26 files changed, 116 insertions, 61 deletions

diff --git a/GNUmakefile b/GNUmakefile
index 309a7d4c..64ff7d40 100644
--- a/GNUmakefile
+++ b/GNUmakefile
@@ -493,8 +493,6 @@ endif
 code-format:
 	./.custom-format.py -i src/*.c
 	./.custom-format.py -i include/*.h
-	./.custom-format.py -i libdislocator/*.c
-	./.custom-format.py -i libtokencap/*.c
 	./.custom-format.py -i instrumentation/*.h
 	./.custom-format.py -i instrumentation/*.cc
 	./.custom-format.py -i instrumentation/*.c
@@ -506,8 +504,6 @@ code-format:
 	./.custom-format.py -i qemu_mode/libcompcov/*.c
 	./.custom-format.py -i qemu_mode/libcompcov/*.cc
 	./.custom-format.py -i qemu_mode/libcompcov/*.h
-	./.custom-format.py -i qbdi_mode/*.c
-	./.custom-format.py -i qbdi_mode/*.cpp
 	./.custom-format.py -i *.h
 	./.custom-format.py -i *.c
 
@@ -531,7 +527,7 @@ endif
 .PHONY: all_done
 all_done: test_build
 	@test -e afl-cc && echo "[+] Main compiler 'afl-cc' successfully built!" || { echo "[-] Main compiler 'afl-cc' failed to built, set up a working build environment first!" ; exit 1 ; }
-	@test -e cmplog-instructions-pass.so && echo "[+] LLVM mode for 'afl-cc' successfully built!" || echo "[-] LLVM mode for 'afl-cc'  failed to built, likely you either have not llvm installed or you have not set LLVM_CONFIG pointing to e.g. llvm-config-11. See instrumenation/README.llvm.md how to do this. Highly recommended!"
+	@test -e cmplog-instructions-pass.so && echo "[+] LLVM mode for 'afl-cc' successfully built!" || echo "[-] LLVM mode for 'afl-cc'  failed to built, likely you either don't llvm installed, or you need to set LLVM_CONFIG, to point to e.g. llvm-config-11. See instrumenation/README.llvm.md how to do this. Highly recommended!"
 	@test -e SanitizerCoverageLTO.so && echo "[+] LLVM LTO mode for 'afl-cc' successfully built!" || echo "[-] LLVM LTO mode for 'afl-cc'  failed to built, this would need LLVM 11+, see instrumentation/README.lto.md how to build it"
 	@test -e afl-gcc-pass.so && echo "[+] gcc_plugin for 'afl-cc' successfully built!" || echo "[-] gcc_plugin for 'afl-cc'  failed to built, unless you really need it that is fine - or read instrumentation/README.gcc_plugin.md how to build it"
 	@echo "[+] All done! Be sure to review the README.md - it's pretty short and useful."
@@ -545,8 +541,8 @@ clean:
 	rm -f $(PROGS) libradamsa.so afl-fuzz-document afl-as as afl-g++ afl-clang afl-clang++ *.o src/*.o *~ a.out core core.[1-9][0-9]* *.stackdump .test .test1 .test2 test-instr .test-instr0 .test-instr1 afl-qemu-trace afl-gcc-fast afl-gcc-pass.so afl-g++-fast ld *.so *.8 test/unittests/*.o test/unittests/unit_maybe_alloc test/unittests/preallocable .afl-* afl-gcc afl-g++ afl-clang afl-clang++ test/unittests/unit_hash test/unittests/unit_rand
 	-$(MAKE) -f GNUmakefile.llvm clean
 	-$(MAKE) -f GNUmakefile.gcc_plugin clean
-	$(MAKE) -C libdislocator clean
-	$(MAKE) -C libtokencap clean
+	$(MAKE) -C utils/libdislocator clean
+	$(MAKE) -C utils/libtokencap clean
 	$(MAKE) -C utils/afl_network_proxy clean
 	$(MAKE) -C utils/socket_fuzzing clean
 	$(MAKE) -C utils/argv_fuzzing clean
@@ -570,8 +566,8 @@ deepclean:	clean
 distrib: all
 	-$(MAKE) -f GNUmakefile.llvm
 	-$(MAKE) -f GNUmakefile.gcc_plugin
-	$(MAKE) -C libdislocator
-	$(MAKE) -C libtokencap
+	$(MAKE) -C utils/libdislocator
+	$(MAKE) -C utils/libtokencap
 	$(MAKE) -C utils/aflpp_driver
 	$(MAKE) -C utils/afl_network_proxy
 	$(MAKE) -C utils/socket_fuzzing
@@ -581,8 +577,8 @@ distrib: all
 
