Security News > 2023 > October > Hot fuzz: Cascade finds dozens of RISC-V chip bugs using random data storm

Hot fuzz: Cascade finds dozens of RISC-V chip bugs using random data storm
2023-10-24 21:41

Unlike other CPU fuzzers, Cascade can construct long random programs that manage the control flow during execution.

What separates Cascade from similar tools is that it relies on a technique called asymmetric ISA pre-simulation.

"This entanglement gives some nice properties: the program always terminates correctly on a CPU that executes all of it correctly, despite the randomized control and data flows. So if it doesn't, it means it triggered a CPU bug. The entanglement also allows Cascade to build arbitrarily large yet highly complex test programs which can fuzz the CPU very efficiently."

When applied to six actual RISC-V CPUs - VexRiscv, PicoRV32, Kronos, CVA6, Rocket, and BOOM - Cascade found 37 new bugs in five of these six designs.

The ETH Zurich computer scientists claim that compared to other fuzzers like TheHuzz and DifuzzRTL, Cascade achieved similar coverage but 28 to 97 times faster.

"Doing something like Cascade for an ISA such as x86 which is a CISC, while conceptually similar, will be a more massive engineering undertaking. I think someone should do it though!" .


News URL

https://go.theregister.com/feed/www.theregister.com/2023/10/24/cascade_fuzzer_zurich/