deepstate
deepstate copied to clipboard
trailofbits
A unit test-like interface for fuzzing and symbolic execution
We currently have a dedicated front-end to Eclipser (https://github.com/trailofbits/deepstate/blob/master/bin/deepstate/eclipser.py), which makes it easy to use Eclipser with DeepState. However, even using AFL (for example) requires a bit more typing and...
Manticore fails in this particular example, @mossberg is mentioned in the code, maybe he can help us. :smiley: ``` ================================================================================ RUNNING: deepstate-manticore build/examples/OneOf 2019-04-21 22:00:30,717: [16805] m.c.manticore:INFO: Verbosity set to...
Create a more generic single function call fuzzer entry, with choices like exit controlled via DeepState vars, then make libFuzzer entry a wrapper that uses the environment variables.
Without compiling with coverage, we could have DeepState warn you at finish of internal fuzzer, test directory replay, or symex, if you had ASSERTs in your DeepState harness that never...
Title says it. Right now takeover of rand won't work if a subject includes (after deepstate) a library using rand().
Add in something like: ```c #define TRY_REGISTER_CONST(x) \ if (__builtin_constant_p(x)) { \ asm(".pushsection .data.consts; .quad %0; .popsection;" : : "I"(x)); } ``` Then use `TRY_REIGSTER_CONST` in things like `CHECK_EQ(a, b)`,...
DeepState forks during test replay (and other modes) so that crashes don't terminate the testing process in some arbitrary way, but are reported as a crash with an appropriate DeepState...
A test harness is a class that contains common state, setup, and teardown code. Some of that state is likely to be symbolic variables. We need some additional annotations, e.g....
This should just do all the right stuff, and when available, should also generate libFuzzer targets. If we go this route then we can be more certain about the naming...
Metadata
Owner
Metadata
A unit test-like interface for fuzzing and symbolic execution