From ccc7d889c41a7a73fec214d8ea24b525502e4e5c Mon Sep 17 00:00:00 2001 From: Alwin Berger Date: Tue, 18 Jun 2024 17:13:31 +0200 Subject: [PATCH] hack main.c to measure instructions --- README_icount.txt | 11 ++++++++++ myconfigureunshared.sh | 3 +-- system/main.c | 47 ++++++++++++++++++++++++++++-------------- system/runstate.c | 4 ++-- 4 files changed, 46 insertions(+), 19 deletions(-) create mode 100644 README_icount.txt diff --git a/README_icount.txt b/README_icount.txt new file mode 100644 index 0000000000..230bfe7f78 --- /dev/null +++ b/README_icount.txt @@ -0,0 +1,11 @@ +# dependencies +nix-shell +# build qemu +mkdir build +cd build +../myconfigureunsared.sh +make -j 8 +# prepare img +qemu-img create -f qcow2 dummy.qcow2 32M +# run +./qemu-system-arm 12a0 1404 -machine mps2-an385 -cpu cortex-m3 -kernel kernel.elf -serial none -icount shift=5,align=off,sleep=on -monitor none -nographic diff --git a/myconfigureunshared.sh b/myconfigureunshared.sh index c65ce52078..33dbbabcd8 100755 --- a/myconfigureunshared.sh +++ b/myconfigureunshared.sh @@ -37,7 +37,6 @@ cd build --disable-gtk \ --disable-guest-agent \ --disable-guest-agent-msi \ - --disable-hax \ --disable-hvf \ --disable-iconv \ --disable-jack \ @@ -112,4 +111,4 @@ cd build --disable-xen \ --disable-xen-pci-passthrough \ --disable-xkbcommon \ - --disable-zstd \ \ No newline at end of file + --disable-zstd \ diff --git a/system/main.c b/system/main.c index 8770b8bbe1..6652a645ba 100644 --- a/system/main.c +++ b/system/main.c @@ -24,6 +24,7 @@ #include "qemu/osdep.h" #include "qemu-main.h" +#include "sysemu/runstate.h" #include "sysemu/sysemu.h" #ifdef CONFIG_SDL @@ -47,6 +48,9 @@ int (*qemu_main)(void) = qemu_default_main; #include #include #include "exec/cpu-common.h" +void libafl_qemu_set_native_breakpoint( vaddr ); +void libafl_qemu_remove_native_breakpoint( vaddr ); +int64_t icount_get_raw(void); //========= Instrumentation end int main(int argc, char **argv) { @@ -56,20 +60,23 @@ int main(int argc, char **argv) fprintf(stderr, "Need address and input file argument\n"); exit(1); } - hwaddr target_addr = (hwaddr) strtoll(argv[1], NULL, 16); - char buffer[4097]; - FILE* inputfile = fopen(argv[2], "rb"); - if (!inputfile) { - perror("fopen"); - exit(1); - } - size_t read_len = fread(buffer, sizeof(char), 4096, inputfile); - buffer[read_len]=0; - if (!read_len) { - fprintf(stderr, "No input in file\n"); - exit(1); - } - printf("Load at %lx: %s\n", target_addr, buffer); + hwaddr start = (hwaddr) strtoll(argv[1], NULL, 16); + hwaddr end = (hwaddr) strtoll(argv[2], NULL, 16); + // hwaddr target_addr = (hwaddr) strtoll(argv[1], NULL, 16); + // vm_start(); + // char buffer[4097]; + // FILE* inputfile = fopen(argv[2], "rb"); + // if (!inputfile) { + // perror("fopen"); + // exit(1); + // } + // size_t read_len = fread(buffer, sizeof(char), 4096, inputfile); + // buffer[read_len]=0; + // if (!read_len) { + // fprintf(stderr, "No input in file\n"); + // exit(1); + // } + // printf("Load at %lx: %s\n", target_addr, buffer); // fix arguments for qemu argv[2]=argv[0]; argv=&argv[2]; @@ -78,7 +85,17 @@ int main(int argc, char **argv) qemu_init(argc, argv); //========= Instrumentation start // load input - cpu_physical_memory_rw(target_addr, buffer, read_len, true); + // cpu_physical_memory_rw(target_addr, buffer, read_len, true); + libafl_qemu_set_native_breakpoint(start); + vm_start(); + qemu_main_loop(); + libafl_qemu_remove_native_breakpoint(start); + libafl_qemu_set_native_breakpoint(end); + printf("Start: %lu\n", icount_get_raw()); + vm_start(); + qemu_main_loop(); + printf("End: %lu\n", icount_get_raw()); + return 0; //========= Instrumentation end return qemu_main(); } diff --git a/system/runstate.c b/system/runstate.c index eb962f40e1..e558c59007 100644 --- a/system/runstate.c +++ b/system/runstate.c @@ -724,9 +724,9 @@ static bool main_loop_should_exit(int *status) vm_stop(RUN_STATE_DEBUG); //// --- Begin LibAFL code --- -#ifdef AS_LIB +// #ifdef AS_LIB // Also exit in standalone mode for debugging return true; // exit back to fuzzing harness -#endif +// #endif //// --- End LibAFL code --- }