christoph/fail
1
Fork 0
Code Actions Packages Releases Activity

Corrected several bugs in RATFlip

Browse Source 
git-svn-id: https://www4.informatik.uni-erlangen.de/i4svn/danceos/trunk/devel/fail@1728 8c4709b5-6ec9-48aa-a5cd-a96041d1645a
This commit is contained in:
unzner
2012-10-07 19:36:31 +00:00
parent 301dc22494
commit ba2c0bb83f
3 changed files with 82 additions and 67 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/experiments/l4-sys/UDIS86.cc
View File

@ -10,7 +10,6 @@ Udis86::Udis86(unsigned char const *instr, size_t size, address_t ip) {
memcpy(udis_instr, instr, udis_instr_size); memcpy(udis_instr, instr, udis_instr_size);
// initialise the internal data structure // initialise the internal data structure
memset(&ud_obj, 0, sizeof(ud_t));
ud_init(&ud_obj); ud_init(&ud_obj);
ud_set_mode(&ud_obj, 32); ud_set_mode(&ud_obj, 32);
ud_set_syntax(&ud_obj, UD_SYN_ATT); ud_set_syntax(&ud_obj, UD_SYN_ATT);

11
src/experiments/l4-sys/campaign.cc
View File

@ -60,13 +60,12 @@ std::string L4SysCampaign::output_register(L4SysProtoMsg_RegisterType res) {
bool L4SysCampaign::run() { bool L4SysCampaign::run() {
Logger log("L4SysCampaign"); Logger log("L4SysCampaign");
#if 0
ifstream test(results_csv); ifstream test(results_csv);
if (test.is_open()) { if (test.is_open()) {
log << results_csv << " already exists" << endl; log << results_csv << " already exists" << endl;
return false; return false;
} }
#endif
ofstream results(results_csv); ofstream results(results_csv);
if (!results.is_open()) { if (!results.is_open()) {
log << "failed to open " << results_csv << endl; log << "failed to open " << results_csv << endl;
@ -78,7 +77,7 @@ bool L4SysCampaign::run() {
int count = 0; int count = 0;
srand(time(NULL)); srand(time(NULL));
for (int i = 0; i < 1000; ++i) { for (int i = 0; i < 20000; ++i) {
L4SysExperimentData *d = new L4SysExperimentData; L4SysExperimentData *d = new L4SysExperimentData;
d->msg.set_exp_type(d->msg.GPRFLIP); d->msg.set_exp_type(d->msg.GPRFLIP);
// affect a random register // affect a random register
@ -95,7 +94,7 @@ bool L4SysCampaign::run() {
campaignmanager.addParam(d); campaignmanager.addParam(d);
++count; ++count;
} }
for (int i = 0; i < 1000; ++i) { for (int i = 0; i < 20000; ++i) {
L4SysExperimentData *d = new L4SysExperimentData; L4SysExperimentData *d = new L4SysExperimentData;
d->msg.set_exp_type(d->msg.ALUINSTR); d->msg.set_exp_type(d->msg.ALUINSTR);
// modify for a random instruction // modify for a random instruction
@ -107,7 +106,7 @@ bool L4SysCampaign::run() {
campaignmanager.addParam(d); campaignmanager.addParam(d);
++count; ++count;
} }
for (int i = 0; i < 1000; ++i) { for (int i = 0; i < 20000; ++i) {
L4SysExperimentData *d = new L4SysExperimentData; L4SysExperimentData *d = new L4SysExperimentData;
d->msg.set_exp_type(d->msg.IDCFLIP); d->msg.set_exp_type(d->msg.IDCFLIP);
// modify for a random instruction // modify for a random instruction
@ -120,7 +119,7 @@ bool L4SysCampaign::run() {
campaignmanager.addParam(d); campaignmanager.addParam(d);
++count; ++count;
} }
for (int i = 0; i < 1000; ++i) { for (int i = 0; i < 20000; ++i) {
L4SysExperimentData *d = new L4SysExperimentData; L4SysExperimentData *d = new L4SysExperimentData;
d->msg.set_exp_type(d->msg.RATFLIP); d->msg.set_exp_type(d->msg.RATFLIP);
// modify for a random instruction // modify for a random instruction

