Skip to content
STIMSMITH

ISA simulation

Technique

ISA simulation executes programs at the instruction-set-architecture level and is used as a reference in processor validation workflows. In the provided evidence, ProcessorFuzz runs an ISA simulator on mutated RISC-V assembly inputs to produce an extended ISA trace log, uses CSR transitions from that log as fuzzing feedback, and compares the ISA trace against an RTL trace to flag potential bugs.

First seen 5/28/2026
Last seen 6/8/2026
Evidence 12 chunks
Wiki v1

WIKI

Overview

ISA simulation is the use of an instruction-set-architecture-level simulator to execute test programs and observe architectural behavior. In processor verification workflows, the ISA simulator can act as a reference execution source whose trace is compared with a lower-level implementation trace, such as an RTL trace.

Role in ProcessorFuzz

READ FULL ARTICLE →

NEIGHBORHOOD

3 nodes · 3 edges
graph · ISA simulation · depth=1

RELATIONSHIPS

6 connections
ProcessorFuzz ← uses 100% 4e
ProcessorFuzz uses ISA simulation to rapidly evaluate test inputs for coverage.
extended ISA trace log uses → 95% 2e
ISA simulation generates extended ISA trace logs with CSR values.
Spike ISA simulator ← implements 100% 2e
Spike ISA simulator implements ISA simulation for RISC-V processors.
Dromajo ← implements 90% 1e
Dromajo serves as a reference ISA simulator model for BlackParrot.
Spike ISA simulator uses → 90% 1e
ISA simulation is performed using the Spike ISA simulator in the context of ProcessorFuzz.
differential testing ← uses 95% 1e
Differential testing in processor fuzzing compares ISA simulation results against RTL simulation results.

LINKED ENTITIES

4 links
ProcessorFuzz USES Extracted graph relationship
extended ISA trace log USES Extracted graph relationship
Spike ISA simulator IMPLEMENTS Extracted graph relationship
Dromajo IMPLEMENTS Extracted graph relationship

CITATIONS

5 sources
5 citations — click to expand
[1] ProcessorFuzz runs an ISA simulator on mutated assembly inputs and generates an extended ISA trace log containing CSR values for each executed instruction. ProcessorFuzz: Processor Fuzzing with Control and
[2] ProcessorFuzz extracts CSR transitions from the extended ISA trace log, checks them against a Transition Map, and keeps inputs that trigger new transitions. ProcessorFuzz: Processor Fuzzing with Control and
[3] ProcessorFuzz compares the ISA trace log with an RTL trace log, and mismatches are treated as potential bugs requiring confirmation. ProcessorFuzz: Processor Fuzzing with Control and
[4] The ProcessorFuzz extended ISA trace example records PC, instruction, and selected CSR values including mstatus, mcause, scause, medeleg, frm, and fflags. ProcessorFuzz: Processor Fuzzing with Control and
[5] A RISC-V UVM-TLM co-simulation framework uses the Spike ISA simulator for functional verification and prioritizes simulation efficiency and acceptable fidelity over cycle-level precision. An Integrated UVM-TLM Co-Simulation Framework for RISC-V Functional Verification and Performance Evaluation