yannick.naumann/RT-Task-Generator-QEMU
1
0
Fork 0
forked from alwin.berger/FRET-qemu
Code Pull Requests Activity

Fix edge coverage hooks

Browse Source
This commit is contained in:
Andrea Fioraldi 2023-11-28 15:03:08 +01:00
parent b946fe4618
commit 7eb4c9dc54
2 changed files with 12 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
accel/tcg/cpu-exec.c
View File

@ -928,12 +928,9 @@ static inline bool cpu_handle_interrupt(CPUState *cpu,
return false; return false;
} }
// LibAFL: Add last_tb_pc arg
static inline void cpu_loop_exec_tb(CPUState *cpu, TranslationBlock *tb, static inline void cpu_loop_exec_tb(CPUState *cpu, TranslationBlock *tb,
vaddr pc, TranslationBlock **last_tb, vaddr pc, TranslationBlock **last_tb,
int *tb_exit, int *tb_exit)
target_ulong *last_tb_pc)
{ {
int32_t insns_left; int32_t insns_left;
@ -941,10 +938,6 @@ static inline void cpu_loop_exec_tb(CPUState *cpu, TranslationBlock *tb,
tb = cpu_tb_exec(cpu, tb, tb_exit); tb = cpu_tb_exec(cpu, tb, tb_exit);
if (*tb_exit != TB_EXIT_REQUESTED) { if (*tb_exit != TB_EXIT_REQUESTED) {
*last_tb = tb; *last_tb = tb;
//// --- Begin LibAFL code ---
*last_tb_pc = pc;
//// --- End LibAFL code ---
return; return;
} }
@ -1004,10 +997,6 @@ cpu_exec_loop(CPUState *cpu, SyncClocks *sc)
TranslationBlock *last_tb = NULL; TranslationBlock *last_tb = NULL;
int tb_exit = 0; int tb_exit = 0;
//// --- Begin LibAFL code ---
target_ulong last_tb_pc = 0;
//// --- End LibAFL code ---
while (!cpu_handle_interrupt(cpu, &last_tb)) { while (!cpu_handle_interrupt(cpu, &last_tb)) {
TranslationBlock *tb; TranslationBlock *tb;
vaddr pc; vaddr pc;
@ -1080,9 +1069,9 @@ cpu_exec_loop(CPUState *cpu, SyncClocks *sc)
if (last_tb) { if (last_tb) {
// tb_add_jump(last_tb, tb_exit, tb); // tb_add_jump(last_tb, tb_exit, tb);
if (last_tb->jmp_reset_offset[1] != TB_JMP_OFFSET_INVALID) { //if (last_tb->jmp_reset_offset[1] != TB_JMP_OFFSET_INVALID) {
mmap_lock(); mmap_lock();
edge = libafl_gen_edge(cpu, last_tb_pc, pc, tb_exit, cs_base, flags, cflags); edge = libafl_gen_edge(cpu, last_tb->pc, pc, tb_exit, cs_base, flags, cflags);
mmap_unlock(); mmap_unlock();
if (edge) { if (edge) {
@ -1092,17 +1081,17 @@ cpu_exec_loop(CPUState *cpu, SyncClocks *sc)
} else { } else {
tb_add_jump(last_tb, tb_exit, tb); tb_add_jump(last_tb, tb_exit, tb);
} }
} else { /*} else {
tb_add_jump(last_tb, tb_exit, tb); tb_add_jump(last_tb, tb_exit, tb);
} }*/
} }
if (has_libafl_edge) { if (has_libafl_edge) {
// execute the edge to make sure to log it the first execution // execute the edge to make sure to log it the first execution
// the edge will then jump to the translated block // the edge will then jump to the translated block
cpu_loop_exec_tb(cpu, edge, last_tb_pc, &last_tb, &tb_exit, &last_tb_pc); cpu_loop_exec_tb(cpu, edge, pc, &last_tb, &tb_exit);
} else { } else {
cpu_loop_exec_tb(cpu, tb, pc, &last_tb, &tb_exit, &last_tb_pc); cpu_loop_exec_tb(cpu, tb, pc, &last_tb, &tb_exit);
} }
//// --- End LibAFL code --- //// --- End LibAFL code ---

7
accel/tcg/translate-all.c
View File

@ -541,9 +541,12 @@ TranslationBlock *tb_gen_code(CPUState *cpu,
gen_code_buf = tcg_ctx->code_gen_ptr; gen_code_buf = tcg_ctx->code_gen_ptr;
tb->tc.ptr = tcg_splitwx_to_rx(gen_code_buf); tb->tc.ptr = tcg_splitwx_to_rx(gen_code_buf);
if (!(cflags & CF_PCREL)) { //// --- Begin LibAFL code ---
// Always include pc for edge hooks
//if (!(cflags & CF_PCREL)) {
tb->pc = pc; tb->pc = pc;
} //}
//// --- End LibAFL code ---
tb->cs_base = cs_base; tb->cs_base = cs_base;
tb->flags = flags; tb->flags = flags;
tb->cflags = cflags; tb->cflags = cflags;