As the complexities of processors keep increasing, the task of effectively verifying their integrity and security becomes ever more daunting. The intricate web of instructions, microarchitectural features, and interdependencies woven into modern processors pose a formidable challenge for even the most diligent verification and security engineers. To tackle this growing concern, recently, researchers have developed fuzzing techniques explicitly tailored for hardware processors. However, a prevailing issue with these hardware fuzzers is their heavy reliance on static strategies to make decisions in their algorithms. To address this problem, we develop a novel dynamic and adaptive decision-making framework, MABFuzz, that uses multi-armed bandit (MAB) algorithms to fuzz processors. MABFuzz is agnostic to, and hence, applicable to, any existing hardware fuzzer. In the process of designing MABFuzz, we encounter challenges related to the compatibility of MAB algorithms with fuzzers and maximizing their efficacy for fuzzing. We overcome these challenges by modifying the fuzzing process and tailoring MAB algorithms to accommodate special requirements for hardware fuzzing. We integrate three widely used MAB algorithms in a state-of-the-art hardware fuzzer and evaluate them on three popular RISC-V-based processors. Experimental results demonstrate the ability of MABFuzz to cover a broader spectrum of processors' intricate landscapes and doing so with remarkable efficiency. In particular, MABFuzz achieves up to 308x speedup in detecting vulnerabilities and up to 5x speedup in achieving coverage compared to a state-of-the-art technique.

翻译：随着处理器复杂度持续增长，有效验证其完整性与安全性的任务愈发艰巨。现代处理器中交织的指令、微架构特征及相互依赖关系构成的复杂网络，对最严谨的验证与安全工程师而言仍是严峻挑战。为应对这一日益突出的问题，研究者近期开发了专门针对硬件处理器的模糊测试技术。然而，这些硬件模糊测试器普遍存在过度依赖静态策略进行算法决策的缺陷。为此，我们提出MABFuzz这一新型动态自适应决策框架，通过多臂老虎机算法实现处理器模糊测试。MABFuzz具有与现有硬件模糊测试器无关的通用性，可直接适用于任何此类工具。在框架设计过程中，我们解决了多臂老虎机算法与模糊测试器的兼容性难题，并优化其模糊测试效能。通过改进模糊测试流程并定制化调整多臂老虎机算法以适配硬件测试的特殊需求，我们成功将三种主流多臂老虎机算法集成至先进硬件模糊测试器中，并在三款基于RISC-V架构的流行处理器上开展评估。实验结果表明，MABFuzz能以卓越效率覆盖处理器更广泛的复杂场景。具体而言，相较于现有先进技术，MABFuzz在漏洞检测速度上最高提升308倍，覆盖率获取速度最高提升5倍。