deepstate
deepstate copied to clipboard
trailofbits
A unit test-like interface for fuzzing and symbolic execution
Compiling converted-over harnesses that intake a lot of dependencies and may already be apart of a complicated build system does not work entirely well with `--compile_test`, as it only provides...
Since we support much more modern Python 3.x builds, we should use static type checking with our Python codebases. By making our types explicit and more absolute, this should not...
Tool should output DeepState to generate a parsing string, given an e.g. antrl4 grammar
``` TRACE: BETWEEN -0.000000 and 0.000000 = 78804012392788958424558080200287227610159478540930893335896586808491443542994421222828532509769831281613255980613632.000000 CRITICAL: flcheck.cpp(38): 78804012392788958424558080200287227610159478540930893335896586808491443542994421222828532509769831281613255980613632.000000 > 0.000000 ```
With a refactored frontend API we are now able to instantiate frontend objects using `Frontend.init_fuzzer()`, which takes advantage of `setattr()` to set object attributes from a `dict`. We should take...
Coverage is a good secondary metric besides actual bugs/crashes discovered, as it can provide insight on which uncovered parts of source our analysis tools may need to be used on....
Come up with some way to autogenerate new filenames and reduce an entire directory by some criteria, maybe even extract the last "CRITICAL" logging from each run.
Do what's in the pending blog post and the script here: https://github.com/agroce/testfs/blob/master/checkCov.py -- except make it seamless, command-line arg to the reducer, with an informative error about not finding the...
https://lcamtuf.blogspot.com/2015/06/new-in-afl-persistent-mode.html One reason AFL loses to libFuzzer for API fuzzing is throughput; persistent mode ought to work for us, since libFuzzer does. Of course, people can write their own persistent...
Metadata
Owner
Metadata
A unit test-like interface for fuzzing and symbolic execution