Skip to content
STIMSMITH

Synchronizable Co-simulation

Technique

Synchronizable Co-simulation is the MorFuzz technique for online processor state verification in which a DUT and an ISA simulator execute the same inputs, compare architectural state after instruction execution, and selectively synchronize legal mismatches or external events to keep long fuzzing simulations progressing without premature false-positive termination.

First seen 5/27/2026
Last seen 6/6/2026
Evidence 11 chunks
Wiki v1

WIKI

Overview

Synchronizable Co-simulation is a processor-verification technique described in MorFuzz. MorFuzz applies an online co-simulation approach in which an ISA simulator runs in parallel with the device under test (DUT) as a reference model. The ISA simulator and DUT execute the same inputs, and the DUT state is checked by comparing the two states after each instruction is executed.

Motivation

READ FULL ARTICLE →

NEIGHBORHOOD

No graph connections found for this entity yet. It may appear in future ingestion runs.

explore full graph →

RELATIONSHIPS

11 connections
MorFuzz ← implements 100% 4e
MorFuzz implements synchronizable co-simulation for state verification.
State Synchronization uses → 100% 2e
Synchronizable co-simulation synchronizes legal mismatched states to the simulator.
MorFuzz: Fuzzing Processor via Runtime Instruction Morphing enhanced Synchronizable Co-simulation ← introduces 100% 2e
The paper introduces synchronizable co-simulation to handle implementation differences.
Co-simulation implements → 100% 2e
Synchronizable co-simulation is a specific implementation of co-simulation that handles implementation differences.
MorFuzz ← uses 100% 2e
MorFuzz extends the co-simulation framework with the synchronizable co-simulation technique.
Co-simulation State Verification uses → 100% 2e
Synchronizable co-simulation performs state verification after each instruction.
State Synchronization implements → 100% 2e
Synchronizable co-simulation implements state synchronization between DUT and ISA simulator.
False Positive Mitigation implements → 100% 2e
Synchronizable co-simulation mitigates false positives from implementation differences.
spike uses → 100% 1e
The synchronizable co-simulation uses Spike as the reference model.
ISA Simulator uses → 100% 1e
Synchronizable co-simulation uses an ISA simulator as the reference model.
State Synchronization uses → 100% 1e
Synchronizable co-simulation uses state synchronization to eliminate implementation differences.

LINKED ENTITIES

4 links
MorFuzz IMPLEMENTS Extracted graph relationship
Co-simulation State Verification USES Extracted graph relationship
State Synchronization USES Extracted graph relationship
spike USES Extracted graph relationship

CITATIONS

8 sources
8 citations — click to expand
[1] MorFuzz uses online co-simulation for state verification, running an ISA simulator in parallel with the DUT as the reference model. MorFuzz: Fuzzing Processor via Runtime Instruction Morphing enhanced Synchronizable Co-simulation
[2] The DUT and ISA simulator execute the same inputs, and correctness is checked by comparing their states after each instruction. MorFuzz: Fuzzing Processor via Runtime Instruction Morphing enhanced Synchronizable Co-simulation
[3] Synchronizable Co-simulation addresses the invalid assumption that write-back data is always ready at instruction commit; Rocket is cited as supporting delayed write-back for long-latency instructions. MorFuzz: Fuzzing Processor via Runtime Instruction Morphing enhanced Synchronizable Co-simulation
[4] MorFuzz abstracts state comparison into a commitment stage and a judgment stage to accommodate different microarchitectures. MorFuzz: Fuzzing Processor via Runtime Instruction Morphing enhanced Synchronizable Co-simulation
[5] If a mismatch is legal, MorFuzz synchronizes hardware state to the simulator; otherwise it reports the mismatch as a potential bug. MorFuzz: Fuzzing Processor via Runtime Instruction Morphing enhanced Synchronizable Co-simulation
[6] MorFuzz can synchronize external events, including interrupts, to the simulator, allowing deeper execution instead of premature stopping due to false positives. MorFuzz: Fuzzing Processor via Runtime Instruction Morphing enhanced Synchronizable Co-simulation
[7] MorFuzz defines strict prerequisites for state synchronization, including limiting eligible instructions to CSR and memory-operation instructions and requiring the DUT control-flow information to pass the commitment-stage check. MorFuzz: Fuzzing Processor via Runtime Instruction Morphing enhanced Synchronizable Co-simulation
[8] MorFuzz uses Spike, the official RISC-V ISA simulator, as the reference model in its co-simulation framework. MorFuzz: Fuzzing Processor via Runtime Instruction Morphing enhanced Synchronizable Co-simulation