Refactor read/write hooks:

* add PC to the callbacks
* simplify code, merge common code
* use macros
* remove useless tcg frees

Author: rmalmain

include/libafl/hook.h

@@ -53,7 +53,7 @@
     }
 
 // TODO: cleanup this
-extern target_ulong libafl_gen_cur_pc;
+extern tcg_target_ulong libafl_gen_cur_pc;
 extern size_t libafl_qemu_hooks_num;
 
 void libafl_tcg_gen_asan(TCGTemp* addr, size_t size);

include/libafl/hooks/tcg/instruction.h

@@ -14,6 +14,8 @@
 #define LIBAFL_TABLES_HASH(p)                                                  \
     (((13 * ((size_t)(p))) ^ (((size_t)(p)) >> 15)) % LIBAFL_TABLES_SIZE)
 
+typedef void (*libafl_instruction_cb)(uint64_t data, target_ulong pc);
+
 struct libafl_instruction_hook {
     // data
     uint64_t data;
@@ -28,8 +30,7 @@ struct libafl_instruction_hook {
 };
 
 size_t libafl_qemu_add_instruction_hooks(target_ulong pc,
-                                         void (*callback)(uint64_t data,
-                                                          target_ulong pc),
+                                         libafl_instruction_cb callback,
                                          uint64_t data, int invalidate);
 
 int libafl_qemu_remove_instruction_hook(size_t num, int invalidate);

include/libafl/hooks/tcg/read_write.h

@@ -2,11 +2,6 @@
 
 #include "qemu/osdep.h"
 
-#include "qapi/error.h"
-
-#include "exec/exec-all.h"
-#include "exec/tb-flush.h"
-
 #include "libafl/exit.h"
 #include "libafl/hook.h"
 
@@ -17,9 +12,16 @@
 #define LIBAFL_TABLES_HASH(p)                                                  \
     (((13 * ((size_t)(p))) ^ (((size_t)(p)) >> 15)) % LIBAFL_TABLES_SIZE)
 
+typedef uint64_t (*libafl_rw_gen_cb)(uint64_t data, target_ulong pc,
+                                     TCGTemp* addr, MemOpIdx oi);
+typedef void (*libafl_rw_exec_cb)(uint64_t data, uint64_t id, target_ulong pc,
+                                  target_ulong addr);
+typedef void (*libafl_rw_execN_cb)(uint64_t data, uint64_t id, target_ulong pc,
+                                   target_ulong addr, size_t size);
+
 struct libafl_rw_hook {
     // functions
-    uint64_t (*gen)(uint64_t data, target_ulong pc, TCGTemp* addr, MemOpIdx oi);
+    libafl_rw_gen_cb gen;
 
     // data
     uint64_t data;
@@ -36,25 +38,18 @@ struct libafl_rw_hook {
     struct libafl_rw_hook* next;
 };
 
-void libafl_gen_read(TCGTemp* addr, MemOpIdx oi);
-void libafl_gen_write(TCGTemp* addr, MemOpIdx oi);
-
-size_t libafl_add_read_hook(
-    uint64_t (*gen)(uint64_t data, target_ulong pc, TCGTemp* addr, MemOpIdx oi),
-    void (*exec1)(uint64_t data, uint64_t id, target_ulong addr),
-    void (*exec2)(uint64_t data, uint64_t id, target_ulong addr),
-    void (*exec4)(uint64_t data, uint64_t id, target_ulong addr),
-    void (*exec8)(uint64_t data, uint64_t id, target_ulong addr),
-    void (*execN)(uint64_t data, uint64_t id, target_ulong addr, size_t size),
-    uint64_t data);
-size_t libafl_add_write_hook(
-    uint64_t (*gen)(uint64_t data, target_ulong pc, TCGTemp* addr, MemOpIdx oi),
-    void (*exec1)(uint64_t data, uint64_t id, target_ulong addr),
-    void (*exec2)(uint64_t data, uint64_t id, target_ulong addr),
-    void (*exec4)(uint64_t data, uint64_t id, target_ulong addr),
-    void (*exec8)(uint64_t data, uint64_t id, target_ulong addr),
-    void (*execN)(uint64_t data, uint64_t id, target_ulong addr, size_t size),
-    uint64_t data);
+void libafl_gen_read(TCGTemp* pc, TCGTemp* addr, MemOpIdx oi);
+void libafl_gen_write(TCGTemp* pc, TCGTemp* addr, MemOpIdx oi);
+
+size_t libafl_add_read_hook(libafl_rw_gen_cb gen, libafl_rw_exec_cb exec1,
+                            libafl_rw_exec_cb exec2, libafl_rw_exec_cb exec4,
+                            libafl_rw_exec_cb exec8, libafl_rw_execN_cb execN,
+                            uint64_t data);
+
+size_t libafl_add_write_hook(libafl_rw_gen_cb gen, libafl_rw_exec_cb exec1,
+                             libafl_rw_exec_cb exec2, libafl_rw_exec_cb exec4,
+                             libafl_rw_exec_cb exec8, libafl_rw_execN_cb execN,
+                             uint64_t data);
 
