficiency by
+    around 5-10%.
+
+  - Reduced the likelihood of duplicate non-deterministic execs by
+    bumping up lowest stacking factor from 1 to 2. Quickly confirmed
+    that this doesn't seem to have significant impact on coverage with
+    libpng.
+
+  - Added a note about integrating afl-fuzz with third-party tools.
+
+--------------
+Version 1.75b:
+--------------
+
+  - Improved argv_fuzzing to allow it to emit empty args. Spotted by Jakub
+    Wilk.
+
+  - afl-clang-fast now defines __AFL_HAVE_MANUAL_INIT. Suggested by Jakub Wilk.
+
+  - Fixed a libtool-related bug with afl-clang-fast that would make some
+    ./configure invocations generate incorrect output. Spotted by Jakub Wilk.
+
+  - Removed flock() on Solaris. This means no locking on this platform,
+    but so be it. Problem reported by Martin Carpenter.
+
+  - Fixed a typo. Reported by Jakub Wilk.
+
+--------------
+Version 1.74b:
+--------------
+
+  - Added an example argv[] fuzzing wrapper in experimental/argv_fuzzing.
+    Reworked the bash example to be faster, too.
+
+  - Clarified llvm_mode prerequisites for FreeBSD.
+
+  - Improved afl-tmin to use /tmp if cwd is not writeable.
+
+  - Removed redundant includes for sys/fcntl.h, which caused warnings with
+    some nitpicky versions of libc.
+
+  - Added a corpus of basic HTML tags that parsers are likely to pay attention
+    to (no attributes).
+
+  - Added EP_EnabledOnOptLevel0 to llvm_mode, so that the instrumentation is
+    inserted even when AFL_DONT_OPTIMIZE=1 is set.
+
+  - Switched qemu_mode to use the newly-released QEMU 2.3.0, which contains
+    a couple of minor bugfixes.
+
+--------------
+Version 1.73b:
+--------------
+
+  - Fixed a pretty stupid bug in effector maps that could sometimes cause
+    AFL to fuzz slightly more than necessary; and in very rare circumstances,
+    could lead to SEGV if eff_map is aligned with page boundary and followed
+    by an unmapped page. Spotted by Jonathan Gray.
+
+--------------
+Version 1.72b:
+--------------
+
+  - Fixed a glitch in non-x86 install, spotted by Tobias Ospelt.
+
+  - Added a minor safeguard to llvm_mode Makefile following a report from
+    Kai Zhao.
+
+--------------
+Version 1.71b:
+--------------
+
+  - Fixed a bug with installed copies of AFL trying to use QEMU mode. Spotted
+    by G.M. Lime.
+
+  - Added last path / crash / hang times to fuzzer_stats, suggested by
+    Richard Hipp.
+
+  - Fixed a typo, thanks to Jakub Wilk.
+
+--------------
+Version 1.70b:
+--------------
+
+  - Modified resumption code to reuse the original timeout value when resuming
+    a session if -t is not given. This prevents timeout creep in continuous
+    fuzzing.
+
+  - Added improved error messages for failed handshake when AFL_DEFER_FORKSRV
+    is set.
+
+  - Made a slight improvement to llvm_mode/Makefile based on feedback from
+    Jakub Wilk.
+
+  - Refreshed several bits of documentation.
+
+  - Added a more prominent note about the MacOS X trade-offs to Makefile.
+
+--------------
+Version 1.69b:
+--------------
+
+  - Added support for deferred initialization in LLVM mode. Suggested by
+    Richard Godbee.
+
+--------------
+Version 1.68b:
+--------------
+
+  - Fixed a minor PRNG glitch that would make the first seconds of a fuzzing
+    job deterministic. Thanks to Andreas Stieger.
+
+  - Made tmp[] static in the LLVM runtime to keep Valgrind happy (this had
+    no impact on anything else). Spotted by Richard Godbee.
+
+  - Clarified the footnote in README.
+
+--------------
+Version 1.67b:
+--------------
+
+  - Made one more correction to llvm_mode Makefile, spotted by Jakub Wilk.
+
+--------------
+Version 1.66b:
+--------------
+
+  - Added CC / CXX support to llvm_mode Makefile. Requested by Charlie Eriksen.
+
+  - Fixed 'make clean' with gmake. Suggested by Oliver Schneider.
+
+  - Fixed 'make -j n clean all'. Suggested by Oliver Schneider.
+
+  - Removed build date and time from banners to give people deterministic
+    builds. Requested by Jakub Wilk.
+
+--------------
+Version 1.65b:
+--------------
+
+  - Fixed a snafu with some leftover code in afl-clang-fast.
+
+  - Corrected even moar typos.
+
+--------------
+Version 1.64b:
+--------------
+
+  - Further simplified afl-clang-fast runtime by reverting .init_array to
+    __attribute__((constructor(0)). This should improve compatibility with
+    non-ELF platforms.
+
+  - Fixed a problem with afl-clang-fast and -shared libraries. Simplified
+    the code by getting rid of .preinit_array and replacing it with a .comm
+    object. Problem reported by Charlie Eriksen.
+
+  - Removed unnecessary instrumentation density adjustment for the LLVM mode.
+    Reported by Jonathan Neuschafer.
+
+--------------
+Version 1.63b:
+--------------
+
+  - Updated cgroups_asan/ with a new version from Sam, made a couple changes
+    to streamline it and keep parallel afl instances in separate groups.
+
+  - Fixed typos, thanks to Jakub Wilk.
+
+--------------
+Version 1.62b:
+--------------
+
+  - Improved the handling of -x in afl-clang-fast,
+
+  - Improved the handling of low AFL_INST_RATIO settings for QEMU and
+    LLVM modes.
+
+  - Fixed the llvm-config bug for good (thanks to Tobias Ospelt).
+
+--------------
+Version 1.61b:
+--------------
+
+  - Fixed an obscure bug compiling OpenSSL with afl-clang-fast. Patch by
+    Laszlo Szekeres.
+
+  - Fixed a 'make install' bug on non-x86 systems, thanks to Tobias Ospelt.
+
+  - Fixed a problem with half-broken llvm-config on Odroid, thanks to
+    Tobias Ospelt. (There is another odd bug there that hasn't been fully
+    fixed - TBD).
+
+--------------
+Version 1.60b:
+--------------
+
+  - Allowed experimental/llvm_instrumentation/ to graduate to llvm_mode/.
+
+  - Removed experimental/arm_support/, since it's completely broken and likely
+    unnecessary with LLVM support in place.
+
+  - Added ASAN cgroups script to experimental/asan_cgroups/, updated existing
+    docs. Courtesy Sam Hakim and David A. Wheeler.
+
+  - Refactored afl-tmin to reduce the number of execs in common use cases.
+    Ideas from Jonathan Neuschafer and Turo Lamminen.
+
+  - Added a note about CLAs at the bottom of README.
+
+  - Renamed testcases_readme.txt to README.testcases for some semblance of
+    consistency.
+
+  - Made assorted updates to docs.
+
+  - Added MEM_BARRIER() to afl-showmap and afl-tmin, just to be safe.
