test(fuzzing): adding variable coverage
Adding the capability to produce coverage of the arguments of the
SMC calls as generated by the fuzzer. The output from the FVP will
be routed to UART3 where a python flow will read the data to create
tables of each SMC call with its fields shown and values given. The
option is enabled by adding SMC_FUZZ_VARIABLE_COVERAGE=1 to the
corresponding TFTF config.
Change-Id: I2d4d310976aa2c0447efbd8ec0676bb9f8699828
Signed-off-by: Mark Dykes <mark.dykes@arm.com>
diff --git a/drivers/arm/pl011/aarch64/pl011_console.S b/drivers/arm/pl011/aarch64/pl011_console.S
index 0d607b9..9e25bca 100644
--- a/drivers/arm/pl011/aarch64/pl011_console.S
+++ b/drivers/arm/pl011/aarch64/pl011_console.S
@@ -18,6 +18,10 @@
.globl console_core_putc
.globl console_core_getc
.globl console_core_flush
+#ifdef SMC_FUZZ_VARIABLE_COVERAGE
+ .globl console_init_fuzzer
+ .globl console_pl011_putc_fuzzer
+#endif
/*
* The console base is in the data section and not in .bss
@@ -28,7 +32,14 @@
*/
.section .data.console_base
.align 3
+#ifdef SMC_FUZZ_VARIABLE_COVERAGE
+ .section .data.console_base_fuzzer
+ .align 3
+#endif
console_base: .quad 0x0
+#ifdef SMC_FUZZ_VARIABLE_COVERAGE
+console_base_fuzzer: .quad 0x0
+#endif
/* -----------------------------------------------
* int console_init(uintptr_t base_addr,
@@ -43,6 +54,24 @@
b console_core_init
endfunc console_init
+#ifdef SMC_FUZZ_VARIABLE_COVERAGE
+ /* -----------------------------------------------
+ * int console_init_fuzzer(uintptr_t base_addr,
+ * unsigned int uart_clk, unsigned int baud_rate)
+ *
+ * Clobber list : x1 - x3
+ * x1: Base address
+ * x2: UART clock
+ * x3: Baud rate
+ * -----------------------------------------------
+ */
+func console_init_fuzzer
+ adrp x3, console_base_fuzzer
+ str x0, [x3, :lo12:console_base_fuzzer]
+ b console_core_init
+endfunc console_init_fuzzer
+#endif
+
/* -----------------------------------------------
* int console_core_init(uintptr_t base_addr,
* unsigned int uart_clk, unsigned int baud_rate)
@@ -108,6 +137,26 @@
b console_core_putc
endfunc console_pl011_putc
+#ifdef SMC_FUZZ_VARIABLE_COVERAGE
+ /* -------------------------------------------------
+ * To allow alternate implementation of putc, pl011
+ * is appended in the function name.
+ *
+ * int console_pl011_putc_fuzzer(int c)
+ *
+ * Clobber list : x0-x2
+ * x0: Character to be printed
+ * x1: Base address
+ * x2: Overwritten by function
+ * -------------------------------------------------
+ */
+func console_pl011_putc_fuzzer
+ adrp x1, console_base_fuzzer
+ ldr x1, [x1, :lo12:console_base_fuzzer]
+ b console_core_putc
+endfunc console_pl011_putc_fuzzer
+#endif
+
/* ---------------------------------------------
* int console_core_putc(int c, uintptr_t base_addr)
* Function to output a character over the console. It
diff --git a/drivers/console/console.c b/drivers/console/console.c
index b2bae28..ea7087c 100644
--- a/drivers/console/console.c
+++ b/drivers/console/console.c
@@ -10,3 +10,21 @@
{
return console_pl011_putc(c);
}
+
+#ifdef SMC_FUZZ_VARIABLE_COVERAGE
+int console_putc_fuzzer(int c)
+{
+ return console_pl011_putc_fuzzer(c);
+}
+
+void tftf_switch_console_state(int state)
+{
+ tftf_console_state = state;
+}
+
+int tftf_get_console_state(void)
+{
+ return tftf_console_state;
+}
+
+#endif