add interrupt injection

hw/intc/armv7m_nvic.c

@@ -2740,3 +2740,25 @@ static void armv7m_nvic_register_types(void)
 }
 
 type_init(armv7m_nvic_register_types)
+
+/* Begin LibAFL instrumentation */
+#include "qemu/main-loop.h"
+void libafl_send_irq(int irqn);
+void libafl_send_irq(int irqn) {
+    bool haslock = qemu_mutex_iothread_locked();
+    if (!haslock) {
+        qemu_mutex_lock_iothread();
+    }
+    CPUState *cpu;
+    CPU_FOREACH(cpu) {
+        CPUARMState* env = cpu->env_ptr;
+        NVICState* nvic = env->nvic;
+        // set_irq_level(nvic, irqn, 1);
+        // set_irq_level(nvic, irqn, 0);
+        armv7m_nvic_set_pending(nvic, irqn+16, false);
+    }
+    if (!haslock) {
+        qemu_mutex_unlock_iothread();
+    }
+}
+/* End LibAFL instrumentation */

hw/timer/armv7m_systick.c

@@ -308,3 +308,28 @@ static void armv7m_systick_register_types(void)
 }
 
 type_init(armv7m_systick_register_types)
+
+/* Begin LibAFL instrumentation */
+extern void libafl_send_irq(int irqn);
+volatile unsigned int libafl_int_offset = 0;
+static ptimer_state* mytimer;
+/* This can be moved to a helper function later */
+static void libafl_timed_int_hook(void*);
+static void libafl_timed_int_hook(void* arg)
+{
+    libafl_send_irq(0);
+}
+void libafl_start_int_timer( void );
+void libafl_start_int_timer( void ) {
+    if (libafl_int_offset==0) {return;}
+    if (!mytimer) {
+        mytimer = ptimer_init(&libafl_timed_int_hook, NULL, 0);
+    }
+    ptimer_transaction_begin(mytimer);
+    ptimer_stop(mytimer);
+    ptimer_set_period(mytimer, libafl_int_offset);
+    ptimer_set_count(mytimer, 8);
+    ptimer_run(mytimer, 1);
+    ptimer_transaction_commit(mytimer);
+}
+/* End LibAFL instrumentation */