+
+--------------
+Version 1.59b:
+--------------
+
+  - Imported Laszlo Szekeres' experimental LLVM instrumentation into
+    experimental/llvm_instrumentation. I'll work on including it in the 
+    "mainstream" version soon.
+
+  - Fixed another typo, thanks to Jakub Wilk.
+
+--------------
+Version 1.58b:
+--------------
+
+  - Added a workaround for abort() behavior in -lpthread programs in QEMU mode.
+    Spotted by Aidan Thornton.
+
+  - Made several documentation updates, including links to the static
+    instrumentation tool (sister_projects.txt).
+
+--------------
+Version 1.57b:
+--------------
+
+  - Fixed a problem with exception handling on some versions of MacOS X.
+    Spotted by Samir Aguiar and Anders Wang Kristensen.
+
+  - Tweaked afl-gcc to use BIN_PATH instead of a fixed string in help
+    messages.
+
+--------------
+Version 1.56b:
+--------------
+
+  - Renamed related_work.txt to historical_notes.txt.
+
+  - Made minor edits to the ASAN doc.
+
+  - Added docs/sister_projects.txt with a list of inspired or closely
+    related utilities.
+
+--------------
+Version 1.55b:
+--------------
+
+  - Fixed a glitch with afl-showmap opening /dev/null with O_RDONLY when
+    running in quiet mode. Spotted by Tyler Nighswander.
+
+--------------
+Version 1.54b:
+--------------
+
+  - Added another postprocessor example for PNG.
+
+  - Made a cosmetic fix to realloc() handling in experimental/post_library/,
+    suggested by Jakub Wilk.
+
+  - Improved -ldl handling. Suggested by Jakub Wilk.
+
+--------------
+Version 1.53b:
+--------------
+
+  - Fixed an -l ordering issue that is apparently still a problem on Ubuntu.
+    Spotted by William Robinet.
+
+--------------
+Version 1.52b:
+--------------
+
+  - Added support for file format postprocessors. Requested by Ben Nagy. This
+    feature is intentionally buried, since it's fairly easy to misuse and
+    useful only in some scenarios. See experimental/post_library/.
+
+--------------
+Version 1.51b:
+--------------
+
+  - Made it possible to properly override LD_BIND_NOW after one very unusual
+    report of trouble.
+
+  - Cleaned up typos, thanks to Jakub Wilk.
+
+  - Fixed a bug in AFL_DUMB_FORKSRV.
+
+--------------
+Version 1.50b:
+--------------
+
+  - Fixed a flock() bug that would prevent dir reuse errors from kicking
+    in every now and then.
+
+  - Renamed references to ppvm (the project is now called recidivm).
+
+  - Made improvements to file descriptor handling to avoid leaving some fds
+    unnecessarily open in the child process.
+
+  - Fixed a typo or two.
+
+--------------
+Version 1.49b:
+--------------
+
+  - Added code to save original command line in fuzzer_stats and
+    crashes/README.txt. Also saves fuzzer version in fuzzer_stats.
+    Requested by Ben Nagy.
+
+--------------
+Version 1.48b:
+--------------
+
+  - Fixed a bug with QEMU fork server crashes when translation is attempted
+    after a jump to an invalid pointer in the child process (i.e., after
+    bumping into a particularly nasty security bug in the tested binary).
+    Reported by Tyler Nighswander.
+
+--------------
+Version 1.47b:
+--------------
+
+  - Fixed a bug with afl-cmin in -Q mode complaining about binary being not
+    instrumented. Thanks to Jonathan Neuschafer for the bug report.
+
+  - Fixed another bug with argv handling for afl-fuzz in -Q mode. Reported
+    by Jonathan Neuschafer.
+
+  - Improved the use of colors when showing crash counts in -C mode.
+
+--------------
+Version 1.46b:
+--------------
+
+  - Improved instrumentation performance on 32-bit systems by getting rid of
+    xor-swap (oddly enough, xor-swap is still faster on 64-bit) and tweaking
+    alignment.
+
+  - Made path depth numbers more accurate with imported test cases.
+
+--------------
+Version 1.45b:
+--------------
+
+  - Added support for SIMPLE_FILES in config.h for folks who don't like
+    descriptive file names. Generates very simple names without colons,
+    commas, plus signs, dashes, etc.
+
+  - Replaced zero-sized files with symlinks in the variable behavior state
+    dir to simplify examining the relevant test cases.
+
+  - Changed the period of limited-range block ops from 5 to 10 minutes based
+    on a couple of experiments. The basic goal of this delay timer behavior
+    is to better support jobs that are seeded with completely invalid files,
+    in which case, the first few queue cycles may be completed very quickly
+    without discovering new paths. Should have no effect on well-seeded jobs.
+
+  - Made several minor updates to docs.
+
+--------------
+Version 1.44b:
+--------------
+
+  - Corrected two bungled attempts to get the -C mode work properly
+    with afl-cmin (accounting for the short-lived releases tagged 1.42 and
+    1.43b) - sorry.
+
+  - Removed AFL_ALLOW_CRASHES in favor of the -C mode in said tool.
+
+  - Said goodbye to Hello Kitty, as requested by Padraig Brady.
+
+--------------
+Version 1.41b:
+--------------
+
+  - Added AFL_ALLOW_CRASHES=1 to afl-cmin. Allows crashing inputs in the
+    output corpus. Changed the default behavior to disallow it.
+
+  - Made the afl-cmin output dir default to 0700, not 0755, to be consistent
+    with afl-fuzz; documented the rationale for 0755 in afl-plot.
+
+  - Lowered the output dir reuse time limit to 25 minutes as a dice-roll
+    compromise after a discussion on afl-users@.
+
+  - Made afl-showmap accept -o /dev/null without borking out.
+
+  - Added support for crash / hang info in exit codes of afl-showmap.
+
+  - Tweaked block operation scaling to also factor in ballpark run time
+    in cases where queue passes take very little time.
+
+  - Fixed typos and made improvements to several docs.
+
+--------------
+Version 1.40b:
+--------------
+
+  - Switched to smaller block op sizes during the first passes over the
+    queue. Helps keep test cases small.
+
+  - Added memory barrier for run_target(), just in case compilers get
+    smarter than they are today.
+
+  - Updated a bunch of docs.
+
+--------------
+Version 1.39b:
+--------------
+
+  - Added the ability to skip inputs by sending SIGUSR1 to the fuzzer.
+
+  - Reworked several portions of the documentation.
+
+  - Changed the code to reset splicing perf scores between runs to keep
+    them closer to intended length.
+
+  - Reduced the minimum value of -t to 5 for afl-fuzz (~200 exec/sec)
+    and to 10 for auxiliary tools (due to the absence of a fork server).
+
+  - Switched to more aggressive default timeouts (rounded up to 25 ms
+    versus 50 ms - ~40 execs/sec) and made several other cosmetic changes
+    to the timeout code.
+
+--------------
+Version 1.38b:
+--------------
+
+  - Fixed a bug in the QEMU build script, spotted by William Robinet.
