Overview

BlackParrot Core is a processor core evaluated in the ProcessorFuzz study. In the provided evidence, BlackParrot appears as a target for processor fuzzing and as the core associated with multiple discovered bugs involving RISC-V architectural behavior, floating-point state, and control and status registers (CSRs).

The ProcessorFuzz paper also reports an evaluation limitation for BlackParrot: DIFUZZRTL instrumentation failed for BlackParrot because of limited support for SystemVerilog-to-FIRRTL conversion. As a result, the study used DIFUZZRTL as a comparison point but could not instrument BlackParrot in the same way as designs supported by that conversion flow.

Reported ProcessorFuzz findings

The provided ProcessorFuzz evidence lists the following BlackParrot issues:

x0 pipeline-bypass issue

For Bug 6, the paper explains that the RISC-V ISA requires writes to the zero register x0 to be ignored. ProcessorFuzz detected a BlackParrot case where x0 was later read as non-zero if a preceding division instruction writing to x0 was still in the pipeline. The authors attribute the discrepancy to bypassing the division result to a following instruction even when the division destination register is x0.

ProcessorFuzz was able to expose this issue because the relevant test input caused a CSR transition in fflags due to division by zero. The paper notes a potential security consequence: malware could obfuscate behavior by jumping to an address computed by an instruction that uses x0.

Verification context

The BlackParrot findings in the provided evidence are framed around ISA-visible processor state: floating-point NaN-boxing behavior, fcsr.fflags, mstatus.FS, and the RISC-V architectural zero register. ProcessorFuzz uses CSR-transition coverage to identify interesting test inputs, while the comparison discussion notes that DIFUZZRTL-style instrumentation of BlackParrot was blocked by SystemVerilog-to-FIRRTL conversion limitations.