Hot fuzz: Cascade finds dozens of RISC-V chip bugs using random data storm

Hot fuzz: Cascade finds dozens of RISC-V chip bugs using random data storm

October 24, 2023 at 05:48PM

Researchers from ETH Zurich have developed Cascade, a novel fuzzer designed to find bugs in RISC-V chips. Unlike other fuzzers, Cascade constructs long random programs that manage the control flow during execution, allowing for more thorough testing of the silicon. It was able to find 37 new bugs in six different RISC-V designs, demonstrating similar coverage but significantly faster performance compared to other fuzzers. The technique will be presented in a paper at USENIX Security ’24.

Meeting Summary:

– Researchers from ETH Zurich have developed a new fuzzer called Cascade for finding bugs in RISC-V chips.
– Fuzzing is a technique where random input is fed to software or hardware to identify code errors or flaws.
– Current CPU fuzzers have limitations, such as not covering the entire instruction set or not managing control flow well, which leads to missed bugs.
– Cascade can construct long random programs that manage control flow during execution, allowing for more thorough probing of the silicon.
– The fuzzer relies on asymmetric ISA pre-simulation to entangle control flow and data flow, enabling efficient testing.
– Cascade detected 37 new bugs in six different RISC-V CPUs, which were responsibly disclosed.
– The fuzzer achieved similar coverage as other fuzzers but was significantly faster.
– Cascade also found a critical bug in the Yosys framework for Verilog RTL synthesis.
– The simplicity of the RISC-V ISA made it easier to build a fuzzer compared to more complex ISAs like x86.

Please let me know if you need any further information or if there are any specific actions to be taken based on these meeting notes.

Full Article