search

R-Fuzz / symsan

A LLVM Sanitizer for Symbolic Tracing
Apache License 2.0
204 stars 29 forks source link

Is symsan in this repository compatible with R-Fuzz/fastgen? #24

Closed yiyuaner closed 10 months ago

yiyuaner commented 10 months ago

Hi, according to my understanding, the code in R-Fuzz/symsan is only for the concolic executor (based on LLVM-12), while R-Fuzz/fastgen contains a fuzzer bundled with a concolic executor (based on LLVM-6).

My questions is, can I use R-Fuzz/fastgen to run binary programs that are instrumented by R-Fuzz/symsan? It seems like they are not compatible. For instance, R-Fuzz/fastgen uses shmid and pipeid (see here) for inter-process communication in out-of-process solving, while R-Fuzz/symsan has changed to use shm_fd and pipe_fd (see here).

How can the current symsan in R-Fuzz/symsan be integrated into a fuzzer like fastgen? Any plan to do the migration? Hope for your help and suggestions.

ChengyuSong commented 10 months ago

The short answer is no. fastgen is not maintained/updated now. If you want to do concolic execution, you can try the afl++ plugin under the aflpp branch.