LibLISA: Instruction Discovery and Analysis on x86-64

Jos Craaijo*, Freek Verbeek, Binoy Ravindran

*Corresponding author for this work

Research output: Contribution to journalArticleAcademicpeer-review

Abstract

Even though heavily researched, a full formal model of the x86-64 instruction set is still not available. We present libLISA, a tool for automated discovery and analysis of the ISA of a CPU. This produces the most extensive formal x86-64 model to date, with over 118000 different instruction groups. The process requires as little human specification as possible: specifically, we do not rely on a human-written (dis)assembler to dictate which instructions are executable on a given CPU, or what their in- and outputs are. The generated model is CPU-specific: behavior that is "undefined"is synthesized for the current machine. Producing models for five different x86-64 machines, we mutually compare them, discover undocumented instructions, and generate instruction sequences that are CPU-specific. Experimental evaluation shows that we enumerate virtually all instructions within scope, that the instructions' semantics are correct w.r.t. existing work, and that we improve existing work by exposing bugs in their handwritten models.

Original languageEnglish
Article number283
Number of pages29
JournalProceedings of the ACM on Programming Languages
Volume8
Issue numberOOPSLA2
DOIs
Publication statusPublished - 8 Oct 2024

Keywords

  • instruction enumeration
  • instruction semantics
  • synthesis

Fingerprint

Dive into the research topics of 'LibLISA: Instruction Discovery and Analysis on x86-64'. Together they form a unique fingerprint.

Cite this