37
src/experiments/l4-sys/experiment.cc
View File

@ -434,9 +434,23 @@ bool L4SysExperiment::run() {
// do the logging // do the logging
logInjection(log, param); logInjection(log, param);
} else if (exp_type == param.msg.RATFLIP) { } else if (exp_type == param.msg.RATFLIP) {
ud_type_t which = UD_NONE;
unsigned rnd = 0;
do {
bxInstruction_c *currInstr = simulator.getCurrentInstruction(); bxInstruction_c *currInstr = simulator.getCurrentInstruction();
Udis86 udis(calculateInstructionAddress(), currInstr->ilen(), injection_ip); Udis86 udis(calculateInstructionAddress(), currInstr->ilen(), injection_ip);
if (udis.fetchNextInstruction()) { if (!udis.fetchNextInstruction()) {
param.msg.set_resulttype(param.msg.UNKNOWN);
param.msg.set_resultdata(
simulator.getRegisterManager().getInstructionPointer());
param.msg.set_output(sanitised(output.c_str()));
stringstream ss;
ss << "Could not decode instruction using UDIS86" << endl;
param.msg.set_details(ss.str());
m_jc.sendResult(param);
simulator.terminate(32);
}
ud_t _ud = udis.getCurrentState(); ud_t _ud = udis.getCurrentState();
/* start Bjoern Doebel's code (slightly modified) */ /* start Bjoern Doebel's code (slightly modified) */
@ -468,11 +482,11 @@ bool L4SysExperiment::run() {
} }
} }
ud_type_t which; if (opcount == 0) {
unsigned rnd; // try the next instruction
if (opcount == 0) singleStep();
rnd = 0; } else {
else // assign the necessary variables
rnd = rand() % opcount; rnd = rand() % opcount;
if (operands[rnd] > RAT_IDX_OFFSET) { if (operands[rnd] > RAT_IDX_OFFSET) {
@ -480,10 +494,12 @@ bool L4SysExperiment::run() {
} else { } else {
which = _ud.operand[operands[rnd]].base; which = _ud.operand[operands[rnd]].base;
} }
}
/* ============================================ */ /* ============================================ */
/* end Bjoern Doebel's code (slightly modified) */ /* end Bjoern Doebel's code (slightly modified) */
if (which != UD_NONE) { } while (which == UD_NONE);
// so we are able to flip the associated registers // so we are able to flip the associated registers
// for details on the algorithm, see Bjoern Doebel's SWIFI/RATFlip class // for details on the algorithm, see Bjoern Doebel's SWIFI/RATFlip class
@ -494,7 +510,7 @@ bool L4SysExperiment::run() {
// first, decide if the fault hits a register bound to this thread // first, decide if the fault hits a register bound to this thread
// (ten percent chance) // (ten percent chance)
if (rand() % 10) { if (rand() % 10 == 0) {
// assure exchange of registers // assure exchange of registers
exchg_reg = rand() % 7; exchg_reg = rand() % 7;
if (exchg_reg == bochs_reg) if (exchg_reg == bochs_reg)
@ -508,8 +524,10 @@ bool L4SysExperiment::run() {
//input register - do the fault injection here //input register - do the fault injection here
regdata_t newdata = 0; regdata_t newdata = 0;
if (exchg_reg >= 0) { if (exchg_reg >= 0) {
// the data is taken from a process register chosen before
newdata = rm.getRegister(exchg_reg)->getData(); newdata = rm.getRegister(exchg_reg)->getData();
} else { } else {
// the data comes from an uninitialised register
newdata = rand(); newdata = rand();
} }
rm.getRegister(bochs_reg)->setData(newdata); rm.getRegister(bochs_reg)->setData(newdata);
@ -526,6 +544,7 @@ bool L4SysExperiment::run() {
regdata_t newdata = rm.getRegister(bochs_reg)->getData(); regdata_t newdata = rm.getRegister(bochs_reg)->getData();
rm.getRegister(exchg_reg)->setData(newdata); rm.getRegister(exchg_reg)->setData(newdata);
} }
// otherwise, just assume it is stored in an unused register
} }
// restore the actual value of the register // restore the actual value of the register
// in reality, it would never have been overwritten // in reality, it would never have been overwritten
@ -533,9 +552,7 @@ bool L4SysExperiment::run() {
// and log the injection // and log the injection
logInjection(log, param); logInjection(log, param);
}
}
} else if (exp_type == param.msg.ALUINSTR) { } else if (exp_type == param.msg.ALUINSTR) {
static BochsALUInstructions aluInstrObject(aluInstructions, aluInstructionsSize); static BochsALUInstructions aluInstrObject(aluInstructions, aluInstructionsSize);
// find the closest ALU instruction after the current IP // find the closest ALU instruction after the current IP