{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,22]],"date-time":"2025-12-22T22:31:53Z","timestamp":1766442713445,"version":"3.48.0"},"publisher-location":"New York, NY, USA","reference-count":54,"publisher":"ACM","funder":[{"name":"China and National Natural Science Foundation of China","award":["No. 62172407"],"award-info":[{"award-number":["No. 62172407"]}]},{"name":"Youth Innovation Promotion Association CAS"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2025,11,19]]},"DOI":"10.1145\/3719027.3765167","type":"proceedings-article","created":{"date-parts":[[2025,11,22]],"date-time":"2025-11-22T23:42:02Z","timestamp":1763854922000},"page":"1964-1978","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["DiveFuzz: Enhancing CPU Fuzzing via Diverse Instruction Construction"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-0418-2342","authenticated-orcid":false,"given":"Zihui","family":"Guo","sequence":"first","affiliation":[{"name":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China and School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0008-5978-8046","authenticated-orcid":false,"given":"Miaomiao","family":"Yuan","sequence":"additional","affiliation":[{"name":"Institute of Computing Technology, Chinese Academy of Sciences, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0008-9817-1612","authenticated-orcid":false,"given":"Yanqi","family":"Yang","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China and School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4994-6046","authenticated-orcid":false,"given":"Liwei","family":"Chen","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China and School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0006-7152-9210","authenticated-orcid":false,"given":"Gang","family":"Shi","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China and School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0002-9868-5353","authenticated-orcid":false,"given":"Dan","family":"Meng","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China and School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2025,11,22]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"2024. The RISC-V Instruction Set Manual Volume I: Unprivileged Architecture. https:\/\/github.com\/riscv\/riscv-isa-manual."},{"key":"e_1_3_2_1_2_1","unstructured":"2024. The RISC-V Instruction Set Manual: Volume II: Privileged Architecture. https:\/\/github.com\/riscv\/riscv-isa-manual."},{"key":"e_1_3_2_1_3_1","unstructured":"2024. Verification Academy: Formal Verification. https:\/\/verificationacademy.com\/topics\/formal-verification\/."},{"key":"e_1_3_2_1_4_1","unstructured":"Chips Alliance. 2025. riscv-dv. https:\/\/github.com\/chipsalliance\/riscv-dv."},{"key":"e_1_3_2_1_5_1","volume-title":"Tech. Rep. UCB\/EECS-2016--17 4","author":"Asanovic Krste","year":"2016","unstructured":"Krste Asanovic, Rimas Avizienis, Jonathan Bachrach, Scott Beamer, David Biancolin, Christopher Celio, Henry Cook, Daniel Dabbelt, John Hauser, Adam Izraelevitz, et al. 2016. The rocket chip generator. EECS Department, University of California, Berkeley, Tech. Rep. UCB\/EECS-2016--17 4 (2016), 6--2."},{"key":"e_1_3_2_1_6_1","volume-title":"Instruction sets should be free: The case for risc-v. EECS Department","author":"Asanovic Krste","year":"2014","unstructured":"Krste Asanovic and David A Patterson. 2014. Instruction sets should be free: The case for risc-v. EECS Department, University of California, Berkeley, Tech. Rep. UCB\/EECS-2014--146 (2014)."