Preview IJON support in AFL++

1 files changed, 181 insertions, 0 deletions

diff --git a/patches/qemu-for-aflplusplus-imported-headers.patch b/patches/qemu-for-aflplusplus-imported-headers.patch
new file mode 100644
index 0000000..0bad00f
--- /dev/null
+++ b/patches/qemu-for-aflplusplus-imported-headers.patch
@@ -0,0 +1,181 @@
+From 8879cf700ce4e5fed7c1ab7ba4543f234d5cd5d1 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Nguy=E1=BB=85n=20Gia=20Phong?= <cnx@loang.net>
+Date: Mon, 20 Oct 2025 20:04:20 +0900
+Subject: [PATCH] Update headers imported from AFL++
+
+---
+ qemuafl/imported/config.h | 36 ++++++++++++++++++++++----
+ qemuafl/imported/types.h  | 53 +++++++++++++++++++++++++++++++++++++--
+ 2 files changed, 82 insertions(+), 7 deletions(-)
+
+diff --git a/qemuafl/imported/config.h b/qemuafl/imported/config.h
+index 5ac0540d4efd3..0690b992b80e9 100644
+--- a/qemuafl/imported/config.h
++++ b/qemuafl/imported/config.h
+@@ -26,7 +26,7 @@
+ /* Version string: */
+ 
+ // c = release, a = volatile github dev, e = experimental branch
+-#define VERSION "++4.32a"
++#define VERSION "++4.35a"
+ 
+ /******************************************************
+  *                                                    *
+@@ -49,6 +49,9 @@
+    Default: 300 (seconds) */
+ #define STRATEGY_SWITCH_TIME 1000
+ 
++/* Default file permission umode when creating directories */
++#define DEFAULT_DIRS_PERMISSION 0700
++
+ /* Default file permission umode when creating files (default: 0600) */
+ #define DEFAULT_PERMISSION 0600
+ 
+@@ -171,7 +174,9 @@
+ #define EXEC_TM_ROUND 20U
+ 
+ /* 64bit arch MACRO */
+-#if (defined(__x86_64__) || defined(__arm64__) || defined(__aarch64__))
++#if (defined(__x86_64__) || defined(__arm64__) || defined(__aarch64__) ||    \
++     (defined(__riscv) && __riscv_xlen == 64) || defined(__powerpc64le__) || \
++     defined(__s390x__) || defined(__loongarch64))
+   #define WORD_SIZE_64 1
+ #endif
+ 
+@@ -200,8 +205,8 @@
+ 
+ /* Maximum number of unique hangs or crashes to record: */
+ 
+-#define KEEP_UNIQUE_HANG 500U
+-#define KEEP_UNIQUE_CRASH 10000U
++#define KEEP_UNIQUE_HANG 512U
++#define KEEP_UNIQUE_CRASH 25600U
+ 
+ /* Baseline number of random tweaks during a single 'havoc' stage: */
+ 
+@@ -337,6 +342,10 @@
+ 
+ #define AVG_SMOOTHING 16
+ 
++/* Max length of sync id (the id after -M and -S) */
++
++#define SYNC_ID_MAX_LEN 50
++
+ /* Sync interval (every n havoc cycles): */
+ 
+ #define SYNC_INTERVAL 8
+@@ -422,9 +431,15 @@
+ 
+ #define SHM_ENV_VAR "__AFL_SHM_ID"
+ 
+-/* Environment variable used to pass SHM FUZZ ID to the called program. */
++/* Environment variable used to pass shared memory fuzz map id
++and the mapping size to the called program. */
+ 
+ #define SHM_FUZZ_ENV_VAR "__AFL_SHM_FUZZ_ID"
++#define SHM_FUZZ_MAP_SIZE_ENV_VAR "__AFL_SHM_FUZZ_MAP_SIZE"
++
++/* Default size of the shared memory fuzz map.
