Extend L4-Sys manual
* mention how to obtain an L4Re setup * describe finding the address space identifier in more detail Change-Id: If56bfa255d498106920f39a7380b97306a8731c8
This commit is contained in:
Bjoern Doebel
Binary file not shown.
@ -13,7 +13,8 @@
|
|||||||
|
|
||||||
%opening
|
%opening
|
||||||
\title{L4Sys User Manual}
|
\title{L4Sys User Manual}
|
||||||
\author{Martin Unzner (\href{mailto:munzner@os.inf.tu-dresden.de}{munzner@os.inf.tu-dresden.de})}
|
\author{Martin Unzner (\href{mailto:munzner@os.inf.tu-dresden.de}{munzner@os.inf.tu-dresden.de}), \\
|
||||||
|
Björn Döbel (\href{mailto:doebel@os.inf.tu-dresden.de}{doebel@os.inf.tu-dresden.de})}
|
||||||
|
|
||||||
\begin{document}
|
\begin{document}
|
||||||
|
|
||||||
@ -59,60 +60,77 @@ might fail because they tried to execute the same faulty instruction.
|
|||||||
|
|
||||||
\section{Emulator Setup}
|
\section{Emulator Setup}
|
||||||
|
|
||||||
These experiments work with Bochs only. This is partly due to some
|
L4Sys fault injection experiments work with Bochs only. This is partly due to
|
||||||
issues with timing --- as soon as a valid model of
|
some issues with timing --- as soon as a valid model of time in the target
|
||||||
time in the target emulator as well as an assembler/disassembler
|
emulator as well as an assembler/disassembler functionality in the Fail*
|
||||||
functionality in the Fail* framework are established, I would recommend a
|
framework are established, I would recommend a backend change, as Bochs'
|
||||||
backend change, as Bochs' reliability is very limited.
|
reliability is very limited.
|
||||||
|
|
||||||
To setup your system, first, you need a dedicated \texttt{bochsrc} file.
|
To setup your system, first, you need a dedicated \texttt{bochsrc} file. It
|
||||||
It has proven handy to have
|
has proven useful to have a Bochs resource file or an independent Bochs
|
||||||
a Bochs resource file or an independent Bochs instance with GUI enabled
|
instance with GUI enabled for the initial testing, however the experiments are
|
||||||
for the initial testing, however the experiments are intended to be
|
intended to be conducted without graphical output.
|
||||||
conducted without graphical output.
|
|
||||||
|
Bochs should be booted using a CD image containing your setup. To obtain this
|
||||||
|
setup, first build Fiasco.OC and L4Re separately as described in their
|
||||||
|
respective \href{https://os.inf.tu-dresden.de/L4Re/build.html}{build
|
||||||
|
instructions}. Make sure your setup is running, e.g., in QEMU. Once this
|
||||||
|
works, create an ISO image using the L4 build system's
|
||||||
|
\verb+make grub2iso E=<entry>+ command. Validate that this ISO boots and runs
|
||||||
|
in Bochs.
|
||||||
|
|
||||||
\section{Client Setup}
|
\section{Client Setup}
|
||||||
|
|
||||||
All parameters of the L4Sys experiment client can be found
|
All parameters of the L4Sys experiment client can be found in the file
|
||||||
in the file \texttt{experimentInfo.hpp}. Normally, it should
|
\texttt{experimentInfo.hpp}. Normally, it should not be necessary to change
|
||||||
not be necessary to change the program flow directly, however,
|
the program flow directly. However, if something bothers you, you are always
|
||||||
if something bothers you, you are always free to take a look
|
free to take a look at \texttt{experiment.cc}, too.
|
||||||
at \texttt{experiment.cc}, too.
|
|
||||||
|
|
||||||
\subsection{Constants}
|
\subsection{Constants}
|
||||||
|
|
||||||
Some values are constant throughout all steps of the preparation
|
Some values are constant throughout all steps of the preparation and also when
|
||||||
and also when the workload program is run.
|
the workload program is run. The most important constant is
|
||||||
The most important constant is \verb+L4SYS_BOCHS_IPS+,
|
\verb+L4SYS_BOCHS_IPS+, which has to be consistent with your \texttt{bochsrc}
|
||||||
which has to be consistent with your \texttt{bochsrc} setting
|
setting and is used for several timely calculations in the client.
