AFLplusplus
diff --git a/‎include/libafl/hook.h
Lines changed: 1 addition & 1 deletion b/‎include/libafl/hook.h
Lines changed: 1 addition & 1 deletion
diff --git a/‎include/libafl/hooks/tcg/instruction.h
Lines changed: 3 additions & 2 deletions b/‎include/libafl/hooks/tcg/instruction.h
Lines changed: 3 additions & 2 deletions
diff --git a/‎include/libafl/hooks/tcg/read_write.h
Lines changed: 20 additions & 25 deletions b/‎include/libafl/hooks/tcg/read_write.h
Lines changed: 20 additions & 25 deletions
diff --git a/‎libafl/cpu.c
Lines changed: 2 additions & 1 deletion b/‎libafl/cpu.c
Lines changed: 2 additions & 1 deletion
diff --git a/‎libafl/exit.c
Lines changed: 0 additions & 1 deletion b/‎libafl/exit.c
Lines changed: 0 additions & 1 deletion
diff --git a/‎libafl/hooks/tcg/cmp.c
Lines changed: 1 addition & 7 deletions b/‎libafl/hooks/tcg/cmp.c
Lines changed: 1 addition & 7 deletions
diff --git a/‎libafl/hooks/tcg/instruction.c
Lines changed: 13 additions & 26 deletions b/‎libafl/hooks/tcg/instruction.c
Lines changed: 13 additions & 26 deletions
@@ -53,7 +53,7 @@
     }
 
 // TODO: cleanup this
-extern target_ulong libafl_gen_cur_pc;
+extern tcg_target_ulong libafl_gen_cur_pc;
 extern size_t libafl_qemu_hooks_num;
 
 void libafl_tcg_gen_asan(TCGTemp* addr, size_t size);
@@ -14,6 +14,8 @@
 #define LIBAFL_TABLES_HASH(p)                                                  \
     (((13 * ((size_t)(p))) ^ (((size_t)(p)) >> 15)) % LIBAFL_TABLES_SIZE)
 
+typedef void (*libafl_instruction_cb)(uint64_t data, target_ulong pc);
+
 struct libafl_instruction_hook {
     // data
     uint64_t data;
@@ -28,8 +30,7 @@ struct libafl_instruction_hook {
 };
 
 size_t libafl_qemu_add_instruction_hooks(target_ulong pc,
-                                         void (*callback)(uint64_t data,
-                                                          target_ulong pc),
+                                         libafl_instruction_cb callback,
                                          uint64_t data, int invalidate);
 
 int libafl_qemu_remove_instruction_hook(size_t num, int invalidate);
 
@@ -2,11 +2,6 @@
 
 #include "qemu/osdep.h"
 
-#include "qapi/error.h"
-
-#include "exec/exec-all.h"
-#include "exec/tb-flush.h"
-
 #include "libafl/exit.h"
 #include "libafl/hook.h"
 
@@ -17,9 +12,16 @@
 #define LIBAFL_TABLES_HASH(p)                                                  \
     (((13 * ((size_t)(p))) ^ (((size_t)(p)) >> 15)) % LIBAFL_TABLES_SIZE)
 
+typedef uint64_t (*libafl_rw_gen_cb)(uint64_t data, target_ulong pc,
+                                     TCGTemp* addr, MemOpIdx oi);
+typedef void (*libafl_rw_exec_cb)(uint64_t data, uint64_t id, target_ulong pc,
+                                  target_ulong addr);
+typedef void (*libafl_rw_execN_cb)(uint64_t data, uint64_t id, target_ulong pc,
+                                   target_ulong addr, size_t size);
+
 struct libafl_rw_hook {
     // functions
-    uint64_t (*gen)(uint64_t data, target_ulong pc, TCGTemp* addr, MemOpIdx oi);
+    libafl_rw_gen_cb gen;
 
     // data
     uint64_t data;
@@ -36,25 +38,18 @@ struct libafl_rw_hook {
     struct libafl_rw_hook* next;
 };
 
