ReFuzz: Reusing Tests for Processor Fuzzing with Contextual Bandits
Chen Chen
Network and Distributed System Security (NDSS) Symposium 2026 · Day 2 · Program Analysis
Hardware vulnerabilities are expensive and dangerous -- Intel spent **$475 million** recalling products due to hardware bugs, and the number of reported hardware vulnerabilities has grown from just 1 in 2001 to over **1,000 in 2025**. This talk presents **ReFuzz**, the first test-reuse fuzzing framework for processor security verification. By leveraging the observation that **67% of hardware IP designs are reused** across processor generations, ReFuzz collects test cases from prior processor versions and applies **contextual bandit** (a simplified reinforcement learning approach) to intelligently reuse and adapt those tests for new processor designs.
AI review
A practical contribution to hardware fuzzing that leverages the obvious but underexploited observation that processor IP is heavily reused across generations. The 500x coverage speedup is impressive and the ILP-based test minimization (98% reduction) is a useful technique. However, the actual vulnerability yield (3 new vulns, 2 bugs on open-source RISC-V cores) is modest, and the contextual bandit approach is a relatively straightforward application of RL to test selection.