Developer Documentation

This section provides technical documentation for developers contributing to Revizor.

Development Guidelines

• General Guidelines: Development environment setup, testing procedures, contribution workflow
• Code Style: Formatting conventions for Python and C code, naming conventions
• Git Workflow: Branch management, commit message format, merge procedures

Architecture and Modules

• Overview: High-level system architecture and component interaction
• Code Structure: Organization of the source code directory and key modules
• Orchestration: Main fuzzing loop and coordination between components
• ISA Specification: Instruction set architecture definitions and JSON-based specification format
• Test Case Code Generation: Program generation algorithm and relevant classes
• Test Case Data Generation: Data generation algorithm and relevant classes
• Hardware Tracing: Execution of test cases on the target HW and hardware trace collection
• Contract Tracing: Leakage modeling and contract trace generation (high-level overview; implementation details in backend-specific pages)
• Trace Analysis: Comparison of contract and hardware traces to detect violations
• Minimization: Post-detection reduction of test cases to minimal reproducing examples
• Logging: Logging infrastructure and debugging facilities

Contract Modeling Backends

Revizor supports two different backends for contract-based leakage modeling. They are documented in the following pages:

• Unicorn Backend: Backend based on the Unicorn CPU emulator
• DynamoRIO Backend: Backend based on the DynamoRIO dynamic binary instrumentation engine

Advanced Topics

• Register Allocation: Executor reserves a subset of registers for its own use; this page documents their purpose
• Test Case Sandbox: Memory layout of the sandbox environment in which test cases are executed
• Macros: Implementation of macros in Executor and Models
• Binary Formats: Serialized binary formats for test case programs and data