From 8de290f47ddecb994e4321ae9fc6efc74334b941 Mon Sep 17 00:00:00 2001 From: hsc Date: Mon, 22 Oct 2012 21:13:20 +0000 Subject: [PATCH] nanojpeg: experiment largely complete - utilizes ELF reader to find symbols - retrieves generated image from guest system and calculates PSNR git-svn-id: https://www4.informatik.uni-erlangen.de/i4svn/danceos/trunk/devel/fail@1798 8c4709b5-6ec9-48aa-a5cd-a96041d1645a --- src/experiments/nanojpeg/CMakeLists.txt | 2 + src/experiments/nanojpeg/experiment.cc | 189 +++++++++++++++++++- src/experiments/nanojpeg/experimentInfo.hpp | 2 + src/experiments/nanojpeg/psnr.cc | 79 ++++++++ src/experiments/nanojpeg/psnr.hpp | 26 +++ 5 files changed, 293 insertions(+), 5 deletions(-) create mode 100644 src/experiments/nanojpeg/psnr.cc create mode 100644 src/experiments/nanojpeg/psnr.hpp diff --git a/src/experiments/nanojpeg/CMakeLists.txt b/src/experiments/nanojpeg/CMakeLists.txt index 8b2f63e2..aad7d049 100644 --- a/src/experiments/nanojpeg/CMakeLists.txt +++ b/src/experiments/nanojpeg/CMakeLists.txt @@ -21,6 +21,8 @@ set(MY_CAMPAIGN_SRCS UDIS86.cc udis86_helper.hpp udis86_helper.cc + psnr.cc + psnr.hpp ) #### PROTOBUFS #### diff --git a/src/experiments/nanojpeg/experiment.cc b/src/experiments/nanojpeg/experiment.cc index bc17df75..187a4c63 100644 --- a/src/experiments/nanojpeg/experiment.cc +++ b/src/experiments/nanojpeg/experiment.cc @@ -5,10 +5,12 @@ #include #include "util/Logger.hpp" +#include "util/ElfReader.hpp" #include "experiment.hpp" #include "experimentInfo.hpp" -//#include "campaign.hpp" +#include "campaign.hpp" +#include "psnr.hpp" #include "sal/SALConfig.hpp" #include "sal/SALInst.hpp" @@ -19,6 +21,7 @@ // you need to have the tracing plugin enabled for this #include "../plugins/tracing/TracingPlugin.hpp" +#define PREPARATION 1 #define LOCAL 1 using namespace std; @@ -32,23 +35,22 @@ using namespace fail; bool NanoJPEGExperiment::run() { - char const *statename = "bochs.state"; // WEATHER_SUFFIX; Logger log("nJPEG", true); log << "startup" << endl; -#if 1 +#if PREPARATION == 1 // STEP 1: run until main starts, save state, record trace // TODO: store golden run output IOPortListener io(0x3f8, true); simulator.addListenerAndResume(&io); log << "main() reached, saving state" << endl; - simulator.save(statename); + simulator.save(NANOJPEG_STATE); // record trace log << "restoring state" << endl; - simulator.restore(statename); + simulator.restore(NANOJPEG_STATE); log << "EIP = " << hex << simulator.getRegisterManager().getInstructionPointer() << endl; log << "enabling tracing" << endl; TracingPlugin tp; @@ -72,6 +74,183 @@ bool NanoJPEGExperiment::run() log << "golden run took " << dec << counter << " instructions" << endl; simulator.removeFlow(&tp); of.close(); +#else + // STEP 2: the actual experiment + PSNR psnr(NANOJPEG_GOLDEN_PPM); + + ElfReader elfreader(NANOJPEG_ELF); + guest_address_t addr_text_start = + elfreader.getAddressByName("___TEXT_START__"); + guest_address_t addr_text_end = + elfreader.getAddressByName("___TEXT_END__"); + guest_address_t addr_output_image_ptr = + elfreader.getAddressByName("output_image"); + guest_address_t addr_output_image_size = + elfreader.getAddressByName("output_image_size"); + log << "ELF symbols: text " << hex << addr_text_start << "-" << addr_text_end + << " output_image ptr @ " << addr_output_image_ptr << ", size @ " << addr_output_image_size << endl; + elfreader.~ElfReader(); + +#if !LOCAL + for (int i = 0; i < 50; ++i) { // only do 50 sequential experiments, to prevent swapping +#endif + + // get an experiment parameter set + log << "asking job server for experiment parameters" << endl; + NanoJPEGExperimentData param; +#if !LOCAL + if (!m_jc.getParam(param)) { + log << "Dying." << endl; + simulator.terminate(1); + } +#else + // XXX debug + param.msg.set_instr_offset(2000); + //param.msg.set_instr_address(12345); + param.msg.set_register_id(0); // EAX + //param.msg.set_bitmask(0xffffffffULL); + param.msg.set_bitmask(0x2); + param.msg.set_timeout(NANOJPEG_TIMEOUT); +#endif + + int id = param.getWorkloadID(); + int instr_offset = param.msg.instr_offset(); + Register *reg = simulator.getRegisterManager().getRegister(param.msg.register_id()); + uint64_t bitmask = param.msg.bitmask(); + int timeout = param.msg.timeout(); + + for (int bitnr = 0; bitnr < 32; ++bitnr) { + if (!((1 << bitnr) & bitmask)) { + continue; + } + log << "ID=" << id << " instr=0x" << hex << instr_offset << " reg=" << reg->getName() + << " bitnr=" << dec << bitnr << " timeout=" << timeout << endl; + NanoJPEGProtoMsg_Result *result = param.msg.add_result(); + result->set_bitnr(bitnr); + + log << "restoring state" << endl; + simulator.restore(NANOJPEG_STATE); + + // no need to wait if offset is 0 + if (instr_offset > 0) { + // XXX could be improved with intermediate states (reducing runtime until injection) + BPSingleListener bp_fi; + bp_fi.setWatchInstructionPointer(ANY_ADDR); + bp_fi.setCounter(instr_offset); + if (simulator.addListenerAndResume(&bp_fi) != &bp_fi) { + log << "WTF?" << endl; + simulator.terminate(1); + } + } + + // --- fault injection --- + uint32_t data = reg->getData(); + uint32_t newdata = data ^ (1 << bitnr); + reg->setData(newdata); + // note at what IP we did it + int32_t injection_ip = simulator.getRegisterManager().getInstructionPointer(); + param.msg.set_injection_ip(injection_ip); + log << "fault injected @ ip " << injection_ip << " reg " << reg->getName() + << " 0x" << hex << ((int)data) << " -> 0x" << ((int)newdata) << endl; + // sanity check + if (param.msg.has_instr_address() && + injection_ip != param.msg.instr_address()) { + stringstream ss; + ss << "SANITY CHECK FAILED: " << injection_ip + << " != " << param.msg.instr_address(); + log << ss.str() << endl; + result->set_resulttype(result->UNKNOWN); + result->set_latest_ip(injection_ip); + result->set_details(ss.str()); + + simulator.clearListeners(); + continue; + } + + // --- aftermath --- + // possible outcomes: + // - trap, "crash" + // - jump outside text segment + // - (XXX unaligned jump inside text segment) + // - (XXX weird instructions?) + // - reaches the end, PSNR can be calculated + // - reaches the end, output image broken + // - global timeout + // additional info: + // - PSNR + + // normal experiment end: guest system tells us + IOPortListener ev_io(0x3f8, true); + simulator.addListener(&ev_io); + // global timeout + TimerListener ev_timeout(timeout); + simulator.addListener(&ev_timeout); + // catch traps as "extraordinary" ending + TrapListener ev_trap(ANY_TRAP); + simulator.addListener(&ev_trap); + // jump outside text segment + BPRangeListener ev_below_text(ANY_ADDR, addr_text_start - 1); + BPRangeListener ev_beyond_text(addr_text_end + 1, ANY_ADDR); + simulator.addListener(&ev_below_text); + simulator.addListener(&ev_beyond_text); + + BaseListener *ev = simulator.resume(); + // record latest IP regardless of result + result->set_latest_ip(simulator.getRegisterManager().getInstructionPointer()); + + if (ev == &ev_io) { + log << "Result FINISHED/BROKEN (" << ev_io.getData() << ")" << endl; + // retrieve image + MemoryManager& mm = simulator.getMemoryManager(); + uint32_t output_image_addr; + mm.getBytes(addr_output_image_ptr, 4, &output_image_addr); + int32_t output_image_size; + mm.getBytes(addr_output_image_size, 4, &output_image_size); + log << "image address " << hex << output_image_addr << " size " << dec << output_image_size << endl; + if (output_image_size != 3 * psnr.getWidth() * psnr.getHeight()) { + log << "odd image size" << endl; + result->set_resulttype(result->BROKEN); + } else if (output_image_addr == 0) { + log << "odd image address" << endl; + result->set_resulttype(result->BROKEN); + } else { + result->set_resulttype(result->FINISHED); + string image; + image.resize(output_image_size); + mm.getBytes(output_image_addr, output_image_size, &image[0]); + // calculate PSNR + double psnr_value = psnr.calculate(image); + result->set_psnr(psnr_value); + log << "PSNR: " << psnr_value << endl; + } + } else if (ev == &ev_timeout) { + log << "Result TIMEOUT" << endl; + result->set_resulttype(result->TIMEOUT); + } else if (ev == &ev_below_text || ev == &ev_beyond_text) { + log << "Result