Additionally passing the current Bochs CPU context and instruction cache entry...

Additionally passing the current Bochs CPU context and instruction cache entry to BochsController (enables detailed instruction analysis and modification)


git-svn-id: https://www4.informatik.uni-erlangen.de/i4svn/danceos/trunk/devel/fail@1361 8c4709b5-6ec9-48aa-a5cd-a96041d1645a

doc/class-diagram.dia

@@ -1841,19 +1841,19 @@
     </dia:object>
     <dia:object type="UML - Class" version="0" id="O1">
       <dia:attribute name="obj_pos">
-        <dia:point val="20.3,55.05"/>
+        <dia:point val="13.75,58.55"/>
       </dia:attribute>
       <dia:attribute name="obj_bb">
-        <dia:rectangle val="20.25,55;43.565,73.7"/>
+        <dia:rectangle val="13.7,58.5;44.33,83.6"/>
       </dia:attribute>
       <dia:attribute name="elem_corner">
-        <dia:point val="20.3,55.05"/>
+        <dia:point val="13.75,58.55"/>
       </dia:attribute>
       <dia:attribute name="elem_width">
-        <dia:real val="23.215"/>
+        <dia:real val="30.530000000000001"/>
       </dia:attribute>
       <dia:attribute name="elem_height">
-        <dia:real val="18.600000000000005"/>
+        <dia:real val="25.000000000000007"/>
       </dia:attribute>
       <dia:attribute name="name">
         <dia:string>#BochsController#</dia:string>
@@ -2035,6 +2035,52 @@
             <dia:boolean val="false"/>
           </dia:attribute>
         </dia:composite>
+        <dia:composite type="umlattribute">
+          <dia:attribute name="name">
+            <dia:string>#m_CPUContext#</dia:string>
+          </dia:attribute>
+          <dia:attribute name="type">
+            <dia:string>#BX_CPU_C*#</dia:string>
+          </dia:attribute>
+          <dia:attribute name="value">
+            <dia:string>##</dia:string>
+          </dia:attribute>
+          <dia:attribute name="comment">
+            <dia:string>##</dia:string>
+          </dia:attribute>
+          <dia:attribute name="visibility">
+            <dia:enum val="1"/>
+          </dia:attribute>
+          <dia:attribute name="abstract">
+            <dia:boolean val="false"/>
+          </dia:attribute>
+          <dia:attribute name="class_scope">
+            <dia:boolean val="false"/>
+          </dia:attribute>
+        </dia:composite>
+        <dia:composite type="umlattribute">
+          <dia:attribute name="name">
+            <dia:string>#m_CacheEntry#</dia:string>
+          </dia:attribute>
+          <dia:attribute name="type">
+            <dia:string>#bxICacheEntry_c*#</dia:string>
+          </dia:attribute>
+          <dia:attribute name="value">
+            <dia:string>##</dia:string>
+          </dia:attribute>
+          <dia:attribute name="comment">
+            <dia:string>##</dia:string>
+          </dia:attribute>
+          <dia:attribute name="visibility">
+            <dia:enum val="1"/>
+          </dia:attribute>
+          <dia:attribute name="abstract">
+            <dia:boolean val="false"/>
+          </dia:attribute>
+          <dia:attribute name="class_scope">
+            <dia:boolean val="false"/>
+          </dia:attribute>
+        </dia:composite>
       </dia:attribute>
       <dia:attribute name="operations">
         <dia:composite type="umloperation">
@@ -2239,6 +2285,57 @@
                 <dia:enum val="1"/>
               </dia:attribute>
             </dia:composite>
+            <dia:composite type="umlparameter">
+              <dia:attribute name="name">
+                <dia:string>#address_space#</dia:string>
+              </dia:attribute>
+              <dia:attribute name="type">
+                <dia:string>#address_t#</dia:string>
+              </dia:attribute>
+              <dia:attribute name="value">
+                <dia:string>##</dia:string>
+              </dia:attribute>
+              <dia:attribute name="comment">
+                <dia:string>##</dia:string>
+              </dia:attribute>
+              <dia:attribute name="kind">
+                <dia:enum val="1"/>
+              </dia:attribute>
+            </dia:composite>
+            <dia:composite type="umlparameter">
