diff --git a/src/experiments/checksum-oostubs/campaign.cc b/src/experiments/checksum-oostubs/campaign.cc index a280d3fb..b5c85b74 100644 --- a/src/experiments/checksum-oostubs/campaign.cc +++ b/src/experiments/checksum-oostubs/campaign.cc @@ -3,6 +3,8 @@ #include #include +#include + #include "campaign.hpp" #include "experimentInfo.hpp" #include "cpn/CampaignManager.hpp" @@ -13,12 +15,12 @@ #include "ecc_region.hpp" #include "../plugins/tracing/TracingPlugin.hpp" -char const * const trace_filename = "trace.pb"; using namespace std; using namespace fail; -char const * const results_csv = "chksumoostubs.csv"; +char const * const trace_filename = "trace.pb"; +char const * const results_filename = "chksumoostubs.csv"; // equivalence class type: addr, [i1, i2] // addr: byte to inject a bit-flip into @@ -34,19 +36,18 @@ bool ChecksumOOStuBSCampaign::run() { Logger log("ChecksumOOStuBS Campaign"); - ifstream test(results_csv); - if (test.is_open()) { - log << results_csv << " already exists" << endl; - return false; - } - ofstream results(results_csv); + // non-destructive: due to the CSV header we can always manually recover + // from an accident (append mode) + ofstream results(results_filename, ios::out | ios::app); if (!results.is_open()) { - log << "failed to open " << results_csv << endl; + log << "failed to open " << results_filename << endl; return false; } log << "startup" << endl; + boost::timer t; + // load trace ifstream tracef(trace_filename); if (tracef.fail()) { @@ -76,6 +77,7 @@ bool ChecksumOOStuBSCampaign::run() int count = 0; // XXX do it the other way around: iterate over trace, search addresses + // -> one "open" EC for every address // for every injection address ... for (MemoryMap::iterator it = mm.begin(); it != mm.end(); ++it) { cerr << "."; @@ -89,7 +91,7 @@ bool ChecksumOOStuBSCampaign::run() // for every section in the trace between subsequent memory // accesses to that address ... // XXX reorganizing the trace for efficient seeks could speed this up - while(ps.getNext(&ev)) { + while(ps.getNext(&ev) && instr < OOSTUBS_NUMINSTR) { //XXX: not sure if (instr < OOSTUBS_NUMINSTR) is really needed --chb // instruction events just get counted if (!ev.has_memaddr()) { // new instruction @@ -98,7 +100,9 @@ bool ChecksumOOStuBSCampaign::run() continue; // skip accesses to other data - } else if (ev.memaddr() != data_address) { + // FIXME again, do it the other way around, and use mm.isMatching()! + } else if (ev.memaddr() + ev.width() <= data_address + || ev.memaddr() > data_address) { continue; // skip zero-sized intervals: these can @@ -124,22 +128,19 @@ bool ChecksumOOStuBSCampaign::run() // completely ecs_need_experiment.push_back(current_ec); - // instantly enqueue jobs: that way the job clients can already + // instantly enqueue job: that way the job clients can already // start working in parallel - for (int bitnr = 0; bitnr < 8; ++bitnr) { - ChecksumOOStuBSExperimentData *d = new ChecksumOOStuBSExperimentData; - // we pick the rightmost instruction in that interval - d->msg.set_instr_offset(current_ec.instr2); - d->msg.set_instr_address(current_ec.instr2_absolute); - d->msg.set_mem_addr(current_ec.data_address); - d->msg.set_bit_offset(bitnr); + ChecksumOOStuBSExperimentData *d = new ChecksumOOStuBSExperimentData; + // we pick the rightmost instruction in that interval + d->msg.set_instr_offset(current_ec.instr2); + d->msg.set_instr_address(current_ec.instr2_absolute); + d->msg.set_mem_addr(current_ec.data_address); - // store index into ecs_need_experiment - experiment_ecs[d] = ecs_need_experiment.size() - 1; + // store