RISCover
ToolFirst seen 6/11/2026
Last seen 6/11/2026
Evidence 19 chunks
NEIGHBORHOOD
No graph connections found for this entity yet. It may appear in future ingestion runs.
explore full graph →RELATIONSHIPS
38 connectionsRISCover evaluates RISC-V ISA implementations across multiple CPUs.
RISCover was evaluated on the T-Head C910 CPU and discovered GhostWrite.
RISCover evaluates the openC910 RTL in comparison to Cascade.
RISCover was evaluated on the T-Head C906 CPU and found denial-of-service and other bugs.
RISCover was evaluated on the T-Head C908 CPU and found a denial-of-service vulnerability.
RISCover rediscovers bugs on the openC906 RTL and compares with Cascade.
RISCover generates instruction sequences to test CPUs.
RISCover evaluates the RISC-V vector extension and finds bugs including halting instructions.
RISCover is compared to Cascade for bug-finding efficacy on open-source RISC-V cores.
RISCover uses a bottom-up approach to gradually increase the covered instruction space.
RISCover uses the RISC-V Opcodes repository to build filters for instruction classification.
RISCover uses signal handling to manage exceptions during instruction sequence execution.
RISCover's default mode uses on-server sequence generation.
RISCover also supports on-device sequence generation as an alternative approach.
RISCover excludes CSR-based instructions during fuzzing to avoid false positives, but permits frcsr and fscsr.
RISCover was evaluated on the T-Head C920 CPU and discovered GhostWrite.
RISCover was evaluated on the SpacemiT X60 CPU and found a denial-of-service vulnerability.
RISCover was evaluated on the SiFive U54 CPU (BeagleV Fire) and found misaligned zero-store bugs.
RISCover was evaluated on the SiFive P550 and found undocumented instructions.
RISCover unmaps non-essential user-accessible OS mappings such as vDSO to remove non-determinism.
RISCover: Automatic Discovery of User-exploitable Architectural Security Vulnerabilities in Closed-Source RISC-V CPUs ← introduces 100% 2e
The paper presents RISCover as its primary contribution, a user-space differential CPU-fuzzing framework.
RISCover is a CPU fuzzing framework for finding architectural vulnerabilities.
RISCover uses differential fuzzing by comparing outputs across multiple RISC-V CPUs.
RISCover is a post-silicon fuzzer that runs on real hardware CPUs.
RISCover uses weighted random instruction selection biased by inverse frequency of instructions in real-world code.
RISCover uses encoding-based instruction classification to filter and categorize instructions.
RISCover generates reproducer files for discovered differences.
RISCover requires a custom sandbox that safely executes instruction sequences.
RISCover removes non-determinism to avoid false positives in differential testing.
RISCover uses instruction frequency analysis from real-world Debian packages to guide instruction selection.
RISCover evaluates the XTheadVec extension and discovers GhostWrite.
RISCover discovers and introduces GhostWrite as a novel vulnerability.
RISCover evaluated the XTheadMemIdx extension and found a denial-of-service vulnerability on the C906.
RISCover leverages the Sv39 paging mode's large virtual address space to hide internal data.
SiliFuzz is compared to RISCover in terms of approach to non-determinism.
RISCover implements lazy memory mapping to track memory modifications efficiently.
RISCover permits the frcsr and fscsr instructions which read and modify the floating-point CSR.
RISCover uses a majority vote across CPUs to determine expected behavior.