diff options
| author | Andrea Fioraldi <andreafioraldi@gmail.com> | 2019-08-30 12:13:51 +0200 |
|---|---|---|
| committer | Andrea Fioraldi <andreafioraldi@gmail.com> | 2019-08-30 12:13:51 +0200 |
| commit | 5036cb54ccc3f4dcc261e124e9cf0146a06592c2 (patch) | |
| tree | 42ca0eefcb907b606da00046367fc1e665a2c44f /qemu_mode/patches/afl-qemu-common.h | |
| parent | 2eeb07d164cb7874a64a48bd9c1bf4112636ac43 (diff) | |
| parent | eadd378f6c54a7e021985bca041d9642fff41034 (diff) | |
| download | afl++-5036cb54ccc3f4dcc261e124e9cf0146a06592c2.tar.gz | |
update with changes from master
Diffstat (limited to 'qemu_mode/patches/afl-qemu-common.h')
| -rw-r--r-- | qemu_mode/patches/afl-qemu-common.h | 51 |
1 files changed, 51 insertions, 0 deletions
diff --git a/qemu_mode/patches/afl-qemu-common.h b/qemu_mode/patches/afl-qemu-common.h new file mode 100644 index 00000000..c475cb58 --- /dev/null +++ b/qemu_mode/patches/afl-qemu-common.h @@ -0,0 +1,51 @@ +/* + american fuzzy lop++ - high-performance binary-only instrumentation + ------------------------------------------------------------------- + + Originally written by Andrew Griffiths <agriffiths@google.com> and + Michal Zalewski <lcamtuf@google.com> + + TCG instrumentation and block chaining support by Andrea Biondo + <andrea.biondo965@gmail.com> + + QEMU 3.1.0 port, TCG thread-safety, CompareCoverage and NeverZero + counters by Andrea Fioraldi <andreafioraldi@gmail.com> + + Copyright 2015, 2016, 2017 Google Inc. All rights reserved. + Copyright 2019 AFLplusplus Project. All rights reserved. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at: + + http://www.apache.org/licenses/LICENSE-2.0 + + This code is a shim patched into the separately-distributed source + code of QEMU 3.1.0. It leverages the built-in QEMU tracing functionality + to implement AFL-style instrumentation and to take care of the remaining + parts of the AFL fork server logic. + + The resulting QEMU binary is essentially a standalone instrumentation + tool; for an example of how to leverage it for other purposes, you can + have a look at afl-showmap.c. + + */ + +#include "../../config.h" + +/* NeverZero */ + +#if (defined(__x86_64__) || defined(__i386__)) && defined(AFL_QEMU_NOT_ZERO) +# define INC_AFL_AREA(loc) \ + asm volatile ( \ + "incb (%0, %1, 1)\n" \ + "adcb $0, (%0, %1, 1)\n" \ + : /* no out */ \ + : "r" (afl_area_ptr), "r" (loc) \ + : "memory", "eax" \ + ) +#else +# define INC_AFL_AREA(loc) \ + afl_area_ptr[loc]++ +#endif + |