Politecnico di Torino (logo)

Coverage-Directed Fuzzing for Fault Simulation of RTL Designs

Mustafa Lulaj

Coverage-Directed Fuzzing for Fault Simulation of RTL Designs.

Rel. Matteo Sonza Reorda. Politecnico di Torino, Corso di laurea magistrale in Ingegneria Elettronica (Electronic Engineering), 2020


Nowadays, integrated circuits are becoming more and more complex. Integrating multiple functions on a single silicon chip, reaching transistor counts up to tens of billions makes the design hard, and the verification process even more complex. According to Moore’s law the number of transistors integrated on an Integrated Circuit (IC) doubles every two years, and this leads to an exponential complexity for testing and verification. While formal verification has shown promising results for proving the correctness of hardware designs, it can only be done by very few experts and is typically restricted to automatic techniques. Thus dynamic verification is still the most easily accessible approach used for verification. Writing a test bench to simulate a new circuit design under various inputs, using the available software simulation tools, is an easy way to gain confidence in its correctness. During the simulation, bugs are discovered by manually inspecting the waveform, comparing the results with respect to a reference model or by means of assertion checkers. In order to ensure that a sufficient portion of the Device Under Test (DUT) has been covered, various manual and automatic coverage metrics are used. Once we have specified these coverage metrics to measure part of the design which has already been verified, a natural research question that comes up is whether we can automate the stimuli generation with the goal of maximizing the coverage and finding possible vulnerabilities in the design by means of fault injection attacks. Another question is whether we can minimize the manual human intervention and use the coverage feedback as a metric for "re-seeding" the stimuli generation. When the coverage feedback is used to drive the input generation, this problem is known as Coverage Directed Generation (CDG). Different approaches have been proposed over the last decades; however, we argue that they are either designed for a very narrow class of DUTs or require a good amount of expert time. This might explain why generator-based approaches, which require the test engineer to manually specify biases from coverage reports, are still the most widely used technique. Considering the benefits of fuzzing in the world of software and the previous work done by Kevin Laeufer with Rfuzz, one proposal would be to extend this technique in the Test Pattern Generator (TPG) engine for the verification of the digital designs. In this Master Thesis, we will introduce a new tool, which performs automated fault injection in the Hardware Description Language (HDL) and fault simulation driven by the Coverage Directed Generation (CDG) approach for input generation.

Relators: Matteo Sonza Reorda
Academic year: 2019/20
Publication type: Electronic
Number of Pages: 60
Additional Information: Tesi secretata. Fulltext non presente
Corso di laurea: Corso di laurea magistrale in Ingegneria Elettronica (Electronic Engineering)
Classe di laurea: New organization > Master science > LM-29 - ELECTRONIC ENGINEERING
Ente in cotutela: Robert Bosch GMBH (GERMANIA)
Aziende collaboratrici: ROBERT BOSCH GMBH
URI: http://webthesis.biblio.polito.it/id/eprint/14479
Modify record (reserved for operators) Modify record (reserved for operators)