nanojpeg: experiment largely complete

- utilizes ELF reader to find symbols - retrieves generated image from guest system and calculates PSNR git-svn-id: https://www4.informatik.uni-erlangen.de/i4svn/danceos/trunk/devel/fail@1798 8c4709b5-6ec9-48aa-a5cd-a96041d1645a
2012-10-22 21:13:20 +00:00
parent 781fbf1f4e
commit 8de290f47d
5 changed files with 293 additions and 5 deletions
--- a/src/experiments/nanojpeg/CMakeLists.txt
+++ b/src/experiments/nanojpeg/CMakeLists.txt
@ -21,6 +21,8 @@ set(MY_CAMPAIGN_SRCS
 	UDIS86.cc
 	udis86_helper.hpp
 	udis86_helper.cc
+	psnr.cc
+	psnr.hpp
 )

 #### PROTOBUFS ####
--- a/src/experiments/nanojpeg/experiment.cc
+++ b/src/experiments/nanojpeg/experiment.cc
@ -5,10 +5,12 @@
 #include <unistd.h>

 #include "util/Logger.hpp"
+#include "util/ElfReader.hpp"

 #include "experiment.hpp"
 #include "experimentInfo.hpp"
-//#include "campaign.hpp"
+#include "campaign.hpp"
+#include "psnr.hpp"

 #include "sal/SALConfig.hpp"
 #include "sal/SALInst.hpp"
@ -19,6 +21,7 @@
 // you need to have the tracing plugin enabled for this
 #include "../plugins/tracing/TracingPlugin.hpp"

+#define PREPARATION 1
 #define LOCAL 1

 using namespace std;
@ -32,23 +35,22 @@ using namespace fail;

 bool NanoJPEGExperiment::run()
 {
-	char const *statename = "bochs.state"; // WEATHER_SUFFIX;
 	Logger log("nJPEG", true);
 	
 	log << "startup" << endl;

-#if 1
+#if PREPARATION == 1
 	// STEP 1: run until main starts, save state, record trace
 	// TODO: store golden run output
 	IOPortListener io(0x3f8, true);
 	simulator.addListenerAndResume(&io);

 	log << "main() reached, saving state" << endl;
-	simulator.save(statename);
+	simulator.save(NANOJPEG_STATE);

