deepstate
deepstate copied to clipboard
trailofbits
A unit test-like interface for fuzzing and symbolic execution
We define the executor `-h` text in `common.py`, in the `parse_args()` class method. It is [hardcoded](https://github.com/trailofbits/deepstate/blob/master/bin/deepstate/common.py#L114) to `Angr` (which I think is technically mis-stylized, since it is an [anti-proper ](https://docs.angr.io/docs/faq.html#how-should-angr-be-stylized)noun)....
Being able to provide "sane" default values for functions returning symbolic values (e.g. `DeepState_Int`) may be worth it, both for getting a basic test suite working without any input from...
Things to try. ### String comparison Make a symbolic-execution aware `strcmp(a, b)`, but on the library side. What we're looking for is: is one or or both of `a[0]` and...
https://github.com/bitblaze-fuzzball/fuzzball
For example, `s2e` has the function `s2e_make_symbolic`, which can be implemented in terms of `DeepState_Symbolize`. See more examples here: https://github.com/S2E/docs/blob/master/src/ManualTesting.rst#preparing-the-program-for-s2e
It's helpful to run the test cases in a "logical" order. The order in which they are registered with DeepState is technically undefined, though one can expect it to be...
The `fnmatch` function checks whether the string argument matches a given pattern. This function is derived from the ISO POSIX-2 standard and thus it's not available on Windows. The `REG_MATCH(PATTERN,...
The current process and description confuses a number of people, does not note which dependencies are available for which OS versions, and does not help with troubleshooting problems.
For the most part AFLplusplus (https://github.com/AFLplusplus/AFLplusplus) just works better than AFL these days, we should add it as a built-in backend, since the process is almost trivially different than AFL...
Metadata
Owner
Metadata
A unit test-like interface for fuzzing and symbolic execution