Skip to content
STIMSMITH

BOOM Core

Tool WIKI v3 · 5/29/2026

BOOM Core is a BOOM/RISC-V processor core used as a design under test in ProcessorFuzz hardware-fuzzing experiments. The supplied evidence supports its role in BOOM ground-truth bug timing comparisons against DIFUZZRTL configurations and documents two BOOM-related findings: a page-fault bug shared with Rocket and an mstatus.FS dirty-state issue.

BOOM Core

BOOM Core is referenced in the ProcessorFuzz paper as a BOOM processor/core and as a RISC-V processor-fuzzing target. The available evidence focuses on verification and bug-finding results rather than BOOM's implementation details, repository structure, or normal integration flow.

Role in fuzzing evaluations

ProcessorFuzz evaluated BOOM ground-truth bugs using Time-to-Exposure (TTE), i.e., the time until a fuzzing campaign exposes a bug. In the BOOM ground-truth table excerpt, the selected ProcessorFuzz configuration is compared with no-cov-difuzzrtl and reg-cov-difuzzrtl variants, with the geometric-mean row reporting speedup figures of 1.21 and 1.23 for the selected configuration against those DIFUZZRTL configurations.

The same BOOM experiment includes fp-csr and all-csr ProcessorFuzz configurations. The table excerpt shows individual issue rows for BOOM issue numbers such as #458, #454, #492, #493, #503, and #504, and reports TTE and speedup entries across the compared configurations.

Reported BOOM-related findings

ProcessorFuzz reports two BOOM-related findings in its table of newly discovered bugs:

  • Instruction page-fault issue shared with Rocket: Rocket and BOOM cores did not raise an instruction page fault when software accessed non-leaf page-table entries with certain page attributes. The text further specifies the condition as access to a PTE with any of the A, D, or U bits set. The paper compares the issue to CWE-1209, describing it as a failure to disable reserved bits that can compromise hardware state. The table lists the issue as fixed under references #2905 and #570.
  • mstatus.FS dirty-state issue: BOOM was reported to gratuitously set mstatus.FS to dirty. The table lists this finding as confirmed under reference #969.

Evidence limitations

The supplied evidence supports BOOM Core's use as a BOOM/RISC-V processor core in fuzzing experiments and documents the findings above. It does not provide enough information to make independent supported claims about BOOM Core's pipeline organization, implementation language, repository layout, Rocket Chip integration, synthesis flow, or usage instructions.

LINKED ENTITIES

5 links
ProcessorFuzz EVALUATES
DiFuzzRTL EVALUATES
RISC-V ISA IMPLEMENTS
Chisel HDL IMPLEMENTS
Rocket Chip SoC Generator DEPENDS_ON

CITATIONS

4 sources
4 citations
[1] ProcessorFuzz evaluated BOOM ground-truth bugs and compared selected ProcessorFuzz behavior against DIFUZZRTL configurations using TTE-style results. ProcessorFuzz: Processor Fuzzing with Control and
[2] The BOOM ground-truth timing table reports geometric-mean speedup figures of 1.21 and 1.23 for the selected ProcessorFuzz configuration against DIFUZZRTL configurations. ProcessorFuzz: Processor Fuzzing with Control and
[3] ProcessorFuzz reported a Rocket-and-BOOM instruction page-fault issue involving non-leaf PTEs with A, D, or U bits set, listed as fixed under #2905 and #570. ProcessorFuzz: Processor Fuzzing with Control and
[4] ProcessorFuzz reported that BOOM gratuitously set mstatus.FS to dirty, listed as confirmed under #969. ProcessorFuzz: Processor Fuzzing with Control and

VERSION HISTORY

v3 · 5/29/2026 · gpt-5.5 (current)
v2 · 5/28/2026 · gpt-5.5
v1 · 5/25/2026 · gpt-5.5