RFUZZ: Coverage-Directed Fuzz Testing of RTL on FPGAs

Abstract

Dynamic verification is widely used to increase confidence in the correctness of RTL circuits during the pre-silicon design phase.
Despite numerous attempts over the last decades to automate the stimuli generation based on coverage feedback, Coverage Directed Test Generation (CDG) has not found the widespread adoption that one would expect.
Based on new ideas from the software testing community around coverage-guided mutational fuzz testing, we propose a new approach to the CDG problem which requires minimal setup and takes advantage of FPGA based emulation for rapid testing.
We provide test input and coverage definitions that allow fuzz testing to be applied to RTL circuit verification. In addition we propose and implement a series of transformation passes that make it feasible to reset arbitrary RTL designs quickly, a requirement for deterministic test execution.
Alongside this paper we provide rfuzz, a fully featured implementation of our testing methodology which we make available as open-source software to the research community.
An empirical evaluation of rfuzz shows promising results on archiving coverage for a wide range of different RTL designs ranging from DSP blocks to an industry scale 64-bit CPU.

Source Code

Find the latest version of the code on github: https://github.com/ekiwi/rfuzz