FuzzBALL: Vine-based Binary Symbolic Execution
OCaml C++ C Assembly M4 Makefile Other
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
config Start artificial history with a base of a modern Vine version. May 12, 2013
examples Add an FP test program exercising 16-bit int conversions Oct 16, 2017
exec_utils Remove some unused OCaml packages from Makefiles Jun 19, 2013
execution Allow 64-bit base for symbolic address Aug 7, 2018
extras More x64 instructions and syscalls Sep 7, 2015
libasmir Start work on a more complete version of DivModU128to64 Aug 9, 2018
m4 Start artificial history with a base of a modern Vine version. May 12, 2013
ocaml Adjust white space in type checking exception messages Aug 1, 2018
stp add patch for stp-2.2.0 Jun 16, 2017
trace Remove some unused OCaml packages from Makefiles Jun 19, 2013
.gitignore Ignore various solver output files for GIT Feb 15, 2015
AUTHORS Add AUTHORS file Jun 4, 2013
COPYING More documentation and license files Jun 4, 2013
ChangeLog Start artificial history with a base of a modern Vine version. May 12, 2013
INSTALL Update VEX support up to r3400 Aug 9, 2018
LICENSE More documentation and license files Jun 4, 2013
Makefile.am Modularize Vine Execution code into execution/ May 27, 2013
NEWS Start artificial history with a base of a modern Vine version. May 12, 2013
README Add notes on directory and module structure Jun 13, 2013
README.md More concise README.md for GitHub purposes Jun 5, 2013
README.options Add null-deref checking in Vinegrind Jul 25, 2018
autogen.sh Start artificial history with a base of a modern Vine version. May 12, 2013
configure.ac Build compatibility fixes for new GNU Binutils/libopcodes Oct 17, 2017
for-ocaml4.02.patch Include patch for OCaml 4.02 cleanness Sep 28, 2014
vex-r2188.patch Start artificial history with a base of a modern Vine version. May 12, 2013
vex-r2701.patch Start artificial history with a base of a modern Vine version. May 12, 2013
vex-r2719.patch Start artificial history with a base of a modern Vine version. May 12, 2013
vex-r2737.patch Update VEX patch and INSTALL file Aug 5, 2013
vex-r3206.patch Update VEX support to r3206, useful for Intel MPX Jan 22, 2016
vex-r3260.patch VEX compatibility updates, mostly for ARM Oct 11, 2016
vex-r3400.patch Update VEX support up to r3400 Aug 9, 2018

README.md

FuzzBALL is a symbolic execution tool for x86 (and a little ARM) binary code, based on the BitBlaze Vine library. (The name comes from the phrase "FUZZing Binaries with A Little Language", where "fuzzing" is a common application of symbolic execution to bug-finding, and the "little language" refers to the Vine intermediate language that FuzzBALL uses for execution. Also "fuzzball" is a common nickname for a small kitten, and FuzzBALL was intended to be simpler and lighter-weight than some other symbolic execution tools.)

At a high level, there are two kinds of code you can run FuzzBALL on. First, there is any code that can execute stand-alone, without the services of an OS or special hardware devices; this can include a subset of code from a larger program that does need those things. Second, there are single-threaded Linux programs, which FuzzBALL can run by passing their system calls onto your real OS.

FuzzBALL is free software distributed under the GNU GPL: see the files LICENSE and COPYING for details.

Compilation instructions are in the file INSTALL.

The README file includes some more detailed description of FuzzBALL and some tutorial-style examples.

FuzzBALL's page on the Berkeley web site, at

http://bitblaze.cs.berkeley.edu/fuzzball.html

has links to some papers that build on FuzzBALL.

We are interested in your comments, questions, and feedback about FuzzBALL via the bitblaze-users mailing list (hosted by Google Groups):

http://groups.google.com/group/bitblaze-users