|
||||||
and is used for several timely calculations in the client.
|
|
||||||
|
|
||||||
\subsection{Step 0: Determine the address space}
|
\subsection{Step 0: Determine the address space}
|
||||||
|
|
||||||
First, you need to find what are the addresses of the
|
First, we need to find the start and end instruction addresses for our
|
||||||
start and end instructions of your
|
workload program and our given experiment. For this purpose, use a
|
||||||
workload program. Therefore, you should use a
|
disassembler, such as \texttt{objdump} or \emph{IDA Pro}. Determine the first
|
||||||
disassembler like \emph{objdump} or \emph{IDA Pro} and
|
and last instruction for your campaign and set \verb+L4SYS_FUNC_ENTRY+ and
|
||||||
set \verb+L4SYS_FUNC_ENTRY+ and \verb+L4SYS_FUNC_EXIT+
|
\verb+L4SYS_FUNC_EXIT+ in the header file accordingly. \verb+L4SYS_NUMINSTR+
|
||||||
accordingly. \verb+L4SYS_NUMINSTR+
|
is determined automatically in a later preparation step and can be ignored for
|
||||||
is determined automatically in a later preparation step and
|
now.
|
||||||
can be ignored for now.
|
|
||||||
|
|
||||||
To test instructions that are run only in a specific address space,
|
If you want your campaign only to affect a specific address space (e.g.,
|
||||||
L4Sys uses the address space filtering mechanism of Fail*.
|
because you are only interested in faults at the application level), L4Sys
|
||||||
If your fault injection campaign is not limited to a specific address space,
|
leverages Fail*'s address space filtering mechanism. To determine the address
|
||||||
you may set \verb+L4SYS_ADDRESS_SPACE+ to \verb+ANY_ADDR+. Keep in mind that in
|
space identifier, you will have to use Bochs'
|
||||||
that case, your instruction addresses must be unique among all those
|
\href{http://bochs.sourceforge.net/doc/docbook/user/internal-debugger.html}{internal
|
||||||
executed in the system, which in general is not the case.
|
debugger} and perform the following actions:
|
||||||
|
\begin{enumerate}
|
||||||
|
\item Compile Bochs with support for the internal debugger. This can either
|
||||||
|
be done by configuring and rebuilding the fail client accordingly or
|
||||||
|
using a separate Bochs installation - we don't need Fail*
|
||||||
|
functionality here.
|
||||||
|
\item Boot your system in Bochs. The debugger prompt (or window) will
|
||||||
|
appear. Use the \verb+lbreak+ command to set an instruction breakpoint
|
||||||
|
to an address in your application. (Hint: Remember you already figured
|
||||||
|
out \verb+L4SYS_FUNC_ENTRY+ previously.)
|
||||||
|
\item Run Bochs until the breakpoint is hit. Verify that you are in the
|
||||||
|
right address space (instruction pointers may be similar in different
|
||||||
|
applications as L4's BID links all programs to the same starting
|
||||||
|
address by default).
|
||||||
|
\item Use the \verb+creg+ command to look at the current control registers.
|
||||||
|
Set \verb+L4SYS_ADDRESS_SPACE+ to the value of the CR3 (page table
|
||||||
|
control) register.
|
||||||
|
\end{enumerate}
|
||||||
|
|
||||||
To find out the value of the address space identifier, you will have to
|
If you are not interested in address space filtering, you may set
|
||||||
look up the value in
|
\verb+L4SYS_ADDRESS_SPACE+ to \verb+ANY_ADDR+. Note that in this case you will
|
||||||
the emulator using a debugger. In the case of Bochs, you may want to
|
probably encounter instruction pointers across various address spaces and may
|
||||||
study
|
not get the unique results you want.
|
||||||
\href{http://bochs.sourceforge.net/doc/docbook/user/internal-debugger.html}{this page},
|
|
||||||
and, according to its instructions,
|
|
||||||
dump the content of the CR3 control register at the
|
|
||||||
beginning of your program.
|
|
||||||
|
|
||||||
\subsection{Step 1: Save the initial state of the machine}
|
\subsection{Step 1: Save the initial state of the machine}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user