SlideShare utilise les cookies pour améliorer les fonctionnalités et les performances, et également pour vous montrer des publicités pertinentes. Si vous continuez à naviguer sur ce site, vous acceptez l’utilisation de cookies. Consultez nos Conditions d’utilisation et notre Politique de confidentialité.
SlideShare utilise les cookies pour améliorer les fonctionnalités et les performances, et également pour vous montrer des publicités pertinentes. Si vous continuez à naviguer sur ce site, vous acceptez l’utilisation de cookies. Consultez notre Politique de confidentialité et nos Conditions d’utilisation pour en savoir plus.
Tockilator: Deducing Tock execution flows from Ibex Verilator traces
Deducing Tock execution ﬂow
from Ibex Verilator traces
Oxide Computer Company
● New computer company seeking to modernize on-premises computers
● We are rethinking the embedded systems at the foundation of
computers: the hardware root-of-trust and service processor
● With its emphasis on safety, security, and size, Rust is an excellent ﬁt for
● Tock is a Rust-based operating system designed for embedded systems
● A logical descendent of TinyOS, retains the emphasis on small size while
allowing the system to be extensible, portable and reliable
● Tock allows for MPU-/PMP-protected applications
● Importantly, Tock aims for application portability
● As such, promising for collaboration across different embedded
projects -- and being used for the OpenTitan root-of-trust project
Verilator + Ibex
● Verilator is an open source, cycle-accurate simulation tool that takes
synthesizable Verilog, and translates it to C++ to execute
● Verilator can emit e.g. FST for use as input to GTKwave
● Verilator is being used to simulate Ibex, an open 32-bit RISC-V core
● Ibex is the softcore for Earl Grey, the ﬁrst OpenTitan SoC
● Ibex has a tracer module that has been modiﬁed to support Verilator
with human-readable instruction logging
Complete instruction tracing!
● Debugging embedded systems is extraordinarily excruciating...
● ...but having entire instruction traces is singularly valuable!
● Looking at instruction traces can enable bringup -- and obviously has
tremendous power around code coverage, memory coverage, etc.
● Challenge: as tedious as instruction traces are to use to understand
C-based systems, they are much, much harder for Rust-based systems!
● Can we process Ibex Verilator traces to make sense of Tock?
● Rust program that takes an Ibex Verilator trace and a pointer to the ELF
objects representing the boot ROM and Tock instance
● Symbolically resolves instructions; by determining function entry and
return, can show execution ﬂow through Tock
● Tockilator uses DWARF information to decode function parameters
and (importantly!) inlined function calls
● Tock architecture allows Tockilator to show app + kernel ﬂow
● Primordial, but promising for Tock and Tock-based applications!
Rust, Tockilator and beyond
● Rust is an excellent ﬁt for embedded systems: its ability to have
powerful abstractions with tiny binaries borders on the magical
● But to debug systems, we must cut through the magic, allowing the
system to be understood from the machine up
● Tockilator is one approach, but there is much more than can be done;
instruction traces are a very rich vein for system understanding!
● Tockilator is available at https://github.com/oxidecomputer/tockilator