Back to blog
Neelu S. Kalani

Sail and Isla ecosystems

Sailor depends on a useful shift in how hardware behavior is described: architecture specifications can be written as executable models rather than only as prose. Sail is a language for writing those ISA models, so the semantics of registers, instructions, and privilege behavior can be inspected by tools.

Isla complements that by symbolically executing Sail models. Instead of running one concrete instruction instance, symbolic execution can explore how instruction behavior depends on conditions and state. For context switching, that matters because the question is not just which state is visible, but which state can be read or modified by the ISA under relevant execution paths.

Sailor in the Sail and Isla ecosystem A diagram showing Sail ISA specifications feeding Isla symbolic execution and Sailor analysis. The ecosystem Sailor builds on Sail ISA specification Isla symbolic execution Sailor context-switch state analysis Executable specifications turn architecture details into data that security tooling can use.
Sailor is not a replacement for Sail or Isla; it is an analysis built on the structure they provide.

This separation is powerful. Sail captures architectural intent, Isla collects behavior from that model, and Sailor asks a security-specific question over the collected data: what must a context switch preserve so that one context cannot inherit, corrupt, or learn state from another?

The result is a workflow that scales better than hand-reading ISA manuals. As architectures evolve and extensions add state, the same ecosystem can be reused to re-check whether privileged software still saves what must be saved.