 .PHONY: binary-only
 binary-only: all
-	$(MAKE) -C libdislocator
-	$(MAKE) -C libtokencap
+	$(MAKE) -C utils/libdislocator
+	$(MAKE) -C utils/libtokencap
 	$(MAKE) -C utils/afl_network_proxy
 	$(MAKE) -C utils/socket_fuzzing
 	$(MAKE) -C utils/argv_fuzzing
@@ -593,8 +589,8 @@ binary-only: all
 source-only: all
 	-$(MAKE) -f GNUmakefile.llvm
 	-$(MAKE) -f GNUmakefile.gcc_plugin
-	$(MAKE) -C libdislocator
-	$(MAKE) -C libtokencap
+	$(MAKE) -C utils/libdislocator
+	$(MAKE) -C utils/libtokencap
 	$(MAKE) -C utils/aflpp_driver
 
 %.8:	%
diff --git a/GNUmakefile.gcc_plugin b/GNUmakefile.gcc_plugin
index 3f658a47..ee211c24 100644
--- a/GNUmakefile.gcc_plugin
+++ b/GNUmakefile.gcc_plugin
@@ -67,12 +67,12 @@ ifeq "$(shell echo '$(HASH)include <sys/ipc.h>@$(HASH)include <sys/shm.h>@int ma
 	SHMAT_OK=1
 else
 	SHMAT_OK=0
-	override CFLAGS += -DUSEMMAP=1
+	override CFLAGS_SAFE += -DUSEMMAP=1
 endif
 
 ifeq "$(TEST_MMAP)" "1"
 	SHMAT_OK=0
-	override CFLAGS += -DUSEMMAP=1
+	override CFLAGS_SAFE += -DUSEMMAP=1
 endif
 
 ifneq "$(shell uname -s)" "Haiku"
diff --git a/README.md b/README.md
index 94d5008e..dc009def 100644
--- a/README.md
+++ b/README.md
@@ -56,6 +56,9 @@ behaviours and defaults:
       editing config.h for TESTCASE_CACHE or by specifying the env variable
       `AFL_TESTCACHE_SIZE` (in MB). Good values are between 50-500 (default: 50).
   * examples/ got renamed to utils/
+  * libtokencap/ libdislocator/ and qdbi_mode/ were moved to utils/
+  * afl-cmin/afl-cmin.bash now search first in PATH and last in AFL_PATH
+
 
 ## Contents
 
@@ -167,7 +170,7 @@ If you want to build afl++ yourself you have many options.
 The easiest choice is to build and install everything:
 
 ```shell
-sudo apt install build-essential python3-dev automake flex bison libglib2.0-dev libpixman-1-dev clang python3-setuptools llvm
+sudo apt install build-essential python3-dev automake flex bison libglib2.0-dev libpixman-1-dev clang python3-setuptools clang llvm llvm-dev libstdc++-dev
 make distrib
 sudo make install
 ```
@@ -547,7 +550,7 @@ something is already included for your data format, and tell afl-fuzz to load
 that dictionary by adding `-x dictionaries/FORMAT.dict`. With afl-clang-lto
 you have an autodictionary generation for which you need to do nothing except
 to use afl-clang-lto as the compiler. You also have the option to generate
-a dictionary yourself, see [libtokencap/README.md](libtokencap/README.md).
+a dictionary yourself, see [utils/libtokencap/README.md](utils/libtokencap/README.md).
 
