Verifying Instruction Set Simulators using Coverage-guided Fuzzing*

Vladimir Herdt1,a, Daniel Große1,2,c, Hoang M. Le1,b and Rolf Drechsler1,2,d
1Institute of Computer Science, University of Bremen, Bremen, Germany
avherdt@informatik.uni-bremen.de
bhle@informatik.uni-bremen.de
2Cyber-Physical Systems, DFKI GmbH, Bremen, Germany
cgrosse@informatik.uni-bremen.de
ddrechsle@informatik.uni-bremen.de

ABSTRACT


Verification of Instruction Set Simulators (ISSs) is crucial. Predominantly simulation-based approaches are used. They require a comprehensive testset to ensure a thorough verification.

We propose a novel coverage-guided fuzzing (CGF) approach to improve the testcase generation process. In addition to code coverage we integrate functional coverage and a custom mutation procedure tailored for ISS verification. As a case-study we apply our approach on a set of three publicly available RISC-V ISSs. We found several new errors, including one error in the official RISC-V reference simulator Spike.



Full Text (PDF)