Arm has released Morello instruction emulator 1.3 on 14th of October 2021. What are the main changes and improvements that are included in this release?
October release of Morello instruction emulator (version 1.3) marks first anniversary since the original release of the tool back in October 2020. This time it is focused on improving support for running and debugging multi-threaded Morello applications and experimenting with Morello compartments.
We've improved debugger by adding more convenient way to specify memory addresses and PC values. We have also updated cache model adding support for level 3 cache and counting system calls in the event counter. Other improvements include:
This release fixes some important bugs in implementation of memory tags and PCC permissions checking. This is crucial for working with multi-threaded Morello applications.
Fixed in this release:
DebuggerThe debugger allows interrupting execution of a Morello application at a given point and exploring the current CPU state (including real and emulated registers and memory tags).
Previously it was possible to provide initial breakpoint address from command line by using -break <pc> option where <pc> is either a hexadecimal literal value or a symbol name (in which case it is translated to start address of a known symbol). It is now also possible to use unsigned offsets in bytes with respect to the start of a given symbol:
morelloie -break main+8 -- ./app
[28700:2103d8] br add main+16
Added breakpoint at 2103e0
[28700:2103d8] br list
- breakpoint at 2103e0 main+16
- breakpoint at 2103d8 main+8
To inspect memory at some address, you may now use register names with signed offsets for specifying the address value:
[28730:2103d0] cap c1+16
 -- 0x1:dc1f4000:40000000:00000000:00000000 (tag exists)
This command will load capability from memory at address written in C1 register plus 16 bytes.
In addition to viewing memory blocks and capabilities using mem and cap commands, it is now possible to enumerate 16-byte aligned blocks of memory as capabilities. You can do it for a stack frame using the frame command:
[28730:2103d0] frame 1
Alternatively, you may use start and end addresses with the view command:
[28730:2103dc] view c1 c1+32
Address T Capability Base Limit Offset Permissions Seal
0000000031336010: 1 dc1f4000:40000000:00000000:00000000 0000000000000000 0000000000000000 0 rw.RW.ML.....G
0000000031336000: 1 dc1f4000:466dc667:0000ffff:c203c667 0000ffffc203c667 0000ffffc203c66d 0 rw.RW.ML.....G
DynamoRIO runtime options
Morello IE uses custom launcher application morelloie that uses DynamoRIO under the hood. Previously, only limited set of DynamoRIO options were supported. Now any runtime option supported by DynamoRIO can be provided in command line using the -Dr,<option> or -Dr,<option> <value> syntax. This can be helpful when default behaviour of DynamoRIO needs to be modified for running your application.
Capability control registerIt is now possible to set specific bits of the capability control register CCTLR_EL0 from command line. Options -SBL, -DDCBO, -PCCBO, -ADRDPB are available to set corresponding control bits before application starts. By default, all these bits are unset. You may experiment with sealing link register at function call by setting SBL bit.
Cache model now provides compulsory misses metric for all cache levels. It is now equipped with L3 cache as well. This cache can be configured using options -l3-size for the size of the cache in bytes and -l3-ways for cache associativity.