diff options
| author | Andrea Fioraldi <andreafioraldi@gmail.com> | 2020-02-08 18:07:31 +0100 |
|---|---|---|
| committer | Andrea Fioraldi <andreafioraldi@gmail.com> | 2020-02-08 18:07:31 +0100 |
| commit | 5fa4f47baec7e3dc78e685f9f8a44bf34c3eba53 (patch) | |
| tree | 272dbbc6a08595048a1ff081b46bc83e42663bad /qemu_mode/patches/arm-translate-a64.diff | |
| parent | 0403f008e3c68a9b212d38a5fc0de79eb2f40895 (diff) | |
| download | afl++-5fa4f47baec7e3dc78e685f9f8a44bf34c3eba53.tar.gz | |
persistent qemu mode arm/arm64 && compcov arm64
Diffstat (limited to 'qemu_mode/patches/arm-translate-a64.diff')
| -rw-r--r-- | qemu_mode/patches/arm-translate-a64.diff | 64 |
1 files changed, 64 insertions, 0 deletions
diff --git a/qemu_mode/patches/arm-translate-a64.diff b/qemu_mode/patches/arm-translate-a64.diff new file mode 100644 index 00000000..83856217 --- /dev/null +++ b/qemu_mode/patches/arm-translate-a64.diff @@ -0,0 +1,64 @@ +diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c +index fd36425..992bf17 100644 +--- a/target/arm/translate-a64.c ++++ b/target/arm/translate-a64.c +@@ -39,6 +39,8 @@ + #include "translate-a64.h" + #include "qemu/atomic128.h" + ++#include "../patches/afl-qemu-cpu-translate-inl.h" ++ + static TCGv_i64 cpu_X[32]; + static TCGv_i64 cpu_pc; + +@@ -3365,6 +3367,12 @@ static void disas_add_sub_imm(DisasContext *s, uint32_t insn) + return; + } + ++ if (rd == 31 && sub_op) { // cmp xX, imm ++ TCGv_i64 tcg_imm = tcg_const_i64(imm); ++ afl_gen_compcov(s->pc, tcg_rn, tcg_imm, is_64bit ? MO_64 : MO_32, 1); ++ tcg_temp_free_i64(tcg_imm); ++ } ++ + tcg_result = tcg_temp_new_i64(); + if (!setflags) { + if (sub_op) { +@@ -3972,6 +3980,9 @@ static void disas_add_sub_ext_reg(DisasContext *s, uint32_t insn) + + tcg_rm = read_cpu_reg(s, rm, sf); + ext_and_shift_reg(tcg_rm, tcg_rm, option, imm3); ++ ++ if (rd == 31 && sub_op) // cmp xX, xY ++ afl_gen_compcov(s->pc, tcg_rn, tcg_rm, sf ? MO_64 : MO_32, 0); + + tcg_result = tcg_temp_new_i64(); + +@@ -4037,6 +4048,9 @@ static void disas_add_sub_reg(DisasContext *s, uint32_t insn) + + shift_reg_imm(tcg_rm, tcg_rm, sf, shift_type, imm6); + ++ if (rd == 31 && sub_op) // cmp xX, xY ++ afl_gen_compcov(s->pc, tcg_rn, tcg_rm, sf ? MO_64 : MO_32, 0); ++ + tcg_result = tcg_temp_new_i64(); + + if (!setflags) { +@@ -4246,6 +4260,8 @@ static void disas_cc(DisasContext *s, uint32_t insn) + tcg_y = cpu_reg(s, y); + } + tcg_rn = cpu_reg(s, rn); ++ ++ afl_gen_compcov(s->pc, tcg_rn, tcg_y, sf ? MO_64 : MO_32, is_imm); + + /* Set the flags for the new comparison. */ + tcg_tmp = tcg_temp_new_i64(); +@@ -13317,6 +13333,8 @@ static void disas_data_proc_simd_fp(DisasContext *s, uint32_t insn) + static void disas_a64_insn(CPUARMState *env, DisasContext *s) + { + uint32_t insn; ++ ++ AFL_QEMU_TARGET_ARM64_SNIPPET + + insn = arm_ldl_code(env, s->pc, s->sctlr_b); + s->insn = insn; |