+
+  - Improved the reporting of skipped bitflips to keep the UI counters a bit
+    more accurate.
+
+  - Cleaned up related_work.txt and added some non-goals.
+
+  - Fixed typos, thanks to Jakub Wilk.
+
+--------------
+Version 1.37b:
+--------------
+
+  - Added effector maps, which detect regions that do not seem to respond
+    to bitflips and subsequently exclude them from more expensive steps
+    (arithmetics, known ints, etc). This should offer significant performance
+    improvements with quite a few types of text-based formats, reducing the
+    number of deterministic execs by a factor of 2 or so.
+
+  - Cleaned up mem limit handling in afl-cmin.
+
+  - Switched from uname -i to uname -m to work around Gentoo-specific
+    issues with coreutils when building QEMU. Reported by William Robinet.
+
+  - Switched from PID checking to flock() to detect running sessions.
+    Problem, against all odds, bumped into by Jakub Wilk.
+
+  - Added SKIP_COUNTS and changed the behavior of COVERAGE_ONLY in config.h.
+    Useful only for internal benchmarking.
+
+  - Made improvements to UI refresh rates and exec/sec stats to make them
+    more stable.
+
+  - Made assorted improvements to the documentation and to the QEMU build
+    script.
+
+  - Switched from perror() to strerror() in error macros, thanks to Jakub
+    Wilk for the nag.
+
+  - Moved afl-cmin back to bash, wasn't thinking straight. It has to stay
+    on bash because other shells may have restrictive limits on array sizes.
+
+--------------
+Version 1.36b:
+--------------
+
+  - Switched afl-cmin over to /bin/sh. Thanks to Jonathan Gray.
+
+  - Fixed an off-by-one bug in queue limit check when resuming sessions
+    (could cause NULL ptr deref if you are *really* unlucky).
+
+  - Fixed the QEMU script to tolerate i686 if returned by uname -i. Based on
+    a problem report from Sebastien Duquette.
+
+  - Added multiple references to Jakub's ppvm tool.
+
+  - Made several minor improvements to the Makefile.
+
+  - Believe it or not, fixed some typos. Thanks to Jakub Wilk.
+
+--------------
+Version 1.35b:
+--------------
+
+  - Cleaned up regular expressions in some of the scripts to avoid errors
+    on *BSD systems. Spotted by Jonathan Gray.
+
+--------------
+Version 1.34b:
+--------------
+
+  - Performed a substantial documentation and program output cleanup to
+    better explain the QEMU feature.
+
+--------------
+Version 1.33b:
+--------------
+
+  - Added support for AFL_INST_RATIO and AFL_INST_LIBS in the QEMU mode.
+
+  - Fixed a stack allocation crash in QEMU mode (bug in QEMU, fixed with
+    an extra patch applied to the downloaded release).
+
+  - Added code to test the QEMU instrumentation once the afl-qemu-trace
+    binary is built.
+
+  - Modified afl-tmin and afl-showmap to search $PATH for binaries and to
+    better handle QEMU support.
+
+  - Added a check for instrumented binaries when passing -Q to afl-fuzz.
+
+--------------
+Version 1.32b:
+--------------
+
+  - Fixed 'make install' following the QEMU changes. Spotted by Hanno Boeck.
+
+  - Fixed EXTRA_PAR handling in afl-cmin.
+
+--------------
+Version 1.31b:
+--------------
+
+  - Hallelujah! Thanks to Andrew Griffiths, we now support very fast, black-box
+    instrumentation of binary-only code. See qemu_mode/README.qemu.
+
+    To use this feature, you need to follow the instructions in that
+    directory and then run afl-fuzz with -Q.
+
+--------------
+Version 1.30b:
+--------------
+
+  - Added -s (summary) option to afl-whatsup. Suggested by Jodie Cunningham.
+
+  - Added a sanity check in afl-tmin to detect minimization to zero len or
+    excess hangs.
+
+  - Fixed alphabet size counter in afl-tmin.
+
+  - Slightly improved the handling of -B in afl-fuzz.
+
+  - Fixed process crash messages with -m none.
+
+--------------
+Version 1.29b:
+--------------
+
+  - Improved the naming of test cases when orig: is already present in the file
+    name.
+
+  - Made substantial improvements to technical_details.txt.
+
+--------------
+Version 1.28b:
+--------------
+
+  - Made a minor tweak to the instrumentation to preserve the directionality
+    of tuples (i.e., A -> B != B -> A) and to maintain the identity of tight
+    loops (A -> A). You need to recompile targeted binaries to leverage this.
+
+  - Cleaned up some of the afl-whatsup stats.
+
+  - Added several sanity checks to afl-cmin.
+
+--------------
+Version 1.27b:
+--------------
+
+  - Made afl-tmin recursive. Thanks to Hanno Boeck for the tip.
+
+  - Added docs/technical_details.txt.
+
+  - Changed afl-showmap search strategy in afl-cmap to just look into the
+    same place that afl-cmin is executed from. Thanks to Jakub Wilk.
+
+  - Removed current_todo.txt and cleaned up the remaining docs.
+
+--------------
+Version 1.26b:
+--------------
+
+  - Added total execs/sec stat for afl-whatsup.
+
+  - afl-cmin now auto-selects between cp or ln. Based on feedback from
+    Even Huus.
+
+  - Fixed a typo. Thanks to Jakub Wilk.
+
+  - Made afl-gotcpu a bit more accurate by using getrusage instead of
+    times. Thanks to Jakub Wilk.
+
+  - Fixed a memory limit issue during the build process on NetBSD-current.
+    Reported by Thomas Klausner.
+
+--------------
+Version 1.25b:
+--------------
+
+  - Introduced afl-whatsup, a simple tool for querying the status of
+    local synced instances of afl-fuzz.
+
+  - Added -x compiler to clang options on Darwin. Suggested by Filipe
+    Cabecinhas.
+
+  - Improved exit codes for afl-gotcpu.
+
+  - Improved the checks for -m and -t values in afl-cmin. Bug report
+    from Evan Huus.
+
+--------------
+Version 1.24b:
+--------------
+
+  - Introduced afl-getcpu, an experimental tool to empirically measure
+    CPU preemption rates. Thanks to Jakub Wilk for the idea.
+
+--------------
+Version 1.23b:
+--------------
+
+  - Reverted one change to afl-cmin that actually made it slower.
+
+--------------
+Version 1.22b:
+--------------
+
+  - Reworked afl-showmap.c to support normal options, including -o, -q,
+    -e. Also added support for timeouts and memory limits.
+
+  - Made changes to afl-cmin and other scripts to accommodate the new
+    semantics.
+
+  - Officially retired AFL_EDGES_ONLY.
+
+  - Fixed another typo in afl-tmin, courtesy of Jakub Wilk.
+
+--------------
+Version 1.21b:
+--------------
+
+  - Graduated minimize_corpus.sh to afl-cmin. It is now a first-class
+    utility bundled with the fuzzer. 
+
+  - Made significant improvements to afl-cmin to make it faster, more
+    robust, and more versatile.
+
+  - Refactored some of afl-tmin code to make it a bit more readable.
