* Fix watchpoint leak in ARM
* Builds fuzz targets with sanitizer support
* Builds fuzz targets with directory driver
* Adds script to dowlonad public corpus
* Adds CIfuzz
To checks Pull Requests with fuzzing
* Use static library for fuzz targets
* Less verbose logs for fuzz driver directory
* fix finding python path which only has python3.
* fix#1246, arm host issue.
* skip assembler tests on non-x86 host.
* update macro of dummy value.
* fix MSVC macro.
* update dummy array value macro.
* restore to original qemu code.
* Handle the cpu context save in a more pythonic way, so the context can be serialized and reuse in an other process using the same emulator architecture and modes
* Fix type error ; mistakes a size_t uint64_t ; breaks in 32bit...
* Fix the UAF situation when deleting a hook while being in a hook callback. Added an attribute 'to_delete' to hooks, and a list hooks_to_del to delay the free of the hooks
* Minor fixes ; forgot return type of clear_deleted_hooks ; do not declare variable in for predicate
This change removes the check for stop requests from the hook loop
macro.
Requests to stop emulation (uc_emu_stop) should only affect whether
the emulation stops. This isn't the case at present for the invocation
of hooks. If emulation is requested to be stopped (which is indicated
by `uc->stop_request`), the hooks will skip all execution. This means
that when the emulation stop is requested, some expected operations
may not occur before the emulation exits - leaving the system in an
inconsistent or broken state.
This is particularly obvious in the case where a CPU interrupt is
required, and a hook has been registered for such cases. The expected
operation is that the hook be called, and no CPU exception be raised
(because the hook has handled it). However, because of the short-cut
in the case where the `uc_emu_stop` function has been called out of
band (eg on another thread), this hook would not be called. In such
cases the execution would terminate with an error that an 'unhandled
CPU exception' occurred, and the hook would never have been called.
This probably affects other parts of the system, such as hooks which
handle remapping of memory on demand (UC_HOOK_MEM_READ_UNMAPPED and
friends) where the remap would not happen and instead an error about
the unmapped memory would be raised.
In all cases, it makes sense that execution continue normally until
the outer loop which controls the execution determines that the
emulation should stop. This will mean that for any given sequence of
events all the emulation operations are completed deterministically
regardless of when the stop request was received.
* x86: setup FS & GS base
* Fixed base register writes for x64, removed then for x16/x32 (the don't exist there?)
* FS reg comes before GS so the base regs do so, too
* added shebang to const_generator.py
* Added base regs to and added 'all' support to const_generator
Co-authored-by: naq <aquynh@gmail.com>
Ensure the TCG exit flag is cleared at the end of cpu_exec. This ensures
that subsequent calls are not polluted by the prior call to request an
early exit. The symptoms of the problem being addressed here are that
after a cpu_exit call triggered within a hook there may still be a
pending tcg_exit_req flag set. This then causes a block to start its
execution and then be aborted (from which point it'll continue because
there's no other condition to service). The start of the execution
causes the block hook to be called, no actual code to be run, and then
the block started again with another block hook call.
This change is discussed in ticket 1193:
https://github.com/unicorn-engine/unicorn/issues/1193
Nguyen Anh Quynh