Compare against QSYM - Githubissues

DonggeLiu / Legion

A coverage-based software testing tool

MIT License

29 stars 4 forks source link

Compare against QSYM #5

Open DonggeLiu opened 5 years ago

DonggeLiu commented 5 years ago

We do have the docker of QSYM, but:

Cannot do it on MUPPET without solving the rootless docker first
Although they use Tracer, which is from ANGR, I am not too sure if it's a fair comparison as they have multiple optimisations that we did not adopt.

DonggeLiu commented 4 years ago

Not quite sure if this the right way:

AFL_ROOT="/AFL/afl"
INPUT="/AFL/INPUTS"
OUTPUT="/AFL/OUTPUTS"
AFL_CMDLINE="/replace/replace.afl @@"
QSYM_CMDLINE="/replace/replace"

# run AFL master
$AFL_ROOT/afl-fuzz -M afl-master -i $INPUT -o $OUTPUT -- $AFL_CMDLINE &
# run AFL slave
$AFL_ROOT/afl-fuzz -S afl-slave -i $INPUT -o $OUTPUT -- $AFL_CMDLINE  &
# run QSYM
bin/run_qsym_afl.py -a afl-slave -o $OUTPUT -n qsym -- $QSYM_CMDLINE

It did not give too many inputs, though.