Skip to content
STIMSMITH

Bug-Triggered Program Non-Termination

Concept

A bug-detection mechanism used by the Cascade CPU fuzzer in which data-flow errors in a CPU design are surfaced as program-level non-termination, achieved by entangling the data flow of the test program with its control flow. This allows bugs to be detected without any runtime architectural-state checking and in a design-agnostic, non-pervasive manner.

First seen 6/14/2026
Last seen 6/14/2026
Evidence 4 chunks
Wiki v1

WIKI

Overview

Bug-Triggered Program Non-Termination is a bug-detection phenomenon and technique in CPU fuzzing, introduced by the Cascade fuzzer, whereby a data-flow error in the CPU under test manifests itself as the test program failing to terminate. The mechanism relies on the deliberate entanglement of the test program's data flow with its control flow so that any incorrect intermediate data value propagates into a wrong branch decision and ultimately prevents the program from reaching its end-of-execution state.

This idea is described in the paper Cascade: CPU Fuzzing via Intricate Program Generation:

READ FULL ARTICLE →

NEIGHBORHOOD

3 nodes · 3 edges
graph · Bug-Triggered Program Non-Termination · depth=1

RELATIONSHIPS

2 connections
Cascade ← uses 100% 2e
Cascade relies on program non-termination as its bug detection mechanism.
Control Flow Entanglement with Data Flow ← implements 100% 2e
Entangling data flows into control flows enables transforming data-flow bug symptoms into program non-termination.

LINKED ENTITIES

2 links
Cascade USES Extracted graph relationship
Control Flow Entanglement with Data Flow IMPLEMENTS Extracted graph relationship

CITATIONS

5 sources
5 citations — click to expand
[1] CPU bugs are revealed by programs not terminating, thanks to the entanglement of the data and control flows. Cascade: CPU Fuzzing via Intricate Program Generation
[2] Entangling data flows into control flows transforms a data-flow bug symptom into a program non-termination, providing a non-pervasive, design-agnostic way of detecting data-flow bugs in arbitrarily long and complex programs without any runtime overhead. Cascade: CPU Fuzzing via Intricate Program Generation
[3] Highly entangled data and control flows enable non-pervasive detection of bugs amidst long programs by transforming bug expressions into program non-terminations, allowing Cascade to detect bugs without any runtime overhead. Cascade: CPU Fuzzing via Intricate Program Generation
[4] Cascade reduces non-terminating bug-triggering programs to a minimal form by identifying the tail (last instruction that, when omitted along with successors, erases the buggy behavior) and the head (first instruction that, when omitted, erases the buggy behavior), while preserving the non-termination symptom. Cascade: CPU Fuzzing via Intricate Program Generation
[5] Existing CPU fuzzers rely on runtime architectural-state monitoring or forced-termination exception handling, both of which have portability costs or can miss bugs that occur mid-program; non-termination-based detection avoids these issues. Cascade: CPU Fuzzing via Intricate Program Generation