+
+  - Made assorted changes to the doc to document afl-cmin and other stuff.
+
+--------------
+Version 1.20b:
+--------------
+
+  - Added AFL_DUMB_FORKSRV, as requested by Jakub Wilk. This works only
+    in -n mode and allows afl-fuzz to run with "dummy" fork servers that
+    don't output any instrumentation, but follow the same protocol.
+
+  - Renamed AFL_SKIP_CHECKS to AFL_SKIP_BIN_CHECK to make it at least
+    somewhat descriptive.
+
+  - Switched to using clang as the default assembler on MacOS X to work
+    around Xcode issues with newer builds of clang. Testing and patch by
+    Nico Weber.
+
+  - Fixed a typo (via Jakub Wilk).
+
+--------------
+Version 1.19b:
+--------------
+
+  - Improved exec failure detection in afl-fuzz and afl-showmap.
+
+  - Improved Ctrl-C handling in afl-showmap.
+
+  - Added afl-tmin, a handy instrumentation-enabled minimizer.
+
+--------------
+Version 1.18b:
+--------------
+
+  - Fixed a serious but short-lived bug in the resumption behavior introduced
+    in version 1.16b.
+
+  - Added -t nn+ mode for soft-skipping timing-out paths.
+
+--------------
+Version 1.17b:
+--------------
+
+  - Fixed a compiler warning introduced in 1.16b for newer versions of GCC.
+    Thanks to Jakub Wilk and Ilfak Guilfanov.
+
+  - Improved the consistency of saving fuzzer_stats, bitmap info, and
+    auto-dictionaries when aborting fuzzing sessions.
+
+  - Made several noticeable performance improvements to deterministic arith
+    and known int steps.
+
+--------------
+Version 1.16b:
+--------------
+
+  - Added a bit of code to make resumption pick up from the last known
+    offset in the queue, rather than always rewinding to the start. Suggested
+    by Jakub Wilk.
+
+  - Switched to tighter timeout control for slow programs (3x rather than
+    5x average exec speed at init).
+
+--------------
+Version 1.15b:
+--------------
+
+  - Added support for AFL_NO_VAR_CHECK to speed up resumption and inhibit
+    variable path warnings for some programs.
+
+  - Made the trimmer run even for variable paths, since there is no special
+    harm in doing so and it can be very beneficial if the trimming still
+    pans out.
+
+  - Made the UI a bit more descriptive by adding "n/a" instead of "0" in a
+    couple of corner cases.
+
+--------------
+Version 1.14b:
+--------------
+
+  - Added a (partial) dictionary for JavaScript.
+
+  - Added AFL_NO_CPU_RED, as suggested by Jakub Wilk.
+
+  - Tweaked the havoc scaling logic added in 1.12b.
+
+--------------
+Version 1.13b:
+--------------
+
+  - Improved the performance of minimize_corpus.sh by switching to a
+    sort-based approach.
+
+  - Made several minor revisions to the docs.
+
+--------------
+Version 1.12b:
+--------------
+
+  - Made an improvement to dictionary generation to avoid runs of identical
+    bytes.
+
+  - Added havoc cycle scaling to help with slow binaries in -d mode. Based on
+    a thread with Sami Liedes.
+
+  - Added AFL_SYNC_FIRST for afl-fuzz. This is useful for those who obsess
+    over stats, no special purpose otherwise.
+
+  - Switched to more robust box drawing codes, suggested by Jakub Wilk.
+
+  - Created faster 64-bit variants of several critical-path bitmap functions
+    (sorry, no difference on 32 bits).
+
+  - Fixed moar typos, as reported by Jakub Wilk.
+
+--------------
+Version 1.11b:
+--------------
+
+  - Added a bit more info about dictionary strategies to the status screen.
+
+--------------
+Version 1.10b:
+--------------
+
+  - Revised the dictionary behavior to use insertion and overwrite in
+    deterministic steps, rather than just the latter. This improves coverage
+    with SQL and the like.
+
+  - Added a mention of "*" in status_screen.txt, as suggested by Jakub Wilk.
+
+--------------
+Version 1.09b:
+--------------
+
+  - Corrected a cosmetic problem with 'extras' stage count not always being
+    accurate in the stage yields view.
+
+  - Fixed a typo reported by Jakub Wilk and made some minor documentation
+    improvements.
+
+--------------
+Version 1.08b:
+--------------
+
+  - Fixed a div-by-zero bug in the newly-added code when using a dictionary.
+
+--------------
+Version 1.07b:
+--------------
+
+  - Added code that automatically finds and extracts syntax tokens from the
+    input corpus.
+
+  - Fixed a problem with ld dead-code removal option on MacOS X, reported
+    by Filipe Cabecinhas.
+
+  - Corrected minor typos spotted by Jakub Wilk.
+
+  - Added a couple of more exotic archive format samples.
+
+--------------
+Version 1.06b:
+--------------
+
+  - Switched to slightly more accurate (if still not very helpful) reporting
+    of short read and short write errors. These theoretically shouldn't happen
+    unless you kill the forkserver or run out of disk space. Suggested by
+    Jakub Wilk.
+
+  - Revamped some of the allocator and debug code, adding comments and
+    cleaning up other mess.
+
+  - Tweaked the odds of fuzzing non-favored test cases to make sure that
+    baseline coverage of all inputs is reached sooner.
+
+--------------
+Version 1.05b:
+--------------
+
+  - Added a dictionary for WebP.
+
+  - Made some additional performance improvements to minimize_corpus.sh,
+    getting deeper into the bash woods.
+
+--------------
+Version 1.04b:
+--------------
+
+  - Made substantial performance improvements to minimize_corpus.sh with
+    large datasets, albeit at the expense of having to switch back to bash
+    (other shells may have limits on array sizes, etc).
+
+  - Tweaked afl-showmap to support the format used by the new script.
+
+--------------
+Version 1.03b:
+--------------
+
+  - Added code to skip README.txt in the input directory to make the crash
+    exploration mode work better. Suggested by Jakub Wilk.
+
+  - Added a dictionary for SQLite.
+
+--------------
+Version 1.02b:
+--------------
+
+  - Reverted the ./ search path in minimize_corpus.sh because people did
+    not like it.
+
+  - Added very explicit warnings not to run various shell scripts that
+    read or write to /tmp/ (since this is generally a pretty bad idea on
+    multi-user systems).
+
+  - Added a check for /tmp binaries and -f locations in afl-fuzz.
+
+--------------
+Version 1.01b:
+--------------
+
+  - Added dictionaries for XML and GIF.
+
+--------------
+Version 1.00b:
+--------------
+
+  - Slightly improved the performance of minimize_corpus.sh, especially on
+    Linux.
+
+  - Made a couple of improvements to calibration timeouts for resumed scans.
+
+--------------
+Version 0.99b:
+--------------
+
+  - Fixed minimize_corpus.sh to work with dash, as suggested by Jakub Wilk.
+
+  - Modified minimize_corpus.sh to try locate afl-showmap in $PATH and ./.
+    The first part requested by Jakub Wilk.
