Remove unused and duplicate code

Author: andreafioraldi

accel/tcg/cpu-exec.c

@@ -715,16 +715,14 @@ static inline void cpu_handle_debug_exception(CPUState *cpu)
 
 //// --- Begin LibAFL code ---
 
-void libafl_sync_exit_cpu(void);
+#include "libafl_extras/exit.h"
 
 //// --- End LibAFL code ---
 
 static inline bool cpu_handle_exception(CPUState *cpu, int *ret)
 {
     //// --- Begin LibAFL code ---
 
-#define EXCP_LIBAFL_EXIT 0xf4775747
-
     if (cpu->exception_index == EXCP_LIBAFL_EXIT) {
         *ret = cpu->exception_index;
         cpu->exception_index = -1;
@@ -992,8 +990,6 @@ TranslationBlock *libafl_gen_edge(CPUState *cpu, target_ulong src_block,
                                   target_ulong dst_block, int exit_n, target_ulong cs_base,
                                   uint32_t flags, int cflags);
 
-extern __thread int libafl_valid_current_cpu;
-
 //// --- End LibAFL code ---
 
 /* main execution loop */
@@ -1102,6 +1098,8 @@ cpu_exec_loop(CPUState *cpu, SyncClocks *sc)
             }
 
             if (has_libafl_edge) {
+                // execute the edge to make sure to log it the first execution
+                // the edge will then jump to the translated block
                 cpu_loop_exec_tb(cpu, edge, last_tb_pc, &last_tb, &tb_exit, &last_tb_pc);
             } else {
                 cpu_loop_exec_tb(cpu, tb, pc, &last_tb, &tb_exit, &last_tb_pc);
@@ -1135,12 +1133,6 @@ int cpu_exec(CPUState *cpu)
     /* replay_interrupt may need current_cpu */
     current_cpu = cpu;
 
-//// --- Begin LibAFL code ---
-
-    libafl_valid_current_cpu = 1;
-
-//// --- End LibAFL code ---
-
     if (cpu_handle_halt(cpu)) {
         return EXCP_HALTED;
     }

accel/tcg/tcg-runtime.c

@@ -132,14 +132,6 @@ void libafl_load_qemu_snapshot(char *name, bool sync)
 
 #endif
 
-#define EXCP_LIBAFL_EXIT 0xf4775747
-
-#ifdef CONFIG_USER_ONLY
-extern __thread int libafl_qemu_break_asap;
-#else
-extern int libafl_qemu_break_asap;
-#endif
-
 void HELPER(libafl_qemu_handle_breakpoint)(CPUArchState *env, uint64_t pc)
 {
     CPUState* cpu = env_cpu(env);

cpu-target.c

@@ -72,8 +72,6 @@ struct libafl_hook {
 struct libafl_hook* libafl_qemu_hooks[LIBAFL_TABLES_SIZE];
 size_t libafl_qemu_hooks_num = 0;
 
-__thread int libafl_valid_current_cpu = 0;
-
 static __thread GByteArray *libafl_qemu_mem_buf = NULL;
 
 target_ulong libafl_page_from_addr(target_ulong addr);

libafl_extras/exit.c

@@ -3,54 +3,49 @@
 #include "sysemu/runstate.h"
 #include "cpu.h"
 
-// TODO: merge with definition in tcg-runtime.c
-#define EXCP_LIBAFL_EXIT 0xf4775747
-
 #ifdef CONFIG_USER_ONLY
-__thread int libafl_qemu_break_asap = 0;
-__thread CPUState* libafl_breakpoint_cpu;
-__thread vaddr libafl_breakpoint_pc;
-static __thread struct libafl_exit_reason last_exit_reason;
+#define THREAD_MODIFIER __thread
 #else
-static struct libafl_exit_reason last_exit_reason;
+#define THREAD_MODIFIER
 #endif
 
+static THREAD_MODIFIER struct libafl_exit_reason last_exit_reason;
+static THREAD_MODIFIER bool expected_exit = false;
+
 #if defined(TARGET_ARM) && !defined(TARGET_AARCH64)
-#define THUMB_MASK(value) (value | cpu_env(libafl_breakpoint_cpu)->thumb)
+#define THUMB_MASK(cpu, value) (value | cpu_env(cpu)->thumb)
 #else
-#define THUMB_MASK(value) value
+#define THUMB_MASK(cpu, value) value
 #endif
 
-static bool expected_exit = false;
-
+// called before exiting the cpu exec with the custom exception
 void libafl_sync_exit_cpu(void)
 {
     if (last_exit_reason.next_pc) {
         CPUClass* cc = CPU_GET_CLASS(last_exit_reason.cpu);
-        cc->set_pc(last_exit_reason.cpu, THUMB_MASK(last_exit_reason.next_pc));
+        cc->set_pc(last_exit_reason.cpu, THUMB_MASK(last_exit_reason.cpu, last_exit_reason.next_pc));
     }
     last_exit_reason.next_pc = 0;
 }
 
-bool libafl_exit_asap(void){
-    return last_exit_reason.exit_asap;
+bool libafl_exit_asap(void) {
+    return expected_exit;
 }
 
