1 files changed, 8 insertions, 9 deletions

diff --git a/qemu_mode/patches/afl-qemu-translate-inl.h b/qemu_mode/patches/afl-qemu-translate-inl.h
index 543c2e4e..74c827f5 100644
--- a/qemu_mode/patches/afl-qemu-translate-inl.h
+++ b/qemu_mode/patches/afl-qemu-translate-inl.h
@@ -9,6 +9,8 @@
 
    TCG instrumentation and block chaining support by Andrea Biondo
                                       <andrea.biondo965@gmail.com>
+   QEMU 3.1.0 port and thread-safety by Andrea Fioraldi
+                                      <andreafioraldi@gmail.com>
 
    Copyright 2015, 2016, 2017 Google Inc. All rights reserved.
 
@@ -19,7 +21,7 @@
      http://www.apache.org/licenses/LICENSE-2.0
 
    This code is a shim patched into the separately-distributed source
-   code of QEMU 2.10.0. It leverages the built-in QEMU tracing functionality
+   code of QEMU 3.1.0. It leverages the built-in QEMU tracing functionality
    to implement AFL-style instrumentation and to take care of the remaining
    parts of the AFL fork server logic.
 
@@ -37,19 +39,17 @@ extern unsigned char *afl_area_ptr;
 extern unsigned int afl_inst_rms;
 extern abi_ulong afl_start_code, afl_end_code;
 
-void tcg_gen_afl_callN(void *func, TCGTemp *ret, int nargs, TCGTemp **args);
+void tcg_gen_afl_maybe_log_call(target_ulong cur_loc);
 
-
-void afl_maybe_log(abi_ulong cur_loc) {
+void afl_maybe_log(void* cur_loc) { 
 
   static __thread abi_ulong prev_loc;
 
-  afl_area_ptr[cur_loc ^ prev_loc]++;
-  prev_loc = cur_loc >> 1;
+  afl_area_ptr[(abi_ulong)cur_loc ^ prev_loc]++;
+  prev_loc = (abi_ulong)cur_loc >> 1;
 
 }
 
-
 /* Generates TCG code for AFL's tracing instrumentation. */
 static void afl_gen_trace(target_ulong cur_loc) {
 
@@ -71,7 +71,6 @@ static void afl_gen_trace(target_ulong cur_loc) {
 
   if (cur_loc >= afl_inst_rms) return;
 
-  TCGTemp *args[1] = { tcgv_i64_temp( tcg_const_tl(cur_loc) ) };
-  tcg_gen_afl_callN(afl_maybe_log, NULL, 1, args);
+  tcg_gen_afl_maybe_log_call(cur_loc);
   
 }