Fix helper function calls & support for new x86 decoder (#92)

* fix helper function calls

* cmp hooks: support for new x86 decoder

Author: rmalmain

include/libafl/hook.h

@@ -56,6 +56,4 @@
 extern target_ulong libafl_gen_cur_pc;
 extern size_t libafl_qemu_hooks_num;
 
-void tcg_gen_callN(TCGHelperInfo* info, TCGTemp* ret, TCGTemp** args);
-
 void libafl_tcg_gen_asan(TCGTemp* addr, size_t size);

include/libafl/hooks/tcg/edge.h

@@ -1,7 +1,6 @@
 #pragma once
 
 #include "qemu/osdep.h"
-
 #include "qapi/error.h"
 
 #include "exec/exec-all.h"

include/libafl/tcg.h

@@ -0,0 +1,10 @@
+#pragma once
+
+#include "qemu/osdep.h"
+#include "qapi/error.h"
+
+#include "tcg/tcg.h"
+#include "tcg/helper-info.h"
+
+void tcg_gen_callN(void *func, TCGHelperInfo *info,
+                          TCGTemp *ret, TCGTemp **args);

libafl/hooks/tcg/backdoor.c

@@ -1,3 +1,4 @@
+#include "libafl/tcg.h"
 #include "libafl/hooks/tcg/backdoor.h"
 
 struct libafl_backdoor_hook* libafl_backdoor_hooks;
@@ -40,7 +41,7 @@ void libafl_qemu_hook_backdoor_run(vaddr pc_next)
         TCGTemp* args[3] = {tcgv_i64_temp(tmp0), tcgv_ptr_temp(tcg_env),
                             tcgv_tl_temp(tmp2)};
 
-        tcg_gen_callN(&bhk->helper_info, NULL, args);
+        tcg_gen_callN(bhk->helper_info.func, &bhk->helper_info, NULL, args);
 
         bhk = bhk->next;
     }

libafl/hooks/tcg/block.c

@@ -1,3 +1,4 @@
+#include "libafl/tcg.h"
 #include "libafl/hooks/tcg/block.h"
 
 struct libafl_block_hook* libafl_block_hooks;
@@ -80,7 +81,7 @@ void libafl_qemu_hook_block_run(target_ulong pc)
             TCGv_i64 tmp0 = tcg_constant_i64(hook->data);
             TCGv_i64 tmp1 = tcg_constant_i64(cur_id);
             TCGTemp* tmp2[2] = {tcgv_i64_temp(tmp0), tcgv_i64_temp(tmp1)};
-            tcg_gen_callN(&hook->helper_info, NULL, tmp2);
+            tcg_gen_callN(hook->helper_info.func, &hook->helper_info, NULL, tmp2);
             tcg_temp_free_i64(tmp0);
             tcg_temp_free_i64(tmp1);
         }

libafl/hooks/tcg/cmp.c

@@ -1,3 +1,4 @@
+#include "libafl/tcg.h"
 #include "libafl/hooks/tcg/cmp.h"
 
 struct libafl_cmp_hook* libafl_cmp_hooks;
@@ -120,7 +121,7 @@ void libafl_gen_cmp(target_ulong pc, TCGv op0, TCGv op1, MemOp ot)
 #else
                                 tcgv_i64_temp(op0), tcgv_i64_temp(op1)};
 #endif
-            tcg_gen_callN(info, NULL, tmp2);
+            tcg_gen_callN(info->func, info, NULL, tmp2);
             tcg_temp_free_i64(tmp0);
             tcg_temp_free_i64(tmp1);
         }

libafl/hooks/tcg/edge.c

@@ -1,3 +1,4 @@
+#include "libafl/tcg.h"
 #include "libafl/hooks/tcg/edge.h"
 
 struct libafl_edge_hook* libafl_edge_hooks;
@@ -8,7 +9,8 @@ static TCGHelperInfo libafl_exec_edge_hook_info = {
     .name = "libafl_exec_edge_hook",
     .flags = dh_callflag(void),
     .typemask =
-        dh_typemask(void, 0) | dh_typemask(i64, 1) | dh_typemask(i64, 2)};
+        dh_typemask(void, 0) | dh_typemask(i64, 1) | dh_typemask(i64, 2)
+};
 
