Cleanup merge.

accel/tcg/cpu-exec.c

@@ -180,7 +180,7 @@ static bool tb_lookup_cmp(const void *p, const void *d)
     const TranslationBlock *tb = p;
     const struct tb_desc *desc = d;
 
-    if (tb->pc == desc->pc &&
+    if ((tb_cflags(tb) & CF_PCREL || tb->pc == desc->pc) &&
         tb_page_addr0(tb) == desc->page_addr0 &&
         tb->cs_base == desc->cs_base &&
         tb->flags == desc->flags &&
@@ -230,7 +230,7 @@ static TranslationBlock *tb_htable_lookup(CPUState *cpu, vaddr pc,
         return NULL;
     }
     desc.page_addr0 = phys_pc;
-    h = tb_hash_func(phys_pc, pc,
+    h = tb_hash_func(phys_pc, (cflags & CF_PCREL ? 0 : pc),
                      flags, cs_base, cflags);
     return qht_lookup_custom(&tb_ctx.htable, &desc, h, tb_lookup_cmp);
 }

accel/tcg/cputlb.c

@@ -2556,7 +2556,6 @@ static Int128 do_ld16_mmu(CPUState *cpu, vaddr addr,
                       MMU_DATA_LOAD, l.memop, ra);
         ret = int128_make128(b, a);
     }
-
     if ((l.memop & MO_BSWAP) == MO_LE) {
         ret = bswap128(ret);
     }

accel/tcg/tb-maint.c

@@ -47,7 +47,7 @@ static bool tb_cmp(const void *ap, const void *bp)
     const TranslationBlock *a = ap;
     const TranslationBlock *b = bp;
 
-    return (a->pc == b->pc &&
+    return ((tb_cflags(a) & CF_PCREL || a->pc == b->pc) &&
             a->cs_base == b->cs_base &&
             a->flags == b->flags &&
             (tb_cflags(a) & ~CF_INVALID) == (tb_cflags(b) & ~CF_INVALID) &&
@@ -916,7 +916,7 @@ static void do_tb_phys_invalidate(TranslationBlock *tb, bool rm_from_page_list)
 
     /* remove the TB from the hash list */
     phys_pc = tb_page_addr0(tb);
-    h = tb_hash_func(phys_pc, tb->pc,
+    h = tb_hash_func(phys_pc, (orig_cflags & CF_PCREL ? 0 : tb->pc),
                      tb->flags, tb->cs_base, orig_cflags);
     if (!qht_remove(&tb_ctx.htable, tb, h)) {
         return;
@@ -983,7 +983,7 @@ TranslationBlock *tb_link_page(TranslationBlock *tb)
     tb_record(tb);
 
     /* add in the hash table */
-    h = tb_hash_func(tb_page_addr0(tb), tb->pc,
+    h = tb_hash_func(tb_page_addr0(tb), (tb->cflags & CF_PCREL ? 0 : tb->pc),
                      tb->flags, tb->cs_base, tb->cflags);
     qht_insert(&tb_ctx.htable, tb, h, &existing_tb);
 

accel/tcg/translator.c

@@ -244,7 +244,9 @@ void translator_loop(CPUState *cpu, TranslationBlock *tb, int *max_insns,
          */
         ops->translate_insn(db, cpu);
 
+//// --- Begin LibAFL code ---
 post_translate_insn:
+//// --- End LibAFL code ---
         /*
          * We can't instrument after instructions that change control
          * flow although this only really affects post-load operations.

block/block-backend.c

@@ -701,16 +701,16 @@ bool monitor_add_blk(BlockBackend *blk, const char *name, Error **errp)
         error_setg(errp, "Invalid device name");
         return false;
     }
-//// --- Begin LibAFL code ---
     if (blk_by_name(name)) {
         error_setg(errp, "Device with id '%s' already exists", name);
         return false;
     }
-//// --- End LibAFL code ---
+//// --- Begin LibAFL code ---
     if (blk_by_name_hash(g_str_hash(name))) {
         error_setg(errp, "Device with name hash '%x' already exists", g_str_hash(name));
         return false;
     }
+//// --- End LibAFL code ---
     if (bdrv_find_node(name)) {
         error_setg(errp,
                    "Device name '%s' conflicts with an existing node name",

chardev/char-socket.c

@@ -496,9 +496,9 @@ static gboolean tcp_chr_read(QIOChannel *chan, GIOCondition cond, void *opaque)
         s->max_size <= 0) {
         return TRUE;
     }
-    len = tcp_chr_read_poll(opaque);
-    if (len > sizeof(buf)) {
-        len = sizeof(buf);
+    len = sizeof(buf);
+    if (len > s->max_size) {
+        len = s->max_size;
     }
     size = tcp_chr_recv(chr, (void *)buf, len);
     if (size == 0 || (size == -1 && errno != EAGAIN)) {

configure

@@ -578,8 +578,10 @@ if test "$host_os" = "windows" ; then
   EXESUF=".exe"
 fi
 
+#### --- Begin LibAFL code ---
 as_shared_lib="no"
 as_static_lib="no"
+#### --- end LibAFL code ---
 
 meson_option_build_array() {
   printf '['
@@ -761,6 +763,7 @@ for opt do
   ;;
   --gdb=*) gdb_bin="$optarg"
   ;;
+#### --- Begin LibAFL code ---
   --as-shared-lib)
       as_shared_lib="yes"
       CFLAGS="$CFLAGS -fPIC -DAS_LIB=1"
@@ -771,6 +774,7 @@ for opt do
       CFLAGS="$CFLAGS -fPIC -DAS_LIB=1"
       CXXFLAGS="$CXXFLAGS -fPIC -DAS_LIB=1"
   ;;
+#### --- End LibAFL code ---
   # everything else has the same name in configure and meson
   --*) meson_option_parse "$opt" "$optarg"
   ;;
@@ -1616,7 +1620,6 @@ echo "GDB=$gdb_bin" >> $config_host_mak
 if test "$container" != no; then
     echo "RUNC=$runc" >> $config_host_mak
 fi
-
 echo "SUBDIRS=$subdirs" >> $config_host_mak
 echo "PYTHON=$python" >> $config_host_mak
 echo "MKVENV_ENSUREGROUP=$mkvenv ensuregroup $mkvenv_online_flag" >> $config_host_mak
@@ -1628,13 +1631,14 @@ if test "$default_targets" = "yes"; then
   echo "CONFIG_DEFAULT_TARGETS=y" >> $config_host_mak
 fi
 
+#### --- Begin LibAFL code ---
 if test "$as_shared_lib" = "yes" ; then
   echo "AS_SHARED_LIB=y" >> $config_host_mak
 fi
 if test "$as_static_lib" = "yes" ; then
   echo "AS_STATIC_LIB=y" >> $config_host_mak
 fi
-
+#### --- End LibAFL code ---
 
 # contrib/plugins configuration
 echo "# Automatically generated by configure - do not modify" > contrib/plugins/$config_host_mak

contrib/plugins/lockstep.c

@@ -33,6 +33,7 @@
 
 #include <qemu-plugin.h>
 
+//// --- Begin LibAFL code ---
 static inline gpointer g_memdup2_qemu(gconstpointer mem, gsize byte_size)
 {
 #if GLIB_CHECK_VERSION(2, 68, 0)
@@ -51,6 +52,7 @@ static inline gpointer g_memdup2_qemu(gconstpointer mem, gsize byte_size)
 #endif
 }
 #define g_memdup2(m, s) g_memdup2_qemu(m, s)
+//// --- End LibAFL code ---
 
 QEMU_PLUGIN_EXPORT int qemu_plugin_version = QEMU_PLUGIN_VERSION;
 

gdbstub/gdbstub.c

@@ -1811,13 +1811,14 @@ static const GdbCmdParseEntry gdb_gen_query_table[] = {
         .handler = gdb_handle_query_offsets,
         .cmd = "Offsets",
     },
-#endif
+#else
     {
         .handler = gdb_handle_query_rcmd,
         .cmd = "Rcmd,",
         .cmd_startswith = 1,
         .schema = "s0"
     },
+#endif
     {
         .handler = handle_query_supported,
         .cmd = "Supported:",

hw/hppa/Kconfig

@@ -18,4 +18,3 @@ config HPPA_B160L
     select LASIPS2
     select PARALLEL
     select ARTIST
-    select USB_OHCI_PCI

io/channel-buffer.c

@@ -181,8 +181,8 @@ static int qio_channel_buffer_close(QIOChannel *ioc,
         g_free(bioc->data);
     }
 
-    //// --- End LibAFL code ---
     //g_free(bioc->data);
+    //// --- End LibAFL code ---
     bioc->data = NULL;
     bioc->capacity = bioc->usage = bioc->offset = 0;
 

linux-user/main.c

@@ -636,6 +636,7 @@ static int parse_args(int argc, char **argv)
             r++;
         }
 
+//// --- Begin LibAFL code ---
         if (!strncmp(r, "libafl", 6)) {
             if (optind >= argc) {
                 (void) fprintf(stderr,
@@ -645,6 +646,7 @@ static int parse_args(int argc, char **argv)
             optind++;
             continue;
         }
+//// --- End LibAFL code ---
 
         for (arginfo = arg_table; arginfo->handle_opt != NULL; arginfo++) {
             if (!strcmp(r, arginfo->argv)) {
@@ -675,7 +677,9 @@ static int parse_args(int argc, char **argv)
         exit(EXIT_FAILURE);
     }
 
+//// --- Begin LibAFL code ---
     exec_path = strdup(argv[optind]);
+//// --- End LibAFL code ---
 
     return optind;
 }
@@ -717,9 +721,11 @@ int main(int argc, char **argv, char **envp)
 #endif
 {
     struct target_pt_regs regs1, *regs = &regs1;
+//// --- Begin LibAFL code ---
     //struct image_info info1, *info = &info1;
     struct image_info *info = &libafl_image_info;
     // struct linux_binprm bprm;
+//// --- End LibAFL code ---
     TaskState *ts;
     CPUArchState *env;
     CPUState *cpu;

linux-user/user-internals.h

@@ -65,7 +65,7 @@ abi_long do_syscall(CPUArchState *cpu_env, int num, abi_long arg1,
                     abi_long arg5, abi_long arg6, abi_long arg7,
                     abi_long arg8);
 extern __thread CPUState *thread_cpu;
-void cpu_loop(CPUArchState *env);
+G_NORETURN void cpu_loop(CPUArchState *env);
 abi_long get_errno(abi_long ret);
 const char *target_strerror(int err);
 int get_osversion(void);

meson.build

@@ -3454,9 +3454,12 @@ subdir('ui')
 subdir('hw')
 subdir('gdbstub')
 
+#### --- Begin LibAFL code ---
+
 ### LibAFL extras
 subdir('libafl')
 
+#### --- End LibAFL code ---
 
 if enable_modules
   libmodulecommon = static_library('module-common', files('module-common.c') + genh, pic: true, c_args: '-DBUILD_DSO')
@@ -3585,10 +3588,14 @@ subdir('bsd-user')
 subdir('linux-user')
 
 # needed for fuzzing binaries
+#### --- Begin LibAFL code ---
 if get_option('tests')
+#### --- End LibAFL code ---
   subdir('tests/qtest/libqos')
   subdir('tests/qtest/fuzz')
+#### --- Begin LibAFL code ---
 endif
+#### --- End LibAFL code ---
 
 # accel modules
 tcg_real_module_ss = ss.source_set()
@@ -3971,7 +3978,9 @@ foreach target : target_dirs
       exe_name += '-unsigned'
     endif
 
