JSON Configuration Support

[seasox]

Description

This Pull Request introduces some new tools and changes to the configuration of Blacksmith. The goal of these changes is to make it easier to configure and run the tool. In particular, we allow passing the address mapping via a JSON config file. @its-luca and I have worked on this Pull Request collaboratively at @UzL-ITS.

Changes

• Configuration: We introduce a new BlacksmithConfig class that allows passing relevant configuration parameters via a JSON configuration file, instead of having to modify the code for each system. In particular, this configuration file allows specifying reverse engineered address mappings by passing the bits used in a mapping function. This makes it easier to customize the tool for different use cases without having to modify the code for each system and enhances collaboration by enabling researchers to easily share their findings.

• New Tools: We add three new tools:

  • checkAddrFunction: This tool can be used to verify the correctness of reverse-engineered memory mapping. It measures the average access timing between all rows on all banks for a given BlacksmithConfig.
  • determineActsPerRef: This tool helps in determining the possible activations per REFRESH instruction by repeatedly measuring timing for conflicting row accesses.
  • determineConflictThresh: This tool collects access timings to determine the gap between a row buffer hit vs. miss.

• Visualizations: We also add two small Python tools:

  • visualize_access_timings: This tool can be used to visualize the data collected by determineConflictThresh and help in determining the correct timing threshold.
  • visualize_acts_per_ref: This tool can be used to visualize the data collected by determineActsPerRef and help in determining the correct number of row activations per REFRESH instruction.

• Logging: We make some small changes to the logger. We add an optional --logfile argument, which allows to specify the log file. We also replace "\n" in logging calls with std::endl to force a flush. This ensures that log messages are written immediately, which can be useful for debugging.

Impact

These changes make Blacksmith more flexible and easier to use. The new JSON configuration allows users to describe address mappings in a more comprehensible manner. With the new tools and visualizations, users can more easily explore different configurations and gain a better understanding of the timing and threshold parameters. The logging changes also make it slightly easier to debug issues with the tool.

The tools introduced in this PR might help to resolve https://github.com/comsec-group/blacksmith/issues/4 and https://github.com/comsec-group/blacksmith/issues/15.

Please review the changes and let us know if you have any feedback or suggestions for improvement.

[pjattke]

Thanks for the really nice changes that will greatly help other to get started using Blacksmith! Before we more carefully review your changes and test the modified fuzzer, we would like to know if you have any existing Coffee Lake configuration file that you could share. Thanks!

[seasox]

I have added additional configuration files coffee-lake_i7-8700K_single-rank.json and coffee-lake_i7-8700K_dual-rank.json which I have derived from the hard-coded values in DRAMAddr.cpp and GlobalDefines.hpp. Unfortunately, we currently do not have a free Coffe Lake machine so they are kind of untested. Let me know if you run into any issues with these config files, then I'll try to get my hands on a Coffee Lake machine and triple-check the config.