| Summary: | Several mitigations to thwart Spectre attacks have been proposed. However, design errors or trojans can be exploited to circumvent these mitigations. We have developed a highly-automated formal verification methodology that can detect if modern microprocessor designs are vulnerable to Spectre and its variants or prove otherwise. The methodology comprises of a refinement-based formal Spectre invulnerability property, and refinement maps, abstractions and invariants required to efficiently check the property. The methodology was evaluated on 29 benchmarks based on the RSD, which is an open source RISC-V based out-of-order superscalar processor. The benchmarks incorporated two Spectre defenses including software-controlled speculation and data track. Also incorporated were various implementation errors and hardware Trojans such as internally-triggered, rare-circuit-state and time-bombs that induce Spectre. What was evaluated was if the methodology could efficiently prove that an implementation is not vulnerable to Spectre and provide a counterexample otherwise. The methodology provided accurate classification for all benchmarks. The verification times were very efficient, ranging from 30 seconds to 1,500 seconds.
|
|---|