Merge pull request #22 from Dil4rd/master

andreafioraldi · web-flow · commit 7a9ff995ffed · 2021-09-29T11:25:52.000+02:00
mips and mips64 support
diff --git a/linux-user/mips/cpu_loop.c b/linux-user/mips/cpu_loop.c
@@ -25,6 +25,9 @@
 #include "internal.h"
 #include "fpu_helper.h"
 
+/* MIPS_PATCH */
+#include "qemuafl/common.h"
+
 # ifdef TARGET_ABI_MIPSO32
 #  define MIPS_SYSCALL_NUMBER_UNUSED -1
 static const int8_t mips_syscall_args[] = {
diff --git a/qemuafl/api.h b/qemuafl/api.h
@@ -3,6 +3,26 @@
 
 #include <stdint.h>
 
+#if defined(TARGET_MIPS64) || defined(TARGET_AARCH64) || defined(TARGET_X86_64)
+# define TARGET_LONG_BITS 64
+#else
+# define TARGET_LONG_BITS 32
+#endif
+
+/* see include/exec/cpu-defs.h */
+#define TARGET_LONG_SIZE (TARGET_LONG_BITS / 8)
+
+#if TARGET_LONG_SIZE == 4
+typedef int32_t target_long;
+typedef uint32_t target_ulong;
+#elif TARGET_LONG_SIZE == 8
+typedef int64_t target_long;
+typedef uint64_t target_ulong;
+#else
+#error TARGET_LONG_SIZE undefined
+#endif
+
+
 struct x86_regs {
 
   uint32_t eax, ebx, ecx, edx, edi, esi, ebp;
@@ -137,4 +157,52 @@ struct arm64_regs {
 
 };
 
+/* MIPS_PATCH */
+#if defined(TARGET_MIPS) || defined(TARGET_MIPS64)
+
+// check standalone usage
+//     if smth in pers hook goes wrong, check constants below with target/mips/cpu.h
+#ifndef MIPS_CPU_H
+#include <stdbool.h>
+#include "../include/fpu/softfloat-types.h"
+
+/* MSA Context */
+#define MSA_WRLEN (128)
+typedef union wr_t wr_t;
+union wr_t {
+    int8_t  b[MSA_WRLEN / 8];
+    int16_t h[MSA_WRLEN / 16];
+    int32_t w[MSA_WRLEN / 32];
+    int64_t d[MSA_WRLEN / 64];
+};
+typedef union fpr_t fpr_t;
+union fpr_t {
+    float64  fd;   /* ieee double precision */
+    float32  fs[2];/* ieee single precision */
+    uint64_t d;    /* binary double fixed-point */
+    uint32_t w[2]; /* binary single fixed-point */
+/* FPU/MSA register mapping is not tested on big-endian hosts. */
+    wr_t     wr;   /* vector data */
+};
+#define MIPS_DSP_ACC 4
+#endif
+
+struct mips_regs {
+  target_ulong r0, at, v0, v1, a0, a1, a2, a3, t0, t1, t2, t3, t4, t5, t6, t7, s0,
+      s1, s2, s3, s4, s5, s6, s7, t8, t9, k0, k1, gp, sp, fp, ra;
+  #if defined(TARGET_MIPS64)
+    /*
+     * For CPUs using 128-bit GPR registers, we put the lower halves in gpr[])
+     * and the upper halves in gpr_hi[].
+     */
+    uint64_t gpr_hi[32];
+  #endif /* TARGET_MIPS64 */
+  target_ulong HI[MIPS_DSP_ACC];
+  target_ulong LO[MIPS_DSP_ACC];
+  target_ulong ACX[MIPS_DSP_ACC];
+  target_ulong PC;
+  fpr_t    fpr[32];
+};
+#endif
+
 #endif
diff --git a/qemuafl/common.h b/qemuafl/common.h
@@ -50,6 +50,9 @@
 #define api_regs arm64_regs
 #elif defined(TARGET_ARM)
 #define api_regs arm_regs
+/* MIPS_PATCH */
+#elif defined(TARGET_MIPS) || defined(TARGET_MIPS64)
+#define api_regs mips_regs
 #else
 struct generic_api_regs { int v; };
 #define api_regs generic_api_regs
@@ -134,7 +137,7 @@ void afl_float_compcov_log_80(target_ulong cur_loc, floatx80 arg1,
 abi_ulong afl_get_brk(void);
 abi_ulong afl_set_brk(abi_ulong new_brk);
 
