updated changelog and todo

2 files changed, 15 insertions, 66 deletions

diff --git a/TODO.md b/TODO.md
index 83f37336..ffd6b5ad 100644
--- a/TODO.md
+++ b/TODO.md
@@ -2,13 +2,7 @@
 
 ## Roadmap 2.63
 
-Makefile:
- - -march=native -Ofast -flto=full (especially for afl-fuzz)
-
-llvm_mode:
- - using lto + opt to instrument at link time and select basic block IDs
-   that do not result in collisions
-   (Solution for "The far away future", see bottom of file)
+ - get "no global vars" working
 
 
 ## Further down the road
@@ -25,6 +19,7 @@ gcc_plugin:
 
 qemu_mode:
  - update to 4.x (probably this will be skipped :( )
+ - non colliding instrumentation
  - instrim for QEMU mode via static analysis (with r2pipe? or angr?)
    Idea: The static analyzer outputs a map in which each edge that must be
    skipped is marked with 1. QEMU loads it at startup in the parent process.
@@ -37,58 +32,4 @@ qemu_mode:
 
 custom_mutators:
  - rip what Superion is doing into custom mutators for js, php, etc.
- - uniform python and custom mutators API
-
-
-## The far away future:
-
-Problem: Average targets (tiff, jpeg, unrar) go through 1500 edges.
-         At afl's default map that means ~16 collisions and ~3 wrappings.
-
- - Solution #1: increase map size.
-
-    => speed loss is bad. last resort solution
-
-    every +1 decreases fuzzing speed by ~10% and halfs the collisions
-    birthday paradox predicts collisions at this # of edges:
-    
-    | mapsize | collisions at | speed decrease  |
-    | :-----: | :-----------: | :-------------: |
-    | 2^16    | 302           |        0%       |
-    | 2^17    | 427           |       10%       |
-    | 2^18    | 603           |       25%       |
-    | 2^19    | 853           |       43%       |
-    | 2^20    | 1207          |       62%       |
-    | 2^21    | 1706          |        ?%       |
-    | 2^22    | 2412          |        ?%       |
-    | 2^23    | 3411          |        ?%       |
-    | 2^24    | 4823          |        ?%       |
-
-    Increasing the map is an easy solution but also not a complete and
-    efficient one.
-
- - Solution #2: use dynamic map size and collision free basic block IDs
-
-    => This works and is the selected solution
-
-    This only works in llvm_mode - obviously.
-
- - Solution #3: write instruction pointers to a big shared map
-
-    => Tested and it is a dead end
-
-    512kb/1MB shared map and the instrumented code writes the instruction
-    pointer into the map. Map must be big enough but could be command line
-    controlled.
-    
-    Good: complete coverage information, nothing is lost. choice of analysis
-          impacts speed, but this can be decided by user options
-    
-    Neutral: a little bit slower but no loss of coverage
-    
-    Bad: completely changes how afl uses the map and the scheduling.
-    Overall another very good solution, Marc Heuse/vanHauser follows this up
-    
- - Solution #4: ???
 
-   other ideas?
diff --git a/docs/Changelog.md b/docs/Changelog.md
index 56b45738..595ed5a8 100644
--- a/docs/Changelog.md
+++ b/docs/Changelog.md
@@ -11,15 +11,23 @@ sending a mail to <afl-users+subscribe@googlegroups.com>.
 
 ### Version ++2.62d (develop):
 
+  - all:
+    - big code changes to make afl-fuzz thread-safe so afl-fuzz can spawn 
+      multiple fuzzing threads in the future or even become a library
+    - afl basic tools now report on the environment variables picked up
+    - more tools get environment variable usage info in the help output
+  - afl-fuzz:
+    - python mutator modules and custom mutator modules now use the same
+      interface and hence the API changed
+    - AFL_AUTORESUME will resume execution without the need to specify `-i -`
   - LTO collision free instrumented added in llvm_mode with afl-clang-lto -
     note that this mode is amazing, but quite some targets won't compile
   - qemu_mode now uses solely the internal capstone version to fix builds
     on modern Linux distributions
-  - afl-fuzz basic tools now report on the environment variables picked up
-  - more tools get environment variable usage info in the help output
-  - AFL_AUTORESUME will resume execution without the need to specify `-i -`
-  - afl-tmin now supports hang mode `-H` to minimize hangs
-  - fixed potential afl-tmin missbehavior for targets with multiple hangs
+  - afl-tmin:
+    - now supports hang mode `-H` to minimize hangs
+    - fixed potential afl-tmin missbehavior for targets with multiple hangs
+  - Pressing Control-c in afl-cmin did not terminate it for some OS
 
 
 ### Version ++2.62c (release):