diff --git a/accel/tcg/tcg-runtime.c b/accel/tcg/tcg-runtime.c index 6b4a09bded..daa357ef1c 100644 --- a/accel/tcg/tcg-runtime.c +++ b/accel/tcg/tcg-runtime.c @@ -171,10 +171,10 @@ void libafl_qemu_trigger_breakpoint(CPUState* cpu) } } -void HELPER(libafl_qemu_handle_breakpoint)(CPUArchState *env, target_ulong pc) +void HELPER(libafl_qemu_handle_breakpoint)(CPUArchState *env, uint64_t pc) { CPUState* cpu = env_cpu(env); - libafl_breakpoint_pc = pc; + libafl_breakpoint_pc = (target_ulong)pc; libafl_qemu_trigger_breakpoint(cpu); } diff --git a/accel/tcg/tcg-runtime.h b/accel/tcg/tcg-runtime.h index d35bab48de..5297f2b3ae 100644 --- a/accel/tcg/tcg-runtime.h +++ b/accel/tcg/tcg-runtime.h @@ -302,6 +302,6 @@ DEF_HELPER_FLAGS_5(gvec_bitsel, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, ptr, i32) //// --- Begin LibAFL code --- DEF_HELPER_FLAGS_2(libafl_qemu_handle_breakpoint, TCG_CALL_NO_RWG, - void, env, tl) + void, env, i64) //// --- End LibAFL code --- diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c index 2d25445fb0..ed9e7cb195 100644 --- a/accel/tcg/translate-all.c +++ b/accel/tcg/translate-all.c @@ -73,32 +73,14 @@ #include "tcg/tcg-temp-internal.h" -// reintroduce this in QEMU -static TCGv_i64 tcg_const_i64(int64_t val) -{ - TCGv_i64 t0; - t0 = tcg_temp_new_i64(); - tcg_gen_movi_i64(t0, val); - return t0; -} - -#if TARGET_LONG_BITS == 32 -static TCGv_i32 tcg_const_i32(int32_t val) -{ - TCGv_i32 t0; - t0 = tcg_temp_new_i32(); - tcg_gen_movi_i32(t0, val); - return t0; -} - -#define tcg_const_tl tcg_const_i32 -#else -#define tcg_const_tl tcg_const_i64 +#ifndef TARGET_LONG_BITS +#error "TARGET_LONG_BITS not defined" #endif +void tcg_gen_callN(TCGHelperInfo *info, TCGTemp *ret, TCGTemp **args); + target_ulong libafl_gen_cur_pc; -void libafl_helper_table_add(TCGHelperInfo* info); TranslationBlock *libafl_gen_edge(CPUState *cpu, target_ulong src_block, target_ulong dst_block, int exit_n, target_ulong cs_base, uint32_t flags, @@ -147,7 +129,6 @@ void libafl_add_edge_hook(uint64_t (*gen)(target_ulong src, target_ulong dst, ui if (exec) { memcpy(&hook->helper_info, &libafl_exec_edge_hook_info, sizeof(TCGHelperInfo)); hook->helper_info.func = exec; - libafl_helper_table_add(&hook->helper_info); } } @@ -191,7 +172,6 @@ void libafl_add_block_hook(uint64_t (*gen)(target_ulong pc, uint64_t data), if (exec) { memcpy(&hook->helper_info, &libafl_exec_block_hook_info, sizeof(TCGHelperInfo)); hook->helper_info.func = exec; - libafl_helper_table_add(&hook->helper_info); } } @@ -300,27 +280,22 @@ void libafl_add_read_hook(uint64_t (*gen)(target_ulong pc, MemOpIdx oi, uint64_t if (exec1) { memcpy(&hook->helper_info1, &libafl_exec_read_hook1_info, sizeof(TCGHelperInfo)); hook->helper_info1.func = exec1; - libafl_helper_table_add(&hook->helper_info1); } if (exec2) { memcpy(&hook->helper_info2, &libafl_exec_read_hook2_info, sizeof(TCGHelperInfo)); hook->helper_info2.func = exec2; - libafl_helper_table_add(&hook->helper_info2); } if (exec4) { memcpy(&hook->helper_info4, &libafl_exec_read_hook4_info, sizeof(TCGHelperInfo)); hook->helper_info4.func = exec4; - libafl_helper_table_add(&hook->helper_info4); } if (exec8) { memcpy(&hook->helper_info8, &libafl_exec_read_hook8_info, sizeof(TCGHelperInfo)); hook->helper_info8.func = exec8; - libafl_helper_table_add(&hook->helper_info8); } if (execN) { memcpy(&hook->helper_infoN, &libafl_exec_read_hookN_info, sizeof(TCGHelperInfo)); hook->helper_infoN.func = execN; - libafl_helper_table_add(&hook->helper_infoN); } } @@ -333,25 +308,25 @@ void libafl_gen_read(TCGTemp *addr, MemOpIdx oi) uint64_t cur_id = 0; if (hook->gen) cur_id = hook->gen(libafl_gen_cur_pc, oi, hook->data); - void* func = NULL; - if (size == 1) func = hook->exec1; - else if (size == 2) func = hook->exec2; - else if (size == 4) func = hook->exec4; - else if (size == 8) func = hook->exec8; + TCGHelperInfo* info = NULL; + if (size == 1 && hook->exec1) info = &hook->helper_info1; + else if (size == 2 && hook->exec2) info = &hook->helper_info2; + else if (size == 4 && hook->exec4) info = &hook->helper_info4; + else if (size == 8 && hook->exec8) info = &hook->helper_info8; if (cur_id != (uint64_t)-1) { - if (func) { - TCGv_i64 tmp0 = tcg_const_i64(cur_id); - TCGv_i64 tmp1 = tcg_const_i64(hook->data); + if (info) { + TCGv_i64 tmp0 = tcg_constant_i64(cur_id); + TCGv_i64 tmp1 = tcg_constant_i64(hook->data); TCGTemp *tmp2[3] = { tcgv_i64_temp(tmp0), addr, tcgv_i64_temp(tmp1) }; - tcg_gen_callN(func, NULL, 3, tmp2); + tcg_gen_callN(info, NULL, tmp2); tcg_temp_free_i64(tmp0); tcg_temp_free_i64(tmp1); } else if (hook->execN) { - TCGv_i64 tmp0 = tcg_const_i64(cur_id); - TCGv tmp1 = tcg_const_tl(size); - TCGv_i64 tmp2 = tcg_const_i64(hook->data); + TCGv_i64 tmp0 = tcg_constant_i64(cur_id); + TCGv tmp1 = tcg_constant_tl(size); + TCGv_i64 tmp2 = tcg_constant_i64(hook->data); TCGTemp *tmp3[4] = { tcgv_i64_temp(tmp0), addr, #if TARGET_LONG_BITS == 32 @@ -360,7 +335,7 @@ void libafl_gen_read(TCGTemp *addr, MemOpIdx oi) tcgv_i64_temp(tmp1), #endif tcgv_i64_temp(tmp2) }; - tcg_gen_callN(hook->execN, NULL, 4, tmp3); + tcg_gen_callN(&hook->helper_infoN, NULL, tmp3); tcg_temp_free_i64(tmp0); #if TARGET_LONG_BITS == 32 tcg_temp_free_i32(tmp1); @@ -410,27 +385,22 @@ void libafl_add_write_hook(uint64_t (*gen)(target_ulong pc, MemOpIdx oi, uint64_ if (exec1) { memcpy(&hook->helper_info1, &libafl_exec_write_hook1_info, sizeof(TCGHelperInfo)); hook->helper_info1.func = exec1; - libafl_helper_table_add(&hook->helper_info1); } if (exec2) { memcpy(&hook->helper_info2, &libafl_exec_write_hook2_info, sizeof(TCGHelperInfo)); hook->helper_info2.func = exec2; - libafl_helper_table_add(&hook->helper_info2); } if (exec4) { memcpy(&hook->helper_info4, &libafl_exec_write_hook4_info, sizeof(TCGHelperInfo)); hook->helper_info4.func = exec4; - libafl_helper_table_add(&hook->helper_info4); } if (exec8) { memcpy(&hook->helper_info8, &libafl_exec_write_hook8_info, sizeof(TCGHelperInfo)); hook->helper_info8.func = exec8; - libafl_helper_table_add(&hook->helper_info8); } if (execN) { memcpy(&hook->helper_infoN, &libafl_exec_write_hookN_info, sizeof(TCGHelperInfo)); hook->helper_infoN.func = execN; - libafl_helper_table_add(&hook->helper_infoN); } } @@ -443,25 +413,25 @@ void libafl_gen_write(TCGTemp *addr, MemOpIdx oi) uint64_t cur_id = 0; if (hook->gen) cur_id = hook->gen(libafl_gen_cur_pc, oi, hook->data); - void* func = NULL; - if (size == 1) func = hook->exec1; - else if (size == 2) func = hook->exec2; - else if (size == 4) func = hook->exec4; - else if (size == 8) func = hook->exec8; + TCGHelperInfo* info = NULL; + if (size == 1 && hook->exec1) info = &hook->helper_info1; + else if (size == 2 && hook->exec2) info = &hook->helper_info2; + else if (size == 4 && hook->exec4) info = &hook->helper_info4; + else if (size == 8 && hook->exec8) info = &hook->helper_info8; if (cur_id != (uint64_t)-1) { - if (func) { - TCGv_i64 tmp0 = tcg_const_i64(cur_id); - TCGv_i64 tmp1 = tcg_const_i64(hook->data); + if (info) { + TCGv_i64 tmp0 = tcg_constant_i64(cur_id); + TCGv_i64 tmp1 = tcg_constant_i64(hook->data); TCGTemp *tmp2[3] = { tcgv_i64_temp(tmp0), addr, tcgv_i64_temp(tmp1) }; - tcg_gen_callN(func, NULL, 3, tmp2); + tcg_gen_callN(info, NULL, tmp2); tcg_temp_free_i64(tmp0); tcg_temp_free_i64(tmp1); } else if (hook->execN) { - TCGv_i64 tmp0 = tcg_const_i64(cur_id); - TCGv tmp1 = tcg_const_tl(size); - TCGv_i64 tmp2 = tcg_const_i64(hook->data); + TCGv_i64 tmp0 = tcg_constant_i64(cur_id); + TCGv tmp1 = tcg_constant_tl(size); + TCGv_i64 tmp2 = tcg_constant_i64(hook->data); TCGTemp *tmp3[4] = { tcgv_i64_temp(tmp0), addr, #if TARGET_LONG_BITS == 32 @@ -470,7 +440,7 @@ void libafl_gen_write(TCGTemp *addr, MemOpIdx oi) tcgv_i64_temp(tmp1), #endif tcgv_i64_temp(tmp2) }; - tcg_gen_callN(hook->execN, NULL, 4, tmp3); + tcg_gen_callN(&hook->helper_infoN, NULL, tmp3); tcg_temp_free_i64(tmp0); #if TARGET_LONG_BITS == 32 tcg_temp_free_i32(tmp1); @@ -556,22 +526,18 @@ void libafl_add_cmp_hook(uint64_t (*gen)(target_ulong pc, size_t size, uint64_t if (exec1) { memcpy(&hook->helper_info1, &libafl_exec_cmp_hook1_info, sizeof(TCGHelperInfo)); hook->helper_info1.func = exec1; - libafl_helper_table_add(&hook->helper_info1); } if (exec2) { memcpy(&hook->helper_info2, &libafl_exec_cmp_hook2_info, sizeof(TCGHelperInfo)); hook->helper_info2.func = exec2; - libafl_helper_table_add(&hook->helper_info2); } if (exec4) { memcpy(&hook->helper_info4, &libafl_exec_cmp_hook4_info, sizeof(TCGHelperInfo)); hook->helper_info4.func = exec4; - libafl_helper_table_add(&hook->helper_info4); } if (exec8) { memcpy(&hook->helper_info8, &libafl_exec_cmp_hook8_info, sizeof(TCGHelperInfo)); hook->helper_info8.func = exec8; - libafl_helper_table_add(&hook->helper_info8); } } @@ -601,14 +567,14 @@ void libafl_gen_cmp(target_ulong pc, TCGv op0, TCGv op1, MemOp ot) uint64_t cur_id = 0; if (hook->gen) cur_id = hook->gen(pc, size, hook->data); - void* func = NULL; - if (size == 1) func = hook->exec1; - else if (size == 2) func = hook->exec2; - else if (size == 4) func = hook->exec4; - else if (size == 8) func = hook->exec8; - if (cur_id != (uint64_t)-1 && func) { - TCGv_i64 tmp0 = tcg_const_i64(cur_id); - TCGv_i64 tmp1 = tcg_const_i64(hook->data); + TCGHelperInfo* info = NULL; + if (size == 1 && hook->exec1) info = &hook->helper_info1; + else if (size == 2 && hook->exec2) info = &hook->helper_info2; + else if (size == 4 && hook->exec4) info = &hook->helper_info4; + else if (size == 8 && hook->exec8) info = &hook->helper_info8; + if (cur_id != (uint64_t)-1 && info) { + TCGv_i64 tmp0 = tcg_constant_i64(cur_id); + TCGv_i64 tmp1 = tcg_constant_i64(hook->data); TCGTemp *tmp2[4] = { tcgv_i64_temp(tmp0), #if TARGET_LONG_BITS == 32 tcgv_i32_temp(op0), tcgv_i32_temp(op1), @@ -616,7 +582,7 @@ void libafl_gen_cmp(target_ulong pc, TCGv op0, TCGv op1, MemOp ot) tcgv_i64_temp(op0), tcgv_i64_temp(op1), #endif tcgv_i64_temp(tmp1) }; - tcg_gen_callN(func, NULL, 4, tmp2); + tcg_gen_callN(info, NULL, tmp2); tcg_temp_free_i64(tmp0); tcg_temp_free_i64(tmp1); } @@ -652,7 +618,6 @@ void libafl_add_backdoor_hook(void (*exec)(target_ulong id, uint64_t data), memcpy(&hook->helper_info, &libafl_exec_backdoor_hook_info, sizeof(TCGHelperInfo)); hook->helper_info.func = exec; - libafl_helper_table_add(&hook->helper_info); } //// --- End LibAFL code --- @@ -886,10 +851,10 @@ static int setjmp_gen_code(CPUArchState *env, TranslationBlock *tb, if (hook->gen) cur_id = hook->gen(pc, hook->data); if (cur_id != (uint64_t)-1 && hook->exec) { - TCGv_i64 tmp0 = tcg_const_i64(cur_id); - TCGv_i64 tmp1 = tcg_const_i64(hook->data); + TCGv_i64 tmp0 = tcg_constant_i64(cur_id); + TCGv_i64 tmp1 = tcg_constant_i64(hook->data); TCGTemp *tmp2[2] = { tcgv_i64_temp(tmp0), tcgv_i64_temp(tmp1) }; - tcg_gen_callN(hook->exec, NULL, 