-
Notifications
You must be signed in to change notification settings - Fork 37
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Init each memory region in init script with zero and fix un-freed buffer #138
Conversation
Hi, makes sense to have a set to 0 feature for memory segments. Just one concern here from my side. |
Remark: Adding magic 0-initialization memory in models of HW is a recipe for hiding lots of nasty latent bugs
that the bite you when you move to a physical system.
If you initialize modelled memory initialize to random garbage or our old friend 0xdeadbeef .
0 is the worst-case as it likely to make a lot of broken SW “ nearly work” as it typically represents “empty”
or nullptr. Proper initialization is the job of the hosted OS / runtime libs etc.
Cheers,
Andrew
From: JoGei ***@***.***>
Sent: Wednesday, August 9, 2023 9:59 AM
To: tum-ei-eda/etiss ***@***.***>
Cc: Subscribed ***@***.***>
Subject: Re: [tum-ei-eda/etiss] Init each memory region in init script with zero and fix un-freed buffer (PR #138)
Caution: This e-mail originated outside Infineon Technologies. Do not click on links or open attachments unless you validate it is safe<https://intranet-content.infineon.com/explore/aboutinfineon/rules/informationsecurity/ug/SocialEngineering/Pages/SocialEngineeringElements_en.aspx>.
Hi, makes sense to have a set to 0 feature for memory segments.
Just one concern here from my side.
Generating an empty temporary buffer with implicit "set to zero init" to overwrite the memsegment contents through load seems a bit inefficient.
Maybe we should instead let the MemSegment Constructor<https://github.com/tum-ei-eda/etiss/blob/0d215c87a794a7979f4d728deeeeee0408b8f169/include/etiss/SimpleMemSystem.h#L91-L104> do it by adding an optional "init_zero" parameter.
—
Reply to this email directly, view it on GitHub<#138 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AEFJSID6BRLXVAQZH7AJVWDXUM7NPANCNFSM6AAAAAA3IGH3YU>.
You are receiving this because you are subscribed to this thread.Message ID: ***@***.******@***.***>>
|
Hi Andrew, Yes, totally agree! Then we should maybe add a config based init type for memory segments like we use for length and origin:
and per default randomize, i.e., no Regards, Johannes |
…Default init=random)
Considered your feedback @JoGei @andrewstevens-infineon! |
IMO, mostly fine, but it should be documented somewhere what the default behavior is. If you randomize all program memory per default, users might experience unpredictable behavior when launching bad ELFs. E.g., getting different exceptions because of non-deterministic setups between runs.
With |
@JoGei we can't both parse a configuration value as integer and string, at least not without considerable hackery. I propose treating A workaround to this would be to treat |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nitpicking at minor code quality things
.github/workflows/ci.yml
Outdated
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Keep this file out of this PR, it has nothing to do with the memory init stuff
include/etiss/SimpleMemSystem.h
Outdated
// std::stringstream mem_msg; | ||
// mem_msg << "This memory segment " << " is initialized with 0x" << std::hex << size_ << " bytes! \n"; | ||
// for (etiss::uint64 i = 0; i < size_; ++i) | ||
// { | ||
// mem_msg << static_cast<uint16_t>( mem_[i]) << ":"; | ||
// } | ||
// etiss::log(etiss::INFO, mem_msg.str()); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can be removed
src/SimpleMemSystem.cpp
Outdated
|
||
mem_msg << "The memory segment " << i << " is initialized with 0x" << std::hex << length << " bytes from input_image !"; | ||
etiss::log(etiss::INFO, mem_msg.str()); | ||
}else if (initVal != 0){ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
keep code formatting consistent
src/SimpleMemSystem.cpp
Outdated
}else if (initVal != 0){ | ||
mem_msg << "The memory segment " << i << " is initialized with 0x" << std::hex << length << " elements with value: " << static_cast<uint16_t>(initVal); | ||
etiss::log(etiss::INFO, mem_msg.str()); | ||
}else{ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
keep code formatting consistent
Lastly, I agree with @JoGei that this feature should be documented somewhere. Where that is I don't really know, as the previous changes to |
023b7e3
to
9c00cbb
Compare
@wysiwyng @JoGei @PhilippvK Thank you for your feedback: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not sure about the std::string param= 0
default arguments.
