Examiner
ToolFirst seen 6/7/2026
Last seen 6/7/2026
Evidence 13 chunks
NEIGHBORHOOD
No graph connections found for this entity yet. It may appear in future ingestion runs.
explore full graph →RELATIONSHIPS
33 connections Examiner: Automatically Locating Inconsistent Instructions between Real Devices and CPU Emulators for ARM ← introduces 100% 2e
The paper introduces the Examiner prototype system for locating inconsistent instructions.
Examiner uses differential testing to compare instruction execution between emulators and real devices.
Examiner uses symbolic execution on ARM ASL code to generate test cases.
Examiner parses and symbolically executes ARM ASL code to derive test cases.
Examiner evaluates QEMU by comparing its instruction execution results against real devices.
Examiner generates test cases covering A32 instruction set encodings.
Examiner generates test cases covering T32 instruction set encodings.
Examiner generates test cases covering T16 instruction set encodings.
Examiner evaluates inconsistent instructions on ARMv5 architecture real devices.
Examiner evaluates inconsistent instructions on ARMv6 architecture real devices.
Examiner evaluates inconsistent instructions on ARMv7 architecture real devices.
Examiner evaluates inconsistent instructions on ARMv8 architecture real devices.
Examiner consists of a test case generator as one of its two main components.
Examiner consists of a differential testing engine as one of its two main components.
Examiner identifies UNPREDICTABLE instruction behavior as a root cause of inconsistencies.
Examiner detects UNDEFINED instruction behavior as part of its inconsistency analysis.
Examiner uses constraint solving to find concrete values of encoding symbols that satisfy or negate ASL constraints.
Examiner inserts prologue and epilogue instructions to set up CPU state and capture execution results for comparison.
Examiner compares the CPU state after instruction execution between emulators and real devices to identify inconsistencies.
Examiner builds mutation sets for each encoding symbol as the basis for test case generation.
Examiner parses ARM instruction encodings to extract symbols and generate test cases.
Examiner generates test cases covering A64 instruction set encodings.
Examiner is applied to Unicorn to locate inconsistent instructions.
Examiner is applied to Angr to locate inconsistent instructions.
Examiner uses a syntax-aware strategy to generate syntactically correct instructions by mutating encoding symbols.
Examiner uses a semantics-aware strategy to extract and solve ASL constraints to cover different execution paths.
Examiner uses the Z3 SMT solver to solve encoding symbol constraints for test case generation.
Examiner mutates encoding symbols based on pre-defined rules to generate instruction streams.
Examiner conducts backward symbolic execution to retrieve constraints from ASL code.
Examiner generates instruction streams to be fed into its differential testing engine.
Examiner uses Capstone to extract target memory addresses from instructions during differential testing.
Examiner is compared with EmuFuzzer, an existing differential testing framework.
Examiner is compared with iDEV, a prior work studying semantic deviation of ARM instructions.