2, tmp2); + tcg_gen_callN(&hook->helper_info, NULL, tmp2); tcg_temp_free_i64(tmp0); tcg_temp_free_i64(tmp1); } @@ -1023,10 +988,10 @@ TranslationBlock *libafl_gen_edge(CPUState *cpu, target_ulong src_block, while (hook) { if (hook->cur_id != (uint64_t)-1 && hook->exec) { hcount++; - TCGv_i64 tmp0 = tcg_const_i64(hook->cur_id); - TCGv_i64 tmp1 = tcg_const_i64(hook->data); + TCGv_i64 tmp0 = tcg_constant_i64(hook->cur_id); + TCGv_i64 tmp1 = tcg_constant_i64(hook->data); TCGTemp *tmp2[2] = { tcgv_i64_temp(tmp0), tcgv_i64_temp(tmp1) }; - tcg_gen_callN(hook->exec, NULL, 2, tmp2); + tcg_gen_callN(&hook->helper_info, NULL, tmp2); tcg_temp_free_i64(tmp0); tcg_temp_free_i64(tmp1); } diff --git a/accel/tcg/translator.c b/accel/tcg/translator.c index b3cd5b9ef1..1eade6259a 100644 --- a/accel/tcg/translator.c +++ b/accel/tcg/translator.c @@ -122,29 +122,12 @@ static void gen_tb_end(const TranslationBlock *tb, uint32_t cflags, #include "tcg/tcg-internal.h" #include "tcg/tcg-temp-internal.h" -// reintroduce this in QEMU -static TCGv_i64 tcg_const_i64(int64_t val) -{ - TCGv_i64 t0; - t0 = tcg_temp_new_i64(); - tcg_gen_movi_i64(t0, val); - return t0; -} - -#if TARGET_LONG_BITS == 32 -static TCGv_i32 tcg_const_i32(int32_t val) -{ - TCGv_i32 t0; - t0 = tcg_temp_new_i32(); - tcg_gen_movi_i32(t0, val); - return t0; -} - -#define tcg_const_tl tcg_const_i32 -#else -#define tcg_const_tl tcg_const_i64 +#ifndef TARGET_LONG_BITS +#error "TARGET_LONG_BITS not defined" #endif +void tcg_gen_callN(TCGHelperInfo *info, TCGTemp *ret, TCGTemp **args); + extern target_ulong libafl_gen_cur_pc; struct libafl_breakpoint { @@ -234,14 +217,16 @@ void translator_loop(CPUState *cpu, TranslationBlock *tb, int *max_insns, struct libafl_hook* hk = libafl_search_hook(db->pc_next); if (hk) { - TCGv tmp0 = tcg_const_tl(db->pc_next); - TCGv_i64 tmp1 = tcg_const_i64(hk->data); + TCGv_i64 tmp1 = tcg_constant_i64(hk->data); #if TARGET_LONG_BITS == 32 + TCGv_i32 tmp0 = tcg_constant_i32(db->pc_next); TCGTemp *tmp2[2] = { tcgv_i32_temp(tmp0), tcgv_i64_temp(tmp1) }; #else + TCGv_i64 tmp0 = tcg_constant_i64(db->pc_next); TCGTemp *tmp2[2] = { tcgv_i64_temp(tmp0), tcgv_i64_temp(tmp1) }; #endif - tcg_gen_callN(hk->callback, NULL, 2, tmp2); + // tcg_gen_callN(hk->callback, NULL, 2, tmp2); + tcg_gen_callN(&hk->helper_info, NULL, tmp2); #if TARGET_LONG_BITS == 32 tcg_temp_free_i32(tmp0); #else @@ -253,13 +238,9 @@ void translator_loop(CPUState *cpu, TranslationBlock *tb, int *max_insns, struct libafl_breakpoint* bp = libafl_qemu_breakpoints; while (bp) { if (bp->addr == db->pc_next) { - TCGv tmp0 = tcg_const_tl(db->pc_next); + TCGv_i64 tmp0 = tcg_constant_i64((uint64_t)db->pc_next); gen_helper_libafl_qemu_handle_breakpoint(cpu_env, tmp0); -#if TARGET_LONG_BITS == 32 - tcg_temp_free_i32(tmp0); -#else tcg_temp_free_i64(tmp0); -#endif } bp = bp->next; } @@ -277,14 +258,16 @@ void translator_loop(CPUState *cpu, TranslationBlock *tb, int *max_insns, if (backdoor == 0x44) { struct libafl_backdoor_hook* hk = libafl_backdoor_hooks; while (hk) { - TCGv tmp0 = tcg_const_tl(db->pc_next); - TCGv_i64 tmp1 = tcg_const_i64(hk->data); + TCGv_i64 tmp1 = tcg_constant_i64(hk->data); #if TARGET_LONG_BITS == 32 + TCGv_i32 tmp0 = tcg_constant_i32(db->pc_next); TCGTemp *tmp2[2] = { tcgv_i32_temp(tmp0), tcgv_i64_temp(tmp1) }; #else + TCGv_i64 tmp0 = tcg_constant_i64(db->pc_next); TCGTemp *tmp2[2] = { tcgv_i64_temp(tmp0), tcgv_i64_temp(tmp1) }; #endif - tcg_gen_callN(hk->exec, NULL, 2, tmp2); + // tcg_gen_callN(hk->exec, NULL, 2, tmp2); + tcg_gen_callN(&hk->helper_info, NULL, tmp2); #if TARGET_LONG_BITS == 32 tcg_temp_free_i32(tmp0); #else diff --git a/cpu.c b/cpu.c index 348c23b3f6..f281c1ad85 100644 --- a/cpu.c +++ b/cpu.c @@ -74,8 +74,6 @@ size_t libafl_qemu_hooks_num = 0; __thread int libafl_valid_current_cpu = 0; -void libafl_helper_table_add(TCGHelperInfo* info); - static __thread GByteArray *libafl_qemu_mem_buf = NULL; target_ulong libafl_page_from_addr(target_ulong addr); @@ -252,7 +250,6 @@ size_t libafl_qemu_set_hook(target_ulong pc, void (*callback)(target_ulong, uint hk->num = libafl_qemu_hooks_num++; hk->next = libafl_qemu_hooks[idx]; libafl_qemu_hooks[idx] = hk; - libafl_helper_table_add(&hk->helper_info); return hk->num; } diff --git a/tcg/tcg.c b/tcg/tcg.c index 30f06e5db8..7d3aefbc17 100644 --- a/tcg/tcg.c +++ b/tcg/tcg.c @@ -1273,17 +1273,6 @@ static void process_op_defs(TCGContext *s); static TCGTemp *tcg_global_reg_new_internal(TCGContext *s, TCGType type, TCGReg reg, const char *name); -//// --- Begin LibAFL code --- - -void libafl_helper_table_add(TCGHelperInfo* info); -void libafl_helper_table_add(TCGHelperInfo* info) { - init_call_layout(info); - g_hash_table_insert(helper_table, (gpointer)info->func, - (gpointer)info); -} - -//// --- End LibAFL code --- - static void tcg_context_init(unsigned max_cpus) { TCGContext *s = &tcg_init_ctx; @@ -2134,7 +2123,13 @@ bool tcg_op_supported(TCGOpcode op) static TCGOp *tcg_op_alloc(TCGOpcode opc, unsigned nargs); -static void tcg_gen_callN(TCGHelperInfo *info, TCGTemp *ret, TCGTemp **args) +//// --- Begin LibAFL code --- + +void tcg_gen_callN(TCGHelperInfo *info, TCGTemp *ret, TCGTemp **args); + +//// --- End LibAFL code --- + +/* static */ void tcg_gen_callN(TCGHelperInfo *info, TCGTemp *ret, TCGTemp **args) { TCGv_i64 extend_free[MAX_CALL_IARGS]; int n_extend = 0;