+              <dia:attribute name="name">
+                <dia:string>#context#</dia:string>
+              </dia:attribute>
+              <dia:attribute name="type">
+                <dia:string>#BX_CPU_C*#</dia:string>
+              </dia:attribute>
+              <dia:attribute name="value">
+                <dia:string>##</dia:string>
+              </dia:attribute>
+              <dia:attribute name="comment">
+                <dia:string>##</dia:string>
+              </dia:attribute>
+              <dia:attribute name="kind">
+                <dia:enum val="1"/>
+              </dia:attribute>
+            </dia:composite>
+            <dia:composite type="umlparameter">
+              <dia:attribute name="name">
+                <dia:string>#cache_entry#</dia:string>
+              </dia:attribute>
+              <dia:attribute name="type">
+                <dia:string>#bxICacheEntry_c*#</dia:string>
+              </dia:attribute>
+              <dia:attribute name="value">
+                <dia:string>##</dia:string>
+              </dia:attribute>
+              <dia:attribute name="comment">
+                <dia:string>##</dia:string>
+              </dia:attribute>
+              <dia:attribute name="kind">
+                <dia:enum val="1"/>
+              </dia:attribute>
+            </dia:composite>
           </dia:attribute>
         </dia:composite>
         <dia:composite type="umloperation">
@@ -2732,6 +2829,148 @@
           </dia:attribute>
           <dia:attribute name="parameters"/>
         </dia:composite>
+        <dia:composite type="umloperation">
+          <dia:attribute name="name">
+            <dia:string>#onIOPortEvent#</dia:string>
+          </dia:attribute>
+          <dia:attribute name="stereotype">
+            <dia:string>##</dia:string>
+          </dia:attribute>
+          <dia:attribute name="type">
+            <dia:string>#void#</dia:string>
+          </dia:attribute>
+          <dia:attribute name="visibility">
+            <dia:enum val="0"/>
+          </dia:attribute>
+          <dia:attribute name="comment">
+            <dia:string>##</dia:string>
+          </dia:attribute>
+          <dia:attribute name="abstract">
+            <dia:boolean val="false"/>
+          </dia:attribute>
+          <dia:attribute name="inheritance_type">
+            <dia:enum val="2"/>
+          </dia:attribute>
+          <dia:attribute name="query">
+            <dia:boolean val="false"/>
+          </dia:attribute>
+          <dia:attribute name="class_scope">
+            <dia:boolean val="false"/>
+          </dia:attribute>
+          <dia:attribute name="parameters">
+            <dia:composite type="umlparameter">
+              <dia:attribute name="name">
+                <dia:string>#data#</dia:string>
+              </dia:attribute>
+              <dia:attribute name="type">
+                <dia:string>#unsigned char#</dia:string>
+              </dia:attribute>
+              <dia:attribute name="value">
+                <dia:string>##</dia:string>
+              </dia:attribute>
+              <dia:attribute name="comment">
+                <dia:string>##</dia:string>
+              </dia:attribute>
+              <dia:attribute name="kind">
+                <dia:enum val="1"/>
+              </dia:attribute>
+            </dia:composite>
+            <dia:composite type="umlparameter">
+              <dia:attribute name="name">
+                <dia:string>#port#</dia:string>
+              </dia:attribute>
+              <dia:attribute name="type">
+                <dia:string>#unsigned#</dia:string>
+              </dia:attribute>
+              <dia:attribute name="value">
+                <dia:string>##</dia:string>
+              </dia:attribute>
+              <dia:attribute name="comment">
+                <dia:string>##</dia:string>
+              </dia:attribute>
+              <dia:attribute name="kind">
+                <dia:enum val="1"/>
+              </dia:attribute>
+            </dia:composite>
+            <dia:composite type="umlparameter">
+              <dia:attribute name="name">
