in afl mode, never stop at end_addr (AFLplusplus#16)

dmitryya · May 26, 2021 · 08c1bae · 08c1bae
1 parent 5f00683
commit 08c1bae
Show file tree

Hide file tree

Showing 7 changed files with 57 additions and 15 deletions.
diff --git a/qemu/target-arm/translate-a64.c b/qemu/target-arm/translate-a64.c
@@ -10951,7 +10951,7 @@ static void disas_a64_insn(CPUARMState *env, DisasContext *s)
                 return;
             }
         }
-    }
+    } else
 #endif
     // Unicorn: end address tells us to stop emulation
     if (s->pc == s->uc->addr_end) {
@@ -11098,7 +11098,7 @@ void gen_intermediate_code_internal_a64(ARMCPU *cpu,
                 goto tb_end;
             }
         }
-    }
+    } else
 #endif
     // Unicorn: early check to see if the address of this block is the until address
     if (tb->pc == env->uc->addr_end) {

diff --git a/qemu/target-arm/translate.c b/qemu/target-arm/translate.c
@@ -10437,7 +10437,7 @@ static void disas_thumb_insn(CPUARMState *env, DisasContext *s) // qq
                 return;
             }
         }
-    }
+    } else
 #endif
     // Unicorn: end address tells us to stop emulation
     if (s->pc == s->uc->addr_end) {
@@ -11303,7 +11303,7 @@ static inline void gen_intermediate_code_internal(ARMCPU *cpu,
                 goto tb_end;
             }
         }
-    }
+    } else
 #endif
     // Unicorn: early check to see if the address of this block is the until address
     if (tb->pc == env->uc->addr_end) {
@@ -11461,7 +11461,7 @@ static inline void gen_intermediate_code_internal(ARMCPU *cpu,
                         dc->is_jmp = DISAS_WFI;
                     }
                 }
-            }
+            } else
 #endif
             // end address tells us to stop emulation
             if (dc->pc == dc->uc->addr_end) {

diff --git a/qemu/target-i386/translate.c b/qemu/target-i386/translate.c
@@ -5035,7 +5035,7 @@ static target_ulong disas_insn(CPUX86State *env, DisasContext *s,
                 return s->pc;
             }
         }
-    } 
+    } else
 #endif
     // end address tells us to stop emulation
     if (s->pc == s->uc->addr_end) {
@@ -8728,7 +8728,7 @@ static inline void gen_intermediate_code_internal(uint8_t *gen_opc_cc_op,
                 goto done_generating;
             }
         }
-    }
+    } else
 #endif
     // early check to see if the address of this block is the until address
     if (tb->pc == env->uc->addr_end) {

diff --git a/qemu/target-m68k/translate.c b/qemu/target-m68k/translate.c
@@ -3056,7 +3056,7 @@ static void disas_m68k_insn(CPUM68KState * env, DisasContext *s)
                 return;
             }
         }
-    }
+    } else
 #endif
     // Unicorn: end address tells us to stop emulation
     if (s->pc == s->uc->addr_end) {
@@ -3131,7 +3131,7 @@ gen_intermediate_code_internal(M68kCPU *cpu, TranslationBlock *tb,
                 goto done_generating;
             }
         }
-    }
+    } else
 #endif
     // Unicorn: early check to see if the address of this block is the until address
     if (tb->pc == env->uc->addr_end) {

diff --git a/qemu/target-mips/translate.c b/qemu/target-mips/translate.c
@@ -19225,7 +19225,7 @@ gen_intermediate_code_internal(MIPSCPU *cpu, TranslationBlock *tb,
                 goto done_generating;
             }
         }
-    }
+    } else
 #endif
     // Unicorn: early check to see if the address of this block is the until address
     if (tb->pc == env->uc->addr_end) {
@@ -19299,7 +19299,7 @@ gen_intermediate_code_internal(MIPSCPU *cpu, TranslationBlock *tb,
                 }
             }
             if (stop_emu) break;
-        }
+        } else
 #endif
         // Unicorn: end address tells us to stop emulation
         if (ctx.pc == ctx.uc->addr_end) {

diff --git a/qemu/target-ppc/translate.c b/qemu/target-ppc/translate.c
@@ -11129,6 +11129,21 @@ static inline void gen_intermediate_code_internal(PowerPCCPU *cpu,
 #endif
     num_insns = 0;
 
