qemuafl_bb_stdout.diff

diff --git a/accel/tcg/tcg-runtime.h b/accel/tcg/tcg-runtime.h
index 754d54a9a7..229540a4a3 100644
--- a/accel/tcg/tcg-runtime.h
+++ b/accel/tcg/tcg-runtime.h
@@ -355,3 +355,5 @@ DEF_HELPER_FLAGS_2(qasan_store4, TCG_CALL_NO_RWG, void, env, tl)
 DEF_HELPER_FLAGS_2(qasan_store8, TCG_CALL_NO_RWG, void, env, tl)
 DEF_HELPER_FLAGS_1(qasan_shadow_stack_push, TCG_CALL_NO_RWG, void, tl)
 DEF_HELPER_FLAGS_1(qasan_shadow_stack_pop, TCG_CALL_NO_RWG, void, tl)
+
+DEF_HELPER_FLAGS_1(digfuzz_cnt, TCG_CALL_NO_RWG, void, tl)
diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
index 2fa6b0a851..189e8f211f 100644
--- a/accel/tcg/translate-all.c
+++ b/accel/tcg/translate-all.c
@@ -71,6 +71,10 @@
 
 __thread int cur_block_is_good;
 
+void HELPER(digfuzz_cnt)(target_ulong cur_loc) {
+  printf("digfuzz@%lu\n", cur_loc);
+}
+
 void HELPER(afl_maybe_log)(target_ulong cur_loc) {
 
   register uintptr_t afl_idx = cur_loc ^ afl_prev_loc;
@@ -101,6 +105,8 @@ static void afl_gen_trace(target_ulong cur_loc) {
   if (!cur_block_is_good)
     return;
 
+  gen_helper_digfuzz_cnt(tcg_const_tl(cur_loc));
+
   /* Looks like QEMU always maps to fixed locations, so ASLR is not a
      concern. Phew. But instruction addresses may be aligned. Let's mangle
      the value to get something quasi-uniform. */