Overview
Constrained-random testing is used in RISC-V processor verification to provide breadth: random stimulus can explore broad state spaces and uncover unanticipated behaviours. However, evidence indicates that random testing alone can leave verification gaps, especially for features such as privilege-mode transitions, page-table walks, and memory protection. A stronger strategy combines constrained-random stimulus with directed suites for targeted closure and compliance-oriented validation.
Role in RISC-V Verification
RISC-V verification is complicated by the ISA’s modular design and optional extensions. The evidence states that comprehensive coverage typically requires more than one verification or comparison methodology and more than one stimulus technique. In this setting, constrained-random testing is commonly used as a starting point because it can discover unexpected interactions, while directed testing is applied to cover known architectural and feature-specific requirements.
STING-Based Constrained-Random Generation
STING is described as a bare-metal, software-driven RISC-V generator that produces C++-based random streams and ASM-style directed tests. It is built on a lightweight kernel, libraries, and device drivers, and includes a programming framework for directed-test development. STING also uses stimulus graphs to let users control scheduling of generated random and directed tests.
Generated STING programs are portable across simulation, ZeBu emulation, HAPS FPGA prototypes, and silicon, and they are architecturally self-checking. The evidence identifies STING-generated constrained-random stimulus as useful for stressing privilege levels, memory protection, CSRs, and hypervisor extensions.
Strengths and Limitations
Constrained-random testing is valuable because it can expose behaviours that directed test writers may not anticipate. Reported issue classes found with STING include deadlocks in page-table walks, mishandling of the fence.i instruction, floating-point NaN quirks, and cache-coherence conflicts.
Its limitation is that random stimulus may not reliably hit all important architectural cases. Evidence specifically notes that privilege-mode transitions, page-table walks, and memory-protection behaviours may not be fully exercised by random generation alone. For this reason, constrained-random testing is treated as complementary to directed suites rather than as a complete verification strategy by itself.
Use in a Hybrid Verification Methodology
The evidence supports a hybrid flow in which constrained-random sweeps begin the process, functional coverage analysis identifies gaps, and directed suites close those gaps. In this flow, random stimulus from STING uncovers unexpected behaviours, while directed suites such as ImperasTS target architectural validation, vector extensions, virtual-memory management, PMP, and ePMP features.
Coverage and debug infrastructure are part of the same loop. ImperasFC can generate SystemVerilog functional coverage models from the ISA specification, results can be viewed in tools such as Verdi, and failing cases can be replayed deterministically in VCS. ImperasDV can provide lock-step comparison against a reference model at instruction retirement, helping identify mismatches during execution.
Portability and Shift-Left Usage
Because STING-generated programs can run across simulation, emulation, prototyping, and silicon, constrained-random tests developed during RTL bring-up can remain useful later in validation. The evidence describes this portability as enabling a shift-left methodology, where tests and coverage analysis begin earlier and continue across later implementation stages.