improve docs, enable laf compare if float is set

3 files changed, 35 insertions, 3 deletions

diff --git a/docs/Changelog.md b/docs/Changelog.md
index d3d5063b..7efab1e6 100644
--- a/docs/Changelog.md
+++ b/docs/Changelog.md
@@ -23,6 +23,8 @@ sending a mail to <afl-users+subscribe@googlegroups.com>.
      - LTO: autodictionary mode is a default
      - LTO: instrim instrumentation disabled, only classic support used
             as it is always better
+     - setting AFL_LLVM_LAF_SPLIT_FLOATS now activates
+       AFL_LLVM_LAF_SPLIT_COMPARES
   - added honggfuzz mangle as a custom mutator in custom_mutators/honggfuzz
   - added afl-frida gum solution to examples/afl_frida (mostly imported
     from https://github.com/meme/hotwax/)
diff --git a/docs/FAQ.md b/docs/FAQ.md
index d848e08a..e09385a8 100644
--- a/docs/FAQ.md
+++ b/docs/FAQ.md
@@ -2,13 +2,24 @@
 
 ## Contents
 
-  1. [What is an edge?](#what-is-an-edge)
-  2. [Why is my stability below 100%?](#why-is-my-stability-below-100)
-  3. [How can I improve the stability value](#how-can-i-improve-the-stability-value)
+  1. [How to improve the fuzzing speed?](#how-to-improve-the-fuzzing-speed)
+  2. [What is an edge?](#what-is-an-edge)
+  3. [Why is my stability below 100%?](#why-is-my-stability-below-100)
+  4. [How can I improve the stability value](#how-can-i-improve-the-stability-value)
 
 If you find an interesting or important question missing, submit it via
 [https://github.com/AFLplusplus/AFLplusplus/issues](https://github.com/AFLplusplus/AFLplusplus/issues)
 
+## How to improve the fuzzing speed
+
+  1. use [llvm_mode](docs/llvm_mode/README.md): afl-clang-lto (llvm >= 11) or afl-clang-fast (llvm >= 9 recommended)
+  2. Use [persistent mode](llvm_mode/README.persistent_mode.md) (x2-x20 speed increase)
+  3. Use the [afl++ snapshot module](https://github.com/AFLplusplus/AFL-Snapshot-LKM) (x2 speed increase)
+  4. If you do not use shmem persistent mode, use `AFL_TMPDIR` to point the input file on a tempfs location, see [docs/env_variables.md](docs/env_variables.md)
+  5. Improve kernel performance: modify `/etc/default/grub`, set `GRUB_CMDLINE_LINUX_DEFAULT="ibpb=off ibrs=off kpti=off l1tf=off mds=off mitigations=off no_stf_barrier noibpb noibrs nopcid nopti nospec_store_bypass_disable nospectre_v1 nospectre_v2 pcid=off pti=off spec_store_bypass_disable=off spectre_v2=off stf_barrier=off"`; then `update-grub` and `reboot` (warning: makes the system more insecure)
+  6. Running on an `ext2` filesystem with `noatime` mount option will be a bit faster than on any other journaling filesystem
+  7. Use your cores! [README.md:3.b) Using multiple cores/threads](../README.md#b-using-multiple-coresthreads)
+
 ## What is an "edge"
 
 A program contains `functions`, `functions` contain the compiled machine code.
diff --git a/docs/binaryonly_fuzzing.md b/docs/binaryonly_fuzzing.md
index 7c9be418..111147e2 100644
--- a/docs/binaryonly_fuzzing.md
+++ b/docs/binaryonly_fuzzing.md
@@ -8,12 +8,17 @@
 
   The following is a description of how these binaries can be fuzzed with afl++
 
+
 ## TL;DR:
 
   qemu_mode in persistent mode is the fastest - if the stability is
   high enough. Otherwise try retrowrite, afl-dyninst and if these
   fail too then standard qemu_mode with AFL_ENTRYPOINT to where you need it.
 
+  If your a target is library use examples/afl_frida/.
+
+  If your target is non-linux then use unicorn_mode/
+
 
 ## QEMU
 
@@ -57,6 +62,20 @@
   As it is included in afl++ this needs no URL.
 
 
+## AFL FRIDA
+
+   If you want to fuzz a binary-only shared library then you can fuzz it with
+   frida-gum via examples/afl_frida/, you will have to write a harness to
+   call the target function in the library, use afl-frida.c as a template.
+
+
+## AFL UNTRACER
+
+   If you want to fuzz a binary-only shared library then you can fuzz it with
+   examples/afl_untracer/, use afl-untracer.c as a template.
+   It is slower than AFL FRIDA (see above).
+
+
 ## DYNINST
 
   Dyninst is a binary instrumentation framework similar to Pintool and