Skip to content

Latest commit

 

History

History
69 lines (54 loc) · 1.58 KB

README.md

File metadata and controls

69 lines (54 loc) · 1.58 KB

Using QSYM with vagrant

Pulling from Vagrant Cloud

Building locally

$ vagrant up
$ vagrant ssh

How to run the example

# load system configuration
$ sudo sysctl --system

# compile the example
$ gcc -o example example.c
$ mkdir input
$ python -c'print"A"*4096' > input/seed
$ ./example ./input/seed
# nothing will print out

# concolic execution with a single test case
$ mkdir tests
$ ./qsym/bin/run_qsym.py -i input/seed -o tests -- ./example @@
$ ./example tests/qsym-last/000000
Step 1 passed

# hybrid fuzzing
$ ./afl-2.52b/afl-gcc -o example-afl example.c

# terminal 1 (using vagrant ssh)
$ ./afl-2.52b/afl-fuzz -M afl-master -i input -o output -- ./example-afl @@

# terminal 2
$ ./afl-2.52b/afl-fuzz -S afl-slave -i input -o output -- ./example-afl @@

# terminal 3
$ ./qsym/bin/run_qsym_afl.py -a afl-slave -o output -n qsym -- ./example @@

# will find a crash in minutes

How to run LAVA-M

Our VM image has pre-compiled LAVA-M applications. It is worth noting that we used 64-bit LAVA-M applications. In 64-bit, LAVA-M's testcases fail to validate all bugs in uniq, but only 20 out of 28. This is consistent with others (We used Google translation to read this article).

# load system configuration
$ sudo sysctl --system

$ cd LAVA
$ ./install-lava.sh

# run experiements
$ ./run-lava.py run [app]

# collect results
$ ./run-lava.py collect [app]