From f367728c4435670caf2e9cc5acad257e7766cc65 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Tue, 28 May 2019 16:40:24 +0200 Subject: afl++ 2.52c initial commit --- qemu_mode/patches/cpu-exec.diff | 54 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) create mode 100644 qemu_mode/patches/cpu-exec.diff (limited to 'qemu_mode/patches/cpu-exec.diff') diff --git a/qemu_mode/patches/cpu-exec.diff b/qemu_mode/patches/cpu-exec.diff new file mode 100644 index 00000000..754bf9ef --- /dev/null +++ b/qemu_mode/patches/cpu-exec.diff @@ -0,0 +1,54 @@ +--- qemu-2.10.0-clean/accel/tcg/cpu-exec.c 2017-08-30 18:50:40.000000000 +0200 ++++ qemu-2.10.0/accel/tcg/cpu-exec.c 2018-09-22 13:21:23.612068407 +0200 +@@ -36,6 +36,8 @@ + #include "sysemu/cpus.h" + #include "sysemu/replay.h" + ++#include "../patches/afl-qemu-cpu-inl.h" ++ + /* -icount align implementation. */ + + typedef struct SyncClocks { +@@ -144,6 +146,8 @@ + int tb_exit; + uint8_t *tb_ptr = itb->tc_ptr; + ++ AFL_QEMU_CPU_SNIPPET2; ++ + qemu_log_mask_and_addr(CPU_LOG_EXEC, itb->pc, + "Trace %p [%d: " TARGET_FMT_lx "] %s\n", + itb->tc_ptr, cpu->cpu_index, itb->pc, +@@ -337,7 +341,7 @@ + TranslationBlock *tb; + target_ulong cs_base, pc; + uint32_t flags; +- bool have_tb_lock = false; ++ bool have_tb_lock = false, was_translated = false, was_chained = false; + + /* we record a subset of the CPU state. It will + always be the same before a given translated block +@@ -365,6 +369,7 @@ + if (!tb) { + /* if no translated code available, then translate it now */ + tb = tb_gen_code(cpu, pc, cs_base, flags, 0); ++ was_translated = true; + } + + mmap_unlock(); +@@ -390,11 +395,16 @@ + } + if (!tb->invalid) { + tb_add_jump(last_tb, tb_exit, tb); ++ was_chained = true; + } + } + if (have_tb_lock) { + tb_unlock(); + } ++ if (was_translated || was_chained) { ++ afl_request_tsl(pc, cs_base, flags, was_chained ? last_tb : NULL, ++ tb_exit); ++ } + return tb; + } + -- cgit 1.4.1