-
Notifications
You must be signed in to change notification settings - Fork 11
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fuzzing tool for WASM #48
Comments
Hi @Jacarte , commit with respect to coverage tool. with two test cases for the coverage method. |
Now your code is in the branch feature/opt-in https://github.com/KTH/swam/tree/feature/opt-in, lets work on this branch. I will do the changes that I discussed with Lucas. The new PR to be merged with master, KTH/swam#6 |
FYI, good progress by @olapiv see https://github.com/olapiv/swam/tree/feature/opt-in/fuzzer and KTH/swam#7 |
Potential benchmark for evaluation the fuzzer: the 26 WASM binaries (98,924 functions) of https://www.unibw.de/patch/papers/usenixsecurity20-wasm.pdf |
Here are the technical details of how AFL works: https://github.com/google/AFL/blob/master/docs/technical_details.txt It's very well explained - I especially recommend reading part 1 ("Coverage measurements"). |
Done:
Moving todos at the point |
Current work is here: Pull request is here: |
Here are a couple of thoughts that I am currently having regarding next steps. Some of it may not make sense, some of it may be obvious.
|
Ack, thanks for the update. Is there a need to revise to todo list accordingly? |
Just did. It's all still a very vague idea though, so it's a bit difficult to pinpoint the exact next steps. I'm just researching for now, so I'm (more) sure that whatever we do next is viable. Would be nice to hear what you guys think about it though! As far as I know the concept could also be an entire waste of time. |
Not sure to see the underlying concept behind the bullets. Do you mean "using v8"? |
Yes, exactly |
The question of using v8 versus using Swam is hard. There are pros and cons in both cases and we've made a strategic decision some time ago. Now, for the fuzzer, we may use v8 again in the future. But in the timeframe of your internship, and given that only a few weeks remain, I would suggest to consolidate as much as possible the Swam solution, with as much as possible in Swam's master and with top code and documentation merged here in Slumps (and adding DWARF support in SWAM?). |
Using non-number types with SWAM
|
FYI, the latest coverage code is in branch path_coverage https://github.com/KTH/swam/tree/feature/path_coverage |
The fuzzing code depends on a branch on olapiv through a git submodule https://github.com/olapiv/swam/tree/759e41a9cd778981c2009764a2236b22c2975646 |
per our discussion with @olapiv today added one todo at the top "use the literals available in the WASM binary as seed in AFL" |
In order to implement the socket protocol from AFL as a websocket protocol: |
Use SWAM as the core to create a full-fledge fuzzer for WASM. As a big picture here are the milestone to achieve it:
Depends on the WASM coverage tool, see #54
Reference implementations:
Medium priority todos:
Low priority todos:
The text was updated successfully, but these errors were encountered: