Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix helper function calls & support for new x86 decoder #92

Merged
merged 2 commits into from
Oct 31, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 0 additions & 2 deletions include/libafl/hook.h
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,4 @@
extern target_ulong libafl_gen_cur_pc;
extern size_t libafl_qemu_hooks_num;

void tcg_gen_callN(TCGHelperInfo* info, TCGTemp* ret, TCGTemp** args);

void libafl_tcg_gen_asan(TCGTemp* addr, size_t size);
1 change: 0 additions & 1 deletion include/libafl/hooks/tcg/edge.h
Original file line number Diff line number Diff line change
@@ -1,7 +1,6 @@
#pragma once

#include "qemu/osdep.h"

#include "qapi/error.h"

#include "exec/exec-all.h"
Expand Down
10 changes: 10 additions & 0 deletions include/libafl/tcg.h
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
#pragma once

#include "qemu/osdep.h"
#include "qapi/error.h"

#include "tcg/tcg.h"
#include "tcg/helper-info.h"

void tcg_gen_callN(void *func, TCGHelperInfo *info,
TCGTemp *ret, TCGTemp **args);
3 changes: 2 additions & 1 deletion libafl/hooks/tcg/backdoor.c
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
#include "libafl/tcg.h"
#include "libafl/hooks/tcg/backdoor.h"

struct libafl_backdoor_hook* libafl_backdoor_hooks;
Expand Down Expand Up @@ -40,7 +41,7 @@ void libafl_qemu_hook_backdoor_run(vaddr pc_next)
TCGTemp* args[3] = {tcgv_i64_temp(tmp0), tcgv_ptr_temp(tcg_env),
tcgv_tl_temp(tmp2)};

tcg_gen_callN(&bhk->helper_info, NULL, args);
tcg_gen_callN(bhk->helper_info.func, &bhk->helper_info, NULL, args);

bhk = bhk->next;
}
Expand Down
3 changes: 2 additions & 1 deletion libafl/hooks/tcg/block.c
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
#include "libafl/tcg.h"
#include "libafl/hooks/tcg/block.h"

struct libafl_block_hook* libafl_block_hooks;
Expand Down Expand Up @@ -80,7 +81,7 @@ void libafl_qemu_hook_block_run(target_ulong pc)
TCGv_i64 tmp0 = tcg_constant_i64(hook->data);
TCGv_i64 tmp1 = tcg_constant_i64(cur_id);
TCGTemp* tmp2[2] = {tcgv_i64_temp(tmp0), tcgv_i64_temp(tmp1)};
tcg_gen_callN(&hook->helper_info, NULL, tmp2);
tcg_gen_callN(hook->helper_info.func, &hook->helper_info, NULL, tmp2);
tcg_temp_free_i64(tmp0);
tcg_temp_free_i64(tmp1);
}
Expand Down
3 changes: 2 additions & 1 deletion libafl/hooks/tcg/cmp.c
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
#include "libafl/tcg.h"
#include "libafl/hooks/tcg/cmp.h"

struct libafl_cmp_hook* libafl_cmp_hooks;
Expand Down Expand Up @@ -120,7 +121,7 @@ void libafl_gen_cmp(target_ulong pc, TCGv op0, TCGv op1, MemOp ot)
#else
tcgv_i64_temp(op0), tcgv_i64_temp(op1)};
#endif
tcg_gen_callN(info, NULL, tmp2);
tcg_gen_callN(info->func, info, NULL, tmp2);
tcg_temp_free_i64(tmp0);
tcg_temp_free_i64(tmp1);
}
Expand Down
6 changes: 4 additions & 2 deletions libafl/hooks/tcg/edge.c
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
#include "libafl/tcg.h"
#include "libafl/hooks/tcg/edge.h"

struct libafl_edge_hook* libafl_edge_hooks;
Expand All @@ -8,7 +9,8 @@ static TCGHelperInfo libafl_exec_edge_hook_info = {
.name = "libafl_exec_edge_hook",
.flags = dh_callflag(void),
.typemask =
dh_typemask(void, 0) | dh_typemask(i64, 1) | dh_typemask(i64, 2)};
dh_typemask(void, 0) | dh_typemask(i64, 1) | dh_typemask(i64, 2)
};

GEN_REMOVE_HOOK(edge)

Expand Down Expand Up @@ -84,7 +86,7 @@ void libafl_qemu_hook_edge_run(void)
TCGv_i64 tmp0 = tcg_constant_i64(hook->data);
TCGv_i64 tmp1 = tcg_constant_i64(hook->cur_id);
TCGTemp* tmp2[2] = {tcgv_i64_temp(tmp0), tcgv_i64_temp(tmp1)};
tcg_gen_callN(&hook->helper_info, NULL, tmp2);
tcg_gen_callN(hook->helper_info.func, &hook->helper_info, NULL, tmp2);
tcg_temp_free_i64(tmp0);
tcg_temp_free_i64(tmp1);
}
Expand Down
3 changes: 2 additions & 1 deletion libafl/hooks/tcg/instruction.c
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
#include "libafl/tcg.h"
#include "libafl/hooks/tcg/instruction.h"

