AFLplusplus
diff --git a/‎README.md
Lines changed: 2 additions & 2 deletions b/‎README.md
Lines changed: 2 additions & 2 deletions
diff --git a/‎TODO.md
Lines changed: 2 additions & 1 deletion b/‎TODO.md
Lines changed: 2 additions & 1 deletion
diff --git a/‎custom_mutators/grammar_mutator/GRAMMAR_VERSION
Lines changed: 1 addition & 1 deletion b/‎custom_mutators/grammar_mutator/GRAMMAR_VERSION
Lines changed: 1 addition & 1 deletion
diff --git a/‎custom_mutators/grammar_mutator/grammar_mutator b/‎custom_mutators/grammar_mutator/grammar_mutator
diff --git a/‎docs/Changelog.md
Lines changed: 10 additions & 2 deletions b/‎docs/Changelog.md
Lines changed: 10 additions & 2 deletions
diff --git a/‎docs/env_variables.md
Lines changed: 3 additions & 0 deletions b/‎docs/env_variables.md
Lines changed: 3 additions & 0 deletions
diff --git a/‎frida_mode/src/instrument/instrument_x64_cache.c
Lines changed: 11 additions & 2 deletions b/‎frida_mode/src/instrument/instrument_x64_cache.c
Lines changed: 11 additions & 2 deletions
diff --git a/‎frida_mode/src/ranges.c
Lines changed: 15 additions & 16 deletions b/‎frida_mode/src/ranges.c
Lines changed: 15 additions & 16 deletions
diff --git a/‎include/afl-fuzz.h
Lines changed: 4 additions & 1 deletion b/‎include/afl-fuzz.h
Lines changed: 4 additions & 1 deletion
diff --git a/‎include/config.h
Lines changed: 3 additions & 3 deletions b/‎include/config.h
Lines changed: 3 additions & 3 deletions
@@ -2,9 +2,9 @@
 
 <img align="right" src="https://raw.githubusercontent.com/AFLplusplus/Website/main/static/aflpp_bg.svg" alt="AFL++ logo" width="250" heigh="250">
 
-Release version: [4.20c](https://github.com/AFLplusplus/AFLplusplus/releases)
+Release version: [4.21c](https://github.com/AFLplusplus/AFLplusplus/releases)
 
-GitHub version: 4.21a
+GitHub version: 4.21c
 
 Repository:
 [https://github.com/AFLplusplus/AFLplusplus](https://github.com/AFLplusplus/AFLplusplus)
 
@@ -2,6 +2,8 @@
 
 ## Must
 
+ - fast restart of afl-fuzz if cmdline + target hash is the same
+ - check for null ptr for xml/curl/g_ string transform functions
  - hardened_usercopy=0 page_alloc.shuffle=0
  - add value_profile but only enable after 15 minutes without finds
  - cmplog max items env?
@@ -11,7 +13,6 @@
  - afl-showmap -f support
  - afl-fuzz multicore wrapper script
  - when trimming then perform crash detection
- - cyclomatic complexity: 2 + calls + edges - blocks
 
 
 ## Should
 
@@ -1 +1 @@
-5ed4f8d
+95a6857
@@ -3,12 +3,16 @@
   This is the list of all noteworthy changes made in every public
   release of the tool. See README.md for the general instruction manual.
 
