Fuzzers¶
Fuzzers are things that generate a design, feed it to Vivado, and look at the resulting bitstream to make some conclusion. This is how the contents of the database are generated.
The general idea behind fuzzers is to pick some element in the device (say a block RAM or IOB) to target. If you picked the IOB (no one is working on that yet), you’d write a design that is implemented in a specific IOB. Then you’d create a program that creates variations of the design (called specimens) that vary the design parameters, for example, changing the configuration of a single pin.
A lot of this program is TCL that runs inside Vivado to change the design parameters, because it is a bit faster to load in one Verilog model and use TCL to replicate it with varying inputs instead of having different models and loading them individually.
By looking at all the resulting specimens, you can correlate which bits in which frame correspond to a particular choice in the design.
Looking at the implemented design in Vivado with “Show Routing Resources” turned on is quite helpful in understanding what all choices exist.
Configurable Logic Blocks (CLB)¶
Block RAM (BRAM)¶
Input / Output (IOB)¶
Clocking (CMT, PLL, BUFG, etc)¶
Programmable Interconnect Points (PIPs)¶
- int-imux-gfan Fuzzer
- int-piplist Fuzzer
- BUFG interconnect fuzzer
- clk-hrow-pips Fuzzer
- clk-rebuf-pips Fuzzer
- HCLK_CMT interconnect fuzzer
- Fuzzer for bidirectional INT PIPs
- Fuzzer for INT PIPs driving the CLK wires
- Fuzzer for INT PIPs driving the CTRL wires
- Fuzzer for the ALT_FAN.*GFAN PIPs
- Fuzzer for INT PIPs driving the GFAN wires with GND
- Fuzzer for PIPs in HCLK titles
- Fuzzer for INT LOGIC_OUTS -> IMUX PIPs
- Fuzzer for the remaining INT PIPs
- Generic fuzzer for INT PIPs
- piplist Fuzzer
- ppips Fuzzer
Hard Block Fuzzers¶
Grid and Wire¶
All Fuzzers¶
- bram-cascades Fuzzer
- BRAM Configuration
- BRAM Data
- bram-fifo-config Fuzzer
- bram36-config Fuzzer
- clb-ffconfig Fuzzer
- clb-ffsrcemux Fuzzer
- clb-lutinit Fuzzer
- clb-n5ffmux Fuzzer
- clb-ncy0 Fuzzer
- clb-ndi1mux Fuzzer
- clb-nffmux Fuzzer
- clb-noutmux Fuzzer
- clb-precyinit Fuzzer
- clb-ram Fuzzer
- clk-bufg-config Fuzzer
- BUFG interconnect fuzzer
- clk-hrow-config Fuzzer
- clk-hrow-pips Fuzzer
- clk-rebuf-pips Fuzzer
- MMCM
- Clock Management Tile (CMT) - Phase Lock Loop (PLL) Fuzzer
- dsp-mskpat Fuzzer
- dump_all Fuzzer
- fifo-config Fuzzer
- get_counts Fuzzer
- HCLK_CMT interconnect fuzzer
- init-db Fuzzer
- int-imux-gfan Fuzzer
- int-piplist Fuzzer
- IOB Fuzzer
- iob-ilogic Fuzzer
- iob-ologic Fuzzer
- XADC Fuzzer
- ordered_wires Fuzzer
- part-yaml Fuzzer
- pins Fuzzer
- Fuzzer for bidirectional INT PIPs
- Fuzzer for INT PIPs driving the CLK wires
- Fuzzer for INT PIPs driving the CTRL wires
- Fuzzer for the ALT_FAN.*GFAN PIPs
- Fuzzer for INT PIPs driving the GFAN wires with GND
- Fuzzer for PIPs in HCLK titles
- Fuzzer for INT LOGIC_OUTS -> IMUX PIPs
- Fuzzer for the remaining INT PIPs
- Generic fuzzer for INT PIPs
- piplist Fuzzer
- ppips Fuzzer
- Tilegrid Fuzzer
- Timing analysis fuzzer (timfuz)
Minitests¶
Minitests are experiments to figure out how things work. They allow us to understand how to better write new fuzzers.
- CLB_BUSED Minitest
- clb-carry_cin_cyinit Minitest
- clb-configs Minitest
- CLB_MUXF8 Minitest
- clkbuf Minitest
- eccbits Minitest
- FIXEDPNR Minitest
- lvb_long_mux Minitest
- nodes_wires_list Minitest
- FASM Proof of Concept using Vivado Partial Reconfig flow
- Usage
- Using Vivado to generate .fasm
- PICORV32-v Minitest
- PICORV32-y Minitest
- pip-switchboxes Minitest
- ROI_HARNESS Minitest
- Quickstart
- How it works
- tiles_wires_pips Minitest
- util Minitest
Tools¶
SymbiFlow/prjxray/tools/
Here, you can find various programs to work with bitstreams, mainly to assist building fuzzers.