Skip to content
STIMSMITH

Dynamic Program Analysis

Technique

Dynamic Program Analysis is discussed in the provided evidence as a semi-formal software-analysis technique applicable to Instruction Set Simulator verification when combined with constraint solving. In that context, it can automatically help increase code coverage, but the cited paper notes scalability issues and modeling limitations for memory access and loops.

First seen 5/28/2026
Last seen 5/29/2026
Evidence 2 chunks
Wiki v1

WIKI

Overview

Dynamic Program Analysis appears in the provided evidence as part of the verification landscape for Instruction Set Simulators (ISSs). The cited paper frames ISSs as software models of processors, often implemented in C++ for high simulation performance, and notes that ISS verification commonly relies on simulation-based methods because complete formal verification does not scale. These simulation-based methods require comprehensive test stimuli, while manual testcase writing is impractical and pure random generation provides only limited coverage. [1]

Use in ISS verification

READ FULL ARTICLE →

NEIGHBORHOOD

No graph connections found for this entity yet. It may appear in future ingestion runs.

explore full graph →

RELATIONSHIPS

1 connections
Verifying Instruction Set Simulators using Coverage-guided Fuzzing ← mentions 85% 2e
The paper mentions dynamic program analysis as a semi-formal method applicable to ISS verification.

LINKED ENTITIES

1 links
Verifying Instruction Set Simulators using Coverage-guided Fuzzing MENTIONS Extracted graph relationship

CITATIONS

4 sources
4 citations — click to collapse
[1] ISSs are software models often implemented in C++; complete formal verification does not scale, so simulation-based verification with comprehensive stimuli is used, while manual tests and pure random generation are insufficient. Verifying Instruction Set Simulators using Coverage-guided Fuzzing
[2] Semi-formal methods based on dynamic program analysis and constraint solving are applicable to ISS verification because the ISS is a software model; they can automatically increase code coverage but may face scalability issues or impose limitations on modeling memory access and loops. Verifying Instruction Set Simulators using Coverage-guided Fuzzing
[3] LibFuzzer is described as an LLVM-based coverage-guided fuzzing engine that creates binary bytestream inputs to maximize code coverage of an instrumented device under test and mutates input data using predefined random mutations. Verifying Instruction Set Simulators using Coverage-guided Fuzzing
[4] The paper implemented a coverage-guided fuzzing approach on top of libFuzzer with functional coverage and a custom mutation procedure for ISS verification, evaluated it on three public RISC-V ISSs, and reported new errors in every considered ISS including Spike. Verifying Instruction Set Simulators using Coverage-guided Fuzzing