SiliFuzz: Fuzzing CPUs by proxy

TL;DR

SiliFuzz is a novel system that detects CPU hardware defects by fuzzing software proxies and testing the resulting inputs on actual CPUs, addressing the challenge of hardware complexity and defect detection over time.

Contribution

This work introduces SiliFuzz, a new approach for hardware defect detection using software proxy fuzzing and large-scale testing on real CPUs, focusing on electrical defects.

Findings

Identified four groups of CPU defects with shared patterns.

Demonstrated effectiveness of fuzzing proxies in uncovering hardware issues.

Highlighted the importance of repeated testing due to hardware wear and tear.

Abstract

CPUs are becoming more complex with every generation, at both the logical and the physical levels. This potentially leads to more logic bugs and electrical defects in CPUs being overlooked during testing, which causes data corruption or other undesirable effects when these CPUs are used in production. These ever-present problems may also have simply become more evident as more CPUs are operated and monitored by large cloud providers. If the RTL ("source code") of a CPU were available, we could apply greybox fuzzing to the CPU model almost as we do to any other software [arXiv:2102.02308]. However our targets are general purpose x86_64 CPUs produced by third parties, where we do not have the RTL design, so in our case CPU implementations are opaque. Moreover, we are more interested in electrical defects as opposed to logic bugs. We present SiliFuzz, a work-in-progress system that finds CPU defects by fuzzing software proxies, like CPU simulators or disassemblers, and then executing the accumulated test inputs (known as the corpus) on actual CPUs on a large scale. The major difference between this work and traditional software fuzzing is that a software bug fixed once will be fixed for all installations of the software, while for CPU defects we have to test every individual core repeatedly over its lifetime due to wear and tear. In this paper we also analyze four groups of CPU defects that SiliFuzz has uncovered and describe patterns shared by other SiliFuzz findings.