Skip to content

acorn421/MaxAFL_public

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
build
build
 
 
cppoptlib
cppoptlib
 
 
dictionaries
dictionaries
 
 
docs
docs
 
 
experimental
experimental
 
 
libdislocator
libdislocator
 
 
libtokencap
libtokencap
 
 
llvm_mode
llvm_mode
 
 
qemu_mode
qemu_mode
 
 
testcases
testcases
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
afl-analyze
afl-analyze
 
 
afl-analyze.c
afl-analyze.c
 
 
afl-as
afl-as
 
 
afl-as.c
afl-as.c
 
 
afl-as.h
afl-as.h
 
 
afl-clang
afl-clang
 
 
afl-clang++
afl-clang++
 
 
afl-clang-fast
afl-clang-fast
 
 
afl-clang-fast++
afl-clang-fast++
 
 
afl-cmin
afl-cmin
 
 
afl-fuzz
afl-fuzz
 
 
afl-fuzz.c
afl-fuzz.c
 
 
afl-fuzz.h
afl-fuzz.h
 
 
afl-g++
afl-g++
 
 
afl-gcc
afl-gcc
 
 
afl-gcc.c
afl-gcc.c
 
 
afl-gotcpu
afl-gotcpu
 
 
afl-gotcpu.c
afl-gotcpu.c
 
 
afl-lbfgs.cpp
afl-lbfgs.cpp
 
 
afl-lbfgs.hpp
afl-lbfgs.hpp
 
 
afl-lbfgs.o
afl-lbfgs.o
 
 
afl-llvm-pass.so
afl-llvm-pass.so
 
 
afl-llvm-rt-64.o
afl-llvm-rt-64.o
 
 
afl-llvm-rt.o
afl-llvm-rt.o
 
 
afl-plot
afl-plot
 
 
afl-showmap
afl-showmap
 
 
afl-showmap.c
afl-showmap.c
 
 
afl-tmin
afl-tmin
 
 
afl-tmin.c
afl-tmin.c
 
 
afl-whatsup
afl-whatsup
 
 
afl_config
afl_config
 
 
alloc-inl.h
alloc-inl.h
 
 
as
as
 
 
callgraph.pdf
callgraph.pdf
 
 
compare-transform-pass.so
compare-transform-pass.so
 
 
config.h
config.h
 
 
debug.h
debug.h
 
 
hash.h
hash.h
 
 
maxafl-fuzz-pass.so
maxafl-fuzz-pass.so
 
 
maxafl-pass.so
maxafl-pass.so
 
 
split-compares-pass.so
split-compares-pass.so
 
 
split-switches-pass.so
split-switches-pass.so
 
 
test-instr.bc
test-instr.bc
 
 
test-instr.c
test-instr.c
 
 
test-libfuzzer-target.c
test-libfuzzer-target.c
 
 
testbin
testbin
 
 
types.h
types.h
 
 

Repository files navigation

MaxAFL

Overview

  • Maximize code coverage using optimization algorithm.

Main Idea

  • construct global objective function for optimization based on static code analysis.
  • implement fast optimization algorithm using gradient descent.

Implementation

  • implement instrumentation for fuzzing using LLVM Pass.

    Dev environment

    • Ubuntu 18.04
    • Visual Studio Code

    Dependencies

    • LLVM 8.0.0
    • Boost Graph Library 1.6.2

Test

LLVM Pass Test

  • opt -load (path_to_so_file)/FuncBlockCount.so -funcblockcount sample.ll
  • clang -O0 -S -emit-llvm sample.c -o sample.ll

Paper Work

Related Works

  1. Angora
    • use gradient descent to explore path.
    • use taint analysis and type inference for efficient gradient descent.
    • pdf, github
  2. NEUZZ
    • train Deep Neural Network that predict branch coverage(TBA).
    • pdf, github
  3. GRsan(Proximal gradient analysis)
    • use chain rule to compute gradient of variable w.r.t. input.
    • pdf, source code is not available yet.

Links

  1. Fuzzing corpus
  2. Fuzzing targets

Analyze Result

  • gen_cov.py -> coverage.py -> plot.py

About

MaxAFL_public

Resources

Readme

License

Apache-2.0 license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages