Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Tockilator: Deducing Tock execution flows from Ibex Verilator traces

Tockilator: Deducing Tock execution flows from Ibex Verilator traces

Talk given on March 20, 2020 at Oxidize 1K, a virtual conference that went from first idea to 300+ person conference in a week during the COVID-19 pandemic. Video: https://www.youtube.com/watch?v=zPuELAzJyno#t=10534s

Bryan Cantrill

March 20, 2020
Tweet

More Decks by Bryan Cantrill

Other Decks in Technology

Transcript

  1. Tockilator
    Deducing Tock execution flow
    from Ibex Verilator traces
    Bryan Cantrill
    Oxide Computer Company

    View Slide

  2. Oxide?
    ● New computer company seeking to modernize on-premises computers
    ● We are rethinking the embedded systems at the foundation of
    computers: the hardware root-of-trust and service processor
    ● With its emphasis on safety, security, and size, Rust is an excellent fit for
    these applications

    View Slide

  3. Tock
    ● Tock is a Rust-based operating system designed for embedded systems
    ● A logical descendent of TinyOS, retains the emphasis on small size while
    allowing the system to be extensible, portable and reliable
    ● Tock allows for MPU-/PMP-protected applications
    ● Importantly, Tock aims for application portability
    ● As such, promising for collaboration across different embedded
    projects -- and being used for the OpenTitan root-of-trust project

    View Slide

  4. Verilator + Ibex
    ● Verilator is an open source, cycle-accurate simulation tool that takes
    synthesizable Verilog, and translates it to C++ to execute
    ● Verilator can emit e.g. FST for use as input to GTKwave
    ● Verilator is being used to simulate Ibex, an open 32-bit RISC-V core
    ● Ibex is the softcore for Earl Grey, the first OpenTitan SoC
    ● Ibex has a tracer module that has been modified to support Verilator
    with human-readable instruction logging

    View Slide

  5. Complete instruction tracing!
    ● Debugging embedded systems is extraordinarily excruciating...
    ● ...but having entire instruction traces is singularly valuable!
    ● Looking at instruction traces can enable bringup -- and obviously has
    tremendous power around code coverage, memory coverage, etc.
    ● Challenge: as tedious as instruction traces are to use to understand
    C-based systems, they are much, much harder for Rust-based systems!
    ● Can we process Ibex Verilator traces to make sense of Tock?

    View Slide

  6. Tockilator
    ● Rust program that takes an Ibex Verilator trace and a pointer to the ELF
    objects representing the boot ROM and Tock instance
    ● Symbolically resolves instructions; by determining function entry and
    return, can show execution flow through Tock
    ● Tockilator uses DWARF information to decode function parameters
    and (importantly!) inlined function calls
    ● Tock architecture allows Tockilator to show app + kernel flow
    ● Primordial, but promising for Tock and Tock-based applications!

    View Slide

  7. Rust, Tockilator and beyond
    ● Rust is an excellent fit for embedded systems: its ability to have
    powerful abstractions with tiny binaries borders on the magical
    ● But to debug systems, we must cut through the magic, allowing the
    system to be understood from the machine up
    ● Tockilator is one approach, but there is much more than can be done;
    instruction traces are a very rich vein for system understanding!
    ● Tockilator is available at https://github.com/oxidecomputer/tockilator

    View Slide