The import tool does support the following import strategies:
- BasicImporter: generates def-use equivalence classes for read and
write memory accesses
- DCiAOKernelImporter: generates equivalence classes for read access in
the ciao kernel space.
Change-Id: I8960561d3e14dcf5dffa3ff7a59b61a5e8f7e719
The full-tracing plugin was used in the DSN paper. It additionally
traces the data that was accessed/written on a memory access and the
contents of some CPU registers.
Change-Id: I61f5230699009ce523aba341985b98148160556d
The T32 can simulate bare instruction sets without periphery.
For the Cortex-M3 we have complete NVIC model including Systick Timer.
Currently a simple CiAO can run on the simulator.
TODO:
- Let memlogger log all memory accesses.
- Interact with FailT32 for a complete simulation/FI
An experiment talking to a campaign server via the JobClient/JobServer
interface needs the FailControlMessage.proto compiler to run before the
experiment is compiled. A dependency on fail-comm ensures this.
If CommandLine.hpp and (indirectly) optionparser.h is #included in
FailBochsInit.ah, bochs compilation fails (for, e.g., gui/x.cc, at least
on Debian 6).
For the T32 variant we have to evaluate the memory
access instruction to find out, which memory address
was accessed.
Dissassmbly by OpenOCDs arm_disassembler.hpp/.cc:
- fine for ARM / Thumb1
- needs fixes for Thumb2 :( (currently doing that..)
For the T32 variant we have to evaluate the memory
access instruction to find out, which memory address
was accessed.
Dissassmbly by OpenOCDs arm_disassembler.hpp/.cc:
- fine for ARM / Thumb1
- needs fixes for Thumb2 :( (currently doing that..)
The disassembler disassembles an elf file with
an external objdump tool.
The architecture specific objdump must be configured
via cmake (ARCH_TOOL_PREFIX), e.g. arm-none-eabi- for
arm-none-eabi-objdump.
- getSection/getSymbol now returns an ElfSymbol reference.
Searching by address now searches if address is within
symbol address and symbol address + size.
So we can test, if we are *within* a function, object or
section and not only at the start address.
Currently working:
- Connect/Disconnect, Read CPU info
- CMM Script generation and T32 startup via cmake (make runt32)
- Read/Write Register, Read Program Pointer
- Read/Write Memory
- Single Breakpoint
- Setting Memory Breakpoint
TODO:
- Fix mock aspect for T32_GetRam.
- Fix Thumb2 bit in function addresses from ELFReader
- Evaluate memory breakpoint hit
