Comments (1)
ksteuck
commented on May 19, 2024
- Are the aforementioned snapshot present in the final runnable corpus with say different snapshot id?
Some of the snapshots will be in the runnable corpus, others won't. simple_fix_tool is used to discover the necessary memory mappings and capture the expected end state for the snapshots produced by fuzzing the proxy. The kinds of errors you described may or may not be fixable. For example, "Memory state mismatch" is typically fixable by capturing the actual memory state but a SIGFPE execution misbehave is not.
To give a concrete example, consider the following code
mov rax, 0x10000
mov [rax], 0
this snapshot can be fixed by mapping a page at 0x10000. Replace 0x10000 with 0x0 and this is not fixable b/c 0x0 isn't mappable in a typical scenario.
Take a different example
rdrand rax
mov 0x10000, rax
This snapshot isn't fixable b/c the memory contents at 0x10000 will always be different.
- If these snapshots are not included in the runnable corpus, is there a way we can execute those snapshots using runner as I fell those could generate interesting scenario in the real hardware?
Currently, no. Silifuzz infrastructure imposes certain limitations on the kind of programs that can be efficiently run using the runner binary. Specifically, the snapshots must be deterministic and not raise any signals. The fix_tool ensures this is the case.
In our real-life setup we use fuzz_filter_tool during fuzzing (--input_filter) to drive the fuzzing process towards maximizing coverage without breaking the limitations on determinism etc.
HTH
from silifuzz.
Related Issues (11)
- False positive eflags SDC on intel 12th gen CPUs HOT 4
- Questions on Silifuzz measurement results on CloudLab HOT 4
- Questions on Silifuzz HOT 3
- Questions Size of Snapshot HOT 4
- Support of SiliFuzz in Intel Skylake (Client) CPUs HOT 1
- Question on memory mapping in silifuzz HOT 1
- Docker run not successful HOT 2
- Seeking guidance on Corpus Generation and Tool Output HOT 1
- Fatal error on Prework (for Bazel) step HOT 4
- Quesiton on Orchestrator Erro HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from silifuzz.