diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c index 959b121df0..b8c46fe137 100644 --- a/accel/tcg/cpu-exec.c +++ b/accel/tcg/cpu-exec.c @@ -868,6 +868,7 @@ static inline void cpu_loop_exec_tb(CPUState *cpu, TranslationBlock *tb, TranslationBlock *libafl_gen_edge(CPUState *cpu, target_ulong src_block, target_ulong dst_block, target_ulong cs_base, uint32_t flags, int cflags); +void libafl_exec_edge_one_off(target_ulong src_block, target_ulong dst_block); //// --- End LibAFL code --- @@ -970,6 +971,11 @@ int cpu_exec(CPUState *cpu) */ qatomic_set(&cpu->tb_jmp_cache[tb_jmp_cache_hash_func(pc)], tb); } + //// --- Begin LibAFL code --- + if (!last_tb) { + libafl_exec_edge_one_off(0, tb->pc); + } + //// --- End LibAFL code --- #ifndef CONFIG_USER_ONLY /* diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c index 21c64a75c3..a1d5996e16 100644 --- a/accel/tcg/translate-all.c +++ b/accel/tcg/translate-all.c @@ -68,6 +68,7 @@ #include "exec/helper-head.h" void libafl_helper_table_add(TCGHelperInfo* info); +void libafl_exec_edge_one_off(target_ulong src_block, target_ulong dst_block); TranslationBlock *libafl_gen_edge(CPUState *cpu, target_ulong src_block, target_ulong dst_block, target_ulong cs_base, uint32_t flags, int cflags); @@ -1770,6 +1771,20 @@ tb_link_page(TranslationBlock *tb, tb_page_addr_t phys_pc, } //// --- Begin LibAFL code --- +void libafl_exec_edge_one_off(target_ulong src_block, target_ulong dst_block) +{ + uint32_t libafl_id = 0; + if (libafl_gen_edge_hook) + libafl_id = libafl_gen_edge_hook((uint64_t)src_block, (uint64_t)dst_block); + if (!libafl_exec_edge_hook || libafl_id == (uint32_t)-1) + return; + if (!exec_edge_hook_added) { + exec_edge_hook_added = 1; + libafl_exec_edge_hook_info.func = libafl_exec_edge_hook; + libafl_helper_table_add(&libafl_exec_edge_hook_info); + } + libafl_exec_edge_hook(libafl_id); +} /* Called with mmap_lock held for user mode emulation. */ TranslationBlock *libafl_gen_edge(CPUState *cpu, target_ulong src_block,