Abstract: Aspects of the invention include systems and methods for to detecting security vulnerabilities using modeled attribute propagation. A non-limited example of a computer-implemented method includes generating a model of a device under test, the model comprising a data path similar to the device under test and an attribute network. The method further includes detecting protected data that is introduced into the model and marking the protected data with an attribute. An end point of the marked protected data is detected along the data path. In response to the end point being indicative of a vulnerability, an alert is issued.

Abstract: A computer-implemented method for advancing speculative execution in microarchitectures is disclosed. A non-limiting example of the computer-implemented method includes receiving, by a processor, a test scenario including a first load instruction from a first memory location flagged with a delay notification and a speculative memory access instruction from a second memory following the first load instruction. The method executes, by the processor, the first load instruction from the first memory location and delays a return of data from the first memory location for a number of processor cycles. The method executes, by the processor, the speculative storage access instruction from the second memory location during the delay in returning the data from the first memory location.

Abstract: Aspects of the invention include systems and methods for to detecting security vulnerabilities using modeled attribute propagation. A non-limited example of a computer-implemented method includes generating a model of a device under test, the model comprising a data path similar to the device under test and an attribute network. The method further includes detecting protected data that is introduced into the model and marking the protected data with an attribute. An end point of the marked protected data is detected along the data path. In response to the end point being indicative of a vulnerability, an alert is issued.

Abstract: A computer-implemented method for detecting vulnerabilities in microarchitectures. A non-limiting example of the computer-implemented method includes creating a simulation for execution on a model of a microarchitecture, the simulation including a set of instructions and a placeholder for holding a piece of secret data. The computer-implemented method executes the simulation a first time on the model of the microarchitecture with a first piece of secret data stored in the placeholder and stores a first output of the first executed simulation. The computer-implemented method executes the simulation a second time on the model of the microarchitecture with a second piece of secret data stored in the placeholder and stores a second output of the second executed simulation. The computer-implemented method compares the first output with the second output and provides an indication of a microarchitecture vulnerability when there is a difference between the first output and the second output.

Abstract: A computer-implemented method includes generating a plurality of test cases to test exploitation of speculative execution in a design of a computer processor, where the plurality of test cases include a first test case. Generating the first test case includes identifying a branch responsive to an attempted access to secure data and, responsive to the branch, marking each memory address of each memory access dependent on the attempted access to the secure data. The computer-implemented method further includes executing the first test case. Executing the first test case includes detecting an attempt to access a memory address that has been marked and, responsive to the attempt to access the memory address that has been marked, alerting of a security violation.

Abstract: A computer-implemented method for advancing speculative execution in microarchitectures is disclosed. A non-limiting example of the computer-implemented method includes receiving, by a processor, a test scenario including a first load instruction from a first memory location flagged with a delay notification and a speculative memory access instruction from a second memory following the first load instruction. The method executes, by the processor, the first load instruction from the first memory location and delays a return of data from the first memory location for a number of processor cycles. The method executes, by the processor, the speculative storage access instruction from the second memory location during the delay in returning the data from the first memory location.

Abstract: A computer-implemented method for detecting vulnerabilities in microarchitectures. A non-limiting example of the computer-implemented method includes creating a simulation for execution on a model of a microarchitecture, the simulation including a set of instructions and a placeholder for holding a piece of secret data. The computer-implemented method executes the simulation a first time on the model of the microarchitecture with a first piece of secret data stored in the placeholder and stores a first output of the first executed simulation. The computer-implemented method executes the simulation a second time on the model of the microarchitecture with a second piece of secret data stored in the placeholder and stores a second output of the second executed simulation. The computer-implemented method compares the first output with the second output and provides an indication of a microarchitecture vulnerability when there is a difference between the first output and the second output.

Abstract: A computer-implemented method includes generating a plurality of test cases to test exploitation of speculative execution in a design of a computer processor, where the plurality of test cases include a first test case. Generating the first test case includes identifying a branch responsive to an attempted access to secure data and, responsive to the branch, marking each memory address of each memory access dependent on the attempted access to the secure data. The computer-implemented method further includes executing the first test case. Executing the first test case includes detecting an attempt to access a memory address that has been marked and, responsive to the attempt to access the memory address that has been marked, alerting of a security violation.

Abstract: A method and system are provided for implementing functional verification including generating and running constrained random irritator tests for a multiple processor system and for a processor core with multiple threads. Separate tests are generated, a main test for one thread, and an irritator test for each other thread in the configuration. The main test and each irritator test are saved and randomly mixed then combined together again, where the main thread is not forced to be generated with any particular irritator.

Abstract: A method and system are provided for implementing functional verification including generating and running constrained random irritator tests for a multiple processor system and for a processor core with multiple threads. Separate tests are generated, a main test for one thread, and an irritator test for each other thread in the configuration. The main test and each irritator test are saved and randomly mixed then combined together again, where the main thread is not forced to be generated with any particular irritator.

