Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/mattweingarten/compileroptimzationsfuzzing
The automated software testing technique fuzzing has seen a golden age in the last decade, with widespread use in industry and academia. On the hunt to find vulnerabilities, fuzzing binaries are compiled with default compiler optimizations such as -O2, or -O3, which remain the hard-coded default in popular fuzzers such as AFL++. On a binary level, software compiled from the same source code may vastly differ in control flow depending on used compilation flags. In this work, we aim to analyze the impact of different compiler optimizations on the fuzzing process and provide further insight. We influence compilation passes of the clang/LLVM compiler and analyze their impact on the fuzzing performance of AFL++. We integrate our work into Fuzzbench, an open-source fuzzing pipeline, and run experiments on real-world benchmarks. Our preliminary fuzzing results indicate that there is a delicate trade-off between runtime performance and code complexity. While our results show significant differences on the scale of individual benchmarks, when summarizing across the whole bench suite, there is no evidence to suggest a statistical difference in fuzzing performance.
https://github.com/mattweingarten/compileroptimzationsfuzzing
Last synced: 3 days ago
JSON representation
The automated software testing technique fuzzing has seen a golden age in the last decade, with widespread use in industry and academia. On the hunt to find vulnerabilities, fuzzing binaries are compiled with default compiler optimizations such as -O2, or -O3, which remain the hard-coded default in popular fuzzers such as AFL++. On a binary level, software compiled from the same source code may vastly differ in control flow depending on used compilation flags. In this work, we aim to analyze the impact of different compiler optimizations on the fuzzing process and provide further insight. We influence compilation passes of the clang/LLVM compiler and analyze their impact on the fuzzing performance of AFL++. We integrate our work into Fuzzbench, an open-source fuzzing pipeline, and run experiments on real-world benchmarks. Our preliminary fuzzing results indicate that there is a delicate trade-off between runtime performance and code complexity. While our results show significant differences on the scale of individual benchmarks, when summarizing across the whole bench suite, there is no evidence to suggest a statistical difference in fuzzing performance.
- Host: GitHub
- URL: https://github.com/mattweingarten/compileroptimzationsfuzzing
- Owner: mattweingarten
- Created: 2022-08-30T20:53:17.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2022-08-30T21:05:48.000Z (over 2 years ago)
- Last Synced: 2024-12-16T20:30:48.210Z (21 days ago)
- Language: HTML
- Size: 193 MB
- Stars: 0
- Watchers: 2
- Forks: 0
- Open Issues: 0