Hexagon support (#1323)

* Hexagon support * Fix format * Fix needless bool * Address comments --------- Co-authored-by: Andrea Fioraldi <andreafioraldi@gmail.com>
2023-07-04 11:08:36 +02:00 · 2023-07-04 11:08:36 +02:00 · 829b5049e6
commit 829b5049e6
parent 07f4c42ecf
8 changed files with 104 additions and 12 deletions
--- a/libafl_qemu/Cargo.toml
+++ b/libafl_qemu/Cargo.toml
@ -12,9 +12,10 @@ edition = "2021"
 categories = ["development-tools::testing", "emulators", "embedded", "os", "no-std"]

 [features]
-default = ["fork"]
+default = ["fork", "build_libqasan"]
 python = ["pyo3", "pyo3-build-config"]
 fork = ["libafl/fork"]
+build_libqasan = []

 # The following architecture features are mutually exclusive.
 x86_64 = ["libafl_qemu_sys/x86_64"] # build qemu for x86_64 (default)
@ -23,6 +24,7 @@ arm = ["libafl_qemu_sys/arm"] # build qemu for arm
 aarch64 = ["libafl_qemu_sys/aarch64"] # build qemu for aarch64
 mips = ["libafl_qemu_sys/mips"] # build qemu for mips (el, use with the 'be' feature of mips be)
 ppc = ["libafl_qemu_sys/ppc"] # build qemu for powerpc
+hexagon = ["libafl_qemu_sys/hexagon"] # build qemu for hexagon

 be = ["libafl_qemu_sys/be"]

--- a/libafl_qemu/build_linux.rs
+++ b/libafl_qemu/build_linux.rs
@ -12,6 +12,9 @@ pub fn build() {
            "usermode".to_string()
        })
    };
+
+    let build_libqasan = cfg!(all(feature = "build_libqasan", not(feature = "hexagon")));
+
    println!("cargo:rustc-cfg=emulation_mode=\"{emulation_mode}\"");
    println!("cargo:rerun-if-env-changed=EMULATION_MODE");

@ -30,6 +33,8 @@ pub fn build() {
        "mips".to_string()
    } else if cfg!(feature = "ppc") {
        "ppc".to_string()
+    } else if cfg!(feature = "hexagon") {
+        "hexagon".to_string()
    } else {
        env::var("CPU_TARGET").unwrap_or_else(|_| {
            "x86_64".to_string()
@ -38,7 +43,7 @@ pub fn build() {
    println!("cargo:rerun-if-env-changed=CPU_TARGET");
    println!("cargo:rustc-cfg=cpu_target=\"{cpu_target}\"");

-    let cross_cc = if emulation_mode == "usermode" {
+    let cross_cc = if (emulation_mode == "usermode") && build_libqasan {
        // TODO try to autodetect a cross compiler with the arch name (e.g. aarch64-linux-gnu-gcc)
        let cross_cc = env::var("CROSS_CC").unwrap_or_else(|_| {
            println!("cargo:warning=CROSS_CC is not set, default to cc (things can go wrong if the selected cpu target ({cpu_target}) is not the host arch ({}))", env::consts::ARCH);
@ -62,7 +67,7 @@ pub fn build() {
    target_dir.pop();
    target_dir.pop();

-    if emulation_mode == "usermode" {
+    if (emulation_mode == "usermode") && build_libqasan {
        let qasan_dir = Path::new("libqasan");
        let qasan_dir = fs::canonicalize(qasan_dir).unwrap();

--- a/libafl_qemu/libafl_qemu_build/src/build.rs
+++ b/libafl_qemu/libafl_qemu_build/src/build.rs
@ -8,7 +8,7 @@ use which::which;

 const QEMU_URL: &str = "https://github.com/AFLplusplus/qemu-libafl-bridge";
 const QEMU_DIRNAME: &str = "qemu-libafl-bridge";
-const QEMU_REVISION: &str = "9302a3a8174a45a14c77be316126f2673248be51";
+const QEMU_REVISION: &str = "98efc72c4ca20b60c80dd16e2c88af114b8b2ae7";

 fn build_dep_check(tools: &[&str]) {
    for tool in tools {
--- a/libafl_qemu/libafl_qemu_sys/Cargo.toml
+++ b/libafl_qemu/libafl_qemu_sys/Cargo.toml
@ -19,6 +19,7 @@ arm = [] # build qemu for arm
 aarch64 = [] # build qemu for aarch64
 mips = [] # build qemu for mips (el, use with the 'be' feature of mips be)
 ppc = [] # build qemu for powerpc
+hexagon = [] # build qemu for hexagon

 be = []

--- a/libafl_qemu/libafl_qemu_sys/build_linux.rs
+++ b/libafl_qemu/libafl_qemu_sys/build_linux.rs
@ -38,12 +38,12 @@ pub fn build() {

    // Make sure we have at most one architecutre feature set
    // Else, we default to `x86_64` - having a default makes CI easier :)
-    assert_unique_feature!("arm", "aarch64", "i386", "i86_64", "mips", "ppc");
+    assert_unique_feature!("arm", "aarch64", "i386", "i86_64", "mips", "ppc", "hexagon");

