Skip to content
STIMSMITH

Instruction Shuffle

Concept

Instruction Shuffle is a MorFuzz generation-time technique that randomly perturbs the order of all instructions in a fuzzing payload to increase sequence-level randomness. It mixes adjacent testing blocks, increasing instruction-sequence diversity and producing more processor states, but may sacrifice some watchpoints.

First seen 5/27/2026
Last seen 6/2/2026
Evidence 2 chunks
Wiki v1

WIKI

Overview

Instruction Shuffle is a randomized perturbation applied to the order of all instructions in a fuzzing payload at the end of generation. In MorFuzz, it is used to further increase sequence-level randomness after the payload has been generated. [C1]

Role in MorFuzz

READ FULL ARTICLE →

NEIGHBORHOOD

No graph connections found for this entity yet. It may appear in future ingestion runs.

explore full graph →

RELATIONSHIPS

2 connections
MorFuzz ← uses 95% 1e
MorFuzz applies instruction shuffle to increase sequence-level randomness.
Stimulus Template ← uses 90% 1e
The stimulus template applies instruction shuffle to increase diversity.

LINKED ENTITIES

2 links
MorFuzz USES Extracted graph relationship
Stimulus Template USES Extracted graph relationship

CITATIONS

5 sources
5 citations — click to expand
[1] Instruction Shuffle is a randomized perturbation of the order of all instructions in the fuzzing payload, performed at the end of generation to increase sequence-level randomness. MorFuzz: Fuzzing Processor via Runtime Instruction Morphing enhanced Synchronizable Co-simulation
[2] MorFuzz generates fuzzing payloads containing runtime mutation primitives and uses runtime instruction morphing to morph template instructions into diverse and meaningful instruction streams. MorFuzz: Fuzzing Processor via Runtime Instruction Morphing enhanced Synchronizable Co-simulation
[3] Instruction Shuffle mixes adjacent testing blocks, increasing the diversity of instruction sequences and producing more processor states. MorFuzz: Fuzzing Processor via Runtime Instruction Morphing enhanced Synchronizable Co-simulation
[4] Instruction Shuffle may sacrifice some watchpoints. MorFuzz: Fuzzing Processor via Runtime Instruction Morphing enhanced Synchronizable Co-simulation
[5] MorFuzz sequence patterns insert watchpoint instructions at specific locations to expose DUT internal state, such as checking the floating-point exception flag CSR after a floating-point instruction sequence. MorFuzz: Fuzzing Processor via Runtime Instruction Morphing enhanced Synchronizable Co-simulation