v1.3.2

Minor release with compatibility fixes and a few bug fixes:

• Executor: modified to be compatible with Linux 6.8+
• Python build: modified to be compatible with Python 3.12
• Model: fixed the reset of the tracing state after exceptions
• Executor: fixed type cast issue in VMCB initialization + added corresponding sanity checks
• Executor: gracefully handle cases when SMAP/MPX are disabled in kernel; ref #113

Full Changelog: v1.3.1...v1.3.2

v1.3.1

Minor release with several bug fixes and stability improvements:

• cli: Invalid argument in CLI tfuzz mode by @brianfu in #109
• root: update list of tested branches in CI by @OleksiiOleksenko in #110
• tests: L1TF tests - only test for Tiger Lake+ by @brianfu in #112
• config: instruction_blocklist_append is no longer ignored
• re-written the measurement state machine in executor from ASM into C

Full Changelog: v1.3.0...v1.3.1

v1.3.0

Major update on the testing features:

• Support for template-based program generation
• Support for template macros
• Support for multi-mode test cases (kernel mode, user mode, VM mode, and transitions between them)
• Support for actors: Isolated parts of test case that have their own code and data, and that can interact with each other
• Added architectural fuzzing mode for detecting mismatches between the model and the executor
• Added TSC (time stamp counter) measurement mode
• Rewritten analyzer to support multiple analysis modes. Changed default analyzer to a statistics (chi2)-based one
• Added an option to track instruction coverage
• Added value speculation contracts
• Added a non-interference model for testing information flows between actors

Wider support for x86-64 ISA:

• Support for 128-bit SIMD (SSE 1-4)
• Correct handling of IDIV
• Intel MPX exceptions

Stability features:

• Synchronized seeds for both program and input generators
• Multi-pass testing of detected violations to gradually remove various known types of False Positives
• Many improvements to the logging infrastructure
• Pass-based re-implementation of minimizer
• Graceful propagation of errors from executor up to the user interface
• Implemented full fault sandbox for catching bugs in executor without causing crashes
• State machine-based monitoring of incomplete measurements in executor

And also a bit more documentation on cli, config, and minimization.

v1.2.4

This release bundles several recent bug fixes:

• Fix incorrect patching of undefined flags (#64)
• Added a missing hatch target (#92)
• Added generation of signed immediates (#91)
• Removed outdated fields in demos
• Added missing py.typed file
• Added Borg-based Logger

Also updates the instruction set file (attached).

v1.2.2

This release is mainly dedicated to the changes that were required to publish on PyPI, including:

• Updated structure of imports (36bf130)
• Changed CLI entry point from src/cli.py to revizor.py (2c9383e)
• The default installation method is now via pip: pip install revizor-fuzzer

Beside that, the release includes the following minor changes:

• Input array is now zero-initialized (0c5c999)
• The interface to input generator and program generator became more uniform (b03baaa)
• Contract traces are now normalized. For example, if the model executes a memory access to address 0x110 and the sandbox base address is 0x100, the contract trace will contain the value 0x10 (in the past, it would contain 0x110).

V1.2

In release v1.2:

• support for AMD CPUs
• support for testing exceptions (page faults, division errors, undefined opcodes, etc)
• new CLI interface for generating test cases cli.py generate
• new CLI interface for reproducing and debugging violations cli.py reproduce
• several improvements to the logging output
• new executor mode: Partial Prime+Probe
• improved algorithm for generating conditional branches
• several refactorings and bug fixes

V1.1

• Split the code base into the architecture-independent part (src/) and the architecture-specific part (e.g., src/x86/)
• Factory module (src/factory.py) to set up Revizor according to the user config
• x86-specific optimizations - speculation filter and observation filter - that discard the test cases that do not show signs of leakage
• Numpy-based re-implementation of the input generator (it has better performance)
• Migrated to using a vendor-independent JSON format for describing ISA
• Added basic documentation (docs/) and a small demo (demo/)