ARM Processor Fuzzing via QEMU
Each processor manufacturer hands out documentation of all usable processor instructions for their specific processor architectures. However, not all possible sequences of instructions are well-defined in those documentations; hence, their execution is undefined. This bachelor thesis describes the implementation of a tool capable of testing a QEMU-emulated ARM architecture. It is used to investigate if there appears any recognizable misbehavior when trying to execute undefined sequences of instructions. To do so, the grammar-based F1 prototype fuzzer, combined with a self-written instruction grammar manually derived from an instruction set description, is used. Being able to create a massive amount of instruction inputs, they are executed on the emulated ARM processor architecture. The target of this fuzzing campaign is a QEMU-emulated ARM Cortex-A9 processor, and it is tested in user as well as in supervisor execution mode.