},{"key":"e_1_3_2_1_7_1","volume-title":"32nd USENIX Security Symposium (USENIX Security 23)","author":"Bars Nils","year":"2023","unstructured":"Nils Bars, Moritz Schloegel, Tobias Scharnowski, Nico Schiller, and Thorsten Holz. 2023. Fuzztruction: using fault injection-based fuzzing to leverage implicit domain knowledge. In 32nd USENIX Security Symposium (USENIX Security 23). 1847--1864."},{"volume-title":"Pattern recognition and machine learning","author":"Bishop Christopher M","key":"e_1_3_2_1_8_1","unstructured":"Christopher M Bishop and Nasser M Nasrabadi. 2006. Pattern recognition and machine learning. Springer."},{"key":"e_1_3_2_1_9_1","volume-title":"Proceedings of the Great Lakes Symposium on VLSI","author":"Bruns Niklas","year":"2022","unstructured":"Niklas Bruns, Vladimir Herdt, Daniel Grosse, and Rolf Drechsler. 2022. Efficient cross-level processor verification using coverage-guided fuzzing. In Proceedings of the Great Lakes Symposium on VLSI 2022. 97--103."},{"key":"e_1_3_2_1_10_1","volume-title":"Automation & Test in Europe Conference & Exhibition (DATE). IEEE, 1123--1126","author":"Bruns Niklas","year":"2022","unstructured":"Niklas Bruns, Vladimir Herdt, Eyck Jentzsch, and Rolf Drechsler. 2022. Cross-level processor verification via endless randomized instruction stream generation with coverage-guided aging. In 2022 Design, Automation & Test in Europe Conference & Exhibition (DATE). IEEE, 1123--1126."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1109\/DAC18074.2021.9586289"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1109\/HOST55118.2023.10133714"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1109\/DFT56152.2022.9962352"},{"key":"e_1_3_2_1_14_1","volume-title":"HyPFuzz: Formal-Assisted Processor Fuzzing. In 32nd USENIX Security Symposium (USENIX Security. 1361--1378","author":"Chen Chen","year":"2023","unstructured":"Chen Chen, Rahul Kande, Nathan Nguyen, Flemming Andersen, Aakash Tyagi, Ahmad-Reza Sadeghi, and Jeyavijayan Rajendran. 2023. HyPFuzz: Formal-Assisted Processor Fuzzing. In 32nd USENIX Security Symposium (USENIX Security. 1361--1378."},{"key":"e_1_3_2_1_15_1","unstructured":"National Vulnerability Database. 2023. CVE-2023--34885. https:\/\/www.cve.org\/CVERecord?id=CVE-2023--34885."},{"key":"e_1_3_2_1_16_1","unstructured":"National Vulnerability Database. 2023. CVE-2023--34908. https:\/\/www.cve.org\/CVERecord?id=CVE-2023--34908."},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/3474376.3487286"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.3390\/mi13111887"},{"key":"e_1_3_2_1_19_1","unstructured":"RISC-V Foundation. 2024. RISC-V Specifications. https:\/\/riscv.org\/technical\/specifications\/."},{"key":"e_1_3_2_1_20_1","unstructured":"Google. 2020. American fuzzy lop. https:\/\/github.com\/google\/AFL."},{"key":"e_1_3_2_1_21_1","unstructured":"OpenHWGroup. 2022. force-riscv. https:\/\/github.com\/openhwgroup\/force-riscv."},{"key":"e_1_3_2_1_22_1","volume-title":"HScheduler: An execution history-based seed scheduling strategy for hardware fuzzing. Computers & Security","author":"Guo Zihui","year":"2025","unstructured":"Zihui Guo, Yin Lv, Ningning Cui, Liwei Chen, and Gang Shi. 2025. HScheduler: An execution history-based seed scheduling strategy for hardware fuzzing. Computers & Security (2025), 104479."},{"volume-title":"Encyclopedia of Information Science and Technology","author":"Hasan Osman","key":"e_1_3_2_1_23_1","unstructured":"Osman Hasan and Sofiene Tahar. 2015. Formal verification methods. In Encyclopedia of Information Science and Technology, Third Edition. IGI global, 7162--7170."},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833751"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP54263.2024.00142"},{"key":"e_1_3_2_1_26_1","volume-title":"Proceedings of the 2022 ACMSIGSAC Conference on Computer and Communications Security. 