index into ecs_need_experiment + experiment_ecs[d] = ecs_need_experiment.size() - 1; - campaignmanager.addParam(d); - ++count; - } + campaignmanager.addParam(d); + ++count; } else if (ev.accesstype() == ev.WRITE) { // a sequence ending with WRITE: an // injection anywhere here would have @@ -164,13 +165,14 @@ bool ChecksumOOStuBSCampaign::run() // result comparable to the non-pruned campaign. // XXX still true for checksum-oostubs? current_ec.instr2 = instr - 1; - current_ec.instr2_absolute = 0; // won't be used + current_ec.instr2_absolute = 0; // unknown current_ec.data_address = data_address; // zero-sized? skip. if (current_ec.instr1 > current_ec.instr2) { continue; } // as the experiment ends, this byte is a "don't care": + // TODO: still true for checksum-oostubs? compare to weathermonitor! ecs_no_effect.push_back(current_ec); } @@ -195,7 +197,7 @@ bool ChecksumOOStuBSCampaign::run() " experiments to " << ecs_need_experiment.size() * 8 << endl; // CSV header - results << "ec_instr1\tec_instr2\tec_instr2_absolute\tec_data_address\tbitnr\tresulttype\tresult0\tresult1\tresult2\tfinish_reached\tlatest_ip\terror_corrected\tdetails" << endl; + results << "ec_instr1\tec_instr2\tec_instr2_absolute\tec_data_address\tbitnr\tbit_width\tresulttype\tresult0\tresult1\tresult2\tfinish_reached\tlatest_ip\terror_corrected\tdetails" << endl; // store no-effect "experiment" results for (vector::const_iterator it = ecs_no_effect.begin(); @@ -205,11 +207,12 @@ bool ChecksumOOStuBSCampaign::run() << (*it).instr2 << "\t" << (*it).instr2_absolute << "\t" // incorrect in all but one case! << (*it).data_address << "\t" + << "0\t" // this entry starts at bit 0 ... + << "8\t" // ... and is 8 bits wide + << "1\t" + << "99\t99\t99\t" // dummy value: we didn't do any real experiments + << "1\t" << "99\t" // dummy value: we didn't do any real experiments - << "1\t" - << "99\t99\t99\t" - << "1\t" - << "99\t" << "0\t\n"; } @@ -230,29 +233,43 @@ bool ChecksumOOStuBSCampaign::run() // sanity check if (ec.instr2 != res->msg.instr_offset()) { - results << "WTF" << endl; - log << "WTF" << endl; - //delete res; // currently racy if jobs are reassigned + results << "ec.instr2 != instr_offset" << endl; + log << "ec.instr2 != instr_offset" << endl; + } + if (res->msg.result_size() != 8) { + results << "result_size " << res->msg.result_size() + << " instr2 " << ec.instr2 + << " data_address " << ec.data_address << endl; + log << "result_size " << res->msg.result_size() << endl; } - results - << ec.instr1 << "\t" - << ec.instr2 << "\t" - << ec.instr2_absolute << "\t" // incorrect in all but one case! - << ec.data_address << "\t" - << res->msg.bit_offset() << "\t" - << res->msg.resulttype() << "\t" - << res->msg.resultdata(0) << "\t" - << res->msg.resultdata(1) << "\t" - << res->msg.resultdata(2) << "\t" - << res->msg.finish_reached() << "\t" - << res->msg.latest_ip() << "\t" - << res->msg.error_corrected() << "\t" - << res->msg.details() << "\n"; + // one job contains 8 experiments + for (int idx = 0; idx < res->msg.result_size(); ++idx) { + //results << "ec_instr1\tec_instr2\tec_instr2_absolute\tec_data_address\tbitnr\tbit_width\tresulttype\tresult0\tresult1\tresult2\tfinish_reached\tlatest_ip\terror_corrected\tdetails" << endl; + results + // repeated for all single experiments: + << ec.instr1 << "\t" + << ec.instr2 << "\t" + << ec.instr2_absolute << "\t" + << ec.data_address << "\t" + // individual results: + << res->msg.result(idx).bit_offset() << "\t" + << "1\t" // 1 bit wide + << res->msg.result(idx).resulttype() << "\t" + << res->msg.result(idx).resultdata(0) << "\t" + << res->msg.result(idx).resultdata(1) << "\t" + << res->msg.result(idx).resultdata(2) << "\t" + << res->msg.result(idx).finish_reached() << "\t" + << res->msg.result(idx).latest_ip() << "\t" + << res->msg.result(idx).error_corrected() << "\t" + << res->msg.result(idx).details() << "\n"; + } //delete res; // currently racy if jobs are reassigned + } - log << "done. sent " << count << " received " << rescount << endl; results.close(); + log << "done. sent " << count << " received " << rescount << endl; + log << "elapsed: " << t.elapsed() << "s" << endl; return true; } diff --git a/src/experiments/checksum-oostubs/checksum-oostubs.proto b/src/experiments/checksum-oostubs/checksum-oostubs.proto index b94dc470..c57f3857 100644 --- a/src/experiments/checksum-oostubs/checksum-oostubs.proto +++ b/src/experiments/checksum-oostubs/checksum-oostubs.proto @@ -1,42 +1,54 @@ message OOStuBSProtoMsg { // Input: experiment parameters + // (client executes 8 experiments, one for each bit at mem_addr) + + // FI at #instructions from experiment start required int32 instr_offset = 1; + // the exact IP value at this point in time (from golden run) optional int32 instr_address = 2; // for sanity checks + // address of the byte to inject bit-flips required int32 mem_addr = 3; - required int32 bit_offset = 4; // ---------------------------------------------------- // Output: experiment results - // (make these optional to reduce overhead for server->client communication) - // instruction pointer where injection was done - optional uint32 injection_ip = 5; + // IP where we did the injection: for debugging purposes, must be identical + // to instr_address + optional int32 injection_ip = 4; - // result type: - // FINISHED = planned number of instructions were executed - // TRAP = premature guest "crash" - enum ResultType { - FINISHED = 1; - TRAP = 2; - HALT = 3; - UNKNOWN = 4; + repeated group Result = 5 { + // single experiment bit offset + required int32 bit_offset = 1; + + // result type: + // FINISHED = planned number of instructions were executed + // TRAP = premature guest "crash" + // OUTSIDE = IP left text segment + enum ResultType { + FINISHED = 1; + TRAP = 2; + OUTSIDE = 3; + DETECTED = 4; + TIMEOUT = 5; + UNKNOWN = 6; + } + required ResultType resulttype = 2; + + // especially interesting for TRAP/UNKNOWN: latest IP + required uint32 latest_ip = 3; + + // result details: + // resultdata = result[0-2] + repeated uint32 resultdata = 4 [packed=true]; + + // was finish() ever reached? + optional bool finish_reached = 5; + + // did ECC correct the fault? + optional int32 error_corrected = 6; + + // optional textual description of what happened + optional string details = 7; } - optional ResultType resulttype = 6; - - // result details: - // resultdata = result[0-2] - repeated uint32 resultdata = 7 [packed=true]; - - // was finish() ever reached? - optional bool finish_reached = 8; - - // especially interesting for TRAP/ UNKNOWN: latest IP - optional uint32 latest_ip = 9; - - // did ECC correct the fault? - optional int32 error_corrected = 10; - - // optional textual description of what happened - optional string details = 11; } diff --git a/src/experiments/checksum-oostubs/ecc_region.hpp b/src/experiments/checksum-oostubs/ecc_region.hpp index 93957b34..912c2b39 100644 --- a/src/experiments/checksum-oostubs/ecc_region.hpp +++ b/src/experiments/checksum-oostubs/ecc_region.hpp @@ -1,74 +1,41 @@ // generated from STEP 0 output with region2array.sh static const unsigned memoryMap[][2] = { -{0x10b338, 89}, -{0x10b394, 89}, -{0x10b3f0, 89}, -{0x10b44c, 13}, -{0x10b45c, 