During the trace generation, we can enable the bounds check, which
catches all events that are monitored by the generic-experiement
options:
--catch-write-textsegment
--catch-upper-outerspace
--catch-lower-outerspace
The generic experiment set the TriggerAccessType not the
WatchAccessType. Therefore, the text segment listener fired on write
AND read events. The watch access type can only be set in the constructor.
This patch uses ELF segments instead of section for determining the
extent of the binary in memory. Consequently, the outerspace listener
was modified to use these new bounds. Additionally, the generic
experiment was changed to include a lowerspace listener, which listens
for write access below the physical memory location of the ELF.
If the user enabled multiple experiments, it does not make sense to
execute them concurrently. Therefore, we now only register all enabled
experiments and choose one experiment on fail-client startup. For this
selection, the user can either set the FAIL_EXPERIMENT environment
variable or invoke the tool with a specific argv[0]. For the
bin/-folder, we create symlinks for this mechanism.
With this change, the generic-tracing and generic-experiment can be
compiled into the same executable and we could distribute a "standard"
version of FAIL*.
As bigger changes lie ahead, we want a small end-to-end test suite
that ensures that our importing and tracing does not fall apart. With
this change, we add the infrastructure and two test-cases (fib, qsort)
including ELFs, traces, and injection results.
In order to run the basic-pruner test cases, one needs to setup a
MySQL table and set the CMake option ENABLE_DATABASE_TESTS.
The previous path google::protobuf::Message::Reflection was deprecated
in 2008 (779f61c6a3ce02a119e28e802f229e61b69b9046), and we only used
it here. With newer versions of proto-c, this breaks the build.
This is an API breaking change. Nevertheless, help text and
command-line parser were out of sync and the variant of the help-text
does make much more sense.
With the number of accessed memory addresses and the duration of the
trace, we can deduce the size of the rectangular memory fault space.
This will be used in testing.
Symbol type FUNC (STT_FUNC, "code object") seems not to suffice when parts
of the disassembled binary come from assembler source files. We try to
disassemble STT_NOTYPE (symbol type "unspecified") as well now.
Change-Id: I582190900e66d6af0779dfaf3b569f0e157e9ce7
The now commented-out variant that was introduced in commit be9d291
(when FAIL* was still in an SVN repo, r1702) may be necessary for some
specific system behavior after modifying the currently executed
instruction, but breaks random-jump FI (import-trace -i
RandomJumpImporter).
Change-Id: I1ef3dc6dceab66b01cddd988e0f201065e404f99
With GCC 9, some of the stdlibc++'s header files don't compile with
AspectC++ anymore. Until this is resolved, we compile with -std=c++11
although we actually use C++14 features; we need to ignore the
warnings pointing this out until AspectC++ works with these header
files.
Change-Id: If4d3c9fcbee61b7f8c6ffdf7f1ef9a641b6b6743
Especially for dynamically linked ELF binaries (such as those in the
testing/ subdirectory), symbols with a start address outside the .text
section may exist. This change skips any symbol that is not fully within
this section (and assigns a reasonable size to a zero-sized last symbol
within the symbol table), and turns green all Capstone-related test cases.
Change-Id: I2b51d0f21f325e6052ebc36d9533621bdf9aa38d
This version check could (and probably should) also be done in the cmake
scripts. However, this check in CapstoneDisassembler.cpp catches another
failure mode: When a cmake script is missing a include_directories()
directive pointing to capstone.h -- resulting in a missing -I parameter to
gcc -- accidentally a system-wide 3.x capstone.h may get #included,
providing the wrong definitions and prototypes to some translation units.
Change-Id: Id30f77a47e38f4e892b92189bcce9119bf03918c
Implemented two instantiations of Fault-Space Regions (FSR) as a program-structure-guided approximation of fault spaces based on the precise Def/Use-Pruning using basic blocks or function calls.
Further reading:
Program-Structure-Guided Approximation of Large Fault Spaces
Oskar Pusz and Daniel Kiechle and Christian Dietrich and Daniel Lohmann
In: 24th Pacific Rim International Symposium on Dependable Computing (PRDC'19)
IEEE Computer Science Press, 2019
Some configurations for bochs and generic-experiment
The switch to MariaDB Connector/C 3.0 involves some subtle API
changes, including the fact that "~" is not expanded to the user's
home directory anymore. This change expands the HOME environment
variable within our code base.
Change-Id: I30bc0d4fba6f0c8001832a981aa99af7e6f2a369
