Fix QEMU for AFL++

2 files changed, 22 insertions, 0 deletions

diff --git a/loftix/emulation.scm b/loftix/emulation.scm
index 0f7cbe2..a0d4a9c 100644
--- a/loftix/emulation.scm
+++ b/loftix/emulation.scm
@@ -78,6 +78,11 @@
                               ,(string-append "--prefix=" out)
                               ,(string-append "--sysconfdir=/etc")
                               ,@configure-flags)))))
+               (add-after 'install 'install-qasan-header
+                 (lambda* (#:key outputs #:allow-other-keys)
+                   (install-file "qemuafl/qasan.h"
+                                 (string-append (assoc-ref outputs "out")
+                                                "/include"))))
                (delete 'delete-firmwares)))))))))
 
 (define-public qemu-for-fuzzolic
diff --git a/loftix/fuzzing.scm b/loftix/fuzzing.scm
index c715bbc..de1ac77 100644
--- a/loftix/fuzzing.scm
+++ b/loftix/fuzzing.scm
@@ -33,6 +33,23 @@
   (package
     (inherit aflplusplus)
     (name "afl++")
+    (arguments
+      (substitute-keyword-arguments (package-arguments aflplusplus)
+        ((#:phases phases)
+         #~(modify-phases #$phases
+             (add-after 'build 'build-qasan
+               (lambda* (#:key make-flags #:allow-other-keys)
+                 (apply invoke
+                   "make" "-C" "qemu_mode/libqasan"
+                   make-flags)))
+             ;; afl-qemu-trace is a symbolic link to QEMU's binary.
+             ;; Substituting its source code with AFL++'s output path
+             ;; would result in a dependency cycle.
+             (add-after 'install-qemu 'wrap-qemu
+               (lambda* (#:key outputs #:allow-other-keys)
+                 (let ((out (assoc-ref outputs "out")))
+                   (wrap-program (string-append out "/bin/afl-qemu-trace")
+                     `("AFL_PATH" = (,(string-append out "/lib/afl")))))))))))
     (inputs (modify-inputs (package-inputs aflplusplus)
               (replace "qemu" qemu-for-aflplusplus)))))