A collection of papers, tools and courses related to chip fuzzing. If there is any additional information that needs to be clarified, please feel free to PR or Issue!
Fuzz everything! Now let's fuzz chip!
- RFUZZ: Coverage-Directed Fuzz Testing of RTL on FPGAs
Paper: ACM link · Code: ekiwi/rfuzz
- Hyperfuzzing for SoC security validation
Paper: ACM link · Code: skmuduli92/HyperFuzzer
- DifuzzRTL: Differential Fuzz Testing to Find CPU Bugs
Paper: IEEE link · Code: compsec-snu/difuzz-rtl
- Effective Processor Verification with Logic Fuzzer Enhanced Co-simulation
Paper: ACM link · Code: chipsalliance/dromajo
- DirectFuzz: Automated Test Generation for RTL Designs using Directed Graybox Fuzzing
Paper: IEEE link · Code: n/a
- RTLFuzzLab: Building A Modular Open-Source Hardware Fuzzing Framework
Paper: WOSET link · Code: ekiwi/rtl-fuzz-lab
-
TheHuzz: Instruction Fuzzing of Processors Using Golden-Reference Models for Finding Software-Exploitable Vulnerabilities
Paper: USENIX link · Code: n/a -
Fuzzing Hardware Like Software
Paper: USENIX link · Code: googleinterns/hw-fuzzing
- Efficient Cross-Level Processor Verification using Coverage-guided Fuzzing
Paper: ACM link · Code: n/a
- Cross-Level Processor Verification via Endless Randomized Instruction Stream Generation with Coverage-guided Aging
Paper: IEEE link · Code: n/a
-
MorFuzz: Fuzzing Processor via Runtime Instruction Morphing enhanced Synchronizable Co-simulation
Paper: USENIX link · Code: sycuricon/MorFuzz -
HyPFuzz: Formal-Assisted Processor Fuzzing
Paper: arXiv link · Code: n/a
- ProcessorFuzz: Processor Fuzzing with Control and Status Registers Guidance
Paper: IEEE link · Code: bu-icsg/ProcessorFuzz
- Achieving Last-Mile Functional Coverage in Testing Chip Design Software Implementations
Paper: IEEE link · Code: n/a
- WhisperFuzz: White-Box Fuzzing for Detecting and Locating Timing Vulnerabilities in Processors
Paper: USENIX link · Artifact: zenodo vulnerability artifact
- PathFuzz: Broadening Fuzzing Horizons with Footprint Memory for CPUs
Paper: DAC link · Code: OpenXiangShan/xfuzz
-
Beyond Random Inputs: A Novel ML-Based Hardware Fuzzing
Paper: arXiv link · Code: n/a -
MABFuzz: Multi-Armed Bandit Algorithms for Fuzzing Processors
Paper: IEEE link · Code: n/a -
SSFuzz: Generating syntactic and semantic seeds for RISC-V processors
Paper: ACM link · Code: n/a -
FormalFuzzer: Formal Verification Assisted Fuzz Testing for SoC Vulnerability Detection
Paper: IEEE link · Code: n/a
-
The Emergence of Hardware Fuzzing: A Critical Review of its Significance
Paper: arXiv link · Code: n/a -
Fuzzerfly Effect: Hardware Fuzzing for Memory Safety
Paper: IEEE link · Code: n/a
-
Encarsia: Evaluating CPU Fuzzers via Automatic Bug Injection
Paper: USENIX link · Code: comsec-group/encarsia -
GenHuzz: An Efficient Generative Hardware Fuzzer
Paper: USENIX link · Code: n/a
-
RISCover: Automatic Discovery of User-exploitable Architectural Security Vulnerabilities in Closed-Source RISC-V CPUs
Paper: CCS link · Code: cispa/RISCover -
RVISmith: Fuzzing Compilers for RVV Intrinsics
Paper: CCS link · Code: zenodo -
DiveFuzz: Enhancing CPU Fuzzing via Diverse Instruction Construction
Paper: CCS link · Code: In2Sec/RISCover
-
GoldenFuzz: Generative Golden Reference Hardware Fuzzing
Paper: n/a · Code: n/a -
Fuzzilicon: A Post-Silicon Microcode-Guided x86 CPU Fuzzer
Paper: n/a · Code: n/a
- DejaVuzz: Disclosing Transient Execution Bugs with Dynamic Swappable Memory and Differential Information Flow Tracking assisted Processor Fuzzing
Paper: arXiv link · Code: sycuricon/DejaVuzz
-
SymbFuzz: Symbolic Execution Guided Hardware Fuzzing
Paper: ACM link· Code: n/a -
Sonar: A Hardware Fuzzing Framework to Uncover Contention Side Channels in Processors
Paper: ACM link· Code: n/a
-
PROFUZZ: Intelligent Graybox Fuzzing via ATPG-Guided Seed Generation and Submodule Analysis
Paper: arXiv link · Code: n/a -
BMCFuzz: Hybrid Verification of Processors by Synergistic Integration of Bound Model Checking and Fuzzing
Paper: IEEE link · Code: iscas-versys/BMCFuzz -
Invited Paper: CURE-Fuzz: Curiosity-Driven Reinforcement Learning for Agile Hardware Testing
Paper: IEEE link · Code: n/a
- HFL: Hardware Fuzzing Loop with Reinforcement Learning
Paper: IEEE link · Code: n/a
-
RLFuzz: Accelerating Hardware Fuzzing with Deep Reinforcement Learning
Paper: IEEE link · Code: n/a -
FuSS: Coverage-Directed Hardware Fuzzing with Selective Symbolic Execution
Paper: ACM link · Code: n/a -
Bridging the Gap between Hardware Fuzzing and Industrial Verification
Paper: arXiv link · Code: magicYang1573/fast-hw-fuzz -
Microarchitecture Evaluation Framework for Transient Execution Attack Vulnerability: Metrics, Fuzzing, and Sensitivity Analysis Paper: ACM Link · Code: n/a
-
HScheduler: An execution history-based seed scheduling strategy for hardware fuzzing
Paper: Elsevier link · Code: n/a -
FeedbackFuzz: Fuzzing Processors via Intricate Program Generation with Feedback Engine
Paper: IEEE link · Code: n/a -
SynFuzz: Leveraging Fuzzing of Netlist to Detect Synthesis Bugs
Paper: arXiv link · Code: n/a
- Recent Papers Related To Fuzzing (repo)
Repo: wcventure/FuzzingPaper
| Name | code |
|---|---|
| Design Verification | COMS30026 |
| Secure Hardware Design | 6.5950/6.5951 (Previously 6.S983 and 6.888) |
| One Student One Chip | UCAS |