Skip to content
STIMSMITH

Morpher Hardware Logic Block

Concept

The Morpher Hardware Logic Block is the instruction-morphing component used by MorFuzz. It is described as software logic embedded in hardware that interacts with the DUT through Verilog DPI to monitor internal state, hijack fetched instructions, and return morphed instructions while preserving pipeline-front-end consistency.

First seen 5/27/2026
Last seen 5/27/2026
Evidence 4 chunks
Wiki v1

WIKI

Overview

The Morpher Hardware Logic Block is the morpher component described in the MorFuzz implementation. The paper states that the morpher is implemented as software logic embedded in hardware and is used for instruction morphing in a RISC-V 64-bit MorFuzz prototype. It interacts with the hardware through the Verilog DPI interface to monitor processor internal state, hijack fetched instructions, and return morphed instructions. [C1]

Placement in the processor pipeline

READ FULL ARTICLE →

NEIGHBORHOOD

No graph connections found for this entity yet. It may appear in future ingestion runs.

explore full graph →

RELATIONSHIPS

2 connections
MorFuzz ← uses 100% 2e
MorFuzz inserts a morpher logic block into the DUT to perform instruction morphing.
Runtime Instruction Morphing ← uses 100% 1e
Runtime instruction morphing is performed by the morpher hardware logic block.

LINKED ENTITIES

2 links
MorFuzz USES Extracted graph relationship
Runtime Instruction Morphing USES Extracted graph relationship

CITATIONS

5 sources
5 citations — click to expand
[1] C1: The morpher is implemented as software logic embedded in hardware, uses Verilog DPI, and monitors internal state, hijacks fetched instructions, and returns morphed instructions. MorFuzz: Fuzzing Processor via Runtime Instruction Morphing enhanced Synchronizable Co-simulation
[2] C2: The morpher performs field-aware mutation and replaces only wires between fetch and decode, preserving front-end fetch-offset consistency and avoiding pipeline back-end modification. MorFuzz: Fuzzing Processor via Runtime Instruction Morphing enhanced Synchronizable Co-simulation
[3] C3: The morpher maintains a morphing map keyed by the original instruction and address, enabling the DUT and reference model to execute deterministic and identical morphed instructions without false positives from morphing. MorFuzz: Fuzzing Processor via Runtime Instruction Morphing enhanced Synchronizable Co-simulation
[4] C4: The morpher uses a sliding window of in-pipeline destination registers and can use those registers in later source and destination fields to generate read-after-write and write-after-write hazards. MorFuzz: Fuzzing Processor via Runtime Instruction Morphing enhanced Synchronizable Co-simulation
[5] C5: MorFuzz morphs template instructions into diverse and meaningful instruction streams and uses online co-simulation with an ISA simulator running in parallel with the DUT for state checking. MorFuzz: Fuzzing Processor via Runtime Instruction Morphing enhanced Synchronizable Co-simulation