This change makes MemoryAccessListeners deliver linear addresses
instead of virtual ones deprived of their segment selector. Even in
modern operating systems, segment selectors are still used for, e.g.,
thread-local storage.
The hooks within MemAccess.ah could maybe be implemented in a simpler
and less fragile way using the BX_INSTR_LIN_ACCESS instrumentation
hook, but this needs more investigation.
Change-Id: I0cee6271d6812d0a29b3a24f34d605a327ced7da
* Removed all command-line options.
* Read all required information from *-traceinfo.txt file or kernel elf file.
* Record error_corrected (but only in the 'OK' case).
* Add support for multiple variants (similar to the ecos experiment).
Change-Id: I933e52881fc6bee0750d8aaef813fe2539166b06
Adds LIBUDIS86_PREFIX_DIR variable, to search for LIBUDIS86 in the
specified prefix. This makes it easier/possible to have libudis86 in
non-standard locations, for example when you don't have root.
Change-Id: Idaf86c9e03b2d4c35f60c3dc3b6da0d8efe97795
Due to a bug (most likely a copy and paste issue), the detected-marker
group was defined to point to the "FAIL_marker"-set, which would be
redundant. This commit will correctly map it to the "DETECTED_marker"
group.
Change-Id: I7de688357006ced1adf2423e213ae6633629cb81
The color_assert_port symbol does not exist in all dOSEK variant,
therefore we add the listener only if the symbol exists. Otherwise the
invalid handler will trigger on INV_ADDR
Change-Id: I7b81940a8413850527efb9e4bae86248794c622c
Use the newly introduced SimulatorController::getCPUCount() instead of
BX_SMP_PROCESSORS to figure out the number of CPUs the back end provides.
Change-Id: I6d6521ae508154366ab5d0c23ddcb6f2de99aa04
This change adds some missing headers needed for compiling the
PandaBoard variant, which seems to not have seen a compiler for a
while.
Change-Id: Ifb54abb4dc676fafc29ecbae97bafaa547fcfc80
This change adapts several experiments, including the
DatabaseExperiment framework, to the restore() behavior update from
the previous change. Existing traces should continue to be usable.
This is not tested yet, mainly because I don't have access to most of
the experiment targets / guest systems necessary for testing. Please
test your own experiments if possible, or at least leave me a note
that you couldn't test it!
Especially the cored-voter/experiment.cc update may be broken, but
maybe the "FISHY" +2 in there was not OK in the first place.
Change-Id: I0c5daeabc8fe6ce0c3ce3e7e13d02195f41340ad
BochsController::restore() now recreates a state more expectable from
the experiment. The state is now the same that save() leaves behind
in its most prominent use case after hitting a breakpoint. This
change breaks backwards compatibility with some experiments, see
below!
Right after a breakpoint on a specific address fired and
BochsController::save() was called, another breakpoint on that
specific address would not fire again (unless that instruction is
executed again later on).
Up to this change, the situation after calling
BochsController::restore() was different: A breakpoint on that
specific address would fire twice. This difference led to the problem
that running the tracing plugin after save() would work fine
(recording the current instruction once, since 3dc752c "tracing: fix
loss of first dynamic instruction"), but running it after restore()
would record the current instruction *twice*.
This change aligns restore()'s behavior to that of save(). The
implications for existing experiments, traces and results are:
- Existing result data should be not affected at all, as
trace.time1/time2 were correct before this change. Nevertheless,
the assumption time2-time1 >= instr2-instr1 does not hold for
equivalence classes including the first instruction, if the latter
was faultily recorded twice (see below).
- Existing traces that were recorded after a restore() (with a
tracing plugin including the aforementioned commit 3dc752c)
contain the first instruction twice. An affected trace can be
corrected with this command line:
dump-trace old.tc | tail -n +2 | convert-trace -f dump -t new.tc
- For experiments that record traces after a restore() (such as
ecos_kernel_test), nothing changes, as both the tracing and the
fast-forwarding before the fault injection now see one instruction
event less.
