Skip to content
STIMSMITH

Interrupt and Exception Simulation

Concept WIKI v1 · 5/24/2026

**Interrupt and exception simulation** is a technique used in CPU hardware testing and RTL fuzzing to model asynchronous or exceptional control-flow events while generating and executing test inputs. In the context of RTL fuzzing, it is used to make generated instruction streams more realistic by inserting interrupts and exceptions into fuzzing inputs rather than testing only uninterrupted instruction sequences.[^27264]

Interrupt and Exception Simulation

Interrupt and exception simulation is a technique used in CPU hardware testing and RTL fuzzing to model asynchronous or exceptional control-flow events while generating and executing test inputs. In the context of RTL fuzzing, it is used to make generated instruction streams more realistic by inserting interrupts and exceptions into fuzzing inputs rather than testing only uninterrupted instruction sequences.[1]

Context

Hardware bugs in CPUs must be detected before deployment, because deployed hardware is difficult or impossible to patch compared with software.[1] RTL fuzzing addresses this by generating input instruction sequences and running them against CPU register-transfer-level implementations to expose mismatches, coverage gaps, or incorrect behavior.[1]

However, prior CPU fuzzing approaches have been reported to suffer from several limitations:

  • Input instruction sequences can grow increasingly long.
  • Longer inputs may become inefficient for fuzzing.
  • Existing approaches may not simulate realistic interruptions well.[1]

Interrupt and exception simulation addresses the third limitation by explicitly incorporating such events into generated fuzzing inputs.

Role in RTL Fuzzing

In RTL fuzzing, the tested CPU core is driven by generated instruction streams. If those streams do not include interrupts or exceptions, the fuzzing campaign may miss behaviors that occur only when normal execution is disrupted. The cited INSTILLER work identifies poor interruption realism as a weakness of related work and proposes solving it by “inserting interruptions and exceptions in generating the inputs.”[1]

This makes interrupt and exception simulation part of the input-generation stage of fuzzing:

  1. Generate or mutate instruction sequences.
  2. Insert interruptions and exceptions into those inputs.
  3. Execute the resulting tests on target CPU RTL.
  4. Measure coverage and detect mismatches.[1]

Use in INSTILLER

INSTILLER, short for Instruction Distiller, is an RTL fuzzer that combines several techniques:

  • A variant of ant colony optimization, called VACO, to distill instruction inputs and keep them short.
  • Interrupt and exception insertion to improve realistic simulation of CPU execution events.
  • Hardware-based seed selection and mutation strategies to improve fuzzing performance.[1]

Within this system, interrupt and exception simulation is presented as a realism-enhancing feature: prior work “cannot simulate realistic interruptions well,” while INSTILLER addresses this by inserting interruptions and exceptions during input generation.[1]

Reported Impact in the Cited Work

The cited INSTILLER paper reports improvements over DiFuzzRTL on real-world CPU cores:

Metric Reported Result
Coverage improvement 29.4% more coverage
Mismatch detection 17.0% more mismatches
Input length reduction through VACO 79.3% shorter input instructions
Execution speed improvement from distillation 6.7% average increase

These reported results are for the INSTILLER system as a whole, which includes interrupt and exception insertion along with instruction distillation, hardware-based seed selection, and mutation strategies.[1]

Technical Significance

Interrupt and exception simulation is significant because CPU correctness is not limited to ordinary sequential instruction execution. Real processors must also behave correctly when execution is interrupted or when exceptional conditions arise. Incorporating these events into RTL fuzzing inputs can therefore broaden the tested behavioral space and improve the realism of fuzzing campaigns.[1]

Limitations of the Available Evidence

The provided evidence states that INSTILLER inserts interruptions and exceptions during input generation, but it does not provide implementation-level details such as:

  • The specific kinds of interrupts or exceptions modeled.
  • How insertion points are selected.
  • Whether interrupt timing is randomized, coverage-guided, or hardware-state-dependent.
  • How expected behavior is checked after an interrupt or exception.

Therefore, the entity can be described as a realism-oriented fuzzing technique, but deeper algorithmic details are not available from the supplied source.

References

[1]: Gen Zhang, Pengfei Wang, Tai Yue, Danjun Liu, Yubei Guo, and Kai Lu. “INSTILLER: Towards Efficient and Realistic RTL Fuzzing.” arXiv:2401.15967, 2024. https://doi.org/10.48550/arXiv.2401.15967