Cascade is a RISC-V CPU fuzzer that focuses on generating valid, long, and complex programs to detect bugs. It has outperformed all existing fuzzers by discovering 37 new bugs in 5 RISC-V CPUs, resulting in 29 new CVEs. Existing fuzzers have limitations such as short programs, poor control flow management, and limited coverage of the instruction set architecture (ISA). Cascade addresses these issues by constructing intermediate and ultimate programs with entangled data and control flows. Bug detection is achieved through non-terminations, indicating the presence of a bug. Cascade also features a bug reduction mechanism. The discovered bugs have significant security implications. Cascade will be presented at USENIX Security ’24 and is already open-source.
https://comsec.ethz.ch/research/hardware-design-security/cascade-cpu-fuzzing-via-intricate-program-generation/