yannick.naumann/RT-Task-Generator-QEMU
1
0
Fork 0
forked from alwin.berger/FRET-qemu
Code Pull Requests Activity

it compiles!

Browse Source
This commit is contained in:
Andrea Fioraldi 2023-07-21 15:45:55 +02:00
parent e4cf836249
commit 7dd994beba
6 changed files with 70 additions and 130 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
accel/tcg/tcg-runtime.c
View File

@ -171,10 +171,10 @@ void libafl_qemu_trigger_breakpoint(CPUState* cpu)
}
}
void HELPER(libafl_qemu_handle_breakpoint)(CPUArchState *env, target_ulong pc)
void HELPER(libafl_qemu_handle_breakpoint)(CPUArchState *env, uint64_t pc)
{
CPUState* cpu = env_cpu(env);
libafl_breakpoint_pc = pc;
libafl_breakpoint_pc = (target_ulong)pc;
libafl_qemu_trigger_breakpoint(cpu);
}

2
accel/tcg/tcg-runtime.h
View File

@ -302,6 +302,6 @@ DEF_HELPER_FLAGS_5(gvec_bitsel, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, ptr, i32)
//// --- Begin LibAFL code ---
DEF_HELPER_FLAGS_2(libafl_qemu_handle_breakpoint, TCG_CALL_NO_RWG,
void, env, tl)
void, env, i64)
//// --- End LibAFL code ---

