add libafl_send_irq

hw/intc/armv7m_nvic.c

@@ -2999,3 +2999,25 @@ static void armv7m_nvic_register_types(void)
 }
 
 type_init(armv7m_nvic_register_types)
+
+/* Begin LibAFL instrumentation */
+#include "qemu/main-loop.h"
+void libafl_send_irq(int irqn);
+void libafl_send_irq(int irqn) {
+    bool haslock = qemu_mutex_iothread_locked();
+    if (!haslock) {
+        qemu_mutex_lock_iothread();
+    }
+    CPUState *cpu;
+    CPU_FOREACH(cpu) {
+        CPUARMState* env = cpu->env_ptr;
+        NVICState* nvic = env->nvic;
+        // set_irq_level(nvic, irqn, 1);
+        // set_irq_level(nvic, irqn, 0);
+        armv7m_nvic_set_pending(nvic, irqn+16, false);
+    }
+    if (!haslock) {
+        qemu_mutex_unlock_iothread();
+    }
+}
+/* End LibAFL instrumentation */

softmmu/main.c

@@ -118,6 +118,9 @@ int64_t libafl_get_clock( void )
 }
 
 #ifndef AS_SHARED_LIB
+#ifdef TARGET_ARM
+void libafl_send_irq(int irqn);
+#endif
 int main(int argc, char **argv, char **envp)
 {
     qemu_init(argc, argv, envp);
@@ -135,6 +138,10 @@ int main(int argc, char **argv, char **envp)
     libafl_snapshot_save("Start");
     int counter = 3000;
     do {
+        libafl_qemu_main_loop();
+        #ifdef TARGET_ARM
+        libafl_send_irq(0);
+        #endif
         libafl_qemu_main_loop();
         libafl_snapshot_load("Start");
         // puts("Reload has occured");