+                <dia:string>#out#</dia:string>
+              </dia:attribute>
+              <dia:attribute name="type">
+                <dia:string>#bool#</dia:string>
+              </dia:attribute>
+              <dia:attribute name="value">
+                <dia:string>##</dia:string>
+              </dia:attribute>
+              <dia:attribute name="comment">
+                <dia:string>##</dia:string>
+              </dia:attribute>
+              <dia:attribute name="kind">
+                <dia:enum val="1"/>
+              </dia:attribute>
+            </dia:composite>
+          </dia:attribute>
+        </dia:composite>
+        <dia:composite type="umloperation">
+          <dia:attribute name="name">
+            <dia:string>#getICacheEntry#</dia:string>
+          </dia:attribute>
+          <dia:attribute name="stereotype">
+            <dia:string>##</dia:string>
+          </dia:attribute>
+          <dia:attribute name="type">
+            <dia:string>#bxICacheEntry_c*#</dia:string>
+          </dia:attribute>
+          <dia:attribute name="visibility">
+            <dia:enum val="0"/>
+          </dia:attribute>
+          <dia:attribute name="comment">
+            <dia:string>##</dia:string>
+          </dia:attribute>
+          <dia:attribute name="abstract">
+            <dia:boolean val="false"/>
+          </dia:attribute>
+          <dia:attribute name="inheritance_type">
+            <dia:enum val="2"/>
+          </dia:attribute>
+          <dia:attribute name="query">
+            <dia:boolean val="true"/>
+          </dia:attribute>
+          <dia:attribute name="class_scope">
+            <dia:boolean val="false"/>
+          </dia:attribute>
+          <dia:attribute name="parameters"/>
+        </dia:composite>
+        <dia:composite type="umloperation">
+          <dia:attribute name="name">
+            <dia:string>#getCPUContext#</dia:string>
+          </dia:attribute>
+          <dia:attribute name="stereotype">
+            <dia:string>##</dia:string>
+          </dia:attribute>
+          <dia:attribute name="type">
+            <dia:string>#BX_CPU_C*#</dia:string>
+          </dia:attribute>
+          <dia:attribute name="visibility">
+            <dia:enum val="0"/>
+          </dia:attribute>
+          <dia:attribute name="comment">
+            <dia:string>##</dia:string>
+          </dia:attribute>
+          <dia:attribute name="abstract">
+            <dia:boolean val="false"/>
+          </dia:attribute>
+          <dia:attribute name="inheritance_type">
+            <dia:enum val="2"/>
+          </dia:attribute>
+          <dia:attribute name="query">
+            <dia:boolean val="true"/>
+          </dia:attribute>
+          <dia:attribute name="class_scope">
+            <dia:boolean val="false"/>
+          </dia:attribute>
+          <dia:attribute name="parameters"/>
+        </dia:composite>
       </dia:attribute>
       <dia:attribute name="template">
         <dia:boolean val="false"/>
@@ -2743,16 +2982,16 @@
         <dia:point val="32.55,48.5503"/>
       </dia:attribute>
       <dia:attribute name="obj_bb">
-        <dia:rectangle val="31.7,48.5003;33.4,55.0497"/>
+        <dia:rectangle val="28.965,48.5003;33.4,58.5496"/>
       </dia:attribute>
       <dia:attribute name="meta">
         <dia:composite type="dict"/>
       </dia:attribute>
       <dia:attribute name="orth_points">
         <dia:point val="32.55,48.5503"/>
-        <dia:point val="32.55,52.175"/>
-        <dia:point val="31.9075,52.175"/>
-        <dia:point val="31.9075,54.9997"/>
+        <dia:point val="32.55,53.9249"/>
+        <dia:point val="29.015,53.9249"/>
+        <dia:point val="29.015,58.4996"/>
       </dia:attribute>
       <dia:attribute name="orth_orient">
         <dia:enum val="1"/>
@@ -2776,7 +3015,7 @@
       </dia:attribute>
       <dia:connections>
         <dia:connection handle="0" to="O0" connection="88"/>
-        <dia:connection handle="1" to="O1" connection="48"/>
+        <dia:connection handle="1" to="O1" connection="58"/>
       </dia:connections>
     </dia:object>
     <dia:object type="UML - Class" version="0" id="O3">

