{"id":24769545,"url":"https://github.com/slava0135/diffuzzer","last_synced_at":"2025-03-23T19:41:09.284Z","repository":{"id":260598153,"uuid":"880222085","full_name":"Slava0135/DIFFuzzer","owner":"Slava0135","description":"Differential Filesystem Fuzzer","archived":false,"fork":false,"pushed_at":"2025-03-13T12:50:17.000Z","size":674,"stargazers_count":0,"open_issues_count":2,"forks_count":1,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-03-13T13:39:15.192Z","etag":null,"topics":["coverage-guided","differential-testing","filesystem","fs","fuse","fuzz-testing","fuzzing","kernel","linux","posix","qemu","testing"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Slava0135.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-10-29T10:46:13.000Z","updated_at":"2025-03-13T12:50:20.000Z","dependencies_parsed_at":null,"dependency_job_id":"7a195631-16bf-4a0b-add8-9fe780063a53","html_url":"https://github.com/Slava0135/DIFFuzzer","commit_stats":null,"previous_names":["slava0135/diffuzzer"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Slava0135%2FDIFFuzzer","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Slava0135%2FDIFFuzzer/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Slava0135%2FDIFFuzzer/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Slava0135%2FDIFFuzzer/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Slava0135","download_url":"https://codeload.github.com/Slava0135/DIFFuzzer/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245161723,"owners_count":20570690,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["coverage-guided","differential-testing","filesystem","fs","fuse","fuzz-testing","fuzzing","kernel","linux","posix","qemu","testing"],"created_at":"2025-01-29T03:00:03.347Z","updated_at":"2025-03-23T19:41:09.276Z","avatar_url":"https://github.com/Slava0135.png","language":"Rust","readme":"# DIFFuzzer - Differential Filesystem Fuzzer\n\n__DIFFuzzer__ - is a fuzzer, that aims to find __memory__ and __semantic__ bugs in __kernel__ (Linux) and __userspace__ (FUSE) filesystems.\n\nIt expands on previous works, such as:\n\n- [Hydra](https://dl.acm.org/doi/abs/10.1145/3341301.3359662), filesystem fuzzing framework.\n- [Dogfood](https://dl.acm.org/doi/abs/10.1145/3377811.3380350), filsystem test workload generator.\n- [CrashMonkey](https://dl.acm.org/doi/abs/10.1145/3320275), filesystem crash consistency testing framework.\n- [Metis](https://www.usenix.org/conference/fast24/presentation/liu-yifei), filesystem model checking tool.\n- [SibylFS](https://dl.acm.org/doi/abs/10.1145/2815400.2815411), oracle-based testing for filesystems.\n- and other...\n\nKey features:\n\n- __Filesystem Semantics__ - to generate \"good\" inputs, filesystem semantics must be modelled properly (as was shown in [Hydra](https://dl.acm.org/doi/abs/10.1145/3341301.3359662)).\n- __Differential__ - two filesystems are tested against same input and differences in their execution are observed in order to discover __semantic__ bugs.\n- __Coverage Guided__ - similar to [Syzkaller](https://github.com/google/syzkaller), kernel coverage (__KCov__) is used to pick and mutate \"interesting\" inputs.\n- __Native and QEMU__ - can be run on local machine as well as in VM using __QEMU__.\n- __FUSE Supported__ - can be used for testing __FUSE__ file systems using __LCov__ coverage information (can run without coverage, but not as effective).\n- __Easy Filesystem Integration__ - see [Adding New Filesystem](#adding-new-filesystem).\n- __Kernel Version Agnostic__ - only __KCov__ is required.\n\n## Structure\n\nProject consists of 4 parts:\n\n- `diffuzzer` - fuzzer itself.\n- `dash` - differential abstract state hasher, used for evaluating and comparing file system states.\n- `executor` - runtime/library that is used by tests.\n- `tools` - miscellaneous scripts.\n\n## Build\n\n### Native\n\nInstall rust.\n\nBuild project:\n\n```sh\ncargo build --release\n```\n\nCompiled binaries will be put in `./target/release/...`\n\n### Docker\n\nBecause binaries compiled on systems with __new__ `glibc` cannot be run on systems with __old__ `glibc` you might want to choose to compile with __docker__. This can be useful if running in VM.\n\nInstall docker.\n\nBuild image:\n\n```sh\ndocker build . -t diffuzzer-builder\n```\n\nRun image:\n\n```sh\ndocker run -v .:/usr/src diffuzzer-builder build --release\n```\n\nCompiled binaries will be put in `./target/release/...`\n\n## Configuration\n\nConfigure with:\n\n- [Fuzzer configuration file](./config.toml) in TOML format ([docs](./diffuzzer/src/config.rs)).\n- [Logging configuration file](./log4rs.yml) in YAML format ([docs](https://docs.rs/log4rs/latest/log4rs/#configuration)).\n\n## QEMU\n\nRead [QEMU configuration](./docs/QEMU.md) docs.\n\n\u003e __You need to configure QEMU image before running fuzzer.__\n\n## Usage\n\nFor usage:\n\n```sh\n./target/release/diffuzzer --help\n```\n\nDIFFuzzer comes with many modes:\n\n- `greybox` - greybox fuzzing (with coverage and mutations)\n- `blackbox` - blackbox fuzzing\n- `reduce` - reduce testcase with bug\n- `solo-single` - run single test\n- `duo-single` - run single test for 2 filesystems\n\n\u003e __For greybox fuzzing, kernel instrumented with KCov is required.__\n\n```sh\n./target/release/diffuzzer greybox -f ext4 -s btrfs\n```\n\nThere is also an option to run without QEMU (*not recommended*):\n\n```sh\n./target/release/diffuzzer -n greybox -f ext4 -s btrfs\n```\n\n## Adding New Filesystem\n\nImplement [trait](./diffuzzer/src/mount/mod.rs) (interface) for mounting filesystem. Default implementation uses `mkfs` and `mount` and can be used for most kernel filesystems (e.g. Ext4, Btrfs).\n\nAdd your filesystem to [this file](./diffuzzer/src/filesystems.rs).\n\nDone!\n\nFor additional information read [Filesystems](./docs/Filesystems.md) docs.\n\n## Discovered Bugs\n\n[HERE](./discovered/)\n\nFile System | Details | Type | Link\n----------- | ------- | ---- | ----\nLittleFS-FUSE | Data is lost if file with open descriptor is renamed before writing | Specification Violation | [Link](./discovered/littlefs/78/Issue.md)\nLittleFS-FUSE | Removing directory with unlinked open file fails | Specification Violation | [Link](./discovered/littlefs/79/Issue.md)\n\n## License\n\nAll the code is licensed under the \"Mozilla Public License Version 2.0\", unless specified otherwise.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fslava0135%2Fdiffuzzer","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fslava0135%2Fdiffuzzer","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fslava0135%2Fdiffuzzer/lists"}