{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,27]],"date-time":"2026-01-27T08:17:16Z","timestamp":1769501836134,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":70,"publisher":"ACM","funder":[{"name":"Technology Innovation Institute","award":[""],"award-info":[{"award-number":[""]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2025,10,18]]},"DOI":"10.1145\/3725843.3756131","type":"proceedings-article","created":{"date-parts":[[2025,10,17]],"date-time":"2025-10-17T17:19:56Z","timestamp":1760721596000},"page":"1477-1490","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":1,"title":["SymbFuzz: Symbolic Execution Guided Hardware Fuzzing"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0009-7533-376X","authenticated-orcid":false,"given":"Samit Shahnawaz","family":"Miftah","sequence":"first","affiliation":[{"name":"Department of Electrical, Computer, and Systems Engineering, Rensselaer Polytechnic Institute, Troy, New York, USA"}]},{"ORCID":"https:\/\/orcid.org\/0009-0008-9231-6331","authenticated-orcid":false,"given":"Amisha","family":"Srivastava","sequence":"additional","affiliation":[{"name":"Department of Electrical and Computer Engineering, University of Texas at Dallas, Dallas, Texas, USA"}]},{"ORCID":"https:\/\/orcid.org\/0009-0008-1549-9277","authenticated-orcid":false,"given":"Hyunmin","family":"Kim","sequence":"additional","affiliation":[{"name":"Technology Innovation Institute, Abu Dhabi, United Arab Emirates"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2826-1857","authenticated-orcid":false,"given":"Shiyi","family":"Wei","sequence":"additional","affiliation":[{"name":"Department of Computer Science, University of Texas at Dallas, Dallas, Texas, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6431-7512","authenticated-orcid":false,"given":"Kanad","family":"Basu","sequence":"additional","affiliation":[{"name":"Department of Electrical, Computer, and Systems Engineering, Rensselaer Polytechnic Institute, Troy, New York, USA"}]}],"member":"320","published-online":{"date-parts":[[2025,10,17]]},"reference":[{"key":"e_1_3_3_1_2_2","unstructured":"[n. d.]. CVE - Common Vulnerabilities and Exposures. https:\/\/cve.mitre.org\/ Accessed: 06\/28\/2024."},{"key":"e_1_3_3_1_3_2","unstructured":"[n. d.]. cwe - common weakness enumeration. https:\/\/cwe.mitre.org\/ Accessed: 06\/28\/2024."},{"key":"e_1_3_3_1_4_2","unstructured":"[n. d.]. LowRISC Ariane. https:\/\/github.com\/lowRISC\/ariane Accessed: 05\/19\/2024."},{"key":"e_1_3_3_1_5_2","unstructured":"2014. American Fuzzy Lop (afl) Fuzzer.https:\/\/lcamtuf.coredump.cx\/afl\/technical_details.txt"},{"key":"e_1_3_3_1_6_2","unstructured":"SIEMENS\u00a0Verification Academy. 2024. Universal Verification Methodology. Online. https:\/\/verificationacademy.com\/topics\/uvm-universal-verification-methodology\/"},{"key":"e_1_3_3_1_7_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICCAD.2017.8203772"},{"key":"e_1_3_3_1_8_2","unstructured":"Averant Solidify [n. d.]. Averant Solidify. https:\/\/averant.com:8443\/products-solidify.html Accessed: 04\/03\/2024."},{"key":"e_1_3_3_1_9_2","doi-asserted-by":"publisher","DOI":"10.5555\/2480830"},{"key":"e_1_3_3_1_10_2","doi-asserted-by":"crossref","unstructured":"Roberto Baldoni Emilio Coppa Daniele\u00a0Cono D\u2019elia Camil Demetrescu and Irene Finocchi. 