 afl-fuzz has a variety of options that help to workaround target quirks like
 specific locations for the input file (`-f`), not performing deterministic
diff --git a/afl-cmin b/afl-cmin
index 93174b8b..292d9d9d 100755
--- a/afl-cmin
+++ b/afl-cmin
@@ -120,7 +120,7 @@ function usage() {
 "AFL_CRASH_EXITCODE: optional child exit code to be interpreted as crash\n" \
 "AFL_FORKSRV_INIT_TMOUT: time the fuzzer waits for the target to come up, initially\n" \
 "AFL_KEEP_TRACES: leave the temporary <out_dir>/.traces directory\n" \
-"AFL_PATH: path for the afl-showmap binary\n" \
+"AFL_PATH: path for the afl-showmap binary if not found anywhere else\n" \
 "AFL_SKIP_BIN_CHECK: skip check for target binary\n"
    exit 1
 }
@@ -313,14 +313,18 @@ BEGIN {
     close( stdin_file )
   }
 
-  if (!ENVIRON["AFL_PATH"]) {
-    if (0 == system("test -f afl-cmin")) {
+  # First we look in PATH
+  if (0 == system("command -v afl-showmap >/dev/null 2>&1")) {
+    "command -v afl-showmap 2>/dev/null" | getline showmap
+  } else {
+    # then we look in the current directory
+    if (0 == system("test -x ./afl-showmap")) {
       showmap = "./afl-showmap"
     } else {
-      "command -v afl-showmap 2>/dev/null" | getline showmap
+      if (ENVIRON["AFL_PATH"]) {
+        showmap = ENVIRON["AFL_PATH"] "/afl-showmap"
+      }
     }
-  } else {
-    showmap = ENVIRON["AFL_PATH"] "/afl-showmap"
   }
 
   if (!showmap || 0 != system("test -x "showmap )) {
diff --git a/afl-cmin.bash b/afl-cmin.bash
index 637949bc..fb50f1fc 100755
--- a/afl-cmin.bash
+++ b/afl-cmin.bash
@@ -132,7 +132,7 @@ For additional tips, please consult README.md.
 
 Environment variables used:
 AFL_KEEP_TRACES: leave the temporary <out_dir>\.traces directory
-AFL_PATH: path for the afl-showmap binary
+AFL_PATH: last resort location to find the afl-showmap binary
 AFL_SKIP_BIN_CHECK: skip check for target binary
 _EOF_
   exit 1
@@ -244,10 +244,21 @@ if [ ! "$STDIN_FILE" = "" ]; then
   touch "$STDIN_FILE" || exit 1
 fi
 
-if [ "$AFL_PATH" = "" ]; then
-  SHOWMAP="${0%/afl-cmin.bash}/afl-showmap"
+SHOWMAP=`command -v afl-showmap 2>/dev/null`
+
+if [ -z "$SHOWMAP" ]; then
+  TMP="${0%/afl-cmin.bash}/afl-showmap"
+  if [ -x "$TMP" ]; then
+    SHOWMAP=$TMP
+  fi
+fi
+
+if [ -z "$SHOWMAP" -a -x "./afl-showmap" ]; then
+  SHOWMAP="./afl-showmap"
 else
-  SHOWMAP="$AFL_PATH/afl-showmap"
+  if [ -n "$AFL_PATH" ]; then
+    SHOWMAP="$AFL_PATH/afl-showmap"
+  fi
 fi
 
