The current Unicorn Mode patches are such that the AFL forkserver is not kicked off until an instruction is emulated. This leads to problems when fuzzing Unicorn test harnesses, because if the mutated input is retrieved from disk before the forks occur then the same input is repeatedly used and no fuzzing is ever actually performed.

A cleaner implementation of this would probably be to either:

• Send the 'Start forkserver' whenever a UnicornEngine instance is created
  or
• Add an API to UnicornEngine (or a derived class) specifically to start the fork server

For now the workaround is to just run a single instruction, then load the mutated input, then emulate the rest of the code (as discussed in the blog post, readme, and example test harnesses).