+
+  - Added support for afl-as --version, as required by one funky build
+    script. Reported by William Robinet.
+
+--------------
+Version 0.98b:
+--------------
+
+  - Added a dictionary for TIFF.
+
+  - Fixed another cosmetic snafu with stage exec counts for -x.
+
+  - Switched afl-plot to /bin/sh, since it seems bashism-free. Also tried
+    to remove any obvious bashisms from other experimental/ scripts,
+    most notably including minimize_corpus.sh and triage_crashes.sh.
+    Requested by Jonathan Gray.
+
+--------------
+Version 0.97b:
+--------------
+
+  - Fixed cosmetic issues around the naming of -x strategy files.
+
+  - Added a dictionary for JPEG.
+
+  - Fixed a very rare glitch when running instrumenting 64-bit code that makes
+    heavy use of xmm registers that are also touched by glibc.
+
+--------------
+Version 0.96b:
+--------------
+
+  - Added support for extra dictionaries, provided testcases/_extras/png/
+    as a demo.
+
+  - Fixed a minor bug in number formatting routines used by the UI.
+
+  - Added several additional PNG test cases that are relatively unlikely
+    to be hit by chance.
+
+  - Fixed afl-plot syntax for gnuplot 5.x. Reported by David Necas.
+
+--------------
+Version 0.95b:
+--------------
+
+  - Cleaned up the OSX ReportCrash code. Thanks to Tobias Ospelt for help.
+
+  - Added some extra tips for AFL_NO_FORKSERVER on OSX.
+
+  - Refreshed the INSTALL file.
+
+--------------
+Version 0.94b:
+--------------
+
+  - Added in-place resume (-i-) to address a common user complaint.
+
+  - Added an awful workaround for ReportCrash on MacOS X. Problem
+    spotted by Joseph Gentle.
+
+--------------
+Version 0.93b:
+--------------
+
+  - Fixed the link() workaround, as reported by Jakub Wilk.
+
+--------------
+Version 0.92b:
+--------------
+
+  - Added support for reading test cases from another filesystem.
+    Requested by Jakub Wilk.
+
+  - Added pointers to the mailing list.
+
+  - Added a sample PDF document.
+
+--------------
+Version 0.91b:
+--------------
+
+  - Refactored minimize_corpus.sh to make it a bit more user-friendly and to
+    select for smallest files, not largest bitmaps. Offers a modest corpus
+    size improvement in most cases.
+
+  - Slightly improved the performance of splicing code.
+
+--------------
+Version 0.90b:
+--------------
+
+  - Moved to an algorithm where paths are marked as preferred primarily based
+    on size and speed, rather than bitmap coverage. This should offer
+    noticeable performance gains in many use cases.
+
+  - Refactored path calibration code; calibration now takes place as soon as a
+    test case is discovered, to facilitate better prioritization decisions later
+    on.
+
+  - Changed the way of marking variable paths to avoid .state metadata
+    inconsistencies.
+
+  - Made sure that calibration routines always create a new test case to avoid
+    hypothetical problems with utilities that modify the input file.
+
+  - Added bitmap saturation to fuzzer stats and plot data.
+
+  - Added a testcase for JPEG XR.
+
+  - Added a tty check for the colors warning in Makefile, to keep distro build
+    logs tidy. Suggested by Jakub Wilk.
+
+--------------
+Version 0.89b:
+--------------
+
+  - Renamed afl-plot.sh to afl-plot, as requested by Padraig Brady.
+
+  - Improved the compatibility of afl-plot with older versions of gnuplot.
+
+  - Added banner information to fuzzer_stats, populated it to afl-plot.
+
+--------------
+Version 0.88b:
+--------------
+
+  - Added support for plotting, with design and implementation based on a
+    prototype design proposed by Michael Rash. Huge thanks!
+
+  - Added afl-plot.sh, which allows you to, well, generate a nice plot using
+    this data.
+
+  - Refactored the code slightly to make more frequent updates to fuzzer_stats
+    and to provide more detail about synchronization.
+
+  - Added a fflush(stdout) call for non-tty operation, as requested by 
+    Joonas Kuorilehto.
+
+  - Added some detail to fuzzer_stats for parity with plot_file.
+
+--------------
+Version 0.87b:
+--------------
+
+  - Added support for MSAN, via AFL_USE_MSAN, same gotchas as for ASAN.
+
+--------------
+Version 0.86b:
+--------------
+
+  - Added AFL_NO_FORKSRV, allowing the forkserver to be bypassed. Suggested
+    by Ryan Govostes.
+
+  - Simplified afl-showmap.c to make use of the no-forkserver mode.
+
+  - Made minor improvements to crash_triage.sh, as suggested by Jakub Wilk.
+
+--------------
+Version 0.85b:
+--------------
+
+  - Fixed the CPU counting code - no sysctlbyname() on OpenBSD, d'oh. Bug
+    reported by Daniel Dickman.
+
+  - Made a slight correction to error messages - the advice on testing
+    with ulimit was a tiny bit off by a factor of 1024.
+
+--------------
+Version 0.84b:
+--------------
+
+  - Added support for the CPU widget on some non-Linux platforms (I hope).
+    Based on feedback from Ryan Govostes.
+
+  - Cleaned up the changelog (very meta).
+
+--------------
+Version 0.83b:
+--------------
+
+  - Added experimental/clang_asm_normalize/ and related notes in 
+    env_variables.txt and afl-as.c. Thanks to Ryan Govostes for the idea.
+
+  - Added advice on hardware utilization in README.
+
+--------------
+Version 0.82b:
+--------------
+
+  - Made additional fixes for Xcode support, juggling -Q and -q flags. Thanks to
+    Ryan Govostes.
+
+  - Added a check for __asm__ blocks and switches to .intel_syntax in assembly.
+    Based on feedback from Ryan Govostes.
+
+--------------
+Version 0.81b:
+--------------
+
+  - A workaround for Xcode 6 as -Q flag glitch. Spotted by Ryan Govostes.
+
+  - Improved Solaris build instructions, as suggested by Martin Carpenter.
+
+  - Fix for a slightly busted path scoring conditional. Minor practical impact.
+
+--------------
+Version 0.80b:
+--------------
+
+  - Added a check for $PATH-induced loops. Problem noticed by Kartik Agaram.
+
+  - Added AFL_KEEP_ASSEMBLY for easier troubleshooting.
+
+  - Added an override for AFL_USE_ASAN if set at afl compile time. Requested by
+    Hanno Boeck.
+
+--------------
+Version 0.79b:
+--------------
+
+  - Made minor adjustments to path skipping logic.
+
+  - Made several documentation updates to reflect the path selection changes
+    made in 0.78b.
+
+--------------
+Version 0.78b:
+--------------
+
+  - Added a CPU governor check. Bug report from Joe Zbiciak.
+
+  - Favored paths are now selected strictly based on new edges, not hit
+    counts. This speeds up the first pass by a factor of 3-6x without
+    significantly impacting ultimate coverage (tested with libgif, libpng,
+    libjpeg).
+
+    It also allows some performance & memory usage improvements by making
+    some of the in-memory bitmaps much smaller.
