christoph/fail
1
Fork 0
Code Releases Activity
Files
ec9a1c33d1e26c6682683b553d43160002964d0c
fail/core/experiments/FaultCoverageExperiment/experiment.cc
hsc b70b6fb43a another directory rename: failstar -> fail 
"failstar" sounds like a name for a cruise liner from the 80s.  As "*" isn't a
desirable part of directory names, just name the whole thing "fail/", the core
parts being stored in "fail/core/".

Additionally fixing two build system dependency issues:
 - missing jobserver -> protomessages dependency
 - broken bochs -> fail dependency (add_custom_target DEPENDS only allows plain
   file dependencies ... cmake for the win)


git-svn-id: https://www4.informatik.uni-erlangen.de/i4svn/danceos/trunk/devel/fail@956 8c4709b5-6ec9-48aa-a5cd-a96041d1645a
2012-03-08 19:43:02 +00:00

141 lines
4.8 KiB
C++
Raw Blame History

#include <iostream>
#include <stdint.h>
#include <sstream>
#include <cassert>
#include <time.h>
#include "experiment.hpp"
#include "SAL/SALInst.hpp"
#include "SAL/bochs/BochsRegister.hpp"
#include "../../util/Logger.hpp"
using namespace std;
using namespace sal;
using namespace fi;
using namespace sal;
bool FaultCoverageExperiment::run()
{
/*
Experimentskizze:
- starte Gastsystem
- setze Breakpoint auf Beginn der betrachteten Funktion; warte darauf
- sichere Zustand
- iteriere über alle Register
-- iteriere über alle 32 Bit in diesem Register
--- iteriere über alle Instruktionsadressen innerhalb der betrachteten Funktion
---- setze Breakpoint auf diese Adresse; warte darauf
---- flippe Bit x in Register y
---- setze Breakpoint auf Verlassen der Funktion; warte darauf
---- bei Erreichen des Breakpoint: sichere Funktionsergebnis (irgendein bestimmtes Register)
---- lege Ergebnisdaten ab:
a) Ergebnis korrekt (im Vergleich zum bekannt korrekten Ergebnis für die Eingabe)
b) Ergebnis falsch
c) Breakpoint wird nicht erreicht, Timeout (z.B. gefangen in Endlosschleife)
d) Trap wurde ausgelöst
---- stelle zuvor gesicherten Zustand wieder her
*/
// set breakpoint at start address of the function to be analyzed ("observed");
// wait until instruction pointer reaches that address
cout << "[FaultCoverageExperiment] Setting up experiment. Allowing to start now." << endl;
BPEvent ev_func_start(INST_ADDR_FUNC_START);
simulator.addEvent(&ev_func_start);
cout << "[FaultCoverageExperiment] Waiting for function start address..." << endl;
while(simulator.waitAny() != &ev_func_start)
;
// store current state
cout << "[FaultCoverageExperiment] Saving state in ./bochs_save_point ..."; cout.flush();
simulator.save("./bochs_save_point");
cout << "done!" << endl;
// log the results on std::cout
Logger res;
cout << "[FaultCoverageExperiment] Logging results on std::cout." << endl;
RegisterManager& regMan = simulator.getRegisterManager();
// iterate over all registers
for(RegisterManager::iterator it = regMan.begin(); it != regMan.end(); it++)
{
Register* pReg = *it; // get a ptr to the current register-object
// loop over the 32 bits within this register
for(regwidth_t bitnr = 0; bitnr < pReg->getWidth(); ++bitnr)
{
// loop over all instruction addresses of observed function
for(int instr = 0; ; ++instr)
{
// clear event queues
simulator.clearEvents();
// restore previously saved simulator state
cout << "[FaultCoverageExperiment] Restoring previous simulator state..."; cout.flush();
simulator.restore("./bochs_save_point");
cout << "done!" << endl;
// breakpoint at function exit
BPEvent ev_func_end(INST_ADDR_FUNC_END);
simulator.addEvent(&ev_func_end);
// no need to continue simulation if we want to
// inject *now*
if (instr > 0) {
// breakpoint $instr instructions in the future
BPEvent ev_instr_reached(ANY_ADDR);
ev_instr_reached.setCounter(instr);
simulator.addEvent(&ev_instr_reached);
// if we reach the exit first, this round is done
if (simulator.waitAny() == &ev_func_end)
break;
}
// inject bit-flip at bit $bitnr in register $reg
regdata_t data = pReg->getData();
data ^= 1 << bitnr;
pReg->setData(data); // write back data to register
// catch traps and timeout
TrapEvent ev_trap; // any traps
simulator.addEvent(&ev_trap);
BPEvent ev_timeout(ANY_ADDR);
ev_timeout.setCounter(1000);
simulator.addEvent(&ev_timeout);
// wait for function exit, trap or timeout
BaseEvent* ev = simulator.waitAny();
if(ev == &ev_func_end)
{
// log result
#if BX_SUPPORT_X86_64
const GPRegisterId targetreg = sal::RID_RAX;
const size_t expected_size = sizeof(uint32_t)*8;
#else
const GPRegisterId targetreg = sal::RID_EAX;
const size_t expected_size = sizeof(uint64_t)*8;
#endif
Register* pEAX = simulator.getRegisterManager().getSetOfType(RT_GP)->getRegister(targetreg);
assert(expected_size == pEAX->getWidth()); // we assume to get 32(64) bits...
regdata_t result = pEAX->getData();
res << "[FaultCoverageExperiment] Reg: " << pReg->getName()
<< ", #Bit: " << bitnr << ", Instr-Idx: " << instr
<< ", Data: " << result;
}
else if(ev == &ev_trap)
res << "[FaultCoverageExperiment] Reg: " << pReg->getName()
<< ", #Bit: " << bitnr << ", Instr-Idx: " << instr
<< ", Trap#: " << ev_trap.getTriggerNumber() << " (Trap)";
else if(ev == &ev_timeout)
res << "[FaultCoverageExperiment] Reg: " << pReg->getName()
<< ", #Bit: " << bitnr << ", Instr-Idx: " << instr
<< " (Timeout)";
else
cout << "We've received an unkown event! "
<< "What the hell is going on?" << endl;
}
}
}
return (true);
}
View Git Blame Copy Permalink