End-to-End Concolic Testing for Hardware/Software Co-Validation

Many recent approaches have been proposed to improve the quality of Systems-on-Chips (SoC), mainly focusing on a specific part of the SoC, e.g., device driver, hardware, firmware, etc. System-level validation of the entire SoC stack remains a major challenge, and so far research on end-to-end validation of SoC that covers both hardware and software (HW/SW) components is comparatively sparse. In this paper, we propose an approach to end-to-end concolic testing for HW/SW co-validation of SoC. Based on the simulation of SoC with multiple virtual platforms, we capture a set of run-time traces from different components of the entire SoC, and assemble them into holistic system-level traces. We also provide instrumentation interfaces over the SoC trace for custom validation and analysis, allowing insertions of user-defined assertions and symbolic values at various HW/SW interfaces. The instrumented trace is replayed in a concolic/symbolic engine to generate new system-level test cases that either explore new paths of the SoC stack or trigger assertions. We emulated a complete SoC stack based on several open-source projects, from which we demonstrated that our approach can generate effective system-level test cases which crosscut the entire HW/SW stack of SoC and pinpoint an IP firmware buggy path from the user inputs to the host SW, and can catch various bugs with user-defined assertions including two bugs of QEMU's E1000 Virtual Device.

[1]  Li Lei,et al.  Hardware/Software Co-monitoring , 2019, ArXiv.

[2]  Christopher Krügel,et al.  DR. CHECKER: A Soundy Analysis for Linux Kernel Drivers , 2017, USENIX Security Symposium.

[3]  Sayak Ray,et al.  Formal security verification of concurrent firmware in SoCs using instruction-level abstraction for hardware , 2018, DAC.

[4]  Daniel Kroening,et al.  Formal techniques for effective co-verification of hardware/software co-designs , 2017, 2017 54th ACM/EDAC/IEEE Design Automation Conference (DAC).

[5]  Luca Bruno,et al.  AVATAR: A Framework to Support Dynamic Security Analysis of Embedded Systems' Firmwares , 2014, NDSS.

[6]  Eric Peeters,et al.  System-on-Chip Platform Security Assurance: Architecture and Validation , 2018, Proceedings of the IEEE.

[7]  Fei Xie,et al.  Challenges and opportunities with concolic testing , 2015, 2015 National Aerospace and Electronics Conference (NAECON).

[8]  Lui Sha,et al.  Dependable Model-driven Development of CPS , 2018, ACM Trans. Cyber Phys. Syst..

[9]  Christopher Krügel,et al.  Driller: Augmenting Fuzzing Through Selective Symbolic Execution , 2016, NDSS.

[10]  Sandip Ray,et al.  Challenges and Trends in Modern SoC Design Verification , 2017, IEEE Design & Test.

[11]  Aurélien Francillon,et al.  Inception: System-Wide Security Testing of Real-World Embedded Systems Software , 2018, USENIX Security Symposium.

[12]  Koushik Sen,et al.  DART: directed automated random testing , 2005, PLDI '05.

[13]  Doron A. Peled,et al.  Combining Software and Hardware Verification Techniques , 2002, Formal Methods Syst. Des..

[14]  Dawson R. Engler,et al.  KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs , 2008, OSDI.

[15]  Swarup Bhunia,et al.  Correctness and security at odds: Post-silicon validation of modern SoC designs , 2015, 2015 52nd ACM/EDAC/IEEE Design Automation Conference (DAC).

[16]  Fabrice Bellard,et al.  QEMU, a Fast and Portable Dynamic Translator , 2005, USENIX ATC, FREENIX Track.

[17]  Daniel Kroening,et al.  Formal co-validation of low-level hardware/software interfaces , 2013, 2013 Formal Methods in Computer-Aided Design.

[18]  Asim Kadav,et al.  SymDrive: Testing Drivers without Devices , 2012, OSDI.

[19]  Fei Xie,et al.  CRETE: A Versatile Binary-Level Concolic Testing Framework , 2018, FASE.

[20]  Yu Jiang,et al.  Weak-Assert: A Weakness-Oriented Assertion Recommendation Toolkit for Program Analysis , 2018, 2018 IEEE/ACM 40th International Conference on Software Engineering: Companion (ICSE-Companion).

[21]  Matthew B. Dwyer,et al.  Structurally Defined Conditional Data-Flow Static Analysis , 2018, TACAS.

[22]  George Candea,et al.  The S2E Platform: Design, Implementation, and Applications , 2012, TOCS.

[23]  Tongquan Wei,et al.  Specification-Driven Automated Conformance Checking for Virtual Prototype and Post-Silicon Designs , 2018, 2018 55th ACM/ESDA/IEEE Design Automation Conference (DAC).

[24]  Sayak Ray,et al.  Formal Security Verification of Concurrent Firmware in SoCs using Instruction-Level Abstraction for Hardware* , 2018, 2018 55th ACM/ESDA/IEEE Design Automation Conference (DAC).