| diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c |
| index 870027d4..0bc87dfc 100644 |
| --- a/accel/tcg/cpu-exec.c |
| +++ b/accel/tcg/cpu-exec.c |
| @@ -36,6 +36,8 @@ |
| #include "sysemu/cpus.h" |
| #include "sysemu/replay.h" |
| |
| +#include "../patches/afl-qemu-cpu-inl.h" |
| + |
| /* -icount align implementation. */ |
| |
| typedef struct SyncClocks { |
| @@ -397,11 +399,13 @@ static inline TranslationBlock *tb_find(CPUState *cpu, |
| TranslationBlock *tb; |
| target_ulong cs_base, pc; |
| uint32_t flags; |
| + bool was_translated = false, was_chained = false; |
| |
| tb = tb_lookup__cpu_state(cpu, &pc, &cs_base, &flags, cf_mask); |
| if (tb == NULL) { |
| mmap_lock(); |
| tb = tb_gen_code(cpu, pc, cs_base, flags, cf_mask); |
| + was_translated = true; |
| mmap_unlock(); |
| /* We add the TB in the virtual pc hash table for the fast lookup */ |
| atomic_set(&cpu->tb_jmp_cache[tb_jmp_cache_hash_func(pc)], tb); |
| @@ -418,6 +422,10 @@ static inline TranslationBlock *tb_find(CPUState *cpu, |
| /* See if we can patch the calling TB. */ |
| if (last_tb) { |
| tb_add_jump(last_tb, tb_exit, tb); |
| + was_chained = true; |
| + } |
| + if (was_translated || was_chained) { |
| + afl_request_tsl(pc, cs_base, flags, cf_mask, was_chained ? last_tb : NULL, tb_exit); |
| } |
| return tb; |
| } |
