Overview

Program Semantic Level Mutation is described in the MorFuzz paper as one of the multi-level runtime mutation primitives provided by a stimulus template. The other named levels are processor state level and instruction field level. Together, these primitives are intended to help explore the processor input space more comprehensively during fuzzing. [C1]

Role in MorFuzz

MorFuzz differs from fuzzers that directly generate instruction streams: it first generates stimulus templates from seeds, then dynamically morphs those templates based on runtime information, executing the morphed instruction streams on both the device under test and a simulator. [C2]

Within that architecture, the stimulus template is the structure that exposes mutation primitives, including the program semantic level. The available evidence does not define the internal mechanics of program semantic level mutation separately, but it explicitly identifies it as part of the template's multi-level mutation interface. [C1]

Relationship to runtime instruction morphing

MorFuzz's core idea is to dynamically mutate instructions based on runtime feedback. Its instruction morphing mutates instructions that are going to be executed, and the stimulus template helps MorFuzz produce diverse and meaningful instruction streams on the fly. [C3]

Control-flow and execution focus

The stimulus template also lets the fuzzer communicate with the device under test to manage test-case control flow. This allows the fuzzer to skip duplicate instructions and focus on instruction sequences of interest. [C4]

Scope of the available evidence

The provided evidence supports Program Semantic Level Mutation as a named mutation level in MorFuzz's stimulus-template system. It does not provide a standalone algorithm, formal definition, or examples specific only to program semantic level mutation.