Calling the DatabaseCampaign with --inject-registers or
--force-inject-registers now injects into CPU registers. This is achieved
by reinterpreting data addresses in the DB as addresses within the register
file. (The mapping between registers and data addresses is implemented in
core/util/llvmdisassembler/LLVMtoFailTranslator.hpp.) The difference
between --inject-registers and --force-inject-registers is what the
experiment does when a data address is not interpretable as a register: the
former option then injects into memory (DatabaseCampaignMessage,
RegisterInjectionMode AUTO), the latter skips the injection altogether
(FORCE).
Currently only compiles together with the Bochs backend; the
DatabaseExperiment's redecodeCurrentInstruction() function must be
moved into the Bochs EEA to remedy this.
Change-Id: I23f152ac0adf4cb6fbe82377ac871e654263fe57
This change removes support for earlier LLVM versions; making them
work as well is simply too tedious.
Change-Id: I372a151279ceb2bfd6de101c9e0c15f0a4b18c03
- search for libdwarf.h in new locations (e.g., /usr/include/libdwarf/)
- build Bochs with -std=gnu++98 (gnu++14 is default since GCC 6.1)
- specify "proto2" syntax for protobuf messages
- minor build-system and C++ namespace fixes
Change-Id: I16dbc622c797ef8e936fe3c0fb9b03029d27529d
assert(...) can be optimized away, therefore side-effect code should not
be placed inside an assertion.
Change-Id: I28aee42e53cb105333094d0042a3f6e2cc5b5a30
This change removes an unnecessary "#ifndef __puma" from the LLVM
disassembler test code and fixes compilation with the latest AspectC++
binaries.
Change-Id: Ibe835a4a6df69255555c668985f15b9cf8fb82b4
The disassembled memory region's end (variable "End") is exclusive
now. Up to now, the two branches defining this variable disagreed on
inclusiveness, leading to an infinite loop in one case.
Change-Id: I055fc240f6ec2f4a1d1937e48617c86612cff5c5
This change updates the documentation on how to manually build LLVM
3.3 or 3.4, and removes the forced -fno-rtti compiler flag from
util/llvmdisassembler/: The flag breaks compilation with (not yet
released) AspectC++ 2.0, which complains about dynamic_cast (used in
some active aspect headers that should not affect llvmdisassembler at
all) being unusable with -fno-rtti. It's probably not a good idea to
compile only a part of Fail* with -fno-rtti anyways.
Note that the Debian and Ubuntu LLVM packages are built with
REQUIRES_RTTI=1, too.
Change-Id: I9891cf074d4201df786f7f5a9b96033e18832562
Somehow, while iterating symbols in a section, it can happen that the last
symbol start address is equal to the section size, which means it is beyond
the section end.
In this case the LLVM getInstruction() method does not return a failure, but a
zero-size instruction, resulting in an infinite loop.
Now, if beyond section limits, the iteration is aborted.
Additionally, an assertion checks for disassembled zero-size instructions.
Change-Id: Id8a355475161150d3ee919cd6cf603d4ff26b228
Internal LLVM register IDs can and did change between LLVM versions.
These magic integers are replaced by iterating over all LLVM registers
and mapping them to FAIL* registers by name.
As this iteration requires a LLVM object created from a binary, a static
convenience function is added to LLVMtoFailTranslator which creates a
translator given the binary filename. Building this functionality inside
libfail-llvmdisassembler prevents experiments from needing to add LLVM
includes and library definitions.
Change-Id: I27927f40d5cb6d9a22bb2caf21ca2450f6bcb0b8
CMake does not support linker groups, which were used to "automatically"
fix circular dependencies between different static FAIL* libraries and
the ordering of dynamic external libraries broke linking.
CMake can however correctly invoke the linker if dependencies are decribed
correctly (even if circular). This required changing all add_dependencies
calls between libraries to target_link_libraries (which creates a link-time
dependency) and linking all experiments to fail-sal.
Change-Id: I3a0d5dddb9b3d963ef538814e20d6b3de85d4ec5
During the prune step the data_width of the injected location was not
propagated before. It is now stored in fsppilot (database layout change!) and
sent in the fsppilot protobuf message.
Change-Id: I0562f6fc8957adea0f8a9fb63469ca5e3f4b7b2d
A MemoryImporter that additionally imports Relyzer-style conditional
branch history, instruction opcodes, and a virtual
duration=time2-time1+1 column (MariaDB 5.2+ only) for fault-space
pruning purposes.
Change-Id: I6764a26fa8aae21655be44134b88fdee85e67ff6
It's OK if we cannot map every register LLVM knows to a Fail register
ID, but we need to explicitly skip these cases in the
RegisterImporter.
Change-Id: I2152f819fb94aa4de5720c5798b229b66988d382
Contemporary AspectC++ versions can deal with the LLVM headers very
well, and #ifdef __puma stuff in Fail* headers results in
unmaintainable #ifdef __puma blocks in other parts of Fail* (e.g., the
trace importer).
Make sure you're using a 64-bit ac++ when living in a 64-bit userland
(the 32-bit version doesn't know about __int128), and be aware that
AspectC++ r325 introduced a regression that has not been fixed yet.
Change-Id: I5bb759b08995a74b020d44a2b40e9d7a6e18111c
For def/use pruning, the linear address mapping of the x86
sub-registers (e.g., AX represents the lower 16 bits of EAX) must
overlap. If it doesn't, e.g., AX and EAX are considered separate
registers by def/use pruning, resulting in a failure to correlate an
EAX def with a subsequent AX use.
The only user of this mapping up to now, RegisterImporter, forced all
register widths to 8 bits, thereby fortunately canceling out this
problem. Nevertheless it makes no sense to continue encoding a
constant width in these virtual addresses.
Existing trace, fspgroup, fsppilot and result tables may be converted
to the new encoding by using this query:
UPDATE <tablename> SET data_address = ((data_address >> 4) & ~0xf) | data_address & 0xf;
Change-Id: I7a942b78c34f6140803a86af639eeedef3550f34
The LLVM Disassembler infrastructure can be used to analyze many kinds
of ELF Binaries. For every instruction the used and defined registers
is available as well as information about the instruction itself.
Change-Id: I9cc89b6c116ceff7b5143a6f179ae31c4e994d2d