-### Version ++4.21a (dev)
+### Version ++4.21c (release)
   * afl-fuzz
     - fixed a regression in afl-fuzz that resulted in a 5-10% performace loss
       do a switch from gettimeofday() to clock_gettime() which should be rather
       three times faster. The reason for this is unknown.
+    - new queue selection algorithm based on 2 core years of queue data
+      analysis. gives a noticable improvement on coverage although the results
+      seem counterintuitive :-)
     - added AFL_DISABLE_REDUNDANT for huge queues
+    - added `AFL_NO_SYNC` environment variable that does what you think it does
     - fix AFL_PERSISTENT_RECORD
     - run custom_post_process after standard trimming
     - prevent filenames in the queue that have spaces
@@ -19,6 +23,9 @@
     - -V timing is now accurately the fuzz time (without syncing), before
       long calibration times and syncing could result in now fuzzing being
       made when the time was already run out until then, thanks to @eqv!
+    - fix -n uninstrumented mode when ending fuzzing
+    - enhanced the ASAN configuration
+    - make afl-fuzz use less memory with cmplog and fix a memleak
   * afl-cc:
     - re-enable i386 support that was accidently disabled
     - fixes for LTO and outdated afl-gcc mode for i386
@@ -32,7 +39,8 @@
   * afl-showmap
     - fix memory leak on shmem testcase usage (thanks to @ndrewh)
     - minor fix to collect coverage -C (thanks to @bet4it)
-  * enhanced the ASAN configuration
+  * Fixed a shmem mmap bug (that rarely came up on MacOS)
+  * libtokencap: script generate_libtoken_dict.sh added by @a-shvedov 
 
 
 ### Version ++4.20c (release)
 
@@ -588,6 +588,9 @@ checks or alter some of the more exotic semantics of the tool:
     between fuzzing instances synchronization. Default sync time is 30 minutes,
     note that time is halved for -M main nodes.
 
+  - `AFL_NO_SYNC` disables any syncing whatsoever and takes priority on all
+    other syncing parameters.
+
   - Setting `AFL_TARGET_ENV` causes AFL++ to set extra environment variables for
     the target binary. Example: `AFL_TARGET_ENV="VAR1=1 VAR2='a b c'" afl-fuzz
     ... `. This exists mostly for things like `LD_LIBRARY_PATH` but it would
 
@@ -49,14 +49,23 @@ void instrument_cache_init(void) {
 
   if (setrlimit(RLIMIT_AS, &data_limit) != 0) {
 
-    FFATAL("Failed to setrlimit: %d", errno);
+    FWARNF("Failed to setrlimit: %d, you may need root or CAP_SYS_RESOURCE",
+           errno);
 
   }
 
   map_base =
       gum_memory_allocate(NULL, instrument_cache_size, instrument_cache_size,
                           GUM_PAGE_READ | GUM_PAGE_WRITE);
-  if (map_base == MAP_FAILED) { FFATAL("Failed to map segment: %d", errno); }
+  if (map_base == MAP_FAILED) {
+
+    FFATAL(
+        "Failed to map segment: %d. This can be caused by failure to setrlimit."
+        "Disabling or reducing the size of the allocation using "
+        "AFL_FRIDA_INST_NO_CACHE or AFL_FRIDA_INST_CACHE_SIZE may help",
+        errno);
+
+  }
 
   FOKF(cBLU "Instrumentation" cRST " - " cGRN "cache addr:" cYEL " [0x%016lX]",
        GUM_ADDRESS(map_base));
 
@@ -194,24 +194,23 @@ static gboolean print_ranges_callback(const GumRangeDetails *details,
 
   if (details->file == NULL) {
 
-    FVERBOSE("\t0x%016" G_GINT64_MODIFIER "x-0x%016" G_GINT64_MODIFIER
-             "X %c%c%c",
-             details->range->base_address,
-             details->range->base_address + details->range->size,
-             details->protection & GUM_PAGE_READ ? 'R' : '-',
-             details->protection & GUM_PAGE_WRITE ? 'W' : '-',
-             details->protection & GUM_PAGE_EXECUTE ? 'X' : '-');
+    OKF("\t0x%016" G_GINT64_MODIFIER "x-0x%016" G_GINT64_MODIFIER "X %c%c%c",
+        details->range->base_address,
+        details->range->base_address + details->range->size,
+        details->protection & GUM_PAGE_READ ? 'R' : '-',
+        details->protection & GUM_PAGE_WRITE ? 'W' : '-',
+        details->protection & GUM_PAGE_EXECUTE ? 'X' : '-');
 
