https://github.com/abertschi/influence_compiler_flags_on_fuzzing

Evaluating the Influence of Compiler Flags on Fuzzing
https://github.com/abertschi/influence_compiler_flags_on_fuzzing

afl clang fuzzbench fuzzing llvm

Last synced: 12 months ago
JSON representation

Evaluating the Influence of Compiler Flags on Fuzzing

• Host: GitHub
• URL: https://github.com/abertschi/influence_compiler_flags_on_fuzzing
• Owner: abertschi
• Created: 2022-06-11T10:05:32.000Z (almost 4 years ago)
• Default Branch: master
• Last Pushed: 2022-06-11T11:05:18.000Z (almost 4 years ago)
• Last Synced: 2025-02-01T09:22:54.692Z (about 1 year ago)
• Topics: afl, clang, fuzzbench, fuzzing, llvm
• Homepage:
• Size: 5.22 MB
• Stars: 0
• Watchers: 3
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# Evaluating the Influence of Compiler Flags on Fuzzing

### Abstract

The automated software testing technique fuzzing has seen a golden age in the

last decade, with widespread use in industry and academia. On the hunt to find

vulnerabilities, fuzzing binaries are compiled with default compiler

optimizations such as -O2, or -O3, which remain the hard-coded default in

popular fuzzers such as AFL++. On a binary level, software compiled from the

same source code may vastly differ in control flow depending on used compilation

flags. In this work, we aim to analyze the impact of different compiler

optimizations on the fuzzing process and provide further insight. We influence

compilation passes of the clang/LLVM compiler and analyze their impact on the

fuzzing performance of AFL++. We integrate our work into Fuzzbench, an

open-source fuzzing pipeline, and run experiments on real-world benchmarks. Our

preliminary fuzzing results indicate that there is a delicate trade-off between

runtime performance and code complexity. While our results show significant

differences on the scale of individual benchmarks, when summarizing across the

whole bench suite, there is no evidence to suggest a statistical difference in

fuzzing performance.

Report: [22-06-11_ast_influence_compilerflags_fuzzing.pdf](./22-06-11_ast_influence_compilerflags_fuzzing.pdf)



    





    



Collaboration with [Matthew Weingarten](https://github.com/mattweingarten) as part of semester project in

Automated Software Testing, in Advanced Software Technologies group at

ETH Zurich.

Spring 2022, https://ast.ethz.ch/