00

DejaVuzz

Tool ☆ WATCH ⎘ SHARE

First seen 6/13/2026

Last seen 6/13/2026

Evidence 14 chunks

01

NEIGHBORHOOD

21 nodes · 27 edges

graph · DejaVuzz · depth=1

02

RELATIONSHIPS

21 connections

Taint Liveness Annotation uses → 100% 2e evidence

DejaVuzz introduces taint liveness annotations to bind state registers to related taint registers and filter unexploitable taints.

Microarchitectural Controllability uses → 95% 2e evidence

DejaVuzz addresses microarchitectural controllability by using dynamic swappable memory to resolve address space conflicts.

RISC-V uses → 100% 2e evidence

DejaVuzz supports the RV64GC RISC-V instruction set for stimulus generation.

Taint Coverage Matrix uses → 100% 2e evidence

DejaVuzz designs a taint coverage matrix to guide mutation based on sensitive data propagation.

Constant Time Execution Analysis uses → 100% 2e evidence

DejaVuzz checks transient window constant time execution violations as part of its leakage analysis.

BOOM evaluates → 100% 2e evidence

DejaVuzz is evaluated on the BOOM RISC-V out-of-order processor.

XiangShan evaluates → 100% 2e evidence

DejaVuzz is evaluated on the XiangShan RISC-V out-of-order processor.

Yosys uses → 100% 1e evidence

DejaVuzz uses Yosys for diffIFT instrumentation to insert taint cells.

ISA Simulator uses → 100% 1e evidence

DejaVuzz uses an ISA simulator to compute operands required to trigger transient windows.

Transient Execution uses → 100% 1e evidence

DejaVuzz targets transient execution vulnerabilities as its primary focus.

Chisel uses → 85% 1e evidence

DejaVuzz treats all register arrays generated by Chisel Vec constructor as potential sinks.

Transient Execution Vulnerability Detection evaluates → 100% 1e evidence

DejaVuzz is designed for and evaluated on transient execution vulnerability detection.

Control Flow Over-Tainting Mitigation introduces → 90% 1e evidence

DejaVuzz introduces a mechanism to mitigate control flow over-tainting with acceptable overhead.

DejaVuzz: Disclosing Transient Execution Bugs with Dynamic Swappable Memory and Differential Information Flow Tracking Assisted Processor Fuzzing ← introduces 100% 1e evidence

The paper introduces DejaVuzz as a novel pre-silicon processor transient execution bug fuzzer.

Taint Coverage Matrix introduces → 100% 1e evidence

DejaVuzz introduces the first secret-sensitive coverage matrix designed for transient execution vulnerability fuzzing.

Dynamic Swappable Memory uses → 100% 1e evidence

DejaVuzz utilizes dynamic swappable memory as one of its two core operating primitives.

Differential Information Flow Tracking uses → 100% 1e evidence

DejaVuzz utilizes differential information flow tracking as one of its two core operating primitives.

Training Derivation Strategy uses → 100% 1e evidence

DejaVuzz uses the training derivation strategy to derive targeted training based on transient execution information.

Training Reduction Strategy uses → 100% 1e evidence

DejaVuzz uses the training reduction strategy to eliminate ineffective training and reduce overhead.

RTL simulation uses → 100% 1e evidence

DejaVuzz uses RTL simulation to execute generated instruction sequences on the design under test.

Synopsys VCS uses → 100% 1e evidence

DejaVuzz uses Synopsys VCS as the industry-standard RTL simulator for simulation.