include/etiss/SimpleMemSystem.h
Outdated
self_allocated_ = true; | ||
} | ||
} | ||
|
||
// Can be overwritten afterwards with load_elf | ||
void memInit(uint8_t initVal = 0) | ||
void memInit(std::string initString = 0) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
std::string default argument should be = ""
or removed since it now will be managed by etiss::initialize
include/etiss/SimpleMemSystem.h
Outdated
MemSegment(etiss::uint64 start_addr, etiss::uint64 size, access_t mode, const std::string name, | ||
etiss::uint8 *mem = nullptr, uint8_t initVal = 0) | ||
etiss::uint8 *mem = nullptr, std::string initString = 0) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
std::string default argument should be = ""
or removed since it now will be managed by etiss::initialize
Still missing a case to "not initialize anything" when |
I assumed that |
As far as I know the ini parser of ETISS accepts that input. What I mean is the case when the configuration file does not contain the key
Yes, because it only needs to differentiate between two cases: something vaguely resembling a file path or empty. We want to differentiate between 3 cases: "Nothing", random, and some set value. |
src/SimpleMemSystem.cpp
Outdated
} | ||
else | ||
{ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
minor: keep formatting consistent
include/etiss/SimpleMemSystem.h
Outdated
uint8_t hexVal = static_cast<uint8_t>(strtol(dataPtr, endPtr, 16)); | ||
mem_[i] = hexVal; | ||
|
||
if (errno != 0){ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
errno != 0
only indicates an out-of-range condition for strtol
, not an invalid string, see: https://en.cppreference.com/w/c/string/byte/strtol. To avoid this, use std::stoi
: https://en.cppreference.com/w/cpp/string/basic_string/stol and handle the thrown exception(s).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for clarifying. I was a bit confused after the errno=EINVAL option was not triggered with a false "hex val string": e.g 0xDEADBEEFh -> 0xDEADBEEF0
instead of leading to an errno!=0.
A weird thing though is that vscode leads me to this linux header:
https://github.com/torvalds/linux/blob/master/include/uapi/asm-generic/errno-base.h#L26
I assume that my work folder probably accesses unused files
include/etiss/SimpleMemSystem.h
Outdated
etiss::log(etiss::WARNING, "Hex Value MemSegment input is erronous (typo?)"); | ||
throw "MemSegmentInit for hex value is errnounous"; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
use etiss::FATALERROR
to exit ETISS without having to resort to throw
include/etiss/SimpleMemSystem.h
Outdated
for (etiss::uint64 i = 0; i < size_; ++i) | ||
{ | ||
mem_[i] = random_char_(generator); | ||
const char* dataPtr = initString.substr(i%initString.length(),1).c_str(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
reading one hex character at a time will give you only 4 bits, you need 8
include/etiss/SimpleMemSystem.h
Outdated
{ | ||
initString.erase(initString.begin(),initString.begin()+2); | ||
std::stringstream mem_msg; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
mem_msg
is unused here
include/etiss/SimpleMemSystem.h
Outdated
else if (initString.find("random") == 0 || initString.find("RANDOM") == 0) | ||
{ | ||
const char* data = initString.c_str(); | ||
for (etiss::uint64 i = 0; i < size_; ++i) | ||
{ | ||
mem_[i] = data[i%strlen(data)]; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
where did the randomizing go?
include/etiss/SimpleMemSystem.h
Outdated
static std::default_random_engine generator{ static_cast<uint64_t>(0) }; | ||
std::uniform_int_distribution<int> random_char_{ 0, 255 }; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
could move these lines to where they are actually needed
src/SimpleMemSystem.cpp
Outdated
} else if (initEleSet) { | ||
if (initString.find("random") == 0 || initString.find("RANDOM")== 0) { | ||
mem_msg << "The memory segment " << i << " is initialized with 0x" << std::hex << length << " random bytes !"; | ||
etiss::log(etiss::INFO, mem_msg.str()); | ||
} else if (initString.find("0x") == 0) { | ||
mem_msg << "The memory segment " << i << " is initialized with 0x" << std::hex << length << " elements with hex value: " << initString; | ||
etiss::log(etiss::INFO, mem_msg.str()); | ||
} | ||
else | ||
{ | ||
mem_msg << "The memory segment " << i << " is initialized with 0x" << std::hex << length << " elements with the string: " << initString; | ||
etiss::log(etiss::INFO, mem_msg.str()); | ||
} | ||
} else { | ||
mem_msg << "The memory segment " << i << " is initialized with 0x" << std::hex << length << " random values !"; | ||
mem_msg << "The memory segment " << i << " is allocated uninitialized with length 0x" << std::hex << length << " !"; | ||
etiss::log(etiss::INFO, mem_msg.str()); | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
all these conditionals do is print debug messages, move the messages to MemSegment()
where these differentiations have to be made anyways
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Well I lacked the local i var
. Therfore I let this on this level. Otherwise I will remove just the i var
since it is quite clear which MemSegment
is initialized with which values.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
agreed, i
should not be necessary to keep here.
include/etiss/SimpleMemSystem.h
Outdated
// Can be overwritten afterwards with load_elf | ||
void memInit(std::string initString) | ||
{ | ||
static std::default_random_engine generator{ static_cast<uint64_t>(0) }; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would prefer having the seed (optionally) configurable via INI settings. Otherwise it would be quite hard to reproduce bugs,…
Delete Buffer in loadsegments function
Initialize memory region with 0 if no image existent