Tockilator: Deducing Tock execution flows from Ibex Verilator traces
Talk given on March 20, 2020 at Oxidize 1K, a virtual conference that went from first idea to 300+ person conference in a week during the COVID-19 pandemic. Video: https://www.youtube.com/watch?v=zPuELAzJyno#t=10534s
Oxide? ● New computer company seeking to modernize on-premises computers ● We are rethinking the embedded systems at the foundation of computers: the hardware root-of-trust and service processor ● With its emphasis on safety, security, and size, Rust is an excellent fit for these applications
Tock ● Tock is a Rust-based operating system designed for embedded systems ● A logical descendent of TinyOS, retains the emphasis on small size while allowing the system to be extensible, portable and reliable ● Tock allows for MPU-/PMP-protected applications ● Importantly, Tock aims for application portability ● As such, promising for collaboration across different embedded projects -- and being used for the OpenTitan root-of-trust project
Verilator + Ibex ● Verilator is an open source, cycle-accurate simulation tool that takes synthesizable Verilog, and translates it to C++ to execute ● Verilator can emit e.g. FST for use as input to GTKwave ● Verilator is being used to simulate Ibex, an open 32-bit RISC-V core ● Ibex is the softcore for Earl Grey, the first OpenTitan SoC ● Ibex has a tracer module that has been modified to support Verilator with human-readable instruction logging
Complete instruction tracing! ● Debugging embedded systems is extraordinarily excruciating... ● ...but having entire instruction traces is singularly valuable! ● Looking at instruction traces can enable bringup -- and obviously has tremendous power around code coverage, memory coverage, etc. ● Challenge: as tedious as instruction traces are to use to understand C-based systems, they are much, much harder for Rust-based systems! ● Can we process Ibex Verilator traces to make sense of Tock?
Tockilator ● Rust program that takes an Ibex Verilator trace and a pointer to the ELF objects representing the boot ROM and Tock instance ● Symbolically resolves instructions; by determining function entry and return, can show execution flow through Tock ● Tockilator uses DWARF information to decode function parameters and (importantly!) inlined function calls ● Tock architecture allows Tockilator to show app + kernel flow ● Primordial, but promising for Tock and Tock-based applications!
Rust, Tockilator and beyond ● Rust is an excellent fit for embedded systems: its ability to have powerful abstractions with tiny binaries borders on the magical ● But to debug systems, we must cut through the magic, allowing the system to be understood from the machine up ● Tockilator is one approach, but there is much more than can be done; instruction traces are a very rich vein for system understanding! ● Tockilator is available at https://github.com/oxidecomputer/tockilator
bcantrill
nearme_tech
benevolent0505
cyberagentdevelopers
shohei1029
k6s4i53rx
ohmori_yusuke
mixi_engineers
ciniml
hakubishin3
okuzawats
trycycle
globis_gdp
afnizarnur
hatefulcrawdad
philhawksworth
shpigford
eitanlees
tanoku
keavy
keathley
keithpitt
62gerente
aleyda
jasonvnalue