1473--1487","author":"Hur Jaewon","year":"2022","unstructured":"Jaewon Hur, Suhwan Song, Sunwoo Kim, and Byoungyoung Lee. 2022. Spec-Doctor: Differential fuzz testing to find transient execution vulnerabilities. In Proceedings of the 2022 ACMSIGSAC Conference on Computer and Communications Security. 1473--1487."},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00103"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/3466752.3480092"},{"key":"e_1_3_2_1_29_1","volume-title":"31st USENIX Security Symposium (USENIX Security. 3219--3236","author":"Kande Rahul","year":"2022","unstructured":"Rahul Kande, Addison Crump, Garrett Persyn, Patrick Jauernig, Ahmad-Reza Sadeghi, Aakash Tyagi, and Jeyavijayan Rajendran. 2022. TheHuzz: Instruction fuzzing of processors using Golden-Reference models for finding Software-Exploitable vulnerabilities. In 31st USENIX Security Symposium (USENIX Security. 3219--3236."},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/3582016.3582019"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/3240765.3240842"},{"key":"e_1_3_2_1_32_1","volume-title":"30th USENIX Security Symposium (USENIX Security. 3559--3576","author":"Lee Gwangmu","year":"2021","unstructured":"Gwangmu Lee, Woochul Shim, and Byoungyoung Lee. 2021. Constraint-guided directed greybox fuzzing. In 30th USENIX Security Symposium (USENIX Security. 3559--3576."},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1109\/ISCAS51556.2021.9401267"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1109\/DAC56929.2023.10247942"},{"key":"e_1_3_2_1_35_1","volume-title":"LABRADOR: Response Guided Directed Fuzzing for Black-box IoT Devices. In 2024 IEEE Symposium on Security and Privacy (SP). IEEE Computer Society, 127--127","author":"Liu Hangtian","year":"2024","unstructured":"Hangtian Liu, Shuitao Gan, Chao Zhang, Zicong Gao, Hongqi Zhang, Xiangzhi Wang, and Guangming Gao. 2024. LABRADOR: Response Guided Directed Fuzzing for Black-box IoT Devices. In 2024 IEEE Symposium on Security and Privacy (SP). IEEE Computer Society, 127--127."},{"key":"e_1_3_2_1_36_1","volume-title":"Ibex: Cosim. https:\/\/github.com\/lowRISC\/ibex\/tree\/master\/dv\/cosim.","author":"RISC.","year":"2025","unstructured":"LowRISC. 2025. Ibex: Cosim. https:\/\/github.com\/lowRISC\/ibex\/tree\/master\/dv\/cosim."},{"key":"e_1_3_2_1_37_1","volume-title":"A survey on risc-v security: Hardware and architecture. arXiv preprint arXiv:2107.04175","author":"Tao Lu.","year":"2021","unstructured":"Tao Lu. 2021. A survey on risc-v security: Hardware and architecture. arXiv preprint arXiv:2107.04175 (2021)."},{"key":"e_1_3_2_1_38_1","volume-title":"16th USENIX Symposium on Operating Systems Design and Implementation (OSDI 22)","author":"Lv Chengfei","year":"2022","unstructured":"Chengfei Lv, Chaoyue Niu, Renjie Gu, Xiaotang Jiang, Zhaode Wang, Bin Liu, Ziqi Wu, Qiulin Yao, Congyu Huang, Panos Huang, et al. 2022. Walle: An End-to-End, General-Purpose, and Large-Scale Production System for Device-Cloud Collaborative Machine Learning. In 16th USENIX Symposium on Operating Systems Design and Implementation (OSDI 22). 249--265."},{"key":"e_1_3_2_1_39_1","unstructured":"OpenXiangShan. 2025. Difftest. https:\/\/github.com\/OpenXiangShan\/difftest."},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.3390\/electronics11010007"},{"key":"e_1_3_2_1_41_1","unstructured":"UC Berkeley Architecture Research. 2024. RISC-V torture test. https:\/\/github.com\/ucb-bar\/riscv-torture."},{"key":"e_1_3_2_1_42_1","unstructured":"Wilson Snyder. 2025. Verilator. https:\/\/github.com\/verilator\/verilator."