Microarchitecture Reverse Engineering Software

Post Views: 15

Microarchitecture Reverse Engineering Simplified with New Operating System

Researchers have long faced challenges when attempting to isolate and analyze the subtle interactions between user code and kernel code within computer processors. To mitigate these issues, a team of developers from MIT’s Computer Science and Artificial Intelligence Laboratory (CSAIL) created Fractal, a new operating system designed specifically for microarchitecture reverse engineering.

Overcoming the Limitations of General-Purpose Operating Systems

The problem lies in the fact that most general-purpose operating systems introduce variability into the experimental process. This variability stems from the complex relationships between the operating system, the processor, and the applications being tested. As a result, researchers must resort to ad-hoc solutions, such as patching the kernel or writing custom drivers, to achieve the desired level of control. However, even these approaches can have unintended consequences, introducing further variables that complicate the analysis.

FRACTAL: A Robust Framework for Controlling Access

To address this challenge, the developers of Fractal started from scratch, creating a new kernel that supports three 64-bit architectures: X86_64, AARCH64, and RISC-V. This kernel, which comprises approximately 31,000 lines of code, allows researchers to dictate the exact order in which threads run and to control the access privileges of individual threads. Additionally, Fractal provides a cooperative scheduler and a memory region called the “gmap” that enables researchers to replace specific physical addresses with a large virtual area.

According to the developers of Fractal, their goal was to create a platform that would enable researchers to conduct microarchitecture reverse engineering experiments with greater accuracy and precision. They achieved this by providing a robust framework for controlling access and reducing “software noise.”

A Successful Application of FRACTAL: Uncovering Undocumented Behavior in the Apple M1 Branch Predictor

The team behind Fractal successfully utilized their creation to uncover previously undocumented behavior in the Apple M1 branch predictor. Their findings indicate that the indirect branch predictor fails to prevent user-trained targets from being speculatively fetched in kernel mode. Furthermore, the conditional branch predictor does not exhibit privilege isolation on either the performance or efficiency cores. These discoveries contradict earlier research, highlighting the importance of controlled experimentation in understanding microarchitecture behavior.

Conclusion

With Fractal, researchers now have a reliable tool for conducting microarchitecture reverse engineering experiments, allowing them to draw more accurate conclusions from their findings. As the complexity of modern computing continues to grow, the development of tools like Fractal will become increasingly essential for advancing our understanding of computer systems and improving their security and reliability.