Skip to content
STIMSMITH

Instruction Sequence State Space

Concept

Instruction Sequence State Space refers, in the provided evidence, to the RISC-V instruction-sequence search space explored during coverage-guided fuzzing for processor verification. The cited approach limits this space by retaining only test vectors that increase coverage, while using instruction insertion and bitflip mutations to explore instructions, arguments, and unknown encodings.

First seen 5/28/2026
Last seen 5/28/2026
Evidence 1 chunks
Wiki v1

WIKI

Definition

Instruction Sequence State Space is the search space of processor test vectors formed from instruction sequences. In the provided evidence, the term appears specifically as the RISC-V instruction sequence state space explored by a coverage-guided fuzzing workflow for processor verification.

Role in fuzzing-based verification

READ FULL ARTICLE →

NEIGHBORHOOD

No graph connections found for this entity yet. It may appear in future ingestion runs.

explore full graph →

RELATIONSHIPS

1 connections
Cross-Level Processor Verification part of → 80% 1e
The RISC-V instruction sequence state space is what the fuzzer explores during processor verification.

LINKED ENTITIES

1 links
Cross-Level Processor Verification PART_OF Extracted graph relationship

CITATIONS

8 sources
8 citations — click to expand
[1] The evidence discusses the RISC-V instruction sequence state space in the context of coverage-guided fuzzing for processor verification. Efficient Cross-Level Processor Verification using Coverage-guided Fuzzing
[2] The fuzzing workflow inserts RISC-V instructions with fixed arguments such as src/dest register x0 and immediate 0, for example addi x0, x0, 0. Efficient Cross-Level Processor Verification using Coverage-guided Fuzzing
[3] Only test vectors that increase coverage are saved, which limits the state space and helps prevent state-space explosion. Efficient Cross-Level Processor Verification using Coverage-guided Fuzzing
[4] Bitflip mutations are used to cover possible instruction arguments and uncover unknown instructions. Efficient Cross-Level Processor Verification using Coverage-guided Fuzzing
[5] The instruction insertion and bitflip mutations are repeated until no new test vectors are found, enabling coverage of an extensive range of the RISC-V instruction sequence state space without scalability problems or dependence on a lucky random seed. Efficient Cross-Level Processor Verification using Coverage-guided Fuzzing
[6] The low overhead of the mutation prephase is attributed to RV32I having 40 instructions, applying the operations only to vectors that reach new coverage, and moving bitflip rather than adding it as new overhead. Efficient Cross-Level Processor Verification using Coverage-guided Fuzzing
[7] The enhanced havoc mutation adds RISC-V instruction insertion with non-fixed arguments, supports compressed instructions, and includes both insertion and replacement variants. Efficient Cross-Level Processor Verification using Coverage-guided Fuzzing
[8] Mismatch handling in the workflow includes detecting result differences and instruction-address mismatches, then clustering test vectors by executed commands up to the faulty command. Efficient Cross-Level Processor Verification using Coverage-guided Fuzzing