This work addresses the limitations of traditional fuzzing in embedded systems, where inadequate modeling of real peripheral behavior often leads to false positives or insufficient coverage. It presents the first deep integration of the coverage-guided AFL++ fuzzer with a full-system virtual prototype based on SystemC-TLM that supports stateful peripheral emulation. By directly injecting fuzz inputs into peripheral models, the approach accurately triggers hardware-level effects such as interrupts and FIFO updates, thereby preserving high test fidelity. The method effectively eliminates false positives while achieving code coverage and execution performance on par with state-of-the-art tools, successfully balancing realism and scalability in embedded system testing.

The increasing complexity of embedded software has made comprehensive manual testing impractical, motivating the use of automated techniques such as fuzzing. Coverage-guided fuzzers like AFL++ have shown strong results for conventional software but remain challenging to apply effectively in embedded contexts, where peripheral behaviors play critical roles. Existing approaches either use fast user-mode simulators, sacrificing peripheral realism, or rely on full-system simulators with manual instrumentation, limiting applicability to large-scale software. In this work, we present a novel framework that integrates AFL++ with a stateful SystemC-TLM virtual prototype to enable realistic fuzzing of embedded software. Fuzzer-generated inputs are injected directly into peripheral models, allowing peripherals to trigger natural side effects such as interrupts and FIFO updates. By integrating fuzzing with full-system simulation, our framework advances the effectiveness of pre-silicon testing for embedded systems. Results on embedded workloads show that our approach eliminates false positives while maintaining comparable code coverage and execution performance as state-of-the-art tools.