diff --git a/src/experiments/l4-sys/UDIS86.cc b/src/experiments/l4-sys/UDIS86.cc
index 317f5997..1fa35c2e 100644
--- a/src/experiments/l4-sys/UDIS86.cc
+++ b/src/experiments/l4-sys/UDIS86.cc
@@ -1,65 +1,30 @@
-#include "sal/bochs/BochsController.hpp"
 #include "UDIS86.hpp"
 
-using namespace fail;
-
-Udis86::Udis86(unsigned char const *instr, size_t size, address_t ip) {
-	// initialise the buffer
-	udis_instr_size = size;
-	udis_instr = static_cast<unsigned char*>(malloc(udis_instr_size));
-	memcpy(udis_instr, instr, udis_instr_size);
-
+Udis86::Udis86(fail::address_t ip)
+: udis_instr(NULL), udis_instr_size(0)
+{
 	// initialise the internal data structure
 	ud_init(&ud_obj);
 	ud_set_mode(&ud_obj, 32);
 	ud_set_syntax(&ud_obj, UD_SYN_ATT);
 	ud_set_pc(&ud_obj, ip);
+}
+
+void Udis86::setInputBuffer(unsigned char const *instr, size_t size)
+{
+	// initialise the buffer
+	if (size > udis_instr_size) {
+		void *new_instr = realloc(udis_instr, size);
+		if (new_instr == NULL) {
+			// highly improbable
+			return;
+		}
+		udis_instr = reinterpret_cast<unsigned char*>(new_instr);
+	}
+
+	udis_instr_size = size;
+	memcpy(udis_instr, instr, udis_instr_size);
 
 	// assign the buffer to the data structure
 	ud_set_input_buffer(&ud_obj, udis_instr, udis_instr_size);
 }
-
-Udis86::~Udis86() {
-	// free the buffer
-	free(udis_instr);
-}
-
-bool Udis86::fetchNextInstruction() {
-	return (ud_disassemble(&ud_obj) > 0);
-}
-
-GPRegisterId Udis86::udisGPRToFailBochsGPR(ud_type_t udisReg) {
-#define REG_CASE(REG) case UD_R_##REG: return RID_##REG
-	switch (udisReg) {
-#if BX_SUPPORT_X86_64 // 64 bit register id's:
-	REG_CASE(RAX);
-	REG_CASE(RCX);
-	REG_CASE(RDX);
-	REG_CASE(RBX);
-	REG_CASE(RSP);
-	REG_CASE(RBP);
-	REG_CASE(RSI);
-	REG_CASE(RDI);
-	REG_CASE(R8);
-	REG_CASE(R9);
-	REG_CASE(R10);
-	REG_CASE(R11);
-	REG_CASE(R12);
-	REG_CASE(R13);
-	REG_CASE(R14);
-	REG_CASE(R15);
-#else
-	REG_CASE(EAX);
-	REG_CASE(ECX);
-	REG_CASE(EDX);
-	REG_CASE(EBX);
-	REG_CASE(ESP);
-	REG_CASE(EBP);
-	REG_CASE(ESI);
-	REG_CASE(EDI);
-#endif
-	default:
-		return RID_LAST_GP_ID;
-	}
-#undef REG_CASE
-}
diff --git a/src/experiments/l4-sys/UDIS86.hpp b/src/experiments/l4-sys/UDIS86.hpp
index 88c9ec1d..974c668f 100644
--- a/src/experiments/l4-sys/UDIS86.hpp
+++ b/src/experiments/l4-sys/UDIS86.hpp
@@ -2,6 +2,7 @@
   #define __UDIS86_HPP__
 
 #include <udis86.h>
+#include "sal/bochs/BochsController.hpp"
 #include "sal/bochs/BochsRegister.hpp"
 
 /**
@@ -20,8 +21,18 @@ private:
 	unsigned char *udis_instr; //<! the instruction buffer for UDIs86
 	size_t udis_instr_size; //<! the size of the instruction buffer
 public:
-	Udis86(unsigned char const *instr, size_t size, fail::address_t ip);
-	~Udis86();
+	/**
+	 * creates a new Uds86 object
+	 * @param ip the current instruction pointer of the simulator
+	 */
+	Udis86(fail::address_t ip);
+	~Udis86() { free(udis_instr); }
+	/**
+	 * sets a new input buffer
+	 * @param instr the encoded instruction
+	 * @param size the size of the instruction
+	 */
+	void setInputBuffer(unsigned char const *instr, size_t size);
 	/**
 	 * retrieves the private ud structure of udis86
 	 * @returns a reference pointer to a ud_t variable
@@ -31,14 +42,49 @@ public:
 	 * Tries to decode the next instruction from the given buffer.
 	 * @returns \c true if a new instruction could be retrieved, \c false if the object has expired
 	 */
-	bool fetchNextInstruction();
+	inline bool fetchNextInstruction() { return (ud_disassemble(&ud_obj) > 0); }
 	/**
 	 * Returns the FailBochs equivalent to a UDIS86 GPR identifier.
 	 * Attention: this only returns either 32-bit or 64-bit registers, no general IDs
 	 * @param udisReg the udis86 GPR ID
 	 * @returns the FailBochs GPR ID, usable with the BochsRegisterManager class
 	 */
-	static fail::GPRegisterId udisGPRToFailBochsGPR(ud_type_t udisReg);
+	static inline fail::GPRegisterId udisGPRToFailBochsGPR(ud_type_t udisReg)
+	{
+		#define REG_CASE(REG) case UD_R_##REG: return fail::RID_##REG
+			switch (udisReg) {
+		#if BX_SUPPORT_X86_64 // 64 bit register id's:
+			REG_CASE(RAX);
+			REG_CASE(RCX);
+			REG_CASE(RDX);
+			REG_CASE(RBX);
+			REG_CASE(RSP);
+			REG_CASE(RBP);
+			REG_CASE(RSI);
+			REG_CASE(RDI);
+			REG_CASE(R8);
+			REG_CASE(R9);
+			REG_CASE(R10);
+			REG_CASE(R11);
+			REG_CASE(R12);
+			REG_CASE(R13);
+			REG_CASE(R14);
+			REG_CASE(R15);
+		#else
+			REG_CASE(EAX);
+			REG_CASE(ECX);
+			REG_CASE(EDX);
+			REG_CASE(EBX);
+			REG_CASE(ESP);
+			REG_CASE(EBP);
+			REG_CASE(ESI);
+			REG_CASE(EDI);
+		#endif
+			default:
+				return fail::RID_LAST_GP_ID;
+			}
+		#undef REG_CASE
+	}
 };
 
 #endif // __UDIS86_HPP__
diff --git a/src/experiments/l4-sys/experiment.cc b/src/experiments/l4-sys/experiment.cc
index 67280d8b..b10aaa7a 100644
--- a/src/experiments/l4-sys/experiment.cc
+++ b/src/experiments/l4-sys/experiment.cc
@@ -436,9 +436,10 @@ bool L4SysExperiment::run() {
 	} else if (exp_type == param.msg.RATFLIP) {
 		ud_type_t which = UD_NONE;
 		unsigned rnd = 0;
+		Udis86 udis(injection_ip);
 		do {
 			bxInstruction_c *currInstr = simulator.getCurrentInstruction();
-			Udis86 udis(calculateInstructionAddress(), currInstr->ilen(), injection_ip);
+			udis.setInputBuffer(calculateInstructionAddress(), currInstr->ilen());
 			if (!udis.fetchNextInstruction()) {
 				param.msg.set_resulttype(param.msg.UNKNOWN);
 				param.msg.set_resultdata(