Skip to content
STIMSMITH

outlier bugs

Concept

Outlier bugs are processor functional bugs that resist conventional simulation-based verification because the event sequences required to trigger them are too complex for random instruction streams or directed tests. In the cited RISC-V verification work, they are also called “simulation resistant super bugs” and are described as requiring execution outside the design’s normal flow or operating parameters to be exposed.

First seen 5/27/2026
Last seen 5/28/2026
Evidence 2 chunks
Wiki v1

WIKI

Definition

In processor verification, outlier bugs are functional bugs that evade typical simulation-based verification approaches. Verification engineers also refer to them as simulation resistant super bugs. They are not exposed by random instruction streams or directed tests when the required sequence of events is too complicated to occur under normal verification workloads. Instead, they may only be exposed by exercising the design outside its normal flow or operating parameters. [C1]

Why they are difficult to find

READ FULL ARTICLE →

NEIGHBORHOOD

No graph connections found for this entity yet. It may appear in future ingestion runs.

explore full graph →

CITATIONS

6 sources
6 citations — click to expand
[1] Outlier bugs are also called simulation-resistant super bugs; they are not exposed by random instruction streams or directed tests because the event sequence is too complicated, and they may require exercising the design outside normal flow or operating parameters. Effective Processor Verification with Logic Fuzzer Enhanced Co-Simulation
[2] In simulation-based processor verification, exposing a bug depends on developing a code sequence that drives the processor into a buggy microarchitectural state that creates an architectural-state inconsistency with the golden model. Effective Processor Verification with Logic Fuzzer Enhanced Co-Simulation
[3] Functional bugs can escape to silicon despite extensive co-simulation and high coverage, and may be exposed only during silicon validation or at an end customer. Effective Processor Verification with Logic Fuzzer Enhanced Co-Simulation
[4] Logic Fuzzer fuzzes the actual logic rather than input stimuli, randomizing states or control signals in the device under test without corrupting functionality or program order; examples include reorder-buffer stall/full signals, branch-predictor tables, and mispredicted-path instructions. Effective Processor Verification with Logic Fuzzer Enhanced Co-Simulation
[5] Dromajo alone exposed nine bugs in three RISC-V cores, and enhancing it with Logic Fuzzer increased the exposed bug count to thirteen without additional verification tests. Effective Processor Verification with Logic Fuzzer Enhanced Co-Simulation
[6] The evaluated RISC-V cores had gone through several tapeouts and claimed to boot and run Linux, yet more than half of the found bugs were operating-system related, and a well-behaved Linux run would not have exercised most of them. Effective Processor Verification with Logic Fuzzer Enhanced Co-Simulation