skip to main content
10.1145/3649329.3655911acmconferencesArticle/Chapter ViewAbstractPublication PagesdacConference Proceedingsconference-collections
research-article
Open access

PathFuzz: Broadening Fuzzing Horizons with Footprint Memory for CPUs

Published: 07 November 2024 Publication History

Abstract

Coverage metrics have been widely adopted to quantify the completeness of hardware verification. Recently, coverage-guided fuzzing has emerged as a popular method for automatically creating test inputs toward higher verification coverage reach. However, we observe that its effectiveness on CPUs is hindered by limited sources of seed corpus and efficiency of mutations. To broaden the fuzzing horizons, this paper proposes the PathFuzz framework incorporating an efficient input format for fuzzing CPUs, the footprint memory, with seed corpus from real-world large-scale programs. Experiments demonstrate that using PathFuzz reaches over 95% verification coverage with four long-standing bugs newly identified in two well-known open-source CPU designs.

References

[1]
Krste Asanović, Rimas Avizienis, Jonathan Bachrach, Scott Beamer, David Biancolin, Christopher Celio, Henry Cook, Daniel Dabbelt, John Hauser, Adam Izraelevitz, Sagar Karandikar, Ben Keller, Donggyu Kim, John Koenig, Yunsup Lee, Eric Love, Martin Maas, Albert Magyar, Howard Mao, Miquel Moreto, Albert Ou, David A. Patterson, Brian Richards, Colin Schmidt, Stephen Twigg, Huy Vo, and Andrew Waterman. 2016. The Rocket Chip Generator. Technical Report UCB/EECS-2016-17. EECS Department, University of California, Berkeley.
[2]
Niklas Bruns, Vladimir Herdt, Daniel Große, and Rolf Drechsler. 2022. Efficient Cross-Level Processor Verification Using Coverage-Guided Fuzzing. In Proceedings of the Great Lakes Symposium on VLSI 2022 (GLSVLSI '22). Association for Computing Machinery, New York, NY, USA, 97--103.
[3]
Sadullah Canakci, Leila Delshadtehrani, Furkan Eris, Michael Bedford Taylor, Manuel Egele, and Ajay Joshi. 2021. DirectFuzz: Automated Test Generation for RTL Designs Using Directed Graybox Fuzzing. In 2021 58th ACM/IEEE Design Automation Conference (DAC). IEEE Press, 529--534.
[4]
Chen Chen, Rahul Kande, Nathan Nguyen, Flemming Andersen, Aakash Tyagi, Ahmad-Reza Sadeghi, and Jeyavijayan Rajendran. 2023. HyPFuzz: Formal-Assisted Processor Fuzzing. In 32nd USENIX Security Symposium. 1361--1378.
[5]
Andrea Fioraldi, Dominik Christian Maier, Dongjia Zhang, and Davide Balzarotti. 2022. LibAFL: A Framework to Build Modular and Reusable Fuzzers. In Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security (CCS '22). Association for Computing Machinery, 1051--1065.
[6]
Muhammad Monir Hossain, Arash Vafaei, Kimia Zamiri Azar, Fahim Rahman, Farimah Farahmandi, and Mark Tehranipoor. 2023. SoCFuzzer: SoC Vulnerability Detection using Cost Function enabled Fuzz Testing. In 2023 Design, Automation & Test in Europe Conference & Exhibition (DATE). 1--6.
[7]
Jaewon Hur, Suhwan Song, Dongup Kwon, Eunjin Baek, Jangwoo Kim, and Byoungyoung Lee. 2021. DifuzzRTL: Differential Fuzz Testing to Find CPU Bugs. In 2021 IEEE Symposium on Security and Privacy (SP). 1286--1303.
[8]
Rahul Kande, Addison Crump, Garrett Persyn, Patrick Jauernig, Ahmad-Reza Sadeghi, Aakash Tyagi, and Jeyavijayan Rajendran. 2022. TheHuzz: Instruction Fuzzing of Processors Using Golden-Reference Models for Finding Software-Exploitable Vulnerabilities. In 31st USENIX Security Symposium. 3219--3236.
[9]
Kevin Laeufer, Jack Koenig, Donggyu Kim, Jonathan Bachrach, and Koushik Sen. 2018. RFUZZ: Coverage-Directed Fuzz Testing of RTL on FPGAs. In 2018 IEEE/ACM International Conference on Computer-Aided Design (ICCAD). 1--8.
[10]
Daniel Lewin, Dean Lorenz, and Shmuel Ur. 1996. A Methodology for Processor Implementation Verification. In Proceedings of the First International Conference on Formal Methods in Computer-Aided Design (FMCAD '96). Springer, 126--142.
[11]
Rongjian Liang, Nathaniel Pinckney, Yuji Chai, Haoxin Ren, and Brucek Khailany. 2023. Late Breaking Results: Test Selection For RTL Coverage By Unsupervised Learning From Fast Functional Simulation. In 2023 60th ACM/IEEE Design Automation Conference (DAC). 1--2.
[12]
Hany Ragab, Koen Koning, Herbert Bos, and Cristiano Giuffrida. 2022. Bugs-Bunny: Hopping to RTL Targets with a Directed Hardware-Design Fuzzer. In Fourth Workshop on the Security of Software/Hardware Interfaces.
[13]
riscv-software-src. [n.d.]. Spike, a RISC-V ISA Simulator. https://github.com/riscv-software-src/riscv-isa-sim
[14]
Timothy Trippel, Kang G. Shin, Alex Chernyakhovsky, Garret Kelly, Dominic Rizzo, and Matthew Hicks. 2022. Fuzzing Hardware Like Software. In 31st USENIX Security Symposium (USENIX Security 22). USENIX Association, 3237--3254.
[15]
Shmuel Ur and Yaov Yadin. 1999. Micro Architecture Coverage Directed Generation of Test Programs. In Proceedings of the 36th Annual ACM/IEEE Design Automation Conference (DAC '99). Association for Computing Machinery, 175--180.
[16]
Shobha Vasudevan, Wenjie (Joe) Jiang, David Bieber, Rishabh Singh, hamid shojaei, C. Richard Ho, and Charles Sutton. 2021. Learning Semantic Representations to Verify Hardware Designs. In Advances in Neural Information Processing Systems, Vol. 34. Curran Associates, Inc., 23491--23504.
[17]
Huaqiang Wang, Zifei Zhang, Yue Jin, Linjuan Zhang, and Kaifan Wang. 2020. NutShell: A Linux-Compatible RISC-V Processor Designed by Undergraduates. In RISC-V Global Forum 2020 (Virtual Event). RISC-V International.
[18]
Jinyan Xu, Yiyuan Liu, Sirui He, Haoran Lin, Yajin Zhou, and Cong Wang. 2023. MorFuzz: Fuzzing Processor via Runtime Instruction Morphing enhanced Synchronizable Co-simulation. In 32nd USENIX Security Symposium. 1307--1324.
[19]
Yinan Xu, Zihao Yu, Dan Tang, Guokai Chen, Lu Chen, Lingrui Gou, Yue Jin, Qianruo Li, Xin Li, Zuojun Li, Jiawei Lin, Tong Liu, Zhigang Liu, Jiazhan Tan, Huaqiang Wang, Huizhe Wang, Kaifan Wang, Chuanqi Zhang, Fawang Zhang, Linjuan Zhang, Zifei Zhang, Yangyang Zhao, Yaoyang Zhou, Yike Zhou, Jiangrui Zou, Ye Cai, Dandan Huan, Zusong Li, Jiye Zhao, Zihao Chen, Wei He, Qiyuan Quan, Xingwu Liu, Sa Wang, Kan Shi, Ninghui Sun, and Yungang Bao. 2022. Towards Developing High Performance RISC-V Processors Using Agile Methodology. In 2022 55th IEEE/ACM International Symposium on Microarchitecture (MICRO). 1178--1199.