 if [ ! -x "$SHOWMAP" ]; then
diff --git a/docs/Changelog.md b/docs/Changelog.md
index 5201eb8b..5094769d 100644
--- a/docs/Changelog.md
+++ b/docs/Changelog.md
@@ -12,6 +12,7 @@ sending a mail to <afl-users+subscribe@googlegroups.com>.
 ### Version ++3.00a (develop)
   - llvm_mode/ and gcc_plugin/ moved to instrumentation/
   - examples/ renamed to utils/
+  - moved libdislocator, libtokencap and qdbi_mode to utils/
   - all compilers combined to afl-cc which emulates the previous ones
   - afl-llvm/gcc-rt.o merged into afl-compiler-rt.o
   - afl-fuzz
@@ -63,6 +64,7 @@ sending a mail to <afl-users+subscribe@googlegroups.com>.
     - added INTROSPECTION support for custom modules
     - python fuzz function was not optional, fixed
     - some python mutator speed improvements
+  - afl-cmin/afl-cmin.bash now search first in PATH and last in AFL_PATH
   - unicornafl synced with upstream version 1.02 (fixes, better rust bindings)
   - renamed AFL_DEBUG_CHILD_OUTPUT to AFL_DEBUG_CHILD
   - added AFL_CRASH_EXITCODE env variable to treat a child exitcode as crash
diff --git a/docs/life_pro_tips.md b/docs/life_pro_tips.md
index 77845c63..50ad75d4 100644
--- a/docs/life_pro_tips.md
+++ b/docs/life_pro_tips.md
@@ -13,7 +13,7 @@ See [parallel_fuzzing.md](parallel_fuzzing.md) for step-by-step tips.
 
 ## Improve the odds of spotting memory corruption bugs with libdislocator.so!
 
-It's easy. Consult [libdislocator/README.md](../libdislocator/README.md) for usage tips.
+It's easy. Consult [utils/libdislocator/README.md](../utils/libdislocator/README.md) for usage tips.
 
 ## Want to understand how your target parses a particular input file?
 
diff --git a/docs/notes_for_asan.md b/docs/notes_for_asan.md
index f08ae3fb..2b3bc028 100644
--- a/docs/notes_for_asan.md
+++ b/docs/notes_for_asan.md
@@ -35,7 +35,7 @@ no sanitizers compiled in.
 There is also the option of generating a corpus using a non-ASAN binary, and
 then feeding it to an ASAN-instrumented one to check for bugs. This is faster,
 and can give you somewhat comparable results. You can also try using
-libdislocator (see libdislocator/README.dislocator.md in the parent directory) as a
+libdislocator (see [utils/libdislocator/README.dislocator.md](../utils/libdislocator/README.dislocator.md) in the parent directory) as a
 lightweight and hassle-free (but less thorough) alternative.
 
 ## 2) Long version
diff --git a/instrumentation/afl-compiler-rt.o.c b/instrumentation/afl-compiler-rt.o.c
index c29861e6..99dcbb67 100644
--- a/instrumentation/afl-compiler-rt.o.c
+++ b/instrumentation/afl-compiler-rt.o.c
@@ -174,8 +174,8 @@ static void __afl_map_shm_fuzz() {
     u8 *map = NULL;
 
 #ifdef USEMMAP
-    const char *   shm_file_path = id_str;
-    int            shm_fd = -1;
+    const char *shm_file_path = id_str;
+    int         shm_fd = -1;
 
     /* create the shared memory segment as if it was a file */
     shm_fd = shm_open(shm_file_path, O_RDWR, 0600);
@@ -414,8 +414,8 @@ static void __afl_map_shm(void) {
   if (id_str) {
 
 #ifdef USEMMAP
-    const char *   shm_file_path = id_str;
-    int            shm_fd = -1;
+    const char *    shm_file_path = id_str;
+    int             shm_fd = -1;
     struct cmp_map *shm_base = NULL;
 
     /* create the shared memory segment as if it was a file */
diff --git a/src/afl-cc.c b/src/afl-cc.c
index 273a9f2f..14d8e070 100644
--- a/src/afl-cc.c
+++ b/src/afl-cc.c
@@ -130,20 +130,27 @@ static u8 *find_object(u8 *obj, u8 *argv0) {
   u8 *afl_path = getenv("AFL_PATH");
   u8 *slash = NULL, *tmp;
 
-  if (obj_path) {
+  /*
+    if (obj_path) {
 
-    tmp = alloc_printf("%s/%s", obj_path, obj);
+      tmp = alloc_printf("%s/%s", obj_path, obj);
 