125
accel/tcg/translate-all.c
View File

@ -73,32 +73,14 @@
#include "tcg/tcg-temp-internal.h"
// reintroduce this in QEMU
static TCGv_i64 tcg_const_i64(int64_t val)
{
TCGv_i64 t0;
t0 = tcg_temp_new_i64();
tcg_gen_movi_i64(t0, val);
return t0;
}
#if TARGET_LONG_BITS == 32
static TCGv_i32 tcg_const_i32(int32_t val)
{
TCGv_i32 t0;
t0 = tcg_temp_new_i32();
tcg_gen_movi_i32(t0, val);
return t0;
}
#define tcg_const_tl tcg_const_i32
#else
#define tcg_const_tl tcg_const_i64
#ifndef TARGET_LONG_BITS
#error "TARGET_LONG_BITS not defined"
#endif
void tcg_gen_callN(TCGHelperInfo *info, TCGTemp *ret, TCGTemp **args);
target_ulong libafl_gen_cur_pc;
void libafl_helper_table_add(TCGHelperInfo* info);
TranslationBlock *libafl_gen_edge(CPUState *cpu, target_ulong src_block,
target_ulong dst_block, int exit_n,
target_ulong cs_base, uint32_t flags,
@ -147,7 +129,6 @@ void libafl_add_edge_hook(uint64_t (*gen)(target_ulong src, target_ulong dst, ui
if (exec) {
memcpy(&hook->helper_info, &libafl_exec_edge_hook_info, sizeof(TCGHelperInfo));
hook->helper_info.func = exec;
libafl_helper_table_add(&hook->helper_info);
}
}
@ -191,7 +172,6 @@ void libafl_add_block_hook(uint64_t (*gen)(target_ulong pc, uint64_t data),
if (exec) {
memcpy(&hook->helper_info, &libafl_exec_block_hook_info, sizeof(TCGHelperInfo));
hook->helper_info.func = exec;
libafl_helper_table_add(&hook->helper_info);
}
}
@ -300,27 +280,22 @@ void libafl_add_read_hook(uint64_t (*gen)(target_ulong pc, MemOpIdx oi, uint64_t
if (exec1) {
memcpy(&hook->helper_info1, &libafl_exec_read_hook1_info, sizeof(TCGHelperInfo));
hook->helper_info1.func = exec1;
libafl_helper_table_add(&hook->helper_info1);
}
if (exec2) {
memcpy(&hook->helper_info2, &libafl_exec_read_hook2_info, sizeof(TCGHelperInfo));
hook->helper_info2.func = exec2;
libafl_helper_table_add(&hook->helper_info2);
}
if (exec4) {
memcpy(&hook->helper_info4, &libafl_exec_read_hook4_info, sizeof(TCGHelperInfo));
hook->helper_info4.func = exec4;
libafl_helper_table_add(&hook->helper_info4);
}
if (exec8) {
memcpy(&hook->helper_info8, &libafl_exec_read_hook8_info, sizeof(TCGHelperInfo));
hook->helper_info8.func = exec8;
libafl_helper_table_add(&hook->helper_info8);
}
if (execN) {
memcpy(&hook->helper_infoN, &libafl_exec_read_hookN_info, sizeof(TCGHelperInfo));
hook->helper_infoN.func = execN;
libafl_helper_table_add(&hook->helper_infoN);
}
}
@ -333,25 +308,25 @@ void libafl_gen_read(TCGTemp *addr, MemOpIdx oi)
uint64_t cur_id = 0;
if (hook->gen)
cur_id = hook->gen(libafl_gen_cur_pc, oi, hook->data);
void* func = NULL;
if (size == 1) func = hook->exec1;
else if (size == 2) func = hook->exec2;
else if (size == 4) func = hook->exec4;
else if (size == 8) func = hook->exec8;
TCGHelperInfo* info = NULL;
if (size == 1 && hook->exec1) info = &hook->helper_info1;
else if (size == 2 && hook->exec2) info = &hook->helper_info2;
else if (size == 4 && hook->exec4) info = &hook->helper_info4;
else if (size == 8 && hook->exec8) info = &hook->helper_info8;
if (cur_id != (uint64_t)-1) {
if (func) {
TCGv_i64 tmp0 = tcg_const_i64(cur_id);
TCGv_i64 tmp1 = tcg_const_i64(hook->data);
if (info) {
TCGv_i64 tmp0 = tcg_constant_i64(cur_id);
TCGv_i64 tmp1 = tcg_constant_i64(hook->data);
TCGTemp *tmp2[3] = { tcgv_i64_temp(tmp0),
addr,
tcgv_i64_temp(tmp1) };
tcg_gen_callN(func, NULL, 3, tmp2);
tcg_gen_callN(info, NULL, tmp2);
tcg_temp_free_i64(tmp0);
