6 files changed, 47 insertions, 12 deletions

diff --git a/docs/Changelog.md b/docs/Changelog.md
index fcfd2ce8..d397a764 100644
--- a/docs/Changelog.md
+++ b/docs/Changelog.md
@@ -8,6 +8,19 @@
 Want to stay in the loop on major new features? Join our mailing list by
 sending a mail to <afl-users+subscribe@googlegroups.com>.
 
+### Version ++3.15a (dev)
+  - added the very good grammar mutator "GramaTron" to the
+    custom_mutators
+  - added optimin, a faster and better corpus minimizer by
+    Adrian Herrera. Thank you!
+  - added afl-persistent-config script to set perform permanent system
+    configuration settings for fuzzing, for Linux and Macos.
+    thanks to jhertz!
+  - added xml, curl and exotic string functions to llvm dictionary features
+  - fix AFL_PRELOAD issues on MacOS
+  - removed utils/afl_frida because frida_mode/ is now so much better
+
+
 ### Version ++3.14c (release)
   - afl-fuzz:
     - fix -F when a '/' was part of the parameter
diff --git a/docs/FAQ.md b/docs/FAQ.md
index 0f447044..0eeea1c5 100644
--- a/docs/FAQ.md
+++ b/docs/FAQ.md
@@ -58,8 +58,8 @@ Solution: `git pull ; make clean install` of afl++
 
 ## How to improve the fuzzing speed?
 
-  1. Use [llvm_mode](docs/llvm_mode/README.md): afl-clang-lto (llvm >= 11) or afl-clang-fast (llvm >= 9 recommended)
-  2. Use [persistent mode](llvm_mode/README.persistent_mode.md) (x2-x20 speed increase)
+  1. Use [llvm_mode](../instrumentation/README.llvm.md): afl-clang-lto (llvm >= 11) or afl-clang-fast (llvm >= 9 recommended)
+  2. Use [persistent mode](../instrumentation/README.persistent_mode.md) (x2-x20 speed increase)
   3. Use the [afl++ snapshot module](https://github.com/AFLplusplus/AFL-Snapshot-LKM) (x2 speed increase)
   4. If you do not use shmem persistent mode, use `AFL_TMPDIR` to put the input file directory on a tempfs location, see [docs/env_variables.md](docs/env_variables.md)
   5. Improve Linux kernel performance: modify `/etc/default/grub`, set `GRUB_CMDLINE_LINUX_DEFAULT="ibpb=off ibrs=off kpti=off l1tf=off mds=off mitigations=off no_stf_barrier noibpb noibrs nopcid nopti nospec_store_bypass_disable nospectre_v1 nospectre_v2 pcid=off pti=off spec_store_bypass_disable=off spectre_v2=off stf_barrier=off"`; then `update-grub` and `reboot` (warning: makes the system less secure)
@@ -77,7 +77,7 @@ Using a network channel is inadequate for several reasons:
 
 The established method to fuzz network services is to modify the source code
 to read from a file or stdin (fd 0) (or even faster via shared memory, combine
-this with persistent mode [llvm_mode/README.persistent_mode.md](llvm_mode/README.persistent_mode.md)
+this with persistent mode [instrumentation/README.persistent_mode.md](../instrumentation/README.persistent_mode.md)
 and you have a performance gain of x10 instead of a performance loss of over
 x10 - that is a x100 difference!).
 
@@ -197,7 +197,7 @@ afl-clang-fast PCGUARD and afl-clang-lto LTO instrumentation.
 
      b) For PCGUARD instrumented binaries it is much more difficult. Here you
         can either modify the __sanitizer_cov_trace_pc_guard function in
-        llvm_mode/afl-llvm-rt.o.c to write a backtrace to a file if the ID in
+        instrumentation/afl-llvm-rt.o.c to write a backtrace to a file if the ID in
         __afl_area_ptr[*guard] is one of the unstable edge IDs.
         (Example code is already there).
         Then recompile and reinstall llvm_mode and rebuild your target.
@@ -225,7 +225,7 @@ afl-clang-fast PCGUARD and afl-clang-lto LTO instrumentation.
      remove from instrumentation, or just specify the functions you want to
      skip for instrumentation. Note that optimization might inline functions!
 
-     Simply follow this document on how to do this: [llvm_mode/README.instrument_list.md](llvm_mode/README.instrument_list.md)
+     Simply follow this document on how to do this: [instrumentation/README.instrument_list.md](../instrumentation/README.instrument_list.md)
      If PCGUARD is used, then you need to follow this guide (needs llvm 12+!):
      [http://clang.llvm.org/docs/SanitizerCoverage.html#partially-disabling-instrumentation](http://clang.llvm.org/docs/SanitizerCoverage.html#partially-disabling-instrumentation)
 
diff --git a/docs/INSTALL.md b/docs/INSTALL.md
index fc57f546..17af532a 100644
--- a/docs/INSTALL.md
+++ b/docs/INSTALL.md
@@ -74,12 +74,32 @@ and depend mostly on user feedback.
 To build AFL, install llvm (and perhaps gcc) from brew and follow the general
 instructions for Linux. If possible avoid Xcode at all cost.
 
