{"id":22415136,"url":"https://github.com/abertschi/influence_compiler_flags_on_fuzzing","last_synced_at":"2025-03-27T04:17:08.500Z","repository":{"id":74673560,"uuid":"502312639","full_name":"abertschi/influence_compiler_flags_on_fuzzing","owner":"abertschi","description":"Evaluating the Influence of Compiler Flags on Fuzzing","archived":false,"fork":false,"pushed_at":"2022-06-11T11:05:18.000Z","size":5469,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-02-01T09:22:54.692Z","etag":null,"topics":["afl","clang","fuzzbench","fuzzing","llvm"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/abertschi.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-06-11T10:05:32.000Z","updated_at":"2022-06-11T11:06:37.000Z","dependencies_parsed_at":"2023-09-20T21:46:33.551Z","dependency_job_id":null,"html_url":"https://github.com/abertschi/influence_compiler_flags_on_fuzzing","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/abertschi%2Finfluence_compiler_flags_on_fuzzing","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/abertschi%2Finfluence_compiler_flags_on_fuzzing/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/abertschi%2Finfluence_compiler_flags_on_fuzzing/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/abertschi%2Finfluence_compiler_flags_on_fuzzing/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/abertschi","download_url":"https://codeload.github.com/abertschi/influence_compiler_flags_on_fuzzing/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245779481,"owners_count":20670686,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["afl","clang","fuzzbench","fuzzing","llvm"],"created_at":"2024-12-05T15:11:20.941Z","updated_at":"2025-03-27T04:17:08.481Z","avatar_url":"https://github.com/abertschi.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# Evaluating the Influence of Compiler Flags on Fuzzing\n\n### Abstract\n\nThe automated software testing technique fuzzing has seen a golden age in the\nlast decade, with widespread use in industry and academia. On the hunt to find\nvulnerabilities, fuzzing binaries are compiled with default compiler\noptimizations such as -O2, or -O3, which remain the hard-coded default in\npopular fuzzers such as AFL++. On a binary level, software compiled from the\nsame source code may vastly differ in control flow depending on used compilation\nflags. In this work, we aim to analyze the impact of different compiler\noptimizations on the fuzzing process and provide further insight. We influence\ncompilation passes of the clang/LLVM compiler and analyze their impact on the\nfuzzing performance of AFL++. We integrate our work into Fuzzbench, an\nopen-source fuzzing pipeline, and run experiments on real-world benchmarks. Our\npreliminary fuzzing results indicate that there is a delicate trade-off between\nruntime performance and code complexity. While our results show significant\ndifferences on the scale of individual benchmarks, when summarizing across the\nwhole bench suite, there is no evidence to suggest a statistical difference in\nfuzzing performance.\n\nReport: [22-06-11_ast_influence_compilerflags_fuzzing.pdf](./22-06-11_ast_influence_compilerflags_fuzzing.pdf)\n\n\u003cp align=\"center\"\u003e\n    \u003cimg src=\"./imgs/pipeline.png\" alt=\"design\" width=\"500\"/\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n    \u003cimg src=\"./imgs/plots2.png\" alt=\"plots\" width=\"500\"/\u003e\n\u003c/p\u003e\n\n\n\nCollaboration with [Matthew Weingarten](https://github.com/mattweingarten) as part of semester project in\nAutomated Software Testing, in Advanced Software Technologies group at\nETH Zurich.\n\nSpring 2022, https://ast.ethz.ch/\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fabertschi%2Finfluence_compiler_flags_on_fuzzing","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fabertschi%2Finfluence_compiler_flags_on_fuzzing","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fabertschi%2Finfluence_compiler_flags_on_fuzzing/lists"}