},{"key":"e_1_3_2_1_43_1","unstructured":"RISC-V Software. 2025. riscv-isa-sim. https:\/\/github.com\/riscv-software-src\/riscv-isa-sim."},{"key":"e_1_3_2_1_44_1","unstructured":"RISC-V Software. 2025. riscv-tests. https:\/\/github.com\/riscv-software-src\/riscvtests."},{"key":"e_1_3_2_1_45_1","volume-title":"33rd USENIX Security Symposium (USENIX Security 24)","author":"Solt Flavien","year":"2024","unstructured":"Flavien Solt, Katharina Ceesay-Seitz, and Kaveh Razavi. 2024. Cascade: CPU Fuzzing via Intricate Program Generation. In 33rd USENIX Security Symposium (USENIX Security 24). USENIX Association, Philadelphia, PA."},{"key":"e_1_3_2_1_46_1","volume-title":"SurgeFuzz: Surge-Aware Directed Fuzzing for CPU Designs. In 2023 IEEE\/ACM International Conference on Computer Aided Design (ICCAD). IEEE, 1--9.","author":"Sugiyama Yuichi","year":"2023","unstructured":"Yuichi Sugiyama, Reoma Matsuo, and Ryota Shioya. 2023. SurgeFuzz: Surge-Aware Directed Fuzzing for CPU Designs. In 2023 IEEE\/ACM International Conference on Computer Aided Design (ICCAD). IEEE, 1--9."},{"key":"e_1_3_2_1_47_1","unstructured":"OpenXiangShan Team. 2024. NEMU(NJU Emulator). https:\/\/github.com\/OpenXiangShan\/NEMU."},{"key":"e_1_3_2_1_48_1","unstructured":"OSCPU Team. 2024. Nutshell risc-v cpu developed by oscpu team. https:\/\/github.com\/OSCPU\/NutShell."},{"key":"e_1_3_2_1_49_1","volume-title":"31st USENIX Security Symposium (USENIX Security 22)","author":"Trippel Timothy","year":"2022","unstructured":"Timothy Trippel, Kang G Shin, Alex Chernyakhovsky, Garret Kelly, Dominic Rizzo, and Matthew Hicks. 2022. Fuzzing hardware like software. In 31st USENIX Security Symposium (USENIX Security 22). 3237--3254."},{"key":"e_1_3_2_1_50_1","volume-title":"32nd USENIX Security Symposium (USENIX Security. 1307--1324","author":"Xu Jinyan","year":"2023","unstructured":"Jinyan Xu, Yiyuan Liu, Sirui He, Haoran Lin, Yajin Zhou, and Cong Wang. 2023. MorFuzz: Fuzzing Processor via Runtime Instruction Morphing enhanced Synchronizable Co-simulation. In 32nd USENIX Security Symposium (USENIX Security. 1307--1324."},{"key":"e_1_3_2_1_51_1","volume-title":"SATURN: Host-Gadget Synergistic USB Driver Fuzzing. In 2024 IEEE Symposium on Security and Privacy (SP). IEEE Computer Society, 51--51","author":"Xu Yiru","year":"2024","unstructured":"Yiru Xu, Hao Sun, Jianzhong Liu, Yuheng Shen, and Yu Jiang. 2024. SATURN: Host-Gadget Synergistic USB Driver Fuzzing. In 2024 IEEE Symposium on Security and Privacy (SP). IEEE Computer Society, 51--51."},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1145\/3649329.3655911"},{"key":"e_1_3_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.1109\/MICRO56248.2022.00080"},{"key":"e_1_3_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1109\/TVLSI.2019.2926114"}],"event":{"name":"CCS '25: ACM SIGSAC Conference on Computer and Communications Security","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"location":"Taipei Taiwan","acronym":"CCS '25"},"container-title":["Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3719027.3765167","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,12,22]],"date-time":"2025-12-22T22:27:24Z","timestamp":1766442444000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3719027.3765167"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,11,19]]},"references-count":54,"alternative-id":["10.1145\/3719027.3765167","10.1145\/3719027"],"URL":"https:\/\/doi.org\/10.1145\/3719027.3765167","relation":{},"subject":[],"published":{"date-parts":[[2025,11,19]]},"assertion":[{"value":"2025-11-22","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}