add documentation for LTO fixed map address feature

docs/Changelog.md

@@ -17,6 +17,10 @@ sending a mail to <afl-users+subscribe@googlegroups.com>.
     - better dependency checks
   - unicorn_mode:
     - better submodule handling
+  - llvm_mode:
+     - if LLVM 11 is installed the posix shm_open+mmap is used and a fixed
+       address for the shared memory map is used as this increases the
+       fuzzing speed
   - all:
     - fix 32 bit build options
     - make clean now leaves qemu-3.1.1.tar.xz and the unicornafl directory

docs/env_variables.md

@@ -123,6 +123,11 @@ Then there are a few specific features that are only available in llvm_mode:
     These are used if several seperated instrumentation are performed which
     are then later combined.
 
+
+   - AFL_LLVM_MAP_ADDR sets the fixed map address to a different address than
+     the default 0x10000. A value of 0 or empty sets the map address to be
+     dynamic (the original afl way, which is slower)
+   - AFL_LLVM_MAP_DYNAMIC sets the shared memory address to be dynamic
    - AFL_LLVM_LTO_STARTID sets the starting location ID for the instrumentation.
      This defaults to 1
    - AFL_LLVM_LTO_DONTWRITEID prevents that the highest location ID written