tcg_temp_free_i64(tmp1);
} else if (hook->execN) {
TCGv_i64 tmp0 = tcg_const_i64(cur_id);
TCGv tmp1 = tcg_const_tl(size);
TCGv_i64 tmp2 = tcg_const_i64(hook->data);
TCGv_i64 tmp0 = tcg_constant_i64(cur_id);
TCGv tmp1 = tcg_constant_tl(size);
TCGv_i64 tmp2 = tcg_constant_i64(hook->data);
TCGTemp *tmp3[4] = { tcgv_i64_temp(tmp0),
addr,
#if TARGET_LONG_BITS == 32
@ -360,7 +335,7 @@ void libafl_gen_read(TCGTemp *addr, MemOpIdx oi)
tcgv_i64_temp(tmp1),
#endif
tcgv_i64_temp(tmp2) };
tcg_gen_callN(hook->execN, NULL, 4, tmp3);
tcg_gen_callN(&hook->helper_infoN, NULL, tmp3);
tcg_temp_free_i64(tmp0);
#if TARGET_LONG_BITS == 32
tcg_temp_free_i32(tmp1);
@ -410,27 +385,22 @@ void libafl_add_write_hook(uint64_t (*gen)(target_ulong pc, MemOpIdx oi, uint64_
if (exec1) {
memcpy(&hook->helper_info1, &libafl_exec_write_hook1_info, sizeof(TCGHelperInfo));
hook->helper_info1.func = exec1;
libafl_helper_table_add(&hook->helper_info1);
}
if (exec2) {
memcpy(&hook->helper_info2, &libafl_exec_write_hook2_info, sizeof(TCGHelperInfo));
hook->helper_info2.func = exec2;
libafl_helper_table_add(&hook->helper_info2);
}
if (exec4) {
memcpy(&hook->helper_info4, &libafl_exec_write_hook4_info, sizeof(TCGHelperInfo));
hook->helper_info4.func = exec4;
libafl_helper_table_add(&hook->helper_info4);
}
if (exec8) {
memcpy(&hook->helper_info8, &libafl_exec_write_hook8_info, sizeof(TCGHelperInfo));
hook->helper_info8.func = exec8;
libafl_helper_table_add(&hook->helper_info8);
}
if (execN) {
memcpy(&hook->helper_infoN, &libafl_exec_write_hookN_info, sizeof(TCGHelperInfo));
hook->helper_infoN.func = execN;
libafl_helper_table_add(&hook->helper_infoN);
}
}
@ -443,25 +413,25 @@ void libafl_gen_write(TCGTemp *addr, MemOpIdx oi)
uint64_t cur_id = 0;
if (hook->gen)
cur_id = hook->gen(libafl_gen_cur_pc, oi, hook->data);
void* func = NULL;
if (size == 1) func = hook->exec1;
else if (size == 2) func = hook->exec2;
else if (size == 4) func = hook->exec4;
else if (size == 8) func = hook->exec8;
TCGHelperInfo* info = NULL;
if (size == 1 && hook->exec1) info = &hook->helper_info1;
else if (size == 2 && hook->exec2) info = &hook->helper_info2;
else if (size == 4 && hook->exec4) info = &hook->helper_info4;
else if (size == 8 && hook->exec8) info = &hook->helper_info8;
if (cur_id != (uint64_t)-1) {
if (func) {
TCGv_i64 tmp0 = tcg_const_i64(cur_id);
TCGv_i64 tmp1 = tcg_const_i64(hook->data);
if (info) {
TCGv_i64 tmp0 = tcg_constant_i64(cur_id);
TCGv_i64 tmp1 = tcg_constant_i64(hook->data);
TCGTemp *tmp2[3] = { tcgv_i64_temp(tmp0),
addr,
tcgv_i64_temp(tmp1) };
tcg_gen_callN(func, NULL, 3, tmp2);
tcg_gen_callN(info, NULL, tmp2);
tcg_temp_free_i64(tmp0);
tcg_temp_free_i64(tmp1);
} else if (hook->execN) {
TCGv_i64 tmp0 = tcg_const_i64(cur_id);
TCGv tmp1 = tcg_const_tl(size);
TCGv_i64 tmp2 = tcg_const_i64(hook->data);
TCGv_i64 tmp0 = tcg_constant_i64(cur_id);
TCGv tmp1 = tcg_constant_tl(size);
TCGv_i64 tmp2 = tcg_constant_i64(hook->data);
TCGTemp *tmp3[4] = { tcgv_i64_temp(tmp0),
addr,
#if TARGET_LONG_BITS == 32
@ -470,7 +440,7 @@ void libafl_gen_write(TCGTemp *addr, MemOpIdx oi)
tcgv_i64_temp(tmp1),
#endif
tcgv_i64_temp(tmp2) };
tcg_gen_callN(hook->execN, NULL, 4, tmp3);
tcg_gen_callN(&hook->helper_infoN, NULL, tmp3);
tcg_temp_free_i64(tmp0);
#if TARGET_LONG_BITS == 32
tcg_temp_free_i32(tmp1);
@ -556,22 +526,18 @@ void libafl_add_cmp_hook(uint64_t (*gen)(target_ulong pc, size_t size, uint64_t