 int libafl_qemu_remove_read_hook(size_t num, int invalidate);
 int libafl_qemu_remove_write_hook(size_t num, int invalidate);

libafl/cpu.c

@@ -140,7 +140,8 @@ int libafl_qemu_num_regs(CPUState* cpu)
         if (cc->gdb_num_core_regs) {
             num_regs = cc->gdb_num_core_regs;
         } else {
-            const GDBFeature *feature = gdb_find_static_feature(cc->gdb_core_xml_file);
+            const GDBFeature* feature =
+                gdb_find_static_feature(cc->gdb_core_xml_file);
 
             g_assert(feature);
             g_assert(feature->num_regs > 0);

libafl/exit.c

@@ -165,7 +165,6 @@ void libafl_qemu_breakpoint_run(vaddr pc_next)
         if (bp->addr == pc_next) {
             TCGv_i64 tmp0 = tcg_constant_i64((uint64_t)pc_next);
             gen_helper_libafl_qemu_handle_breakpoint(tcg_env, tmp0);
-            tcg_temp_free_i64(tmp0);
         }
         bp = bp->next;
     }

libafl/hooks/tcg/cmp.c

@@ -122,8 +122,6 @@ void libafl_gen_cmp(target_ulong pc, TCGv op0, TCGv op1, MemOp ot)
                                 tcgv_i64_temp(op0), tcgv_i64_temp(op1)};
 #endif
             tcg_gen_callN(info->func, info, NULL, tmp2);
-            tcg_temp_free_i64(tmp0);
-            tcg_temp_free_i64(tmp1);
         }
         hook = hook->next;
     }

libafl/hooks/tcg/instruction.c

@@ -3,18 +3,14 @@
 
 #include "libafl/cpu.h"
 
-target_ulong libafl_gen_cur_pc;
+tcg_target_ulong libafl_gen_cur_pc;
 struct libafl_instruction_hook*
     libafl_qemu_instruction_hooks[LIBAFL_TABLES_SIZE];
 size_t libafl_qemu_hooks_num = 0;
 
 size_t libafl_qemu_add_instruction_hooks(target_ulong pc,
-                                         void (*callback)(uint64_t data,
-                                                          target_ulong pc),
-                                         uint64_t
-
-                                             data,
-                                         int invalidate)
+                                         libafl_instruction_cb callback,
+                                         uint64_t data, int invalidate)
 {
     CPUState* cpu;
 
@@ -124,13 +120,6 @@ void libafl_qemu_hook_instruction_run(vaddr pc_next)
         TCGv_i64 tmp1 = tcg_constant_i64(pc_next);
         TCGTemp* tmp2[2] = {tcgv_i64_temp(tmp0), tcgv_i64_temp(tmp1)};
 #endif
-        // tcg_gen_callN(hk->callback, NULL, 2, tmp2);
         tcg_gen_callN(hk->helper_info.func, &hk->helper_info, NULL, tmp2);
-#if TARGET_LONG_BITS == 32
-        tcg_temp_free_i32(tmp1);
-#else
-        tcg_temp_free_i64(tmp1);
-#endif
-        tcg_temp_free_i64(tmp0);
     }
 }