simulators/bochs/cpu/cpu.cc

@@ -33,7 +33,7 @@
 
 // Just a dummy function to define a join-point. This function is
 // *just* called once within bx_cpu_c::cpu_loop(...).
-static inline void defineCPULoopJoinPoint(BX_CPU_C* pThis)
+static inline void defineCPULoopJoinPoint(BX_CPU_C* pThis, bxICacheEntry_c *pEntry)
 {
     /* nothing to do here */
 }
@@ -160,7 +160,7 @@ void BX_CPU_C::cpu_loop(Bit32u max_instr_count)
  * 
  */
 
-      defineCPULoopJoinPoint(BX_CPU_THIS);
+      defineCPULoopJoinPoint(BX_CPU_THIS, entry);
 
 /****************************************************************/
       // instruction decoding completed -> continue with execution

src/core/sal/bochs/BochsController.cc

@@ -19,7 +19,8 @@ bx_bool interrupt_injection_request = false;
 int     interrupt_to_fire           = -1;
 
 BochsController::BochsController()
-	: SimulatorController(new BochsRegisterManager(), new BochsMemoryManager())
+	: SimulatorController(new BochsRegisterManager(), new BochsMemoryManager()),
+	  m_CPUContext(NULL), m_CacheEntry(NULL)
 {
 	// -------------------------------------
 	// Add the general purpose register:
@@ -89,12 +90,15 @@ void BochsController::dbgEnableInstrPtrOutput(unsigned regularity, std::ostream*
 }
 #endif // DEBUG
 
-void BochsController::onInstrPtrChanged(address_t instrPtr, address_t address_space)
+void BochsController::onInstrPtrChanged(address_t instrPtr, address_t address_space,
+		BX_CPU_C *context, bxICacheEntry_c *cache_entry)
 {
 #ifdef DEBUG
 	if(m_Regularity != 0 && ++m_Counter % m_Regularity == 0)
 		(*m_pDest) << "0x" << std::hex << instrPtr;
 #endif
+	m_CPUContext = context;
+	m_CacheEntry = cache_entry;
 	bool do_fire = false;
 	// Check for active breakpoint-events:
 	bp_cache_t &buffer_cache = m_EvList.getBPBuffer();
@@ -117,31 +121,6 @@ void BochsController::onInstrPtrChanged(address_t instrPtr, address_t address_sp
 		m_EvList.fireActiveEvents();
 	// Note: SimulatorController::onBreakpointEvent will not be invoked in this
 	//       implementation.
-#if 0
-	//deprecated - this code is ugly
-	bool do_fire = false;
-	int i = 0;
-	BufferCache<BPEvent*> *buffer_cache = m_EvList.getBPBuffer();
-	while(i < buffer_cache->getCount()) {
-		BPEvent *pEvBreakpt = buffer_cache->get(i);
-		if(pEvBreakpt->isMatching(instrPtr, address_space)) {
-			pEvBreakpt->setTriggerInstructionPointer(instrPtr);
-
-			i = buffer_cache->makeActive(m_EvList, i);
-			assert(i >= 0 &&
-					   "FATAL ERROR: Could not erase BPEvent from cache");
-
-			// we now know we need to fire the active events - usually we do not have to
-			do_fire = true;
-			// "i" has already been set to the next element (by calling
-			// makeActive()):
-			continue; // -> skip loop  increment
-		}
-		i++;
-	}
-	if(do_fire)
-		m_EvList.fireActiveEvents();
-#endif
 }
 
 void BochsController::onIOPortEvent(unsigned char data, unsigned port, bool out) {
@@ -300,11 +279,13 @@ void BochsController::onEventTrigger(BaseEvent* pev)
 const std::string& BochsController::getMnemonic() const
 {
 	static std::string str;
+#if 0
 	bxICacheEntry_c* pEntry = BX_CPU(0)->getICacheEntry();
 	assert(pEntry != NULL && "FATAL ERROR: Bochs internal function returned NULL (not expected)!");
 	bxInstruction_c* pInstr = pEntry->i;
 	assert(pInstr != NULL && "FATAL ERROR: Bochs internal member was NULL (not expected)!");
-	const char* pszName = get_bx_opcode_name(pInstr->getIaOpcode());
+#endif
+	const char* pszName = get_bx_opcode_name(getICacheEntry()->i->getIaOpcode());
 	if (pszName != NULL)
 		str = pszName;
 	else

