christoph/fail
1
Fork 0
Code Releases Activity

T32: Dissassembler to evaluate memory instructions.

Browse Source 
For the T32 variant we have to evaluate the memory
access instruction to find out, which memory address
was accessed.

Dissassmbly by OpenOCDs arm_disassembler.hpp/.cc:
- fine for ARM / Thumb1
- needs fixes for Thumb2 :( (currently doing that..)
This commit is contained in:
Martin Hoffmann
2013-03-06 18:34:20 +01:00
parent 1fe1dbb3ed
commit f586351e79
13 changed files with 5016 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/experiments/kesorefs/experiment.cc
View File

@ -43,7 +43,7 @@ unsigned KESOrefs::injectBitFlip(address_t data_address, unsigned bitpos){
unsigned value, injectedval;
mm.getBytes(data_address, 4, (void*)&value);
injectedval = value ^ bitpos;
injectedval = value ^ (1<<bitpos);
mm.setBytes(data_address, 4, (void*)&injectedval);
m_log << "INJECTION at: 0x" << hex << setw(8) << setfill('0') << data_address;

17
src/experiments/vezs-example/experiment.cc
View File

@ -20,7 +20,7 @@ using namespace fail;
bool VEZSExperiment::run()
{
MemoryManager& mm = simulator.getMemoryManager();
//MemoryManager& mm = simulator.getMemoryManager();
//m_elf.printDemangled();
m_log << "STARTING EXPERIMENT" << endl;
@ -40,17 +40,18 @@ bool VEZSExperiment::run()
address_t pfoo = m_elf.getSymbol("foo").getAddress();
//BPSingleListener bp(address);
BPRangeListener bp(address-32, address + 32);
MemWriteListener l_foo( pfoo );
simulator.addListener(&l_foo);
//BPRangeListener bp(address-32, address + 32);
//MemWriteListener l_foo( pfoo );
MemAccessListener l_foo( 0x20002018 ); l_foo.setWatchWidth(0x20);
reg = simulator.getCPU(0).getRegister(RI_R4);
unsigned foo = 23;
for(int i = 0; i < 15; i++){
simulator.addListenerAndResume(&bp);
if(i == 0) mm.setBytes(pfoo, 4, (void*)&foo);
simulator.addListenerAndResume(&l_foo);
//if(i == 0) mm.setBytes(pfoo, 4, (void*)&foo);
m_log << " Breakpoint hit! @ 0x" << std::hex << simulator.getCPU(0).getInstructionPointer() << std::endl;
m_log << " Register R3: 0x" << hex << simulator.getCPU(0).getRegisterContent(reg) << endl;
mm.getBytes(pfoo, 4, (void*)&foo);
//m_log << " Register R3: 0x" << hex << simulator.getCPU(0).getRegisterContent(reg) << endl;
//mm.getBytes(pfoo, 4, (void*)&foo);
m_log << " foo @ 0x"<< std::hex << pfoo << " = " << foo << std::endl;
}