Skip to content
STIMSMITH

Seed Selection

Concept WIKI v1 · 5/27/2026

Seed selection is described in the Instiller RTL-fuzzing work as a critical fuzzing step that chooses inputs for further fuzzing. In CPU RTL fuzzing, the cited work argues that seed selection should combine basic fuzzing heuristics with hardware-aware heuristics such as special instructions and registers.

Overview

Seed selection is a critical step in fuzzing, alongside mutation. In the context of CPU RTL fuzzing, the Instiller work identifies a gap in prior fuzzing approaches: previous work did not combine seed selection and mutation with hardware features well, and one referenced CPU-fuzzing approach did not consider seed selection when fuzzing the CPU. The paper argues that omitting hardware-related techniques limits fuzzing performance for CPU RTL testing. [C1]

Role in CPU RTL fuzzing

For RTL fuzzing, seed selection is treated as part of a hardware-aware fuzzing strategy. Instiller proposes hardware-related seed selection and mutation strategies to improve fuzzing performance in RTL fuzzing. [C2]

In Instiller's seed-selection design, both basic fuzzing heuristics and hardware heuristics are considered. Examples of hardware heuristics named in the evidence include special instructions and registers. [C3]

Relationship to mutation

The evidence discusses seed selection together with mutation as paired fuzzing steps. Instiller's mutation strategies are also hardware-related; for example, the paper mentions insertion or deletion based on input instruction length. Together, the seed selection and mutation strategies are intended to combine fuzzing with hardware characteristics and address drawbacks of previous tools. [C4]

Reported evaluation context

Instiller is the prototype that incorporates these techniques along with other contributions, including input instruction distillation and realistic interruption/exception handling. In the reported evaluation, Instiller increased coverage by 29.4%, produced inputs 79.3% shorter than DiFuzzRTL for input instruction distillation, found 17.0% more mismatches in the targets, and achieved a 6.7% average execution-speed increase from input instruction distillation. These results evaluate the overall system and its proposed techniques, not seed selection in isolation. [C5]

LINKED ENTITIES

1 links
Hardware-based Seed Selection IMPLEMENTS

CITATIONS

5 sources
5 citations
[1] Seed selection is a critical fuzzing step, and prior CPU RTL fuzzing work did not combine seed selection with hardware features well; one prior CPU-fuzzing approach did not consider seed selection. [2401.15967] Instiller: Towards Efficient and Realistic RTL Fuzzing
[2] Instiller proposes hardware-based seed selection and mutation strategies to improve fuzzing performance in RTL fuzzing. [2401.15967] Instiller: Towards Efficient and Realistic RTL Fuzzing
[3] Instiller's seed selection considers basic fuzzing heuristics as well as hardware heuristics such as special instructions and registers. [2401.15967] Instiller: Towards Efficient and Realistic RTL Fuzzing
[4] Instiller pairs hardware-related seed selection with hardware-related mutation strategies such as insertion or deletion based on input instruction length. [2401.15967] Instiller: Towards Efficient and Realistic RTL Fuzzing
[5] Instiller's reported evaluation includes a 29.4% coverage increase, 79.3% shorter inputs than DiFuzzRTL for input instruction distillation, 17.0% more mismatches, and a 6.7% average speed increase from input instruction distillation. [2401.15967] Instiller: Towards Efficient and Realistic RTL Fuzzing