This page does not represent the most current semester of this course; it is present merely as an archive.
This is the first of several labs that will use the Y86 simulator created by the authors of our textbook.
Download sim.tar, and extract it by doing
linux> tar xvf sim.tar
linux> cd simWe'll be using this simulator code for several labs in the future too.
Your system might be set up already:
linux> makeIf that fails, try the following:
flex, bison, -lfl, or libflTry
linux> sudo apt-get install flex bison
linux> makeIf that still fails, figure out how to install flex and bison on your machine or use a lab machine instead.
tk.h or -ltk or -ltclTry
linux> sudo apt-get install tk-dev
linux> makeIf that still fails, figure out how to install TCL/TK on your machine or use a lab machine instead.
If you have TK installed, it might be in a non-standard location. Find tk.h on your hard drive and change the Makefiles (in sim, sim/seq, and sim/pipe) to have the prefix of that path in the line that starts TKINC=. For example, if you have tk.h in /usr/include/tk.h then the lines would read TKINC=-isystem /usr/include.
You can also disable the user interface, which is what tk provides, by commenting out (with a #) the line GUIMODE=-DHAS_GUI in all three Maksefiles that have that line (in sim, sim/seq, and sim/pipe). You won't be able to run with the -g flag if you do that.
If all else fails, use a lab machine.
Once make succeeds, do
linux> cd seq
linux> ./ssim ../y86-code/asum.yoYou should see a lot of output, including the following lines:
52 instructions executed
Status = HLT
Condition Codes: Z=1 S=0 O=0
Changed Register State:
%eax: 0x00000000 0x0000abcdlinux> cd seq
linux> ./ssim -g ../y86-code/asum.yoYou should see three windows pop up: one with the assembly code being run, one with the non-code memory contents (which is initially almost empty), and one with the information about the various things the simulator is doing.
Press the "step" button twice. You should see a blue-highlighted 100 in the %esp register and a 1 in the Z condition code.
Press the "go" button. Slide the speed slider to the right. The program should stop with abcd in %eax; halt in Instr; and a Stat of HLT.
I'd encourage you to run the simulator several times until you have a feel for what it is doing and why.
Make a new Y86 assembly file that is like asum.ys but with different parameters. To do this:
cd into the y86-code directory
cp asum.ys lab3.ys to make a copy of the asum.ys code we will edit
Edit lab3.ys as follows:
0x3000, 0x300, 0x30, 0x3 instead of 0xd, 0xc0, 0xb00, 0xa000Sum(array, 3) instead of Sum(array, 4)rrmovl instructions to have the init block copy the value of %eax into all eight registers after Main returns but before calling haltAssemble the .ys code into .yo code by running make lab3.yo (or ../.misc/yas lab3.ys)
Try it yourself: from the seq directory and run ./ssim -g ../y86-code/lab3.yo. Does it end up with all eight registers being 0x3330?
Try my test suite: from the y86-code directory run bash lab3ys-check.sh.
Ken Thompson's Reflections on Trusting Trust (Turing Award acceptance speech, 1984) made the computing community aware of a problem in security: we almost always assume that our compilers, operating systems, and hardware are trustworthy, but we don't have reason to do so. He talked about how a compiler could add a "backdoor" to give people in the know special power. We'll add something like that to the seq simulator.
To keep it simple, we'll use the following idea: if someone tries to evaluate an addl operation where the value stored in the destination register is 3330, we'll execute a memory jump to the value of the source register. Thus executing the code
irmovl $3330, %ecx
irmovl $16, %edx
addl %edx, %ecxwill act normally (i.e., it will still store 3346 in %ecx) but it will then jump to address 0x010 (16, the value stored in %edx) instead of whatever the next instruction would normally be.
cd into the seq directory
Make a copy of the seq logic we can work on: cp seq-std.hcl seq-lab3.hcl
Edit seq-lab3.hcl as follows:
Skip down to the section labeled "Control Signal Definitions". That's the only part we'll edit. The things before that tell us what signals and constants we have access to and are tied to the parts of ssim that are written in C and TCL.
Locate where the code is that sets the new program counter (or PC)
Add a new case to the MUX:
ifun and icode.&&, ==, and in to build the expression describing your case.You might want to explore the HCL code a bit to figure out what the ifun, icode, and value names need to be and which register is source, which is destination. The GUI simulator or the textbook can also help.
Note that regA is the number of a register (0–8) while valA is the value stored in that register (0x00000000–0xffffffff).
Make the simulator using your new logic:
linux> make clean
linux> make ssim VERSION=lab3Try it out. Your new simulator should usually behave like any other simulator (e.g., running ./ssim ../y86-code/asum.yo should still put 0xabcd into %eax and ./ssim ../y86-code/lab3.yo should still put 0x3330 into every register). But if you run it on ../y86-code/lab3backdoor.yo it should terminate with 0xdead in %eax where other simulators would terminate without changing %eax at all.
You might be interested in this guide to simulator HCL signal names.
Submit both lab3.ys and seq-lab3.hcl on the submission page. If you run out of time, still submit the files even if they are just the ones created by cp.