6 files changed, 63 insertions, 20 deletions

diff --git a/docs/Changelog.md b/docs/Changelog.md
index ef5759c8..e7ba208c 100644
--- a/docs/Changelog.md
+++ b/docs/Changelog.md
@@ -9,6 +9,41 @@ Want to stay in the loop on major new features? Join our mailing list by
 sending a mail to <afl-users+subscribe@googlegroups.com>.
 
 
+### Version ++2.65d (dev)
+  - afl-fuzz:
+     - -S slaves now only sync from the master to increase performance,
+       the -M master still syncs from everyone. Added checks that ensure
+       exactly one master is present and warn otherwise
+     - If no master is present at a sync one slave automatically becomes
+       a temporary master until a real master shows up
+     - fix/update to MOpt (thanks to arnow117)
+  - llvm_mode:
+    - the default instrumentation is now PCGUARD, as it is faster and provides
+      better coverage. The original afl instrumentation can be set via
+      AFL_LLVM_INSTRUMENT=AFL. This is automatically done when the WHITELIST
+      feature is used.
+    - lowered minimum required llvm version to 3.4 (except LLVMInsTrim,
+      which needs 3.8.0)
+    - small change to cmplog to make it work with current llvm 11-dev
+    - added AFL_LLVM_LAF_ALL, sets all laf-intel settings
+    - LTO whitelist functionality rewritten, now main, _init etc functions
+      need not to be whitelisted anymore
+    - fixed crash in compare-transform-pass when strcasecmp/strncasecmp was
+      tried to be instrumented with LTO
+    - fixed crash in cmplog with LTO
+    - enable snapshot lkm also for persistent mode
+  - persistent mode shared memory testcase handover (instead of via
+    files/stdin) - 10-100% performance increase
+  - General support for 64 bit PowerPC, RiscV, Sparc etc.
+  - slightly better performance compilation options for afl++ and targets
+  - fixed afl-gcc/afl-as that could break on fast systems reusing pids in
+    the same second
+  - added lots of dictionaries from oss-fuzz, go-fuzz and Jakub Wilk
+  - added former post_library examples to examples/custom_mutators/
+  - Dockerfile upgraded to Ubuntu 20.04 Focal and installing llvm 11 and gcc 10
+    so afl-clang-lto can be build
+
+
 ### Version ++2.65c (release):
   - afl-fuzz:
      - AFL_MAP_SIZE was not working correctly
diff --git a/docs/INSTALL.md b/docs/INSTALL.md
index 0f9673ad..766f24d7 100644
--- a/docs/INSTALL.md
+++ b/docs/INSTALL.md
@@ -17,7 +17,7 @@ You can start using the fuzzer without installation, but it is also possible to
 install it with:
 
 ```bash
-make install
+sudo make install
 ```
 
 There are no special dependencies to speak of; you will need GNU make and a
@@ -46,7 +46,7 @@ please install it first. As on Linux, you can use the fuzzer itself without
 installation, or install it with:
 
 ```
-gmake install
+sudo gmake install
 ```
 
 Keep in mind that if you are using csh as your shell, the syntax of some of the
diff --git a/docs/QuickStartGuide.md b/docs/QuickStartGuide.md
index 1e1d60b7..10be409a 100644
--- a/docs/QuickStartGuide.md
+++ b/docs/QuickStartGuide.md
@@ -10,8 +10,9 @@ how to hit the ground running:
    If testing a network service, modify it to run in the foreground and read
    from stdin. When fuzzing a format that uses checksums, comment out the
    checksum verification code, too.
-   If this is not possible (e.g. in -Q(emu) mode) then use AFL_POST_LIBRARY
-   to calculate the values with your own library.
+
+   If this is not possible (e.g. in -Q(emu) mode) then use
+   AFL_CUSTOM_MUTATOR_LIBRARY to calculate the values with your own library.
 
    The program must crash properly when a fault is encountered. Watch out for
    custom SIGSEGV or SIGABRT handlers and background processes. For tips on
diff --git a/docs/env_variables.md b/docs/env_variables.md
index 2668be7d..867e937e 100644
--- a/docs/env_variables.md
+++ b/docs/env_variables.md
@@ -190,13 +190,18 @@ Then there are a few specific features that are only available in llvm_mode:
     to allow afl-fuzz to find otherwise rather impossible paths. It is not
     restricted to Intel CPUs ;-)
 
-    - Setting AFL_LLVM_LAF_SPLIT_SWITCHES will split switch()es
-
     - Setting AFL_LLVM_LAF_TRANSFORM_COMPARES will split string compare functions
 
+    - Setting AFL_LLVM_LAF_SPLIT_SWITCHES will split switch()es
+
     - Setting AFL_LLVM_LAF_SPLIT_COMPARES will split all floating point and
       64, 32 and 16 bit integer CMP instructions
 
+    - Setting AFL_LLVM_LAF_SPLIT_FLOATS will split floating points, needs
+      AFL_LLVM_LAF_SPLIT_COMPARES to be set
+
+    - Setting AFL_LLVM_LAF_ALL sets all of the above
+
     See llvm_mode/README.laf-intel.md for more information.
 
