Skip to content
/ FOX-upstream Public
forked from FOX-Fuzz/FOX

Coverage-guided Fuzzing as Online Stochastic Control

License

Apache-2.0 license
0 stars 6 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

fuzz-evaluator/FOX-upstream

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

22 Commits
README_StandAlone Images
README_StandAlone Images
 
 
artifact
artifact
 
 
benchmark
benchmark
 
 
custom_mutators
custom_mutators
 
 
dictionaries
dictionaries
 
 
docs
docs
 
 
frida_mode
frida_mode
 
 
gllvm_bins
gllvm_bins
 
 
include
include
 
 
instrumentation
instrumentation
 
 
nyx_mode
nyx_mode
 
 
qemu_mode
qemu_mode
 
 
src
src
 
 
test
test
 
 
testcases
testcases
 
 
unicorn_mode
unicorn_mode
 
 
utils
utils
 
 
.clang-format
.clang-format
 
 
.custom-format.py
.custom-format.py
 
 
.dockerignore
.dockerignore
 
 
.gitignore
.gitignore
 
 
.gitmodules
.gitmodules
 
 
Android.bp
Android.bp
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
Changelog.md
Changelog.md
 
 
Dockerfile
Dockerfile
 
 
GNUmakefile
GNUmakefile
 
 
GNUmakefile.gcc_plugin
GNUmakefile.gcc_plugin
 
 
GNUmakefile.llvm
GNUmakefile.llvm
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
README_StandAlone.md
README_StandAlone.md
 
 
TODO.md
TODO.md
 
 
afl-addseeds
afl-addseeds
 
 
afl-cmin
afl-cmin
 
 
afl-cmin.bash
afl-cmin.bash
 
 
afl-persistent-config
afl-persistent-config
 
 
afl-plot
afl-plot
 
 
afl-system-config
afl-system-config
 
 
afl-whatsup
afl-whatsup
 
 
afl-wine-trace
afl-wine-trace
 
 
config.h
config.h
 
 
dynamic_list.txt
dynamic_list.txt
 
 
ensemble_runner.py
ensemble_runner.py
 
 
fix_long_fun_name.py
fix_long_fun_name.py
 
 
gen_graph_dev_check.py
gen_graph_dev_check.py
 
 
gen_graph_dev_no_dot_15.py
gen_graph_dev_no_dot_15.py
 
 
gen_graph_dev_no_dot_15_noasan.py
gen_graph_dev_no_dot_15_noasan.py
 
 
gen_graph_dev_parallel.py
gen_graph_dev_parallel.py
 
 
gen_graph_dev_refactor.py
gen_graph_dev_refactor.py
 
 
gen_graph_no_dot.py
gen_graph_no_dot.py
 
 
gen_graph_no_gllvm_15.py
gen_graph_no_gllvm_15.py
 
 
gen_graph_no_gllvm_15_systemd.py
gen_graph_no_gllvm_15_systemd.py
 
 
get_mapping_and_cfg.py
get_mapping_and_cfg.py
 
 
ghidra_find_inline_table.py
ghidra_find_inline_table.py
 
 
test-instr.c
test-instr.c
 
 
types.h
types.h
 
 

Repository files navigation

FOX - Coverage-guided Fuzzing as Online Stochastic Control

FOX presents a control-theoretic approach to perform coverage-guided fuzzing. The current prototype is built on top of AFL++. The key features implemented by FOX are:

  • Custom scheduler logic: Scheduling is done over frontier branches instead of seeds.
  • Custom mutator logic: Mutations adopt Newton's search method to synthesize branch-flipping inputs.
  • Changes to the LLVM instrumentation pass to allow efficient branch distance calculation

This project is accepted at CCS'24 and will be presented there. Checkout our paper for more technical details about the project. Refer to the instructions present in artifact/ where we provide detailed instructions to reproduce our experimental results and also detail instructions on how to run FOX on new targets.

Cite

@inproceedings{she2024fox,
  title={FOX: Coverage-guided Fuzzing as Online Stochastic Control},
  author={She, Dongdong and Storek, Adam and Xie, Yuchong and Kweon, Seoyoung and Srivastava, Prashast and Jana, Suman},
  booktitle={Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security},
  year={2024}
}

About

Coverage-guided Fuzzing as Online Stochastic Control

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • C 65.6%
  • C++ 16.6%
  • Python 7.4%
  • Makefile 3.5%
  • Shell 3.2%
  • Jupyter Notebook 2.1%
  • Other 1.6%