-    if (!access(tmp, R_OK)) { return tmp; }
+      if (debug) DEBUGF("Trying %s\n", tmp);
 
-    ck_free(tmp);
+      if (!access(tmp, R_OK)) { return tmp; }
 
-  }
+      ck_free(tmp);
+
+    }
+
+  */
 
   if (afl_path) {
 
     tmp = alloc_printf("%s/%s", afl_path, obj);
 
+    if (debug) DEBUGF("Trying %s\n", tmp);
+
     if (!access(tmp, R_OK)) {
 
       obj_path = afl_path;
@@ -168,6 +175,8 @@ static u8 *find_object(u8 *obj, u8 *argv0) {
 
       tmp = alloc_printf("%s/%s", dir, obj);
 
+      if (debug) DEBUGF("Trying %s\n", tmp);
+
       if (!access(tmp, R_OK)) {
 
         obj_path = dir;
@@ -178,6 +187,8 @@ static u8 *find_object(u8 *obj, u8 *argv0) {
       ck_free(tmp);
       tmp = alloc_printf("%s/../lib/afl/%s", dir, obj);
 
+      if (debug) DEBUGF("Trying %s\n", tmp);
+
       if (!access(tmp, R_OK)) {
 
         u8 *dir2 = alloc_printf("%s/../lib/afl", dir);
@@ -232,6 +243,8 @@ static u8 *find_object(u8 *obj, u8 *argv0) {
             ck_free(tmp);
             tmp = alloc_printf("%s/../lib/afl/%s", exepath, obj);
 
+            if (debug) DEBUGF("Trying %s\n", tmp);
+
             if (!access(tmp, R_OK)) {
 
               u8 *dir = alloc_printf("%s/../lib/afl/", exepath);
@@ -255,6 +268,8 @@ static u8 *find_object(u8 *obj, u8 *argv0) {
 
   tmp = alloc_printf("%s/%s", AFL_PATH, obj);
 
+  if (debug) DEBUGF("Trying %s\n", tmp);
+
   if (!access(tmp, R_OK)) {
 
     obj_path = AFL_PATH;
@@ -266,6 +281,8 @@ static u8 *find_object(u8 *obj, u8 *argv0) {
 
   tmp = alloc_printf("./%s", obj);
 
+  if (debug) DEBUGF("Trying %s\n", tmp);
+
   if (!access(tmp, R_OK)) {
 
     obj_path = ".";
@@ -275,6 +292,8 @@ static u8 *find_object(u8 *obj, u8 *argv0) {
 
   ck_free(tmp);
 
+  if (debug) DEBUGF("Trying ... giving up\n");
+
   return NULL;
 
 }
diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c
index 5a8e56b2..3afb94be 100644
--- a/src/afl-forkserver.c
+++ b/src/afl-forkserver.c
@@ -960,6 +960,8 @@ void afl_fsrv_write_to_testcase(afl_forkserver_t *fsrv, u8 *buf, size_t len) {
 
   if (fsrv->shmem_fuzz) {
 
+    if (unlikely(len > MAX_FILE)) len = MAX_FILE;
+
     *fsrv->shmem_fuzz_len = len;
     memcpy(fsrv->shmem_fuzz, buf, len);
 #ifdef _DEBUG
diff --git a/src/afl-sharedmem.c b/src/afl-sharedmem.c
index cef908e0..3e671df5 100644
--- a/src/afl-sharedmem.c
+++ b/src/afl-sharedmem.c
@@ -252,10 +252,10 @@ u8 *afl_shm_init(sharedmem_t *shm, size_t map_size,
 
     shm_str = alloc_printf("%d", shm->shm_id);
 
