The coverage of ViDeZZo and V-Shuttle

[Chan9Yan9]

Hello, I've read your article and noticed a significant change in coverage for virtual USB devices in your comparison (table 4) with vshuttle. You mentioned that this was due to issues with the initial seed, but the coverage for other virtual devices remains consistent with the original text. I was wondering why the initial seed doesn't seem to affect other devices.

[cyruscyliu]

Hey thank you for your question.

Let me try to answer your question. As vshuttle just released the code to test o/e/uhci virtual devices in QEMU, we just did these three. For other virtual devices, we copied the coverage number in vshuttle paper into our table.

Let me know if I didn't answer your question.

Happy to discuss this.

[Chan9Yan9]

thx!

[Chan9Yan9]

After seen the picture you put in ViDeZZo article(figure 11), I found that the coverage of o/e/uhci did not changed after 10s, so i test the vshuttle with no initial seed, I find that my AFL stats show "All test cases processed" and shutdown after 10s. Is this situation the same as your evaluation experiment?

[cyruscyliu]

Hey, why 10s? Did you set a TIMEOUT? Vshuttle has a memory leakage but this should not be a problem in the first 10 seconds.

[Chan9Yan9]

Emmm accurately is about 10s, because I delete the initial seed( V-shuttle-S collected) , and I put some empty seed into the input dir ,the AFL stopped after perform_dry_run (maybe this function, because my stats show "All test cases processed" and did not change after that).

[cyruscyliu]

Hey, probably you need multiple initial seeds to finish the setup: https://github.com/cyruscyliu/v-shuttle/blob/73d19ae96141233845156c9a8d9ada8466dd3066/V-Shuttle-S/02-setup.sh#L8. Or you can check this to reproduce V-Shuttle. https://github.com/cyruscyliu/v-shuttle/tree/main/V-Shuttle-S