src/core/sal/bochs/BochsController.hpp

@@ -81,7 +81,7 @@ public:
 	 * @param instrPtr the new instruction pointer
 	 * @param address_space the address space the CPU is currently in
 	 */
-	void onInstrPtrChanged(address_t instrPtr, address_t address_space);
+	void onInstrPtrChanged(address_t instrPtr, address_t address_space, BX_CPU_C *context, bxICacheEntry_c *cache_entry);
 	/**
 	 * I/O port communication handler. This method is called (from
 	 * the IOPortCom aspect) every time when Bochs performs a port I/O operation.
@@ -174,6 +174,19 @@ public:
 	 *         the returned string is empty
 	 */
 	const std::string& getMnemonic() const;
+	/**
+	 * Retrieves the current Bochs instruction cache entry
+	 * @returns a pointer to a bxICacheEntry_c object
+	 */
+	inline bxICacheEntry_c *getICacheEntry() const { return m_CacheEntry; }
+	/**
+	 * Retrieves the current CPU context
+	 * @return a pointer to a BX_CPU_C object
+	 */
+	inline BX_CPU_C *getCPUContext() const { return m_CPUContext; }
+private:
+	BX_CPU_C *m_CPUContext;
+	bxICacheEntry_c *m_CacheEntry;
 };
 
 } // end-of-namespace: fail

src/core/sal/bochs/Breakpoints.ah

@@ -19,10 +19,10 @@ aspect Breakpoints {
 		// BX_CPU(0) otherwise
 		BX_CPU_C* pThis = *(tjp->arg<0>());
 		// Points to the *current* bxInstruction-object
-		//bxInstruction_c* pInstr = *(tjp->arg<1>());
+		bxICacheEntry_c* pEntry = *(tjp->arg<1>());
 
 		// report this event to the Bochs controller:
-		fail::simulator.onInstrPtrChanged(pThis->get_instruction_pointer(), pThis->cr3);
+		fail::simulator.onInstrPtrChanged(pThis->get_instruction_pointer(), pThis->cr3, pThis, pEntry);
 		// Note: get_bx_opcode_name(pInstr->getIaOpcode()) retrieves the mnemonics.
 	}
 };

src/experiments/l4-sys/campaign.cc

@@ -11,9 +11,24 @@ using namespace std;
 using namespace fail;
 
 char const * const results_csv = "l4sys.csv";
+const char *l4sys_output_strings[] = { "Unknown", "Done", "Timeout", "Trap", "Interrupt", "Wrong output", "Error" };
 
-bool L4SysCampaign::run()
-{
+std::string L4SysCampaign::output_result(L4SysProtoMsg_ResultType res) {
+#define OUTPUT_CASE(OUTPUT) case L4SysProtoMsg::OUTPUT: return l4sys_output_strings[L4SysProtoMsg::OUTPUT];
+	switch (res) {
+	OUTPUT_CASE(DONE);
+	OUTPUT_CASE(TIMEOUT);
+	OUTPUT_CASE(TRAP);
+	OUTPUT_CASE(INTR);
+	OUTPUT_CASE(WRONG);
+	OUTPUT_CASE(UNKNOWN);
+	default:
+		return l4sys_output_strings[0];
+	}
+#undef OUTPUT_CASE
+}
+
+bool L4SysCampaign::run() {
 	Logger log("L4SysCampaign");
 
