diff options
| author | van Hauser <vh@thc.org> | 2019-06-03 14:04:44 +0200 |
|---|---|---|
| committer | van Hauser <vh@thc.org> | 2019-06-03 14:04:44 +0200 |
| commit | 22418f238d57c526d9d8509308a956e2b23537c2 (patch) | |
| tree | 8f301a23563266629396a395fdc0e69ffeb17b30 /qemu_mode/patches/afl-qemu-translate-inl.h | |
| parent | 14bfde3f78ab7efdea0d72dc731a39e2e47bb2c3 (diff) | |
| download | afl++-22418f238d57c526d9d8509308a956e2b23537c2.tar.gz | |
qemu 3.1 support added
Diffstat (limited to 'qemu_mode/patches/afl-qemu-translate-inl.h')
| -rw-r--r-- | qemu_mode/patches/afl-qemu-translate-inl.h | 41 |
1 files changed, 18 insertions, 23 deletions
diff --git a/qemu_mode/patches/afl-qemu-translate-inl.h b/qemu_mode/patches/afl-qemu-translate-inl.h index 9e778a83..543c2e4e 100644 --- a/qemu_mode/patches/afl-qemu-translate-inl.h +++ b/qemu_mode/patches/afl-qemu-translate-inl.h @@ -37,17 +37,26 @@ extern unsigned char *afl_area_ptr; extern unsigned int afl_inst_rms; extern abi_ulong afl_start_code, afl_end_code; +void tcg_gen_afl_callN(void *func, TCGTemp *ret, int nargs, TCGTemp **args); + + +void afl_maybe_log(abi_ulong cur_loc) { + + static __thread abi_ulong prev_loc; + + afl_area_ptr[cur_loc ^ prev_loc]++; + prev_loc = cur_loc >> 1; + +} + + /* Generates TCG code for AFL's tracing instrumentation. */ -static void afl_gen_trace(target_ulong cur_loc) -{ - static __thread target_ulong prev_loc; - TCGv index, count, new_prev_loc; - TCGv_ptr prev_loc_ptr, count_ptr; +static void afl_gen_trace(target_ulong cur_loc) { /* Optimize for cur_loc > afl_end_code, which is the most likely case on Linux systems. */ - if (cur_loc > afl_end_code || cur_loc < afl_start_code || !afl_area_ptr) + if (cur_loc > afl_end_code || cur_loc < afl_start_code /*|| !afl_area_ptr*/) // not needed because of static dummy buffer return; /* Looks like QEMU always maps to fixed locations, so ASAN is not a @@ -62,21 +71,7 @@ static void afl_gen_trace(target_ulong cur_loc) if (cur_loc >= afl_inst_rms) return; - /* index = prev_loc ^ cur_loc */ - prev_loc_ptr = tcg_const_ptr(&prev_loc); - index = tcg_temp_new(); - tcg_gen_ld_tl(index, prev_loc_ptr, 0); - tcg_gen_xori_tl(index, index, cur_loc); - - /* afl_area_ptr[index]++ */ - count_ptr = tcg_const_ptr(afl_area_ptr); - tcg_gen_add_ptr(count_ptr, count_ptr, TCGV_NAT_TO_PTR(index)); - count = tcg_temp_new(); - tcg_gen_ld8u_tl(count, count_ptr, 0); - tcg_gen_addi_tl(count, count, 1); - tcg_gen_st8_tl(count, count_ptr, 0); - - /* prev_loc = cur_loc >> 1 */ - new_prev_loc = tcg_const_tl(cur_loc >> 1); - tcg_gen_st_tl(new_prev_loc, prev_loc_ptr, 0); + TCGTemp *args[1] = { tcgv_i64_temp( tcg_const_tl(cur_loc) ) }; + tcg_gen_afl_callN(afl_maybe_log, NULL, 1, args); + } |