Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

FuzzWiz -- Fuzzing Framework for Efficient Hardware Coverage

Deepak Narayan Gadde, Aman Kumar, Djones Lettnin, Sebastian Simon

TL;DR

This paper introduces FuzzWiz, an automated fuzzing framework for hardware verification that repurposes coverage-guided software fuzzing techniques for RTL-based designs. It leverages metamodeling to generate software models and generic testbenches from RTL, instruments fuzzer-specific drivers, and produces a Hardware Simulation Binary for efficient fuzzing. Applied to four OpenTitan IPs, FuzzWiz achieves around 90% hardware-line coverage significantly faster than traditional regression, with results varying by fuzzing engine. The work demonstrates design-agnostic applicability and concrete performance benefits for pre-silicon verification of complex SoCs.

Abstract

Ever-increasing design complexity of System-on-Chips (SoCs) led to significant verification challenges. Unlike software, bugs in hardware design are vigorous and eternal i.e., once the hardware is fabricated, it cannot be repaired with any patch. Despite being one of the powerful techniques used in verification, the dynamic random approach cannot give confidence to complex Register Transfer Leve (RTL) designs during the pre-silicon design phase. In particular, achieving coverage targets and exposing bugs is a complicated task with random simulations. In this paper, we leverage an existing testing solution available in the software world known as fuzzing and apply it to hardware verification in order to achieve coverage targets in quick time. We created an automated hardware fuzzing framework FuzzWiz using metamodeling and Python to achieve coverage goals faster. It includes parsing the RTL design module, converting it into C/C++ models, creating generic testbench with assertions, fuzzer-specific compilation, linking, and fuzzing. Furthermore, it is configurable and provides the debug flow if any crash is detected during the fuzzing process. The proposed framework is applied on four IP blocks from Google's OpenTitan chip with various fuzzing engines to show its scalability and compatibility. Our benchmarking results show that we could achieve around 90% of the coverage 10 times faster than traditional simulation regression based approach.

FuzzWiz -- Fuzzing Framework for Efficient Hardware Coverage

TL;DR

This paper introduces FuzzWiz, an automated fuzzing framework for hardware verification that repurposes coverage-guided software fuzzing techniques for RTL-based designs. It leverages metamodeling to generate software models and generic testbenches from RTL, instruments fuzzer-specific drivers, and produces a Hardware Simulation Binary for efficient fuzzing. Applied to four OpenTitan IPs, FuzzWiz achieves around 90% hardware-line coverage significantly faster than traditional regression, with results varying by fuzzing engine. The work demonstrates design-agnostic applicability and concrete performance benefits for pre-silicon verification of complex SoCs.

Abstract

Ever-increasing design complexity of System-on-Chips (SoCs) led to significant verification challenges. Unlike software, bugs in hardware design are vigorous and eternal i.e., once the hardware is fabricated, it cannot be repaired with any patch. Despite being one of the powerful techniques used in verification, the dynamic random approach cannot give confidence to complex Register Transfer Leve (RTL) designs during the pre-silicon design phase. In particular, achieving coverage targets and exposing bugs is a complicated task with random simulations. In this paper, we leverage an existing testing solution available in the software world known as fuzzing and apply it to hardware verification in order to achieve coverage targets in quick time. We created an automated hardware fuzzing framework FuzzWiz using metamodeling and Python to achieve coverage goals faster. It includes parsing the RTL design module, converting it into C/C++ models, creating generic testbench with assertions, fuzzer-specific compilation, linking, and fuzzing. Furthermore, it is configurable and provides the debug flow if any crash is detected during the fuzzing process. The proposed framework is applied on four IP blocks from Google's OpenTitan chip with various fuzzing engines to show its scalability and compatibility. Our benchmarking results show that we could achieve around 90% of the coverage 10 times faster than traditional simulation regression based approach.

Paper Structure

This paper contains 17 sections, 5 figures, 2 tables.

Table of Contents

  1. Introduction
  2. Background
  3. Coverage-guided Fuzzing
  4. Metamodeling
  5. Related Work
  6. Proposed Fuzzing Framework
  7. Configuration of the framework
  8. Generation of software models
  9. Extraction of specification from the RTL
  10. Creation of generic testbench
  11. Generation of a HSB
  12. Fuzzing and visualization of coverage output
  13. RTL debug flow
  14. Results and Discussion
  15. Designs under verification
  16. ...and 2 more sections

Figures (5)

  • Figure 1: Coverage-guided fuzzing
  • Figure 2: Metamodel-based automation framework
  • Figure 3: FuzzWiz - Automated hardware fuzzing framework
  • Figure 4: RTL simulation for root cause analysis
  • Figure 5: Progression of hardware line coverage (vlt) during the application of FuzzWiz using various fuzzing engines on OpenTitan IP cores