RFUZZ
ToolRFUZZ is a Rust-based public research platform described by its GitHub repository as “coverage-directed fuzzing for RTL.” ProcessorFuzz places RFUZZ in the hardware-fuzzing/RTL-verification context and reports a 97% runtime overhead for RFUZZ in a comparison of prior approaches.
First seen 5/26/2026
Last seen 6/9/2026
Evidence 19 chunks
Wiki v4
WIKI
Overview
RFUZZ is a public research platform for coverage-directed fuzzing of RTL hardware designs. The ekiwi/rfuzz GitHub repository describes the project as “coverage-directed fuzzing for RTL research platform.” The repository metadata identifies Rust as the primary language and lists 114 stars, 14 forks, and an update timestamp of 2026-03-30. [RFUZZ GitHub repository]
Technical context
NEIGHBORHOOD
4 nodes · 4 edgesgraph · RFUZZ · depth=1
RELATIONSHIPS
18 connectionsDIFUZZRTL is compared against RFuzz, the state-of-the-art RTL fuzzer, showing 40x faster execution and 6.4x faster state exploration.
RFUZZ uses multiplexer toggle coverage as its feedback metric
RFUZZ uses multiplexer toggle coverage as its hardware coverage metric.
RFUZZ is a hardware fuzzing tool targeting RTL designs
RFUZZ is coupled to Chisel HDL.
RFUZZ implements multiplexer toggle coverage for hardware fuzzing.
RFuzz implements mux-coverage guided fuzzing as its core coverage technique.
RFUZZ is an input-stimuli fuzzing tool adapted from American Fuzzy Lop for hardware verification.
RFUZZ uses multiplexer toggle coverage for hardware fuzzing.
ProcessorFuzz is described as HDL-agnostic in contrast to RFUZZ which is coupled to Chisel HDL.
ProcessorFuzz paper mentions RFUZZ as a prior work with high instrumentation overhead.
RFUZZ combines fuzzing with FPGA acceleration for hardware verification.
The paper discusses RFUZZ as related work in input-stimuli fuzzing and distinguishes it from Logic Fuzzer.
The paper mentions RFUZZ as a related fuzzing approach for hardware verification.
RFUZZ is a hardware fuzzer that instruments processor RTL for coverage-guided fuzzing.
The paper mentions RFUZZ as a related hardware fuzzing approach combining fuzzing with FPGA acceleration.
DirectFuzz is experimentally compared against RFUZZ
RFUZZ is tightly coupled to Chisel HDL
CITATIONS
4 sources4 citations — click to collapse
[1] RFUZZ is described by its public GitHub repository as a coverage-directed fuzzing platform for RTL research; the repository metadata lists Rust as the language, 114 stars, 14 forks, and an update timestamp of 2026-03-30. ekiwi/rfuzz
[2] ProcessorFuzz places RFUZZ in the broader context of hardware fuzzing for RTL verification and explains that software-style coverage metrics such as basic-block and branch coverage are not well suited for hardware fuzzing. ProcessorFuzz: Processor Fuzzing with Control and Status Registers Guidance
[3] ProcessorFuzz identifies multiplexer toggle coverage and register coverage as hardware-tailored coverage metrics intended to guide fuzzers toward uncovered processor FSM states using hardware-intrinsic information. ProcessorFuzz: Processor Fuzzing with Control and Status Registers Guidance
[4] ProcessorFuzz reports 97% runtime overhead for RFUZZ. ProcessorFuzz: Processor Fuzzing with Control and Status Registers Guidance