qemu_mode/patches/arm-translate-a64.diff - platform/external/AFLplusplus - Git at Google

 diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
 index fd36425..992bf17 100644
 --- a/target/arm/translate-a64.c
 +++ b/target/arm/translate-a64.c
 @@ -39,6 +39,8 @@
  #include "translate-a64.h"
  #include "qemu/atomic128.h"

 +#include "../patches/afl-qemu-cpu-translate-inl.h"
 +
  static TCGv_i64 cpu_X[32];
  static TCGv_i64 cpu_pc;

 @@ -3365,6 +3367,12 @@ static void disas_add_sub_imm(DisasContext *s, uint32_t insn)
          return;
      }

 +    if (rd == 31 && sub_op) { // cmp xX, imm
 +      TCGv_i64 tcg_imm = tcg_const_i64(imm);
 +      afl_gen_compcov(s->pc, tcg_rn, tcg_imm, is_64bit ? MO_64 : MO_32, 1);
 +      tcg_temp_free_i64(tcg_imm);
 +    }
 +
      tcg_result = tcg_temp_new_i64();
      if (!setflags) {
          if (sub_op) {
 @@ -3972,6 +3980,9 @@ static void disas_add_sub_ext_reg(DisasContext *s, uint32_t insn)

      tcg_rm = read_cpu_reg(s, rm, sf);
      ext_and_shift_reg(tcg_rm, tcg_rm, option, imm3);
 +
 +    if (rd == 31 && sub_op) // cmp xX, xY
 +      afl_gen_compcov(s->pc, tcg_rn, tcg_rm, sf ? MO_64 : MO_32, 0);

      tcg_result = tcg_temp_new_i64();

 @@ -4037,6 +4048,9 @@ static void disas_add_sub_reg(DisasContext *s, uint32_t insn)

      shift_reg_imm(tcg_rm, tcg_rm, sf, shift_type, imm6);

 +    if (rd == 31 && sub_op) // cmp xX, xY
 +      afl_gen_compcov(s->pc, tcg_rn, tcg_rm, sf ? MO_64 : MO_32, 0);
 +
      tcg_result = tcg_temp_new_i64();

      if (!setflags) {
 @@ -4246,6 +4260,8 @@ static void disas_cc(DisasContext *s, uint32_t insn)
          tcg_y = cpu_reg(s, y);
      }
      tcg_rn = cpu_reg(s, rn);
 +
 +    afl_gen_compcov(s->pc, tcg_rn, tcg_y, sf ? MO_64 : MO_32, is_imm);

      /* Set the flags for the new comparison.  */
      tcg_tmp = tcg_temp_new_i64();
 @@ -13317,6 +13333,8 @@ static void disas_data_proc_simd_fp(DisasContext *s, uint32_t insn)
  static void disas_a64_insn(CPUARMState *env, DisasContext *s)
  {
      uint32_t insn;
 +
 +    AFL_QEMU_TARGET_ARM64_SNIPPET

      insn = arm_ldl_code(env, s->pc, s->sctlr_b);
      s->insn = insn;
	diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
	index fd36425..992bf17 100644
	--- a/target/arm/translate-a64.c
	+++ b/target/arm/translate-a64.c
	@@ -39,6 +39,8 @@
	#include "translate-a64.h"
	#include "qemu/atomic128.h"

	+#include "../patches/afl-qemu-cpu-translate-inl.h"
	+
	static TCGv_i64 cpu_X[32];
	static TCGv_i64 cpu_pc;

	@@ -3365,6 +3367,12 @@ static void disas_add_sub_imm(DisasContext *s, uint32_t insn)
	return;
	}

	+ if (rd == 31 && sub_op) { // cmp xX, imm
	+ TCGv_i64 tcg_imm = tcg_const_i64(imm);
	+ afl_gen_compcov(s->pc, tcg_rn, tcg_imm, is_64bit ? MO_64 : MO_32, 1);
	+ tcg_temp_free_i64(tcg_imm);
	+ }
	+
	tcg_result = tcg_temp_new_i64();
	if (!setflags) {
	if (sub_op) {
	@@ -3972,6 +3980,9 @@ static void disas_add_sub_ext_reg(DisasContext *s, uint32_t insn)

	tcg_rm = read_cpu_reg(s, rm, sf);
	ext_and_shift_reg(tcg_rm, tcg_rm, option, imm3);
	+
	+ if (rd == 31 && sub_op) // cmp xX, xY
	+ afl_gen_compcov(s->pc, tcg_rn, tcg_rm, sf ? MO_64 : MO_32, 0);

	tcg_result = tcg_temp_new_i64();

	@@ -4037,6 +4048,9 @@ static void disas_add_sub_reg(DisasContext *s, uint32_t insn)

	shift_reg_imm(tcg_rm, tcg_rm, sf, shift_type, imm6);

	+ if (rd == 31 && sub_op) // cmp xX, xY
	+ afl_gen_compcov(s->pc, tcg_rn, tcg_rm, sf ? MO_64 : MO_32, 0);
	+
	tcg_result = tcg_temp_new_i64();

	if (!setflags) {
	@@ -4246,6 +4260,8 @@ static void disas_cc(DisasContext *s, uint32_t insn)
	tcg_y = cpu_reg(s, y);
	}
	tcg_rn = cpu_reg(s, rn);
	+
	+ afl_gen_compcov(s->pc, tcg_rn, tcg_y, sf ? MO_64 : MO_32, is_imm);

	/* Set the flags for the new comparison. */
	tcg_tmp = tcg_temp_new_i64();
	@@ -13317,6 +13333,8 @@ static void disas_data_proc_simd_fp(DisasContext *s, uint32_t insn)
	static void disas_a64_insn(CPUARMState env, DisasContext s)
	{
	uint32_t insn;
	+
	+ AFL_QEMU_TARGET_ARM64_SNIPPET

	insn = arm_ldl_code(env, s->pc, s->sctlr_b);
	s->insn = insn;