illegal instruction handling

Illegal Instruction Handling

Concept

Illegal instruction handling, in the provided RISC-V verification evidence, is treated as a key area for processor and instruction-set-simulator testing. Unrestricted and binary-level fuzzing can generate illegal instructions and irregular trap-heavy control flows that valid-program generators may miss, exposing decoder errors, trap-state problems such as incorrect MTVAL updates, and control-flow bugs involving MRET after illegal instructions.

First seen 5/26/2026

Last seen 6/8/2026

Evidence 10 chunks

Wiki v3

WIKI

Overview

Illegal instruction handling is a verification concern for both RISC-V instruction set simulators and RTL processor implementations in the provided evidence. The evidence emphasizes that allowing test generators to create illegal instructions helps exercise behavior that valid instruction-stream generators, compilers, or assemblers may avoid. In the ISS fuzzing work, illegal instructions were explicitly useful for thoroughly checking the instruction decoder, and the approach exposed an error in the RISC-V reference simulator Spike. [decoder_stress]

The same ISS evidence argues that coverage-guided fuzzing retains the ability to generate completely random instructions, which helps cover rare corner and error cases that may be masked by a compiler or assembler. It contrasts this with RISC-V Torture, described there as generating only valid instruction sequences and therefore unable to detect some errors found by the fuzzer. [random_illegal_value]

READ FULL ARTICLE →

NEIGHBORHOOD

No graph connections found for this entity yet. It may appear in future ingestion runs.

explore full graph →

RELATIONSHIPS

3 connections

Instruction Set Simulator part of → 85% 3e

Handling of illegal instructions is an important aspect of ISS correctness.

RISC-V ISA part of → 85% 2e

Illegal instruction handling is a part of the RISC-V ISA behavior that the approach must support.

Verifying Instruction Set Simulators using Coverage-guided Fuzzing ← evaluates 90% 2e

The paper evaluates how ISSs handle illegal instructions and found related errors.

CITATIONS

6 sources

6 citations — click to expand

[1] Illegal instructions enabled thorough checking of the RISC-V instruction decoder and revealed an error in Spike. Verifying Instruction Set Simulators using Coverage-guided Fuzzing

[2] Coverage-guided fuzzing can generate completely random instructions to cover rare corner and error cases that compiler or assembler flows may mask; valid-only RISC-V Torture sequences would not detect some of the fuzzer-found errors. Verifying Instruction Set Simulators using Coverage-guided Fuzzing

[3] The ISS fuzzing campaign generated 5,160 test cases, with tests ranging from 1 to 23 instructions and averaging 3 instructions. Verifying Instruction Set Simulators using Coverage-guided Fuzzing

[4] A reference ISS bug set MTVAL incorrectly when executing a compressed instruction considered illegal in the test context. Efficient Cross-Level Testing for

[5] An RTL bug caused MRET to continue at the wrong instruction for special sequences involving multiple MRET and illegal instructions. Efficient Cross-Level Testing for

[6] The RTL cross-level testing approach used an endless on-the-fly instruction stream in tightly coupled RTL/ISS co-simulation and avoided restrictions on generated instructions, helping expose corner cases with irregular control flow, tight loops, and traps. Efficient Cross-Level Testing for