add libafl_send_irq

2022-04-19 23:44:36 +02:00 · 2022-04-19 23:44:36 +02:00 · 8a379ba198
commit 8a379ba198
parent 6ffc2bbe4f
2 changed files with 29 additions and 0 deletions
--- a/hw/intc/armv7m_nvic.c
+++ b/hw/intc/armv7m_nvic.c
@ -2999,3 +2999,25 @@ static void armv7m_nvic_register_types(void)
 }

 type_init(armv7m_nvic_register_types)
+
+/* Begin LibAFL instrumentation */
+#include "qemu/main-loop.h"
+void libafl_send_irq(int irqn);
+void libafl_send_irq(int irqn) {
+    bool haslock = qemu_mutex_iothread_locked();
+    if (!haslock) {
+        qemu_mutex_lock_iothread();
+    }
+    CPUState *cpu;
+    CPU_FOREACH(cpu) {
+        CPUARMState* env = cpu->env_ptr;
+        NVICState* nvic = env->nvic;
+        // set_irq_level(nvic, irqn, 1);
+        // set_irq_level(nvic, irqn, 0);
+        armv7m_nvic_set_pending(nvic, irqn+16, false);
+    }
+    if (!haslock) {
+        qemu_mutex_unlock_iothread();
+    }
+}
+/* End LibAFL instrumentation */
--- a/softmmu/main.c
+++ b/softmmu/main.c
@ -118,6 +118,9 @@ int64_t libafl_get_clock( void )
 }

 #ifndef AS_SHARED_LIB
+#ifdef TARGET_ARM
+void libafl_send_irq(int irqn);
+#endif
 int main(int argc, char **argv, char **envp)
 {
    qemu_init(argc, argv, envp);
@ -135,6 +138,10 @@ int main(int argc, char **argv, char **envp)
    libafl_snapshot_save("Start");
    int counter = 3000;
    do {
+        libafl_qemu_main_loop();
+        #ifdef TARGET_ARM
+        libafl_send_irq(0);
+        #endif
        libafl_qemu_main_loop();
        libafl_snapshot_load("Start");
        // puts("Reload has occured");