Comments (6)
Interesting, this is excellent. We considered using a similar approach, via a modified CPython runtime rather than after-the-fact bytecode editing. We ultimately decided on an extension in an attempt to make Atheris as easy-to-use as possible. (It's already complicated enough.)
A 5x performance improvement is quite significant. Do you know if it's reasonable to transform code objects at runtime rather than by modifying .py / .pyc files? I assume so. If so, that would probably be the best way to do this. That way, Atheris can still be an extension providing any shared code, but coverage calls can be added where needed without a tracer.
This also means we can support more interesting tracing (like string comparison) in Python versions before 3.8, which would be excellent. I was considering implementing better regular expression coverage via monkey-patching anyway.
Could you explain more about what you meant by "It does not support...differential fuzzing since the counters of each module start at 0"?
from atheris.
Transforming code objects of modules is perfectly possible.
I added a new method instrument(module)
which gets a module object
as a parameter, retrieves the code object of the module, instruments the code
and creates a new module with the same name but with the instrumented code.
This can look e.g. like this:
import sys
import pefile
import lf
def test_one_input(data):
...
if __name__ == "__main__":
lf.instrument(pefile) # <-- NEW
lf.fuzz(test_one_input, sys.argv)
(See the latest version of my POC)
Could you explain more about what you meant by "It does not support...differential fuzzing since the counters of each module start at 0"?
I meant that there cannot be more than one instrumented module in the module list at a time. But this problem has been solved by the in-memory instrumentation.
Update:
After adding instrumentation for data-flow tracing the performance benefit dropped from 5x to 2x.
from atheris.
Just wanted to update you, this is on our roadmap :)
from atheris.
Question: would you like to merge this into Atheris, or would you prefer we do it? If you want to do it, could you provide a well-documented PR?
from atheris.
At the moment I wouldn't like to merge it into atheris because
- It's incomplete (not all branches get instrumented, some basic blocks get instrumented twice)
- It's only for python3.8
- It's incredibly slow
but I am happy to create a PR when all of those deficiencies have been fixed.
from atheris.
Yes, absolutely!
from atheris.
Related Issues (20)
- Help with installation on ARM HOT 3
- Please add a tag for the latest release HOT 3
- Potential file conflict with other Python packages HOT 3
- Instrumenting time long HOT 3
- Aggregate all string literals during instrumentation HOT 1
- Unable to cast Python instance to C++ HOT 8
- Unable to execute target in fork mode HOT 2
- Generate wheels for all platforms via cibuildwheel HOT 3
- "Permission denied" when using -merge=1
- Preloaded libFuzzer doesn't allow to use custom mutator.
- Wrong crash line in new python version
- Atheris 2.2.2 fails to instrument a while loop in Python 3.11.0 HOT 1
- Support RegisterPostProcessor in lib protofuf mutator
- Make use of Github Actions
- How could I save crash log? HOT 5
- User exit callback feature? HOT 2
- Integrate Slipcover to Atheris HOT 2
- Cannot Install Atheris using PIP on Ubuntu, Alpine, ArchLinux and Windows HOT 5
- Issue in installing package atheris-libprotobuf-mutator on python base image
- Determinism HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from atheris.