Skip to content
STIMSMITH

Hardware Behavior Coverage

Concept

Hardware behavior coverage is a coverage metric employed within the hardware simulation phase of processor fuzzing frameworks. It is collected via on-chip instruments during RTL simulation of the design-under-test (DUT) and is used to guide the mutation of instruction-stream inputs. TheHuzz is a notable processor fuzzer that adopts hardware behavior coverage and uses it to optimize mutation weights.

First seen 6/6/2026
Last seen 6/6/2026
Evidence 1 chunks
Wiki v1

WIKI

Overview

Hardware behavior coverage is a coverage matrix used in simulation-based processor verification, specifically within fuzzing frameworks that target processor designs. Along with other coverage metrics such as mux coverage and control register coverage, it provides feedback that the fuzzer uses to decide how to mutate generated instruction streams in subsequent rounds.

Role in the Processor Fuzzing Workflow

READ FULL ARTICLE →

NEIGHBORHOOD

No graph connections found for this entity yet. It may appear in future ingestion runs.

explore full graph →

RELATIONSHIPS

1 connections
TheHuzz ← uses 100% 1e
TheHuzz uses hardware behavior coverage as its coverage matrix.

LINKED ENTITIES

1 links
TheHuzz USES Extracted graph relationship

CITATIONS

5 sources
5 citations — click to expand
[1] Hardware behavior coverage is one of several coverage matrices (alongside mux coverage and control register coverage) used in the hardware simulation phase of processor fuzzing frameworks. MorFuzz: Fuzzing Processor via Runtime Instruction Morphing
[2] During the hardware simulation phase, the fuzzer uses instruments placed in the hardware to collect the coverage of the current input. MorFuzz: Fuzzing Processor via Runtime Instruction Morphing
[3] TheHuzz (reference [33]) uses hardware behavior coverage and optimizes mutations according to its optimal weights. MorFuzz: Fuzzing Processor via Runtime Instruction Morphing
[4] Existing processor fuzzing frameworks follow a three-phase workflow: input generation, hardware simulation, and state verification. MorFuzz: Fuzzing Processor via Runtime Instruction Morphing
[5] Processor fuzzing inputs contain control-transfer instructions and exceptions, so coverage reflects the effect of executed instructions rather than generated instructions, which can mislead mutation guidance. MorFuzz: Fuzzing Processor via Runtime Instruction Morphing