2018. A survey of symbolic execution techniques. ACM Computing Surveys (CSUR) 51 3 (2018) 1\u201339.","DOI":"10.1145\/3182657"},{"key":"e_1_3_3_1_11_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-25460-4_21"},{"key":"e_1_3_3_1_12_2","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978428"},{"key":"e_1_3_3_1_13_2","series-title":"(OSDI\u201908)","first-page":"209","volume-title":"Proceedings of the 8th USENIX Conference on Operating Systems Design and Implementation","author":"Cadar Cristian","year":"2008","unstructured":"Cristian Cadar, Daniel Dunbar, and Dawson Engler. 2008. KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs. In Proceedings of the 8th USENIX Conference on Operating Systems Design and Implementation (San Diego, California) (OSDI\u201908). USENIX Association, USA, 209\u2013224."},{"key":"e_1_3_3_1_14_2","unstructured":"Cadence Verification Tools [n. d.]. Cadence Verification Tools. https:\/\/www.cadence.com\/en_US\/home\/tools\/system-design-and-verification.html Accessed: 04\/03\/2024."},{"key":"e_1_3_3_1_15_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICCAD57390.2023.10323913"},{"key":"e_1_3_3_1_16_2","first-page":"1361","volume-title":"32nd USENIX Security Symposium (USENIX Security 23)","author":"Chen Chen","year":"2023","unstructured":"Chen Chen, Rahul Kande, Nathan Nguyen, Flemming Andersen, Aakash Tyagi, Ahmad-Reza Sadeghi, and Jeyavijayan Rajendran. 2023. { HyPFuzz} :{ Formal-Assisted} Processor Fuzzing. In 32nd USENIX Security Symposium (USENIX Security 23). 1361\u20131378."},{"key":"e_1_3_3_1_17_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.00046"},{"key":"e_1_3_3_1_18_2","doi-asserted-by":"crossref","unstructured":"Wen Chen Sandip Ray Jayanta Bhadra Magdy Abadir and Li-C Wang. 2017. Challenges and trends in modern SoC design verification. IEEE Design & Test 34 5 (2017) 7\u201322.","DOI":"10.1109\/MDAT.2017.2735383"},{"key":"e_1_3_3_1_19_2","unstructured":"CISCO Trustworthy Solutions [n. d.]. Overview: Cisco Public 1 Cisco Secure Development Lifecycle Securing Cisco Technology. https:\/\/www.cisco.com\/c\/dam\/en_us\/about\/doing_business\/trust-center\/docs\/cisco-secure-development-lifecycle.pdf Accessed: 04\/03\/2024."},{"key":"e_1_3_3_1_20_2","doi-asserted-by":"crossref","unstructured":"Edmund Clarke Orna Grumberg Somesh Jha Yuan Lu and Helmut Veith. 2001. Progress on the state explosion problem in model checking. Informatics: 10 Years Back 10 Years Ahead (2001) 176\u2013194.","DOI":"10.1007\/3-540-44577-3_12"},{"key":"e_1_3_3_1_21_2","unstructured":"ClusterFuzz [n. d.]. https:\/\/google.github.io\/clusterfuzz\/. Accessed: 04\/03\/2024."},{"key":"e_1_3_3_1_22_2","doi-asserted-by":"publisher","DOI":"10.5555\/572477"},{"key":"e_1_3_3_1_23_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-78800-3_24"},{"key":"e_1_3_3_1_24_2","doi-asserted-by":"publisher","DOI":"10.1109\/SECON.2013.6567420"},{"key":"e_1_3_3_1_25_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-30596-3_1"},{"key":"e_1_3_3_1_26_2","volume-title":"14th USENIX Workshop on Offensive Technologies (WOOT 20)","author":"Fioraldi Andrea","year":"2020","unstructured":"Andrea Fioraldi, Dominik Maier, Heiko Ei\u00dffeldt, and Marc Heuse. 2020. AFL++ : Combining Incremental Steps of Fuzzing Research. In 14th USENIX Workshop on Offensive Technologies (WOOT 20). USENIX Association. https:\/\/www.usenix.org\/conference\/woot20\/presentation\/fioraldi"},{"key":"e_1_3_3_1_27_2","unstructured":"Samuel Gro\u00df. 2018. Fuzzil: Coverage guided fuzzing for javascript engines. Department of Informatics Karlsruhe Institute of Technology (2018)."