DatabaseCampaign/-Experiment: add randomjump faults

Taken from experiments/erika-tester. Change-Id: Ic1aa72d1bfc839009297892cf9e50b3edb53fef9
2020-05-23 22:51:19 +02:00
parent dc73349a4d
commit 33d40df4bd
4 changed files with 26 additions and 5 deletions
--- a/src/core/comm/DatabaseCampaignMessage.proto.in
+++ b/src/core/comm/DatabaseCampaignMessage.proto.in
@ -27,6 +27,7 @@ message DatabaseCampaignMessage {
        OFF = 0;
        AUTO = 1;
        FORCE = 2;
+        RANDOMJUMP = 3;
    }
    optional RegisterInjectionMode register_injection_mode = 12 [default = OFF];
 }
--- a/src/core/cpn/DatabaseCampaign.cc
+++ b/src/core/cpn/DatabaseCampaign.cc
@ -55,6 +55,9 @@ bool DatabaseCampaign::run() {
 	CommandLine::option_handle REGISTERS_FORCE =
 		cmd.addOption("","force-inject-registers", Arg::None,
 			"--force-inject-registers \tinject into ISA registers only, ignore high addresses");
+	CommandLine::option_handle REGISTERS_RANDOMJUMP =
+		cmd.addOption("","inject-randomjumps", Arg::None,
+			"--inject-randomjumps \tinject random jumps (interpret data_address as jump target, as prepared by RandomJumpImporter)");

 	if (!cmd.parse()) {
 		log_send << "Error parsing arguments." << std::endl;
@ -115,6 +118,9 @@ bool DatabaseCampaign::run() {
 	} else if (cmd[REGISTERS_FORCE]) {
 		m_register_injection_mode = DatabaseCampaignMessage::FORCE;
 		log_send << "register injection: on" << std::endl;
+	} else if (cmd[REGISTERS_RANDOMJUMP]) {
+		m_register_injection_mode = DatabaseCampaignMessage::RANDOMJUMP;
+		log_send << "register injection: randomjump" << std::endl;
 	} else {
 		m_register_injection_mode = DatabaseCampaignMessage::OFF;
 		log_send << "register injection: off" << std::endl;
--- a/src/core/efw/DatabaseExperiment.cc
+++ b/src/core/efw/DatabaseExperiment.cc
@ -77,11 +77,23 @@ void DatabaseExperiment::redecodeCurrentInstruction() {

 unsigned DatabaseExperiment::injectFault(
 	address_t data_address, unsigned bitpos, bool inject_burst,
-	bool inject_registers, bool force_registers) {
+	bool inject_registers, bool force_registers, bool randomjump) {
 	unsigned value, injected_value;

+	if (randomjump) {
+		// interpret data_address as new value for the IP, i.e. jump there
+		address_t current_PC = simulator.getCPU(0).getInstructionPointer();
+		address_t new_PC     = data_address;
+		m_log << "jump from 0x" << hex << current_PC << " to 0x" << new_PC << std::endl;
+		simulator.getCPU(0).setRegisterContent(simulator.getCPU(0).getRegister(RID_PC), new_PC);
+		redecodeCurrentInstruction();
+
+		// set program counter
+		value = current_PC;
+		injected_value = new_PC;
+
 	/* First 128 registers, TODO use LLVMtoFailTranslator::getMaxDataAddress() */
-	if (data_address < (128 << 4) && inject_registers) {
+	} else if (data_address < (128 << 4) && inject_registers) {
 #if defined(BUILD_LLVM_DISASSEMBLER) || defined(BUILD_CAPSTONE_DISASSEMBLER)
 #if defined(BUILD_LLVM_DISASSEMBLER)
 		typedef LLVMtoFailTranslator XtoFailTranslator;
@ -199,7 +211,8 @@ bool DatabaseExperiment::run()
 		unsigned  injection_instr = fsppilot->injection_instr();
 		address_t data_address = fsppilot->data_address();
 		unsigned width = fsppilot->data_width();
-		unsigned injection_width = fsppilot->inject_bursts() ? 8 : 1;
+		unsigned injection_width =
+			(fsppilot->inject_bursts() || fsppilot->register_injection_mode() == fsppilot->RANDOMJUMP) ? 8 : 1;

 		for (unsigned bit_offset = 0; bit_offset < width * 8; bit_offset += injection_width) {
 			// 8 results in one job
@ -270,7 +283,8 @@ bool DatabaseExperiment::run()
 				injectFault(data_address + bit_offset / 8, bit_offset % 8,
 					fsppilot->inject_bursts(),
 					fsppilot->register_injection_mode() != fsppilot->OFF,
-					fsppilot->register_injection_mode() == fsppilot->FORCE));
+					fsppilot->register_injection_mode() == fsppilot->FORCE,
+					fsppilot->register_injection_mode() == fsppilot->RANDOMJUMP));
 			result->set_injection_width(injection_width);

 			if (!this->cb_before_resume()) {
--- a/src/core/efw/DatabaseExperiment.hpp
+++ b/src/core/efw/DatabaseExperiment.hpp
@ -15,7 +15,7 @@ class DatabaseExperiment : public fail::ExperimentFlow {
 	fail::JobClient *m_jc;

 	unsigned injectFault(address_t data_address, unsigned bitpos, bool inject_burst,
-		bool inject_registers, bool force_registers);
+		bool inject_registers, bool force_registers, bool randomjump);

 	/**
 	   The current experiment data as returned by the job client. This