Verifying x86 instruction implementations

Goel, Shilpi; Slobodová, Anna; Sumners, Rob; Swords, Sol

doi:10.1145/3372885.3373811

Cited by 10 publications

(8 citation statements)

References 24 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…-how memory is organized -how an instruction is decoded into a sequence of microoperations -the set of microoperations implemented in hardware -the throughput and latency of microoperations and instructions and various others features of the microprocessor. In our previous work [21], we described what it means for an x86 instruction to be decoded and executed correctly and how our proofs capture this property. For illustrative purposes, we use the same example that was described in that work.…”

Section: Challenges Of Verifying a Single X86 Instructionmentioning

confidence: 99%

“…Finally, we note that in our previous work [21], we used GL-the predecessor of FGL-as our core verification tool. The benefits of switching to FGL have been considerable.…”

Section: Front-end and Microcode Verificationmentioning

confidence: 99%

“…During the first years of FV at Centaur, we limited the proof for each microoperation to the specific unit where it was executed [25,26,37]. Since then, improvements to our RTL modeling and symbolic simulation (i.e., FGL) allow us to do the proofs in the scope of the module containing all those units (we refer to that module as the execution module or EXE) [21]. Migration to a higher scope has a huge advantage for the stability of the proofs.…”

Section: Verification Of Execution Unitsmentioning

confidence: 99%

See 2 more Smart Citations

Balancing Automation and Control for Formal Verification of Microprocessors

Goel¹,

Slobodová²,

Sumners³

et al. 2021

Computer Aided Verification

Self Cite

View full text Add to dashboard Cite

Formal methods are becoming an indispensable part of the design process in software and hardware industry. It takes robust tools and proofs to make formal validation of large scale projects reliable. In this paper, we will describe the current status of formal verification at Centaur Technology. We will explain our challenges and our methodology—how various proofs and verification artifacts are interconnected and how we keep them consistent over the duration of a project. We also describe our main engine—a powerful symbolic simulator with rewriting capabilities that is integrated in a theorem prover and proven correct.

show abstract

Section: Challenges Of Verifying a Single X86 Instructionmentioning

confidence: 99%

“…Finally, we note that in our previous work [21], we used GL-the predecessor of FGL-as our core verification tool. The benefits of switching to FGL have been considerable.…”

Section: Front-end and Microcode Verificationmentioning

confidence: 99%

Section: Verification Of Execution Unitsmentioning

confidence: 99%

See 1 more Smart Citation

Balancing Automation and Control for Formal Verification of Microprocessors

Goel¹,

Slobodová²,

Sumners³

et al. 2021

Computer Aided Verification

Self Cite

View full text Add to dashboard Cite

show abstract

“…Formal specification of instruction sets are critical in directly reasoning about low-level machine code [86,89,88,112], verifying computer processor architectures [138,139,132,140], compilers [141,90,142,143], verifying assembly language functions against a specification [144], binary rewriting across architectures [82], verified binary decompilation [145,78,146,103], abstract interpretation of binaries [147,148], automated testcase generation [149,100], synthesis of instruction semantics [87], and formalizing multiprocessor memory models [127,126]. There exist a number of notable specifications of ISAs (e.g., RISC-V [128,90,141], MIPS [128,119], CHERI-MIPS [128], PowerPC [143,91,90], SPARC [91], ARM [150,151,152,119,140,132,153,154] etc.)…”

Section: Defining Formal Semantics Of Isa (Other Than X86/x86-64)mentioning

confidence: 99%

“…Second, since our method can symbolically execute instructions, it can be used to generate input tests that have high coverage. While such analyses have been done at the detailed RTL level [191,192,193,139,140,194,155,138], there exists limited similar line of work at the x86-64 ISA level 15 . The most significant advantage of such symbolic execution is the ability to detect corner case or hard to detect bugs [191,195].…”

Section: Validating Processor Hardwarementioning

confidence: 99%

Scalable validation of binary lifters

Dasgupta

Dinesh

Venkatesh

et al. 2020

Proceedings of the 41st ACM SIGPLAN Conference on Programming Language Design and Implementation

View full text Add to dashboard Cite

The ability to directly reason about binary machine code is desirable, not only because it allows analyzing binaries even when the source code is not available (e.g., legacy code, closed-source software, or malware), but also avoids the need to trust the correctness of compilers. Binary analysis is generally performed by existing decompiler projects by (1) converting raw bytes from the binary into a stream of assembly instructions through disassembly, (2) translating machine code to an intermediate representation (IR) using a binary lifter, and (3) performing various analysis and transformations on the IR pertaining to the specific goals of the decompiler. Many binary analysis frameworks published in academia or as open-source code, use such a lifter as the first step in their pipeline. Validating the correctness of binary lifters is pivotal to gain trust in binary analysis, especially when used in scenarios where correctness is essential. Unfortunately, existing approaches focus on validating the correctness of lifting a single instruction and do not scale to full programs. I believe an effort in the direction would enable both the developers of binary translators, to validate their implementation, and the clients of those translators, to gain trust in their analysis results. The overall goal of my work is to develop formal and informal techniques to achieve high confidence in the correctness of binary lifting by leveraging the semantics of the languages involved (e.g., Intel's x86-64 and LLVM IR). Towards that goal, I made two broad contributions. First, I defined the most complete and thoroughly tested formal semantics of x86-64 to date. The semantics faithfully formalizes all the non-deprecated, sequential user-level instructions of the x86-64 Haswell instruction set architecture. The formal specification covers 3155 instruction variants, corresponding to 774 mnemonics. The semantics is fully executable and has been tested against the GCC C-torture test suite. Moreover, each instruction is individually tested against more than 7,000 instruction-level test cases. This extensive testing paid off, revealing bugs in both the x86-64 reference manual and other existing semantics, which are all acknowledged, and some are fixed. Also, I illustrated potential applications of the semantics in different formal analyses, and discuss how it can be useful for processor verification. Second, I show that formal translation validation of single instructions for a complex ISA like x86-64 is not only practical but can be used as a building block for scalable full-program validation. My work is the first to do translation validation of single instructions on an Coming up to this point is one of the biggest challenges I have ever pursued in my life. This thesis would not have been possible if I did not have the support of the following people. I owe my deepest gratitude to my adviser, Professor Vikram Adve, whose guidance, patience, and encouragement have been pivotal in the successful completion of this thesis. He is one of the ...

show abstract

Metamath Zero: Designing a Theorem Prover Prover

Carneiro

2020

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Verifying x86 instruction implementations

Cited by 10 publications

References 24 publications

Balancing Automation and Control for Formal Verification of Microprocessors

Balancing Automation and Control for Formal Verification of Microprocessors

Scalable validation of binary lifters

Metamath Zero: Designing a Theorem Prover Prover

Contact Info

Product

Resources

About