Skip to content
STIMSMITH

congestor

Concept WIKI v1 · 5/27/2026

A congestor is the simplest Logic Fuzzer mechanism described by Kabylkas et al. for processor verification. It is inserted on signals such as FIFO full, busy, ready, or ready-valid handshake signals and is randomly activated to create artificial backpressure, thereby stirring execution and exposing additional design behavior during simulation.

Definition

A congestor is described as the simplest type of Logic Fuzzer. It is an inserted hardware-fuzzing mechanism that artificially asserts a congestion-related signal, such as a FIFO full signal, even when the design condition for that signal has not actually been met. When randomly activated, the congestor creates artificial backpressure in the design. [C1]

Placement points

The cited Logic Fuzzer work presents a FIFO example in which an OR gate is inserted at the FIFO full signal. The modified full signal can be asserted by the congestor even though the FIFO is not truly full. The same idea can be applied to other congestible signals, including busy signals and ready-valid handshake signals. [C1]

In the implementation flow described by Kabylkas et al., verification engineers first identify all congestible points in the design, optionally consulting with designers. After those signals are identified, the fuzzer object is configured to create the same number of congestor objects, with each congestor’s period and random seeds specified in a JSON file. [C2]

Purpose in verification

Congestors are intended to stir up execution while running the same software tests. The paper proposes demonstrating their effect by inserting congestor logic, rerunning the same tests, and observing new activity in the design. Toggle coverage is used as one proxy metric: a signal is considered toggled if it switches both from 0 to 1 and from 1 to 0 at least once during the test. [C3]

BOOM example

In BOOM, the authors inserted a congestor on the Reorder Buffer ready signal. The congestor randomly pulled the ready signal low at times when the ROB was actually ready. In that experiment, the authors report that 12 additional signals toggled in the frontend module, 40 in the core module, and 32 in the load-store unit. They state that a single congestor activated logic that had not been touched by more than 200 tests. [C4]

Insertion support

The paper reports a proof-of-concept automatic insertion flow for BOOM in which congestors were added by annotating RTL signals with one line of code per congestor. This used Chiffre, which instruments hardware systems written in Chisel via FIRRTL passes. The tooling automatically breaks the annotated signal and inserts the congestor between the signal endpoints. Because Chiffre only worked with Chisel hardware descriptions in that experiment, the automatic-insertion experiment was limited to BOOM. [C5]

Caveat

Logic Fuzzer can create microarchitectural states that no real program could reach. The authors argue that co-simulation failures exposed by such fuzzing are still potential bugs and should be treated as red flags that engineers must prove or disprove. [C6]

LINKED ENTITIES

1 links
Logic Fuzzer USES

CITATIONS

6 sources
6 citations
[1] A congestor is the simplest type of Logic Fuzzer and can artificially assert a FIFO full signal to create backpressure. [PDF] Effective Processor Verification with Logic Fuzzer Enhanced Co ...
[2] Verification engineers identify congestible points, configure the fuzzer to create matching congestor objects, and set each congestor’s period and random seeds in JSON. [PDF] Effective Processor Verification with Logic Fuzzer Enhanced Co ...
[3] Congestors are evaluated by rerunning tests after insertion and observing new design activity, with toggle coverage used as a proxy metric. [PDF] Effective Processor Verification with Logic Fuzzer Enhanced Co ...
[4] In BOOM, a congestor on the ROB ready signal caused 12 additional frontend signals, 40 core signals, and 32 load-store-unit signals to toggle, activating logic not touched by more than 200 tests. [PDF] Effective Processor Verification with Logic Fuzzer Enhanced Co ...
[5] A proof-of-concept BOOM flow automatically inserted congestors by annotating Chisel RTL signals and using Chiffre/FIRRTL to instrument the design. [PDF] Effective Processor Verification with Logic Fuzzer Enhanced Co ...
[6] Logic Fuzzer may create unreachable microarchitectural states, but co-simulation failures exposed by fuzzing are treated as potential bugs to prove or disprove. [PDF] Effective Processor Verification with Logic Fuzzer Enhanced Co ...