Encarsia: Evaluating CPU Fuzzers via Automatic Bug Injection
Matej Bölcskei
34th USENIX Security Symposium (USENIX Security '25) · Day 2 · Hardware Security 1: Microarchitectures
In the realm of CPU security and reliability, hardware fuzzing has emerged as an indispensable technique for uncovering subtle yet critical design flaws. While numerous scientific publications frequently report impressive bug counts and high coverage metrics, a fundamental question persists: are these fuzzers truly as effective as their creators claim, or are their reported successes often misleading? The talk "Encarsia: Evaluating CPU Fuzzers via Automatic Bug Injection," presented by Matej Bölcskei, addresses this critical gap by introducing a novel, systematic approach to fuzzer evaluation.
AI review
Bölcskei addresses a real meta-problem in hardware security — that CPU fuzzer evaluations are largely unverifiable theater — with a technically sound methodology: formal-verification-guided bug injection producing a reproducible ground-truth corpus. The key finding that program generation dominates detection granularity and coverage guidance is the kind of result that should recalibrate how the field allocates research effort.