More details about generating minimal PoC

[mudongliang]

Hi all, could you please provide more details about how to generate minimal PoC(There is only one statement in the paper)? And how to guarantee its reproducibility as the image status is somehow like the accumulated status in Linux kernel? If I have any misunderstanding about this paper, please let me know.

To achieve this, JANUS currently uses a brute force approach to revert every mutated byte and also tries to remove every invoked file operation to check whether the kernel still crashes at the expected location.

[tarafans]

I pushed a simple script I used which literally describes this statement: https://github.com/sslab-gatech/janus/blob/master/utils/minimize.py Then I manually checked the PoC by running it with a real Linux kernel in a QEMU VM.