-#if defined(TARGET_X86_64) || defined(TARGET_I386) || defined(TARGET_AARCH64) || defined(TARGET_ARM)
+#if defined(TARGET_X86_64) || defined(TARGET_I386) || defined(TARGET_AARCH64) || defined(TARGET_ARM) || defined(TARGET_MIPS) || defined(TARGET_MIPS64)
 void afl_save_regs(struct api_regs* regs, CPUArchState* env);
 void afl_restore_regs(struct api_regs* regs, CPUArchState* env);
 #else
diff --git a/qemuafl/qasan-qemu.h b/qemuafl/qasan-qemu.h
@@ -83,6 +83,13 @@ extern __thread struct shadow_stack qasan_shadow_stack;
 #define BP_GET(env) ((env)->aarch64 ? (env)->xregs[29] : (env)->regs[11])
 #define SP_GET(env) ((env)->aarch64 ? (env)->xregs[31] : (env)->regs[13])
 
+/* MIPS_PATCH */
+#elif defined(TARGET_MIPS) || defined(TARGET_MIPS64)
+
+#define PC_GET(env) ((env)->active_tc.PC)
+#define BP_GET(env) ((env)->active_tc.gpr[29])
+#define SP_GET(env) ((env)->active_tc.gpr[30])
+
 #else
 #error "Target not supported by asan-giovese"
 #endif
diff --git a/target/mips/translate.c b/target/mips/translate.c
@@ -39,6 +39,27 @@
 #include "fpu_helper.h"
 #include "translate.h"
 
+/* MIPS_PATCH */
+#include "qemuafl/cpu-translate.h"
+
+/* MIPS_PATCH */
+#define AFL_QEMU_TARGET_MIPS_SNIPPET                                          \
+  if (is_persistent) {                                                        \
+    if (ctx->base.pc_next == afl_persistent_addr) {                           \
+      gen_helper_afl_persistent_routine(cpu_env);                             \
+                                                                              \
+      if (afl_persistent_ret_addr == 0 && !persistent_exits) {                \
+        tcg_gen_movi_tl(cpu_gpr[31], afl_persistent_addr);                    \
+      }                                                                       \
+                                                                              \
+      if (!persistent_save_gpr) afl_gen_tcg_plain_call(&afl_persistent_loop); \
+                                                                              \
+    } else if (afl_persistent_ret_addr &&                                     \
+               ctx->base.pc_next == afl_persistent_ret_addr) {                \
+      gen_goto_tb(ctx, 0, afl_persistent_addr);                               \
+    }                                                                         \
+  }
+
 enum {
     /* indirect opcode tables */
     OPC_SPECIAL  = (0x00 << 26),
@@ -2274,6 +2295,128 @@ static const char * const mxuregnames[] = {
 };
 #endif
 
