Skip to content
STIMSMITH

Fuzzing Execution Environment

Concept

In MorFuzz, the fuzzing execution environment is the runtime context in which fuzzing payloads execute on the device under test. It is derived from the official RISC-V testing environment, configures the processor's architectural and system state, handles exceptions and interrupts at the highest privilege level, and exposes interfaces that allow the fuzzer to mutate system-level state such as page tables.

First seen 5/27/2026
Last seen 6/6/2026
Evidence 6 chunks
Wiki v2

WIKI

Overview

In MorFuzz, the fuzzing execution environment is the runtime context in which fuzzing payloads execute during processor fuzzing. MorFuzz extends the testing environment provided by the official RISC-V testing repository and uses it as the fuzzing execution environment.[C1]

Responsibilities

READ FULL ARTICLE →

NEIGHBORHOOD

No graph connections found for this entity yet. It may appear in future ingestion runs.

explore full graph →

RELATIONSHIPS

2 connections
MorFuzz ← uses 100% 4e
MorFuzz integrates a fuzzing execution environment into the stimulus template.
Stimulus Template part of → 100% 1e
The stimulus template has the fuzzing execution environment as a part of it.

LINKED ENTITIES

2 links
MorFuzz USES Extracted graph relationship
Stimulus Template PART_OF Extracted graph relationship

CITATIONS

8 sources
8 citations — click to expand
[1] MorFuzz extends the testing environment provided by the official RISC-V testing repository and uses it as the fuzzing execution environment. MorFuzz: Fuzzing Processor via Runtime Instruction Morphing
[2] The fuzzing execution environment initializes the processor and configures the environment, such as the available instruction extensions, the address translation mode and page table, and the runtime privilege level. MorFuzz: Fuzzing Processor via Runtime Instruction Morphing
[3] During the simulation, the fuzzing execution environment is placed in a non-morphable physical area and is responsible for handling exceptions and interrupts with the highest privilege level. MorFuzz: Fuzzing Processor via Runtime Instruction Morphing
[4] When the DUT triggers an exception while executing the morphed instructions, the exception handler in the fuzzing execution environment will try to handle the exception. Whether or not the handler successfully handles the exception, the handler redirects the DUT back to the fuzzing payload. MorFuzz: Fuzzing Processor via Runtime Instruction Morphing
[5] A unique system call is triggered when the DUT reaches the boundary of the fuzzing payload, notifying the fuzzer to collect the current coverage and fix the program counter; based on coverage evaluation, the fuzzer returns the DUT to the payload or terminates the simulation and generates a new stimulus template. MorFuzz: Fuzzing Processor via Runtime Instruction Morphing
[6] To avoid the DUT from falling into dead loops, MorFuzz monitors the coverage; if the coverage does not increase for a period of time, the fuzzer raises an interrupt to stop the simulation. MorFuzz: Fuzzing Processor via Runtime Instruction Morphing
[7] The fuzzer can control the DUT to continuously execute diverse and meaningful instruction streams in a loop without additional initialization, significantly improving the fuzzing performance. MorFuzz: Fuzzing Processor via Runtime Instruction Morphing
[8] The fuzzing execution environment also provides interfaces to fuzz the system environment, e.g., a series of page-table randomization functions to mutate page table entries and evict mapped pages. MorFuzz: Fuzzing Processor via Runtime Instruction Morphing