- replace danceos.org links (danceos.org is permanently out of
service)
- add dissertation link
This fixes#10.
Change-Id: I27278db1b36f94727a710ea7998374ecf5a60297
Enabling --catch-trap makes sure tracing aborts with an error message
in case a CPU exception/trap is observed in the fault-free golden run.
In most cases, this is an indication the analyzed program is broken in
the first place, which should be detected early in the FI process.
This is a refurbished version of a commit by Marcel Johannfunke.
Change-Id: I50cc8e12e0986d3623a1be78259cfad13dc56205
If the analyzed program does not read any memory, or the reading
memory accesses are filtered out in the import step (import-trace -m),
the trace table may hold no entries for the program. This commit
makes sure the SamplingPruner and FESamplingPruner deal properly with
this situation.
Change-Id: I6bb5da23f345fa97cf8ab0b688cce5d00945249a
This compatibility-breaking change introduces the --cover-memorymap
switch to import-trace. It makes a previous behavior optional, which
enforces DB entries for addresses covered by the --memorymap that
don't occur in the trace. This creates a continuous and potentially
very large fault space in the DB, which never made any real sense.
Change-Id: I47e412bb621b595748c1772e02d2577308be8664
This fixes a bug (uninitialized member variable check_bounds)
introduced in commit 43ebf3e, which led to bounds checking sometimes
being accidentally enabled.
Change-Id: Ia2992a38dd83416ce0ec2a9d845d7827617cbd89
As the outerspace listeners catch read and write accesses, this must
be documented in the help message. The old parameter name is now marked as
deprecated and can be removed in 2022.
Furthmore, the experiment now has the combined command line argument
--catch-outerspace, which enables catching accesses below and above
the ELF.
During the trace generation, we can enable the bounds check, which
catches all events that are monitored by the generic-experiement
options:
--catch-write-textsegment
--catch-upper-outerspace
--catch-lower-outerspace
The generic experiment set the TriggerAccessType not the
WatchAccessType. Therefore, the text segment listener fired on write
AND read events. The watch access type can only be set in the constructor.
This patch uses ELF segments instead of section for determining the
extent of the binary in memory. Consequently, the outerspace listener
was modified to use these new bounds. Additionally, the generic
experiment was changed to include a lowerspace listener, which listens
for write access below the physical memory location of the ELF.
If the user enabled multiple experiments, it does not make sense to
execute them concurrently. Therefore, we now only register all enabled
experiments and choose one experiment on fail-client startup. For this
selection, the user can either set the FAIL_EXPERIMENT environment
variable or invoke the tool with a specific argv[0]. For the
bin/-folder, we create symlinks for this mechanism.
With this change, the generic-tracing and generic-experiment can be
compiled into the same executable and we could distribute a "standard"
version of FAIL*.
As bigger changes lie ahead, we want a small end-to-end test suite
that ensures that our importing and tracing does not fall apart. With
this change, we add the infrastructure and two test-cases (fib, qsort)
including ELFs, traces, and injection results.
In order to run the basic-pruner test cases, one needs to setup a
MySQL table and set the CMake option ENABLE_DATABASE_TESTS.
The previous path google::protobuf::Message::Reflection was deprecated
in 2008 (779f61c6a3ce02a119e28e802f229e61b69b9046), and we only used
it here. With newer versions of proto-c, this breaks the build.
This is an API breaking change. Nevertheless, help text and
command-line parser were out of sync and the variant of the help-text
does make much more sense.
With the number of accessed memory addresses and the duration of the
trace, we can deduce the size of the rectangular memory fault space.
This will be used in testing.
Symbol type FUNC (STT_FUNC, "code object") seems not to suffice when parts
of the disassembled binary come from assembler source files. We try to
disassemble STT_NOTYPE (symbol type "unspecified") as well now.
Change-Id: I582190900e66d6af0779dfaf3b569f0e157e9ce7
The now commented-out variant that was introduced in commit be9d291
(when FAIL* was still in an SVN repo, r1702) may be necessary for some
specific system behavior after modifying the currently executed
instruction, but breaks random-jump FI (import-trace -i
RandomJumpImporter).
Change-Id: I1ef3dc6dceab66b01cddd988e0f201065e404f99
