Interface Compliance of Inline Assembly: Automatically Check, Patch and Refine

Recoules, Frédéric; Bardin, Sébastien; Bonichon, Richard; Lemerre, Matthieu; Mounier, Laurent; Potet, Marie-Laure

doi:10.1109/icse43902.2021.00113

Cited by 6 publications

(6 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Bugs in expansion of builtins due to incorrect specification of clobbered registers (or memory), and those related to outcome depending on compiler choices (e.g., register aliases), eerily resemble those due to improper use of inline assembly in C programs [46]. Perhaps similar methods of validation could be used.…”

Section: Pseudo-instructionsmentioning

confidence: 99%

See 1 more Smart Citation

The Trusted Computing Base of the CompCert Verified Compiler

Monniaux

Boulmé

2022

Lecture Notes in Computer Science

View full text Add to dashboard Cite

is the first realistic formally verified compiler: it provides a machine-checked mathematical proof that the code it generates matches the source code. Yet, there could be loopholes in this approach. We comprehensively analyze aspects of where errors could lead to incorrect code being generated. Possible issues range from the modeling of the source and the target languages to some techniques used to call external algorithms from within the compiler.

show abstract

Section: Pseudo-instructionsmentioning

confidence: 99%

“…Inline assembly is so error-prone that specialized tools have been designed to check that pieces of assembly code match their read/write/clobber specification[46].…”

mentioning

confidence: 99%

The Trusted Computing Base of the CompCert Verified Compiler

Monniaux

Boulmé

2022

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…Bugs in expansion of builtins due to incorrect specification of clobbered registers (or memory), and those related to outcome depending on compiler choices (e.g., register aliases), eerily resemble those due to improper use of inline assembly in C programs [44]. Perhaps similar methods of validation could be used.…”

Section: Pseudo-instructionsmentioning

confidence: 99%

“…This creates a somewhat paradoxical situation where, for the same operation (say, 32-bit integer division): (i) if the operation is implemented in hardware, then it is trusted; (ii) if implemented in software through a call to the runtime system, then it is trusted; (iii) if implemented in software through expansion inside CompCert, then one has to provide a full proof that this expansion implements the operation: its execution coincides with that of the operator on argument values on which this operator has defined behavior. One argument is that the hardware is likely to have been designed from existant floating-point designs and thoroughly tested with many test vectors, 44 Software emulation is likely to be from a welltested established library, 45 whereas expansion in CompCert probably has not been tested so well.…”

Section: Runtime Systemmentioning

confidence: 99%

See 1 more Smart Citation

The Trusted Computing Base of the CompCert Verified Compiler

Monniaux¹,

Boulmé²

2022

Preprint

View full text Add to dashboard Cite

CompCert is the first realistic formally verified compiler: it provides a machine-checked mathematical proof that the code it generates matches the source code. Yet, there could be loopholes in this approach. We comprehensively analyze aspects of CompCert where errors could lead to incorrect code being generated. Possible issues range from the modeling of the source and the target languages to some techniques used to call external algorithms from within the compiler.

show abstract

Adversarial Reachability for Program-level Security Analysis

Ducousso

Bardin

Potet

2023

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Many program analysis tools and techniques have been developed to assess program vulnerability. Yet, they are based on the standard concept of reachability and represent an attacker able to craft smart legitimate input, while in practice attackers can be much more powerful, using for instance micro-architectural exploits or fault injection methods. We introduce adversarial reachability, a framework allowing to reason about such advanced attackers and check whether a system is vulnerable or immune to a particular attacker. As equipping the attacker with new capacities significantly increases the state space of the program under analysis, we present a new symbolic exploration algorithm, namely adversarial symbolic execution, injecting faults in a forkless manner to prevent path explosion, together with optimizations dedicated to reduce the number of injections to consider while keeping the same attacker power. Experiments on representative benchmarks from fault injection show that our method significantly reduces the number of adversarial paths to explore, allowing to scale up to 10 faults where prior work timeout for 3 faults. In addition, we analyze the well-tested WooKey bootloader, and demonstrate the ability of our analysis to find attacks and evaluate countermeasures in real-life security scenarios. We were especially able to find an attack not mentioned in a previous patch.

show abstract

Interface Compliance of Inline Assembly: Automatically Check, Patch and Refine

Cited by 6 publications

References 22 publications

The Trusted Computing Base of the CompCert Verified Compiler

The Trusted Computing Base of the CompCert Verified Compiler

The Trusted Computing Base of the CompCert Verified Compiler

Adversarial Reachability for Program-level Security Analysis

Contact Info

Product

Resources

About