From 7d249dd306593c92c9c7cce3037a17d5e15ff93f Mon Sep 17 00:00:00 2001
From: Andrea Fioraldi <andreafioraldi@gmail.com>
Date: Tue, 24 Aug 2021 16:03:33 +0200
Subject: [PATCH] Update libafl-qemu-bridge commit && libafl_qemu

---
 fuzzers/fuzzbench_qemu/Makefile |  2 +-
 libafl_qemu/src/hooks.rs        | 43 ++++++++++++++++++++++++++++++++-
 2 files changed, 43 insertions(+), 2 deletions(-)

diff --git a/fuzzers/fuzzbench_qemu/Makefile b/fuzzers/fuzzbench_qemu/Makefile
index 7b63a820ce..66f5649e71 100644
--- a/fuzzers/fuzzbench_qemu/Makefile
+++ b/fuzzers/fuzzbench_qemu/Makefile
@@ -33,7 +33,7 @@ target/$(BUILD_TARGET)/lib$(FUZZER_NAME).a: src/*
 
 qemu-libafl-bridge:
 	git clone git@github.com:AFLplusplus/qemu-libafl-bridge.git
-	cd qemu-libafl-bridge && git checkout ae096f10cec9a0ac489cb6e6c9892bcbfaea159d
+	cd qemu-libafl-bridge && git checkout eff38adb3b1b58c4be959c3771b6c3cbdee2b222
 
 build/config.status: qemu-libafl-bridge qemu-libafl-bridge/configure
 	mkdir -p build
diff --git a/libafl_qemu/src/hooks.rs b/libafl_qemu/src/hooks.rs
index 2880ef1a63..91513a0040 100644
--- a/libafl_qemu/src/hooks.rs
+++ b/libafl_qemu/src/hooks.rs
@@ -1,4 +1,4 @@
-use core::cmp::max;
+use core::{cell::UnsafeCell, cmp::max};
 use hashbrown::HashMap;
 use serde::{Deserialize, Serialize};
 
@@ -44,6 +44,15 @@ impl QemuCmpsMapMetadata {
 
 libafl::impl_serdeany!(QemuCmpsMapMetadata);
 
+thread_local!(static PREV_LOC : UnsafeCell<u64> = UnsafeCell::new(0));
+
+fn hash_me(mut x: u64) -> u64 {
+    x = (x.overflowing_shr(16).0 ^ x).overflowing_mul(0x45d9f3b).0;
+    x = (x.overflowing_shr(16).0 ^ x).overflowing_mul(0x45d9f3b).0;
+    x = (x.overflowing_shr(16).0 ^ x) ^ x;
+    x
+}
+
 pub fn gen_unique_edge_ids<S>(state: &mut S, src: u64, dest: u64) -> Option<u64>
 where
     S: HasMetadata,
@@ -67,6 +76,10 @@ where
     }
 }
 
+pub fn gen_hashed_edge_ids<S>(_state: &mut S, src: u64, dest: u64) -> Option<u64> {
+    Some(hash_me(src) ^ hash_me(dest))
+}
+
 pub extern "C" fn trace_edge_hitcount(id: u64) {
     unsafe {
         EDGES_MAP[id as usize] += 1;
@@ -79,6 +92,34 @@ pub extern "C" fn trace_edge_single(id: u64) {
     }
 }
 
+pub fn gen_addr_block_ids<S>(_state: &mut S, pc: u64) -> Option<u64> {
+    Some(pc)
+}
+
+pub fn gen_hashed_block_ids<S>(_state: &mut S, pc: u64) -> Option<u64> {
+    Some(hash_me(pc))
+}
+
+pub extern "C" fn trace_block_transition_hitcount(id: u64) {
+    unsafe {
+        PREV_LOC.with(|prev_loc| {
+            let x = ((*prev_loc.get() ^ id) as usize) & (EDGES_MAP_SIZE - 1);
+            EDGES_MAP[x] += 1;
+            *prev_loc.get() = id.overflowing_shr(1).0;
+        });
+    }
+}
+
+pub extern "C" fn trace_block_transition_single(id: u64) {
+    unsafe {
+        PREV_LOC.with(|prev_loc| {
+            let x = ((*prev_loc.get() ^ id) as usize) & (EDGES_MAP_SIZE - 1);
+            EDGES_MAP[x] = 1;
+            *prev_loc.get() = id.overflowing_shr(1).0;
+        });
+    }
+}
+
 pub fn gen_unique_cmp_ids<S>(state: &mut S, pc: u64, _size: usize) -> Option<u64>
 where
     S: HasMetadata,