Skip to content

Commit 6cfed37

Browse files
author
Your Name
committed
Improve performance
1 parent 3f18f6f commit 6cfed37

File tree

2 files changed

+20
-22
lines changed

2 files changed

+20
-22
lines changed

accel/tcg/tcg-runtime.h

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -335,6 +335,7 @@ DEF_HELPER_FLAGS_5(gvec_bitsel, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, ptr, i32)
335335
DEF_HELPER_FLAGS_1(afl_entry_routine, TCG_CALL_NO_RWG, void, env)
336336
DEF_HELPER_FLAGS_1(afl_persistent_routine, TCG_CALL_NO_RWG, void, env)
337337
DEF_HELPER_FLAGS_1(afl_maybe_log, TCG_CALL_NO_RWG, void, tl)
338+
DEF_HELPER_FLAGS_1(afl_maybe_log_trace, TCG_CALL_NO_RWG, void, tl)
338339
DEF_HELPER_FLAGS_3(afl_compcov_16, TCG_CALL_NO_RWG, void, tl, tl, tl)
339340
DEF_HELPER_FLAGS_3(afl_compcov_32, TCG_CALL_NO_RWG, void, tl, tl, tl)
340341
DEF_HELPER_FLAGS_3(afl_compcov_64, TCG_CALL_NO_RWG, void, tl, tl, tl)

accel/tcg/translate-all.c

Lines changed: 19 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -86,26 +86,18 @@ static int afl_track_unstable_log_fd(void) {
8686
}
8787

8888
void HELPER(afl_maybe_log)(target_ulong cur_loc) {
89+
register uintptr_t afl_idx = cur_loc ^ afl_prev_loc;
8990

90-
/* If we are tracking fuzzing instability in QEMU, then we simply use the
91-
block id when updating the coverage map (rather than combining it with the
92-
id of the previous block. Therefore when afl-fuzz writes the var_bytes
93-
entries in fuzzer_stats, they actually just contain block ids rather than
94-
edge ids. */
95-
if (unlikely(afl_track_unstable_log_fd() > 0)) {
91+
INC_AFL_AREA(afl_idx);
9692

97-
register uintptr_t afl_idx = cur_loc;
98-
INC_AFL_AREA(afl_idx);
99-
100-
} else {
101-
register uintptr_t afl_idx = cur_loc ^ afl_prev_loc;
102-
103-
INC_AFL_AREA(afl_idx);
93+
// afl_prev_loc = ((cur_loc & (MAP_SIZE - 1) >> 1)) |
94+
// ((cur_loc & 1) << ((int)ceil(log2(MAP_SIZE)) -1));
95+
afl_prev_loc = cur_loc >> 1;
96+
}
10497

105-
// afl_prev_loc = ((cur_loc & (MAP_SIZE - 1) >> 1)) |
106-
// ((cur_loc & 1) << ((int)ceil(log2(MAP_SIZE)) -1));
107-
afl_prev_loc = cur_loc >> 1;
108-
}
98+
void HELPER(afl_maybe_log_trace)(target_ulong cur_loc) {
99+
register uintptr_t afl_idx = cur_loc;
100+
INC_AFL_AREA(afl_idx);
109101
}
110102

111103
static target_ulong pc_hash(target_ulong x) {
@@ -141,7 +133,11 @@ static void afl_gen_trace(target_ulong cur_loc) {
141133
if (cur_loc >= afl_inst_rms) return;
142134

143135
TCGv cur_loc_v = tcg_const_tl(cur_loc);
144-
gen_helper_afl_maybe_log(cur_loc_v);
136+
if (unlikely(afl_track_unstable_log_fd() >= 0)) {
137+
gen_helper_afl_maybe_log_trace(cur_loc_v);
138+
} else {
139+
gen_helper_afl_maybe_log(cur_loc_v);
140+
}
145141
tcg_temp_free(cur_loc_v);
146142

147143
}
@@ -2105,10 +2101,11 @@ TranslationBlock *tb_gen_code(CPUState *cpu,
21052101
instruction pointer so that the user can associate these back with the
21062102
actual binary */
21072103
int track_fd = afl_track_unstable_log_fd();
2108-
if (unlikely(track_fd > 0)) {
2109-
uintptr_t block_id = (uintptr_t)(afl_hash_ip((uint64_t)pc));
2110-
block_id &= (MAP_SIZE - 1);
2111-
dprintf(track_fd, "BLOCK ID: 0x%016" PRIx64 ", PC: 0x%016zx-0x%016zx\n", block_id, pc, pc + tb->size);
2104+
if (unlikely(track_fd >= 0)) {
2105+
uintptr_t block_id = (uintptr_t)(afl_hash_ip((uint64_t)pc));
2106+
block_id &= (MAP_SIZE - 1);
2107+
dprintf(track_fd, "BLOCK ID: 0x%016" PRIx64 ", PC: 0x%016zx-0x%016zx\n",
2108+
block_id, pc, pc + tb->size);
21122109
}
21132110

21142111
/* generate machine code */

0 commit comments

Comments
 (0)