diff --git a/README b/README.md similarity index 88% rename from README rename to README.md index 263ba4a..d51e270 100644 --- a/README +++ b/README.md @@ -1,5 +1,5 @@ -= A DFA-based x86 validator for Native Client = +# A DFA-based x86 validator for Native Client This is a replacement x86-32 validator for Native Client. It uses a @@ -11,16 +11,17 @@ instructions. This has a number of benefits: * it's easier to verify the correctness of the validator -Faster: +## Faster The DFA-based validator is roughly 8-10 times faster than the original x86-32 validator. Time to validate irt.nexe + libc.so.6 + ld.so: - original ncval: 0.446s - dfa_ncval: 0.047s -Smaller: + original ncval: 0.446s + dfa_ncval: 0.047s + +## Smaller The DFA-based validator is <3000 lines of non-generated code: It has 250 lines of C code, and the rest is in Python. @@ -34,7 +35,7 @@ therefore about 22k in size: 88 * 256 = 22528 (this DFA accepts bytes as inputs so we multiply the number of states by 256). The total text size of the validator executable is about 26k. -Easier to verify: +## Easier To Verify Since the DFA is acyclic, it is possible to enumerate all the byte sequences that it accepts. It is entirely feasible to feed all the @@ -58,21 +59,20 @@ two specifications are equivalent, or list the instructions that one specification accepts and the other rejects. -== How to try it out == +# How to try it out -$ make -$ ./dfa_ncval .../hello_world.nexe + $ make + $ ./dfa_ncval .../hello_world.nexe -== How it works == +# How it works -TODO: Explain how we generate the DFA. +# TODO: Explain how we generate the DFA. -TODO: Explain how we handle indirect jumps (superinstructions) and +# TODO: Explain how we handle indirect jumps (superinstructions) and direct jumps. - -== Still to do == +# Still to do * Implement instruction replacement checking. NaCl's nacl_dyncode_modify() syscall allows immediate values and @@ -94,12 +94,12 @@ validator allows. Check for any remaining SSE, MMX or 3DNow instructions. -== Future work == +# Future work Implement an x86-64 validator. -== Differences from the original validator == +# Differences from the original validator The DFA-based validator does not require that CALL instructions are aligned so that they end at an instruction bundle boundary.