Flipper: Lightweight Kernel Tailoring
Flipper can be used to gather information about the control flow in the kernel in order to generate a minimal use-case specific configuration. While ftrace causes quite a lot of overhead during the observation of the kernel, Flipper relies on small bit-setting instructions patched into the kernel to collect data. Its advantages and results are presented in the GPCE '14 paper (1) and Bernhard Heinloth's Master Thesis (2).
1.) Patch instructions into a Linux source tree
To prepare a kernel source directory, you need the semantic patch tool Coccinelle (spatch, more information at http://coccinelle.lip6.fr/).
With Coccinelle installed, you can prepare a Linux kernel source tree by running the following command:
./flipper/analyze.sh -i -b -B flipper/blacklist -m out.map -o out.patch -v path/to/linux-src/
The resulting patch can then be applied to the kernel using the traditional patch util:
patch -p1 -d path/to/linux-src/ < out.patch
2.) Integrate character device to read tracing information
Additionally, it is necessary to integrate the Flipper char device into the kernel.
First, copy the required source files into the source folder
cp -r flipper/kernel/* path/to/linux-src/
Then you need to modify the following files to include the device into the build process:
endmenu [end of file]
obj-$(CONFIG_FLIPPER_TRACE) += flipper/
at the end of file
And in include/uapi/linux/Kbuild
header-y += flipper.h
at the end of file
Now you are ready to build the kernel.
To enable this code point tracer, you have to enable the Flipper device in the kernel configuration (CONFIG_FLIPPER_TRACE). The value of CONFIG_FLIPPER_TRACE_ENTRIES must be equal or more than the number of injected codepoints (for simplicity the number of lines of the out.map file). We strongly recommend to enable CONFIG_FLIPPER_TRACE_ONE_ENTRY_PER_INDEX since it not only avoids race-conditions but also uses less recording instructions (at the cost of an increased size).
3.) Use the system/run the target workload
Use your target device booted with the prepared kernel in a typical manner.
At the end, don't forget to save the recorded trace using
cp -f /dev/flipper trace.bitmap
4.) Resolve tracing information to source code lines
You are able to resolve the source code points using the evaluateMap script and the mapping file generated by the analyze.sh script:
./flipper/evaluateMap.sh trace.bitmap out.map > trace.list
5.) Generate Linux kernel configuraion
This file can be processed with the undertaker-tailor utility to generate your linux configuration (maybe, more parameters will be needed, see the output of "undertaker-tailor -h" or the README in the tailor/ subdirectory for further details):
undertaker-tailor -f trace.list
Additional information about the approach can be found in
- (1) Automatic Feature Selection in Large-Scale System-Software Product Lines, GPCE '14, Västerås, Sweden (https://www4.cs.fau.de/Publications/2014/ruprecht_14_gpce.pdf)
- (2) Automatic Tailoring of the Multi-Purpose Linux Operating System on Embedded Devices, Master Thesis by Bernhard Heinloth (https://www4.cs.fau.de/Ausarbeitung/MA-I4-2014-09-Heinloth.pdf)