--- qemu-2.2.0/cpu-exec.c.orig     2014-12-09 14:45:40.000000000 +0000
+++ qemu-2.2.0/cpu-exec.c  2015-02-20 22:07:02.966000000 +0000
@@ -25,6 +25,8 @@
 #include "sysemu/qtest.h"
 #include "qemu/timer.h"

+#include "afl-qemu-cpu-inl.h"
+
 /* -icount align implementation. */

 typedef struct SyncClocks {
@@ -262,8 +264,11 @@
     }
  not_found:
    /* if no translated code available, then translate it now */
+
     tb = tb_gen_code(cpu, pc, cs_base, flags, 0);

+    AFL_QEMU_CPU_SNIPPET1;
+
  found:
     /* Move the last found TB to the head of the list */
     if (likely(*ptb1)) {
@@ -455,6 +460,9 @@
                     next_tb = 0;
                     tcg_ctx.tb_ctx.tb_invalidated_flag = 0;
                 }
+
+                AFL_QEMU_CPU_SNIPPET2;
+
                 if (qemu_loglevel_mask(CPU_LOG_EXEC)) {
                     qemu_log("Trace %p [" TARGET_FMT_lx "] %s\n",
                              tb->tc_ptr, tb->pc, lookup_symbol(tb->pc));