Skip to content

Complete compositional greybox fuzzing

Latest
Latest
Compare
Choose a tag to compare
@saahil saahil released this 24 Jul 07:52
· 2 commits to master since this release
v2.0-beta
9ba4b69
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Several major and minor additions have been made in this version. Some of the major ones are

  1. Isolated functions can be fuzzed, instead of only being symbolically executed. Added support for afl-clang-fast through LLVM 6.0.
  2. Isolated functions can be flipped too! This means fast switching between symbolic execution and fuzzing whenever one of the techniques saturates. Also supported through KLEE and afl-clang-fast.
  3. All pre-analysis operations are carried out at the LLVM bitcode level, using several opt passes. This means that the distance metrics (for targeted symbolic execution, e.g.) are much more accurate now and the search for function entry points happens much faster. This also means that a lot less "garbage" is generated and stored as intermediate analysis files.
Assets 2