Path-Exploration Lifting: Hi-Fi Tests for Lo-Fi Emulators
Processor emulators are widely used to provide isolation and instrumentation of binary software. However, they have proved difficult to implement correctly: processor specifications have many corner cases that are not exercised by common workloads. It is untenable to base other system security properties on the correctness of emulators that have received only ad-hoc testing. To obtain emulators that are worthy of the required trust, the authors propose a technique to explore a high-fidelity emulator with symbolic execution, and then lift those test cases to test a lower-fidelity emulator.