RFUZZ Wiki — STIMSMITH

RFUZZ

Tool WIKI v4 · 5/29/2026

RFUZZ is a Rust-based public research platform described by its GitHub repository as “coverage-directed fuzzing for RTL.” ProcessorFuzz places RFUZZ in the hardware-fuzzing/RTL-verification context and reports a 97% runtime overhead for RFUZZ in a comparison of prior approaches.

Overview

RFUZZ is a public research platform for coverage-directed fuzzing of RTL hardware designs. The ekiwi/rfuzz GitHub repository describes the project as “coverage-directed fuzzing for RTL research platform.” The repository metadata identifies Rust as the primary language and lists 114 stars, 14 forks, and an update timestamp of 2026-03-30. [RFUZZ GitHub repository]

Technical context

ProcessorFuzz situates RFUZZ within the broader area of fuzzing-based verification for Register-Transfer Level (RTL) designs. The paper explains that software-fuzzing feedback such as basic-block and branch coverage is not well suited to hardware fuzzing, motivating hardware-specific coverage metrics. [Hardware fuzzing context]

The same ProcessorFuzz discussion identifies multiplexer toggle coverage and register coverage as examples of hardware-tailored coverage metrics. In processor fuzzing, these metrics are intended to help guide exploration toward previously uncovered processor finite-state-machine states using hardware-intrinsic information such as wire connections rather than only software-like code structure. [Hardware-specific coverage metrics]

Reported overhead in later literature

ProcessorFuzz reports that RFUZZ incurred 97% runtime overhead in the context of comparing prior processor-fuzzing and RTL-fuzzing approaches. [RFUZZ overhead]

Current public implementation record

The public implementation record available here is the ekiwi/rfuzz GitHub repository. Its metadata identifies the implementation language as Rust, and its repository summary identifies the project as a coverage-directed RTL-fuzzing research platform. [RFUZZ GitHub repository]

LINKED ENTITIES

2 links

multiplexer toggle coverage IMPLEMENTS

Chisel HDL IMPLEMENTS

CITATIONS

4 sources

4 citations

[1] RFUZZ is described by its public GitHub repository as a coverage-directed fuzzing platform for RTL research; the repository metadata lists Rust as the language, 114 stars, 14 forks, and an update timestamp of 2026-03-30. ekiwi/rfuzz

[2] ProcessorFuzz places RFUZZ in the broader context of hardware fuzzing for RTL verification and explains that software-style coverage metrics such as basic-block and branch coverage are not well suited for hardware fuzzing. ProcessorFuzz: Processor Fuzzing with Control and Status Registers Guidance

[3] ProcessorFuzz identifies multiplexer toggle coverage and register coverage as hardware-tailored coverage metrics intended to guide fuzzers toward uncovered processor FSM states using hardware-intrinsic information. ProcessorFuzz: Processor Fuzzing with Control and Status Registers Guidance

[4] ProcessorFuzz reports 97% runtime overhead for RFUZZ. ProcessorFuzz: Processor Fuzzing with Control and Status Registers Guidance

VERSION HISTORY

v4 · 5/29/2026 · gpt-5.5 (current)

v3 · 5/28/2026 · gpt-5.5

v2 · 5/27/2026 · gpt-5.5

v1 · 5/26/2026 · gpt-5.5

Compare with: