Skip to content

Execution Modes

Revizor supports several modes of operation, each targeting a different use cases. The selection of the mode is described in the CLI documentation. Below is a brief description of each mode.

Overview

Mode CLI Key Use Case Description
Fuzzing fuzz General Testing Test a CPU against a contract model. Test cases generated randomly
Template Fuzzing tfuzz Targeted Testing Test a CPU against a contract model. Test cases generated based on a template
Reproduce reproduce Reproducing a Violation Reproduce a violation found by fuzzing OR run a manually-written test case
Minimization minimize Simplification of a Violation Simplify a test case by applying a series of simplification passes to the test case program and its inputs
Trace Analysis analyse External Integration Analyze pre-recorded traces for violations
Generation generate External Integration Only generate test cases, without testing them
ISA Spec Install download_spec Tool Installation Call a script that downloads the instruction set specification

fuzz

$ rvzr fuzz [OPTIONS]

Main fuzzing mode of Revizor. In this mode, Revizor randomly generates test cases and executes them on the target CPU and the model, records the corresponding traces, and checks if the hardware traces contain the same (or less) information as the contract traces. That is, it implements Model-Based Relational Testing approach.

Use case: Broad testing of CPU behavior against contract specifications.

tfuzz

$ rvzr tfuzz [OPTIONS]

Similar to the fuzzing mode, but test cases are generated based on a template. For details on templates, see the template fuzzing how-to guide.

Use case: Targeted testing of specific scenarios, microarchitectural patches, or actor interactions.

reproduce

$ rvzr reproduce [OPTIONS]
In this mode, Revizor loads and executes a specific test case data and inputs from files. Performs single fuzzing round with the provided test case and inputs, and reports the results.
Test cases can be violations from previous fuzzing runs or manually-written test programs.

Use cases:

  • Checking reproducibility: Testing if a violation artifact can be consistently reproduced on other CPUs or configurations.
  • Verification of a violation: Confirming that a violation is genuine and not a false positive.
  • Manual testing: Executing a custom test case written by the user.
  • Root-causing: Checking the impact of manual modifications to a test case.

minimize

$ rvzr minimize [OPTIONS]

In this mode, Revizor applies simplification passes to a violation test case, reducing program and input complexity while preserving the violation behavior.

Use case: Simplify violations for root cause analysis.

analyse

$ rvzr analyse [OPTIONS]

In this mode, Revizor analyzes pre-recorded contract and hardware traces for violations without executing test cases. Accepts trace files as input and applies the configured analyser to detect contract violations.

Use case: Integration with external tools that perform trace collection separately from Revizor.

generate

$ rvzr generate [OPTIONS]
Generates test cases without execution. Outputs test programs and inputs to them.
Use case: Integration with external tools that use Revizor's test case generation capabilities.

download_spec

$ rvzr download_spec [OPTIONS]
This mode is only used when Revizor is being set up. Downloads, parses, and stores instruction set specifications in JSON format.
Use case: Tool installation and ISA specification management.

What's Next?