After each simulator break, T32Tracer retrieves the latest (16)
trace records from the T32. Memory address and value can now
be evaluated easily from the trace record.
TODO:Nevertheless we still have to traverse the trace to
find the instruction causing the access.
After each simulator break, T32Tracer retrieves the latest (16)
trace records from the T32. Memory address and value can now
be evaluated easily from the trace record.
TODO:Nevertheless we still have to traverse the trace to
find the instruction causing the access.
The full-tracing plugin was used in the DSN paper. It additionally
traces the data that was accessed/written on a memory access and the
contents of some CPU registers.
Change-Id: I61f5230699009ce523aba341985b98148160556d
The T32 can simulate bare instruction sets without periphery.
For the Cortex-M3 we have complete NVIC model including Systick Timer.
Currently a simple CiAO can run on the simulator.
TODO:
- Let memlogger log all memory accesses.
- Interact with FailT32 for a complete simulation/FI
An experiment talking to a campaign server via the JobClient/JobServer
interface needs the FailControlMessage.proto compiler to run before the
experiment is compiled. A dependency on fail-comm ensures this.
If CommandLine.hpp and (indirectly) optionparser.h is #included in
FailBochsInit.ah, bochs compilation fails (for, e.g., gui/x.cc, at least
on Debian 6).
For the T32 variant we have to evaluate the memory
access instruction to find out, which memory address
was accessed.
Dissassmbly by OpenOCDs arm_disassembler.hpp/.cc:
- fine for ARM / Thumb1
- needs fixes for Thumb2 :( (currently doing that..)
For the T32 variant we have to evaluate the memory
access instruction to find out, which memory address
was accessed.
Dissassmbly by OpenOCDs arm_disassembler.hpp/.cc:
- fine for ARM / Thumb1
- needs fixes for Thumb2 :( (currently doing that..)
The disassembler disassembles an elf file with
an external objdump tool.
The architecture specific objdump must be configured
via cmake (ARCH_TOOL_PREFIX), e.g. arm-none-eabi- for
arm-none-eabi-objdump.
- getSection/getSymbol now returns an ElfSymbol reference.
Searching by address now searches if address is within
symbol address and symbol address + size.
So we can test, if we are *within* a function, object or
section and not only at the start address.
Currently working:
- Connect/Disconnect, Read CPU info
- CMM Script generation and T32 startup via cmake (make runt32)
- Read/Write Register, Read Program Pointer
- Read/Write Memory
- Single Breakpoint
- Setting Memory Breakpoint
TODO:
- Fix mock aspect for T32_GetRam.
- Fix Thumb2 bit in function addresses from ELFReader
- Evaluate memory breakpoint hit