-    /* If somebody is asking us to fuzz instrumented binaries in non-instrumented
-       mode, we don't want them to detect instrumentation, since we won't be
-       sending fork server commands. This should be replaced with better
-       auto-detection later on, perhaps? */
+    /* If somebody is asking us to fuzz instrumented binaries in
+       non-instrumented mode, we don't want them to detect instrumentation,
+       since we won't be sending fork server commands. This should be replaced
+       with better auto-detection later on, perhaps? */
 
     setenv(SHM_ENV_VAR, shm_str, 1);
 
diff --git a/libdislocator/Makefile b/utils/libdislocator/Makefile
index 1c2fcaa7..2942c3c3 100644
--- a/libdislocator/Makefile
+++ b/utils/libdislocator/Makefile
@@ -16,28 +16,28 @@
 PREFIX      ?= /usr/local
 HELPER_PATH  = $(PREFIX)/lib/afl
 
-VERSION     = $(shell grep '^\#define VERSION ' ../config.h | cut -d '"' -f2)
+VERSION     = $(shell grep '^\#define VERSION ' ../../config.h | cut -d '"' -f2)
 
 CFLAGS      ?= -O3 -funroll-loops -D_FORTIFY_SOURCE=2
-CFLAGS += -I ../include/ -Wall -g -Wno-pointer-sign
+CFLAGS += -I ../../include/ -Wall -g -Wno-pointer-sign
 
 CFLAGS_ADD=$(USEHUGEPAGE:1=-DUSEHUGEPAGE)
 CFLAGS += $(CFLAGS_ADD)
 
 all: libdislocator.so
 
-VPATH = ..
-libdislocator.so: libdislocator.so.c ../config.h
-	$(CC) $(CFLAGS) $(CPPFLAGS) -shared -fPIC libdislocator.so.c -o ../$@ $(LDFLAGS)
+libdislocator.so: libdislocator.so.c ../../config.h
+	$(CC) $(CFLAGS) $(CPPFLAGS) -shared -fPIC libdislocator.so.c -o $@ $(LDFLAGS)
+	cp -fv libdislocator.so ../../
 
 .NOTPARALLEL: clean
 
 clean:
 	rm -f *.o *.so *~ a.out core core.[1-9][0-9]*
-	rm -f ../libdislocator.so
+	rm -f ../../libdislocator.so
 
 install: all
 	install -m 755 -d $${DESTDIR}$(HELPER_PATH)
-	install -m 755 ../libdislocator.so $${DESTDIR}$(HELPER_PATH)
+	install -m 755 ../../libdislocator.so $${DESTDIR}$(HELPER_PATH)
 	install -m 644 -T README.md $${DESTDIR}$(HELPER_PATH)/README.dislocator.md
 
diff --git a/libdislocator/README.md b/utils/libdislocator/README.md
index 1785463e..1785463e 100644
--- a/libdislocator/README.md
+++ b/utils/libdislocator/README.md
diff --git a/libdislocator/libdislocator.so.c b/utils/libdislocator/libdislocator.so.c
index 2324e390..2324e390 100644
--- a/libdislocator/libdislocator.so.c
+++ b/utils/libdislocator/libdislocator.so.c
diff --git a/libtokencap/Makefile b/utils/libtokencap/Makefile
index 2343125f..8bbdc259 100644
--- a/libtokencap/Makefile
+++ b/utils/libtokencap/Makefile
@@ -18,10 +18,10 @@ HELPER_PATH  = $(PREFIX)/lib/afl
 DOC_PATH    ?= $(PREFIX)/share/doc/afl
 MAN_PATH    ?= $(PREFIX)/share/man/man8
 
-VERSION     = $(shell grep '^\#define VERSION ' ../config.h | cut -d '"' -f2)
+VERSION     = $(shell grep '^\#define VERSION ' ../../config.h | cut -d '"' -f2)
 
 CFLAGS      ?= -O3 -funroll-loops -D_FORTIFY_SOURCE=2
-CFLAGS += -I ../include/ -Wall -g -Wno-pointer-sign
+CFLAGS += -I ../../include/ -Wall -g -Wno-pointer-sign
 
 
 UNAME_S =$(shell uname -s)# GNU make
@@ -68,9 +68,9 @@ LDFLAGS     += $(_____OS_DL)
 #endif
 all: $(TARGETS)
 