++We add 4 byte for one u32 length field. */
++#define SHM_FUZZ_MAP_SIZE_DEFAULT (MAX_FILE + 4)
+ 
+ /* Other less interesting, internal-only variables. */
+ 
+@@ -488,6 +503,17 @@
+   #define MAP_INITIAL_SIZE MAP_SIZE
+ #endif
+ 
++/* IJON max tracking map configuration */
++
++/* Number of IJON slots (power-of-2 for efficient bitmasking) */
++#define MAP_SIZE_IJON_ENTRIES 512
++
++/* IJON map size for set/inc/xor */
++#define MAP_SIZE_IJON_MAP 65536
++
++/* IJON map footprint in bytes (64-bit values for legacy compatibility) */
++#define MAP_SIZE_IJON_BYTES (MAP_SIZE_IJON_ENTRIES * sizeof(u64))  // = 4096
++
+ /* Maximum allocator request size (keep well under INT_MAX): */
+ 
+ #define MAX_ALLOC 0x40000000
+diff --git a/qemuafl/imported/types.h b/qemuafl/imported/types.h
+index d370bcfba28ab..a9ad56c5252aa 100644
+--- a/qemuafl/imported/types.h
++++ b/qemuafl/imported/types.h
+@@ -64,6 +64,7 @@ typedef uint128_t         u128;
+ #define FS_OPT_AUTODICT 0x10000000
+ #define FS_OPT_SHDMEM_FUZZ 0x01000000
+ #define FS_OPT_NEWCMPLOG 0x02000000
++#define FS_OPT_IJON 0x04000000
+ #define FS_OPT_OLD_AFLPP_WORKAROUND 0x0f000000
+ // FS_OPT_MAX_MAPSIZE is 8388608 = 0x800000 = 2^23 = 1 << 23
+ #define FS_OPT_MAX_MAPSIZE ((0x00fffffeU >> 1) + 1)
+@@ -161,6 +162,54 @@ typedef int128_t s128;
+                                                \
+   })
+ 
++#define EXTRACT16(_s, _o)      \
++  ({                           \
++                               \
++    u8 *s = (u8 *)(_s) + (_o); \
++    u16 _ret = s[1];           \
++    _ret = (_ret << 8) | s[0]; \
++    _ret;                      \
++                               \
++  })
++
++#define EXTRACT32(_s, _o)      \
++  ({                           \
++                               \
++    u8 *s = (u8 *)(_s) + (_o); \
++    u32 _ret = s[3];           \
++    _ret = (_ret << 8) | s[2]; \
++    _ret = (_ret << 8) | s[1]; \
++    _ret = (_ret << 8) | s[0]; \
++    _ret;                      \
++                               \
++  })
++
++#define INSERT16(_d, _o, _x)   \
++  {                            \
++                               \
++    u8 *d = (u8 *)(_d) + (_o); \
++    u16 x = _x;                \
++    d[0] = x & 0xFF;           \
++    x >>= 8;                   \
++    d[1] = x & 0xFF;           \
++                               \
++  }
++
++#define INSERT32(_d, _o, _x)   \
++  {                            \
++                               \
++    u8 *d = (u8 *)(_d) + (_o); \
++    u32 x = _x;                \
++    d[0] = x & 0xFF;           \
++    x >>= 8;                   \
++    d[1] = x & 0xFF;           \
++    x >>= 8;                   \
++    d[2] = x & 0xFF;           \
++    x >>= 8;                   \
++    d[3] = x & 0xFF;           \
++                               \
++  }
++
+ #ifdef AFL_LLVM_PASS
+   #if defined(__linux__) || !defined(__ANDROID__)
+     #define AFL_SR(s) (srandom(s))
+@@ -172,10 +221,10 @@ typedef int128_t s128;
+ #else
+   #if defined(__linux__) || !defined(__ANDROID__)
+     #define SR(s) (srandom(s))
+-    #define R(x) (random() % (x))
++    #define AFL_R(x) (random() % (x))
+   #else
+     #define SR(s) ((void)s)
+-    #define R(x) (arc4random_uniform(x))
++    #define AFL_R(x) (arc4random_uniform(x))
+   #endif
+ #endif                                                    /* ^AFL_LLVM_PASS */
+