Efficient Cross-Level Processor Verification using Coverage-guided Fuzzing
PaperA technical paper on applying coverage-guided fuzzing to processor verification, with AFL-based mutation extensions for RISC-V instruction streams and a post-processing step that clusters mismatch-triggering test vectors.
First seen 5/25/2026
Last seen 5/29/2026
Evidence 15 chunks
Wiki v2
WIKI
Efficient Cross-Level Processor Verification using Coverage-guided Fuzzing
Overview
Efficient Cross-Level Processor Verification using Coverage-guided Fuzzing is a paper about using coverage-guided fuzzing for processor verification. The available evidence identifies the work by title and shows that its implementation builds on AFL-style fuzzing, including a comparison between Vanilla AFL and an Enhanced AFL configuration. [paper-title] [afl-results]
NEIGHBORHOOD
No graph connections found for this entity yet. It may appear in future ingestion runs.
explore full graph →RELATIONSHIPS
50 connectionsThe paper uses the Mann-Whitney U Test to statistically analyze the difference between Vanilla AFL and Enhanced AFL results.
The paper evaluates the VexRiscv RISC-V processor as the device under test.
The paper uses virtual coverage to improve coverage measurement in the co-simulation.
The paper uses AFL as the base coverage-guided fuzzer, extended with custom mutations.
The paper uses a co-simulation setting with an ISS as reference model for the RTL processor.
The paper introduces post-processing test vector clustering to group test vectors that reveal the same bug.
The paper proposes a cross-level verification approach for processors.
Niklas Bruns is listed as an author of the paper.
The paper proposes leveraging coverage-guided fuzzing for processor verification.
An ISS is used as a reference model for the RTL processor under test.
The Translation Buffer is a novel component introduced in the paper to transform test vectors into instruction streams.
The Execution Controller is introduced as a key component for detecting mismatches and preventing infinite loops.
The paper introduces the Fast Exploration mutation as a custom AFL mutation for processor verification.
The paper mentions SpinalFuzz as a related fuzzing tool for SpinalHDL designs.
Efficient Cross-Level Testing for Processor Verification: A RISC-V Case-Study compares with → 90% 2e
The paper compares its approach with the cross-level co-simulation approach from this related work.
The paper mentions this related work on coverage-guided fuzzing for ISS verification.
The paper mentions this work as a related fuzzing approach for hardware.
Test vectors are generated by the fuzzer and used as instruction streams for co-simulation.
Vladimir Herdt is listed as an author of the paper.
Daniel Große is listed as an author of the paper.
Rolf Drechsler is listed as an author of the paper.
The paper leverages coverage-guided fuzzing techniques to generate processor-level input stimuli.
The paper uses RISC-V as the ISA for the processor verification case study.
The paper uses RISC-V VP as the reference ISS in the co-simulation.
The paper uses Verilator to translate the RTL-core to C++ for co-simulation.
The paper introduces the Translation Buffer component to transform fuzzer test vectors into endless instruction streams.
The paper introduces the Execution Controller to prevent infinite loops and detect mismatches between processor cores.
The paper introduces the Enhanced Havoc mutation as a custom AFL mutation for processor verification.
The paper uses register value comparison as the mechanism to detect functional mismatches between ISS and RTL-core.
The paper includes CSR testing as part of the verification approach and Enhanced Havoc mutation includes CSR instruction support.
The paper uses the RV32IM configuration of VexRiscv in its case study.
The paper generates processor-level input stimuli using coverage-guided fuzzing techniques.
The paper mentions RISC-V ISA Tests as a related baseline verification approach.
The paper mentions RISCV-DV as a related constraint-based RISC-V verification tool.
The paper mentions CSP as a technique used in related work for constraint-based test generation.
The paper mentions model-based test generators as related work.
The paper mentions RFUZZ as a related fuzzing approach for hardware verification.
The paper mentions SpinalFuzz as a related fuzzing approach for SpinalHDL designs.
The paper mentions machine learning techniques as related work for test generation.
The paper mentions symbolic execution as a related technique for ISS-level test generation.
The paper mentions model checking as a related formal verification approach for RISC-V.
The paper mentions semi hand-written directed test suites as baseline verification approaches for RISC-V.
The paper mentions FPGA acceleration as used by a related fuzzing approach.
The paper embeds the RTL-core and ISS into a common SystemC TLM testbench.
The paper contrasts its approach with the single endless instruction stream generation approach.
The paper discusses CSP-based test generation as a related approach.
The paper discusses model-based test generation as a related approach.
Genesys-Pro: Innovations in Test Program Generation for Functional Processor Verification mentions → 90% 1e
The paper mentions Genesys-Pro as a related model-based test generation approach.
The paper mentions RFUZZ as a related hardware fuzzing approach combining fuzzing with FPGA acceleration.
The paper mentions RISCV-DV as a related constraint-based instruction stream generator.
LINKED ENTITIES
37 linksRegister Value Comparison USES Extracted graph relationship
Niklas Bruns AUTHORED_BY Extracted graph relationship
Vladimir Herdt AUTHORED_BY Extracted graph relationship
Daniel Große AUTHORED_BY Extracted graph relationship
Rolf Drechsler AUTHORED_BY Extracted graph relationship
Cross-Level Processor Verification INTRODUCES Extracted graph relationship
Coverage-guided Fuzzing USES Extracted graph relationship
Co-Simulation USES Extracted graph relationship
Instruction Set Simulator USES Extracted graph relationship
RISC-V USES Extracted graph relationship
AFL USES Extracted graph relationship
VexRiscv EVALUATES Extracted graph relationship
RISC-V VP USES Extracted graph relationship
Verilator USES Extracted graph relationship
SystemC TLM USES Extracted graph relationship
Translation Buffer INTRODUCES Extracted graph relationship
Execution Controller INTRODUCES Extracted graph relationship
Fast Exploration Mutation INTRODUCES Extracted graph relationship
Enhanced Havoc Mutation INTRODUCES Extracted graph relationship
Post-processing Test Vector Clustering INTRODUCES Extracted graph relationship
Virtual Coverage USES Extracted graph relationship
CSR Testing USES Extracted graph relationship
Mann-Whitney U Test USES Extracted graph relationship
RV32IM USES Extracted graph relationship
Processor-level Input Stimuli Generation USES Extracted graph relationship
Mutation-Based Fuzzing USES Extracted graph relationship
RFUZZ COMPARES_WITH Extracted graph relationship
SpinalFuzz COMPARES_WITH Extracted graph relationship
Endless Instruction Stream Generation COMPARES_WITH Extracted graph relationship
Constraint Satisfaction Problem-based Test Generation COMPARES_WITH Extracted graph relationship
Model-Based Test Generation COMPARES_WITH Extracted graph relationship
Bayesian Network Coverage-Directed Test Generation COMPARES_WITH Extracted graph relationship
Symbolic Execution for Test Generation COMPARES_WITH Extracted graph relationship
RISC-V Torture Test Generator COMPARES_WITH Extracted graph relationship
RISC-V ISA Tests COMPARES_WITH Extracted graph relationship
riscv-dv COMPARES_WITH Extracted graph relationship
Genesys-Pro COMPARES_WITH Extracted graph relationship