On 12/9/19 10:08 PM, Luke Nelson wrote: [...]
We have been developing a formal verification tool for BPF JIT compilers, which we have used in the past to find bugs in the RV64 and x32 BPF JITs: https://unsat.cs.washington.edu/projects/serval/ Recently I added support for verifying the JIT for branch and jump instructions, and thought it a good opportunity to verify these patches that add support for far jumps and branching. I ported these patches to our tool and ran verification, which didn't find any bugs according to our specification of BPF and RISC-V. The tool and code are publicly available, and you can read a more detailed writeup of the results here: https://github.com/uw-unsat/bpf-jit-verif/tree/far-jump-review Currently the tool works on a manually translated version of the JIT from C to Rosette, but we are experimenting with ways of making this process more automated.
This is awesome work! Did you also check for other architectures aside from riscv and x86-32, e.g. x86-64 or arm64? It would be great if we could add such verification tool under tools/bpf/ which would then take the in-tree JIT-code as-is for its analysis and potentially even trigger a run out of BPF selftests. Any thoughts whether such path would be feasible wrt serval?
Reviewed-by: Luke Nelson <lukenels@xxxxxxxxxxxxxxxxx> Cc: Xi Wang <xi.wang@xxxxxxxxx>
Thanks, Daniel