13}, -{0x10c408, 4}, -{0x10c410, 4}, -{0x10c448, 4}, -{0x10c4e4, 256}, -{0x10c5f8, 4}, -{0x10c604, 4}, -{0x10c608, 4}, -{0x10c61c, 1}, -{0x10c63c, 1}, -{0x10c648, 1}, -{0x10c649, 1}, -{0x10c64a, 1}, -{0x10c64b, 1}, -{0x10c64c, 1}, -{0x10c651, 1}, -{0x10c654, 4}, -{0x10c65c, 4}, -{0x10c668, 1}, -{0x10c668, 1}, -{0x10c668, 1}, -{0x10c669, 1}, -{0x10c669, 1}, -{0x10c669, 1}, -{0x10c66a, 1}, -{0x10c66a, 1}, -{0x10c66a, 1}, -{0x10c66f, 1}, -{0x10c670, 1}, -{0x10c671, 1}, -{0x10c67c, 4}, -{0x10c680, 4}, -{0x10c688, 4}, -{0x10c698, 4}, -{0x10c6a4, 4}, -{0x10c6a8, 4}, -{0x10c6b0, 1}, -{0x10c6b8, 4}, -{0x10c6bc, 4}, -{0x10d6c4, 4}, -{0x10d6cc, 4}, -{0x10d6d4, 4}, -{0x10d6dc, 4}, -{0x10d6f4, 4}, -{0x10d6fc, 4}, -{0x10d70c, 1}, -{0x10d720, 4}, -{0x10d724, 4}, -{0x10d734, 4}, -{0x10d739, 1}, -{0x10d740, 4}, -{0x10d744, 4}, -{0x10d754, 4}, -{0x10d759, 1}, -{0x10d760, 4}, -{0x10d764, 4}, -{0x10d774, 4}, -{0x10d779, 1}, -{0x10d780, 4}, -{0x10d784, 4}, -{0x10d78c, 4}, -{0x110618, 4}, -{0x110620, 4}, -{0x110644, 4}, -{0x11064c, 4}, -{0x110670, 4}, -{0x110678, 4}, +{0x107d18, 4}, +{0x107d4c, 4}, +{0x107d50, 4}, +{0x107d5c, 4}, +{0x107d68, 4}, +{0x107d6c, 4}, +{0x107d74, 1}, +{0x107d80, 1}, +{0x107da4, 4}, +{0x107da8, 4}, +{0x107db0, 4}, +{0x107dc4, 1}, +{0x107dd0, 4}, +{0x107de0, 4}, +{0x107dec, 4}, +{0x107df0, 4}, +{0x108f7c, 1}, +{0x108fa0, 4}, +{0x108fa4, 4}, +{0x108fac, 4}, +{0x108fb8, 4}, +{0x108fbc, 4}, +{0x108fcc, 4}, +{0x108fd1, 1}, +{0x108fd8, 4}, +{0x108fdc, 4}, +{0x108fec, 4}, +{0x108ff1, 1}, +{0x108ff8, 4}, +{0x108ffc, 4}, +{0x10900c, 4}, +{0x109011, 1}, +{0x10beb0, 4}, +{0x10beb8, 4}, +{0x10bedc, 4}, +{0x10bee4, 4}, +{0x10bf08, 4}, +{0x10bf10, 4}, }; diff --git a/src/experiments/checksum-oostubs/experiment.cc b/src/experiments/checksum-oostubs/experiment.cc index 81619206..1387bd83 100644 --- a/src/experiments/checksum-oostubs/experiment.cc +++ b/src/experiments/checksum-oostubs/experiment.cc @@ -13,6 +13,7 @@ #include "sal/SALInst.hpp" #include "sal/Memory.hpp" #include "sal/bochs/BochsRegister.hpp" +//#include "sal/bochs/BochsEvents.hpp" #include "sal/Event.hpp" // You need to have the tracing plugin enabled for this @@ -37,7 +38,7 @@ bool ChecksumOOStuBSExperiment::run() log << "startup" << endl; -#if 1 +#if 0 // STEP 0: record memory map with addresses of "interesting" objects GuestEvent g; while (true) { @@ -54,7 +55,7 @@ bool ChecksumOOStuBSExperiment::run() simulator.save(statename); assert(bp.getTriggerInstructionPointer() == OOSTUBS_FUNC_ENTRY); assert(simulator.getRegisterManager().getInstructionPointer() == OOSTUBS_FUNC_ENTRY); -#elif 1 +#elif 0 // STEP 2: record trace for fault-space pruning log << "restoring state" << endl; simulator.restore(statename); @@ -79,18 +80,32 @@ bool ChecksumOOStuBSExperiment::run() // this must be done *after* configuring the plugin: simulator.addFlow(&tp); +#if 1 + // trace WEATHER_NUMITER_TRACING measurement loop iterations + // -> calibration + bp.setWatchInstructionPointer(OOSTUBS_FUNC_FINISH); + //bp.setCounter(WEATHER_NUMITER_TRACING); // single event, only +#else + // FIXME this doesn't work properly: trace is one instruction too short as + // tp is removed before all events were delivered + // trace WEATHER_NUMINSTR_TRACING instructions + // -> campaign-ready traces with identical lengths bp.setWatchInstructionPointer(ANY_ADDR); bp.setCounter(OOSTUBS_NUMINSTR); +#endif simulator.addEvent(&bp); - BPSingleEvent func_finish(OOSTUBS_FUNC_FINISH); - simulator.addEvent(&func_finish); + BPSingleEvent ev_count(ANY_ADDR); + simulator.addEvent(&ev_count); - if (simulator.waitAny() == &func_finish) { - log << "experiment reached finish()" << endl; - // FIXME add instruction counter to SimulatorController - simulator.waitAny(); + // count instructions + // FIXME add SAL functionality for this? + int instr_counter = 0; + while (simulator.waitAny() == &ev_count) { + ++instr_counter; + simulator.addEvent(&ev_count); } - log << "experiment finished after " << dec << OOSTUBS_NUMINSTR << " instructions" << endl; + + log << dec << "tracing finished after " << instr_counter << endl; uint32_t results[OOSTUBS_RESULTS_BYTES / sizeof(uint32_t)]; simulator.getMemoryManager().getBytes(OOSTUBS_RESULTS_ADDR, sizeof(results), results); @@ -110,172 +125,205 @@ bool ChecksumOOStuBSExperiment::run() log << "trace written to " << tracefile << endl; #elif 1 - // FIXME consider moving experiment repetition into Fail* or even the - // SAL -- whether and how this is possible with the chosen backend is - // backend specific - while (true) { - // STEP 3: The actual experiment. - log << "restoring state" << endl; - simulator.restore(statename); +#if !LOCAL + for (int i = 0; i < 400; ++i) { // more than 400 will be very slow (500 is max) +#endif // get an experiment parameter set log << "asking job server for experiment parameters" << endl; ChecksumOOStuBSExperimentData param; +#if !LOCAL if (!m_jc.getParam(param)) { log << "Dying." << endl; // communicate that we were told to die simulator.terminate(1); } -/* +#else // XXX debug - param.msg.set_instr_offset(2576034); - param.msg.set_instr_address(1066640); - param.msg.set_mem_addr(1099428); - param.msg.set_bit_offset(4); -*/ - + param.msg.set_instr_offset(1000); + //param.msg.set_instr_address(12345); + param.msg.set_mem_addr(0x00103bdc); +#endif + int id = param.getWorkloadID(); int instr_offset = param.msg.instr_offset(); int mem_addr = param.msg.mem_addr(); - int bit_offset = param.msg.bit_offset(); - log << "job " << id << " instr " << instr_offset << " mem " << mem_addr << "+" << bit_offset << endl; - // XXX debug - stringstream fname; - fname << "job." << ::getpid(); - ofstream job(fname.str().c_str()); - job << "job " << id << " instr " << instr_offset << " (" << param.msg.instr_address() << ") mem " << mem_addr << "+" << bit_offset << endl; - job.close(); + // for each job we're actually doing *8* experiments (one for each bit) + for (int bit_offset = 0; bit_offset < 8; ++bit_offset) { + // 8 results in one job + OOStuBSProtoMsg_Result *result = param.msg.add_result(); + result->set_bit_offset(bit_offset); + log << dec << "job " << id << " instr " << instr_offset + << " mem " << mem_addr << "+" << bit_offset << endl; - // reaching finish() could happen before OR after FI - BPSingleEvent func_finish(OOSTUBS_FUNC_FINISH); - simulator.addEvent(&func_finish); - bool finish_reached = false; - - // no need to wait if offset is 0 - if (instr_offset > 0) { - // XXX test this with coolchecksum first (or reassure with sanity checks) - // XXX could be improved with intermediate states (reducing runtime until injection) - bp.setWatchInstructionPointer(ANY_ADDR); - bp.setCounter(instr_offset); - simulator.addEvent(&bp); - - // finish() before FI? - if (simulator.waitAny() == &func_finish) { - finish_reached = true; - log << "experiment reached finish() before FI" << endl; - - // wait for bp - simulator.waitAny(); - } - } - - // --- fault injection --- - MemoryManager& mm = simulator.getMemoryManager(); - byte_t data = mm.getByte(mem_addr); - byte_t newdata = data ^ (1 << bit_offset); - mm.setByte(mem_addr, newdata); - // note at what IP we did it - int32_t injection_ip = simulator.getRegisterManager().getInstructionPointer(); - param.msg.set_injection_ip(injection_ip); - log << "fault injected @ ip " << injection_ip - << " 0x" << hex << ((int)data) << " -> 0x" << ((int)newdata) << endl; - // sanity check - if (param.msg.has_instr_address() && - injection_ip != param.msg.instr_address()) { - stringstream ss; - ss << "SANITY CHECK FAILED: " << injection_ip - << " != " << param.msg.instr_address(); - log << ss.str() << endl; - param.msg.set_resulttype(param.msg.UNKNOWN); - param.msg.set_latest_ip(injection_ip); - param.msg.set_details(ss.str()); - - simulator.clearEvents(); - m_jc.sendResult(param); - continue; - } - - // --- aftermath --- - // four possible outcomes: - // - guest causes a trap, "crashes" - // - guest reaches a "weird" state, stops with CLI+HLT ("panic") - // - guest runs OOSTUBS_NUMINSTR+OOSTUBS_RECOVERYINSTR instructions but - // never reaches finish() - // - guest reaches finish() within OOSTUBS_NUMINSTR+OOSTUBS_RECOVERYINSTR - // instructions with - // * a wrong result[0-2] - // * a correct result[0-2] - - // catch traps as "extraordinary" ending - TrapEvent ev_trap(ANY_TRAP); - simulator.addEvent(&ev_trap); - // OOStuBS' way to terminally halt (CLI+HLT) - BPSingleEvent ev_halt(OOSTUBS_FUNC_CPU_HALT); - simulator.addEvent(&ev_halt); - // remaining instructions until "normal" ending - BPSingleEvent ev_done(ANY_ADDR); - ev_done.setCounter(OOSTUBS_NUMINSTR + OOSTUBS_RECOVERYINSTR - instr_offset); - simulator.addEvent(&ev_done); + log << "restoring state" << endl; + simulator.restore(statename); + // XXX debug /* - // XXX debug - log << "enabling tracing" << endl; - TracingPlugin tp; - tp.setLogIPOnly(true); - tp.setOstream(&cout); - // this must be done *after* configuring the plugin: - simulator.addFlow(&tp); + stringstream fname; + fname << "job." << ::getpid(); + ofstream job(fname.str().c_str()); + job << "job " << id << " instr " << instr_offset << " (" << param.msg.instr_address() << ") mem " << mem_addr << "+" << bit_offset << endl; + job.close(); */ - BaseEvent* ev = simulator.waitAny(); + // reaching finish() could happen before OR after FI + BPSingleEvent func_finish(OOSTUBS_FUNC_FINISH); + simulator.addEvent(&func_finish); + bool finish_reached = false; - // Do we reach finish() while waiting for ev_trap/ev_done? - if (ev == &func_finish) { - finish_reached = true; - log << "experiment reached finish()" << endl; + // no need to wait if offset is 0 + if (instr_offset > 0) { + // XXX could be improved with intermediate states (reducing runtime until injection) + bp.setWatchInstructionPointer(ANY_ADDR); + bp.setCounter(instr_offset); + simulator.addEvent(&bp); - // wait for ev_trap/ev_done - ev = simulator.waitAny(); + // finish() before FI? + if (simulator.waitAny() == &func_finish) { + finish_reached = true; + log << "experiment reached finish() before FI" << endl; + + // wait for bp + simulator.waitAny(); + } + } + + // --- fault injection --- + MemoryManager& mm = simulator.getMemoryManager(); + byte_t data = mm.getByte(mem_addr); + byte_t newdata = data ^ (1 << bit_offset); + mm.setByte(mem_addr, newdata); + // note at what IP we did it + int32_t injection_ip = simulator.getRegisterManager().getInstructionPointer(); + param.msg.set_injection_ip(injection_ip); + log << "fault injected @ ip " << injection_ip + << " 0x" << hex << ((int)data) << " -> 0x" << ((int)newdata) << endl; + // sanity check + if (param.msg.has_instr_address() && + injection_ip != param.msg.instr_address()) { + stringstream ss; + ss << "SANITY CHECK FAILED: " << injection_ip + << " != " << param.msg.instr_address(); + log << ss.str() << endl; + result->set_resulttype(result->UNKNOWN); + result->set_latest_ip(injection_ip); + result->set_details(ss.str()); + + simulator.clearEvents(); + continue; + } + + // --- aftermath --- + // possible outcomes: + // - trap, "crash" + // - jump outside text segment + // - (XXX unaligned jump inside text segment) + // - (XXX weird instructions?) + // - (XXX results displayed?) + // - reaches THE END + // - error detected, stop + // additional info: + // - #loop iterations before/after FI + // - (XXX "sane" display?) + + // catch traps as "extraordinary" ending + TrapEvent ev_trap(ANY_TRAP); + simulator.addEvent(&ev_trap); + // jump outside text segment + BPRangeEvent ev_below_text(ANY_ADDR, OOSTUBS_TEXT_START - 1); + BPRangeEvent ev_beyond_text(OOSTUBS_TEXT_END + 1, ANY_ADDR); + simulator.addEvent(&ev_below_text); + simulator.addEvent(&ev_beyond_text); + // timeout (e.g., stuck in a HLT instruction) + // 10000us = 500000 instructions + TimerEvent ev_timeout(1000000, true); // 50,000,000 instructions !! + simulator.addEvent(&ev_timeout); + + // remaining instructions until "normal" ending + BPSingleEvent ev_end(ANY_ADDR); + ev_end.setCounter(OOSTUBS_NUMINSTR + OOSTUBS_RECOVERYINSTR - instr_offset); + simulator.addEvent(&ev_end); + +#if LOCAL && 0 + // XXX debug + log << "enabling tracing" << endl; + TracingPlugin tp; + tp.setLogIPOnly(true); + tp.setOstream(&cout); + // this must be done *after* configuring the plugin: + simulator.addFlow(&tp); +#endif + + BaseEvent* ev = simulator.waitAny(); + + // Do we reach finish() while waiting for ev_trap/ev_done? + if (ev == &func_finish) { + finish_reached = true; + log << "experiment reached finish()" << endl; + + // wait for ev_trap/ev_done + ev = simulator.waitAny(); + } + + // record latest IP regardless of result + result->set_latest_ip(simulator.getRegisterManager().getInstructionPointer()); + + // record resultdata, finish_reached and error_corrected regardless of result + uint32_t results[OOSTUBS_RESULTS_BYTES / sizeof(uint32_t)]; + simulator.getMemoryManager().getBytes(OOSTUBS_RESULTS_ADDR, sizeof(results), results); + for (unsigned i = 0; i < sizeof(results) / sizeof(*results); ++i) { + log << "results[" << i << "]: " << dec << results[i] << endl; + result->add_resultdata(results[i]); + } + result->set_finish_reached(finish_reached); + int32_t error_corrected = simulator.getMemoryManager().getByte(OOSTUBS_ERROR_CORRECTED); + result->set_error_corrected(error_corrected); + + if (ev == &ev_end) { + log << dec << "Result FINISHED" << endl; + result->set_resulttype(result->FINISHED); + } else if (ev == &ev_timeout) { + log << "Result TIMEOUT" << endl; + result->set_resulttype(result->TIMEOUT); + } else if (ev == &ev_below_text || ev == &ev_beyond_text) { + log << "Result OUTSIDE" << endl; + result->set_resulttype(result->OUTSIDE); + } else if (ev == &ev_trap) { + log << dec << "Result TRAP #" << ev_trap.getTriggerNumber() << endl; + result->set_resulttype(result->TRAP); + + stringstream ss; + ss << ev_trap.getTriggerNumber(); + result->set_details(ss.str()); + } else { + log << "Result WTF?" << endl; + result->set_resulttype(result->UNKNOWN); + + stringstream ss; + ss << "eventid " << ev->getId() << " EIP " << simulator.getRegisterManager().getInstructionPointer(); + result->set_details(ss.str()); + } + // explicitly remove all events before we leave their scope + // FIXME event destructors should remove them from the queues + simulator.clearEvents(); } - - // record resultdata, finish_reached and error_corrected regardless of result - uint32_t results[OOSTUBS_RESULTS_BYTES / sizeof(uint32_t)]; - simulator.getMemoryManager().getBytes(OOSTUBS_RESULTS_ADDR, sizeof(results), results); - for (unsigned i = 0; i < sizeof(results) / sizeof(*results); ++i) { - log << "results[" << i << "]: " << dec << results[i] << endl; - param.msg.add_resultdata(results[i]); - } - param.msg.set_finish_reached(finish_reached); - int32_t error_corrected = simulator.getMemoryManager().getByte(OOSTUBS_ERROR_CORRECTED); - param.msg.set_error_corrected(error_corrected); - param.msg.set_latest_ip(simulator.getRegisterManager().getInstructionPointer()); - - if (ev == &ev_done) { - log << dec << "Result FINISHED" << endl; - param.msg.set_resulttype(param.msg.FINISHED); - } else if (ev == &ev_halt) { - log << dec << "Result HALT" << endl; - param.msg.set_resulttype(param.msg.HALT); - } else if (ev == &ev_trap) { - log << dec << "Result TRAP #" << ev_trap.getTriggerNumber() << endl; - param.msg.set_resulttype(param.msg.TRAP); - - stringstream ss; - ss << ev_trap.getTriggerNumber(); - param.msg.set_details(ss.str()); + // sanity check: do we have exactly 8 results? + if (param.msg.result_size() != 8) { + log << "WTF? param.msg.result_size() != 8" << endl; } else { - log << dec << "Result WTF?" << endl; - param.msg.set_resulttype(param.msg.UNKNOWN); - - stringstream ss; - ss << "eventid " << ev->getId() << " EIP " << simulator.getRegisterManager().getInstructionPointer(); - param.msg.set_details(ss.str()); +#if !LOCAL + m_jc.sendResult(param); +#endif } - m_jc.sendResult(param); +#if !LOCAL } +#endif + #endif // Explicitly terminate, or the simulator will continue to run. simulator.terminate(); diff --git a/src/experiments/checksum-oostubs/experimentInfo.hpp b/src/experiments/checksum-oostubs/experimentInfo.hpp index addaed16..e213c4b9 100644 --- a/src/experiments/checksum-oostubs/experimentInfo.hpp +++ b/src/experiments/checksum-oostubs/experimentInfo.hpp @@ -7,31 +7,29 @@ // the task function's entry address: // nm -C ecc.elf|fgrep main -#define OOSTUBS_FUNC_ENTRY 0x00103f2c +#define OOSTUBS_FUNC_ENTRY 0x00101e88 // empty function that is called explicitly when the experiment finished // nm -C ecc.elf|fgrep "finished()" -#define OOSTUBS_FUNC_FINISH 0x001093f0 +#define OOSTUBS_FUNC_FINISH 0x00105040 // function executing HLT with no chance for further progress (after panic()) // nm -C ecc.elf|fgrep cpu_halt -#define OOSTUBS_FUNC_CPU_HALT 0x00100987 +#define OOSTUBS_FUNC_CPU_HALT 0x001009f7 + +#define OOSTUBS_TEXT_START 0x00100000 //FIXME: use real values provided by linker +#define OOSTUBS_TEXT_END 0x00106bcc //FIXME: use real values provided by linker + // number of instructions the target executes under non-error conditions from ENTRY to DONE: // (result of experiment's step #2) -#define OOSTUBS_NUMINSTR 0x4a3401 +#define OOSTUBS_NUMINSTR 0x3FB877 // number of instructions that are executed additionally for error corrections // (this is a rough guess ... TODO) #define OOSTUBS_RECOVERYINSTR 0x2000 -// the ECC protected object's address: -// nm -C ecc.elf|fgrep objectUnderTest -#define COOL_ECC_OBJUNDERTEST 0x002127a4 //FIXME -// the ECC protected object's payload size: -// (we know that from the object's definition and usual memory layout) -#define COOL_ECC_OBJUNDERTEST_SIZE 10 //FIXME // the variable that's increased if ECC corrects an error: // nm -C ecc.elf|fgrep errors_corrected -#define OOSTUBS_ERROR_CORRECTED 0x0010e3a4 +#define OOSTUBS_ERROR_CORRECTED 0x00109c14 // // nm -C ecc.elf|fgrep results -#define OOSTUBS_RESULTS_ADDR 0x0010d794 +#define OOSTUBS_RESULTS_ADDR 0x00108f90 #define OOSTUBS_RESULTS_BYTES 12 #define OOSTUBS_RESULT0 0xab3566a9 #define OOSTUBS_RESULT1 0x44889112