 #if 0
@@ -32,17 +47,17 @@ bool L4SysCampaign::run()
 	log << "startup" << endl;
 
 	int count = 0;
-	//iterate over one register
-	for (int bit_offset = 0; bit_offset < 1; ++bit_offset) {
-		for (int instr_offset = 0; instr_offset < L4SYS_NUMINSTR; ++instr_offset) {
-			L4SysExperimentData *d = new L4SysExperimentData;
-			d->msg.set_instr_offset(instr_offset);
-			d->msg.set_bit_offset(bit_offset);
-			d->msg.set_bit_offset(0);
-	  
-			campaignmanager.addParam(d);
-			++count;
-		}
+	srand(time(NULL));
+	for (int i = 0; i < 3000; ++i) {
+		L4SysExperimentData *d = new L4SysExperimentData;
+		d->msg.set_exp_type(d->msg.IDCFLIP);
+		d->msg.set_instr_offset(rand() % L4SYS_NUMINSTR);
+		// 15 bytes (120 bits) are the longest instruction Bochs still executes
+		int bit_offset = rand() % 120;
+		d->msg.set_bit_offset(bit_offset);
+
+		campaignmanager.addParam(d);
+		++count;
 	}
 	campaignmanager.noMoreParameters();
 	log << "done enqueueing parameter sets (" << count << ")." << endl;
@@ -50,19 +65,19 @@ bool L4SysCampaign::run()
 	// collect results
 	L4SysExperimentData *res;
 	int rescount = 0;
-	results << "injection_ip,instr_offset,injection_bit,resulttype,resultdata,output,details" << endl;
+	results
+			<< "injection_ip,instr_offset,injection_bit,resulttype,resultdata,output,details"
+			<< endl;
 	while ((res = static_cast<L4SysExperimentData *>(campaignmanager.getDone()))) {
 		rescount++;
 
-		results << hex
-		 << res->msg.injection_ip() << ","
-		 << dec << res->msg.instr_offset() << ","
-		 << res->msg.bit_offset() << ","
-		 << res->msg.resulttype() << ","
-		 << res->msg.resultdata();
-		if(res->msg.has_output())
+		results << hex << res->msg.injection_ip() << "," << dec
+				<< res->msg.instr_offset() << "," << res->msg.bit_offset()
+				<< "," << output_result(res->msg.resulttype()) << ","
+				<< res->msg.resultdata();
+		if (res->msg.has_output())
 			results << "," << res->msg.output();
-		if(res->msg.has_details())
+		if (res->msg.has_details())
 			results << "," << res->msg.details();
 		results << endl;
 		delete res;

src/experiments/l4-sys/campaign.hpp

@@ -14,6 +14,8 @@ public:
 class L4SysCampaign : public fail::Campaign {
 public:
 	virtual bool run();
+private:
+	std::string output_result(L4SysProtoMsg_ResultType res);
 };
 
 #endif // __L4SYS_CAMPAIGN_HPP__

src/experiments/l4-sys/experiment.hpp

@@ -5,6 +5,8 @@
 
 #include "efw/ExperimentFlow.hpp"
 #include "efw/JobClient.hpp"
+#include "campaign.hpp"
+#include "util/Logger.hpp"
 
