1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
|
--- qemu-2.10.0-clean/accel/tcg/cpu-exec.c 2017-08-30 18:50:40.000000000 +0200
+++ qemu-2.10.0/accel/tcg/cpu-exec.c 2018-09-22 13:21:23.612068407 +0200
@@ -36,6 +36,8 @@
#include "sysemu/cpus.h"
#include "sysemu/replay.h"
+#include "../patches/afl-qemu-cpu-inl.h"
+
/* -icount align implementation. */
typedef struct SyncClocks {
@@ -144,6 +146,8 @@
int tb_exit;
uint8_t *tb_ptr = itb->tc_ptr;
+ AFL_QEMU_CPU_SNIPPET2;
+
qemu_log_mask_and_addr(CPU_LOG_EXEC, itb->pc,
"Trace %p [%d: " TARGET_FMT_lx "] %s\n",
itb->tc_ptr, cpu->cpu_index, itb->pc,
@@ -337,7 +341,7 @@
TranslationBlock *tb;
target_ulong cs_base, pc;
uint32_t flags;
- bool have_tb_lock = false;
+ bool have_tb_lock = false, was_translated = false, was_chained = false;
/* we record a subset of the CPU state. It will
always be the same before a given translated block
@@ -365,6 +369,7 @@
if (!tb) {
/* if no translated code available, then translate it now */
tb = tb_gen_code(cpu, pc, cs_base, flags, 0);
+ was_translated = true;
}
mmap_unlock();
@@ -390,11 +395,16 @@
}
if (!tb->invalid) {
tb_add_jump(last_tb, tb_exit, tb);
+ was_chained = true;
}
}
if (have_tb_lock) {
tb_unlock();
}
+ if (was_translated || was_chained) {
+ afl_request_tsl(pc, cs_base, flags, was_chained ? last_tb : NULL,
+ tb_exit);
+ }
return tb;
}
|