 ### WHITELIST
diff --git a/docs/life_pro_tips.md b/docs/life_pro_tips.md
index 0724e83c..a5bd7286 100644
--- a/docs/life_pro_tips.md
+++ b/docs/life_pro_tips.md
@@ -82,8 +82,8 @@ You can find a simple solution in examples/argv_fuzzing.
 
 ## Attacking a format that uses checksums? 
 
-Remove the checksum-checking code or
-use a postprocessor! See examples/post_library/ for more.
+Remove the checksum-checking code or use a postprocessor!
+See examples/custom_mutators/ for more.
 
 ## Dealing with a very slow target or hoping for instant results? 
 
diff --git a/docs/parallel_fuzzing.md b/docs/parallel_fuzzing.md
index 8b39df04..c6e54218 100644
--- a/docs/parallel_fuzzing.md
+++ b/docs/parallel_fuzzing.md
@@ -40,14 +40,14 @@ for every instance - say, "fuzzer01", "fuzzer02", etc.
 Run the first one ("master", -M) like this:
 
 ```
-$ ./afl-fuzz -i testcase_dir -o sync_dir -M fuzzer01 [...other stuff...]
+./afl-fuzz -i testcase_dir -o sync_dir -M fuzzer01 [...other stuff...]
 ```
 
 ...and then, start up secondary (-S) instances like this:
 
 ```
-$ ./afl-fuzz -i testcase_dir -o sync_dir -S fuzzer02 [...other stuff...]
-$ ./afl-fuzz -i testcase_dir -o sync_dir -S fuzzer03 [...other stuff...]
+./afl-fuzz -i testcase_dir -o sync_dir -S fuzzer02 [...other stuff...]
+./afl-fuzz -i testcase_dir -o sync_dir -S fuzzer03 [...other stuff...]
 ```
 
 Each fuzzer will keep its state in a separate subdirectory, like so:
@@ -57,21 +57,23 @@ Each fuzzer will keep its state in a separate subdirectory, like so:
 Each instance will also periodically rescan the top-level sync directory
 for any test cases found by other fuzzers - and will incorporate them into
 its own fuzzing when they are deemed interesting enough.
+For performance reasons only -M masters sync the queue with everyone, the
+-S slaves will only sync from the master.
 
 The difference between the -M and -S modes is that the master instance will
 still perform deterministic checks; while the secondary instances will
-proceed straight to random tweaks. If you don't want to do deterministic
-fuzzing at all, it's OK to run all instances with -S. With very slow or complex
-targets, or when running heavily parallelized jobs, this is usually a good plan.
+proceed straight to random tweaks.
+
+Note that you must always have one -M master instance!
 
 Note that running multiple -M instances is wasteful, although there is an
 experimental support for parallelizing the deterministic checks. To leverage
 that, you need to create -M instances like so:
 
 ```
-$ ./afl-fuzz -i testcase_dir -o sync_dir -M masterA:1/3 [...]
-$ ./afl-fuzz -i testcase_dir -o sync_dir -M masterB:2/3 [...]
-$ ./afl-fuzz -i testcase_dir -o sync_dir -M masterC:3/3 [...]
+./afl-fuzz -i testcase_dir -o sync_dir -M masterA:1/3 [...]
+./afl-fuzz -i testcase_dir -o sync_dir -M masterB:2/3 [...]
+./afl-fuzz -i testcase_dir -o sync_dir -M masterC:3/3 [...]
 ```
 
 ...where the first value after ':' is the sequential ID of a particular master
@@ -89,9 +91,9 @@ must use a separate temporary file; otherwise, things will go south. One safe
 example may be:
 
 ```
-$ ./afl-fuzz [...] -S fuzzer10 -f file10.txt ./fuzzed/binary @@
-$ ./afl-fuzz [...] -S fuzzer11 -f file11.txt ./fuzzed/binary @@
-$ ./afl-fuzz [...] -S fuzzer12 -f file12.txt ./fuzzed/binary @@
+./afl-fuzz [...] -S fuzzer10 -f file10.txt ./fuzzed/binary @@
+./afl-fuzz [...] -S fuzzer11 -f file11.txt ./fuzzed/binary @@
+./afl-fuzz [...] -S fuzzer12 -f file12.txt ./fuzzed/binary @@
 ```
 
 This is not a concern if you use @@ without -f and let afl-fuzz come up with the