Skip to content
STIMSMITH

Co-simulation State Verification

Concept

Co-simulation state verification is a processor-verification approach in which a device under test and an ISA simulator execute the same inputs in parallel and their architectural states are compared after instruction execution. In MorFuzz, the method is made synchronizable to handle microarchitectural differences such as delayed write-back and to avoid premature false positives by synchronizing legally mismatched state.

First seen 5/27/2026
Last seen 5/27/2026
Evidence 5 chunks
Wiki v1

WIKI

Overview

Co-simulation state verification checks a processor device under test (DUT) against a reference ISA simulator. In MorFuzz, the ISA simulator runs in parallel with the DUT, both execute the same inputs, and correctness is checked by comparing their states after each instruction is executed. [C1]

Role in MorFuzz

READ FULL ARTICLE →

NEIGHBORHOOD

No graph connections found for this entity yet. It may appear in future ingestion runs.

explore full graph →

RELATIONSHIPS

2 connections
MorFuzz ← implements 100% 2e
MorFuzz implements co-simulation state verification to detect mismatches.
Synchronizable Co-simulation ← uses 100% 2e
Synchronizable co-simulation performs state verification after each instruction.

LINKED ENTITIES

2 links
MorFuzz IMPLEMENTS Extracted graph relationship
Synchronizable Co-simulation USES Extracted graph relationship

CITATIONS

7 sources
7 citations — click to expand
[1] Co-simulation state verification in MorFuzz runs an ISA simulator in parallel with the DUT, executes the same inputs, and compares their states after each instruction. MorFuzz: Fuzzing Processor via Runtime Instruction Morphing enhanced Synchronizable Co-simulation
[2] Prior co-simulation work assumed write-back data is ready at commit, but MorFuzz notes this is not always true because some processors support delayed write-back for long-latency instructions. MorFuzz: Fuzzing Processor via Runtime Instruction Morphing enhanced Synchronizable Co-simulation
[3] MorFuzz abstracts state comparison into a commitment stage and a judgment stage to accommodate different microarchitectures. MorFuzz: Fuzzing Processor via Runtime Instruction Morphing enhanced Synchronizable Co-simulation
[4] MorFuzz synchronizes legal hardware-state mismatches to the simulator, reports illegal mismatches as potential bugs, can synchronize interrupts, and uses synchronization to avoid premature false positives. MorFuzz: Fuzzing Processor via Runtime Instruction Morphing enhanced Synchronizable Co-simulation
[5] MorFuzz uses Spike, the official RISC-V ISA simulator, as the reference model for checking DUT behavior. MorFuzz: Fuzzing Processor via Runtime Instruction Morphing enhanced Synchronizable Co-simulation
[6] MorFuzz restricts approved state synchronization to legal differences, including limiting triggering instructions to CSR and memory-operation instructions and requiring DUT control flow to pass the commitment-stage check. MorFuzz: Fuzzing Processor via Runtime Instruction Morphing enhanced Synchronizable Co-simulation
[7] MorFuzz maintains a morphing map so the reference model can perform the same morphing as the DUT and execute deterministic, identical morphed instructions. MorFuzz: Fuzzing Processor via Runtime Instruction Morphing enhanced Synchronizable Co-simulation