-
Notifications
You must be signed in to change notification settings - Fork 29
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Compare against real silicon behaviour #4
Comments
I think it's definitely in-scope for the analysis component of mishegos! I had some thoughts re: using microx, but I'd definitely be interested in integrating sandsifter's techniques as well. |
That's good news! Using microx for this would come with the rather big limitation that it appears to be relying on the information provided by XED, thus will likely be unable to execute / spot errors with instructions that are bugged in XED. The sandsifter approach doesn't require reliance on any software disassembler and would thus be the better fit IMO. |
Yes, that's a good point. My main concern with sandsifter was that (IIRC) it uses capstone as its ground truth during triaging, but that's completely separate from the execution process. |
I modified sandsifter a while back to use a different ground truth and output some other info. From what I recall the only time it uses capstone was during printing info. It was quite easy to completely remove and for example swap it for XED or just leave it behind all together. The code was quite complex and hard to work with though. Although you could by pass a lot of it's complexity by ignoring everything besides the inject function. All you need to do is include this file. From the looks of it microx doesn't actually run an instruction on the CPU it self but tries to model its behavior with XED. I would say that in the context of the current project it would basically look like another worker. My only concern with sandsifter would be that I would expect the performance to be way lower than you otherwise would have, considering that raising traps is a core mechanic of it's search. But this would be inherent to this problem. |
Awesome! Good to know that it's feasible.
It does both, kind of: microx uses XED to transform the instruction and JITs it with some tweaks, then executes it in a special execution area. You can see most of the code that does that here: https://github.com/lifting-bits/microx/blob/03feed3ff843bfb3c03b2f72220703ad11a79cb2/microx/Executor.cpp#L1827 OTOH microx wasn't designed with the use case in mind at all (it expects completely valid instructions from the very beginning), so sandsifter + XED will probably be a better foundation.
Yep! That comes with the territory. Mishegos's architecture allows people to enable and disable workers as they please, so a particularly slow one isn't a big deal :-) |
Something that we had planned to look into sooner or later is diffing against the behaviour observed from actual CPUs, in a sandsifter-like fashion. Would that be beyond the scope of this project or would you be interested in adding something like that as well?
The text was updated successfully, but these errors were encountered: