From 9b9fbc367791f29c0f3a770f950aba96b5a603a0 Mon Sep 17 00:00:00 2001
From: Alwin Berger <alwin.berger@tu-dortmund.de>
Date: Tue, 3 Jan 2023 20:09:45 +0100
Subject: [PATCH] add interrupt injection

---
 fuzzers/FRET/src/fuzzer.rs | 7 +++++++
 libafl_qemu/src/emu.rs     | 2 ++
 2 files changed, 9 insertions(+)

diff --git a/fuzzers/FRET/src/fuzzer.rs b/fuzzers/FRET/src/fuzzer.rs
index 45b1b00929..17c984db56 100644
--- a/fuzzers/FRET/src/fuzzer.rs
+++ b/fuzzers/FRET/src/fuzzer.rs
@@ -54,6 +54,10 @@ fn virt2phys(vaddr: GuestAddr, tab: &EasyElf) -> GuestAddr {
     return vaddr;
 }
 
+extern "C" {
+    static mut libafl_int_offset : u32;
+}
+
 pub fn fuzz() {
     if let Ok(s) = env::var("FUZZ_SIZE") {
         str::parse::<usize>(&s).expect("FUZZ_SIZE was not a number");
@@ -126,6 +130,9 @@ pub fn fuzz() {
         )
         .expect("Symbol or env BREAKPOINT not found");
     println!("Breakpoint address = {:#x}", breakpoint);
+    unsafe {
+        libafl_int_offset = 422483;
+    }
 
     let mut run_client = |state: Option<_>, mut mgr, _core_id| {
         // Initialize QEMU
diff --git a/libafl_qemu/src/emu.rs b/libafl_qemu/src/emu.rs
index f0c5a91ec3..b62a5444e2 100644
--- a/libafl_qemu/src/emu.rs
+++ b/libafl_qemu/src/emu.rs
@@ -285,6 +285,7 @@ extern "C" {
     fn libafl_load_qemu_snapshot(name: *const u8, sync: bool);
 
     pub fn icount_get_raw() -> u64;
+    fn libafl_start_int_timer();
 }
 
 #[cfg(emulation_mode = "systemmode")]
@@ -881,6 +882,7 @@ impl Emulator {
         libafl_qemu_run();
         #[cfg(emulation_mode = "systemmode")]
         {
+            libafl_start_int_timer();
             vm_start();
             qemu_main_loop();
         }