$30 off During Our Annual Pro Sale. View Details »

Tockilator: Deducing Tock execution flows from Ibex Verilator traces

Tockilator: Deducing Tock execution flows from Ibex Verilator traces

Talk given on March 20, 2020 at Oxidize 1K, a virtual conference that went from first idea to 300+ person conference in a week during the COVID-19 pandemic. Video: https://www.youtube.com/watch?v=zPuELAzJyno#t=10534s

Bryan Cantrill

March 20, 2020

More Decks by Bryan Cantrill

Other Decks in Technology


  1. Tockilator Deducing Tock execution flow from Ibex Verilator traces Bryan

    Cantrill Oxide Computer Company
  2. Oxide? • New computer company seeking to modernize on-premises computers

    • We are rethinking the embedded systems at the foundation of computers: the hardware root-of-trust and service processor • With its emphasis on safety, security, and size, Rust is an excellent fit for these applications
  3. Tock • Tock is a Rust-based operating system designed for

    embedded systems • A logical descendent of TinyOS, retains the emphasis on small size while allowing the system to be extensible, portable and reliable • Tock allows for MPU-/PMP-protected applications • Importantly, Tock aims for application portability • As such, promising for collaboration across different embedded projects -- and being used for the OpenTitan root-of-trust project
  4. Verilator + Ibex • Verilator is an open source, cycle-accurate

    simulation tool that takes synthesizable Verilog, and translates it to C++ to execute • Verilator can emit e.g. FST for use as input to GTKwave • Verilator is being used to simulate Ibex, an open 32-bit RISC-V core • Ibex is the softcore for Earl Grey, the first OpenTitan SoC • Ibex has a tracer module that has been modified to support Verilator with human-readable instruction logging
  5. Complete instruction tracing! • Debugging embedded systems is extraordinarily excruciating...

    • ...but having entire instruction traces is singularly valuable! • Looking at instruction traces can enable bringup -- and obviously has tremendous power around code coverage, memory coverage, etc. • Challenge: as tedious as instruction traces are to use to understand C-based systems, they are much, much harder for Rust-based systems! • Can we process Ibex Verilator traces to make sense of Tock?
  6. Tockilator • Rust program that takes an Ibex Verilator trace

    and a pointer to the ELF objects representing the boot ROM and Tock instance • Symbolically resolves instructions; by determining function entry and return, can show execution flow through Tock • Tockilator uses DWARF information to decode function parameters and (importantly!) inlined function calls • Tock architecture allows Tockilator to show app + kernel flow • Primordial, but promising for Tock and Tock-based applications!
  7. Rust, Tockilator and beyond • Rust is an excellent fit

    for embedded systems: its ability to have powerful abstractions with tiny binaries borders on the magical • But to debug systems, we must cut through the magic, allowing the system to be understood from the machine up • Tockilator is one approach, but there is much more than can be done; instruction traces are a very rich vein for system understanding! • Tockilator is available at https://github.com/oxidecomputer/tockilator