Use counter values consistently

Counter values of 0 are no longer accepted for the start and end points. This brings them inline with how the trigger counter is specified. A warning is issued if a counter value of 0 is encountered.
Fraunhofer-AISEC · Dec 21, 2022 · 90722d7 · 90722d7
1 parent c642081
commit 90722d7
Show file tree

Hide file tree

Showing 5 changed files with 17 additions and 8 deletions.
diff --git a/analysis/fault-aes.json b/analysis/fault-aes.json
@@ -2,11 +2,11 @@
 	"max_instruction_count": 100 ,
 	"start" : {
 		"address" : 134220182,
-		"counter" : 0
+		"counter" : 1
 	},
 	"end" : {
 		"address" : 134220188,
-		"counter" : 2
+		"counter" : 3
 	},
 	"faults" :[	
 			[

diff --git a/controller.py b/controller.py
@@ -547,10 +547,19 @@ def process_arguments(args):
 
     faultlist = json.load(args.faults)
     if "start" in faultlist:
+        if faultlist["start"]["counter"] == 0:
+            print("A start counter of 0 in the fault configuration is invalid")
+            exit(1)
+
         qemu_conf["start"] = faultlist["start"]
     if "end" in faultlist:
         if type(faultlist["end"]) == dict:
             faultlist["end"] = [faultlist["end"]]
+        for endpoint in faultlist["end"]:
+            if endpoint["counter"] == 0:
+                print("An end counter of 0 in the fault configuration is invalid")
+                exit(1)
+
         qemu_conf["end"] = faultlist["end"]
 
     if "memorydump" in faultlist:

diff --git a/fault-readme.md b/fault-readme.md
@@ -46,12 +46,12 @@ To remove the start or end point, delete the respective block in fault.json (e.g
 
 ### start
 The start point is also a dictionary containing two variables. Its address and counter.
-Address defines an instruction in the kernel whose execution determines when the tracking of the plugin should start. The counter is the amount of executions of the start instruction until the plugin tracking is enabled. So if it is set to 0 it will start the execution of plugin when the instruction is reached. If it is set to 1 it will start the plugin at the second execution of start. Keep in mind that the start point is inside a translation block and is only accurate to the translation block level. Only after the translation block that contains the start address is finished, an analysis of faults is possible. Hence, it has to be taken care of that the faults are defined in subsequent translation blocks. 
+Address defines an instruction in the kernel whose execution determines when the tracking of the plugin should start. The counter is the amount of executions of the start instruction until the plugin tracking is enabled. So if it is set to 1 it will start the execution of the plugin when the instruction is first reached. If it is set to 2 it will start the plugin at the second execution of start. Keep in mind that the start point is inside a translation block and is only accurate to the translation block level. Only after the translation block that contains the start address is finished, an analysis of faults is possible. Hence, it has to be taken care of that the faults are defined in subsequent translation blocks.
 
 ### end
 End is similar to start. It defines the end point of execution. It has two variables.
 Address is the address of the end instruction. It needs to be a valid instruction address!
-Counter is the amount of executions of the end point. 0 means at the first encounter of the "end" instruction, the program is terminated. If it is 1 it is terminated at the second execution etc. The behaviour is n-1, with n being the number of executions.
+Counter is the amount of executions of the end point. 1 means at the first encounter of the "end" instruction, the program is terminated. If it is 2 it is terminated at the second execution etc.
 
 Multiple end points can be specified by defining "end" as an array.
 

diff --git a/fault.json b/fault.json
@@ -2,11 +2,11 @@
 	"max_instruction_count": 100 ,
 	"start" : {
 		"address" : 134218138,
-		"counter" : 0
+		"counter" : 1
 	},
 	"end" : {
 		"address" : 134217964,
-		"counter" : 2
+		"counter" : 3
 	},
 	"faults" :[	
 			[

diff --git a/faultplugin/faultplugin.c b/faultplugin/faultplugin.c
@@ -868,7 +868,7 @@ void tb_exec_end_cb(unsigned int vcpu_index, void *vcurrent)
 	if(start_point.trignum != 3)
 	{
 		qemu_plugin_outs("[End]: CB called\n");
-		if(end_point->location.hitcounter == 0)
+		if(end_point->location.hitcounter == 1)
 		{
 			qemu_plugin_outs("[End]: Reached end point\n");
 			end_point->location.trignum = 4;
@@ -886,7 +886,7 @@ void tb_exec_end_cb(unsigned int vcpu_index, void *vcurrent)
 
 void tb_exec_start_cb(unsigned int vcpu_index, void *vcurrent)
 {
-	if(start_point.hitcounter == 0)
+	if(start_point.hitcounter == 1)
 	{
 		qemu_plugin_outs("[Start]: Start point reached");
 		start_point.trignum = 0;