Name
Abstract | ||
|---|---|---|
Undocumented and faulty CPU instructions can cause undefined behavior and system instability, impairing software efforts such as OS crash recovery and resilience, and system security. Although often not considered, the identification of such undocumented instructions is critical. We present a portable RISC instruction scanner that is able to search for undocumented instructions on a wide range of RISC architectures, empowering users to verify the reliable and secure operation of their systems. We propose two methods to look for undocumented instructions. Both attempt to execute a single instruction word in a controlled manner, regaining control afterwards. Subsequently, we determine if the instruction word is considered valid by the processor, comparing this result to the processor's ISA specification. Our prototype scanner can scan multiple ARMv8 and RISC-V systems. Various inconsistencies were discovered in the QEMU emulator and disassemblers used as ground truth. Furthermore, we found an undocumented instruction on a RISC-V chip. |
Year | DOI | Venue |
|---|---|---|
2020 | 10.1109/DSN48063.2020.00047 | 2020 50th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) |
Keywords | DocType | ISSN |
Instruction Scanning,Hardware security,Undocumented Instructions | Conference | 1530-0889 |
ISBN | Citations | PageRank |
978-1-7281-5810-5 | 0 | 0.34 |
References | Authors | |
3 | 4 | |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Rens Dofferhoff | 1 | 0 | 0.34 |
| Michael Göbel | 2 | 0 | 0.34 |
| Kristian F. D. Rietveld | 3 | 10 | 3.67 |
| Erik van der Kouwe | 4 | 58 | 9.55 |