Skip to content
STIMSMITH

Memory Protection

Concept WIKI v1 · 5/26/2026

Memory Protection is a RISC-V verification concern that random stimulus may not fully exercise. The provided evidence places it among features best verified with a hybrid approach that combines constrained-random generation, directed tests, coverage analysis, reference comparison, and deterministic replay.

Memory Protection

Memory Protection is discussed in the evidence as a RISC-V processor verification target. It is listed with privilege-mode transitions and page-table walks as an ISA-related feature area that may not be fully exercised by random generation alone. [C1]

Verification challenge

Random stimuli are useful for uncovering unanticipated behaviours, but the evidence states that relying only on randomness risks incomplete verification. Memory protection is one of the cited examples where random generation may leave gaps. [C1]

Directed tests can systematically validate such features, but the evidence also notes that directed tests cannot anticipate all subtle corner cases. As a result, the described verification strategy combines random stimulus for discovery with directed suites for specification-focused coverage closure. [C2]

Constrained-random stress with STING

STING is described as a bare-metal, software-driven generator for RISC-V that produces C++-based random streams and ASM-style directed tests. Its generated programs are portable across simulation, emulation, FPGA prototypes, and silicon, and are architecturally self-checking. [C3]

Within that flow, STING is identified as particularly effective at stressing privilege levels, memory protection, CSRs, and hypervisor extensions, where traditional flows may miss bugs. [C4]

Directed protection suites

The ImperasTS family includes TS-MMU, PMP, and ePMP directed suites for virtual memory and protection features. These suites are positioned as a way to target areas where random stimulus often leaves gaps, and the evidence states that the suites are configured to match the user’s RISC-V processor. [C5]

Hybrid coverage-closure flow

The evidence describes an effective verification flow that starts with constrained-random sweeps using STING, followed by functional coverage analysis with ImperasFC. Coverage gaps are then highlighted and closed using a combination of random and directed techniques. [C6]

For memory-protection-related verification, the practical implication is that a team should not rely on random generation alone. Instead, the evidence supports a hybrid approach: use constrained-random stimulus to expose unexpected interactions, directed MMU/PMP/ePMP suites to target protection functionality, and coverage analysis to identify remaining gaps. [C1][C5][C6]

LINKED ENTITIES

1 links
STING stresses

CITATIONS

6 sources
6 citations
[1] C1: Memory protection is a RISC-V feature area that may not be fully exercised by random generation alone. source
[2] C2: The evidence supports combining random stimulus and directed suites because each approach has limitations. source
[3] C3: STING is a bare-metal, software-driven RISC-V generator that produces C++-based random streams and ASM-style directed tests, with portable, self-checking generated programs. source
[4] C4: STING is described as particularly effective at stressing memory protection, privilege levels, CSRs, and hypervisor extensions. source
[5] C5: ImperasTS includes TS-MMU/PMP/ePMP directed suites for virtual memory and protection features, configured to match the user’s RISC-V processor. source
[6] C6: The described hybrid flow begins with constrained-random sweeps using STING, then uses functional coverage analysis with ImperasFC and iterative closure of coverage gaps. source