-void libafl_gen_read(TCGTemp* addr, MemOpIdx oi);
-void libafl_gen_write(TCGTemp* addr, MemOpIdx oi);
-
-size_t libafl_add_read_hook(
-    uint64_t (*gen)(uint64_t data, target_ulong pc, TCGTemp* addr, MemOpIdx oi),
-    void (*exec1)(uint64_t data, uint64_t id, target_ulong addr),
-    void (*exec2)(uint64_t data, uint64_t id, target_ulong addr),
-    void (*exec4)(uint64_t data, uint64_t id, target_ulong addr),
-    void (*exec8)(uint64_t data, uint64_t id, target_ulong addr),
-    void (*execN)(uint64_t data, uint64_t id, target_ulong addr, size_t size),
-    uint64_t data);
-size_t libafl_add_write_hook(
-    uint64_t (*gen)(uint64_t data, target_ulong pc, TCGTemp* addr, MemOpIdx oi),
-    void (*exec1)(uint64_t data, uint64_t id, target_ulong addr),
-    void (*exec2)(uint64_t data, uint64_t id, target_ulong addr),
-    void (*exec4)(uint64_t data, uint64_t id, target_ulong addr),
-    void (*exec8)(uint64_t data, uint64_t id, target_ulong addr),
-    void (*execN)(uint64_t data, uint64_t id, target_ulong addr, size_t size),
-    uint64_t data);
+void libafl_gen_read(TCGTemp* pc, TCGTemp* addr, MemOpIdx oi);
+void libafl_gen_write(TCGTemp* pc, TCGTemp* addr, MemOpIdx oi);
+
+size_t libafl_add_read_hook(libafl_rw_gen_cb gen, libafl_rw_exec_cb exec1,
+                            libafl_rw_exec_cb exec2, libafl_rw_exec_cb exec4,
+                            libafl_rw_exec_cb exec8, libafl_rw_execN_cb execN,
+                            uint64_t data);
+
+size_t libafl_add_write_hook(libafl_rw_gen_cb gen, libafl_rw_exec_cb exec1,
+                             libafl_rw_exec_cb exec2, libafl_rw_exec_cb exec4,
+                             libafl_rw_exec_cb exec8, libafl_rw_execN_cb execN,
+                             uint64_t data);
 
 int libafl_qemu_remove_read_hook(size_t num, int invalidate);
 int libafl_qemu_remove_write_hook(size_t num, int invalidate);
@@ -140,7 +140,8 @@ int libafl_qemu_num_regs(CPUState* cpu)
         if (cc->gdb_num_core_regs) {
             num_regs = cc->gdb_num_core_regs;
         } else {
-            const GDBFeature *feature = gdb_find_static_feature(cc->gdb_core_xml_file);
+            const GDBFeature* feature =
+                gdb_find_static_feature(cc->gdb_core_xml_file);
 
             g_assert(feature);
             g_assert(feature->num_regs > 0);
 
@@ -165,7 +165,6 @@ void libafl_qemu_breakpoint_run(vaddr pc_next)
         if (bp->addr == pc_next) {
             TCGv_i64 tmp0 = tcg_constant_i64((uint64_t)pc_next);
             gen_helper_libafl_qemu_handle_breakpoint(tcg_env, tmp0);
-            tcg_temp_free_i64(tmp0);
         }
         bp = bp->next;
     }
 
@@ -116,14 +116,8 @@ void libafl_gen_cmp(target_ulong pc, TCGv op0, TCGv op1, MemOp ot)
             TCGv_i64 tmp0 = tcg_constant_i64(hook->data);
             TCGv_i64 tmp1 = tcg_constant_i64(cur_id);
             TCGTemp* tmp2[4] = {tcgv_i64_temp(tmp0), tcgv_i64_temp(tmp1),
-#if TARGET_LONG_BITS == 32
-                                tcgv_i32_temp(op0), tcgv_i32_temp(op1)};
-#else
-                                tcgv_i64_temp(op0), tcgv_i64_temp(op1)};
-#endif
+                                tcgv_tl_temp(op0), tcgv_tl_temp(op1)};
             tcg_gen_callN(info->func, info, NULL, tmp2);
-            tcg_temp_free_i64(tmp0);
-            tcg_temp_free_i64(tmp1);
         }
         hook = hook->next;
     }
 
@@ -3,18 +3,21 @@
 
 #include "libafl/cpu.h"
 
