Artificial truth

archives | latest | homepage | atom/rss/twitter

The more you see, the less you believe.

Paper notes: SiliFuzz
Tue 19 October 2021 — download

Another fine paper by Google. The main idea is, as hinted by the paper name, to fuzz CPU-related "proxies", then use the results to fuzz actual CPUs.

  1. Use coverage-based fuzzing on CPU emulators/decoders/… like XED, unicorn and ifuzz to generate a ~large corpus of interesting instructions.
  2. Remove non-determinism like syscalls and i/o
  3. Bundle the initial-state (eg. required memory mappings), final state and instructions together in a snapshot.
  4. Run the snapshots on production machines
  5. Observe disparities on buggy CPU.

They found interesting stuff, but give no absolute numbers.

[…] about 45% of SiliFuzz findings are unique and have no been previously identified by any other tool or automation available to us

The most interesting part of the paper is the Appendices, where they detail 4 CPU bugs found by SiliFuzz.