Abstract: Embodiments relate to exiting a multithreaded guest virtual machine (VM) that is running in a simulation environment. An aspect includes executing the simulation by a guest entity comprising a plurality of logical threads, wherein each of the plurality of logical threads comprises a respective instruction stream. Another aspect includes detecting an exit event corresponding to completion, by a first thread of the plurality of logical threads, of the instruction stream corresponding to the first thread. Another aspect includes, based on determining that the simulation is executing in a redrive mode: based on determining that the TVM of the guest entity indicates that multiple threads of the plurality of logical threads are valid, nullifying a start interpretive execution (SIE) instruction of a host; setting a bit corresponding to the first thread in the TVM to invalid; executing the nullified SIE instruction; and relaunching the guest entity in the redrive mode.

Abstract: Embodiments relate to exiting a multithreaded guest virtual machine (VM) that is running in a simulation environment. An aspect includes executing the simulation by a guest entity comprising a plurality of logical threads, wherein each of the plurality of logical threads comprises a respective instruction stream. Another aspect includes detecting an exit event corresponding to completion, by a first thread of the plurality of logical threads, of the instruction stream corresponding to the first thread. Another aspect includes, based on determining that the simulation is executing in a redrive mode: based on determining that the TVM of the guest entity indicates that multiple threads of the plurality of logical threads are valid, nullifying a start interpretive execution (SIE) instruction of a host; setting a bit corresponding to the first thread in the TVM to invalid; executing the nullified SIE instruction; and relaunching the guest entity in the redrive mode.

Abstract: A method and system are provided for implementing functional verification including generating and running constrained random irritator tests for a multiple processor system and for a processor core with multiple threads. Separate tests are generated, a main test for one thread, and an irritator test for each other thread in the configuration. The main test and each irritator test are saved and randomly mixed then combined together again, where the main thread is not forced to be generated with any particular irritator.

Abstract: A method and system are provided for implementing functional verification including generating and running constrained random irritator tests for a multiple processor system and for a processor core with multiple threads. Separate tests are generated, a main test for one thread, and an irritator test for each other thread in the configuration. The main test and each irritator test are saved and randomly mixed then combined together again, where the main thread is not forced to be generated with any particular irritator.

Abstract: A verification method is provided and includes randomly choosing a hardware executed instruction in a predefined program to force Opcode Compare on, determining an identity of a corresponding opcode from the chosen instruction and initializing Opcode Compare logic to trap the chosen instruction to firmware and creating firmware to initiate performance of hardware verification in the firmware and re-initiating performance of the hardware verification in hardware.

Abstract: A method and apparatus of handling instruction rejects, partial rejects, stalls and branch wrong in a simulation model provides pipeline states for various unit verification. It defines an instruction train to encounter many events of the hardware verifications. Drivers and monitors at a unit and a core simulation level can hook into the pipeline states and perform the verification easily without having to restructure the instructions in the pipeline due to rejects, partial rejects, stalls, branch wrongs. Different event counters have been placed in the instruction pipe during the events and expand the instruction train such that the instruction train provides an accurate and detailed state of each instruction so the hardware logic signals and data can be tracked and identified from each state.

Abstract: Method, system and computer program product for verifying the address generation, address generation interlocks, and address generation bypassing controls in a CPU. An exemplary embodiment includes a verification method in a processor, the method including propagating a first set general purpose register values from a first instruction to a second instruction, wherein the simulation monitor is coupled to a first stage of the instruction pipeline, and wherein the first set of general purpose register values are stored in a simulation instruction object, selecting a second set of general purpose register values, updating the first set of general purpose register values with the second set of general purpose register values and placing the second set of general purpose register values on a bus.

Abstract: A verification method is provided and includes randomly choosing a hardware executed instruction in a predefined program to force Opcode Compare on, determining an identity of a corresponding opcode from the chosen instruction and initializing Opcode Compare logic to trap the chosen instruction to firmware and creating firmware to initiate performance of hardware verification in the firmware and re-initiating performance of the hardware verification in hardware.

Abstract: A system includes a storage device including a human readable common instruction table (CIT) stored as a text file. The system also includes CIT access software for performing a method including receiving a request from a first user for all or a subset of the CIT table relating to logic design and for providing the requested data to the first user. The method also includes receiving a request from a second user is received for all or a subset of the CIT table relating to performance analysis and for providing the requested data to the second user. A request is received from a third user for all or a subset of the CIT data relating to design verification and the requested data is provided to the third user.

Abstract: A method and apparatus of handling instruction rejects, partial rejects, stalls and branch wrong in a simulation model provides pipeline states for various unit verification. It defines an instruction train to encounter many events of the hardware verifications. Drivers and monitors at a unit and a core simulation level can hook into the pipeline states and perform the verification easily without having to restructure the instructions in the pipeline due to rejects, partial rejects, stalls, branch wrongs. Different event counters have been placed in the instruction pipe during the events and expand the instruction train such that the instruction train provides an accurate and detailed state of each instruction so the hardware logic signals and data can be tracked and identified from each state.