TL;DR MileSan is an RTL sanitizer that detects arbitrary exploitable information leakage by checking for the architecturally-observable differences between architectural and microarchitectural information flows. We built RandOS, a fuzzer that employs MileSan for program generation and leakage detection, and found 19 new leakages (of which 13 were assigned CVEs) across 5 RISC-V CPUs. Below is a video of RandOS discovering leakage using MileSan: Motivation Microarchitectural performance optimizati...