Index Terms

  1. PathFuzz: Broadening Fuzzing Horizons with Footprint Memory for CPUs

      Recommendations

      Comments

      Information & Contributors

      Information

      Published In

      cover image ACM Conferences
      DAC '24: Proceedings of the 61st ACM/IEEE Design Automation Conference
      June 2024
      2159 pages
      ISBN:9798400706011
      DOI:10.1145/3649329
      This work is licensed under a Creative Commons Attribution International 4.0 License.

      Sponsors

      In-Cooperation

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      Published: 07 November 2024

      Check for updates

      Author Tags

      1. fuzzing
      2. hardware verification
      3. test generation

      Qualifiers

      • Research-article

      Conference

      DAC '24
      Sponsor:
      DAC '24: 61st ACM/IEEE Design Automation Conference
      June 23 - 27, 2024
      CA, San Francisco, USA

      Acceptance Rates

      Overall Acceptance Rate 1,770 of 5,499 submissions, 32%

      Upcoming Conference

      DAC '25
      62nd ACM/IEEE Design Automation Conference
      June 22 - 26, 2025
      San Francisco , CA , USA

      Contributors

      Other Metrics

      Bibliometrics & Citations

      Bibliometrics

      Article Metrics

      • 0
        Total Citations
      • 156
        Total Downloads
      • Downloads (Last 12 months)156
      • Downloads (Last 6 weeks)40
      Reflects downloads up to 17 Feb 2025

      Other Metrics

      Citations

      View Options

      View options

      PDF

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader

      Login options

      Figures

      Tables

      Media

      Share

      Share

      Share this Publication link

      Share on social media