+
+  - Made multiple significant performance improvements to bitmap checking
+    functions, plus switched to a faster hash.
+
+  - Owing largely to these optimizations, bumped the size of the bitmap to
+    64k and added a warning to detect older binaries that rely on smaller
+    bitmaps.
+
+--------------
+Version 0.77b:
+--------------
+
+  - Added AFL_SKIP_CHECKS to bypass binary checks when really warranted.
+    Feature requested by Jakub Wilk.
+
+  - Fixed a couple of typos.
+
+  - Added a warning for runs that are aborted early on.
+
+--------------
+Version 0.76b:
+--------------
+
+  - Incorporated another signal handling fix for Solaris. Suggestion
+    submitted by Martin Carpenter.
+
+--------------
+Version 0.75b:
+--------------
+
+  - Implemented a slightly more "elegant" kludge for the %llu glitch (see
+    types.h).
+
+  - Relaxed CPU load warnings to stay in sync with reality.
+
+--------------
+Version 0.74b:
+--------------
+
+  - Switched to more responsive exec speed averages and better UI speed
+    scaling.
+
+  - Fixed a bug with interrupted reads on Solaris. Issue spotted by Martin
+    Carpenter.
+
+--------------
+Version 0.73b:
+--------------
+
+  - Fixed a stray memcpy() instead of memmove() on overlapping buffers.
+    Mostly harmless but still dumb. Mistake spotted thanks to David Higgs.
+
+--------------
+Version 0.72b:
+--------------
+
+  - Bumped map size up to 32k. You may want to recompile instrumented
+    binaries (but nothing horrible will happen if you don't).
+
+  - Made huge performance improvements for bit-counting functions.
+
+  - Default optimizations now include -funroll-loops. This should have
+    interesting effects on the instrumentation. Frankly, I'm just going to
+    ship it and see what happens next. I have a good feeling about this.
+
+  - Made a fix for stack alignment crash on MacOS X 10.10; looks like the 
+    rhetorical question in the comments in afl-as.h has been answered.
+    Tracked down by Mudge Zatko.
+
+--------------
+Version 0.71b:
+--------------
+
+  - Added a fix for the nonsensical MacOS ELF check. Spotted by Mudge Zatko.
+
+  - Made some improvements to ASAN checks.
+
+--------------
+Version 0.70b:
+--------------
+
+  - Added explicit detection of ASANified binaries.
+
+  - Fixed compilation issues on Solaris. Reported by Martin Carpenter.
+
+--------------
+Version 0.69b:
+--------------
+
+  - Improved the detection of non-instrumented binaries.
+
+  - Made the crash counter in -C mode accurate.
+
+  - Fixed an obscure install bug that made afl-as non-functional with the tool
+    installed to /usr/bin instead of /usr/local/bin. Found by Florian Kiersch.
+
+  - Fixed for a cosmetic SIGFPE when Ctrl-C is pressed while the fork server
+    is spinning up.
+
+--------------
+Version 0.68b:
+--------------
+
+  - Added crash exploration mode! Woot!
+
+--------------
+Version 0.67b:
+--------------
+
+  - Fixed several more typos, the project is now cartified 100% typo-free.
+    Thanks to Thomas Jarosch and Jakub Wilk.
+
+  - Made a change to write fuzzer_stats early on.
+
+  - Fixed a glitch when (not!) running on MacOS X as root. Spotted by Tobias
+    Ospelt.
+
+  - Made it possible to override -O3 in Makefile. Suggested by Jakub Wilk.
+
+--------------
+Version 0.66b:
+--------------
+
+  - Fixed a very obscure issue with build systems that use gcc as an assembler
+    for hand-written .s files; this would confuse afl-as. Affected nss, reported
+    by Hanno Boeck.
+
+  - Fixed a bug when cleaning up synchronized fuzzer output dirs. Issue reported
+    by Thomas Jarosch.
+
+--------------
+Version 0.65b:
+--------------
+
+  - Cleaned up shell printf escape codes in Makefile. Reported by Jakub Wilk.
+
+  - Added more color to fuzzer_stats, provided short documentation of the file
+    format, and made several other stats-related improvements.
+
+--------------
+Version 0.64b:
+--------------
+
+  - Enabled GCC support on MacOS X.
+
+--------------
+Version 0.63b:
+--------------
+
+  - Provided a new, simplified way to pass data in files (@@). See README.
+
+  - Made additional fixes for 64-bit MacOS X, working around a crashing bug in
+    their linker (umpf) and several other things. It's alive!
+
+  - Added a minor workaround for a bug in 64-bit FreeBSD (clang -m32 -g doesn't
+    work on that platform, but clang -m32 does, so we no longer insert -g).
+
+  - Added a build-time warning for inverse video terminals and better
+    instructions in status_screen.txt.
+
+--------------
+Version 0.62b:
+--------------
+
+  - Made minor improvements to the allocator, as suggested by Tobias Ospelt.
+
+  - Added example instrumented memcmp() in experimental/instrumented_cmp.
+
+  - Added a speculative fix for MacOS X (clang detection, again).
+
+  - Fixed typos in parallel_fuzzing.txt. Problems spotted by Thomas Jarosch.
+
+--------------
+Version 0.61b:
+--------------
+
+  - Fixed a minor issue with clang detection on systems with a clang cc
+    wrapper, so that afl-gcc doesn't confuse it with GCC.
+
+  - Made cosmetic improvements to docs and to the CPU load indicator.
+
+  - Fixed a glitch with crash removal (README.txt left behind, d'oh).
+
+--------------
+Version 0.60b:
+--------------
+
+  - Fixed problems with jump tables generated by exotic versions of GCC. This
+    solves an outstanding problem on OpenBSD when using afl-gcc + PIE (not
+    present with afl-clang).
+
+  - Fixed permissions on one of the sample archives.
+
+  - Added a lahf / sahf workaround for OpenBSD (their assembler doesn't know
+    about these opcodes).
+
+  - Added docs/INSTALL.
+
+--------------
+Version 0.59b:
+--------------
+
+  - Modified 'make install' to also install test cases.
+
+  - Provided better pointers to installed README in afl-fuzz.
+
+  - More work on RLIMIT_AS for OpenBSD.
+
+--------------
+Version 0.58b:
+--------------
+
+  - Added a core count check on Linux.
+
+  - Refined the code for the lack-of-RLIMIT_AS case on OpenBSD.
+
+  - Added a rudimentary CPU utilization meter to help with optimal loading.
+
+--------------
+Version 0.57b:
+--------------
+
+  - Made fixes to support FreeBSD and OpenBSD: use_64bit is now inferred if not
+    explicitly specified when calling afl-as, and RLIMIT_AS is behind an #ifdef.
+    Thanks to Fabian Keil and Jonathan Gray for helping troubleshoot this.
+
+  - Modified 'make install' to also install docs (in /usr/local/share/doc/afl).
+
+  - Fixed a typo in status_screen.txt.
+
+  - Made a couple of Makefile improvements as proposed by Jakub Wilk.
