Trigger breakpoints also when the CPU is not running

accel/tcg/tcg-runtime.c

@@ -87,12 +87,18 @@ void libafl_load_qemu_snapshot(char *name)
 
 #define EXCP_LIBAFL_BP 0xf4775747
 
+int libafl_qemu_break_asap = 0;
+
 void libafl_qemu_trigger_breakpoint(CPUState* cpu);
 
 void libafl_qemu_trigger_breakpoint(CPUState* cpu)
 {
+    if (cpu->running) {
         cpu->exception_index = EXCP_LIBAFL_BP;
         cpu_loop_exit(cpu);
+    } else {
+        libafl_qemu_break_asap = 1;
+    }
 }
 
 void HELPER(libafl_qemu_handle_breakpoint)(CPUArchState *env)

linux-user/aarch64/cpu_loop.c

@@ -82,6 +82,13 @@ void cpu_loop(CPUARMState *env)
     abi_long ret;
 
     for (;;) {
+
+//// --- Begin LibAFL code ---
+
+        if (libafl_qemu_break_asap) return;
+
+//// --- End LibAFL code ---
+
         cpu_exec_start(cs);
         trapnr = cpu_exec(cs);
         cpu_exec_end(cs);

linux-user/arm/cpu_loop.c

@@ -319,6 +319,13 @@ void cpu_loop(CPUARMState *env)
     abi_ulong ret;
 
     for(;;) {
+
+//// --- Begin LibAFL code ---
+
+        if (libafl_qemu_break_asap) return;
+
+//// --- End LibAFL code ---
+
         cpu_exec_start(cs);
         trapnr = cpu_exec(cs);
         cpu_exec_end(cs);

linux-user/cpu_loop-common.h

@@ -23,6 +23,12 @@
 #include "exec/log.h"
 #include "special-errno.h"
 
+//// --- Begin LibAFL code ---
+
+extern int libafl_qemu_break_asap;
+
+//// --- End LibAFL code ---
+
 #define EXCP_DUMP(env, fmt, ...)                                        \
 do {                                                                    \
     CPUState *cs = env_cpu(env);                                        \

linux-user/i386/cpu_loop.c

@@ -205,6 +205,13 @@ void cpu_loop(CPUX86State *env)
     abi_ulong ret;
 
     for(;;) {
+
+//// --- Begin LibAFL code ---
+
+        if (libafl_qemu_break_asap) return;
+
+//// --- End LibAFL code ---
+
         cpu_exec_start(cs);
         trapnr = cpu_exec(cs);
         cpu_exec_end(cs);