deepstate

deepstate copied to clipboard

Sometimes container action fails, because of "No space left on device" error. Here why: Action "whoan/docker-build-with-cache-action@v3" works like that: * pull images from (private) registry * build new images using...

GrosQuildu

Fuzzers synchronization

1

DeepState implements ensembled fuzzing, where each fuzzer share interesting test cases with other. But synchronizing fuzzers is a bit tricky and needs some research, as it's badly documented. Current state...

GrosQuildu

DeepState should allocate buffers of required length and truncate additional data (or don't it?). But running code below: ```cpp #include using namespace deepstate; TEST(T, T) { char *data = (char*)DeepState_Malloc(5);...

GrosQuildu

Frontends specifies compiler for c++ code only: https://github.com/trailofbits/deepstate/blob/67e98f56670cab1e9099498867fe72d7876debc0/bin/deepstate/executors/fuzz/afl.py#L33 There are two issues related to that fact: 1) We strip "++" from the compiler to get compiler name for C code:...

GrosQuildu

Unit tests for frontend API

1

As we approach integrating type hints and checking with mypy (https://github.com/trailofbits/deepstate/issues/260 and https://github.com/trailofbits/deepstate/pull/268) and other fun static checking stuff into the dev cycle, it would also be nice to have...

ex0dus-0x

https://github.com/trailofbits/deepstate/blob/721ca58b4810786825e960d400a22794a1cda3db/src/lib/DeepState.c#L951-L957

neuromancer

Deepstate allows to use config file instead of command line arguments: https://github.com/trailofbits/deepstate/blob/614e677b11a24b274ffc8fcc41d1cfd324dfbda4/bin/deepstate/core/base.py#L102-L104 https://github.com/trailofbits/deepstate/blob/614e677b11a24b274ffc8fcc41d1cfd324dfbda4/bin/deepstate/core/base.py#L131-L132 https://github.com/trailofbits/deepstate/blob/614e677b11a24b274ffc8fcc41d1cfd324dfbda4/bin/deepstate/core/base.py#L176-L177 For parsing uses [configparser](https://docs.python.org/3/library/configparser.html#supported-datatypes). But the lib doesn't recognize daty types. So if we specify i.e....

GrosQuildu

Each fuzzer executor (frontend) implements `populate_stats` method that changes fuzzer-specific output information to the uniform one. That is, it's populate `self.stats` dictionary. Currently only AFL provides reasonable amount of runtime...

GrosQuildu

If we uncomment code in [`do_restart`](https://github.com/trailofbits/deepstate/blob/67e98f56670cab1e9099498867fe72d7876debc0/bin/deepstate/core/fuzz.py#L820-L821), then fuzzer processes will be killed and started again (so resumed with the same output directory) after 20 seconds of fuzzing. This should work...

GrosQuildu

AFL documentation (parallel_fuzzing.txt) says that: > There is no need to synchronize crashes/ or hangs/; you only need to copy over queue/* (and ideally, also fuzzer_stats). So we should synchronize...

GrosQuildu