Stateful Embedded Fuzzing with Peripheral-Accurate SystemC Virtual Prototypes

A research team from RWTH Aachen University and other institutions has published a paper introducing a novel framework for embedded software fuzzing. The work addresses a critical gap in automated testing for embedded systems, where traditional coverage-guided fuzzers like AFL++ struggle due to the complex role of hardware peripherals. Existing approaches either sacrifice peripheral realism with fast user-mode simulators or require cumbersome manual instrumentation with full-system simulators, limiting their applicability to large-scale software projects.

The new framework bridges this divide by integrating AFL++ with a stateful SystemC-TLM virtual prototype. This allows the fuzzer's generated inputs to be injected directly into accurate models of hardware peripherals, such as sensors or communication interfaces. These peripherals can then trigger realistic side effects—like interrupts or FIFO buffer updates—that the embedded software must handle. The result is a testing environment that closely mimics real hardware behavior during the pre-silicon design phase.

Results from testing on embedded workloads demonstrate the framework's effectiveness. It successfully eliminates the false positives that plague less accurate simulation methods while maintaining execution performance and code coverage comparable to current state-of-the-art tools. This represents a significant advancement for developers and validation engineers, providing a more reliable and automated method to uncover deep, system-level bugs before physical chips are manufactured.