-static void prepare_qemu_exit(CPUState* cpu, ulong next_pc)
+static void prepare_qemu_exit(CPUState* cpu, target_ulong next_pc)
 {
     expected_exit = true;
     last_exit_reason.cpu = cpu;
     last_exit_reason.next_pc = next_pc;
 
 #ifndef CONFIG_USER_ONLY
     qemu_system_debug_request();
-    cpu->stopped = true;
+    cpu->stopped = true; // TODO check if still needed
 #endif
+    // in usermode, this may be called from the syscall hook, thus already out of the cpu_exec but still in the cpu_loop
     if (cpu->running) {
         cpu->exception_index = EXCP_LIBAFL_EXIT;
         cpu_loop_exit(cpu);
-    } else {
-        last_exit_reason.exit_asap = 1;
     }
 }
 

libafl_extras/exit.h

@@ -3,6 +3,8 @@
 #include "qemu/osdep.h"
 #include "exec/cpu-defs.h"
 
+#define EXCP_LIBAFL_EXIT 0xf4775747
+
 enum libafl_exit_reason_kind {
     BREAKPOINT = 0,
     SYNC_BACKDOOR = 1
@@ -18,7 +20,6 @@ struct libafl_exit_reason {
     enum libafl_exit_reason_kind kind;
     CPUState* cpu; // CPU that triggered an exit.
     vaddr next_pc; // The PC that should be stored in the CPU when re-entering.
-    int exit_asap; // TODO: add a field to CPU
     union {
         struct libafl_exit_reason_breakpoint breakpoint; // kind == BREAKPOINT
         struct libafl_exit_reason_sync_backdoor backdoor; // kind == SYNC_BACKDOOR

linux-user/aarch64/cpu_loop.c

@@ -82,11 +82,17 @@ void cpu_loop(CPUARMState *env)
     int trapnr, ec, fsc, si_code, si_signo;
     abi_long ret;
 
+//// --- Begin LibAFL code ---
+
+    libafl_exit_signal_vm_start();
+
+//// --- End LibAFL code ---
+
     for (;;) {
 
 //// --- Begin LibAFL code ---
 
-        if (libafl_qemu_break_asap) return;
+        if (libafl_exit_asap()) return;
 
 //// --- End LibAFL code ---
 
@@ -99,8 +105,6 @@ void cpu_loop(CPUARMState *env)
 
 //// --- Begin LibAFL code ---
 
-#define EXCP_LIBAFL_EXIT 0xf4775747
-
         case EXCP_LIBAFL_EXIT:
             return;
 

linux-user/arm/cpu_loop.c

@@ -323,11 +323,17 @@ void cpu_loop(CPUARMState *env)
     unsigned int n, insn;
     abi_ulong ret;
 
+//// --- Begin LibAFL code ---
+
+    libafl_exit_signal_vm_start();
+
+//// --- End LibAFL code ---
+
     for(;;) {
 
 //// --- Begin LibAFL code ---
 
-        if (libafl_qemu_break_asap) return;
+        if (libafl_exit_asap()) return;
 
 //// --- End LibAFL code ---
 
@@ -340,8 +346,6 @@ void cpu_loop(CPUARMState *env)
 
 //// --- Begin LibAFL code ---
 
-#define EXCP_LIBAFL_EXIT 0xf4775747
-
         case EXCP_LIBAFL_EXIT:
             return;
 

linux-user/cpu_loop-common.h

@@ -25,7 +25,7 @@
 
 //// --- Begin LibAFL code ---
 
-extern __thread int libafl_qemu_break_asap;
+#include "libafl_extras/exit.h"
 
 //// --- End LibAFL code ---
 

linux-user/hexagon/cpu_loop.c

@@ -32,11 +32,17 @@ void cpu_loop(CPUHexagonState *env)
     target_ulong syscallnum;
     target_ulong ret;
 
+//// --- Begin LibAFL code ---
+
+    libafl_exit_signal_vm_start();
+
+//// --- End LibAFL code ---
+
     for (;;) {
 
 //// --- Begin LibAFL code ---
 
-        if (libafl_qemu_break_asap) return;
+        if (libafl_exit_asap()) return;
 
 //// --- End LibAFL code ---
 
@@ -49,8 +55,6 @@ void cpu_loop(CPUHexagonState *env)
 
 //// --- Begin LibAFL code ---
 
-#define EXCP_LIBAFL_EXIT 0xf4775747
-
         case EXCP_LIBAFL_EXIT:
             return;
 

linux-user/i386/cpu_loop.c

@@ -209,6 +209,12 @@ void cpu_loop(CPUX86State *env)
     int trapnr;
     abi_ulong ret;
 
+//// --- Begin LibAFL code ---
+
+    libafl_exit_signal_vm_start();
+
+//// --- End LibAFL code ---
+
     for(;;) {
 
 //// --- Begin LibAFL code ---
@@ -226,8 +232,6 @@ void cpu_loop(CPUX86State *env)
 
 //// --- Begin LibAFL code ---
 
-#define EXCP_LIBAFL_EXIT 0xf4775747
-
         case EXCP_LIBAFL_EXIT:
             return;