Skip to content
LAVA: Large-scale Automated Vulnerability Addition
C++ Python C Shell CMake Dockerfile Other
Branch: master
Clone or download
Latest commit d495732 Jan 13, 2020
Type Name Latest commit message Commit time
Failed to load latest commit information.
ddslots_plugin Move ddslots plugin, update panda os string, fix paths Nov 1, 2018
docker Merge branch 'master' of Jun 12, 2019
docs Update Jun 30, 2019
panda updated panda submodule reference to master Nov 5, 2018
scripts Remove existing files that may be left in archive Feb 3, 2019
target_configs Add AFL target (WIP) Feb 5, 2019
target_injections Add example json files with inputs, restructure lava directory to bet… Jul 3, 2018
tests Rename to Dec 24, 2018
tools Handle versioned drivers Dec 11, 2019
.gitignore Added versioning for lavaTool Nov 9, 2018
.gitmodules Added panda as submodule of lava Nov 1, 2018 Cleanup README Dec 27, 2018 Add v1.0.1 to verison history Dec 24, 2018
host.json.example Bugfixes for splitting json files into two, code cleanup, json config… Aug 31, 2018 Rename to Dec 24, 2018
lava_template.json Code cleanup pre-merge Jul 3, 2018 Apply horlabs' patch from github for postgres versioning Dec 21, 2018

LAVA: Large Scale Automated Vulnerability Addition

Evaluating and improving bug-finding tools is currently difficult due to a shortage of ground truth corpora (i.e., software that has known bugs with triggering inputs). LAVA attempts to solve this problem by automatically injecting bugs into software. Every LAVA bug is accompanied by an input that triggers it whereas normal inputs are extremely unlikely to do so. These vulnerabilities are synthetic but, we argue, still realistic, in the sense that they are embedded deep within programs and are triggered by real inputs. Our work forms the basis of an approach for generating large ground-truth vulnerability corpora on demand, enabling rigorous tool evaluation and providing a high-quality target for tool developers.

LAVA is the product of a collaboration between MIT Lincoln Laboratory, NYU, and Northeastern University.

Quick Start

On a system running Ubuntu 16.04, you should be able to just run python2 Note that this install script will install packages and make changes to your system. Once it finishes, you should have PANDA installed into panda/build/ (PANDA is used to perform dynamic taint analysis).

Next, run to generate a host.json. This file is used by LAVA to store settings specific to your machine. You can edit these settings as necessary, but the default values should work.

Project configurations are located in the target_configs directory, where every configuration is located at target_configs/projectname/projectname.json. Paths specified within these configuration files are relative to values set in your host.json file.

Finally, you can run ./scripts/ to actually inject bugs into a program. Just provide the name of a project that is in the target_configs directory, for example:

./scripts/ toy

You should now have a buggy copy of toy!

If you want to inject bugs into a new target, you will likely need to make some modifications. Check out How-to-Lava for guidance.


Check out the docs folder to get started.

Current Status

Version 2.0.0

Expected results from test suite:

Project       RESET    CLEAN    ADD      MAKE     TAINT    INJECT   COMP
blecho        PASS     PASS     PASS     PASS     PASS     PASS     PASS
libyaml       PASS     PASS     PASS     PASS     PASS     PASS     PASS
file          PASS     PASS     PASS     PASS     PASS     PASS     PASS
toy           PASS     PASS     PASS     PASS     PASS     PASS     PASS
pcre2         PASS     PASS     PASS     PASS     PASS     PASS     PASS
jq            PASS     PASS     PASS     PASS     PASS     PASS     PASS
grep          PASS     PASS     PASS     PASS     PASS     FAIL
libjpeg       PASS     PASS     PASS     PASS     FAIL
tinyexpr      PASS     PASS     PASS     PASS     FAIL
duktape       PASS     PASS     PASS     FAIL
tweetNaCl     PASS     PASS     FAIL
gzip          FAIL


LAVA is the result of several years of development by many people; a partial (alphabetical) list of contributors is below:

  • Andy Davis
  • Brendan Dolan-Gavitt
  • Andrew Fasano
  • Zhenghao Hu
  • Patrick Hulin
  • Amy Jiang
  • Engin Kirda
  • Tim Leek
  • Andrea Mambretti
  • Wil Robertson
  • Aaron Sedlacek
  • Rahul Sridhar
  • Frederick Ulrich
  • Ryan Whelan
You can’t perform that action at this time.