    // Make sure that we don't have BE set for any architecture other than arm and mips
    // Sure aarch64 may support BE, but its not in common usage and we don't
    // need it yet and so haven't tested it
-    assert_unique_feature!("be", "aarch64", "i386", "i86_64");
+    assert_unique_feature!("be", "aarch64", "i386", "i86_64", "hexagon");

    let cpu_target = if cfg!(feature = "x86_64") {
        "x86_64".to_string()
@ -57,6 +57,8 @@ pub fn build() {
        "mips".to_string()
    } else if cfg!(feature = "ppc") {
        "ppc".to_string()
+    } else if cfg!(feature = "hexagon") {
+        "hexagon".to_string()
    } else {
        env::var("CPU_TARGET").unwrap_or_else(|_| {
            println!(
--- a/libafl_qemu/src/calls.rs
+++ b/libafl_qemu/src/calls.rs
@ -281,6 +281,13 @@ where
            ret_addr
        };

+        #[cfg(cpu_target = "hexagon")]
+        let ret_addr = {
+            let emu = hooks.emulator();
+            let ret_addr: GuestAddr = emu.read_reg(Regs::Lr).unwrap();
+            ret_addr
+        };
+
        // log::info!("RET @ 0x{:#x}", ret_addr);

        let mut collectors = if let Some(h) = hooks.helpers_mut().match_first_type_mut::<Self>() {
--- a/libafl_qemu/src/hexagon.rs
+++ b/libafl_qemu/src/hexagon.rs
@ -0,0 +1,68 @@
+use num_enum::{IntoPrimitive, TryFromPrimitive};
+#[cfg(feature = "python")]
+use pyo3::prelude::*;
+pub use strum_macros::EnumIter;
+
+#[derive(IntoPrimitive, TryFromPrimitive, Debug, Clone, Copy, EnumIter)]
+#[repr(i32)]
+pub enum Regs {
+    R0 = 0,
+    R1 = 1,
+    R2 = 2,
+    R3 = 3,
+    R4 = 4,
+    R5 = 5,
+    R6 = 6,
+    R7 = 7,
+    R8 = 8,
+    R9 = 9,
+    R10 = 10,
+    R11 = 11,
+    R12 = 12,
+    R13 = 13,
+    R14 = 14,
+    R15 = 15,
+    R16 = 16,
+    R17 = 17,
+    R18 = 18,
+    R19 = 19,
+    R20 = 20,
+    R21 = 21,
+    R22 = 22,
+    R23 = 23,
+    R24 = 24,
+    R25 = 25,
+    R26 = 26,
+    R27 = 27,
+    R28 = 28,
+    R29 = 29,
+    R30 = 30,
+    R31 = 31,
+    Sa0 = 32,
+    Lc0 = 33,
+    Sa1 = 34,
+    Lc1 = 35,
+    P3_0 = 36,
+    M0 = 38,
+    M1 = 39,
+    Usr = 40,
+    Pc = 41,
+    Ugp = 42,
+    Gp = 43,
+    Cs0 = 44,
+    Cs1 = 45,
+    UpcycleLo = 46,
+    UpcycleHi = 47,
+    Framelimit = 48,
+    Framekey = 49,
+    Pktcntlo = 50,
+    Pktcnthi = 51,
+}
+
+/// alias registers
+#[allow(non_upper_case_globals)]
+impl Regs {
+    pub const Sp: Regs = Regs::R29;
+    pub const Fp: Regs = Regs::R30;
+    pub const Lr: Regs = Regs::R31;
+}
--- a/libafl_qemu/src/lib.rs
+++ b/libafl_qemu/src/lib.rs
@ -55,6 +55,11 @@ pub mod ppc;
 #[cfg(cpu_target = "ppc")]
 pub use ppc::*;

+#[cfg(cpu_target = "hexagon")]
+pub mod hexagon;
+#[cfg(cpu_target = "hexagon")]
+pub use hexagon::*;
+
 pub mod elf;

 pub mod helper;
@ -65,22 +70,24 @@ pub use hooks::*;
 pub mod edges;
 pub use edges::QemuEdgeCoverageHelper;

-#[cfg(not(cpu_target = "mips"))]
+#[cfg(not(any(cpu_target = "mips", cpu_target = "hexagon")))]
 pub mod cmplog;
-#[cfg(not(cpu_target = "mips"))]
+#[cfg(not(any(cpu_target = "mips", cpu_target = "hexagon")))]
 pub use cmplog::QemuCmpLogHelper;

-#[cfg(emulation_mode = "usermode")]
+#[cfg(all(emulation_mode = "usermode", not(cpu_target = "hexagon")))]
 pub mod snapshot;
-#[cfg(emulation_mode = "usermode")]
+#[cfg(all(emulation_mode = "usermode", not(cpu_target = "hexagon")))]
 pub use snapshot::QemuSnapshotHelper;

-#[cfg(emulation_mode = "usermode")]
+#[cfg(all(emulation_mode = "usermode", not(cpu_target = "hexagon")))]
 pub mod asan;
-#[cfg(emulation_mode = "usermode")]
+#[cfg(all(emulation_mode = "usermode", not(cpu_target = "hexagon")))]
 pub use asan::{init_with_asan, QemuAsanHelper};

+#[cfg(not(cpu_target = "hexagon"))]
 pub mod calls;
+#[cfg(not(cpu_target = "hexagon"))]
 pub mod drcov;

 pub mod executor;