-target_ulong libafl_gen_cur_pc;
+static TCGHelperInfo libafl_instruction_info = {
+    .func = NULL,
+    .name = "libafl_instruction_hook",
+    .flags = dh_callflag(void),
+    .typemask = dh_typemask(void, 0) | dh_typemask(i64, 1) | dh_typemask(tl, 2),
+};
+
+tcg_target_ulong libafl_gen_cur_pc;
 struct libafl_instruction_hook*
     libafl_qemu_instruction_hooks[LIBAFL_TABLES_SIZE];
 size_t libafl_qemu_hooks_num = 0;
 
 size_t libafl_qemu_add_instruction_hooks(target_ulong pc,
-                                         void (*callback)(uint64_t data,
-                                                          target_ulong pc),
-                                         uint64_t
-
-                                             data,
-                                         int invalidate)
+                                         libafl_instruction_cb callback,
+                                         uint64_t data, int invalidate)
 {
     CPUState* cpu;
 
@@ -27,13 +30,9 @@ size_t libafl_qemu_add_instruction_hooks(target_ulong pc,
     struct libafl_instruction_hook* hk =
         calloc(sizeof(struct libafl_instruction_hook), 1);
     hk->addr = pc;
-    // hk->callback = callback;
     hk->data = data;
+    hk->helper_info = libafl_instruction_info;
     hk->helper_info.func = callback;
-    hk->helper_info.name = "libafl_instruction_hook";
-    hk->helper_info.flags = dh_callflag(void);
-    hk->helper_info.typemask =
-        dh_typemask(void, 0) | dh_typemask(i64, 1) | dh_typemask(tl, 2);
     // TODO check for overflow
     hk->num = libafl_qemu_hooks_num++;
     hk->next = libafl_qemu_instruction_hooks[idx];
@@ -117,20 +116,8 @@ void libafl_qemu_hook_instruction_run(vaddr pc_next)
         libafl_search_instruction_hook(pc_next);
     if (hk) {
         TCGv_i64 tmp0 = tcg_constant_i64(hk->data);
-#if TARGET_LONG_BITS == 32
-        TCGv_i32 tmp1 = tcg_constant_i32(pc_next);
-        TCGTemp* tmp2[2] = {tcgv_i64_temp(tmp0), tcgv_i32_temp(tmp1)};
-#else
-        TCGv_i64 tmp1 = tcg_constant_i64(pc_next);
-        TCGTemp* tmp2[2] = {tcgv_i64_temp(tmp0), tcgv_i64_temp(tmp1)};
-#endif
-        // tcg_gen_callN(hk->callback, NULL, 2, tmp2);
+        TCGv tmp1 = tcg_constant_tl(pc_next);
+        TCGTemp* tmp2[2] = {tcgv_i64_temp(tmp0), tcgv_tl_temp(tmp1)};
         tcg_gen_callN(hk->helper_info.func, &hk->helper_info, NULL, tmp2);
-#if TARGET_LONG_BITS == 32
-        tcg_temp_free_i32(tmp1);
-#else
-        tcg_temp_free_i64(tmp1);
-#endif
-        tcg_temp_free_i64(tmp0);
     }
 }
Original file line number	Diff line number	Diff line change
`@@ -53,7 +53,7 @@`
`53`	`53`	`}`
`54`	`54`
`55`	`55`	`// TODO: cleanup this`
`56`		`-extern target_ulong libafl_gen_cur_pc;`
	`56`	`+extern tcg_target_ulong libafl_gen_cur_pc;`
`57`	`57`	`extern size_t libafl_qemu_hooks_num;`
`58`	`58`
`59`	`59`	`void libafl_tcg_gen_asan(TCGTemp* addr, size_t size);`
Original file line number	Diff line number	Diff line change
`@@ -165,7 +165,6 @@ void libafl_qemu_breakpoint_run(vaddr pc_next)`
`165`	`165`	`if (bp->addr == pc_next) {`
`166`	`166`	`TCGv_i64 tmp0 = tcg_constant_i64((uint64_t)pc_next);`
`167`	`167`	`gen_helper_libafl_qemu_handle_breakpoint(tcg_env, tmp0);`
`168`		`- tcg_temp_free_i64(tmp0);`
`169`	`168`	`}`
`170`	`169`	`bp = bp->next;`
`171`	`170`	`}`