 	// record trace
 	log << "restoring state" << endl;
-	simulator.restore(statename);
+	simulator.restore(NANOJPEG_STATE);
 	log << "EIP = " << hex << simulator.getRegisterManager().getInstructionPointer() << endl;
 	log << "enabling tracing" << endl;
 	TracingPlugin tp;
@ -72,6 +74,183 @@ bool NanoJPEGExperiment::run()
 	log << "golden run took " << dec << counter << " instructions" << endl;
 	simulator.removeFlow(&tp);
 	of.close();
+#else
+	// STEP 2: the actual experiment
+	PSNR psnr(NANOJPEG_GOLDEN_PPM);
+
+	ElfReader elfreader(NANOJPEG_ELF);
+	guest_address_t addr_text_start =
+		elfreader.getAddressByName("___TEXT_START__");
+	guest_address_t addr_text_end =
+		elfreader.getAddressByName("___TEXT_END__");
+	guest_address_t addr_output_image_ptr =
+		elfreader.getAddressByName("output_image");
+	guest_address_t addr_output_image_size =
+		elfreader.getAddressByName("output_image_size");
+	log << "ELF symbols: text " << hex << addr_text_start << "-" << addr_text_end
+	    << " output_image ptr @ " << addr_output_image_ptr << ", size @ " << addr_output_image_size << endl;
+	elfreader.~ElfReader();
+
+#if !LOCAL
+	for (int i = 0; i < 50; ++i) { // only do 50 sequential experiments, to prevent swapping
+#endif
+
+	// get an experiment parameter set
+	log << "asking job server for experiment parameters" << endl;
+	NanoJPEGExperimentData param;
+#if !LOCAL
+	if (!m_jc.getParam(param)) {
+		log << "Dying." << endl;
+		simulator.terminate(1);
+	}
+#else
+	// XXX debug
+	param.msg.set_instr_offset(2000);
+	//param.msg.set_instr_address(12345);
+	param.msg.set_register_id(0); // EAX
+	//param.msg.set_bitmask(0xffffffffULL);
+	param.msg.set_bitmask(0x2);
+	param.msg.set_timeout(NANOJPEG_TIMEOUT);
+#endif
+
+	int id = param.getWorkloadID();
+	int instr_offset = param.msg.instr_offset();
+	Register *reg = simulator.getRegisterManager().getRegister(param.msg.register_id());
+	uint64_t bitmask = param.msg.bitmask();
+	int timeout = param.msg.timeout();
+
+	for (int bitnr = 0; bitnr < 32; ++bitnr) {
+		if (!((1 << bitnr) & bitmask)) {
+			continue;
+		}
+		log << "ID=" << id << " instr=0x" << hex << instr_offset << " reg=" << reg->getName()
+		    << " bitnr=" << dec << bitnr << " timeout=" << timeout << endl;
+		NanoJPEGProtoMsg_Result *result = param.msg.add_result();
+		result->set_bitnr(bitnr);
+
+		log << "restoring state" << endl;
+		simulator.restore(NANOJPEG_STATE);
+
+		// no need to wait if offset is 0
+		if (instr_offset > 0) {
+			// XXX could be improved with intermediate states (reducing runtime until injection)
+			BPSingleListener bp_fi;
+			bp_fi.setWatchInstructionPointer(ANY_ADDR);
+			bp_fi.setCounter(instr_offset);
+			if (simulator.addListenerAndResume(&bp_fi) != &bp_fi) {
+				log << "WTF?" << endl;
+				simulator.terminate(1);
+			}
+		}
+
+		// --- fault injection ---
+		uint32_t data = reg->getData();
+		uint32_t newdata = data ^ (1 << bitnr);
+		reg->setData(newdata);
+		// note at what IP we did it
+		int32_t injection_ip = simulator.getRegisterManager().getInstructionPointer();
+		param.msg.set_injection_ip(injection_ip);
+		log << "fault injected @ ip " << injection_ip << " reg " << reg->getName()
+			<< " 0x" << hex << ((int)data) << " -> 0x" << ((int)newdata) << endl;
+		// sanity check
+		if (param.msg.has_instr_address() &&
+			injection_ip != param.msg.instr_address()) {
+			stringstream ss;
+			ss << "SANITY CHECK FAILED: " << injection_ip
+			   << " != " << param.msg.instr_address();
+			log << ss.str() << endl;
+			result->set_resulttype(result->UNKNOWN);
+			result->set_latest_ip(injection_ip);
+			result->set_details(ss.str());
+
+			simulator.clearListeners();
+			continue;
+		}
+
+		// --- aftermath ---
+		// possible outcomes:
+		// - trap, "crash"
+		// - jump outside text segment
+		// - (XXX unaligned jump inside text segment)
+		// - (XXX weird instructions?)
+		// - reaches the end, PSNR can be calculated
+		// - reaches the end, output image broken
+		// - global timeout
+		// additional info:
+		// - PSNR
+
+		// normal experiment end: guest system tells us
+		IOPortListener ev_io(0x3f8, true);
+		simulator.addListener(&ev_io);
+		// global timeout
+		TimerListener ev_timeout(timeout);
+		simulator.addListener(&ev_timeout);
+		// catch traps as "extraordinary" ending
+		TrapListener ev_trap(ANY_TRAP);
+		simulator.addListener(&ev_trap);
+		// jump outside text segment
+		BPRangeListener ev_below_text(ANY_ADDR, addr_text_start - 1);
+		BPRangeListener ev_beyond_text(addr_text_end + 1, ANY_ADDR);
+		simulator.addListener(&ev_below_text);
+		simulator.addListener(&ev_beyond_text);
+
+		BaseListener *ev = simulator.resume();
+		// record latest IP regardless of result
+		result->set_latest_ip(simulator.getRegisterManager().getInstructionPointer());
+
+		if (ev == &ev_io) {
+			log << "Result FINISHED/BROKEN (" << ev_io.getData() << ")" << endl;
+			// retrieve image
+			MemoryManager& mm = simulator.getMemoryManager();
+			uint32_t output_image_addr;
+			mm.getBytes(addr_output_image_ptr, 4, &output_image_addr);
+			int32_t output_image_size;
+			mm.getBytes(addr_output_image_size, 4, &output_image_size);
+			log << "image address " << hex << output_image_addr << " size " << dec << output_image_size << endl;
+			if (output_image_size != 3 * psnr.getWidth() * psnr.getHeight()) {
+				log << "odd image size" << endl;
+				result->set_resulttype(result->BROKEN);
+			} else if (output_image_addr == 0) {
+				log << "odd image address" << endl;
+				result->set_resulttype(result->BROKEN);
+			} else {
+				result->set_resulttype(result->FINISHED);
+				string image;
+				image.resize(output_image_size);
+				mm.getBytes(output_image_addr, output_image_size, &image[0]);
+				// calculate PSNR
+				double psnr_value = psnr.calculate(image);
+				result->set_psnr(psnr_value);
+				log << "PSNR: " << psnr_value << endl;
+			}
+		} else if (ev == &ev_timeout) {
+			log << "Result TIMEOUT" << endl;
+			result->set_resulttype(result->TIMEOUT);
+		} else if (ev == &ev_below_text || ev == &ev_beyond_text) {
+			log << "Result OUTSIDE" << endl;
+			result->set_resulttype(result->OUTSIDE);
+		} else if (ev == &ev_trap) {
+			log << dec << "Result TRAP #" << ev_trap.getTriggerNumber() << endl;
+			result->set_resulttype(result->TRAP);
+
+			stringstream ss;
+			ss << ev_trap.getTriggerNumber();
+			result->set_details(ss.str());
+		} else {
+			log << "Result WTF?" << endl;
+			result->set_resulttype(result->UNKNOWN);
+
+			stringstream ss;
+			ss << "eventid " << hex << ((unsigned long) ev) << " EIP " << simulator.getRegisterManager().getInstructionPointer();
+			result->set_details(ss.str());
+		}
+	}
+
+#if !LOCAL
+	m_jc.sendResult(param);
+	}
+#endif
+
 #endif
 	// Explicitly terminate, or the simulator will continue to run.
 	simulator.terminate();
--- a/src/experiments/nanojpeg/experimentInfo.hpp
+++ b/src/experiments/nanojpeg/experimentInfo.hpp
@ -8,5 +8,7 @@
 #define NANOJPEG_RESULTS		"nanojpeg.csv"
 #define NANOJPEG_INSTR_LIMIT	999999999 // currently "unlimited"
 #define NANOJPEG_TIMEOUT		5000 // 2s
+#define NANOJPEG_GOLDEN_PPM		"golden.ppm"
+#define NANOJPEG_STATE			"bochs.state"

