Overview

Spike is described in the ProcessorFuzz evaluation as an open-source ISA simulator. ProcessorFuzz used Spike as a reference model to verify correctness during fuzzing of the Rocket Core and BOOM Core processor designs.

Role in ProcessorFuzz

ProcessorFuzz relies on ISA simulation to generate an extended ISA trace log. In the reported implementation, the authors extended Spike so that it stored the values of monitored control and status registers (CSRs). ProcessorFuzz then used those ISA-side traces as part of its fuzzing workflow.

When ProcessorFuzz's transition unit determines that a test input produces a unique CSR transition, ProcessorFuzz runs RTL simulation and generates an extended RTL trace log. It then compares that RTL trace log with the extended ISA trace log. A difference between the two logs is treated as a potential processor-design bug requiring further investigation.

Instrumentation overhead

The ProcessorFuzz implementation reported low overhead for its Spike changes: 0.4% instrumentation overhead in terms of C++ lines of code and 0.15% runtime overhead.

Evaluated uses

In the ProcessorFuzz evaluation, Spike was used as the reference model for Rocket Core and BOOM Core correctness checking during fuzzing. The same study used a different reference model, Dromajo, for BlackParrot.