Skip to content
STIMSMITH

ProcessorFuzz paper

Paper

The ProcessorFuzz paper presents ProcessorFuzz, a coverage-guided processor fuzzing approach that introduces CSR-transition coverage and uses ISA simulation to rapidly filter interesting test inputs before more expensive RTL simulation. The paper evaluates the approach on three open-source RISC-V processors, compares it with DIFUZZRTL, and reports faster bug triggering plus newly discovered bugs.

First seen 5/29/2026
Last seen 6/8/2026
Evidence 5 chunks
Wiki v1

WIKI

Overview

The ProcessorFuzz paper introduces ProcessorFuzz, a processor fuzzing mechanism for dynamic hardware verification. The work adapts coverage-guided fuzzing to processor designs, where hardware cannot be executed directly on a host machine and is instead evaluated through RTL simulation.

Core ideas

READ FULL ARTICLE →

NEIGHBORHOOD

No graph connections found for this entity yet. It may appear in future ingestion runs.

explore full graph →

RELATIONSHIPS

11 connections
ProcessorFuzz introduces → 100% 2e
The ProcessorFuzz paper introduces the ProcessorFuzz tool as a novel processor fuzzer.
CSR-transition coverage introduces → 100% 2e
The paper introduces the CSR-transition coverage metric as a novel coverage signal for processor fuzzing.
Sadullah Canakci authored by → 100% 2e
Sadullah Canakci is listed as an author of the ProcessorFuzz paper.
Chathura Rajapaksha authored by → 100% 2e
Chathura Rajapaksha is listed as an author of the ProcessorFuzz paper.
Leila Delshadtehrani authored by → 100% 2e
Leila Delshadtehrani is listed as an author of the ProcessorFuzz paper.
Anoop Nataraja authored by → 100% 2e
Anoop Nataraja is listed as an author of the ProcessorFuzz paper.
Michael Bedford Taylor authored by → 100% 2e
Michael Bedford Taylor is listed as an author of the ProcessorFuzz paper.
Manuel Egele authored by → 100% 2e
Manuel Egele is listed as an author of the ProcessorFuzz paper.
Ajay Joshi authored by → 100% 2e
Ajay Joshi is listed as an author of the ProcessorFuzz paper.
Boston University authored by → 100% 1e
The ProcessorFuzz paper is affiliated with Boston University.
University of Washington authored by → 100% 1e
The ProcessorFuzz paper is affiliated with University of Washington.

LINKED ENTITIES

10 links
ProcessorFuzz INTRODUCES Extracted graph relationship
CSR-transition coverage INTRODUCES Extracted graph relationship
Sadullah Canakci AUTHORED_BY Extracted graph relationship
Chathura Rajapaksha AUTHORED_BY Extracted graph relationship
Leila Delshadtehrani AUTHORED_BY Extracted graph relationship
Anoop Nataraja AUTHORED_BY Extracted graph relationship
Michael Bedford Taylor AUTHORED_BY Extracted graph relationship
Manuel Egele AUTHORED_BY Extracted graph relationship
Ajay Joshi AUTHORED_BY Extracted graph relationship
DiFuzzRTL COMPARES_TO The evidence states that ProcessorFuzz is compared against the state-of-the-art register-coverage-guided DIFUZZRTL.

CITATIONS

7 sources
7 citations — click to expand
[1] The paper introduces ProcessorFuzz as a new processor fuzzing mechanism. ProcessorFuzz: Processor Fuzzing with Control and
[2] ProcessorFuzz uses CSR-transition coverage to guide fuzzing toward interesting processor states by monitoring transitions in Control and Status Registers. ProcessorFuzz: Processor Fuzzing with Control and
[3] ProcessorFuzz uses ISA simulation as part of the coverage feedback mechanism to rapidly identify interesting test inputs, and ISA simulation is described as faster than RTL simulation. ProcessorFuzz: Processor Fuzzing with Control and
[4] The paper reports ISA simulation as 79× faster than RTL simulation for the open-source RISC-V BOOM processor. ProcessorFuzz: Processor Fuzzing with Control and
[5] Processor fuzzing in the paper uses differential testing between RTL simulation and an ISA-simulator reference model, where inconsistent behavior indicates a potential bug. ProcessorFuzz: Processor Fuzzing with Control and
[6] The evaluation uses three open-source RISC-V processors with different HDLs and microarchitectural properties. ProcessorFuzz: Processor Fuzzing with Control and
[7] ProcessorFuzz triggered DIFUZZRTL-found bugs 1.23× faster on average than DIFUZZRTL and revealed 8 new bugs in open-source processors plus 1 new bug in a reference model. ProcessorFuzz: Processor Fuzzing with Control and