WorksButNotTested
commented
1 year ago Does QEMU serialize the execution of helpers between threads?
Open WorksButNotTested opened 1 year ago
WorksButNotTested
commented
1 year ago Does QEMU serialize the execution of helpers between threads?
andreafioraldi
commented
1 year ago Does QEMU serialize the execution of helpers between threads?
no, but the helper is native code and so we can use the TLS for prev loc
WorksButNotTested
commented
1 year ago Ah gotcha, so map access is concurrent (and possibly racy if two threads happen to update the same map offset at the same time), but the issue is that each thread should have its own prev_loc (thread local storage) and my TCG code is using the address of prev_loc calculated when the block is compiled and compiled blocks are shared between threads?
So a TCG implementation is possible, (since it can successfully emulate multithreaded apps with TLS), but my implementation is naive and should instead determine the location of the TLS prev_loc at runtime?
WorksButNotTested
commented
1 year ago Fuzzbench results:
https://www.fuzzbench.com/reports/experimental/2023-09-02-aflpp/index.html
aflplusplus_qemu_tcgcov
aflplusplus_qemu
Inlined TCG is not thread safe, that's why the map update is in the helper