},{"key":"e_1_3_3_1_28_2","doi-asserted-by":"publisher","DOI":"10.2172\/1226426"},{"key":"e_1_3_3_1_29_2","doi-asserted-by":"publisher","DOI":"10.1145\/2694344.2694366"},{"key":"e_1_3_3_1_30_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00103"},{"key":"e_1_3_3_1_31_2","unstructured":"Ibex RISC-V [n. d.]. Ibex RISC-V Core. https:\/\/github.com\/lowRISC\/ibex?tab=readme-ov-file Accessed: 08\/15\/2024."},{"key":"e_1_3_3_1_32_2","first-page":"3219","volume-title":"31st USENIX Security Symposium (USENIX Security 22)","author":"Kande Rahul","year":"2022","unstructured":"Rahul Kande, Addison Crump, Garrett Persyn, Patrick Jauernig, Ahmad-Reza Sadeghi, Aakash Tyagi, and Jeyavijayan Rajendran. 2022. TheHuzz: Instruction Fuzzing of Processors Using Golden-Reference Models for Finding Software-Exploitable Vulnerabilities. In 31st USENIX Security Symposium (USENIX Security 22). USENIX Association, Boston, MA, 3219\u20133236. https:\/\/www.usenix.org\/conference\/usenixsecurity22\/presentation\/kande"},{"key":"e_1_3_3_1_33_2","doi-asserted-by":"crossref","unstructured":"James\u00a0C King. 1976. Symbolic execution and program testing. Commun. ACM 19 7 (1976) 385\u2013394.","DOI":"10.1145\/360248.360252"},{"key":"e_1_3_3_1_34_2","doi-asserted-by":"crossref","unstructured":"Paul Kocher Jann Horn Anders Fogh Daniel Genkin Daniel Gruss Werner Haas Mike Hamburg Moritz Lipp Stefan Mangard Thomas Prescher et\u00a0al. 2020. Spectre attacks: Exploiting speculative execution. Commun. ACM 63 7 (2020) 93\u2013101.","DOI":"10.1145\/3399742"},{"key":"e_1_3_3_1_35_2","unstructured":"Dusko Koncaliev. [n. d.]. Bugs in the Intel Microprocessors. https:\/\/www.cs.earlham.edu\/\u00a0dusko\/cs63\/fdiv.html"},{"key":"e_1_3_3_1_36_2","doi-asserted-by":"publisher","DOI":"10.1145\/3240765.3240842"},{"key":"e_1_3_3_1_37_2","doi-asserted-by":"publisher","DOI":"10.1145\/2541940.2541947"},{"key":"e_1_3_3_1_38_2","doi-asserted-by":"crossref","unstructured":"Xun Li Mohit Tiwari Jason\u00a0K Oberg Vineeth Kashyap Frederic\u00a0T Chong Timothy Sherwood and Ben Hardekopf. 2011. Caisson: a hardware description language for secure information flow. ACM Sigplan Notices 46 6 (2011) 109\u2013120.","DOI":"10.1145\/1993316.1993512"},{"key":"e_1_3_3_1_39_2","doi-asserted-by":"publisher","DOI":"10.1109\/DAC56929.2023.10247942"},{"key":"e_1_3_3_1_40_2","doi-asserted-by":"crossref","unstructured":"Moritz Lipp Michael Schwarz Daniel Gruss Thomas Prescher Werner Haas Jann Horn Stefan Mangard Paul Kocher Daniel Genkin Yuval Yarom et\u00a0al. 2020. Meltdown: Reading kernel memory from user space. Commun. ACM 63 6 (2020) 46\u201356.","DOI":"10.1145\/3357033"},{"key":"e_1_3_3_1_41_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2007.41"},{"key":"e_1_3_3_1_42_2","doi-asserted-by":"crossref","unstructured":"Valentin\u00a0JM Man\u00e8s HyungSeok Han Choongwoo Han Sang\u00a0Kil Cha Manuel Egele Edward\u00a0J Schwartz and Maverick Woo. 2019. The art science and engineering of fuzzing: A survey. IEEE Transactions on Software Engineering 47 11 (2019) 2312\u20132331.","DOI":"10.1109\/TSE.2019.2946563"},{"key":"e_1_3_3_1_43_2","doi-asserted-by":"crossref","unstructured":"Xingyu Meng Shamik Kundu Arun\u00a0K Kanuparthi and Kanad Basu. 2021. Rtl-contest: Concolic testing on rtl for detecting security vulnerabilities. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems 41 3 (2021) 466\u2013477.","DOI":"10.1109\/TCAD.2021.3066560"},{"key":"e_1_3_3_1_44_2","unstructured":"Zalewski Michal. [n. d.]. https:\/\/lcamtuf.coredump.cx\/afl\/. Accessed: 04\/03\/2024."},{"key":"e_1_3_3_1_45_2","unstructured":"A Molina and Oswaldo Cadenas. 2007. Functional verification: Approaches and challenges. Latin American applied research 37 1 (2007) 65\u201369."},{"key":"e_1_3_3_1_46_2","doi-asserted-by":"publisher","DOI":"10.1145\/3400302.3415709"},{"key":"e_1_3_3_1_47_2","unstructured":"OpenTitan [n. d.]. OpenTitan | Documentation. https:\/\/opentitan.org\/book\/doc\/introduction.html Accessed: 05\/19\/2024."},{"key":"e_1_3_3_1_48_2","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2017.23404"},{"key":"e_1_3_3_1_49_2","unstructured":"Kaki Ryan Matthew Gregoire and Cynthia Sturton. 2023. Augmented Symbolic Execution for Information Flow in Hardware Designs. arXiv preprint arXiv:https:\/\/arXiv.org\/abs\/2307.11884 (2023)."},{"key":"e_1_3_3_1_50_2","doi-asserted-by":"publisher","DOI":"10.1145\/3623652.3623666"},{"key":"e_1_3_3_1_51_2","doi-asserted-by":"publisher","DOI":"10.1109\/MICRO.2006.41"},{"key":"e_1_3_3_1_52_2","volume-title":"Proceedings of the 26th USENIX Security Symposium","author":"Serebryany Kostya","year":"2017","unstructured":"Kostya Serebryany. 2017. OSS-Fuzz - Google\u2019s continuous fuzzing service for open source software. In Proceedings of the 26th USENIX Security Symposium. USENIX Association, Vancouver, BC."},{"key":"e_1_3_3_1_53_2","unstructured":"Siemens Modelsim [n. d.]. Siemens Modelsim. https:\/\/eda.sw.siemens.com\/en-US\/ic\/modelsim\/ Accessed: 04\/03\/2024."},{"key":"e_1_3_3_1_54_2","volume-title":"North American SystemC Users\u2019 Group, Design Automation Conference","author":"Snyder Wilson","year":"2004","unstructured":"Wilson Snyder. 2004. Verilator and systemperl. In North American SystemC Users\u2019 Group, Design Automation Conference."},{"key":"e_1_3_3_1_55_2","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23368"},{"key":"e_1_3_3_1_56_2","volume-title":"Fuzzing: brute force vulnerability discovery","author":"Sutton Michael","year":"2007","unstructured":"Michael Sutton, Adam Greene, and Pedram Amini. 2007. Fuzzing: brute force vulnerability discovery. Pearson Education."},{"key":"e_1_3_3_1_57_2","unstructured":"Synopsys Verification Family [n. d.]. Synopsys Verification Tools. https:\/\/www.synopsys.com\/verification.html Accessed: 04\/03\/2024."},{"key":"e_1_3_3_1_58_2","unstructured":"Syzkaller [n. d.]. https:\/\/github.com\/google\/syzkaller. Accessed: 04\/03\/2024."},{"key":"e_1_3_3_1_59_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-16214-0_42"},{"key":"e_1_3_3_1_60_2","doi-asserted-by":"publisher","DOI":"10.5555\/3275309"},{"key":"e_1_3_3_1_61_2","doi-asserted-by":"crossref","unstructured":"Mohit Tiwari Jason\u00a0K Oberg Xun Li Jonathan Valamehr Timothy Levin Ben Hardekopf Ryan Kastner Frederic\u00a0T Chong and Timothy Sherwood. 2011. Crafting a usable microkernel processor and I\/O system with strict and provable information flow security. ACM SIGARCH Computer Architecture News 39 3 (2011) 189\u2013200.","DOI":"10.1145\/2024723.2000087"},{"key":"e_1_3_3_1_62_2","first-page":"3237","volume-title":"31st USENIX Security Symposium (USENIX Security 22)","author":"Trippel Timothy","year":"2022","unstructured":"Timothy Trippel, Kang\u00a0G. Shin, Alex Chernyakhovsky, Garret Kelly, Dominic Rizzo, and Matthew Hicks. 