+
+--------------
+Version 0.56b:
+--------------
+
+  - Added probabilistic instrumentation density reduction in ASAN mode. This
+    compensates for ASAN-specific branches in a crude but workable way.
+
+  - Updated notes_for_asan.txt.
+
+--------------
+Version 0.55b:
+--------------
+
+  - Implemented smarter out_dir behavior, automatically deleting directories
+    that don't contain anything of special value. Requested by several folks,
+    including Hanno Boeck.
+
+  - Added more detail in fuzzer_stats (start time, run time, fuzzer PID).
+
+  - Implemented support for configurable install prefixes in Makefile
+    ($PREFIX), as requested by Luca Barbato.
+
+  - Made it possible to resume by doing -i <out_dir>, without having to specify
+    -i <out_dir>/queue/.
+
+--------------
+Version 0.54b:
+--------------
+
+  - Added a fix for -Wformat warning messages (oops, I thought this had been in
+    place for a while).
+
+--------------
+Version 0.53b:
+--------------
+
+  - Redesigned the crash & hang duplicate detection code to better deal with
+    fault conditions that can be reached in a multitude of ways.
+
+    The old approach could be compared to hashing stack traces to de-dupe
+    crashes, a method prone to crash count inflation. The alternative I
+    wanted to avoid would be equivalent to just looking at crash %eip,
+    which can have false negatives in common functions such as memcpy().
+
+    The middle ground currently used in afl-fuzz can be compared to looking
+    at every line item in the stack trace and tagging crashes as unique if
+    we see any function name that we haven't seen before (or if something that
+    we have *always* seen there suddenly disappears). We do the comparison
+    without paying any attention to ordering or hit counts. This can still
+    cause some crash inflation early on, but the problem will quickly taper
+    off. So, you may get 20 dupes instead of 5,000.
+    
+  - Added a fix for harmless but absurd trim ratios shown if the first exec in
+    the trimmer timed out. Spotted by @EspenGx.
+
+--------------
+Version 0.52b:
+--------------
+
+  - Added a quick summary of the contents in experimental/.
+
+  - Made a fix to the process of writing fuzzer_stats.
+
+  - Slightly reorganized the .state/ directory, now recording redundant paths,
+    too. Note that this breaks the ability to properly resume older sessions 
+    - sorry about that.
+
+    (To fix this, simply move <out_dir>/.state/* from an older run
+    to <out_dir>/.state/deterministic_done/*.)
+
+--------------
+Version 0.51b:
+--------------
+
+  - Changed the search order for afl-as to avoid the problem with older copies
+    installed system-wide; this also means that I can remove the Makefile check
+    for that.
+
+  - Made it possible to set instrumentation ratio of 0%.
+
+  - Introduced some typos, fixed others.
+
+  - Fixed the test_prev target in Makefile, as reported by Ozzy Johnson.
+
+--------------
+Version 0.50b:
+--------------
+
+  - Improved the 'make install' logic, as suggested by Padraig Brady.
+
+  - Revamped various bits of the documentation, especially around perf_tips.txt;
+    based on the feedback from Alexander Cherepanov.
+
+  - Added AFL_INST_RATIO to afl-as. The only case where this comes handy is
+    ffmpeg, at least as far as I can tell. (Trivia: the current version of 
+    ffmpeg ./configure also ignores CC and --cc, probably unintentionally).
+
+  - Added documentation for all environmental variables (env_variables.txt).
+
+  - Implemented a visual warning for excessive or insufficient bitmap density.
+
+  - Changed afl-gcc to add -O3 by default; use AFL_DONT_OPTIMIZE if you don't
+    like that. Big speed gain for ffmpeg, so seems like a good idea.
+
+  - Made a regression fix to afl-as to ignore .LBB labels in gcc mode.
+
+--------------
+Version 0.49b:
+--------------
+
+  - Fixed more typos, as found by Jakub Wilk.
+
+  - Added support for clang!
+
+  - Changed AFL_HARDEN to *not* include ASAN by default. Use AFL_USE_ASAN if
+    needed. The reasons for this are in notes_for_asan.txt.
+
+  - Switched from configure auto-detection to isatty() to keep afl-as and
+    afl-gcc quiet.
+
+  - Improved installation process to properly create symlinks, rather than
+    copies of binaries.
+
+--------------
+Version 0.48b:
+--------------
+
+  - Improved afl-fuzz to force-set ASAN_OPTIONS=abort_on_error=1. Otherwise,
+    ASAN crashes wouldn't be caught at all. Reported by Hanno Boeck.
+
+  - Improved Makefile mkdir logic, as suggested by Hanno Boeck.
+
+  - Improved the 64-bit instrumentation to properly save r8-r11 registers in
+    the x86 setup code. The old behavior could cause rare problems running
+    *without* instrumentation when the first function called in a particular
+    .o file has 5+ parameters. No impact on code running under afl-fuzz or
+    afl-showmap. Issue spotted by Padraig Brady.
+
+--------------
+Version 0.47b:
+--------------
+
+  - Fixed another Makefile bug for parallel builds of afl. Problem identified
+    by Richard W. M. Jones.
+
+  - Added support for suffixes for -m.
+
+  - Updated the documentation and added notes_for_asan.txt. Based on feedback
+    from Hanno Boeck, Ben Laurie, and others.
+
+  - Moved the project to http://lcamtuf.coredump.cx/afl/.
+
+--------------
+Version 0.46b:
+--------------
+
+  - Cleaned up Makefile dependencies for parallel builds. Requested by 
+    Richard W. M. Jones.
+
+  - Added support for DESTDIR in Makefile. Once again suggested by
+    Richard W. M. Jones :-)
+
+  - Removed all the USE_64BIT stuff; we now just auto-detect compilation mode.
+    As requested by many callers to the show.
+
+  - Fixed rare problems with programs that use snippets of assembly and
+    switch between .code32 and .code64. Addresses a glitch spotted by
+    Hanno Boeck with compiling ToT gdb.
+
+--------------
+Version 0.45b:
+--------------
+
+  - Implemented a test case trimmer. Results in 20-30% size reduction for many
+    types of work loads, with very pronounced improvements in path discovery
+    speeds.
+
+  - Added better warnings for various problems with input directories.
+
+  - Added a Makefile warning for older copies, based on counterintuitive
+    behavior observed by Hovik Manucharyan.
+
+  - Added fuzzer_stats file for status monitoring. Suggested by @dronesec.
+
+  - Fixed moar typos, thanks to Alexander Cherepanov.
+
+  - Implemented better warnings for ASAN memory requirements, based on calls
+    from several angry listeners.
+
+  - Switched to saner behavior with non-tty stdout (less output generated,
+    no ANSI art).
+
+--------------
+Version 0.44b:
+--------------
+
+  - Added support for AFL_CC and AFL_CXX, based on a patch from Ben Laurie.
+
+  - Replaced afl-fuzz -S -D with -M for simplicity.
+
+  - Added a check for .section .text; lack of this prevented main() from
+    getting instrumented for some users. Reported by Tom Ritter.
+
+  - Reorganized the testcases/ directory.
+
+  - Added an extra check to confirm that the build is operational.