 GEN_REMOVE_HOOK(edge)
 
@@ -84,7 +86,7 @@ void libafl_qemu_hook_edge_run(void)
             TCGv_i64 tmp0 = tcg_constant_i64(hook->data);
             TCGv_i64 tmp1 = tcg_constant_i64(hook->cur_id);
             TCGTemp* tmp2[2] = {tcgv_i64_temp(tmp0), tcgv_i64_temp(tmp1)};
-            tcg_gen_callN(&hook->helper_info, NULL, tmp2);
+            tcg_gen_callN(hook->helper_info.func, &hook->helper_info, NULL, tmp2);
             tcg_temp_free_i64(tmp0);
             tcg_temp_free_i64(tmp1);
         }

libafl/hooks/tcg/instruction.c

@@ -1,3 +1,4 @@
+#include "libafl/tcg.h"
 #include "libafl/hooks/tcg/instruction.h"
 
 #include "libafl/cpu.h"
@@ -124,7 +125,7 @@ void libafl_qemu_hook_instruction_run(vaddr pc_next)
         TCGTemp* tmp2[2] = {tcgv_i64_temp(tmp0), tcgv_i64_temp(tmp1)};
 #endif
         // tcg_gen_callN(hk->callback, NULL, 2, tmp2);
-        tcg_gen_callN(&hk->helper_info, NULL, tmp2);
+        tcg_gen_callN(hk->helper_info.func, &hk->helper_info, NULL, tmp2);
 #if TARGET_LONG_BITS == 32
         tcg_temp_free_i32(tmp1);
 #else

libafl/hooks/tcg/read_write.c

@@ -1,3 +1,4 @@
+#include "libafl/tcg.h"
 #include "libafl/hooks/tcg/read_write.h"
 
 struct libafl_rw_hook* libafl_read_hooks;
@@ -201,7 +202,7 @@ static void libafl_gen_rw(TCGTemp* addr, MemOpIdx oi,
                 TCGv_i64 tmp1 = tcg_constant_i64(cur_id);
                 TCGTemp* tmp2[3] = {tcgv_i64_temp(tmp0), tcgv_i64_temp(tmp1),
                                     addr};
-                tcg_gen_callN(info, NULL, tmp2);
+                tcg_gen_callN(info->func, info, NULL, tmp2);
                 tcg_temp_free_i64(tmp0);
                 tcg_temp_free_i64(tmp1);
             } else if (hook->helper_infoN.func) {
@@ -215,7 +216,7 @@ static void libafl_gen_rw(TCGTemp* addr, MemOpIdx oi,
 #else
                                     tcgv_i64_temp(tmp2)};
 #endif
-                tcg_gen_callN(&hook->helper_infoN, NULL, tmp3);
+                tcg_gen_callN(hook->helper_infoN.func, &hook->helper_infoN, NULL, tmp3);
                 tcg_temp_free_i64(tmp0);
                 tcg_temp_free_i64(tmp1);
 #if TARGET_LONG_BITS == 32

target/i386/tcg/emit.c.inc

@@ -3848,6 +3848,13 @@ static void gen_SUB(DisasContext *s, X86DecodedInsn *decode)
         tcg_gen_sub_tl(s->T0, s->cc_srcT, s->T1);
     } else {
         tcg_gen_mov_tl(s->cc_srcT, s->T0);
+
+//// --- Begin LibAFL code ---
+
+        libafl_gen_cmp(s->pc, s->T0, s->T1, ot);
+
+//// --- End LibAFL code ---
+
         tcg_gen_sub_tl(s->T0, s->T0, s->T1);
     }
     prepare_update2_cc(decode, s, CC_OP_SUBB + ot);