Spectector is a tool for automatically detecting leaks caused by speculatively executed instructions in x64 assembly programs.

In a nutshell, Spectector symbolically executes the program under analysis with respect to a semantics that captures the effects of speculatively executed instructions. During the symbolic execution, Spectector derives SMT formulae characterizing leaks caused by speculatively executed instructions, and it relies on the Z3 SMT solver to determine the presence of possible leaks or prove their absence.

Using Spectector, we detected subtle bugs in the way Spectre-countermeasures are placed by several major compilers, which may result in insecure programs or unnecessary countermeasures.