+ #ifdef UNICORN_AFL 
+    // UNICORN-AFL supports (and needs) multiple exits.
+    uint64_t *exits = env->uc->exits;
+    size_t exit_count = env->uc->exit_count;
+    if (exit_count) {
+        size_t i;
+        for (i = 0; i < exit_count; i++) {
+            if (tb->pc == exits[i]) {
+                gen_tb_start(tcg_ctx);
+                gen_exception(ctxp, EXCP_HLT); 
+                goto done_generating;
+            }
+        }
+    } else
+#endif 
     // early check to see if the address of this block is the until address
     if (pc_start == env->uc->addr_end) {
         gen_tb_start(tcg_ctx);
@@ -11140,6 +11155,19 @@ static inline void gen_intermediate_code_internal(PowerPCCPU *cpu,
     if (max_insns == 0)
         max_insns = CF_COUNT_MASK;
 
+#ifdef UNICORN_AFL 
+    // UNICORN-AFL supports (and needs) multiple exits.
+    if (exit_count) {
+        size_t i;
+        for (i = 0; i < exit_count; i++) {
+            if (tb->pc == exits[i]) {
+                gen_tb_start(tcg_ctx);
+                gen_exception(ctxp, EXCP_HLT); 
+                goto done_generating;
+            }
+        }
+    } else
+#endif
     // Unicorn: early check to see if the address of this block is the until address
     if (tb->pc == env->uc->addr_end) {
         gen_tb_start(tcg_ctx);
@@ -11181,6 +11209,20 @@ static inline void gen_intermediate_code_internal(PowerPCCPU *cpu,
             tcg_ctx->gen_opc_icount[lj] = num_insns;
         }
 
+#ifdef UNICORN_AFL 
+        // UNICORN-AFL supports (and needs) multiple exits.
+        uint64_t *exits = ctxp->uc->exits;
+        size_t exit_count = ctxp->uc->exit_count;
+        if (exit_count) {
+            size_t i;
+            for (i = 0; i < exit_count; i++) {
+                if (ctxp->nip == exits[i]) {
+                    gen_exception(ctxp, EXCP_HLT); 
+                    break;
+                }
+            }
+        } else
+#endif
 // Unicorn
         if (ctxp->nip == ctxp->uc->addr_end) {
 //            save_state(ctxp);

diff --git a/qemu/target-sparc/translate.c b/qemu/target-sparc/translate.c
@@ -5380,7 +5380,7 @@ static inline void gen_intermediate_code_internal(SPARCCPU *cpu,
     int j, lj = -1;
     int num_insns = 0;
     int max_insns;
-    unsigned int insn;
+    unsigned int insn = 0;
     TCGContext *tcg_ctx = env->uc->tcg_ctx;
     bool block_full = false;
 
@@ -5412,7 +5412,7 @@ static inline void gen_intermediate_code_internal(SPARCCPU *cpu,
                 goto done_generating;
             }
         }
-    }
+    } else
 #endif
     // early check to see if the address of this block is the until address
     if (pc_start == env->uc->addr_end) {
@@ -5439,7 +5439,7 @@ static inline void gen_intermediate_code_internal(SPARCCPU *cpu,
                 goto done_generating;
             }
         }
-    }
+    } else
 #endif
     // Unicorn: early check to see if the address of this block is the until address
     if (tb->pc == env->uc->addr_end) {
@@ -5508,7 +5508,7 @@ static inline void gen_intermediate_code_internal(SPARCCPU *cpu,
                 }
                 if (stop_emu) break;
             }
-        }
+        } else
 #endif
         // Unicorn: end address tells us to stop emulation
         if (dc->pc == dc->uc->addr_end) {