2022. Fuzzing Hardware Like Software. In 31st USENIX Security Symposium (USENIX Security 22). USENIX Association, Boston, MA, 3237\u20133254. https:\/\/www.usenix.org\/conference\/usenixsecurity22\/presentation\/trippel"},{"key":"e_1_3_3_1_63_2","unstructured":"Srivatsa Vasudevan. 2006. An Introduction to IC Verification. Effective Functional Verification: Principles and Processes (2006) 3\u201312."},{"key":"e_1_3_3_1_64_2","doi-asserted-by":"publisher","DOI":"10.1109\/DATE.2007.364684"},{"key":"e_1_3_3_1_65_2","unstructured":"Xilinx Vivado User Guide [n. d.]. Xilinx Vivado. https:\/\/www.xilinx.com\/support\/documents\/sw_manuals\/xilinx2022_2\/ug904-vivado-implementation.pdf Accessed: 05\/19\/2024."},{"key":"e_1_3_3_1_66_2","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3423340"},{"key":"e_1_3_3_1_67_2","unstructured":"YosysHQ. 2024. SymbiYosys: A Front-End Driver for Yosys-Based Formal Verification. https:\/\/github.com\/YosysHQ\/sby."},{"key":"e_1_3_3_1_68_2","first-page":"745","volume-title":"27th USENIX Security Symposium (USENIX Security 18)","author":"Yun Insu","year":"2018","unstructured":"Insu Yun, Sangho Lee, Meng Xu, Yeongjin Jang, and Taesoo Kim. 2018. { QSYM} : A practical concolic execution engine tailored for hybrid fuzzing. In 27th USENIX Security Symposium (USENIX Security 18). 745\u2013761."},{"key":"e_1_3_3_1_69_2","doi-asserted-by":"crossref","unstructured":"Danfeng Zhang Yao Wang G\u00a0Edward Suh and Andrew\u00a0C Myers. 2015. A hardware design language for timing-sensitive information-flow security. Acm Sigplan Notices 50 4 (2015) 503\u2013516.","DOI":"10.1145\/2775054.2694372"},{"key":"e_1_3_3_1_70_2","doi-asserted-by":"crossref","unstructured":"Lei Zhao Yue Duan and Jifeng XUAN. 2019. Send hardest problems my way: Probabilistic path prioritization for hybrid fuzzing. Network and Distributed System Security Symposium (NDSS).","DOI":"10.14722\/ndss.2019.23504"},{"key":"e_1_3_3_1_71_2","doi-asserted-by":"publisher","unstructured":"Xiaogang Zhu Sheng Wen Seyit Camtepe and Yang Xiang. 2022. Fuzzing: A Survey for Roadmap. ACM Comput. Surv. 54 11s Article 230 (sep 2022) 36\u00a0pages. 10.1145\/3512345","DOI":"10.1145\/3512345"}],"event":{"name":"MICRO 2025: 58th IEEE\/ACM International Symposium on Microarchitecture","location":"Seoul Korea","acronym":"MICRO 2025","sponsor":["SIGMICRO ACM Special Interest Group on Microarchitectural Research and Processing"]},"container-title":["Proceedings of the 58th IEEE\/ACM International Symposium on Microarchitecture"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3725843.3756131","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,1,26]],"date-time":"2026-01-26T21:45:21Z","timestamp":1769463921000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3725843.3756131"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,10,17]]},"references-count":70,"alternative-id":["10.1145\/3725843.3756131","10.1145\/3725843"],"URL":"https:\/\/doi.org\/10.1145\/3725843.3756131","relation":{},"subject":[],"published":{"date-parts":[[2025,10,17]]},"assertion":[{"value":"2025-10-17","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}