+
+  - Made more consistent use of color reset codes, as suggested by Oliver
+    Kunz.
+
+--------------
+Version 0.43b:
+--------------
+
+  - Fixed a bug with 64-bit gcc -shared relocs.
+
+  - Removed echo -e from Makefile for compatibility with dash. Suggested
+    by Jakub Wilk.
+
+  - Added status_screen.txt.
+
+  - Added experimental/canvas_harness.
+
+  - Made a minor change to the Makefile GCC check. Suggested by Hanno Boeck.
+
+--------------
+Version 0.42b:
+--------------
+
+  - Fixed a bug with red zone handling for 64-bit (oops!). Problem reported by
+    Felix Groebert.
+
+  - Implemented horribly experimental ARM support in experimental/arm_support.
+
+  - Made several improvements to error messages.
+
+  - Added AFL_QUIET to silence afl-gcc and afl-as when using wonky build
+    systems. Reported by Hanno Boeck.
+
+  - Improved check for 64-bit compilation, plus several sanity checks
+    in Makefile.
+
+--------------
+Version 0.41b:
+--------------
+
+  - Fixed a fork served bug for processes that call execve().
+
+  - Made minor compatibility fixes to Makefile, afl-gcc; suggested by Jakub
+    Wilk.
+
+  - Fixed triage_crashes.sh to work with the new layout of output directories.
+    Suggested by Jakub Wilk.
+
+  - Made multiple performance-related improvements to the injected
+    instrumentation.
+
+  - Added visual indication of the number of imported paths.
+
+  - Fixed afl-showmap to make it work well with new instrumentation.
+
+  - Added much better error messages for crashes when importing test cases
+    or otherwise calibrating the binary.
+
+--------------
+Version 0.40b:
+--------------
+
+  - Added support for parallelized fuzzing. Inspired by earlier patch
+    from Sebastian Roschke.
+
+  - Added an example in experimental/distributed_fuzzing/.
+
+--------------
+Version 0.39b:
+--------------
+
+  - Redesigned status screen, now 90% more spiffy.
+
+  - Added more verbose and user-friendly messages for some common problems.
+
+  - Modified the resumption code to reconstruct path depth.
+
+  - Changed the code to inhibit core dumps and improve the ability to detect
+    SEGVs.
+
+  - Added a check for redirection of core dumps to programs.
+
+  - Made a minor improvement to the handling of variable paths.
+
+  - Made additional performance tweaks to afl-fuzz, chiefly around mem limits.
+
+  - Added performance_tips.txt.
+
+--------------
+Version 0.38b:
+--------------
+
+  - Fixed an fd leak and +cov tracking bug resulting from changes in 0.37b.
+
+  - Implemented auto-scaling for screen update speed.
+
+  - Added a visual indication when running in non-instrumented mode.
+
+--------------
+Version 0.37b:
+--------------
+
+  - Added fuzz state tracking for more seamless resumption of aborted
+    fuzzing sessions.
+
+  - Removed the -D option, as it's no longer necessary.
+
+  - Refactored calibration code and improved startup reporting.
+
+  - Implemented dynamically scaled timeouts, so that you don't need to
+    play with -t except in some very rare cases.
+
+  - Added visual notification for slow binaries.
+
+  - Improved instrumentation to explicitly cover the other leg of every
+    branch.
+
+--------------
+Version 0.36b:
+--------------
+
+  - Implemented fork server support to avoid the overhead of execve(). A
+    nearly-verbatim design from Jann Horn; still pending part 2 that would
+    also skip initial setup steps (thinking about reliable heuristics now).
+
+  - Added a check for shell scripts used as fuzz targets.
+
+  - Added a check for fuzz jobs that don't seem to be finding anything.
+
+  - Fixed the way IGNORE_FINDS works (was a bit broken after adding splicing
+    and path skip heuristics).
+
+--------------
+Version 0.35b:
+--------------
+
+  - Properly integrated 64-bit instrumentation into afl-as.
+
+--------------
+Version 0.34b:
+--------------
+
+  - Added a new exec count classifier (the working theory is that it gets
+    meaningful coverage with fewer test cases spewed out).
+
+--------------
+Version 0.33b:
+--------------
+
+  - Switched to new, somewhat experimental instrumentation that tries to
+    target only arcs, rather than every line. May be fragile, but is a lot
+    faster (2x+).
+
+  - Made several other cosmetic fixes and typo corrections, thanks to
+    Jakub Wilk.
+
+--------------
+Version 0.32b:
+--------------
+
+  - Another take at fixing the C++ exception thing. Reported by Jakub Wilk.
+
+--------------
+Version 0.31b:
+--------------
+
+  - Made another fix to afl-as to address a potential problem with newer
+    versions of GCC (introduced in 0.28b). Thanks to Jann Horn.
+
+--------------
+Version 0.30b:
+--------------
+
+  - Added more detail about the underlying operations in file names.
+
+--------------
+Version 0.29b:
+--------------
+
+  - Made some general improvements to chunk operations.
+
+--------------
+Version 0.28b:
+--------------
+
+  - Fixed C++ exception handling in newer versions of GCC. Problem diagnosed
+    by Eberhard Mattes.
+
+  - Fixed the handling of the overflow flag. Once again, thanks to
+    Eberhard Mattes.
+
+--------------
+Version 0.27b:
+--------------
+
+  - Added prioritization of new paths over the already-fuzzed ones.
+
+  - Included spliced test case ID in the output file name.
+
+  - Fixed a rare, cosmetic null ptr deref after Ctrl-C.
+
+  - Refactored the code to make copies of test cases in the output directory.
+
+  - Switched to better output file names, keeping track of stage and splicing
+    sources.
+
+--------------
+Version 0.26b:
+--------------
+
+  - Revamped storage of testcases, -u option removed,
+
+  - Added a built-in effort minimizer to get rid of potentially redundant
+    inputs,
+
+  - Provided a testcase count minimization script in experimental/,
+
+  - Made miscellaneous improvements to directory and file handling.
+
+  - Fixed a bug in timeout detection.
+
+--------------
+Version 0.25b:
+--------------
+
+  - Improved count-based instrumentation.
+
+  - Improved the hang deduplication logic.
+
+  - Added -cov prefixes for test cases.
+
+  - Switched from readdir() to scandir() + alphasort() to preserve ordering of
+    test cases.
+
+  - Added a splicing strategy.
+
+  - Made various minor UI improvements and several other bugfixes.
+
+--------------
+Version 0.24b:
+--------------
+
+  - Added program name to the status screen, plus the -T parameter to go with
+    it.
+
+--------------
+Version 0.23b:
+--------------
+
+  - Improved the detection of variable behaviors.
+
+  - Added path depth tracking,
+
+  - Improved the UI a bit,
+
+  - Switched to simplified (XOR-based) tuple instrumentation.
+
+--------------
+Version 0.22b:
+--------------
+
+  - Refactored the handling of long bitflips and some swaps.
+
+  - Fixed the handling of gcc -pipe, thanks to anonymous reporter.
+
+--------------
+Version 0.21b:
+--------------
+
+  - Initial public release.