You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This repository consists of 5 directories, and each of them will be introduced in the following sections.
fuzzbench
RevBugBench currently supports FuzzBench commit 7c70037a73d2cc66627c6109d53d20b3594f85c9.
The diff file shows the modifications made by RevBugBench.
The following commands will apply the changes.
cd [path/to/fuzzbench]
git checkout 7c70037a73d2cc66627c6109d53d20b3594f85c9
git apply [path/to/the/diff/file]
The changes in the diff file can also be manually ported the the lastest verion of FuzzBench.
benchmarks
Target programs in this directory consist of 8 fuzzing targets from FuzzBench and 2 commonly fuzzed Binutils utilities,
injected with bugs by FixReverter.
Versions of each program can be found in the Dockerfile in each program's directory.
The target programs are compatible with FuzzBench benchmarks.
They can be added to FuzzBench by copying each program directory into the benchmarks directory of FuzzBench.
This folder contains the data dependency analysis results for each benchmark program generated by FixReverter.
They are needed in the triage process, and will be elobrated in the triage section.
fr_triage_driver
This folder contains the driver used by RevBugBench to triage programs with LibFuzzer fuzzing harness.
The triage driver is compatible with FuzzBench fuzzers, and will be built automatically by the triage scripts with the help of FuzzBench Makefile.
triage
This folder contains the scripts for triage.
Prerequisites
The triage scripts are developed with python 3.9.0. The requirements.txt specifies packages used by the scripts. To install them, run with
pip install -r requirements.txt
Config
Before running the scripts, a config file needs to be first set up.
The example config lists all the necessary configs with explanations in the comments.
After setting up the config file, the data dependency analysis results need to be manually placed on the workDir.
cd [path/to/fuzzbench]
# the venv is created when setting up fuzzbench with `make install-dependencies`
source .venv/bin/activate
PYTHONPATH=. python3 docker/generate_makefile.py triage.mk
For each benchmark to triage, build the triage binary image by
make -f triage.mk .fr_triage_driver-[benchmark name]-builder
The triage script will then use the built image to extract triage binaries.
Command-line Options
The main script to run the triage is main.py.
The following command-line options decided the triage tasks to perform.
--setup / -s
Extract fuzzing corpus from fuzzbench results and set up triage binaries.
It needs to be executed before the other tasks.
--triage / -t
Run the triage binaries on fuzzing results and produce triage results.
It needs to be executed before --report.
--report / -r
Summarize triage results and generate performance plots/tables/figures on out directory.
--config / -c
Path to the config file, default to [path/to/revbugbench]/triage/config.ini.
workflow
Running the triage tasks in sequence will generate the performance plots/tables/figures.
