RTL simulation

Technique

RTL simulation is a processor-design execution model used in verification and fuzzing workflows, but the provided evidence emphasizes its cost relative to ISA simulation. In ProcessorFuzz, RTL simulation is reserved for inputs first classified as interesting by faster ISA-level CSR-transition feedback; the paper reports Spike ISA simulation as 79× faster than RTL simulation of the RISC-V BOOM processor and says ProcessorFuzz launched RTL simulation only for interesting inputs.

First seen 5/28/2026

Last seen 6/8/2026

Evidence 14 chunks

Wiki v2

WIKI

Overview

RTL simulation executes a processor design at the register-transfer level. In the provided evidence, it appears primarily as the slower but design-level execution target in processor fuzzing workflows. ProcessorFuzz contrasts RTL simulation with ISA simulation: the paper states that ISA simulators are generally much faster for executing a given program than running that program on a processor using RTL simulation, and reports that the RISC-V Spike ISA simulator was, on average, 79× faster than RTL simulation of the RISC-V BOOM processor.

Use in processor fuzzing

READ FULL ARTICLE →

NEIGHBORHOOD

4 nodes · 5 edges

graph · RTL simulation · depth=1

RELATIONSHIPS

7 connections

DiFuzzRTL ← uses 100% 3e

DIFUZZRTL relies on RTL simulation to evaluate test inputs.

differential testing ← uses 100% 2e

Differential testing compares RTL simulation output against ISA simulation output.

ProcessorFuzz ← uses 100% 2e

ProcessorFuzz launches RTL simulation for inputs that pass the ISA simulation filter.

Verilator uses → 100% 1e

Verilator is used for RTL simulation in ProcessorFuzz.

ProcessorFuzz ← implements 95% 1e

ProcessorFuzz performs RTL simulation to verify processor designs.

Verilator ← implements 100% 1e

Verilator is an open-source tool implementing RTL simulation.

RTL/ISS co-simulation ← uses 1e

RTL/ISS co-simulation employs RTL simulation as one of its core techniques.

LINKED ENTITIES

3 links

ProcessorFuzz IMPLEMENTS Extracted graph relationship

differential testing USES Extracted graph relationship

Verilator USES Extracted graph relationship

CITATIONS

6 sources

6 citations — click to expand

[1] ISA simulation is described as faster than RTL simulation for executing programs, with Spike reported as 79× faster than RTL simulation of RISC-V BOOM. ProcessorFuzz: Processor Fuzzing with Control and Status Registers Guidance

[2] ProcessorFuzz uses ISA simulation rather than RTL simulation to determine whether a generated test input is interesting. ProcessorFuzz: Processor Fuzzing with Control and Status Registers Guidance

[3] CSR transitions can be extracted from either ISA simulation or RTL simulation, and ProcessorFuzz monitors CSR values across previous and current instructions to detect transitions. ProcessorFuzz: Processor Fuzzing with Control and Status Registers Guidance

[4] ProcessorFuzz launched RTL simulation only for interesting inputs and discarded other generated inputs. ProcessorFuzz: Processor Fuzzing with Control and Status Registers Guidance

[5] ProcessorFuzz identified only 33% of generated test inputs as interesting and used the least number of test inputs for RTL simulation while exposing bugs faster in the discussed evaluation. ProcessorFuzz: Processor Fuzzing with Control and Status Registers Guidance

[6] The evidence contrasts instrumentation effort: ISA simulators can be extended using existing trace logic for selected CSRs, whereas RTL-design instrumentation for coverage metrics requires additional effort. ProcessorFuzz: Processor Fuzzing with Control and Status Registers Guidance