AFL_ENTRYPOINT instruction granularity

author: Andrea Fioraldi <andreafioraldi@gmail.com> 2020-02-11 21:29:36 +0100
committer: Andrea Fioraldi <andreafioraldi@gmail.com> 2020-02-11 21:29:36 +0100
commit: e22ba031f552bf41fb24286b54c0417d5ddd464a (patch)
tree: 944e0878e5e90b7d2c4774f630e5f17c6a302648 /qemu_mode/patches/translator.diff
parent: 1bb6e1911b4a983687de09b39072638c0c001d3e (diff)
download: afl++-e22ba031f552bf41fb24286b54c0417d5ddd464a.tar.gz
1 files changed, 25 insertions, 0 deletions
diff --git a/qemu_mode/patches/translator.diff b/qemu_mode/patches/translator.diff
new file mode 100644
index 00000000..842e861d
--- /dev/null
+++ b/qemu_mode/patches/translator.diff
@@ -0,0 +1,25 @@
+diff --git a/accel/tcg/translator.c b/accel/tcg/translator.c
+index afd0a49e..773ea712 100644
+--- a/accel/tcg/translator.c
++++ b/accel/tcg/translator.c
+@@ -18,6 +18,8 @@
+ #include "exec/log.h"
+ #include "exec/translator.h"
+ 
++#include "../../../patches/afl-qemu-common.h"
++
+ /* Pairs with tcg_clear_temp_count.
+    To be called by #TranslatorOps.{translate_insn,tb_stop} if
+    (1) the target is sufficiently clean to support reporting,
+@@ -92,6 +94,11 @@ void translator_loop(const TranslatorOps *ops, DisasContextBase *db,
+                 break;
+             }
+         }
++        
++        if (db->pc_next == afl_entry_point) {
++          afl_setup();
++          gen_helper_afl_entry_routine(cpu_env);
++        }
+ 
+         /* Disassemble one instruction.  The translate_insn hook should
+            update db->pc_next and db->is_jmp to indicate what should be
author	Andrea Fioraldi <andreafioraldi@gmail.com>	2020-02-11 21:29:36 +0100
committer	Andrea Fioraldi <andreafioraldi@gmail.com>	2020-02-11 21:29:36 +0100
commit	e22ba031f552bf41fb24286b54c0417d5ddd464a (patch)
tree	944e0878e5e90b7d2c4774f630e5f17c6a302648 /qemu_mode/patches/translator.diff
parent	1bb6e1911b4a983687de09b39072638c0c001d3e (diff)
download	afl++-e22ba031f552bf41fb24286b54c0417d5ddd464a.tar.gz