- Experiments that record traces after a save(), especially those
that rely on the generic-tracing experiment for tracing, now see
one instruction event less, before they need to inject their
fault. These experiments need to be adjusted, for example
dciao-kernelstructs now should use bp.setCounter(injection_instr)
instead of bp.setCounter(injection_instr+1).
Change-Id: I913bed9f1cad91ed3025f610024d62cfc2b9b11b
BochsController::save() now can in principle be called multiple times
in a row. Not that this would really make sense, but the results are
consistent now.
Change-Id: Ib4c6eb571a364b0f7ea6142c8cfec004a12f98b3
BochsHelpers.hpp is included by some aspect headers, which are implicitly
included into many (all?) translation units. As in most TUs the "static
inline" defined getCPU function is not used, every time a "unused function"
warning was generated.
Change-Id: Ibb903fe7a11aaf1f455a626c8bf8b86f50857645
This fixes the resource-leaking "should never happen" case when no
element is found by returning a notfound member. Found by Coverity
Scan, CID 25555.
Change-Id: I9055ae0a3b31e61f3a8e3b098ec5613c3b5535f6
Only tracing the instruction pointer was broken, memory accesses were
always traced additionally. Found by Coverity Scan, CID 25495.
Change-Id: Ideb66175865c85bcd48f4b3786d5d8f16810d4f1
As the first cmd.parse() call was already checked before, parsing a
second time should never fail. Nevertheless, we can look at the
return value without much effort. Found by Coverity Scan, CID 25494.
Change-Id: Id012cf7183fe7b2022d33e6cbcb19ba49b544c99
The contained state is not used over function boundaries anyways.
Found by Coverity Scan, CID 25689.
Change-Id: I34e42c227710be4859f6d62de9311c4201ed29b0
This most probably is not a real problem, but does not take much work
to fix. Found by Coverity Scan, in several reports.
Change-Id: I8bd12e3f7afeb4b1c4e1b057bdbd95da9aa9211c
This was never a real problem, but keeps us on the safe side. Found
by Coverity Scan, CID 25731/25808/25817.
Change-Id: Ie4bd9fb52ff6140ce7ae024738b43c82f6f5045c
This fixes the (never intendedly occurring) case that no comma is
found in the SQL value list, and aligns the termination code with the
comment next to it. Found by Coverity Scan, CID 25653.
Change-Id: I98062748458a50603cd63a9017acd94eef0753f9
As the first cmd.parse() call was already checked before, parsing a
second time should never fail. Nevertheless, we can look at the
return value without much effort. Found by Coverity Scan, CID 25509.
Change-Id: I58466f5d123da2b541a6a88b72bafa1f754a581e
When Richard decided we need not yet give up when dwarf_srclines()
fails, he left a -- now premature -- close(fd) behind. Found by
Coverity Scan, CID 25806.
Change-Id: I0bc0cb6796225c9efaf5290e2799b6814f88e5b4
This is why our coding style suggests braces even for single-line "if"
or loop bodies. Found by Coverity Scan, CID 25767.
Change-Id: I53062286accba7c0fc9795ecea0a5e2795443321
To use the new clang-based AspectC++ (ac++ >1.2), Fail* must be built
with -D__NO_MATH_INLINES (or --c_compiler clang++).
Change-Id: I020d62891946d09ac456b8df914b669ab33ab0e2
Analogous to the FESamplingPruner, the --no-weighting switch disables the
equivalence-class weighting by using a weight of one instead of the
equivalence-class size. This is usually not a good idea, and should only
be used for demonstration purposes, or if the fault model requires
weight-less sampling.
The --no-weighting switch was introduced with an earlier commit, but
did not have an effect until now.
Change-Id: If2ebf775bea7f2e3f8c293abbae08f1eb00cacf1
(The "symbol" is currently only created by some inofficial scripts,
but may become part of the Fail* core at some point.)
Change-Id: If0b3e6cdd6b6ca865abb67382de128e7a27f19ab
In bash, ${parameter:=word} assigns the default value. In our case,
${parameter:-word} (the whole expression has a default value, but it's
not assigned) suffices.
Change-Id: I5f4105b973892aa13943d660cbebaed76fd43752