+`brew install wget git make cmake llvm gdb`
+
+Be sure to setup PATH to point to the correct clang binaries and use the
+freshly installed clang, clang++ and gmake, e.g.:
+
+```
+export PATH="/usr/local/Cellar/llvm/12.0.1/bin/:$PATH"
+export CC=clang
+export CXX=clang++
+gmake
+cd frida_mode
+gmake
+cd ..
+gmake install
+```
+
 afl-gcc will fail unless you have GCC installed, but that is using outdated
 instrumentation anyway. You don't want that.
+Note that afl-clang-lto, afl-gcc-fast and qemu_mode are not working on MacOS.
 
 The crash reporting daemon that comes by default with MacOS X will cause
-problems with fuzzing. You need to turn it off by following the instructions
-provided here: http://goo.gl/CCcd5u
+problems with fuzzing. You need to turn it off:
+```
+launchctl unload -w /System/Library/LaunchAgents/com.apple.ReportCrash.plist
+sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.ReportCrash.Root.plist
+```
 
 The `fork()` semantics on OS X are a bit unusual compared to other unix systems
 and definitely don't look POSIX-compliant. This means two things:
diff --git a/docs/custom_mutators.md b/docs/custom_mutators.md
index 2c0ca3c5..dc036efc 100644
--- a/docs/custom_mutators.md
+++ b/docs/custom_mutators.md
@@ -47,7 +47,7 @@ int afl_custom_post_trim(void *data, unsigned char success);
 size_t afl_custom_havoc_mutation(void *data, unsigned char *buf, size_t buf_size, unsigned char **out_buf, size_t max_size);
 unsigned char afl_custom_havoc_mutation_probability(void *data);
 unsigned char afl_custom_queue_get(void *data, const unsigned char *filename);
-void afl_custom_queue_new_entry(void *data, const unsigned char *filename_new_queue, const unsigned int *filename_orig_queue);
+u8 afl_custom_queue_new_entry(void *data, const unsigned char *filename_new_queue, const unsigned int *filename_orig_queue);
 const char* afl_custom_introspection(my_mutator_t *data);
 void afl_custom_deinit(void *data);
 ```
@@ -88,7 +88,7 @@ def queue_get(filename):
     return True
 
 def queue_new_entry(filename_new_queue, filename_orig_queue):
-    pass
+    return False
 
 def introspection():
     return string
@@ -156,6 +156,7 @@ def deinit():  # optional for Python
 - `queue_new_entry` (optional):
 
     This methods is called after adding a new test case to the queue.
+    If the contents of the file was changed return True, False otherwise.
 
 - `introspection` (optional):
 
diff --git a/docs/env_variables.md b/docs/env_variables.md
index e058f377..cb0a68d7 100644
--- a/docs/env_variables.md
+++ b/docs/env_variables.md
@@ -372,7 +372,7 @@ checks or alter some of the more exotic semantics of the tool:
 
   - Setting `AFL_CUSTOM_MUTATOR_LIBRARY` to a shared library with
     afl_custom_fuzz() creates additional mutations through this library.
-    If afl-fuzz is compiled with Python (which is autodetected during builing
+    If afl-fuzz is compiled with Python (which is autodetected during building
     afl-fuzz), setting `AFL_PYTHON_MODULE` to a Python module can also provide
     additional mutations.
     If `AFL_CUSTOM_MUTATOR_ONLY` is also set, all mutations will solely be
@@ -456,8 +456,8 @@ checks or alter some of the more exotic semantics of the tool:
 
   - Setting `AFL_MAX_DET_EXRAS` will change the threshold at what number of elements
     in the `-x` dictionary and LTO autodict (combined) the probabilistic mode will
-    kick off. In probabilistic mode not all dictionary entires will be used all
-    of the times for fuzzing mutations to not slow down fuzzing.
+    kick off. In probabilistic mode, not all dictionary entries will be used all
+    of the time for fuzzing mutations to not slow down fuzzing.
     The default count is `200` elements. So for the 200 + 1st element, there is a
     1 in 201 chance, that one of the dictionary entries will not be used directly.
 
diff --git a/docs/perf_tips.md b/docs/perf_tips.md
index 9c31e56b..1e8fd4d0 100644
--- a/docs/perf_tips.md
+++ b/docs/perf_tips.md
@@ -170,6 +170,7 @@ spectre_v2=off stf_barrier=off
 ```
     In most Linux distributions you can put this into a `/etc/default/grub`
     variable.
+    You can use `sudo afl-persistent-config` to set these options for you.
 
 The following list of changes are made when executing `afl-system-config`: