Skip to content
STIMSMITH

microarchitectural coverage

Concept

Microarchitectural coverage is used in coverage-guided pre-silicon processor fuzzing to steer tests toward processor behaviors relevant to hardware-software leakage-contract violations. In the provided evidence, higher microarchitectural coverage is associated with faster discovery of security vulnerabilities in the BOOM out-of-order RISC-V core.

First seen 5/26/2026
Last seen 5/26/2026
Evidence 2 chunks
Wiki v1

WIKI

Overview

Microarchitectural coverage refers, in the provided evidence, to coverage information used by a hardware fuzzer to explore processor microarchitectural behavior relevant to side-channel leakage-contract violations. The cited work presents this in the setting of coverage-guided hardware-software contract fuzzing, a pre-silicon methodology for open-source processors based on hardware-software leakage contracts. [C1]

Role in leakage-contract fuzzing

READ FULL ARTICLE →

NEIGHBORHOOD

No graph connections found for this entity yet. It may appear in future ingestion runs.

explore full graph →

RELATIONSHIPS

1 connections
Coverage-Guided Hardware-Software Contract Fuzzing ← uses 95% 2e
The technique uses microarchitectural coverage to lead to faster discovery of security vulnerabilities.

LINKED ENTITIES

2 links
Hardware-software leakage contracts application_context The evidence states that the fuzzing approach is based on hardware-software leakage contracts and is intended to find leakage-contract violations.
Microarchitectural state divergence observable_signal The evidence states that the methodology makes information leakage directly observable as microarchitectural state divergence.

CITATIONS

6 sources
6 citations — click to expand
[1] Microarchitectural coverage appears in the context of coverage-guided hardware-software contract fuzzing for open-source processors. Coverage-Guided Pre-Silicon Fuzzing of Open-Source Processors based on Leakage Contracts
[2] Hardware-software leakage contracts specify side-channel security guarantees, verification of complex designs is challenging, existing verification struggles to scale, and prevalent hardware fuzzing is blind to information leaks like Spectre. Coverage-Guided Pre-Silicon Fuzzing of Open-Source Processors based on Leakage Contracts
[3] The methodology uses a self-compositional framework to make information leakage directly observable as microarchitectural state divergence. Coverage-Guided Pre-Silicon Fuzzing of Open-Source Processors based on Leakage Contracts
[4] Self-Composition Deviation is presented as a new, security-oriented coverage metric that guides the fuzzer to execution paths that violate the leakage contract. Coverage-Guided Pre-Silicon Fuzzing of Open-Source Processors based on Leakage Contracts
[5] The implementation was evaluated on the in-order Rocket Core and the complex out-of-order BOOM core, and coverage-guided strategies outperformed unguided fuzzing. Coverage-Guided Pre-Silicon Fuzzing of Open-Source Processors based on Leakage Contracts
[6] Increased microarchitectural coverage led to faster discovery of security vulnerabilities in the BOOM core. Coverage-Guided Pre-Silicon Fuzzing of Open-Source Processors based on Leakage Contracts