As the InjectionPoint is considered to be a container for abstract
"points in time" which can be navigated to, not every object of
a InjectionPointHops needs a smart-hopping calculator.
Change-Id: I150a46cf79a2b9d8ddb2d24a6d89dc3d4246cdb3
As atoi caps the value of a unsigned int bigger than (2^31 - 1) other
than just letting it overflow to the corresponding negative value on
32Bit-integer machines, it must not be used for parsing to unsigned int.
TODO: Also apply this fix to all other unsigned values (in database)
which get parsed by atoi.
Change-Id: I96e29b14d36479ab6e567c527a40feb0b5fb14e5
As these tools work closely together with fail components, its
easiest, to build them in this context. As these tools don't
really matter for fail use, they might never be pushed to the
master branch.
Change-Id: I8c8bd80376d0475f08a531a995d829e85032371b
As openocd is able to read maximally 4-Byte sized chunks,
this will be done for performance improvement.
Change-Id: I79f85e580240f913b5a3d7b49bc0698390644ca8
As for the pandaboard to navigate fast to the injection
instruction we need to deliver a hop chain to the fail-client,
this commit adds a generic wrapper for a injection point.
For now we have only the two options hop chain and instruction
offset, so it is activated via a cmake ON/OFF switch.
Change-Id: Ic01a07a30ac386d4316e6d6d271baf1549db966a
Added performance monitor hw-function cycle count.
Also fix for single-stepping exit, some additional register
exits and prevention of reboot failures.
Change-Id: I74196905dc39ecc14ae78366e7e1cb70ec7092f1
Previously for correct termination, the PandaController called
the finish-function of the openocd wrapper, invoked a coroutine
switch and waited for the openocd wrapper to finish up and switch
coroutine again, so the PandaController could exit with correct
exitStatus. Now the openocd-wrapper directly exits with chosen
exit status.
Change-Id: I8d318a4143c53340896ccee4d059a0d79fdcfe89
When a register in the extended trace was dereferenced and the value
was smaller than the memory pool size, but the address was not mapped
an assertion occured and the tracing plugin terminated the
simulator. Now the dereferenced memory address is checked for being
mapped and not being smaller than the memory pool.
Change-Id: I9ac954988ef860969679f9f360814c5e4b66f473
During the prune step the data_width of the injected location was not
propagated before. It is now stored in fsppilot (database layout change!) and
sent in the fsppilot protobuf message.
Change-Id: I0562f6fc8957adea0f8a9fb63469ca5e3f4b7b2d
A MemoryImporter that additionally imports Relyzer-style conditional
branch history, instruction opcodes, and a virtual
duration=time2-time1+1 column (MariaDB 5.2+ only) for fault-space
pruning purposes.
Change-Id: I6764a26fa8aae21655be44134b88fdee85e67ff6
This change touches several subsystems, tools and experiments
(sal, util, cmake, import-trace, generic-tracing, nanojpeg), and
changes details not worth separate commits.
Change-Id: Icd1d664d1be5cfc2212dbf77801c271183214d08
This tool can now import extended trace information with the
--extended-trace command-line parameter. The existing importers cease
using artificial access_info_t objects in favor of passing through the
original Trace_Event wherever possible. This allows us to import
extended trace information for all importers.
Change-Id: I3613e9d05d5e69ad49e96f4dc5ba0b1c4ef95a11
It's OK if we cannot map every register LLVM knows to a Fail register
ID, but we need to explicitly skip these cases in the
RegisterImporter.
Change-Id: I2152f819fb94aa4de5720c5798b229b66988d382
This change became necessary as we observed weird fail-client SIGSEGV
crashes with both Bochs and Gem5 backends and different experiments.
Some Fail* components are instantiated statically: the
SimulatorController instance "simulator", containing the
ListenerManager and the CoroutineManager, and the active
ExperimentFlow subclass(es)
(experiments/instantiate-experiment*.ah.in). The experiment(s) is
registered as an active flow in the CoroutineManager at startup.
As plugins (which are ExperimentFlows themselves) are often created on
an experiment's stack, ExperimentFlows deregister themselves on
destruction (e.g., when leaving the plugin variable's scope). The
core problem is, that the creation and destruction order of statically
instantiated objects depends on the link order; if the experiment is
destroyed after the CoroutineManager, its automatic self-deregistering
feature talks to the smoking ruins of the latter.
This change removes all static instantiations of ExperimentFlow and
replaces them with constructions on the heap. Additionally it makes
sure that the CoroutineManager recognizes that a shutdown is in
progress, and refrains from touching potentially already destroyed
data structures when a (mistakenly globally instantiated)
ExperimentFlow deregisters in this case.
