On a Consistency Testing Model and Strategy for Revealing RISC Processor's Dark Instructions and Vulnerabilities

Document Type


Publication Date


Publication Title

IEEE Transactions on Computers

First page number:


Last page number:



As the reduced instruction set computing (RISC) processors are widely used nowadays, to meet the requirement that no secret instructions be included in the processor ISA or implemented in the processor micro-architecture, a consistency testing approach capable of revealing any possible dark instructions (i.e., executable instructions without clear definitions) in RISC processors has been proposed and comes in three phases. During the generation phase, based on the instruction set encoding rules, all the undefined instructions are generated. Even with a smaller test space, this step guarantees the test coverage needed to reveal all possible dark instructions that exist. In the next phase, all the undefined instructions obtained from the previous phase are executed on the processor under test, following some persistence strategies; any instruction exhibiting usual execution result will be deemed suspicious and recorded so. During the last analysis phase, each of those recorded suspicious instructions will be checked and analyzed to decide whether it truly constitutes a dark instruction. We have applied the proposed testing model and strategy to several RISC processors and found that all of them have a few dark instructions previously unknown. The potential vulnerabilities introduced by these dark instructions have thus been evaluated and exposed.


Computer architecture; Consistency testing; Dark instruction; Encoding; Reduced instruction set computing; Registers; RISC processor; Security; Testing; Tools; Vulnerability


Computer and Systems Architecture | Computer Engineering | Engineering



UNLV article access

Search your library