if (exec1) {
memcpy(&hook->helper_info1, &libafl_exec_cmp_hook1_info, sizeof(TCGHelperInfo));
hook->helper_info1.func = exec1;
libafl_helper_table_add(&hook->helper_info1);
}
if (exec2) {
memcpy(&hook->helper_info2, &libafl_exec_cmp_hook2_info, sizeof(TCGHelperInfo));
hook->helper_info2.func = exec2;
libafl_helper_table_add(&hook->helper_info2);
}
if (exec4) {
memcpy(&hook->helper_info4, &libafl_exec_cmp_hook4_info, sizeof(TCGHelperInfo));
hook->helper_info4.func = exec4;
libafl_helper_table_add(&hook->helper_info4);
}
if (exec8) {
memcpy(&hook->helper_info8, &libafl_exec_cmp_hook8_info, sizeof(TCGHelperInfo));
hook->helper_info8.func = exec8;
libafl_helper_table_add(&hook->helper_info8);
}
}
@ -601,14 +567,14 @@ void libafl_gen_cmp(target_ulong pc, TCGv op0, TCGv op1, MemOp ot)
uint64_t cur_id = 0;
if (hook->gen)
cur_id = hook->gen(pc, size, hook->data);
void* func = NULL;
if (size == 1) func = hook->exec1;
else if (size == 2) func = hook->exec2;
else if (size == 4) func = hook->exec4;
else if (size == 8) func = hook->exec8;
if (cur_id != (uint64_t)-1 && func) {
TCGv_i64 tmp0 = tcg_const_i64(cur_id);
TCGv_i64 tmp1 = tcg_const_i64(hook->data);
TCGHelperInfo* info = NULL;
if (size == 1 && hook->exec1) info = &hook->helper_info1;
else if (size == 2 && hook->exec2) info = &hook->helper_info2;
else if (size == 4 && hook->exec4) info = &hook->helper_info4;
else if (size == 8 && hook->exec8) info = &hook->helper_info8;
if (cur_id != (uint64_t)-1 && info) {
TCGv_i64 tmp0 = tcg_constant_i64(cur_id);
TCGv_i64 tmp1 = tcg_constant_i64(hook->data);
TCGTemp *tmp2[4] = { tcgv_i64_temp(tmp0),
#if TARGET_LONG_BITS == 32
tcgv_i32_temp(op0), tcgv_i32_temp(op1),
@ -616,7 +582,7 @@ void libafl_gen_cmp(target_ulong pc, TCGv op0, TCGv op1, MemOp ot)
tcgv_i64_temp(op0), tcgv_i64_temp(op1),
#endif
tcgv_i64_temp(tmp1) };
tcg_gen_callN(func, NULL, 4, tmp2);
tcg_gen_callN(info, NULL, tmp2);
tcg_temp_free_i64(tmp0);
tcg_temp_free_i64(tmp1);
}
@ -652,7 +618,6 @@ void libafl_add_backdoor_hook(void (*exec)(target_ulong id, uint64_t data),
memcpy(&hook->helper_info, &libafl_exec_backdoor_hook_info, sizeof(TCGHelperInfo));
hook->helper_info.func = exec;
libafl_helper_table_add(&hook->helper_info);
}
//// --- End LibAFL code ---
@ -886,10 +851,10 @@ static int setjmp_gen_code(CPUArchState *env, TranslationBlock *tb,
if (hook->gen)
cur_id = hook->gen(pc, hook->data);
if (cur_id != (uint64_t)-1 && hook->exec) {
TCGv_i64 tmp0 = tcg_const_i64(cur_id);
TCGv_i64 tmp1 = tcg_const_i64(hook->data);
TCGv_i64 tmp0 = tcg_constant_i64(cur_id);
TCGv_i64 tmp1 = tcg_constant_i64(hook->data);
TCGTemp *tmp2[2] = { tcgv_i64_temp(tmp0), tcgv_i64_temp(tmp1) };
tcg_gen_callN(hook->exec, NULL, 2, tmp2);
tcg_gen_callN(&hook->helper_info, NULL, tmp2);
tcg_temp_free_i64(tmp0);
tcg_temp_free_i64(tmp1);
}
@ -1023,10 +988,10 @@ TranslationBlock *libafl_gen_edge(CPUState *cpu, target_ulong src_block,
while (hook) {
if (hook->cur_id != (uint64_t)-1 && hook->exec) {
hcount++;
TCGv_i64 tmp0 = tcg_const_i64(hook->cur_id);
TCGv_i64 tmp1 = tcg_const_i64(hook->data);
TCGv_i64 tmp0 = tcg_constant_i64(hook->cur_id);
TCGv_i64 tmp1 = tcg_constant_i64(hook->data);
TCGTemp *tmp2[2] = { tcgv_i64_temp(tmp0), tcgv_i64_temp(tmp1) };
tcg_gen_callN(hook->exec, NULL, 2, tmp2);
tcg_gen_callN(&hook->helper_info, NULL, tmp2);
tcg_temp_free_i64(tmp0);
tcg_temp_free_i64(tmp1);
}