+#### --- Begin LibAFL code ---
   if 'AS_SHARED_LIB' not in config_host and 'AS_STATIC_LIB' not in config_host
+#### --- End LibAFL code ---
     emulator = executable(exe_name, exe['sources'],
                install: true,
                c_args: c_args,
@@ -3980,6 +3989,7 @@ foreach target : target_dirs
                link_depends: [block_syms, qemu_syms],
                link_args: link_args,
                win_subsystem: exe['win_subsystem'])
+#### --- Begin LibAFL code ---
   else
     if 'AS_SHARED_LIB' in config_host
       emulator = shared_library(exe_name, exe['sources'],
@@ -3997,6 +4007,7 @@ foreach target : target_dirs
                objects: lib.extract_all_objects(recursive: true))
     endif
   endif
+#### --- End LibAFL code ---
     if host_os == 'darwin'
       icon = 'pc-bios/qemu.rsrc'
       build_input = [emulator, files(icon)]
@@ -4132,9 +4143,13 @@ subdir('scripts')
 subdir('tools')
 subdir('pc-bios')
 subdir('docs')
+#### --- Begin LibAFL code ---
 if get_option('tests')
+#### --- End LibAFL code ---
   subdir('tests')
+#### --- Begin LibAFL code ---
 endif
+#### --- End LibAFL code ---
 if gtk.found()
   subdir('po')
 endif
@@ -4230,7 +4245,9 @@ if enable_modules
   summary_info += {'alternative module path': get_option('module_upgrades')}
 endif
 summary_info += {'fuzzing support':   get_option('fuzzing')}
-summary_info += {'tests support':   get_option('tests')}
+#### --- Begin LibAFL code ---
+summary_info += {'Build tests':   get_option('tests')}
+#### --- End LibAFL code ---
 if have_system
   summary_info += {'Audio drivers':     ' '.join(audio_drivers_selected)}
 endif

meson_options.txt

@@ -43,8 +43,10 @@ option('docs', type : 'feature', value : 'auto',
        description: 'Documentations build support')
 option('fuzzing', type : 'boolean', value: false,
        description: 'build fuzzing targets')
+#### --- Begin LibAFL code ---
 option('tests', type : 'boolean', value: true,
        description: 'build tests')
+#### --- End LibAFL code ---
 option('gettext', type : 'feature', value : 'auto',
        description: 'Localization of the GTK+ user interface')
 option('modules', type : 'feature', value : 'disabled',

migration/migration.c

@@ -164,9 +164,6 @@ static bool transport_supports_seeking(MigrationAddress *addr)
     return false;
 }
 
-    return false;
-}
-
 static bool
 migration_channels_and_transport_compatible(MigrationAddress *addr,
                                             Error **errp)
@@ -733,7 +730,6 @@ static void process_incoming_migration_bh(void *opaque)
     migrate_set_state(&mis->state, MIGRATION_STATUS_ACTIVE,
                       MIGRATION_STATUS_COMPLETED);
     migration_incoming_state_destroy();
-    object_unref(OBJECT(migrate_get_current()));
 }
 
 static void coroutine_fn

subprojects/libvhost-user/meson.build

@@ -8,8 +8,10 @@ add_project_arguments(cc.get_supported_arguments('-Wsign-compare',
                                                  '-Wstrict-aliasing'),
                       native: false, language: 'c')
 
+#### --- Begin LibAFL code ---
 keyval = import('keyval')
 config_host = keyval.load(meson.global_build_root() / 'config-host.mak')
+#### --- End LibAFL code ---
 
 threads = dependency('threads')
 glib = dependency('glib-2.0')
@@ -18,7 +20,9 @@ vhost_user = static_library('vhost-user',
                             files('libvhost-user.c'),
                             dependencies: threads,
                             c_args: '-D_GNU_SOURCE',
+#### --- Begin LibAFL code ---
                             pic: 'AS_SHARED_LIB' in config_host)
+#### --- End LibAFL code ---
 
 executable('link-test', files('link-test.c'),
            link_whole: vhost_user)
@@ -27,7 +31,9 @@ vhost_user_glib = static_library('vhost-user-glib',
                                  files('libvhost-user-glib.c'),
                                  link_with: vhost_user,
                                  dependencies: glib,
+#### --- Begin LibAFL code ---
                                  pic: 'AS_SHARED_LIB' in config_host)
+#### --- End LibAFL code ---
 
 vhost_user_dep = declare_dependency(link_with: vhost_user_glib,
                                     dependencies: glib,

system/main.c

@@ -42,10 +42,14 @@ int qemu_default_main(void)
 
 int (*qemu_main)(void) = qemu_default_main;
 
+//// --- Begin LibAFL code ---
 #ifndef AS_LIB
+//// --- End LibAFL code ---
 int main(int argc, char **argv)
 {
     qemu_init(argc, argv);
     return qemu_main();
 }
+//// --- Begin LibAFL code ---
 #endif
+//// --- End LibAFL code ---