Verifying Instruction Set Simulators using Coverage-guided Fuzzing*

doi:10.23919/DATE.2019.8714912

Paper

Verifying Instruction Set Simulators using Coverage-guided Fuzzing*

Published Mar 1, 2019 · V. Herdt, Daniel Große, H. M. Le

2019 Design, Automation & Test in Europe Conference & Exhibition (DATE)

UNKNOWN SJR score

31

Citations

0

Influential Citations

Full textSemantic Scholar

Abstract

Verification of Instruction Set Simulators (ISSs) is crucial. Predominantly simulation-based approaches are used. They require a comprehensive testset to ensure a thorough verification.We propose a novel coverage-guided fuzzing (CGF) approach to improve the testcase generation process. In addition to code coverage we integrate functional coverage and a custom mutation procedure tailored for ISS verification. As a case-study we apply our approach on a set of three publicly available RISC-V ISSs. We found several new errors, including one error in the official RISC-V reference simulator Spike.

Study Snapshot

The coverage-guided fuzzing (CGF) approach improves testcase generation for instruction set simulators, identifying new errors and enhancing the verification process.

PopulationOlder adults (50-71 years)

Sample size24

MethodsObservational

OutcomesBody Mass Index projections

ResultsSocial networks mitigate obesity in older groups.

Sign up to use Study Snapshot

Consensus is limited without an account. Create an account or sign in to get more searches and use the Study Snapshot.

Create an account

Paper

Verifying Instruction Set Simulators using Coverage-guided Fuzzing*

Sign up to use Study Snapshot

References

Verifying SystemC Using Intermediate Verification Language and Stateful Symbolic Simulation

This paper presents a scalable and efficient stateful symbolic simulation approach for SystemC, combining state subsumption reduction, partial order reduction, and symbolic execution, to efficiently explore large cyclic state spaces and complete formal verification.

Extensible and Configurable RISC-V Based Virtual Prototype

The RISC-V based Virtual Prototype (VP) offers faster simulation and more accurate analysis of complex HW/SW interactions, enhancing the RISC-V ecosystem and promoting further research and development.

Towards early validation of firmware-based power management using virtual prototypes: A constrained random approach

This paper proposes a novel approach using SystemC-based Virtual Prototypes and constrained random techniques to early validate firmware-based power management strategies, ensuring high performance and low power consumption in modern System-on-Chip designs.

Learn&Fuzz: Machine learning for input fuzzing

This paper presents a machine learning technique that automates the generation of input grammars for fuzzing, enabling security-critical applications to detect security vulnerabilities in input-parsing code.

Compiled Symbolic Simulation for SystemC

Compiled Symbolic Simulation (CSS) enhances SystemC symbolic simulation for more scalable state space exploration and ensures correctness of virtual prototypes.

Citations

Enhancing Functional Verification with Dynamic Instruction Generation by Exploiting Processor Runtime States

DIG, a Dynamic Instruction Generator, reduces test instruction number by up to 62.50% and 86.11% while maintaining superior functional coverage compared to state-of-the-art random instruction generators.

Towards Understanding the Bugs in Solidity Compiler

Solidity compiler bugs are difficult to detect due to their unique characteristics and complexities, and current fuzzers are inefficient in detecting them.

A High-Coverage and Efficient Instruction-Level Testing Approach for x86 Processors

Skipscan improves test coverage and efficiency for x86 processors, identifying more undocumented instructions and instruction flaws, while reducing legal instructions by 20.1% on average.

Minimally Invasive Generation of RISC-V Instruction Set Simulators from Formal ISA Models

Our simulator-agnostic RISC-V instruction set simulator generation approach automatically generates accurate virtual prototypes, offering the same simulation performance as manual implementations while passing official RISC-V tests.

GrayC: Greybox Fuzzing of Compilers and Analysers for C

GrayC, a novel greybox fuzzer for C compilers and code analyzers, effectively identifies and fixes more middle- and back-end bugs than other mutation-based approaches.