Tockilator: Deducing Tock execution flows from Ibex Verilator traces

Transcript

1. Tockilator Deducing Tock execution flow from Ibex Verilator traces Bryan

   Cantrill Oxide Computer Company

2. Oxide? • New computer company seeking to modernize on-premises computers

   • We are rethinking the embedded systems at the foundation of computers: the hardware root-of-trust and service processor • With its emphasis on safety, security, and size, Rust is an excellent fit for these applications

3. Tock • Tock is a Rust-based operating system designed for

   embedded systems • A logical descendent of TinyOS, retains the emphasis on small size while allowing the system to be extensible, portable and reliable • Tock allows for MPU-/PMP-protected applications • Importantly, Tock aims for application portability • As such, promising for collaboration across different embedded projects -- and being used for the OpenTitan root-of-trust project

4. Verilator + Ibex • Verilator is an open source, cycle-accurate

   simulation tool that takes synthesizable Verilog, and translates it to C++ to execute • Verilator can emit e.g. FST for use as input to GTKwave • Verilator is being used to simulate Ibex, an open 32-bit RISC-V core • Ibex is the softcore for Earl Grey, the first OpenTitan SoC • Ibex has a tracer module that has been modified to support Verilator with human-readable instruction logging

5. Complete instruction tracing! • Debugging embedded systems is extraordinarily excruciating...

   • ...but having entire instruction traces is singularly valuable! • Looking at instruction traces can enable bringup -- and obviously has tremendous power around code coverage, memory coverage, etc. • Challenge: as tedious as instruction traces are to use to understand C-based systems, they are much, much harder for Rust-based systems! • Can we process Ibex Verilator traces to make sense of Tock?

6. Tockilator • Rust program that takes an Ibex Verilator trace

   and a pointer to the ELF objects representing the boot ROM and Tock instance • Symbolically resolves instructions; by determining function entry and return, can show execution flow through Tock • Tockilator uses DWARF information to decode function parameters and (importantly!) inlined function calls • Tock architecture allows Tockilator to show app + kernel flow • Primordial, but promising for Tock and Tock-based applications!

7. Rust, Tockilator and beyond • Rust is an excellent fit

   for embedded systems: its ability to have powerful abstractions with tiny binaries borders on the magical • But to debug systems, we must cut through the magic, allowing the system to be understood from the machine up • Tockilator is one approach, but there is much more than can be done; instruction traces are a very rich vein for system understanding! • Tockilator is available at https://github.com/oxidecomputer/tockilator