#include "libafl/cpu.h"
Expand Down Expand Up @@ -124,7 +125,7 @@ void libafl_qemu_hook_instruction_run(vaddr pc_next)
TCGTemp* tmp2[2] = {tcgv_i64_temp(tmp0), tcgv_i64_temp(tmp1)};
#endif
// tcg_gen_callN(hk->callback, NULL, 2, tmp2);
tcg_gen_callN(&hk->helper_info, NULL, tmp2);
tcg_gen_callN(hk->helper_info.func, &hk->helper_info, NULL, tmp2);
#if TARGET_LONG_BITS == 32
tcg_temp_free_i32(tmp1);
#else
Expand Down
5 changes: 3 additions & 2 deletions libafl/hooks/tcg/read_write.c
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
#include "libafl/tcg.h"
#include "libafl/hooks/tcg/read_write.h"

struct libafl_rw_hook* libafl_read_hooks;
Expand Down Expand Up @@ -201,7 +202,7 @@ static void libafl_gen_rw(TCGTemp* addr, MemOpIdx oi,
TCGv_i64 tmp1 = tcg_constant_i64(cur_id);
TCGTemp* tmp2[3] = {tcgv_i64_temp(tmp0), tcgv_i64_temp(tmp1),
addr};
tcg_gen_callN(info, NULL, tmp2);
tcg_gen_callN(info->func, info, NULL, tmp2);
tcg_temp_free_i64(tmp0);
tcg_temp_free_i64(tmp1);
} else if (hook->helper_infoN.func) {
Expand All @@ -215,7 +216,7 @@ static void libafl_gen_rw(TCGTemp* addr, MemOpIdx oi,
#else
tcgv_i64_temp(tmp2)};
#endif
tcg_gen_callN(&hook->helper_infoN, NULL, tmp3);
tcg_gen_callN(hook->helper_infoN.func, &hook->helper_infoN, NULL, tmp3);
tcg_temp_free_i64(tmp0);
tcg_temp_free_i64(tmp1);
#if TARGET_LONG_BITS == 32
Expand Down
7 changes: 7 additions & 0 deletions target/i386/tcg/emit.c.inc
Original file line number Diff line number Diff line change
Expand Up @@ -3848,6 +3848,13 @@ static void gen_SUB(DisasContext *s, X86DecodedInsn *decode)
tcg_gen_sub_tl(s->T0, s->cc_srcT, s->T1);
} else {
tcg_gen_mov_tl(s->cc_srcT, s->T0);

//// --- Begin LibAFL code ---

libafl_gen_cmp(s->pc, s->T0, s->T1, ot);

//// --- End LibAFL code ---

tcg_gen_sub_tl(s->T0, s->T0, s->T1);
}
prepare_update2_cc(decode, s, CC_OP_SUBB + ot);
Expand Down
9 changes: 8 additions & 1 deletion target/i386/tcg/translate.c
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@

//// --- Begin LibAFL code ---

void libafl_gen_cmp(target_ulong pc, TCGv op0, TCGv op1, MemOp ot);
#include "libafl/hooks/tcg/cmp.h"

//// --- End LibAFL code ---

Expand Down Expand Up @@ -1234,6 +1234,13 @@ static void gen_cmps(DisasContext *s, MemOp ot)
gen_op_ld_v(s, ot, s->T0, s->A0);
tcg_gen_mov_tl(cpu_cc_src, s->T1);
tcg_gen_mov_tl(s->cc_srcT, s->T0);

//// --- Begin LibAFL code ---

libafl_gen_cmp(s->pc, s->T0, s->T1, ot);

//// --- End LibAFL code ---

tcg_gen_sub_tl(cpu_cc_dst, s->T0, s->T1);
set_cc_op(s, CC_OP_SUBB + ot);

Expand Down
12 changes: 6 additions & 6 deletions tcg/tcg.c
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,10 @@
#include "user/guest-base.h"
#endif

//// --- Begin LibAFL code ---
#include "libafl/tcg.h"
//// --- End LibAFL code ---

/* Forward declarations for functions declared in tcg-target.c.inc and
used here. */
static void tcg_target_init(TCGContext *s);
Expand Down Expand Up @@ -2240,13 +2244,9 @@ bool tcg_op_supported(TCGOpcode op)
static TCGOp *tcg_op_alloc(TCGOpcode opc, unsigned nargs);

//// --- Begin LibAFL code ---

void tcg_gen_callN(void *func, TCGHelperInfo *info,
TCGTemp *ret, TCGTemp **args);

/* static */
//// --- End LibAFL code ---

/* static */ void tcg_gen_callN(void *func, TCGHelperInfo *info,
void tcg_gen_callN(void *func, TCGHelperInfo *info,
TCGTemp *ret, TCGTemp **args)
{
TCGv_i64 extend_free[MAX_CALL_IARGS];
Expand Down
Loading