 class L4SysExperiment : public fail::ExperimentFlow {
 	fail::JobClient m_jc;
@@ -12,12 +14,45 @@ public:
 	L4SysExperiment() : m_jc("localhost") {}
 	bool run();
 private:
-	// NOTE: It's good practise to use "const std::string&" as parameter type.
-	//       Additionaly, if you don't need the return value to be copied,
-	//       return a (const) reference to a class member or a static string-
-	//       object.
-	std::string sanitised(std::string in_str);
+	/**
+	 * Sanitises the output string of the serial device monitored.
+	 * @param a string containing special ASCII characters
+	 * @returns a byte-stuffed version of the given string
+	 */
+	std::string sanitised(const std::string &in_str);
+	/**
+	 * Waits for events and simultaneously logs output from the serial console
+	 * @param clear_output if true, the output logged so far is deleted, thus the buffer is reset (cleared)
+	 * @returns the event returned by waitAny, as long as it did not log output
+	 */
 	fail::BaseEvent* waitIOOrOther(bool clear_output);
+	/**
+	 * Calculates the address where Bochs will read the current instruction from.
+	 * This code is copied from various Bochs methods and should be reviewed as
+	 * soon as a new Bochs version is introduced.
+	 * @returns a pointer to the memory region containing the current Bochs instruction
+	 */
+	const Bit8u *calculateInstructionAddress();
+	/**
+	 * A function necessary for Bochs internal address translation
+	 * @returns a value for Bochs' eipBiased variable
+	 */
+	Bit32u eipBiased();
+	/**
+	 * Parses a raw instruction into a bxInstruction_c structure.
+	 * This simple version of the function is taken from Bochs
+	 * where it is currently disabled due to the TRACE_CACHE option,
+	 * and has been modified to fit the needs of instruction modification.
+	 * @param instance a pointer to the current Bochs CPU
+	 * @param instr a pointer to the address the instruction is fetched from
+	 * @param iStorage an outgoing value which contains the parsed instruction
+	 * @returns \a false if the instruction continued on the following page in memory
+	 */
+	bx_bool fetchInstruction(BX_CPU_C *instance, const Bit8u *instr, bxInstruction_c *iStorage);
+	void logInjection(fail::Logger &log, const L4SysExperimentData &param);
+	bool isALUInstruction(unsigned opcode);
+	void readFromFileToVector(std::ifstream &file, std::vector<struct __trace_instr_type> &instr_list);
+	void changeBochsInstruction(bxInstruction_c *dest, bxInstruction_c *src);
 };
 
 #endif // __L4SYS_EXPERIMENT_HPP__

src/experiments/l4-sys/experimentInfo.hpp

 #ifndef __EXPERIMENT_INFO_HPP__
   #define __EXPERIMENT_INFO_HPP__
 
-//experiment types:
-#define GPRFLIP 10
-#define IDCFLIP 20
+// the maximum number of bytes in a Bochs instruction
+#define MAX_INSTR_BYTES 15
 
-#define L4SYS_FUNC_ENTRY		0x1007cd0
-#define L4SYS_FUNC_EXIT			0x1007d3a
-#define L4SYS_NUMINSTR			3184
+// the bounds of the program
+#define L4SYS_ADDRESS_SPACE		0x203d000
+#define L4SYS_FUNC_ENTRY		0x1000400
+#define L4SYS_FUNC_EXIT			0x10005b0
+#define L4SYS_NUMINSTR			56052772
+
+#define L4SYS_ITERATION_COUNT	1
+
+// several file names used
+#define L4SYS_STATE_FOLDER		"l4sys.state"
+#define L4SYS_INSTRUCTION_LIST	"ip.list"
+#define L4SYS_ALU_INSTRUCTIONS	"alu.list"
+#define L4SYS_CORRECT_OUTPUT	"golden.out"
+
+// flags
 #define HEADLESS_EXPERIMENT
-#define EXPERIMENT_TYPE			IDCFLIP
 //#define PREPARE_EXPERIMENT
 
 #endif // __EXPERIMENT_INFO_HPP__

src/experiments/l4-sys/l4sys.proto

 message L4SysProtoMsg {
+	// experiment types
+	enum ExperimentType {
+		GPRFLIP = 10;
+		RATFLIP = 15;
+		IDCFLIP = 20;
+		ALUINSTR = 30;
+	}
 	// parameters
-	required int32 instr_offset = 1;
-	required int32 bit_offset = 2;
+	required ExperimentType exp_type = 10;
+	required int32 instr_offset = 20;
+	required int32 bit_offset = 30;
 
 	// results
 	// make these optional to reduce overhead for server->client communication
@@ -14,13 +22,13 @@ message L4SysProtoMsg {
 		UNKNOWN = 6;
 	}
 	// instruction pointer where injection was done
-	optional uint32 injection_ip = 3;
+	optional uint32 injection_ip = 40;
 	// result type, see above
-	optional ResultType resulttype = 4;
+	optional ResultType resulttype = 50;
 	// result data, depending on resulttype (see source code)
-	optional uint32 resultdata = 5;
+	optional uint32 resultdata = 60;
 	// generated output
-	optional string output = 6;
+	optional string output = 70;
 	// optional textual description of what happened
-	optional string details = 7;
+	optional string details = 80;
 }