+/* MIPS_PATCH */
+void afl_save_regs(struct api_regs* r, CPUArchState *env) {
+    int i = 0;
+    int j = 0;
+    /* GP registers saving */
+    r->r0 = env->active_tc.gpr[0];
+    r->at = env->active_tc.gpr[1];
+    r->v0 = env->active_tc.gpr[2];
+    r->v1 = env->active_tc.gpr[3];
+    r->a0 = env->active_tc.gpr[4];
+    r->a1 = env->active_tc.gpr[5];
+    r->a2 = env->active_tc.gpr[6];
+    r->a3 = env->active_tc.gpr[7];
+    r->t0 = env->active_tc.gpr[8];
+    r->t1 = env->active_tc.gpr[9];
+    r->t2 = env->active_tc.gpr[10];
+    r->t3 = env->active_tc.gpr[11];
+    r->t4 = env->active_tc.gpr[12];
+    r->t5 = env->active_tc.gpr[13];
+    r->t6 = env->active_tc.gpr[14];
+    r->t7 = env->active_tc.gpr[15];
+    r->s0 = env->active_tc.gpr[16];
+    r->s1 = env->active_tc.gpr[17];
+    r->s2 = env->active_tc.gpr[18];
+    r->s3 = env->active_tc.gpr[19];
+    r->s4 = env->active_tc.gpr[20];
+    r->s5 = env->active_tc.gpr[21];
+    r->s6 = env->active_tc.gpr[22];
+    r->s7 = env->active_tc.gpr[23];
+    r->t8 = env->active_tc.gpr[24];
+    r->t9 = env->active_tc.gpr[25];
+    r->k0 = env->active_tc.gpr[26];
+    r->k1 = env->active_tc.gpr[27];
+    r->gp = env->active_tc.gpr[28];
+    r->sp = env->active_tc.gpr[29];
+    r->fp = env->active_tc.gpr[30];
+    r->ra = env->active_tc.gpr[31];
+    r->PC = env->active_tc.PC;
+#if defined(TARGET_MIPS64)
+    memcpy(r->gpr_hi, env->active_tc.gpr_hi, sizeof(r->gpr_hi));
+#endif
+    for (i = 0; i < MIPS_DSP_ACC; i++) {
+        r->HI[i] = env->active_tc.HI[i];
+        r->LO[i] = env->active_tc.LO[i];
+    }
+    /* FP registers saving */
+    for (i = 0; i < 32; i++) {
+        r->fpr[i].fd = env->active_fpu.fpr[i].fd;
+        for (j = 0; j < 2; j++) {
+            r->fpr[i].fs[j] = env->active_fpu.fpr[i].fs[j];
+        }
+        r->fpr[i].d = env->active_fpu.fpr[i].d;
+        for (j = 0; j < 2; j++) {
+            r->fpr[i].w[j] = env->active_fpu.fpr[i].w[j];
+        }
+        for (j = 0; j < MSA_WRLEN / 8; j++) {
+            r->fpr[i].wr.b[j] = env->active_fpu.fpr[i].wr.b[j];
+        }
+    }
+}
+
+/* MIPS_PATCH */
+void afl_restore_regs(struct api_regs* r, CPUArchState *env) {
+    int i = 0;
+    int j = 0;
+    /* GP registers restoring */
+    env->active_tc.gpr[0] = r->r0;
+    env->active_tc.gpr[1] = r->at;
+    env->active_tc.gpr[2] = r->v0;
+    env->active_tc.gpr[3] = r->v1;
+    env->active_tc.gpr[4] = r->a0;
+    env->active_tc.gpr[5] = r->a1;
+    env->active_tc.gpr[6] = r->a2;
+    env->active_tc.gpr[7] = r->a3;
+    env->active_tc.gpr[8] = r->t0;
+    env->active_tc.gpr[9] = r->t1;
+    env->active_tc.gpr[10] = r->t2;
+    env->active_tc.gpr[11] = r->t3;
+    env->active_tc.gpr[12] = r->t4;
+    env->active_tc.gpr[13] = r->t5;
+    env->active_tc.gpr[14] = r->t6;
+    env->active_tc.gpr[15] = r->t7;
+    env->active_tc.gpr[16] = r->s0;
+    env->active_tc.gpr[17] = r->s1;
+    env->active_tc.gpr[18] = r->s2;
+    env->active_tc.gpr[19] = r->s3;
+    env->active_tc.gpr[20] = r->s4;
+    env->active_tc.gpr[21] = r->s5;
+    env->active_tc.gpr[22] = r->s6;
+    env->active_tc.gpr[23] = r->s7;
+    env->active_tc.gpr[24] = r->t8;
+    env->active_tc.gpr[25] = r->t9;
+    env->active_tc.gpr[26] = r->k0;
+    env->active_tc.gpr[27] = r->k1;
+    env->active_tc.gpr[28] = r->gp;
+    env->active_tc.gpr[29] = r->sp;
+    env->active_tc.gpr[30] = r->fp;
+    env->active_tc.gpr[31] = r->ra;
+    env->active_tc.PC = r->PC;
+#if defined(TARGET_MIPS64)
+    memcpy(env->active_tc.gpr_hi, r->gpr_hi, sizeof(r->gpr_hi));
+#endif
+    for (i = 0; i < MIPS_DSP_ACC; i++) {
+        env->active_tc.HI[i] = r->HI[i];
+        env->active_tc.LO[i] = r->LO[i];
+    }
+    /* FP registers restoring */
+    for (i = 0; i < 32; i++) {
+        env->active_fpu.fpr[i].fd = r->fpr[i].fd;
+        for (j = 0; j < 2; j++) {
+            env->active_fpu.fpr[i].fs[j] = r->fpr[i].fs[j];
+        }
+        env->active_fpu.fpr[i].d = r->fpr[i].d;
+        for (j = 0; j < 2; j++) {
+            env->active_fpu.fpr[i].w[j] = r->fpr[i].w[j];
+        }
+        for (j = 0; j < MSA_WRLEN / 8; j++) {
+            env->active_fpu.fpr[i].wr.b[j] = r->fpr[i].wr.b[j];
+        }
+    }
+}
+
 /* General purpose registers moves. */
 void gen_load_gpr(TCGv t, int reg)
 {
@@ -29090,6 +29233,9 @@ static void mips_tr_translate_insn(DisasContextBase *dcbase, CPUState *cs)
     int insn_bytes;
     int is_slot;
 
+    /* MIPS_PATCH */
+    AFL_QEMU_TARGET_MIPS_SNIPPET
+
     is_slot = ctx->hflags & MIPS_HFLAG_BMASK;
     if (ctx->insn_flags & ISA_NANOMIPS32) {
         ctx->opcode = translator_lduw(env, ctx->base.pc_next);
