diff options
| author | Andrea Fioraldi <andreafioraldi@gmail.com> | 2019-06-05 11:48:36 +0200 |
|---|---|---|
| committer | Andrea Fioraldi <andreafioraldi@gmail.com> | 2019-06-05 11:48:36 +0200 |
| commit | b59d71546b95ede4c7acc63a8b46fcad83f9f223 (patch) | |
| tree | 61b70bd0fc70be1e599e7fabc4d997074c52b5c6 /qemu_mode/patches/afl-qemu-translate-inl.h | |
| parent | bcc0347eefa05275cea221f8baad8abe7e091872 (diff) | |
| download | afl++-b59d71546b95ede4c7acc63a8b46fcad83f9f223.tar.gz | |
improve afl_maybe_log tcg call generation + merge elfload diffs
Diffstat (limited to 'qemu_mode/patches/afl-qemu-translate-inl.h')
| -rw-r--r-- | qemu_mode/patches/afl-qemu-translate-inl.h | 17 |
1 files changed, 8 insertions, 9 deletions
diff --git a/qemu_mode/patches/afl-qemu-translate-inl.h b/qemu_mode/patches/afl-qemu-translate-inl.h index 543c2e4e..74c827f5 100644 --- a/qemu_mode/patches/afl-qemu-translate-inl.h +++ b/qemu_mode/patches/afl-qemu-translate-inl.h @@ -9,6 +9,8 @@ TCG instrumentation and block chaining support by Andrea Biondo <andrea.biondo965@gmail.com> + QEMU 3.1.0 port and thread-safety by Andrea Fioraldi + <andreafioraldi@gmail.com> Copyright 2015, 2016, 2017 Google Inc. All rights reserved. @@ -19,7 +21,7 @@ http://www.apache.org/licenses/LICENSE-2.0 This code is a shim patched into the separately-distributed source - code of QEMU 2.10.0. It leverages the built-in QEMU tracing functionality + code of QEMU 3.1.0. It leverages the built-in QEMU tracing functionality to implement AFL-style instrumentation and to take care of the remaining parts of the AFL fork server logic. @@ -37,19 +39,17 @@ extern unsigned char *afl_area_ptr; extern unsigned int afl_inst_rms; extern abi_ulong afl_start_code, afl_end_code; -void tcg_gen_afl_callN(void *func, TCGTemp *ret, int nargs, TCGTemp **args); +void tcg_gen_afl_maybe_log_call(target_ulong cur_loc); - -void afl_maybe_log(abi_ulong cur_loc) { +void afl_maybe_log(void* cur_loc) { static __thread abi_ulong prev_loc; - afl_area_ptr[cur_loc ^ prev_loc]++; - prev_loc = cur_loc >> 1; + afl_area_ptr[(abi_ulong)cur_loc ^ prev_loc]++; + prev_loc = (abi_ulong)cur_loc >> 1; } - /* Generates TCG code for AFL's tracing instrumentation. */ static void afl_gen_trace(target_ulong cur_loc) { @@ -71,7 +71,6 @@ static void afl_gen_trace(target_ulong cur_loc) { if (cur_loc >= afl_inst_rms) return; - TCGTemp *args[1] = { tcgv_i64_temp( tcg_const_tl(cur_loc) ) }; - tcg_gen_afl_callN(afl_maybe_log, NULL, 1, args); + tcg_gen_afl_maybe_log_call(cur_loc); } |