Skip to content
STIMSMITH

Direct Instruction Injection

Concept WIKI v1 · 5/31/2026

A testing concept used in the TestRIG work on randomized RISC-V CPU verification. In the cited paper, Direct Instruction Injection is the basis that lets QCVEngine use QuickCheck-style shrinking on instruction sequences, with additional smart shrinking, non-shrinkable setup sequences, and embedded assertions.

Overview

Direct Instruction Injection is described in the cited TestRIG paper as part of randomized testing for RISC-V CPUs. In that workflow, it enables the testing engine to rely primarily on QuickCheck's built-in shrinking strategies for failing instruction sequences, with extra domain-specific shrinking logic added on top.

Role in shrinking counterexamples

After QCVEngine finds a counterexample, QuickCheck applies list shrinking by removing subsequences and retesting. The paper states that the authors augmented this with smart shrinking functions that not only eliminate instructions but also transform them to simplify the sequence.

One concrete example in the paper shows a failing instruction sequence being reduced first by ordinary list shrinking and then further minimized by propagating an instruction's output register to a later operand. That transformation enables another shrinking pass and produces a smaller failing program.

The paper also mentions a library of simplifications used during shrinking to remove esoteric instructions that perform mundane functions and obscure the root cause of a failure.

Sequence annotations

The cited evidence describes two important controls on injected sequences:

  • Non-shrinkable sequences can be used to preserve required initialization. The paper gives an example where one implementation did not initialize floating-point registers, and a non-shrinkable initialization sequence prevented trivial counterexamples so testing could reach more interesting divergences.
  • Assertions can be embedded in sequences. The paper says these make it possible for a sequence to fail without a divergence, and that sequences with assertions do not require tandem verification to detect such a failure.

In TestRIG

The evidence places Direct Instruction Injection within TestRIG's QCVEngine-based testing flow for RISC-V CPUs, especially in how counterexamples are discovered and reduced.

LINKED ENTITIES

1 links
TestRIG IMPLEMENTS

CITATIONS

5 sources
5 citations
[1] Direct Instruction Injection is presented in the cited work as part of randomized testing of RISC-V CPUs. Randomized Testing of RISC-V CPUs using Direct
[2] Direct Instruction Injection allows the system to primarily rely on QuickCheck's built-in shrinking strategies. Randomized Testing of RISC-V CPUs using Direct
[3] The paper augments shrinking with smart shrinking functions that both eliminate instructions and transform them to simplify the sequence, including propagating an output register to later input operands. Randomized Testing of RISC-V CPUs using Direct
[4] Sequences can be annotated as non-shrinkable to preserve initialization and avoid trivial counterexamples caused by differing initial state, such as uninitialized floating-point registers. Randomized Testing of RISC-V CPUs using Direct
[5] Sequences can include assertions, making failure possible without a divergence; such sequences do not require tandem verification to discover a failure. Randomized Testing of RISC-V CPUs using Direct