47
accel/tcg/translator.c
View File

@ -122,29 +122,12 @@ static void gen_tb_end(const TranslationBlock *tb, uint32_t cflags,
#include "tcg/tcg-internal.h"
#include "tcg/tcg-temp-internal.h"
// reintroduce this in QEMU
static TCGv_i64 tcg_const_i64(int64_t val)
{
TCGv_i64 t0;
t0 = tcg_temp_new_i64();
tcg_gen_movi_i64(t0, val);
return t0;
}
#if TARGET_LONG_BITS == 32
static TCGv_i32 tcg_const_i32(int32_t val)
{
TCGv_i32 t0;
t0 = tcg_temp_new_i32();
tcg_gen_movi_i32(t0, val);
return t0;
}
#define tcg_const_tl tcg_const_i32
#else
#define tcg_const_tl tcg_const_i64
#ifndef TARGET_LONG_BITS
#error "TARGET_LONG_BITS not defined"
#endif
void tcg_gen_callN(TCGHelperInfo *info, TCGTemp *ret, TCGTemp **args);
extern target_ulong libafl_gen_cur_pc;
struct libafl_breakpoint {
@ -234,14 +217,16 @@ void translator_loop(CPUState *cpu, TranslationBlock *tb, int *max_insns,
struct libafl_hook* hk = libafl_search_hook(db->pc_next);
if (hk) {
TCGv tmp0 = tcg_const_tl(db->pc_next);
TCGv_i64 tmp1 = tcg_const_i64(hk->data);
TCGv_i64 tmp1 = tcg_constant_i64(hk->data);
#if TARGET_LONG_BITS == 32
TCGv_i32 tmp0 = tcg_constant_i32(db->pc_next);
TCGTemp *tmp2[2] = { tcgv_i32_temp(tmp0), tcgv_i64_temp(tmp1) };
#else
TCGv_i64 tmp0 = tcg_constant_i64(db->pc_next);
TCGTemp *tmp2[2] = { tcgv_i64_temp(tmp0), tcgv_i64_temp(tmp1) };
#endif
tcg_gen_callN(hk->callback, NULL, 2, tmp2);
// tcg_gen_callN(hk->callback, NULL, 2, tmp2);
tcg_gen_callN(&hk->helper_info, NULL, tmp2);
#if TARGET_LONG_BITS == 32
tcg_temp_free_i32(tmp0);
#else
@ -253,13 +238,9 @@ void translator_loop(CPUState *cpu, TranslationBlock *tb, int *max_insns,
struct libafl_breakpoint* bp = libafl_qemu_breakpoints;
while (bp) {
if (bp->addr == db->pc_next) {
TCGv tmp0 = tcg_const_tl(db->pc_next);
TCGv_i64 tmp0 = tcg_constant_i64((uint64_t)db->pc_next);
gen_helper_libafl_qemu_handle_breakpoint(cpu_env, tmp0);
#if TARGET_LONG_BITS == 32
tcg_temp_free_i32(tmp0);
#else
tcg_temp_free_i64(tmp0);
#endif
}
bp = bp->next;
}
@ -277,14 +258,16 @@ void translator_loop(CPUState *cpu, TranslationBlock *tb, int *max_insns,
if (backdoor == 0x44) {
struct libafl_backdoor_hook* hk = libafl_backdoor_hooks;
while (hk) {
TCGv tmp0 = tcg_const_tl(db->pc_next);
TCGv_i64 tmp1 = tcg_const_i64(hk->data);
TCGv_i64 tmp1 = tcg_constant_i64(hk->data);
#if TARGET_LONG_BITS == 32
TCGv_i32 tmp0 = tcg_constant_i32(db->pc_next);
TCGTemp *tmp2[2] = { tcgv_i32_temp(tmp0), tcgv_i64_temp(tmp1) };
#else
TCGv_i64 tmp0 = tcg_constant_i64(db->pc_next);
TCGTemp *tmp2[2] = { tcgv_i64_temp(tmp0), tcgv_i64_temp(tmp1) };
#endif
tcg_gen_callN(hk->exec, NULL, 2, tmp2);
// tcg_gen_callN(hk->exec, NULL, 2, tmp2);
tcg_gen_callN(&hk->helper_info, NULL, tmp2);
#if TARGET_LONG_BITS == 32
tcg_temp_free_i32(tmp0);
#else

3
cpu.c
View File

@ -74,8 +74,6 @@ size_t libafl_qemu_hooks_num = 0;
__thread int libafl_valid_current_cpu = 0;
void libafl_helper_table_add(TCGHelperInfo* info);
static __thread GByteArray *libafl_qemu_mem_buf = NULL;
target_ulong libafl_page_from_addr(target_ulong addr);
@ -252,7 +250,6 @@ size_t libafl_qemu_set_hook(target_ulong pc, void (*callback)(target_ulong, uint
hk->num = libafl_qemu_hooks_num++;
hk->next = libafl_qemu_hooks[idx];
libafl_qemu_hooks[idx] = hk;
libafl_helper_table_add(&hk->helper_info);
return hk->num;
}

19
tcg/tcg.c
View File

@ -1273,17 +1273,6 @@ static void process_op_defs(TCGContext *s);
static TCGTemp *tcg_global_reg_new_internal(TCGContext *s, TCGType type,
TCGReg reg, const char *name);
//// --- Begin LibAFL code ---
void libafl_helper_table_add(TCGHelperInfo* info);
void libafl_helper_table_add(TCGHelperInfo* info) {
init_call_layout(info);
g_hash_table_insert(helper_table, (gpointer)info->func,
(gpointer)info);
}
//// --- End LibAFL code ---
static void tcg_context_init(unsigned max_cpus)
{
TCGContext *s = &tcg_init_ctx;
@ -2134,7 +2123,13 @@ bool tcg_op_supported(TCGOpcode op)
static TCGOp *tcg_op_alloc(TCGOpcode opc, unsigned nargs);
static void tcg_gen_callN(TCGHelperInfo *info, TCGTemp *ret, TCGTemp **args)
//// --- Begin LibAFL code ---
void tcg_gen_callN(TCGHelperInfo *info, TCGTemp *ret, TCGTemp **args);
//// --- End LibAFL code ---
/* static */ void tcg_gen_callN(TCGHelperInfo *info, TCGTemp *ret, TCGTemp **args)
{
TCGv_i64 extend_free[MAX_CALL_IARGS];
int n_extend = 0;