yannick.naumann/RT-Task-Generator-QEMU
1
0
Fork 0
forked from alwin.berger/FRET-qemu
Code Pull Requests Activity

Fix edge coverage hooks

Browse Source
This commit is contained in:
Andrea Fioraldi 2023-11-28 15:03:08 +01:00
parent b946fe4618
commit 7eb4c9dc54
2 changed files with 12 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
accel/tcg/cpu-exec.c
View File

@ -928,12 +928,9 @@ static inline bool cpu_handle_interrupt(CPUState *cpu,
return false;
}
// LibAFL: Add last_tb_pc arg
static inline void cpu_loop_exec_tb(CPUState *cpu, TranslationBlock *tb,
vaddr pc, TranslationBlock **last_tb,
int *tb_exit,
target_ulong *last_tb_pc)
int *tb_exit)
{
int32_t insns_left;
@ -941,10 +938,6 @@ static inline void cpu_loop_exec_tb(CPUState *cpu, TranslationBlock *tb,
tb = cpu_tb_exec(cpu, tb, tb_exit);
if (*tb_exit != TB_EXIT_REQUESTED) {
*last_tb = tb;
//// --- Begin LibAFL code ---
*last_tb_pc = pc;
//// --- End LibAFL code ---
return;
}
@ -1004,10 +997,6 @@ cpu_exec_loop(CPUState *cpu, SyncClocks *sc)
TranslationBlock *last_tb = NULL;
int tb_exit = 0;
//// --- Begin LibAFL code ---
target_ulong last_tb_pc = 0;
//// --- End LibAFL code ---
while (!cpu_handle_interrupt(cpu, &last_tb)) {
TranslationBlock *tb;
vaddr pc;
@ -1080,9 +1069,9 @@ cpu_exec_loop(CPUState *cpu, SyncClocks *sc)
if (last_tb) {
// tb_add_jump(last_tb, tb_exit, tb);
if (last_tb->jmp_reset_offset[1] != TB_JMP_OFFSET_INVALID) {
//if (last_tb->jmp_reset_offset[1] != TB_JMP_OFFSET_INVALID) {
mmap_lock();
edge = libafl_gen_edge(cpu, last_tb_pc, pc, tb_exit, cs_base, flags, cflags);
edge = libafl_gen_edge(cpu, last_tb->pc, pc, tb_exit, cs_base, flags, cflags);
mmap_unlock();
if (edge) {
@ -1092,17 +1081,17 @@ cpu_exec_loop(CPUState *cpu, SyncClocks *sc)
} else {
tb_add_jump(last_tb, tb_exit, tb);
}
} else {
/*} else {
tb_add_jump(last_tb, tb_exit, tb);
}
}*/
}
if (has_libafl_edge) {
// execute the edge to make sure to log it the first execution
// the edge will then jump to the translated block
cpu_loop_exec_tb(cpu, edge, last_tb_pc, &last_tb, &tb_exit, &last_tb_pc);
cpu_loop_exec_tb(cpu, edge, pc, &last_tb, &tb_exit);
} else {
cpu_loop_exec_tb(cpu, tb, pc, &last_tb, &tb_exit, &last_tb_pc);
cpu_loop_exec_tb(cpu, tb, pc, &last_tb, &tb_exit);
}
//// --- End LibAFL code ---

7
accel/tcg/translate-all.c
View File

@ -541,9 +541,12 @@ TranslationBlock *tb_gen_code(CPUState *cpu,
gen_code_buf = tcg_ctx->code_gen_ptr;
tb->tc.ptr = tcg_splitwx_to_rx(gen_code_buf);
if (!(cflags & CF_PCREL)) {
//// --- Begin LibAFL code ---
// Always include pc for edge hooks
//if (!(cflags & CF_PCREL)) {
tb->pc = pc;
}
//}
//// --- End LibAFL code ---
tb->cs_base = cs_base;
tb->flags = flags;
tb->cflags = cflags;