-VPATH = ..
-libtokencap.so: libtokencap.so.c ../config.h
-	$(CC) $(CFLAGS) $(CPPFLAGS) -shared -fPIC $< -o ../$@ $(LDFLAGS)
+libtokencap.so: libtokencap.so.c ../../config.h
+	$(CC) $(CFLAGS) $(CPPFLAGS) -shared -fPIC $< -o $@ $(LDFLAGS)
+	cp -f libtokencap.so ../../
 
 .NOTPARALLEL: clean
 
@@ -86,9 +86,9 @@ debug:
 
 clean:
 	rm -f *.o *.so *~ a.out core core.[1-9][0-9]*
-	rm -f ../libtokencap.so
+	rm -fv ../../libtokencap.so
 
 install: all
 	install -m 755 -d $${DESTDIR}$(HELPER_PATH)
-	install -m 755 ../libtokencap.so $${DESTDIR}$(HELPER_PATH)
+	install -m 755 ../../libtokencap.so $${DESTDIR}$(HELPER_PATH)
 	install -m 644 -T README.md $${DESTDIR}$(DOC_PATH)/README.tokencap.md
diff --git a/libtokencap/README.md b/utils/libtokencap/README.md
index 13a440da..13a440da 100644
--- a/libtokencap/README.md
+++ b/utils/libtokencap/README.md
diff --git a/libtokencap/libtokencap.so.c b/utils/libtokencap/libtokencap.so.c
index 3629e804..3629e804 100644
--- a/libtokencap/libtokencap.so.c
+++ b/utils/libtokencap/libtokencap.so.c
diff --git a/utils/persistent_mode/persistent_demo.c b/utils/persistent_mode/persistent_demo.c
index 4cedc32c..f5e43728 100644
--- a/utils/persistent_mode/persistent_demo.c
+++ b/utils/persistent_mode/persistent_demo.c
@@ -27,9 +27,15 @@
 #include <unistd.h>
 #include <signal.h>
 #include <string.h>
+#include <limits.h>
 
 /* Main entry point. */
 
+/* To ensure checks are not optimized out it is recommended to disable
+   code optimization for the fuzzer harness main() */
+#pragma clang optimize off
+#pragma GCC            optimize("O0")
+
 int main(int argc, char **argv) {
 
   ssize_t len;                               /* how much input did we read? */
@@ -42,7 +48,7 @@ int main(int argc, char **argv) {
      and similar hiccups. */
 
   __AFL_INIT();
-  while (__AFL_LOOP(1000)) {
+  while (__AFL_LOOP(UINT_MAX)) {
 
     /*** PLACEHOLDER CODE ***/
 
diff --git a/utils/persistent_mode/persistent_demo_new.c b/utils/persistent_mode/persistent_demo_new.c
index 0d24a51e..7e694696 100644
--- a/utils/persistent_mode/persistent_demo_new.c
+++ b/utils/persistent_mode/persistent_demo_new.c
@@ -27,6 +27,7 @@
 #include <unistd.h>
 #include <signal.h>
 #include <string.h>
+#include <limits.h>
 
 /* this lets the source compile without afl-clang-fast/lto */
 #ifndef __AFL_FUZZ_TESTCASE_LEN
@@ -47,6 +48,11 @@ __AFL_FUZZ_INIT();
 
 /* Main entry point. */
 
+/* To ensure checks are not optimized out it is recommended to disable
+   code optimization for the fuzzer harness main() */
+#pragma clang optimize off
+#pragma GCC            optimize("O0")
+
 int main(int argc, char **argv) {
 
   ssize_t        len;                        /* how much input did we read? */
@@ -60,7 +66,7 @@ int main(int argc, char **argv) {
   __AFL_INIT();
   buf = __AFL_FUZZ_TESTCASE_BUF;  // this must be assigned before __AFL_LOOP!
 