   } else {
 
-    FVERBOSE("\t0x%016" G_GINT64_MODIFIER "x-0x%016" G_GINT64_MODIFIER
-             "X %c%c%c %s(0x%016" G_GINT64_MODIFIER "x)",
-             details->range->base_address,
-             details->range->base_address + details->range->size,
-             details->protection & GUM_PAGE_READ ? 'R' : '-',
-             details->protection & GUM_PAGE_WRITE ? 'W' : '-',
-             details->protection & GUM_PAGE_EXECUTE ? 'X' : '-',
-             details->file->path, details->file->offset);
+    OKF("\t0x%016" G_GINT64_MODIFIER "x-0x%016" G_GINT64_MODIFIER
+        "X %c%c%c %s(0x%016" G_GINT64_MODIFIER "x)",
+        details->range->base_address,
+        details->range->base_address + details->range->size,
+        details->protection & GUM_PAGE_READ ? 'R' : '-',
+        details->protection & GUM_PAGE_WRITE ? 'W' : '-',
+        details->protection & GUM_PAGE_EXECUTE ? 'X' : '-', details->file->path,
+        details->file->offset);
 
   }
 
@@ -581,7 +580,7 @@ static GArray *merge_ranges(GArray *a) {
 
 void ranges_print_debug_maps(void) {
 
-  FVERBOSE("Maps");
+  OKF("Maps");
   gum_process_enumerate_ranges(GUM_PAGE_NO_ACCESS, print_ranges_callback, NULL);
 
 }
 
@@ -457,7 +457,7 @@ typedef struct afl_env_vars {
       afl_no_startup_calibration, afl_no_warn_instability,
       afl_post_process_keep_original, afl_crashing_seeds_as_new_crash,
       afl_final_sync, afl_ignore_seed_problems, afl_disable_redundant,
-      afl_sha1_filenames;
+      afl_sha1_filenames, afl_no_sync;
 
   u8 *afl_tmpdir, *afl_custom_mutator_library, *afl_python_module, *afl_path,
       *afl_hang_tmout, *afl_forksrv_init_tmout, *afl_preload,
@@ -656,6 +656,7 @@ typedef struct afl_state {
       switch_fuzz_mode,                 /* auto or fixed fuzz mode          */
       calibration_time_us,              /* Time spend on calibration        */
       sync_time_us,                     /* Time spend on sync               */
+      cmplog_time_us,                   /* Time spend on cmplog             */
       trim_time_us;                     /* Time spend on trimming           */
 
   u32 slowest_exec_ms,                  /* Slowest testcase non hang in ms  */
@@ -1226,6 +1227,7 @@ void show_init_stats(afl_state_t *);
 void update_calibration_time(afl_state_t *afl, u64 *time);
 void update_trim_time(afl_state_t *afl, u64 *time);
 void update_sync_time(afl_state_t *afl, u64 *time);
+void update_cmplog_time(afl_state_t *afl, u64 *time);
 
 /* StatsD */
 
@@ -1276,6 +1278,7 @@ void   get_core_count(afl_state_t *);
 void   fix_up_sync(afl_state_t *);
 void   check_asan_opts(afl_state_t *);
 void   check_binary(afl_state_t *, u8 *);
+u64    get_binary_hash(u8 *fn);
 void   check_if_tty(afl_state_t *);
 void   save_cmdline(afl_state_t *, u32, char **);
 void   read_foreign_testcases(afl_state_t *, int);
 
@@ -26,7 +26,7 @@
 /* Version string: */
 
 // c = release, a = volatile github dev, e = experimental branch
-#define VERSION "++4.21a"
+#define VERSION "++4.21c"
 
 /******************************************************
  *                                                    *
@@ -324,9 +324,9 @@
 #define SYNC_INTERVAL 8
 
 /* Sync time (minimum time between syncing in ms, time is halfed for -M main
-   nodes) - default is 30 minutes: */
+   nodes) - default is 20 minutes: */
 
-#define SYNC_TIME (30 * 60 * 1000)
+#define SYNC_TIME (20 * 60 * 1000)
 
 /* Output directory reuse grace period (minutes): */