 #endif
--- a/src/experiments/nanojpeg/psnr.cc
+++ b/src/experiments/nanojpeg/psnr.cc
@ -0,0 +1,79 @@
+#include <iostream>
+#include <fstream>
+#include <string>
+#include <cmath>
+
+#include "psnr.hpp"
+
+static void get_remaining_file_contents(std::ifstream& in, std::string& contents)
+{
+	std::streampos startpos = in.tellg();
+	in.seekg(0, std::ios::end);
+	contents.resize(in.tellg() - startpos);
+	in.seekg(startpos, std::ios::beg);
+	in.read(&contents[0], contents.size());
+	in.close();
+}
+
+static inline double square(double x)
+{
+	return x*x;
+}
+
+static double image_rgb_mse(const unsigned char *f1, const unsigned char *f2, int width, int height, double max)
+{
+	double sum = 0.0;
+	for (int y = 0; y < height; ++y) {
+		for (int x = 0; x < width; ++x) {
+			sum += square(f1[x*y*3+0] - f2[x*y*3+0]);
+			sum += square(f1[x*y*3+1] - f2[x*y*3+1]);
+			sum += square(f1[x*y*3+2] - f2[x*y*3+2]);
+		}
+	}
+	return sum / (3 * height * width);
+}
+
+static double image_rgb_psnr(const unsigned char *f1, const unsigned char *f2, int width, int height, double max)
+{
+	double mse = image_rgb_mse(f1, f2, width, height, max);
+	return 20.0 * log10(max / sqrt(mse));
+}
+
+double PSNR::calculate(const std::string& img)
+{
+	if (img.size() < refimg_width * refimg_height * 3) {
+		std::cerr << "image too small" << std::endl;
+		return -999;
+	}
+	return image_rgb_psnr((unsigned char *) &refimg[0], (unsigned char *) &img[0], refimg_width, refimg_height, refimg_max);
+}
+
+bool PSNR::load_refimage(char const *refimage_filename)
+{
+	std::ifstream fs(refimage_filename, std::ios::in | std::ios::binary);
+	if (!fs) {
+		return false;
+	}
+
+	std::string type;
+	fs >> type;
+	if (type != "P6") { return false; }
+
+	fs >> refimg_width;
+	fs >> refimg_height;
+	fs >> refimg_max;
+
+	if (refimg_max != 255) {
+		std::cerr << "something is wrong" << std::endl;
+		return false;
+	}
+
+	// one whitespace character
+	fs.ignore();
+	
+	get_remaining_file_contents(fs, refimg);
+	if (refimg.size() < refimg_width * refimg_height * 3) {
+		std::cerr << "image too small" << std::endl;
+		return false;
+	}
+}
--- a/src/experiments/nanojpeg/psnr.hpp
+++ b/src/experiments/nanojpeg/psnr.hpp
@ -0,0 +1,26 @@
+#ifndef __PSNR_HPP__
+#define __PSNR_HPP__
+
+#include <string>
+#include <iostream>
+
+class PSNR {
+private:
+	std::string refimg;
+	int refimg_width, refimg_height, refimg_max;
+
+public:
+	PSNR(char const *refimage_filename)
+	{
+		if (!load_refimage(refimage_filename)) {
+			std::cerr << __func__ << " failed to load " << refimage_filename << std::endl;
+		}
+	}
+	// we only accept P6 without comments
+	bool load_refimage(char const *refimage_filename);
+	double calculate(const std::string& img);
+	int getWidth() { return refimg_width; }
+	int getHeight() { return refimg_height; }
+};
+
+#endif