OUTSIDE" << endl; + result->set_resulttype(result->OUTSIDE); + } else if (ev == &ev_trap) { + log << dec << "Result TRAP #" << ev_trap.getTriggerNumber() << endl; + result->set_resulttype(result->TRAP); + + stringstream ss; + ss << ev_trap.getTriggerNumber(); + result->set_details(ss.str()); + } else { + log << "Result WTF?" << endl; + result->set_resulttype(result->UNKNOWN); + + stringstream ss; + ss << "eventid " << hex << ((unsigned long) ev) << " EIP " << simulator.getRegisterManager().getInstructionPointer(); + result->set_details(ss.str()); + } + } + +#if !LOCAL + m_jc.sendResult(param); + } +#endif + #endif // Explicitly terminate, or the simulator will continue to run. simulator.terminate(); diff --git a/src/experiments/nanojpeg/experimentInfo.hpp b/src/experiments/nanojpeg/experimentInfo.hpp index fbe2d6ca..7f21b028 100644 --- a/src/experiments/nanojpeg/experimentInfo.hpp +++ b/src/experiments/nanojpeg/experimentInfo.hpp @@ -8,5 +8,7 @@ #define NANOJPEG_RESULTS "nanojpeg.csv" #define NANOJPEG_INSTR_LIMIT 999999999 // currently "unlimited" #define NANOJPEG_TIMEOUT 5000 // 2s +#define NANOJPEG_GOLDEN_PPM "golden.ppm" +#define NANOJPEG_STATE "bochs.state" #endif diff --git a/src/experiments/nanojpeg/psnr.cc b/src/experiments/nanojpeg/psnr.cc new file mode 100644 index 00000000..404ef52b --- /dev/null +++ b/src/experiments/nanojpeg/psnr.cc @@ -0,0 +1,79 @@ +#include +#include +#include +#include + +#include "psnr.hpp" + +static void get_remaining_file_contents(std::ifstream& in, std::string& contents) +{ + std::streampos startpos = in.tellg(); + in.seekg(0, std::ios::end); + contents.resize(in.tellg() - startpos); + in.seekg(startpos, std::ios::beg); + in.read(&contents[0], contents.size()); + in.close(); +} + +static inline double square(double x) +{ + return x*x; +} + +static double image_rgb_mse(const unsigned char *f1, const unsigned char *f2, int width, int height, double max) +{ + double sum = 0.0; + for (int y = 0; y < height; ++y) { + for (int x = 0; x < width; ++x) { + sum += square(f1[x*y*3+0] - f2[x*y*3+0]); + sum += square(f1[x*y*3+1] - f2[x*y*3+1]); + sum += square(f1[x*y*3+2] - f2[x*y*3+2]); + } + } + return sum / (3 * height * width); +} + +static double image_rgb_psnr(const unsigned char *f1, const unsigned char *f2, int width, int height, double max) +{ + double mse = image_rgb_mse(f1, f2, width, height, max); + return 20.0 * log10(max / sqrt(mse)); +} + +double PSNR::calculate(const std::string& img) +{ + if (img.size() < refimg_width * refimg_height * 3) { + std::cerr << "image too small" << std::endl; + return -999; + } + return image_rgb_psnr((unsigned char *) &refimg[0], (unsigned char *) &img[0], refimg_width, refimg_height, refimg_max); +} + +bool PSNR::load_refimage(char const *refimage_filename) +{ + std::ifstream fs(refimage_filename, std::ios::in | std::ios::binary); + if (!fs) { + return false; + } + + std::string type; + fs >> type; + if (type != "P6") { return false; } + + fs >> refimg_width; + fs >> refimg_height; + fs >> refimg_max; + + if (refimg_max != 255) { + std::cerr << "something is wrong" << std::endl; + return false; + } + + // one whitespace character + fs.ignore(); + + get_remaining_file_contents(fs, refimg); + if (refimg.size() < refimg_width * refimg_height * 3) { + std::cerr << "image too small" << std::endl; + return false; + } +} diff --git a/src/experiments/nanojpeg/psnr.hpp b/src/experiments/nanojpeg/psnr.hpp new file mode 100644 index 00000000..30a8ea58 --- /dev/null +++ b/src/experiments/nanojpeg/psnr.hpp @@ -0,0 +1,26 @@ +#ifndef __PSNR_HPP__ +#define __PSNR_HPP__ + +#include +#include + +class PSNR { +private: + std::string refimg; + int refimg_width, refimg_height, refimg_max; + +public: + PSNR(char const *refimage_filename) + { + if (!load_refimage(refimage_filename)) { + std::cerr << __func__ << " failed to load " << refimage_filename << std::endl; + } + } + // we only accept P6 without comments + bool load_refimage(char const *refimage_filename); + double calculate(const std::string& img); + int getWidth() { return refimg_width; } + int getHeight() { return refimg_height; } +}; + +#endif