alwin.berger/FRET-qemu
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

use libafl_gen_jmp

Browse Source
This commit is contained in:
Alwin Berger 2022-04-08 00:54:21 +02:00
parent ff823f26ff
commit 404cb91655
3 changed files with 29 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
accel/tcg/cpu-exec.c
View File

@ -972,9 +972,10 @@ int cpu_exec(CPUState *cpu)
qatomic_set(&cpu->tb_jmp_cache[tb_jmp_cache_hash_func(pc)], tb);
}
//// --- Begin LibAFL code ---
if (!last_tb) {
libafl_exec_edge_one_off(0, tb->pc);
}
// This will save an edge (0,pc) after interrupts
// if (!last_tb) {
// libafl_exec_edge_one_off(0, tb->pc);
// }
//// --- End LibAFL code ---
#ifndef CONFIG_USER_ONLY

19
accel/tcg/translate-all.c
View File

@ -68,6 +68,7 @@
#include "exec/helper-head.h"
void libafl_helper_table_add(TCGHelperInfo* info);
void libafl_gen_jmp(target_ulong src, target_ulong dst);
void libafl_exec_edge_one_off(target_ulong src_block, target_ulong dst_block);
TranslationBlock *libafl_gen_edge(CPUState *cpu, target_ulong src_block,
target_ulong dst_block, target_ulong cs_base,
@ -1786,6 +1787,24 @@ void libafl_exec_edge_one_off(target_ulong src_block, target_ulong dst_block)
libafl_exec_edge_hook(libafl_id);
}
void libafl_gen_jmp(target_ulong src, target_ulong dst)
{
uint32_t libafl_id = 0;
if (libafl_gen_edge_hook)
libafl_id = libafl_gen_edge_hook((uint64_t)src, (uint64_t)dst);
if (!libafl_exec_edge_hook || libafl_id == (uint32_t)-1)
return;
if (!exec_edge_hook_added) {
exec_edge_hook_added = 1;
libafl_exec_edge_hook_info.func = libafl_exec_edge_hook;
libafl_helper_table_add(&libafl_exec_edge_hook_info);
}
TCGv_i64 tmp0 = tcg_const_i64(libafl_id);
TCGTemp *tmp1[1] = { tcgv_i64_temp(tmp0) };
tcg_gen_callN(libafl_exec_edge_hook, NULL, 1, tmp1);
tcg_temp_free_i64(tmp0);
}
/* Called with mmap_lock held for user mode emulation. */
TranslationBlock *libafl_gen_edge(CPUState *cpu, target_ulong src_block,
target_ulong dst_block, target_ulong cs_base,

6
target/arm/translate.c
View File

@ -2615,8 +2615,14 @@ static inline void gen_jmp_tb(DisasContext *s, uint32_t dest, int tbno)
}
}
//// --- Begin LibAFL code ---
void libafl_gen_jmp(target_ulong src, target_ulong dst); // see translate-all.c
//// --- End LibAFL code ---
static inline void gen_jmp(DisasContext *s, uint32_t dest)
{
//// --- Begin LibAFL code ---
libafl_gen_jmp(s->pc_curr,dest);
//// --- End LibAFL code ---
gen_jmp_tb(s, dest, 0);
}