Verifying Instruction Set Simulators using Coverage-guided Fuzzing*

Vladimir Herdt^1,a, Daniel Große^1,2,c, Hoang M. Le^1,b and Rolf Drechsler^1,2,d
1Institute of Computer Science, University of Bremen, Bremen, Germany
^avherdt@informatik.uni-bremen.de
^bhle@informatik.uni-bremen.de
²Cyber-Physical Systems, DFKI GmbH, Bremen, Germany
^cgrosse@informatik.uni-bremen.de
^ddrechsle@informatik.uni-bremen.de

ABSTRACT

Verification of Instruction Set Simulators (ISSs) is crucial. Predominantly simulation-based approaches are used. They require a comprehensive testset to ensure a thorough verification.

We propose a novel coverage-guided fuzzing (CGF) approach to improve the testcase generation process. In addition to code coverage we integrate functional coverage and a custom mutation procedure tailored for ISS verification. As a case-study we apply our approach on a set of three publicly available RISC-V ISSs. We found several new errors, including one error in the official RISC-V reference simulator Spike.

---

Full Text (PDF)

© 2019 EDAA. All rights reserved.