-  while (__AFL_LOOP(1000)) {  // increase if you have good stability
+  while (__AFL_LOOP(UINT_MAX)) {  // increase if you have good stability
 
     len = __AFL_FUZZ_TESTCASE_LEN;  // do not use the macro directly in a call!
 
diff --git a/utils/persistent_mode/test-instr.c b/utils/persistent_mode/test-instr.c
index a6188b22..6da511de 100644
--- a/utils/persistent_mode/test-instr.c
+++ b/utils/persistent_mode/test-instr.c
@@ -17,15 +17,21 @@
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <fcntl.h>
+#include <limits.h>
 
 __AFL_FUZZ_INIT();
 
+/* To ensure checks are not optimized out it is recommended to disable
+   code optimization for the fuzzer harness main() */
+#pragma clang optimize off
+#pragma GCC            optimize("O0")
+
 int main(int argc, char **argv) {
 
   __AFL_INIT();
   unsigned char *buf = __AFL_FUZZ_TESTCASE_BUF;
 
-  while (__AFL_LOOP(2147483647)) {  // MAX_INT if you have 100% stability
+  while (__AFL_LOOP(UINT_MAX)) {  // if you have 100% stability
 
     unsigned int len = __AFL_FUZZ_TESTCASE_LEN;
 
diff --git a/qbdi_mode/README.md b/utils/qbdi_mode/README.md
index 641a6e85..641a6e85 100755
--- a/qbdi_mode/README.md
+++ b/utils/qbdi_mode/README.md
diff --git a/qbdi_mode/assets/screen1.png b/utils/qbdi_mode/assets/screen1.png
index 3cf1cb76..3cf1cb76 100644
--- a/qbdi_mode/assets/screen1.png
+++ b/utils/qbdi_mode/assets/screen1.png
Binary files differdiff --git a/qbdi_mode/build.sh b/utils/qbdi_mode/build.sh
index b10971d9..2527bd26 100755
--- a/qbdi_mode/build.sh
+++ b/utils/qbdi_mode/build.sh
@@ -51,7 +51,7 @@ ${compiler_prefix}${CC} -shared -o libdemo.so demo-so.c -w -g
 
 echo "[+] Building afl-fuzz for Android"
 # build afl-fuzz
-cd ..
-${compiler_prefix}${CC} -DANDROID_DISABLE_FANCY=1 -O3 -funroll-loops -Wall -D_FORTIFY_SOURCE=2 -g -Wno-pointer-sign -I include/ -DAFL_PATH=\"/usr/local/lib/afl\" -DBIN_PATH=\"/usr/local/bin\" -DDOC_PATH=\"/usr/local/share/doc/afl\" -Wno-unused-function src/afl-fuzz-*.c src/afl-fuzz.c src/afl-common.c src/afl-sharedmem.c src/afl-forkserver.c -o qbdi_mode/afl-fuzz  -ldl -w
+cd ../..
+${compiler_prefix}${CC} -DANDROID_DISABLE_FANCY=1 -O3 -funroll-loops -Wall -D_FORTIFY_SOURCE=2 -g -Wno-pointer-sign -I include/ -DAFL_PATH=\"/usr/local/lib/afl\" -DBIN_PATH=\"/usr/local/bin\" -DDOC_PATH=\"/usr/local/share/doc/afl\" -Wno-unused-function src/afl-fuzz-*.c src/afl-fuzz.c src/afl-common.c src/afl-sharedmem.c src/afl-forkserver.c -o utils/qbdi_mode/afl-fuzz  -ldl -w
 
 echo "[+] All done. Enjoy!"
diff --git a/qbdi_mode/demo-so.c b/utils/qbdi_mode/demo-so.c
index dd367036..dd367036 100755
--- a/qbdi_mode/demo-so.c
+++ b/utils/qbdi_mode/demo-so.c
diff --git a/qbdi_mode/template.cpp b/utils/qbdi_mode/template.cpp
index b2066cc8..b2066cc8 100755
--- a/qbdi_mode/template.cpp
+++ b/utils/qbdi_mode/template.cpp