Change-Id: I8a7d42fb141222cd2cce6040ab1a01f9de61be24
Contemporary AspectC++ versions can deal with the LLVM headers very
well, and #ifdef __puma stuff in Fail* headers results in
unmaintainable #ifdef __puma blocks in other parts of Fail* (e.g., the
trace importer).
Make sure you're using a 64-bit ac++ when living in a 64-bit userland
(the 32-bit version doesn't know about __int128), and be aware that
AspectC++ r325 introduced a regression that has not been fixed yet.
Change-Id: I5bb759b08995a74b020d44a2b40e9d7a6e18111c
For def/use pruning, the linear address mapping of the x86
sub-registers (e.g., AX represents the lower 16 bits of EAX) must
overlap. If it doesn't, e.g., AX and EAX are considered separate
registers by def/use pruning, resulting in a failure to correlate an
EAX def with a subsequent AX use.
The only user of this mapping up to now, RegisterImporter, forced all
register widths to 8 bits, thereby fortunately canceling out this
problem. Nevertheless it makes no sense to continue encoding a
constant width in these virtual addresses.
Existing trace, fspgroup, fsppilot and result tables may be converted
to the new encoding by using this query:
UPDATE <tablename> SET data_address = ((data_address >> 4) & ~0xf) | data_address & 0xf;
Change-Id: I7a942b78c34f6140803a86af639eeedef3550f34
This change adapts the gem5 backend to the Register class interface change
in commit 52723a8. The necessary modifications suggested adding the "misc"
registers from gem5, too.
Change-Id: I32561c3fc905b9cd396e32ce80c791c01d5682fb
The extended trace register list is needed in multiple locations; the CPU
class is the logical module to contain this information.
Increased number of x86 registers to be traced; we can remove those
that prove unusable for fault-space pruning later on.
Change-Id: Ic46ecdbc55167a6d92872c190317fc0d1a3ad92d
This allows a register to be a member of multiple UniformRegisterSets.
Needed to architecture-specifically store, e.g., a list of registers to
record in traces.
Change-Id: Ia5d20768540efe252a84df967d43e569f107da3a
Several database implementations, including, e.g., MySQL and PostgreSQL,
allow multiple rows to be INSERTed at once. At least for MySQL this
improves INSERT speed significantly.
Change-Id: Ic223f7915053f30b0cb00c567310f3e780c9fa59
Database::insert_id() retrieves the auto-generated ID from the last INSERT
or UPDATE on a table containing an AUTO_INCREMENT column.
Change-Id: I6ec94d1820bb7e77bd37df33145caa93016fd328
The SConscript in src/core/sal/gem5 is now generated via CMake
(SConscript.in). No more hardcoded relative paths -> Fail* build
folder can now be anywhere. Experiment and Plugin libraries are now
set automagically (using ${EXPERIMENTS_ACTIVATED} /
${PLUGINS_ACTIVATED})
Generated SConscript now resides in binary dir.
Change-Id: I1bf2e17c83c95ffdcf6801c02481064fcb63bfb0
This commit introduces a virtual dtor in the ArmCPUState class to
prevent the compiler from producing the following warning:
"deleting object of polymorphic class type 'fail::Gem5ArmCPU' which
has non-virtual destructor might cause undefined behaviour"
Change-Id: I5029662064e72ae87a9f0e36aeaa309e4cb2291b
The InstructionImporter does disassemble the binary and generate read
traces for every instruction byte executed.
Change-Id: I6b8697c711c009e106ed733c74c6ff8f9bbf8ac5
The variant/benchmark selection now can use SQL LIKE syntax, all unfinished
pilots from all selected variants are sent to the clients. E.g.:
./cored-voter-server -v x86-cored-voter -b simple-% -p basic
Will select the fsppilots in the variants:
- x86-cored-voter/simple-ip/basic
- x86-cored-voter/simple-instr/basic
The variant and benchmark information is now sent within the
fsppilot.
Change-Id: I287bfcddc478d0b79d89e156d6f5bf8188674532
The LLVM Disassembler infrastructure can be used to analyze many kinds
of ELF Binaries. For every instruction the used and defined registers
is available as well as information about the instruction itself.
Change-Id: I9cc89b6c116ceff7b5143a6f179ae31c4e994d2d
The build system now allows incremental gem5 builds. Unfortunately,
the current solution always requires re-linking the executable.
Without the enforcement of re-linking, the fail code will be rebuilt
but not linked into gem5.
The number of cores for building gem5 is derived from /proc/cpuinfo.
As before, only the gem5.debug configuration is supported.
Change-Id: Ib13b15d1ecd62196eb251e0fd00953f4eb052feb
