Assertions are widely used for functional validation as well as coverage analysis for both software and hardware designs. Assertions enable runtime error detection as well as faster localization of errors. While there is a vast literature on both software and hardware assertions for monitoring functional scenarios, there is limited effort in utilizing assertions to monitor System-on-Chip (SoC) security vulnerabilities. We have identified common SoC security vulnerabilities and defined several classes of assertions to enable runtime checking of security vulnerabilities. A major challenge in assertion-based validation is how to activate the security assertions to ensure that they are valid. While existing test generation using model checking is promising, it cannot generate directed tests for large designs due to state space explosion. We propose an automated and scalable mechanism to generate directed tests using a combination of symbolic execution and concrete simulation of RTL models. Experimental results on diverse benchmarks demonstrate that the directed tests are able to activate security assertions non-vacuously.

中文翻译：

---

用于激活 RTL 模型中的安全断言的定向测试生成

断言广泛用于软件和硬件设计的功能验证和覆盖分析。断言支持运行时错误检测以及更快的错误定位。虽然有大量关于监控功能场景的软件和硬件断言的文献，但在利用断言来监控片上系统 (SoC) 安全漏洞方面的努力有限。我们已经确定了常见的 SoC 安全漏洞并定义了几类断言，以启用安全漏洞的运行时检查。基于断言的验证的一个主要挑战是如何激活安全断言以确保它们是有效的。虽然使用模型检查的现有测试生成很有希望，但由于状态空间爆炸，它无法为大型设计生成定向测试。我们提出了一种自动化和可扩展的机制，使用符号执行和 RTL 模型的具体模拟相结合来生成定向测试。不同基准的实验结果表明，定向测试能够非空洞地激活安全断言。